diff --git a/docs/source/_static/managed-policies/AWSApplicationAutoscalingECSServicePolicy.json b/docs/source/_static/managed-policies/AWSApplicationAutoscalingECSServicePolicy.json index 79886aa14..fb0bbdd0f 100644 --- a/docs/source/_static/managed-policies/AWSApplicationAutoscalingECSServicePolicy.json +++ b/docs/source/_static/managed-policies/AWSApplicationAutoscalingECSServicePolicy.json @@ -8,6 +8,7 @@ "ecs:UpdateService", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", "cloudwatch:DeleteAlarms" ], "Resource": [ diff --git a/docs/source/_static/managed-policies/AWSAuditManagerServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSAuditManagerServiceRolePolicy.json index a2848bd32..16096c366 100644 --- a/docs/source/_static/managed-policies/AWSAuditManagerServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AWSAuditManagerServiceRolePolicy.json @@ -15,6 +15,7 @@ "bedrock:GetModelInvocationLoggingConfiguration", "bedrock:ListCustomModels", "bedrock:ListFoundationModels", + "bedrock:ListGuardrails", "bedrock:ListModelCustomizationJobs", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", diff --git a/docs/source/_static/managed-policies/AWSBackupFullAccess.json b/docs/source/_static/managed-policies/AWSBackupFullAccess.json index b46e9b78a..fe18cea8d 100644 --- a/docs/source/_static/managed-policies/AWSBackupFullAccess.json +++ b/docs/source/_static/managed-policies/AWSBackupFullAccess.json @@ -149,11 +149,18 @@ "Effect": "Allow", "Action": [ "storagegateway:DescribeGatewayInformation", - "storagegateway:ListVolumes", "storagegateway:ListLocalDisks" ], "Resource": "arn:aws:storagegateway:*:*:gateway/*" }, + { + "Sid": "StorageGatewayGatewayStarPermissions", + "Effect": "Allow", + "Action": [ + "storagegateway:ListVolumes" + ], + "Resource": "*" + }, { "Sid": "IamRolePermissions", "Effect": "Allow", diff --git a/docs/source/_static/managed-policies/AWSBackupServiceRolePolicyForBackup.json b/docs/source/_static/managed-policies/AWSBackupServiceRolePolicyForBackup.json index 79ae606a3..99088cc9e 100644 --- a/docs/source/_static/managed-policies/AWSBackupServiceRolePolicyForBackup.json +++ b/docs/source/_static/managed-policies/AWSBackupServiceRolePolicyForBackup.json @@ -38,14 +38,10 @@ "Resource": "*" }, { - "Sid": "RDSModifyPermissions", + "Sid": "RDSInstanceAutomatedBackupPermissions", "Effect": "Allow", - "Action": [ - "rds:ModifyDBInstance" - ], - "Resource": [ - "arn:aws:rds:*:*:db:*" - ] + "Action": "rds:DeleteDBInstanceAutomatedBackup", + "Resource": "arn:aws:rds:*:*:auto-backup:*" }, { "Sid": "RDSClusterPermissions", @@ -60,10 +56,18 @@ { "Sid": "RDSClusterBackupPermissions", "Effect": "Allow", + "Action": "rds:DeleteDBClusterAutomatedBackup", + "Resource": "arn:aws:rds:*:*:cluster-auto-backup:*" + }, + { + "Sid": "RDSModifyPermissions", + "Effect": "Allow", "Action": [ - "rds:DeleteDBClusterAutomatedBackup" + "rds:ModifyDBInstance" ], - "Resource": "arn:aws:rds:*:*:cluster-auto-backup:*" + "Resource": [ + "arn:aws:rds:*:*:db:*" + ] }, { "Sid": "RDSBackupPermissions", diff --git a/docs/source/_static/managed-policies/AWSCloudFrontVPCOriginServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSCloudFrontVPCOriginServiceRolePolicy.json new file mode 100644 index 000000000..ce8bc0c23 --- /dev/null +++ b/docs/source/_static/managed-policies/AWSCloudFrontVPCOriginServiceRolePolicy.json @@ -0,0 +1,113 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "EC2Action1", + "Effect": "Allow", + "Action": [ + "ec2:CreateNetworkInterface" + ], + "Condition": { + "StringEquals": { + "aws:RequestTag/aws.cloudfront.vpcorigin": "enabled" + } + }, + "Resource": "arn:aws:ec2:*:*:network-interface/*" + }, + { + "Sid": "EC2Action2", + "Effect": "Allow", + "Action": [ + "ec2:CreateNetworkInterface" + ], + "Resource": [ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Sid": "EC2Action3", + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Condition": { + "StringEquals": { + "aws:RequestTag/aws.cloudfront.vpcorigin": "enabled" + } + }, + "Resource": [ + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Sid": "EC2Action4", + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": [ + "arn:aws:ec2:*:*:vpc/*" + ] + }, + { + "Sid": "EC2Action5", + "Effect": "Allow", + "Action": [ + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:AssignIpv6Addresses", + "ec2:UnassignIpv6Addresses" + ], + "Condition": { + "StringEquals": { + "aws:ResourceTag/aws.cloudfront.vpcorigin": "enabled" + } + }, + "Resource": "*" + }, + { + "Sid": "EC2Action6", + "Effect": "Allow", + "Action": [ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets", + "ec2:DescribeRegions", + "ec2:DescribeAddresses" + ], + "Resource": "*" + }, + { + "Sid": "EC2Action7", + "Effect": "Allow", + "Action": "ec2:CreateTags", + "Condition": { + "StringEquals": { + "aws:RequestTag/aws.cloudfront.vpcorigin": "enabled", + "ec2:CreateAction": [ + "CreateNetworkInterface", + "CreateSecurityGroup" + ] + } + }, + "Resource": [ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:network-interface/*" + ] + }, + { + "Sid": "ElbAction1", + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeTargetGroups" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSCompromisedKeyQuarantineV2.json b/docs/source/_static/managed-policies/AWSCompromisedKeyQuarantineV2.json index ddb4af7a6..37e05c351 100644 --- a/docs/source/_static/managed-policies/AWSCompromisedKeyQuarantineV2.json +++ b/docs/source/_static/managed-policies/AWSCompromisedKeyQuarantineV2.json @@ -63,7 +63,36 @@ "ec2:PurchaseReservedInstancesOffering", "ec2:AcceptReservedInstancesExchangeQuote", "ec2:CreateReservedInstancesListing", - "savingsplans:CreateSavingsPlan" + "savingsplans:CreateSavingsPlan", + "ecs:CreateService", + "ecs:CreateCluster", + "ecs:RegisterTaskDefinition", + "ecr:GetAuthorizationToken", + "bedrock:CreateModelInvocationJob", + "bedrock:InvokeModelWithResponseStream", + "bedrock:CreateFoundationModelAgreement", + "bedrock:PutFoundationModelEntitlement", + "bedrock:InvokeModel", + "s3:CreateBucket", + "s3:PutBucketCors", + "s3:GetObject", + "s3:ListBucket", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateProcessingJob", + "ses:GetSendQuota", + "ses:ListIdentities", + "sts:GetSessionToken", + "sts:GetFederationToken", + "amplify:CreateDeployment", + "amplify:CreateBackendEnvironment", + "codebuild:CreateProject", + "glue:CreateJob", + "iam:DeleteRole", + "iam:DeleteAccessKey", + "iam:ListUsers", + "lambda:GetEventSourceMapping", + "sns:GetSMSAttributes", + "mediapackagev2:CreateChannel" ], "Resource": [ "*" diff --git a/docs/source/_static/managed-policies/AWSCompromisedKeyQuarantineV3.json b/docs/source/_static/managed-policies/AWSCompromisedKeyQuarantineV3.json new file mode 100644 index 000000000..37e05c351 --- /dev/null +++ b/docs/source/_static/managed-policies/AWSCompromisedKeyQuarantineV3.json @@ -0,0 +1,102 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Deny", + "Action": [ + "cloudtrail:LookupEvents", + "ec2:RequestSpotInstances", + "ec2:RunInstances", + "ec2:StartInstances", + "iam:AddUserToGroup", + "iam:AttachGroupPolicy", + "iam:AttachRolePolicy", + "iam:AttachUserPolicy", + "iam:ChangePassword", + "iam:CreateAccessKey", + "iam:CreateInstanceProfile", + "iam:CreateLoginProfile", + "iam:CreatePolicyVersion", + "iam:CreateRole", + "iam:CreateUser", + "iam:DetachUserPolicy", + "iam:PassRole", + "iam:PutGroupPolicy", + "iam:PutRolePolicy", + "iam:PutUserPermissionsBoundary", + "iam:PutUserPolicy", + "iam:SetDefaultPolicyVersion", + "iam:UpdateAccessKey", + "iam:UpdateAccountPasswordPolicy", + "iam:UpdateAssumeRolePolicy", + "iam:UpdateLoginProfile", + "iam:UpdateUser", + "lambda:AddLayerVersionPermission", + "lambda:AddPermission", + "lambda:CreateFunction", + "lambda:GetPolicy", + "lambda:ListTags", + "lambda:PutProvisionedConcurrencyConfig", + "lambda:TagResource", + "lambda:UntagResource", + "lambda:UpdateFunctionCode", + "lightsail:Create*", + "lightsail:Delete*", + "lightsail:DownloadDefaultKeyPair", + "lightsail:GetInstanceAccessDetails", + "lightsail:Start*", + "lightsail:Update*", + "organizations:CreateAccount", + "organizations:CreateOrganization", + "organizations:InviteAccountToOrganization", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:DeleteObjectVersion", + "s3:PutLifecycleConfiguration", + "s3:PutBucketAcl", + "s3:PutBucketOwnershipControls", + "s3:DeleteBucketPolicy", + "s3:ObjectOwnerOverrideToBucketOwner", + "s3:PutAccountPublicAccessBlock", + "s3:PutBucketPolicy", + "s3:ListAllMyBuckets", + "ec2:PurchaseReservedInstancesOffering", + "ec2:AcceptReservedInstancesExchangeQuote", + "ec2:CreateReservedInstancesListing", + "savingsplans:CreateSavingsPlan", + "ecs:CreateService", + "ecs:CreateCluster", + "ecs:RegisterTaskDefinition", + "ecr:GetAuthorizationToken", + "bedrock:CreateModelInvocationJob", + "bedrock:InvokeModelWithResponseStream", + "bedrock:CreateFoundationModelAgreement", + "bedrock:PutFoundationModelEntitlement", + "bedrock:InvokeModel", + "s3:CreateBucket", + "s3:PutBucketCors", + "s3:GetObject", + "s3:ListBucket", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateProcessingJob", + "ses:GetSendQuota", + "ses:ListIdentities", + "sts:GetSessionToken", + "sts:GetFederationToken", + "amplify:CreateDeployment", + "amplify:CreateBackendEnvironment", + "codebuild:CreateProject", + "glue:CreateJob", + "iam:DeleteRole", + "iam:DeleteAccessKey", + "iam:ListUsers", + "lambda:GetEventSourceMapping", + "sns:GetSMSAttributes", + "mediapackagev2:CreateChannel" + ], + "Resource": [ + "*" + ] + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json index f1e41bcf4..445092da1 100644 --- a/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AWSConfigServiceRolePolicy.json @@ -29,14 +29,30 @@ "amplifyuibuilder:ExportThemes", "amplifyuibuilder:GetTheme", "amplifyuibuilder:ListThemes", + "aoss:BatchGetCollection", + "aoss:BatchGetLifecyclePolicy", + "aoss:BatchGetVpcEndpoint", + "aoss:GetAccessPolicy", + "aoss:GetSecurityConfig", + "aoss:GetSecurityPolicy", + "aoss:ListAccessPolicies", + "aoss:ListCollections", + "aoss:ListLifecyclePolicies", + "aoss:ListSecurityConfigs", + "aoss:ListSecurityPolicies", + "aoss:ListVpcEndpoints", + "app-integrations:GetApplication", "app-integrations:GetEventIntegration", + "app-integrations:ListApplications", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", + "app-integrations:ListTagsForResource", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", + "appconfig:GetExtension", "appconfig:GetExtensionAssociation", "appconfig:GetHostedConfigurationVersion", "appconfig:ListApplications", @@ -45,6 +61,7 @@ "appconfig:ListDeploymentStrategies", "appconfig:ListEnvironments", "appconfig:ListExtensionAssociations", + "appconfig:ListExtensions", "appconfig:ListHostedConfigurationVersions", "appconfig:ListTagsForResource", "appflow:DescribeConnectorProfiles", @@ -73,6 +90,7 @@ "apprunner:ListServices", "apprunner:ListTagsForResource", "apprunner:ListVpcConnectors", + "appstream:DescribeAppBlockBuilders", "appstream:DescribeApplications", "appstream:DescribeDirectoryConfigs", "appstream:DescribeFleets", @@ -119,12 +137,16 @@ "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", + "backup:GetRestoreTestingPlan", + "backup:GetRestoreTestingSelection", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListFrameworks", "backup:ListRecoveryPointsByBackupVault", "backup:ListReportPlans", + "backup:ListRestoreTestingPlans", + "backup:ListRestoreTestingSelections", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", @@ -164,9 +186,12 @@ "cloudfront:ListResponseHeadersPolicies", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", + "cloudTrail:GetChannel", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", + "cloudtrail:GetInsightSelectors", "cloudtrail:GetTrailStatus", + "cloudTrail:ListChannels", "cloudtrail:ListEventDataStores", "cloudtrail:ListTags", "cloudtrail:ListTrails", @@ -230,8 +255,11 @@ "connect:DescribeInstanceStorageConfig", "connect:DescribePhoneNumber", "connect:DescribePrompt", + "connect:DescribeQueue", "connect:DescribeQuickConnect", + "connect:DescribeRoutingProfile", "connect:DescribeRule", + "connect:DescribeSecurityProfile", "connect:DescribeUser", "connect:GetTaskTemplate", "connect:ListApprovedOrigins", @@ -243,9 +271,16 @@ "connect:ListPhoneNumbers", "connect:ListPhoneNumbersV2", "connect:ListPrompts", + "connect:ListQueueQuickConnects", + "connect:ListQueues", "connect:ListQuickConnects", + "connect:ListRoutingProfileQueues", + "connect:ListRoutingProfiles", "connect:ListRules", "connect:ListSecurityKeys", + "connect:ListSecurityProfileApplications", + "connect:ListSecurityProfilePermissions", + "connect:ListSecurityProfiles", "connect:ListTagsForResource", "connect:ListTaskTemplates", "connect:ListUsers", @@ -277,6 +312,8 @@ "datasync:ListLocations", "datasync:ListTagsForResource", "datasync:ListTasks", + "datazone:GetDomain", + "datazone:ListDomains", "dax:DescribeClusters", "dax:DescribeParameterGroups", "dax:DescribeParameters", @@ -294,6 +331,7 @@ "devicefarm:ListTagsForResource", "devicefarm:ListTestGridProjects", "devops-guru:GetResourceCollection", + "devops-guru:ListNotificationChannels", "dms:DescribeCertificates", "dms:DescribeEndpoints", "dms:DescribeEventSubscriptions", @@ -540,15 +578,19 @@ "glue:GetMLTransforms", "glue:GetPartition", "glue:GetPartitions", + "glue:GetRegistry", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTable", "glue:GetTags", + "glue:GetTrigger", "glue:GetWorkflow", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListMLTransforms", + "glue:ListRegistries", + "glue:ListTriggers", "glue:ListWorkflows", "grafana:DescribeWorkspace", "grafana:DescribeWorkspaceAuthentication", @@ -626,6 +668,10 @@ "iam:ListUserPolicies", "iam:ListUsers", "iam:ListVirtualMFADevices", + "identitystore:DescribeGroup", + "identitystore:DescribeGroupMembership", + "identitystore:ListGroupMemberships", + "identitystore:ListGroups", "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", @@ -633,6 +679,7 @@ "imagebuilder:GetImagePipeline", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:GetLifecyclePolicy", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", "imagebuilder:ListContainerRecipes", @@ -642,12 +689,14 @@ "imagebuilder:ListImageRecipes", "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", + "imagebuilder:ListLifecyclePolicies", "inspector2:BatchGetAccountStatus", "inspector2:GetDelegatedAdminAccount", "inspector2:ListFilters", "inspector2:ListMembers", "iot:DescribeAccountAuditConfiguration", "iot:DescribeAuthorizer", + "iot:DescribeBillingGroup", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:DescribeCustomMetric", @@ -660,10 +709,13 @@ "iot:DescribeRoleAlias", "iot:DescribeScheduledAudit", "iot:DescribeSecurityProfile", + "iot:DescribeThingGroup", + "iot:DescribeThingType", "iot:GetPolicy", "iot:GetTopicRule", "iot:GetTopicRuleDestination", "iot:ListAuthorizers", + "iot:ListBillingGroups", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListCustomMetrics", @@ -680,6 +732,8 @@ "iot:ListSecurityProfilesForTarget", "iot:ListTagsForResource", "iot:ListTargetsForSecurityProfile", + "iot:ListThingGroups", + "iot:ListThingTypes", "iot:ListTopicRuleDestinations", "iot:ListTopicRules", "iot:ListV2LoggingLevels", @@ -700,6 +754,21 @@ "iotevents:ListDetectorModels", "iotevents:ListInputs", "iotevents:ListTagsForResource", + "iotfleetwise:GetDecoderManifest", + "iotfleetwise:GetFleet", + "iotfleetwise:GetModelManifest", + "iotfleetwise:GetSignalCatalog", + "iotfleetwise:GetVehicle", + "iotfleetwise:ListDecoderManifestNetworkInterfaces", + "iotfleetwise:ListDecoderManifests", + "iotfleetwise:ListDecoderManifestSignals", + "iotfleetwise:ListFleets", + "iotfleetwise:ListModelManifestNodes", + "iotfleetwise:ListModelManifests", + "iotfleetwise:ListSignalCatalogNodes", + "iotfleetwise:ListSignalCatalogs", + "iotfleetwise:ListTagsForResource", + "iotfleetwise:ListVehicles", "iotsitewise:DescribeAccessPolicy", "iotsitewise:DescribeAsset", "iotsitewise:DescribeAssetModel", @@ -727,26 +796,45 @@ "iottwinmaker:ListSyncJobs", "iottwinmaker:ListTagsForResource", "iottwinmaker:ListWorkspaces", + "iotwireless:GetDestination", + "iotwireless:GetDeviceProfile", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", + "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayTaskDefinition", + "iotwireless:ListDestinations", + "iotwireless:ListDeviceProfiles", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "iotwireless:ListServiceProfiles", "iotwireless:ListTagsForResource", "iotwireless:ListWirelessDevices", + "iotwireless:ListWirelessGateways", "iotwireless:ListWirelessGatewayTaskDefinitions", "ivs:GetChannel", + "ivs:GetEncoderConfiguration", "ivs:GetPlaybackKeyPair", + "ivs:GetPlaybackRestrictionPolicy", "ivs:GetRecordingConfiguration", + "ivs:GetStage", + "ivs:GetStorageConfiguration", "ivs:GetStreamKey", "ivs:ListChannels", + "ivs:ListEncoderConfigurations", "ivs:ListPlaybackKeyPairs", + "ivs:ListPlaybackRestrictionPolicies", "ivs:ListRecordingConfigurations", + "ivs:ListStages", + "ivs:ListStorageConfigurations", "ivs:ListStreamKeys", "ivs:ListTagsForResource", + "ivschat:GetLoggingConfiguration", + "ivschat:GetRoom", + "ivschat:ListLoggingConfigurations", + "ivschat:ListRooms", + "ivschat:ListTagsForResource", "kafka:DescribeCluster", "kafka:DescribeClusterV2", "kafka:DescribeConfiguration", @@ -837,7 +925,9 @@ "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "logs:GetDataProtectionPolicy", + "logs:GetLogAnomalyDetector", "logs:GetLogDelivery", + "logs:ListLogAnomalyDetectors", "logs:ListLogDeliveries", "logs:ListTagsLogGroup", "lookoutequipment:DescribeInferenceScheduler", @@ -867,16 +957,28 @@ "managedblockchain:ListInvitations", "managedblockchain:ListMembers", "managedblockchain:ListNodes", + "mediaconnect:DescribeBridge", "mediaconnect:DescribeFlow", + "mediaconnect:DescribeGateway", + "mediaconnect:ListBridges", "mediaconnect:ListFlows", + "mediaconnect:ListGateways", "mediaconnect:ListTagsForResource", "mediapackage-vod:DescribePackagingConfiguration", "mediapackage-vod:DescribePackagingGroup", "mediapackage-vod:ListPackagingConfigurations", "mediapackage-vod:ListPackagingGroups", "mediapackage-vod:ListTagsForResource", + "mediatailor:DescribeChannel", + "mediatailor:DescribeLiveSource", + "mediatailor:DescribeSourceLocation", + "mediatailor:DescribeVodSource", "mediatailor:GetPlaybackConfiguration", + "mediatailor:ListChannels", + "mediatailor:ListLiveSources", "mediatailor:ListPlaybackConfigurations", + "mediatailor:ListSourceLocations", + "mediatailor:ListVodSources", "memorydb:DescribeAcls", "memorydb:DescribeClusters", "memorydb:DescribeParameterGroups", @@ -920,6 +1022,11 @@ "nimble:ListStreamingImages", "nimble:ListStudioComponents", "nimble:ListStudios", + "oam:GetSink", + "oam:GetSinkPolicy", + "oam:ListSinks", + "omics:GetWorkflow", + "omics:ListWorkflows", "opsworks:DescribeInstances", "opsworks:DescribeLayers", "opsworks:DescribeTimeBasedAutoScaling", @@ -948,6 +1055,11 @@ "panorama:ListApplicationInstances", "panorama:ListNodes", "panorama:ListPackages", + "payment-cryptography:GetAlias", + "payment-cryptography:GetKey", + "payment-cryptography:ListAliases", + "payment-cryptography:ListKeys", + "payment-cryptography:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", @@ -1005,6 +1117,8 @@ "rds:DescribeDBParameters", "rds:DescribeDBProxies", "rds:DescribeDBProxyEndpoints", + "rds:DescribeDBProxyTargetGroups", + "rds:DescribeDBProxyTargets", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", @@ -1036,6 +1150,7 @@ "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", + "rekognition:DescribeProjects", "rekognition:DescribeStreamProcessor", "rekognition:ListStreamProcessors", "rekognition:ListTagsForResource", @@ -1153,12 +1268,15 @@ "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", + "s3:GetStorageLensGroup", "s3:ListAccessPoints", "s3:ListAccessPointsForObjectLambda", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListMultiRegionAccessPoints", "s3:ListStorageLensConfigurations", + "s3:ListStorageLensGroups", + "s3:ListTagsForResource", "s3express:GetBucketPolicy", "s3express:ListAllMyDirectoryBuckets", "sagemaker:DescribeAppImageConfig", @@ -1204,6 +1322,11 @@ "sagemaker:ListProjects", "sagemaker:ListTags", "sagemaker:ListWorkteams", + "scheduler:GetSchedule", + "scheduler:GetScheduleGroup", + "scheduler:ListScheduleGroups", + "scheduler:ListSchedules", + "scheduler:ListTagsForResource", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", @@ -1254,15 +1377,16 @@ "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", + "ssm-sap:ListTagsForResource", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetDocument", + "ssm:GetServiceSetting", "ssm:ListDocuments", "ssm:ListTagsForResource", - "ssm-sap:ListTagsForResource", "sso:DescribeInstanceAccessControlAttributeConfiguration", "sso:DescribePermissionSet", "sso:GetInlinePolicyForPermissionSet", @@ -1313,6 +1437,16 @@ "transfer:ListWorkflows", "voiceid:DescribeDomain", "voiceid:ListTagsForResource", + "vpc-lattice:GetAccessLogSubscription", + "vpc-lattice:GetService", + "vpc-lattice:GetServiceNetwork", + "vpc-lattice:GetTargetGroup", + "vpc-lattice:ListAccessLogSubscriptions", + "vpc-lattice:ListServiceNetworks", + "vpc-lattice:ListServices", + "vpc-lattice:ListTagsForResource", + "vpc-lattice:ListTargetGroups", + "vpc-lattice:ListTargets", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", diff --git a/docs/source/_static/managed-policies/AWSDataExchangeDataGrantOwnerFullAccess.json b/docs/source/_static/managed-policies/AWSDataExchangeDataGrantOwnerFullAccess.json new file mode 100644 index 000000000..da73c9a41 --- /dev/null +++ b/docs/source/_static/managed-policies/AWSDataExchangeDataGrantOwnerFullAccess.json @@ -0,0 +1,60 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "DataExchangeActions", + "Effect": "Allow", + "Action": [ + "dataexchange:CreateDataSet", + "dataexchange:UpdateDataSet", + "dataexchange:GetDataSet", + "dataexchange:DeleteDataSet", + "dataexchange:ListDataSets", + "dataexchange:CreateRevision", + "dataexchange:UpdateRevision", + "dataexchange:GetRevision", + "dataexchange:DeleteRevision", + "dataexchange:RevokeRevision", + "dataexchange:ListDataSetRevisions", + "dataexchange:CreateAsset", + "dataexchange:UpdateAsset", + "dataexchange:GetAsset", + "dataexchange:DeleteAsset", + "dataexchange:ListRevisionAssets", + "dataexchange:SendApiAsset", + "dataexchange:CreateDataGrant", + "dataexchange:GetDataGrant", + "dataexchange:DeleteDataGrant", + "dataexchange:ListDataGrants", + "dataexchange:PublishToDataGrant", + "dataexchange:SendDataSetNotification", + "dataexchange:TagResource", + "dataexchange:UntagResource" + ], + "Resource": "*" + }, + { + "Sid": "DataExchangeJobsActions", + "Effect": "Allow", + "Action": [ + "dataexchange:CreateJob", + "dataexchange:StartJob", + "dataexchange:CancelJob" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "dataexchange:JobType": [ + "IMPORT_ASSETS_FROM_S3", + "IMPORT_ASSET_FROM_SIGNED_URL", + "EXPORT_ASSETS_TO_S3", + "EXPORT_ASSET_TO_SIGNED_URL", + "IMPORT_ASSET_FROM_API_GATEWAY_API", + "IMPORT_ASSETS_FROM_REDSHIFT_DATA_SHARES", + "IMPORT_ASSETS_FROM_LAKE_FORMATION_TAG_POLICY" + ] + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSDataExchangeDataGrantReceiverFullAccess.json b/docs/source/_static/managed-policies/AWSDataExchangeDataGrantReceiverFullAccess.json new file mode 100644 index 000000000..fc8896c2e --- /dev/null +++ b/docs/source/_static/managed-policies/AWSDataExchangeDataGrantReceiverFullAccess.json @@ -0,0 +1,60 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "DataExchangeReadOnlyActions", + "Effect": "Allow", + "Action": [ + "dataexchange:GetDataSet", + "dataexchange:ListDataSets", + "dataexchange:GetRevision", + "dataexchange:ListDataSetRevisions", + "dataexchange:GetAsset", + "dataexchange:ListRevisionAssets", + "dataexchange:SendApiAsset" + ], + "Resource": "*" + }, + { + "Sid": "DataExchangeExportActions", + "Effect": "Allow", + "Action": [ + "dataexchange:CreateJob", + "dataexchange:StartJob", + "dataexchange:CancelJob" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "dataexchange:JobType": [ + "EXPORT_ASSETS_TO_S3", + "EXPORT_ASSET_TO_SIGNED_URL", + "EXPORT_REVISIONS_TO_S3" + ] + } + } + }, + { + "Sid": "DataExchangeEventActionActions", + "Effect": "Allow", + "Action": [ + "dataexchange:CreateEventAction", + "dataexchange:UpdateEventAction", + "dataexchange:DeleteEventAction", + "dataexchange:GetEventAction", + "dataexchange:ListEventActions" + ], + "Resource": "*" + }, + { + "Sid": "DataExchangeDataGrantActions", + "Effect": "Allow", + "Action": [ + "dataexchange:AcceptDataGrant", + "dataexchange:ListReceivedDataGrants", + "dataexchange:GetReceivedDataGrant" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSDataExchangeProviderFullAccess.json b/docs/source/_static/managed-policies/AWSDataExchangeProviderFullAccess.json index 8bf267d3c..28bd8f89d 100644 --- a/docs/source/_static/managed-policies/AWSDataExchangeProviderFullAccess.json +++ b/docs/source/_static/managed-policies/AWSDataExchangeProviderFullAccess.json @@ -2,6 +2,7 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "DataExchangeActions", "Effect": "Allow", "Action": [ "dataexchange:CreateDataSet", @@ -16,12 +17,14 @@ "dataexchange:PublishDataSet", "dataexchange:SendApiAsset", "dataexchange:RevokeRevision", + "dataexchange:SendDataSetNotification", "tag:GetTagKeys", "tag:GetTagValues" ], "Resource": "*" }, { + "Sid": "DataExchangeJobsActions", "Effect": "Allow", "Action": [ "dataexchange:CreateJob", @@ -43,6 +46,7 @@ } }, { + "Sid": "S3GetActionConditionalResourceAndADX", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::*aws-data-exchange*", @@ -55,6 +59,7 @@ } }, { + "Sid": "S3GetActionConditionalTagAndADX", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "*", @@ -70,6 +75,7 @@ } }, { + "Sid": "S3WriteActions", "Effect": "Allow", "Action": [ "s3:PutObject", @@ -85,6 +91,7 @@ } }, { + "Sid": "S3ReadActions", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", @@ -94,6 +101,7 @@ "Resource": "*" }, { + "Sid": "AWSMarketplaceActions", "Effect": "Allow", "Action": [ "aws-marketplace:DescribeEntity", @@ -113,6 +121,7 @@ "Resource": "*" }, { + "Sid": "KMSActions", "Effect": "Allow", "Action": [ "kms:DescribeKey", @@ -122,6 +131,7 @@ "Resource": "*" }, { + "Sid": "RedshiftConditionalActions", "Effect": "Allow", "Action": [ "redshift:AuthorizeDataShare" @@ -134,6 +144,7 @@ } }, { + "Sid": "RedshiftActions", "Effect": "Allow", "Action": [ "redshift:DescribeDataSharesForProducer", @@ -142,6 +153,7 @@ "Resource": "*" }, { + "Sid": "APIGatewayActions", "Effect": "Allow", "Action": [ "apigateway:GET" diff --git a/docs/source/_static/managed-policies/AWSDataExchangeReadOnly.json b/docs/source/_static/managed-policies/AWSDataExchangeReadOnly.json index b4dbf3ff3..591ec5e25 100644 --- a/docs/source/_static/managed-policies/AWSDataExchangeReadOnly.json +++ b/docs/source/_static/managed-policies/AWSDataExchangeReadOnly.json @@ -10,6 +10,10 @@ "dataexchange:GetEventAction", "dataexchange:GetJob", "dataexchange:GetRevision", + "dataexchange:GetDataGrant", + "dataexchange:GetReceivedDataGrant", + "dataexchange:ListDataGrants", + "dataexchange:ListReceivedDataGrants", "dataexchange:ListDataSetRevisions", "dataexchange:ListDataSets", "dataexchange:ListEventActions", diff --git a/docs/source/_static/managed-policies/AWSDataExchangeServiceRolePolicyForLicenseManagement.json b/docs/source/_static/managed-policies/AWSDataExchangeServiceRolePolicyForLicenseManagement.json new file mode 100644 index 000000000..f064ce670 --- /dev/null +++ b/docs/source/_static/managed-policies/AWSDataExchangeServiceRolePolicyForLicenseManagement.json @@ -0,0 +1,19 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AllowLicenseManagerActions", + "Effect": "Allow", + "Action": [ + "organizations:DescribeOrganization", + "license-manager:ListDistributedGrants", + "license-manager:GetGrant", + "license-manager:CreateGrantVersion", + "license-manager:DeleteGrant" + ], + "Resource": [ + "*" + ] + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSDataExchangeServiceRolePolicyForOrganizationDiscovery.json b/docs/source/_static/managed-policies/AWSDataExchangeServiceRolePolicyForOrganizationDiscovery.json new file mode 100644 index 000000000..b29e29246 --- /dev/null +++ b/docs/source/_static/managed-policies/AWSDataExchangeServiceRolePolicyForOrganizationDiscovery.json @@ -0,0 +1,17 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AllowAWSOrganizationsActions", + "Effect": "Allow", + "Action": [ + "organizations:DescribeOrganization", + "organizations:DescribeAccount", + "organizations:ListAccounts" + ], + "Resource": [ + "*" + ] + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSDataSyncFullAccess.json b/docs/source/_static/managed-policies/AWSDataSyncFullAccess.json index 66fbe269b..98b3dde30 100644 --- a/docs/source/_static/managed-policies/AWSDataSyncFullAccess.json +++ b/docs/source/_static/managed-policies/AWSDataSyncFullAccess.json @@ -49,6 +49,17 @@ ] } } + }, + { + "Sid": "DataSyncCreateSLRPermissions", + "Effect": "Allow", + "Action": "iam:CreateServiceLinkedRole", + "Resource": "arn:aws:iam::*:role/aws-service-role/datasync.amazonaws.com/AWSServiceRoleForDataSync", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "datasync.amazonaws.com" + } + } } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSDataSyncServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSDataSyncServiceRolePolicy.json new file mode 100644 index 000000000..40c985849 --- /dev/null +++ b/docs/source/_static/managed-policies/AWSDataSyncServiceRolePolicy.json @@ -0,0 +1,26 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "DataSyncCloudWatchLogCreateAccess", + "Effect": "Allow", + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream" + ], + "Resource": [ + "arn:*:logs:*:*:log-group:/aws/datasync*" + ] + }, + { + "Sid": "DataSyncCloudWatchLogStreamUpdateAccess", + "Effect": "Allow", + "Action": [ + "logs:PutLogEvents" + ], + "Resource": [ + "arn:*:logs:*:*:log-group:/aws/datasync*:log-stream:*" + ] + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessFarms.json b/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessFarms.json index 8bce35442..e7d6275a9 100644 --- a/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessFarms.json +++ b/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessFarms.json @@ -162,6 +162,7 @@ "deadline:GetFarm", "deadline:GetFleet", "deadline:GetJob", + "deadline:GetJobTemplate", "deadline:GetQueue", "deadline:GetQueueEnvironment", "deadline:GetQueueFleetAssociation", @@ -172,6 +173,7 @@ "deadline:GetStorageProfileForQueue", "deadline:GetTask", "deadline:GetWorker", + "deadline:ListJobParameterDefinitions", "deadline:ListQueueEnvironments", "deadline:ListQueueFleetAssociations", "deadline:ListSessionActions", diff --git a/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessJobs.json b/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessJobs.json index f45ae0f0b..9afead245 100644 --- a/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessJobs.json +++ b/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessJobs.json @@ -116,10 +116,12 @@ "Effect": "Allow", "Action": [ "deadline:GetJob", + "deadline:GetJobTemplate", "deadline:GetSession", "deadline:GetSessionAction", "deadline:GetStep", "deadline:GetTask", + "deadline:ListJobParameterDefinitions", "deadline:ListSessionActions", "deadline:ListSessions", "deadline:ListStepConsumers", diff --git a/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessQueues.json b/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessQueues.json index 60ae84d47..2df382449 100644 --- a/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessQueues.json +++ b/docs/source/_static/managed-policies/AWSDeadlineCloud-UserAccessQueues.json @@ -142,6 +142,7 @@ "Action": [ "deadline:AssumeQueueRoleForRead", "deadline:GetJob", + "deadline:GetJobTemplate", "deadline:GetQueue", "deadline:GetQueueEnvironment", "deadline:GetQueueFleetAssociation", @@ -150,6 +151,7 @@ "deadline:GetStep", "deadline:GetStorageProfileForQueue", "deadline:GetTask", + "deadline:ListJobParameterDefinitions", "deadline:ListQueueEnvironments", "deadline:ListQueueFleetAssociations", "deadline:ListSessionActions", diff --git a/docs/source/_static/managed-policies/AWSDirectoryServiceDataFullAccess.json b/docs/source/_static/managed-policies/AWSDirectoryServiceDataFullAccess.json new file mode 100644 index 000000000..68fc73c9a --- /dev/null +++ b/docs/source/_static/managed-policies/AWSDirectoryServiceDataFullAccess.json @@ -0,0 +1,32 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "DSDataFullAccess", + "Effect": "Allow", + "Action": [ + "ds:AccessDSData", + "ds-data:AddGroupMember", + "ds-data:CreateGroup", + "ds-data:CreateUser", + "ds-data:DeleteGroup", + "ds-data:DeleteUser", + "ds-data:DescribeGroup", + "ds-data:DescribeUser", + "ds-data:DisableUser", + "ds-data:ListGroupMembers", + "ds-data:ListGroups", + "ds-data:ListGroupsForMember", + "ds-data:ListUsers", + "ds-data:RemoveGroupMember", + "ds-data:SearchGroups", + "ds-data:SearchUsers", + "ds-data:UpdateGroup", + "ds-data:UpdateUser" + ], + "Resource": [ + "arn:aws:ds:*:*:directory/*" + ] + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSDirectoryServiceDataReadOnlyAccess.json b/docs/source/_static/managed-policies/AWSDirectoryServiceDataReadOnlyAccess.json new file mode 100644 index 000000000..56808365c --- /dev/null +++ b/docs/source/_static/managed-policies/AWSDirectoryServiceDataReadOnlyAccess.json @@ -0,0 +1,23 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "DSDataReadOnlyAccess", + "Effect": "Allow", + "Action": [ + "ds:AccessDSData", + "ds-data:DescribeGroup", + "ds-data:DescribeUser", + "ds-data:ListGroupMembers", + "ds-data:ListGroups", + "ds-data:ListGroupsForMember", + "ds-data:ListUsers", + "ds-data:SearchGroups", + "ds-data:SearchUsers" + ], + "Resource": [ + "arn:aws:ds:*:*:directory/*" + ] + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSElasticLoadBalancingServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSElasticLoadBalancingServiceRolePolicy.json index a5e609618..09e649506 100644 --- a/docs/source/_static/managed-policies/AWSElasticLoadBalancingServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AWSElasticLoadBalancingServiceRolePolicy.json @@ -19,6 +19,7 @@ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:GetCoipPoolUsage", + "ec2:GetSecurityGroupsForVpc", "ec2:ModifyNetworkInterfaceAttribute", "ec2:AllocateAddress", "ec2:AuthorizeSecurityGroupIngress", diff --git a/docs/source/_static/managed-policies/AWSGlobalAcceleratorSLRPolicy.json b/docs/source/_static/managed-policies/AWSGlobalAcceleratorSLRPolicy.json index 1443c6b8d..1f6376566 100644 --- a/docs/source/_static/managed-policies/AWSGlobalAcceleratorSLRPolicy.json +++ b/docs/source/_static/managed-policies/AWSGlobalAcceleratorSLRPolicy.json @@ -37,7 +37,8 @@ "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup", - "ec2:DescribeSecurityGroups" + "ec2:DescribeSecurityGroups", + "ec2:GetSecurityGroupsForVpc" ], "Resource": "*" }, diff --git a/docs/source/_static/managed-policies/AWSIAMIdentityCenterAllowListForIdentityContext.json b/docs/source/_static/managed-policies/AWSIAMIdentityCenterAllowListForIdentityContext.json index 16e3c7a55..27c3879da 100644 --- a/docs/source/_static/managed-policies/AWSIAMIdentityCenterAllowListForIdentityContext.json +++ b/docs/source/_static/managed-policies/AWSIAMIdentityCenterAllowListForIdentityContext.json @@ -77,6 +77,7 @@ "lakeformation:GetDataAccess", "s3:GetAccessGrantsInstanceForPrefix", "s3:GetDataAccess", + "s3:ListCallerAccessGrants", "q:StartConversation", "q:SendMessage", "q:ListConversations", @@ -114,6 +115,8 @@ "qapps:GetQAppSessionMetadata", "qapps:UpdateQAppSessionMetadata", "qapps:TagResource", + "qapps:ListQAppSessionData", + "qapps:ExportQAppSessionData", "qbusiness:Chat", "qbusiness:ChatSync", "qbusiness:ListConversations", diff --git a/docs/source/_static/managed-policies/AWSMarketplaceSellerFullAccess.json b/docs/source/_static/managed-policies/AWSMarketplaceSellerFullAccess.json index 84334a10d..a2bee2de1 100644 --- a/docs/source/_static/managed-policies/AWSMarketplaceSellerFullAccess.json +++ b/docs/source/_static/managed-policies/AWSMarketplaceSellerFullAccess.json @@ -5,6 +5,7 @@ "Sid": "MarketplaceManagement", "Effect": "Allow", "Action": [ + "aws-marketplace-management:uploadFiles", "aws-marketplace-management:viewReports", "aws-marketplace-management:viewSupport", "aws-marketplace:ListChangeSets", @@ -18,6 +19,8 @@ "aws-marketplace:UpdateTask", "aws-marketplace:CompleteTask", "aws-marketplace:GetSellerDashboard", + "aws-marketplace:ListAssessments", + "aws-marketplace:DescribeAssessment", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", diff --git a/docs/source/_static/managed-policies/AWSMarketplaceSellerProductsFullAccess.json b/docs/source/_static/managed-policies/AWSMarketplaceSellerProductsFullAccess.json index 6ff9180e7..11693fc51 100644 --- a/docs/source/_static/managed-policies/AWSMarketplaceSellerProductsFullAccess.json +++ b/docs/source/_static/managed-policies/AWSMarketplaceSellerProductsFullAccess.json @@ -14,6 +14,8 @@ "aws-marketplace:DescribeTask", "aws-marketplace:UpdateTask", "aws-marketplace:CompleteTask", + "aws-marketplace:ListAssessments", + "aws-marketplace:DescribeAssessment", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", diff --git a/docs/source/_static/managed-policies/AWSMarketplaceSellerProductsReadOnly.json b/docs/source/_static/managed-policies/AWSMarketplaceSellerProductsReadOnly.json index 47a214441..08b096515 100644 --- a/docs/source/_static/managed-policies/AWSMarketplaceSellerProductsReadOnly.json +++ b/docs/source/_static/managed-policies/AWSMarketplaceSellerProductsReadOnly.json @@ -10,6 +10,8 @@ "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", + "aws-marketplace:ListAssessments", + "aws-marketplace:DescribeAssessment", "ec2:DescribeImages", "ec2:DescribeSnapshots" ], @@ -21,6 +23,13 @@ "aws-marketplace:ListTagsForResource" ], "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" + }, + { + "Effect": "Allow", + "Action": [ + "aws-marketplace:GetResourcePolicy" + ], + "Resource": "arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSPCSServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSPCSServiceRolePolicy.json new file mode 100644 index 000000000..99766a096 --- /dev/null +++ b/docs/source/_static/managed-policies/AWSPCSServiceRolePolicy.json @@ -0,0 +1,210 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "PermissionsToCreatePCSNetworkInterfaces", + "Effect": "Allow", + "Action": [ + "ec2:CreateNetworkInterface" + ], + "Resource": "arn:aws:ec2:*:*:network-interface/*", + "Condition": { + "Null": { + "aws:RequestTag/AWSPCSManaged": "false" + } + } + }, + { + "Sid": "PermissionsToCreatePCSNetworkInterfacesInSubnet", + "Effect": "Allow", + "Action": [ + "ec2:CreateNetworkInterface" + ], + "Resource": [ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Sid": "PermissionsToManagePCSNetworkInterfaces", + "Effect": "Allow", + "Action": [ + "ec2:DeleteNetworkInterface", + "ec2:CreateNetworkInterfacePermission" + ], + "Resource": "arn:aws:ec2:*:*:network-interface/*", + "Condition": { + "Null": { + "aws:ResourceTag/AWSPCSManaged": "false" + } + } + }, + { + "Sid": "PermissionsToDescribePCSResources", + "Effect": "Allow", + "Action": [ + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeKeyPairs", + "ec2:DescribeImages", + "ec2:DescribeImageAttribute" + ], + "Resource": "*" + }, + { + "Sid": "PermissionsToCreatePCSLaunchTemplates", + "Effect": "Allow", + "Action": [ + "ec2:CreateLaunchTemplate" + ], + "Resource": "arn:aws:ec2:*:*:launch-template/*", + "Condition": { + "Null": { + "aws:RequestTag/AWSPCSManaged": "false" + } + } + }, + { + "Sid": "PermissionsToManagePCSLaunchTemplates", + "Effect": "Allow", + "Action": [ + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:CreateLaunchTemplateVersion" + ], + "Resource": "arn:aws:ec2:*:*:launch-template/*", + "Condition": { + "Null": { + "aws:ResourceTag/AWSPCSManaged": "false" + } + } + }, + { + "Sid": "PermissionsToTerminatePCSManagedInstances", + "Effect": "Allow", + "Action": [ + "ec2:TerminateInstances" + ], + "Resource": "arn:aws:ec2:*:*:instance/*", + "Condition": { + "Null": { + "aws:ResourceTag/AWSPCSManaged": "false" + } + } + }, + { + "Sid": "PermissionsToPassRoleToEC2", + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": [ + "arn:aws:iam::*:role/*/AWSPCS*", + "arn:aws:iam::*:role/AWSPCS*", + "arn:aws:iam::*:role/aws-pcs/*", + "arn:aws:iam::*:role/*/aws-pcs/*" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "ec2.amazonaws.com" + ] + } + } + }, + { + "Sid": "PermissionsToControlClusterInstanceAttributes", + "Effect": "Allow", + "Action": [ + "ec2:RunInstances", + "ec2:CreateFleet" + ], + "Resource": [ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*:*:launch-template/*", + "arn:aws:ec2:*:*:placement-group/*", + "arn:aws:ec2:*:*:capacity-reservation/*", + "arn:aws:resource-groups:*:*:group/*", + "arn:aws:ec2:*:*:fleet/*", + "arn:aws:ec2:*:*:spot-instances-request/*" + ] + }, + { + "Sid": "PermissionsToProvisionClusterInstances", + "Effect": "Allow", + "Action": [ + "ec2:RunInstances", + "ec2:CreateFleet" + ], + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ], + "Condition": { + "Null": { + "aws:RequestTag/AWSPCSManaged": "false" + } + } + }, + { + "Sid": "PermissionsToTagPCSResources", + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": [ + "*" + ], + "Condition": { + "StringEquals": { + "ec2:CreateAction": [ + "RunInstances", + "CreateLaunchTemplate", + "CreateFleet", + "CreateNetworkInterface" + ] + } + } + }, + { + "Sid": "PermissionsToPublishMetrics", + "Effect": "Allow", + "Action": "cloudwatch:PutMetricData", + "Resource": "*", + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "AWS/PCS" + } + } + }, + { + "Sid": "PermissionsToManageSecret", + "Effect": "Allow", + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue", + "secretsmanager:UpdateSecretVersionStage", + "secretsmanager:DeleteSecret" + ], + "Resource": "arn:aws:secretsmanager:*:*:secret:pcs!*", + "Condition": { + "StringEquals": { + "secretsmanager:ResourceTag/aws:secretsmanager:owningService": "pcs", + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSReachabilityAnalyzerServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSReachabilityAnalyzerServiceRolePolicy.json index 59bc51c6f..3e5889ac8 100644 --- a/docs/source/_static/managed-policies/AWSReachabilityAnalyzerServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AWSReachabilityAnalyzerServiceRolePolicy.json @@ -49,13 +49,6 @@ "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListCustomRoutingAccelerators", - "globalaccelerator:ListCustomRoutingEndpointGroups", - "globalaccelerator:ListCustomRoutingListeners", - "globalaccelerator:ListCustomRoutingPortMappings", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeResourcePolicy", diff --git a/docs/source/_static/managed-policies/AWSResilienceHubAsssessmentExecutionPolicy.json b/docs/source/_static/managed-policies/AWSResilienceHubAsssessmentExecutionPolicy.json index 098036c52..819d4f10d 100644 --- a/docs/source/_static/managed-policies/AWSResilienceHubAsssessmentExecutionPolicy.json +++ b/docs/source/_static/managed-policies/AWSResilienceHubAsssessmentExecutionPolicy.json @@ -68,6 +68,8 @@ "elasticache:DescribeGlobalReplicationGroups", "elasticache:DescribeReplicationGroups", "elasticache:DescribeSnapshots", + "elasticache:DescribeServerlessCaches", + "elasticache:DescribeServerlessCacheSnapshots", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", diff --git a/docs/source/_static/managed-policies/AWSResourceExplorerServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSResourceExplorerServiceRolePolicy.json index acdf893e5..1f7fdfb0f 100644 --- a/docs/source/_static/managed-policies/AWSResourceExplorerServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AWSResourceExplorerServiceRolePolicy.json @@ -5,18 +5,15 @@ "Sid": "CloudTrailEventsAccess", "Effect": "Allow", "Action": [ - "cloudtrail:CreateServiceLinkedChannel" + "cloudtrail:CreateServiceLinkedChannel", + "cloudtrail:GetServiceLinkedChannel" ], - "Resource": [ - "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*" - ] + "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*" }, { "Sid": "ApiGatewayAccess", "Effect": "Allow", - "Action": [ - "apigateway:GET" - ], + "Action": "apigateway:GET", "Resource": [ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/deployments" @@ -28,6 +25,7 @@ "Action": [ "access-analyzer:ListAnalyzers", "acm-pca:ListCertificateAuthorities", + "airflow:ListEnvironments", "amplify:ListApps", "amplify:ListBackendEnvironments", "amplify:ListBranches", @@ -35,6 +33,10 @@ "amplifyuibuilder:ListComponents", "amplifyuibuilder:ListThemes", "app-integrations:ListEventIntegrations", + "appflow:ListFlows", + "appmesh:ListMeshes", + "appmesh:ListVirtualNodes", + "appmesh:ListVirtualServices", "apprunner:ListServices", "apprunner:ListVpcConnectors", "appstream:DescribeAppBlocks", @@ -47,14 +49,17 @@ "aps:ListWorkspaces", "athena:ListDataCatalogs", "athena:ListWorkGroups", + "auditmanager:GetAccountStatus", + "auditmanager:ListAssessments", "autoscaling:DescribeAutoScalingGroups", "backup:ListBackupPlans", + "backup:ListBackupVaults", "backup:ListReportPlans", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", "batch:ListSchedulingPolicies", - "cloudformation:ListStacks", "cloudformation:ListStackSets", + "cloudformation:ListStacks", "cloudfront:ListCachePolicies", "cloudfront:ListCloudFrontOriginAccessIdentities", "cloudfront:ListDistributions", @@ -75,14 +80,24 @@ "codebuild:ListProjects", "codecommit:ListRepositories", "codeguru-profiler:ListProfilingGroups", + "codeguru-reviewer:ListRepositoryAssociations", "codepipeline:ListPipelines", "codestar-connections:ListConnections", "cognito-identity:ListIdentityPools", "cognito-idp:ListUserPools", + "connect:ListInstances", + "connect:ListQuickConnects", + "connect:ListUsers", "databrew:ListDatasets", "databrew:ListRecipes", "databrew:ListRulesets", + "databrew:ListSchedules", + "datasync:ListLocations", + "datasync:ListTasks", "detective:ListGraphs", + "dms:DescribeEndpoints", + "dms:DescribeReplicationInstances", + "dms:DescribeReplicationTasks", "ds:DescribeDirectories", "dynamodb:ListStreams", "dynamodb:ListTables", @@ -109,8 +124,8 @@ "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeIpamPools", - "ec2:DescribeIpams", "ec2:DescribeIpamScopes", + "ec2:DescribeIpams", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplates", "ec2:DescribeManagedPrefixLists", @@ -146,15 +161,15 @@ "ec2:DescribeVerifiedAccessInstances", "ec2:DescribeVerifiedAccessTrustProviders", "ec2:DescribeVolumes", - "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices", + "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetSubnetCidrReservations", - "ecr:DescribeRepositories", "ecr-public:DescribeRepositories", + "ecr:DescribeRepositories", "ecs:DescribeCapacityProviders", "ecs:DescribeServices", "ecs:ListClusters", @@ -162,6 +177,7 @@ "ecs:ListServices", "ecs:ListTaskDefinitions", "ecs:ListTasks", + "eks:ListClusters", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheSecurityGroups", @@ -172,8 +188,8 @@ "elasticache:DescribeSnapshots", "elasticache:DescribeUserGroups", "elasticache:DescribeUsers", - "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeApplicationVersions", + "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", @@ -200,10 +216,13 @@ "frauddetector:GetLabels", "frauddetector:GetOutcomes", "frauddetector:GetVariables", + "gamelift:DescribeGameSessionQueues", + "gamelift:DescribeMatchmakingConfigurations", + "gamelift:DescribeMatchmakingRuleSets", "gamelift:ListAliases", + "gamelift:ListBuilds", "geo:ListPlaceIndexes", "geo:ListTrackers", - "greengrass:ListComponents", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", @@ -211,8 +230,15 @@ "glue:GetJobs", "glue:GetTables", "glue:GetTriggers", + "glue:ListMLTransforms", "greengrass:ListComponentVersions", + "greengrass:ListComponents", "greengrass:ListGroups", + "groundstation:ListConfigs", + "guardduty:ListDetectors", + "guardduty:ListFilters", + "guardduty:ListIPSets", + "guardduty:ListThreatIntelSets", "healthlake:ListFHIRDatastores", "iam:ListGroups", "iam:ListInstanceProfiles", @@ -232,15 +258,8 @@ "imagebuilder:ListImageRecipes", "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", - "iotanalytics:ListChannels", - "iotanalytics:ListDatasets", - "iotanalytics:ListDatastores", - "iotanalytics:ListPipelines", - "iotevents:ListAlarmModels", - "iotevents:ListDetectorModels", - "iotevents:ListInputs", - "iot:ListJobTemplates", "iot:ListAuthorizers", + "iot:ListJobTemplates", "iot:ListMitigationActions", "iot:ListPolicies", "iot:ListProvisioningTemplates", @@ -249,48 +268,65 @@ "iot:ListThings", "iot:ListTopicRuleDestinations", "iot:ListTopicRules", + "iotanalytics:ListChannels", + "iotanalytics:ListDatasets", + "iotanalytics:ListDatastores", + "iotanalytics:ListPipelines", + "iotevents:ListAlarmModels", + "iotevents:ListDetectorModels", + "iotevents:ListInputs", "iotsitewise:ListAssetModels", "iotsitewise:ListAssets", + "iotsitewise:ListDashboards", "iotsitewise:ListGateways", + "iotsitewise:ListPortals", + "iotsitewise:ListProjects", "iottwinmaker:ListComponentTypes", "iottwinmaker:ListEntities", "iottwinmaker:ListScenes", "iottwinmaker:ListWorkspaces", - "kafka:ListConfigurations", - "kms:ListKeys", + "iotwireless:ListServiceProfiles", "ivs:ListChannels", + "ivs:ListRecordingConfigurations", "ivs:ListStreamKeys", "kafka:ListClusters", + "kafka:ListConfigurations", + "kendra:ListIndices", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesisanalytics:ListApplications", "kinesisvideo:ListStreams", + "kms:ListKeys", "lambda:ListAliases", "lambda:ListCodeSigningConfigs", "lambda:ListEventSourceMappings", "lambda:ListFunctions", - "lambda:ListLayers", "lambda:ListLayerVersions", - "lex:ListBots", + "lambda:ListLayers", "lex:ListBotAliases", + "lex:ListBots", "logs:DescribeDestinations", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "lookoutmetrics:ListAlerts", "lookoutvision:ListProjects", - "mediapackage:ListChannels", - "mediapackage:ListOriginEndpoints", + "macie2:ListCustomDataIdentifiers", + "macie2:ListFindingsFilters", "mediapackage-vod:ListPackagingConfigurations", "mediapackage-vod:ListPackagingGroups", - "mq:ListBrokers", + "mediapackage:ListChannels", + "mediapackage:ListOriginEndpoints", "mediatailor:ListPlaybackConfigurations", "memorydb:DescribeACLs", "memorydb:DescribeClusters", "memorydb:DescribeParameterGroups", + "memorydb:DescribeSubnetGroups", "memorydb:DescribeUsers", "mobiletargeting:GetApps", + "mobiletargeting:GetCampaigns", "mobiletargeting:GetSegments", "mobiletargeting:ListTemplates", + "mq:ListBrokers", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "networkmanager:DescribeGlobalNetworks", @@ -300,20 +336,26 @@ "networkmanager:ListCoreNetworks", "organizations:DescribeAccount", "organizations:DescribeOrganization", - "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListAccounts", "organizations:ListDelegatedAdministrators", "panorama:ListPackages", "personalize:ListDatasetGroups", "personalize:ListDatasets", "personalize:ListSchemas", + "proton:ListEnvironmentAccountConnections", "qldb:ListJournalKinesisStreamsForLedger", "qldb:ListLedgers", + "quicksight:DescribeAccountSubscription", + "quicksight:ListDataSets", + "quicksight:ListDataSources", + "quicksight:ListTemplates", + "ram:GetResourceShares", "rds:DescribeBlueGreenDeployments", "rds:DescribeDBClusterEndpoints", "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBInstances", @@ -328,9 +370,9 @@ "rds:DescribeOptionGroups", "rds:DescribeReservedDBInstances", "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusters", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeClusters", "redshift:DescribeEventSubscriptions", "redshift:DescribeSnapshotCopyGrants", "redshift:DescribeSnapshotSchedules", @@ -346,35 +388,43 @@ "resource-explorer-2:ListIndexes", "resource-explorer-2:ListViews", "resource-groups:ListGroups", - "route53:ListHealthChecks", - "route53:ListHostedZones", + "robomaker:ListRobotApplications", + "robomaker:ListSimulationApplications", "route53-recovery-readiness:ListRecoveryGroups", "route53-recovery-readiness:ListResourceSets", + "route53:ListHealthChecks", + "route53:ListHostedZones", "route53resolver:ListFirewallDomainLists", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListResolverEndpoints", + "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverRules", "s3:GetBucketLocation", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListStorageLensConfigurations", + "sagemaker:ListDomains", + "sagemaker:ListEndpoints", + "sagemaker:ListFeatureGroups", + "sagemaker:ListImages", "sagemaker:ListModels", "sagemaker:ListNotebookInstances", + "sagemaker:ListPipelines", "secretsmanager:ListSecrets", "servicecatalog:ListApplications", "servicecatalog:ListAttributeGroups", "signer:ListSigningProfiles", "sns:ListTopics", "sqs:ListQueues", + "ssm-incidents:ListResponsePlans", "ssm:DescribeAutomationExecutions", "ssm:DescribeInstanceInformation", - "ssm:DescribeMaintenanceWindows", "ssm:DescribeMaintenanceWindowTargets", "ssm:DescribeMaintenanceWindowTasks", + "ssm:DescribeMaintenanceWindows", "ssm:DescribeParameters", "ssm:DescribePatchBaselines", - "ssm-incidents:ListResponsePlans", "ssm:ListAssociations", "ssm:ListDocuments", "ssm:ListInventoryEntries", @@ -382,13 +432,13 @@ "states:ListActivities", "states:ListStateMachines", "timestream:ListDatabases", - "wisdom:listAssistantAssociations", + "transfer:ListWorkflows", "wisdom:ListAssistants", - "wisdom:listKnowledgeBases" + "wisdom:listAssistantAssociations", + "wisdom:listKnowledgeBases", + "workspaces:DescribeWorkspaces" ], - "Resource": [ - "*" - ] + "Resource": "*" } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSSSMForSAPServiceLinkedRolePolicy.json b/docs/source/_static/managed-policies/AWSSSMForSAPServiceLinkedRolePolicy.json index c73d7e526..efa40a3f6 100644 --- a/docs/source/_static/managed-policies/AWSSSMForSAPServiceLinkedRolePolicy.json +++ b/docs/source/_static/managed-policies/AWSSSMForSAPServiceLinkedRolePolicy.json @@ -117,7 +117,7 @@ "Sid": "CreateServiceLinkedRole", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", - "Resource": "arn:*:iam::*:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry", + "Resource": "arn:aws:iam::*:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry", "Condition": { "StringEquals": { "iam:AWSServiceName": "servicecatalog-appregistry.amazonaws.com" @@ -271,6 +271,83 @@ "ec2:resourceTag/SSMForSAPManaged": "True" } } + }, + { + "Sid": "SsmSapResourceGroup", + "Effect": "Allow", + "Action": [ + "resource-groups:Tag", + "resource-groups:CreateGroup" + ], + "Resource": "arn:aws:resource-groups:*:*:group/SystemsManagerForSAP-*", + "Condition": { + "StringEquals": { + "aws:RequestTag/SSMForSAPCreated": "True" + }, + "ArnLike": { + "aws:RequestTag/awsApplication": "arn:aws:resource-groups:*:*:group/*/*" + }, + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "SSMForSAPCreated", + "awsApplication" + ] + } + } + }, + { + "Sid": "ManageSsmSapTagsOnEc2Instances", + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:instance/*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/SSMForSAPManaged": "True" + }, + "ForAllValues:StringLike": { + "aws:TagKeys": [ + "SystemsManagerForSAP-*" + ] + } + } + }, + { + "Sid": "ManageSsmSapTagsOnEbsVolumes", + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:volume/*", + "Condition": { + "ForAllValues:StringLike": { + "aws:TagKeys": [ + "SystemsManagerForSAP-*" + ] + } + } + }, + { + "Sid": "ManageAppTagsOnEbsVolumes", + "Effect": "Allow", + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Resource": "arn:aws:ec2:*:*:volume/*", + "Condition": { + "ArnLike": { + "aws:RequestTag/awsApplication": "arn:aws:resource-groups:*:*:group/*/*" + }, + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "awsApplication" + ] + } + } } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSSSOMasterAccountAdministrator.json b/docs/source/_static/managed-policies/AWSSSOMasterAccountAdministrator.json index d9243798a..2ad12fca5 100644 --- a/docs/source/_static/managed-policies/AWSSSOMasterAccountAdministrator.json +++ b/docs/source/_static/managed-policies/AWSSSOMasterAccountAdministrator.json @@ -66,6 +66,16 @@ "organizations:ServicePrincipal": "sso.amazonaws.com" } } + }, + { + "Sid": "AllowDeleteSyncProfile", + "Effect": "Allow", + "Action": [ + "identity-sync:DeleteSyncProfile" + ], + "Resource": [ + "arn:aws:identity-sync:*:*:profile/*" + ] } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSServiceRoleForAmazonEKSNodegroup.json b/docs/source/_static/managed-policies/AWSServiceRoleForAmazonEKSNodegroup.json index 6df56663c..d70f106d9 100644 --- a/docs/source/_static/managed-policies/AWSServiceRoleForAmazonEKSNodegroup.json +++ b/docs/source/_static/managed-policies/AWSServiceRoleForAmazonEKSNodegroup.json @@ -62,7 +62,9 @@ "autoscaling:PutLifecycleHook", "autoscaling:PutNotificationConfiguration", "autoscaling:EnableMetricsCollection", - "autoscaling:PutScheduledUpdateGroupAction" + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:ResumeProcesses", + "autoscaling:SuspendProcesses" ], "Resource": "arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*" }, diff --git a/docs/source/_static/managed-policies/AWSServiceRoleForMonitronPolicy.json b/docs/source/_static/managed-policies/AWSServiceRoleForMonitronPolicy.json index 5e931e136..3ee60d2ec 100644 --- a/docs/source/_static/managed-policies/AWSServiceRoleForMonitronPolicy.json +++ b/docs/source/_static/managed-policies/AWSServiceRoleForMonitronPolicy.json @@ -11,7 +11,9 @@ "sso:AssociateProfile", "sso:ListDirectoryAssociations", "sso-directory:DescribeUsers", - "sso-directory:SearchUsers" + "sso-directory:SearchUsers", + "sso:CreateApplicationAssignment", + "sso:ListApplicationAssignments" ], "Resource": "*" } diff --git a/docs/source/_static/managed-policies/AWSServiceRoleForProcurementInsightsPolicy.json b/docs/source/_static/managed-policies/AWSServiceRoleForProcurementInsightsPolicy.json new file mode 100644 index 000000000..7ac8a44f0 --- /dev/null +++ b/docs/source/_static/managed-policies/AWSServiceRoleForProcurementInsightsPolicy.json @@ -0,0 +1,17 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "ProcurementInsightsPermissions", + "Effect": "Allow", + "Action": [ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts" + ], + "Resource": [ + "*" + ] + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSSocialMessagingServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSSocialMessagingServiceRolePolicy.json new file mode 100644 index 000000000..c66f3c0cb --- /dev/null +++ b/docs/source/_static/managed-policies/AWSSocialMessagingServiceRolePolicy.json @@ -0,0 +1,16 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "CloudwatchMetricPublishing", + "Effect": "Allow", + "Action": "cloudwatch:PutMetricData", + "Resource": "*", + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "AWS/SocialMessaging" + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AWSSupportPlansFullAccess.json b/docs/source/_static/managed-policies/AWSSupportPlansFullAccess.json index 10f3df05a..a7e1f10a7 100644 --- a/docs/source/_static/managed-policies/AWSSupportPlansFullAccess.json +++ b/docs/source/_static/managed-policies/AWSSupportPlansFullAccess.json @@ -6,6 +6,7 @@ "Action": [ "supportplans:GetSupportPlan", "supportplans:GetSupportPlanUpdateStatus", + "supportplans:ListSupportPlanModifiers", "supportplans:StartSupportPlanUpdate", "supportplans:CreateSupportPlanSchedule" ], diff --git a/docs/source/_static/managed-policies/AWSSupportPlansReadOnlyAccess.json b/docs/source/_static/managed-policies/AWSSupportPlansReadOnlyAccess.json index eb7f53033..c7b88d292 100644 --- a/docs/source/_static/managed-policies/AWSSupportPlansReadOnlyAccess.json +++ b/docs/source/_static/managed-policies/AWSSupportPlansReadOnlyAccess.json @@ -5,7 +5,8 @@ "Effect": "Allow", "Action": [ "supportplans:GetSupportPlan", - "supportplans:GetSupportPlanUpdateStatus" + "supportplans:GetSupportPlanUpdateStatus", + "supportplans:ListSupportPlanModifiers" ], "Resource": "*" } diff --git a/docs/source/_static/managed-policies/AWSSupportServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSSupportServiceRolePolicy.json index 17a715cd3..d68b05020 100644 --- a/docs/source/_static/managed-policies/AWSSupportServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AWSSupportServiceRolePolicy.json @@ -84,6 +84,8 @@ "access-analyzer:listArchiveRules", "access-analyzer:listFindings", "access-analyzer:listPolicyGenerations", + "account:getRegionOptStatus", + "account:listRegions", "acm-pca:describeCertificateAuthority", "acm-pca:describeCertificateAuthorityAuditReport", "acm-pca:getCertificate", @@ -112,6 +114,37 @@ "amplify:listWebhooks", "amplifyuibuilder:exportComponents", "amplifyuibuilder:exportThemes", + "aoss:batchGetCollection", + "aoss:batchGetEffectiveLifecyclePolicy", + "aoss:batchGetLifecyclePolicy", + "aoss:batchGetVpcEndpoint", + "aoss:getAccessPolicy", + "aoss:getAccountSettings", + "aoss:getPoliciesStats", + "aoss:getSecurityConfig", + "aoss:getSecurityPolicy", + "aoss:listAccessPolicies", + "aoss:listCollections", + "aoss:listLifecyclePolicies", + "aoss:listSecurityConfigs", + "aoss:listSecurityPolicies", + "aoss:listTagsForResource", + "aoss:listVpcEndpoints", + "appconfig:getApplication", + "appconfig:getConfigurationProfile", + "appconfig:getDeployment", + "appconfig:getDeploymentStrategy", + "appconfig:getEnvironment", + "appconfig:getExtension", + "appconfig:getExtensionAssociation", + "appconfig:listApplications", + "appconfig:listConfigurationProfiles", + "appconfig:listDeployments", + "appconfig:listDeploymentStrategies", + "appconfig:listEnvironments", + "appconfig:listExtensionAssociations", + "appconfig:listHostedConfigurationVersions", + "appconfig:listExtensions", "appflow:describeConnectorEntity", "appflow:describeConnectorProfiles", "appflow:describeConnectors", @@ -160,6 +193,13 @@ "apprunner:listConnections", "apprunner:listOperations", "apprunner:listServices", + "application-signals:getServiceLevelObjective", + "application-signals:getService", + "application-signals:listServiceDependencies", + "application-signals:listServiceDependents", + "application-signals:listServiceLevelObjectives", + "application-signals:listServiceOperations", + "application-signals:listServices", "apprunner:listTagsForResource", "appstream:describeAppBlockBuilderAppBlockAssociations", "appstream:describeAppBlockBuilders", @@ -231,6 +271,9 @@ "athena:listSessions", "athena:listTagsForResource", "athena:listWorkGroups", + "athena:getCapacityAssignmentConfiguration", + "athena:getCapacityReservation", + "athena:listCapacityReservations", "auditmanager:getAccountStatus", "auditmanager:getDelegations", "auditmanager:listAssessmentFrameworks", @@ -259,6 +302,7 @@ "autoscaling:describeScalingActivities", "autoscaling:describeScalingProcessTypes", "autoscaling:describeScheduledActions", + "autoscaling:describeTrafficSources", "autoscaling:describeTags", "autoscaling:describeTerminationPolicyTypes", "autoscaling:describeWarmPool", @@ -318,6 +362,28 @@ "batch:describeJobQueues", "batch:describeJobs", "batch:listJobs", + "bedrock:getAgent", + "bedrock:getAgentActionGroup", + "bedrock:getAgentAlias", + "bedrock:getAgentKnowledgeBase", + "bedrock:getAgentVersion", + "bedrock:getCustomModel", + "bedrock:getDataSource", + "bedrock:getIngestionJob", + "bedrock:getKnowledgeBase", + "bedrock:getModelCustomizationJob", + "bedrock:getModelInvocationLoggingConfiguration", + "bedrock:listAgentActionGroups", + "bedrock:listAgentAliases", + "bedrock:listAgentKnowledgeBases", + "bedrock:listAgents", + "bedrock:listAgentVersions", + "bedrock:listCustomModels", + "bedrock:listDataSources", + "bedrock:listIngestionJobs", + "bedrock:listKnowledgeBases", + "bedrock:listModelCustomizationJobs", + "bedrock:listProvisionedModelThroughputs", "braket:getDevice", "braket:getQuantumTask", "braket:searchDevices", @@ -481,6 +547,7 @@ "cloudwatch:describeAnomalyDetectors", "cloudwatch:describeInsightRules", "cloudwatch:getDashboard", + "cloudWatch:getMetricWidgetImage", "cloudwatch:getInsightRuleReport", "cloudwatch:getMetricData", "cloudwatch:getMetricStatistics", @@ -519,6 +586,18 @@ "codecommit:getRepositoryTriggers", "codecommit:listBranches", "codecommit:listRepositories", + "codeconnections:getConnection", + "codeconnections:getHost", + "codeconnections:getRepositoryLink", + "codeconnections:getRepositorySyncStatus", + "codeconnections:getResourceSyncStatus", + "codeconnections:getSyncBlockerSummary", + "codeconnections:getSyncConfiguration", + "codeconnections:listConnections", + "codeconnections:listHosts", + "codeconnections:listRepositoryLinks", + "codeconnections:listRepositorySyncDefinitions", + "codeconnections:listSyncConfigurations", "codedeploy:batchGetApplicationRevisions", "codedeploy:batchGetApplications", "codedeploy:batchGetDeploymentGroups", @@ -746,6 +825,23 @@ "dax:describeParameterGroups", "dax:describeParameters", "dax:describeSubnetGroups", + "deadline:listAvailableMeteredProducts", + "deadline:listBudgets", + "deadline:listFarmMembers", + "deadline:listFarms", + "deadline:listFleetMembers", + "deadline:listFleets", + "deadline:listJobMembers", + "deadline:listJobs", + "deadline:listLicenseEndpoints", + "deadline:listMeteredProducts", + "deadline:listMonitors", + "deadline:listQueueEnvironments", + "deadline:listQueueFleetAssociations", + "deadline:listQueueMembers", + "deadline:listQueues", + "deadline:listStorageProfiles", + "deadline:listWorkers", "detective:getMembers", "detective:listGraphs", "detective:listInvitations", @@ -866,6 +962,7 @@ "dynamodb:describeStream", "dynamodb:describeTable", "dynamodb:describeTimeToLive", + "dynamodb:getResourcePolicy", "dynamodb:listBackups", "dynamodb:listContributorInsights", "dynamodb:listExports", @@ -961,6 +1058,7 @@ "ec2:describeSecurityGroups", "ec2:describeSnapshotAttribute", "ec2:describeSnapshots", + "ec2:describeSnapshotTierStatus", "ec2:describeSpotDatafeedSubscription", "ec2:describeSpotFleetInstances", "ec2:describeSpotFleetRequestHistory", @@ -1006,6 +1104,7 @@ "ec2:describeVpnGateways", "ec2:getAssociatedIpv6PoolCidrs", "ec2:getCapacityReservationUsage", + "ec2:getSubnetCidrReservations", "ec2:getCoipPoolUsage", "ec2:getConsoleOutput", "ec2:getConsoleScreenshot", @@ -1034,6 +1133,19 @@ "ec2:searchLocalGatewayRoutes", "ec2:searchTransitGatewayMulticastGroups", "ec2:searchTransitGatewayRoutes", + "ec2:describeIpamByoasn", + "ec2:describeIpamPools", + "ec2:describeIpamResourceDiscoveries", + "ec2:describeIpamResourceDiscoveryAssociations", + "ec2:describeIpams", + "ec2:describeIpamScopes", + "ec2:getIpamAddressHistory", + "ec2:getIpamDiscoveredAccounts", + "ec2:getIpamDiscoveredPublicAddresses", + "ec2:getIpamDiscoveredResourceCidrs", + "ec2:getIpamPoolAllocations", + "ec2:getIpamPoolCidrs", + "ec2:getIpamResourceCidrs", "ecr-public:describeImages", "ecr-public:describeImageTags", "ecr-public:describeRegistries", @@ -1084,6 +1196,8 @@ "eks:describeFargateProfile", "eks:describeIdentityProviderConfig", "eks:describeNodegroup", + "eks:describePodIdentityAssociation", + "eks:listPodIdentityAssociations", "eks:describeUpdate", "eks:listAccessEntries", "eks:listAccessPolicies", @@ -1134,6 +1248,8 @@ "elasticbeanstalk:listPlatformVersions", "elasticbeanstalk:validateConfigurationSettings", "elasticfilesystem:describeAccessPoints", + "elasticfilesystem:describeBackupPolicy", + "elasticfilesystem:describeReplicationConfigurations", "elasticfilesystem:describeFileSystemPolicy", "elasticfilesystem:describeFileSystems", "elasticfilesystem:describeLifecycleConfiguration", @@ -1149,6 +1265,9 @@ "elasticloadbalancing:describeLoadBalancerPolicies", "elasticloadbalancing:describeLoadBalancerPolicyTypes", "elasticloadbalancing:describeLoadBalancers", + "elasticloadbalancing:describeTrustStores", + "elasticloadbalancing:describeTrustStoreAssociations", + "elasticloadbalancing:describeTrustStoreRevocations", "elasticloadbalancing:describeRules", "elasticloadbalancing:describeSSLPolicies", "elasticloadbalancing:describeTags", @@ -1279,6 +1398,7 @@ "forecast:listForecastExportJobs", "forecast:listForecasts", "forecast:listPredictors", + "freetier:getFreeTierUsage", "fsx:describeBackups", "fsx:describeDataRepositoryAssociations", "fsx:describeDataRepositoryTasks", @@ -1572,6 +1692,8 @@ "inspector2:batchGetAccountStatus", "inspector2:batchGetFreeTrialInfo", "inspector2:describeOrganizationConfiguration", + "inspector2:getConfiguration", + "inspector2:getEc2DeepInspectionConfiguration", "inspector2:getDelegatedAdminAccount", "inspector2:getMember", "inspector2:getSbomExport", @@ -1638,6 +1760,7 @@ "iot:listTopicRules", "iot:listTunnels", "iot:listV2LoggingLevels", + "iot:listNamedShadowsForThing", "iotevents:describeDetector", "iotevents:describeDetectorModel", "iotevents:describeInput", @@ -1813,10 +1936,13 @@ "lambda:listLayers", "lambda:listLayerVersions", "lambda:listProvisionedConcurrencyConfigs", + "lambda:listTags", "lambda:listVersionsByFunction", "launchwizard:describeProvisionedApp", "launchwizard:describeProvisioningEvents", "launchwizard:listProvisionedApps", + "launchwizard:listDeployments", + "launchwizard:listDeploymentEvents", "lex:describeBot", "lex:describeBotAlias", "lex:describeBotLocale", @@ -2228,6 +2354,12 @@ "opsworks:getHostnameSuggestion", "organizations:listAccounts", "organizations:listTagsForResource", + "osis:getPipeline", + "osis:getPipelineBlueprint", + "osis:getPipelineChangeProgress", + "osis:listPipelineBlueprints", + "osis:listPipelines", + "osis:validatePipeline", "outposts:getCatalogItem", "outposts:getConnection", "outposts:getOrder", @@ -2537,6 +2669,13 @@ "route53domains:listPrices", "route53domains:listTagsForDomain", "route53domains:viewBilling", + "route53profiles:getProfile", + "route53profiles:listProfileAssociations", + "route53profiles:listProfileResourceAssociations", + "route53profiles:listProfiles", + "route53profiles:listTagsForResource", + "route53profiles:getProfileResourceAssociation", + "route53profiles:getProfileAssociation", "route53resolver:getFirewallConfig", "route53resolver:getFirewallDomainList", "route53resolver:getFirewallRuleGroup", @@ -2787,6 +2926,14 @@ "securityhub:listEnabledProductsForImport", "securityhub:listInvitations", "securityhub:listMembers", + "securityhub:describeOrganizationConfiguration", + "securityhub:batchGetConfigurationPolicyAssociations", + "securityhub:getConfigurationPolicy", + "securityhub:getConfigurationPolicyAssociation", + "securityhub:listConfigurationPolicies", + "securityhub:listConfigurationPolicyAssociations", + "securityhub:getFindingAggregator", + "securityhub:listFindingAggregators", "securitylake:getDataLakeExceptionSubscription", "securitylake:getDataLakeOrganizationConfiguration", "securitylake:getDataLakeSources", @@ -3282,6 +3429,10 @@ "workspaces-web:listUserSettings", "workspaces:describeAccount", "workspaces:describeAccountModifications", + "workspaces:describeApplicationAssociations", + "workspaces:describeWorkspaceAssociations", + "workspaces:describeWorkspacesPools", + "workspaces:describeWorkspacesPoolSessions", "workspaces:describeIpGroups", "workspaces:describeTags", "workspaces:describeWorkspaceBundles", @@ -3293,7 +3444,13 @@ "xray:getGroup", "xray:getGroups", "xray:getSamplingRules", - "xray:listResourcePolicies" + "xray:listResourcePolicies", + "xray:getInsightImpactGraph", + "xray:getSamplingStatisticSummaries", + "xray:getSamplingTargets", + "xray:getServiceGraph", + "xray:getTimeSeriesServiceStatistics", + "xray:getTraceGraph" ], "Effect": "Allow", "Resource": [ diff --git a/docs/source/_static/managed-policies/AWSTrustedAdvisorServiceRolePolicy.json b/docs/source/_static/managed-policies/AWSTrustedAdvisorServiceRolePolicy.json index bdd702930..f2d7547ea 100644 --- a/docs/source/_static/managed-policies/AWSTrustedAdvisorServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AWSTrustedAdvisorServiceRolePolicy.json @@ -53,6 +53,8 @@ "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "iam:GenerateCredentialReport", diff --git a/docs/source/_static/managed-policies/AWS_ConfigRole.json b/docs/source/_static/managed-policies/AWS_ConfigRole.json index df67d1e5a..d67d00629 100644 --- a/docs/source/_static/managed-policies/AWS_ConfigRole.json +++ b/docs/source/_static/managed-policies/AWS_ConfigRole.json @@ -29,15 +29,31 @@ "amplifyuibuilder:ExportThemes", "amplifyuibuilder:GetTheme", "amplifyuibuilder:ListThemes", + "aoss:BatchGetCollection", + "aoss:BatchGetLifecyclePolicy", + "aoss:BatchGetVpcEndpoint", + "aoss:GetAccessPolicy", + "aoss:GetSecurityConfig", + "aoss:GetSecurityPolicy", + "aoss:ListAccessPolicies", + "aoss:ListCollections", + "aoss:ListLifecyclePolicies", + "aoss:ListSecurityConfigs", + "aoss:ListSecurityPolicies", + "aoss:ListVpcEndpoints", "apigateway:GET", + "app-integrations:GetApplication", "app-integrations:GetEventIntegration", + "app-integrations:ListApplications", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", + "app-integrations:ListTagsForResource", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", + "appconfig:GetExtension", "appconfig:GetExtensionAssociation", "appconfig:GetHostedConfigurationVersion", "appconfig:ListApplications", @@ -46,6 +62,7 @@ "appconfig:ListDeploymentStrategies", "appconfig:ListEnvironments", "appconfig:ListExtensionAssociations", + "appconfig:ListExtensions", "appconfig:ListHostedConfigurationVersions", "appconfig:ListTagsForResource", "appflow:DescribeConnectorProfiles", @@ -74,6 +91,7 @@ "apprunner:ListServices", "apprunner:ListTagsForResource", "apprunner:ListVpcConnectors", + "appstream:DescribeAppBlockBuilders", "appstream:DescribeApplications", "appstream:DescribeDirectoryConfigs", "appstream:DescribeFleets", @@ -120,12 +138,16 @@ "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", + "backup:GetRestoreTestingPlan", + "backup:GetRestoreTestingSelection", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListFrameworks", "backup:ListRecoveryPointsByBackupVault", "backup:ListReportPlans", + "backup:ListRestoreTestingPlans", + "backup:ListRestoreTestingSelections", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", @@ -165,9 +187,12 @@ "cloudfront:ListResponseHeadersPolicies", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", + "cloudTrail:GetChannel", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", + "cloudtrail:GetInsightSelectors", "cloudtrail:GetTrailStatus", + "cloudTrail:ListChannels", "cloudtrail:ListEventDataStores", "cloudtrail:ListTags", "cloudtrail:ListTrails", @@ -231,8 +256,11 @@ "connect:DescribeInstanceStorageConfig", "connect:DescribePhoneNumber", "connect:DescribePrompt", + "connect:DescribeQueue", "connect:DescribeQuickConnect", + "connect:DescribeRoutingProfile", "connect:DescribeRule", + "connect:DescribeSecurityProfile", "connect:DescribeUser", "connect:GetTaskTemplate", "connect:ListApprovedOrigins", @@ -244,9 +272,16 @@ "connect:ListPhoneNumbers", "connect:ListPhoneNumbersV2", "connect:ListPrompts", + "connect:ListQueueQuickConnects", + "connect:ListQueues", "connect:ListQuickConnects", + "connect:ListRoutingProfileQueues", + "connect:ListRoutingProfiles", "connect:ListRules", "connect:ListSecurityKeys", + "connect:ListSecurityProfileApplications", + "connect:ListSecurityProfilePermissions", + "connect:ListSecurityProfiles", "connect:ListTagsForResource", "connect:ListTaskTemplates", "connect:ListUsers", @@ -278,6 +313,8 @@ "datasync:ListLocations", "datasync:ListTagsForResource", "datasync:ListTasks", + "datazone:GetDomain", + "datazone:ListDomains", "dax:DescribeClusters", "dax:DescribeParameterGroups", "dax:DescribeParameters", @@ -295,6 +332,7 @@ "devicefarm:ListTagsForResource", "devicefarm:ListTestGridProjects", "devops-guru:GetResourceCollection", + "devops-guru:ListNotificationChannels", "dms:DescribeCertificates", "dms:DescribeEndpoints", "dms:DescribeEventSubscriptions", @@ -332,6 +370,7 @@ "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumes", + "ec2:DescribeVpcEndpoints", "ec2:GetEbsEncryptionByDefault", "ec2:GetInstanceTypesFromInstanceRequirements", "ec2:GetIpamPoolAllocations", @@ -541,15 +580,19 @@ "glue:GetMLTransforms", "glue:GetPartition", "glue:GetPartitions", + "glue:GetRegistry", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTable", "glue:GetTags", + "glue:GetTrigger", "glue:GetWorkflow", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListMLTransforms", + "glue:ListRegistries", + "glue:ListTriggers", "glue:ListWorkflows", "grafana:DescribeWorkspace", "grafana:DescribeWorkspaceAuthentication", @@ -627,6 +670,10 @@ "iam:ListUserPolicies", "iam:ListUsers", "iam:ListVirtualMFADevices", + "identitystore:DescribeGroup", + "identitystore:DescribeGroupMembership", + "identitystore:ListGroupMemberships", + "identitystore:ListGroups", "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", @@ -634,6 +681,7 @@ "imagebuilder:GetImagePipeline", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", + "imagebuilder:GetLifecyclePolicy", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", "imagebuilder:ListContainerRecipes", @@ -643,12 +691,14 @@ "imagebuilder:ListImageRecipes", "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", + "imagebuilder:ListLifecyclePolicies", "inspector2:BatchGetAccountStatus", "inspector2:GetDelegatedAdminAccount", "inspector2:ListFilters", "inspector2:ListMembers", "iot:DescribeAccountAuditConfiguration", "iot:DescribeAuthorizer", + "iot:DescribeBillingGroup", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:DescribeCustomMetric", @@ -661,10 +711,13 @@ "iot:DescribeRoleAlias", "iot:DescribeScheduledAudit", "iot:DescribeSecurityProfile", + "iot:DescribeThingGroup", + "iot:DescribeThingType", "iot:GetPolicy", "iot:GetTopicRule", "iot:GetTopicRuleDestination", "iot:ListAuthorizers", + "iot:ListBillingGroups", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListCustomMetrics", @@ -681,6 +734,8 @@ "iot:ListSecurityProfilesForTarget", "iot:ListTagsForResource", "iot:ListTargetsForSecurityProfile", + "iot:ListThingGroups", + "iot:ListThingTypes", "iot:ListTopicRuleDestinations", "iot:ListTopicRules", "iot:ListV2LoggingLevels", @@ -701,6 +756,21 @@ "iotevents:ListDetectorModels", "iotevents:ListInputs", "iotevents:ListTagsForResource", + "iotfleetwise:GetDecoderManifest", + "iotfleetwise:GetFleet", + "iotfleetwise:GetModelManifest", + "iotfleetwise:GetSignalCatalog", + "iotfleetwise:GetVehicle", + "iotfleetwise:ListDecoderManifestNetworkInterfaces", + "iotfleetwise:ListDecoderManifests", + "iotfleetwise:ListDecoderManifestSignals", + "iotfleetwise:ListFleets", + "iotfleetwise:ListModelManifestNodes", + "iotfleetwise:ListModelManifests", + "iotfleetwise:ListSignalCatalogNodes", + "iotfleetwise:ListSignalCatalogs", + "iotfleetwise:ListTagsForResource", + "iotfleetwise:ListVehicles", "iotsitewise:DescribeAccessPolicy", "iotsitewise:DescribeAsset", "iotsitewise:DescribeAssetModel", @@ -728,26 +798,45 @@ "iottwinmaker:ListSyncJobs", "iottwinmaker:ListTagsForResource", "iottwinmaker:ListWorkspaces", + "iotwireless:GetDestination", + "iotwireless:GetDeviceProfile", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", + "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayTaskDefinition", + "iotwireless:ListDestinations", + "iotwireless:ListDeviceProfiles", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "iotwireless:ListServiceProfiles", "iotwireless:ListTagsForResource", "iotwireless:ListWirelessDevices", + "iotwireless:ListWirelessGateways", "iotwireless:ListWirelessGatewayTaskDefinitions", "ivs:GetChannel", + "ivs:GetEncoderConfiguration", "ivs:GetPlaybackKeyPair", + "ivs:GetPlaybackRestrictionPolicy", "ivs:GetRecordingConfiguration", + "ivs:GetStage", + "ivs:GetStorageConfiguration", "ivs:GetStreamKey", "ivs:ListChannels", + "ivs:ListEncoderConfigurations", "ivs:ListPlaybackKeyPairs", + "ivs:ListPlaybackRestrictionPolicies", "ivs:ListRecordingConfigurations", + "ivs:ListStages", + "ivs:ListStorageConfigurations", "ivs:ListStreamKeys", "ivs:ListTagsForResource", + "ivschat:GetLoggingConfiguration", + "ivschat:GetRoom", + "ivschat:ListLoggingConfigurations", + "ivschat:ListRooms", + "ivschat:ListTagsForResource", "kafka:DescribeCluster", "kafka:DescribeClusterV2", "kafka:DescribeConfiguration", @@ -838,7 +927,9 @@ "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "logs:GetDataProtectionPolicy", + "logs:GetLogAnomalyDetector", "logs:GetLogDelivery", + "logs:ListLogAnomalyDetectors", "logs:ListLogDeliveries", "logs:ListTagsLogGroup", "lookoutequipment:DescribeInferenceScheduler", @@ -868,16 +959,28 @@ "managedblockchain:ListInvitations", "managedblockchain:ListMembers", "managedblockchain:ListNodes", + "mediaconnect:DescribeBridge", "mediaconnect:DescribeFlow", + "mediaconnect:DescribeGateway", + "mediaconnect:ListBridges", "mediaconnect:ListFlows", + "mediaconnect:ListGateways", "mediaconnect:ListTagsForResource", "mediapackage-vod:DescribePackagingConfiguration", "mediapackage-vod:DescribePackagingGroup", "mediapackage-vod:ListPackagingConfigurations", "mediapackage-vod:ListPackagingGroups", "mediapackage-vod:ListTagsForResource", + "mediatailor:DescribeChannel", + "mediatailor:DescribeLiveSource", + "mediatailor:DescribeSourceLocation", + "mediatailor:DescribeVodSource", "mediatailor:GetPlaybackConfiguration", + "mediatailor:ListChannels", + "mediatailor:ListLiveSources", "mediatailor:ListPlaybackConfigurations", + "mediatailor:ListSourceLocations", + "mediatailor:ListVodSources", "memorydb:DescribeAcls", "memorydb:DescribeClusters", "memorydb:DescribeParameterGroups", @@ -921,6 +1024,11 @@ "nimble:ListStreamingImages", "nimble:ListStudioComponents", "nimble:ListStudios", + "oam:GetSink", + "oam:GetSinkPolicy", + "oam:ListSinks", + "omics:GetWorkflow", + "omics:ListWorkflows", "opsworks:DescribeInstances", "opsworks:DescribeLayers", "opsworks:DescribeTimeBasedAutoScaling", @@ -949,6 +1057,11 @@ "panorama:ListApplicationInstances", "panorama:ListNodes", "panorama:ListPackages", + "payment-cryptography:GetAlias", + "payment-cryptography:GetKey", + "payment-cryptography:ListAliases", + "payment-cryptography:ListKeys", + "payment-cryptography:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", @@ -1006,6 +1119,8 @@ "rds:DescribeDBParameters", "rds:DescribeDBProxies", "rds:DescribeDBProxyEndpoints", + "rds:DescribeDBProxyTargetGroups", + "rds:DescribeDBProxyTargets", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", @@ -1037,6 +1152,7 @@ "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", + "rekognition:DescribeProjects", "rekognition:DescribeStreamProcessor", "rekognition:ListStreamProcessors", "rekognition:ListTagsForResource", @@ -1154,12 +1270,15 @@ "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", + "s3:GetStorageLensGroup", "s3:ListAccessPoints", "s3:ListAccessPointsForObjectLambda", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListMultiRegionAccessPoints", "s3:ListStorageLensConfigurations", + "s3:ListStorageLensGroups", + "s3:ListTagsForResource", "s3express:GetBucketPolicy", "s3express:ListAllMyDirectoryBuckets", "sagemaker:DescribeAppImageConfig", @@ -1205,6 +1324,11 @@ "sagemaker:ListProjects", "sagemaker:ListTags", "sagemaker:ListWorkteams", + "scheduler:GetSchedule", + "scheduler:GetScheduleGroup", + "scheduler:ListScheduleGroups", + "scheduler:ListSchedules", + "scheduler:ListTagsForResource", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", @@ -1255,15 +1379,16 @@ "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", + "ssm-sap:ListTagsForResource", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetDocument", + "ssm:GetServiceSetting", "ssm:ListDocuments", "ssm:ListTagsForResource", - "ssm-sap:ListTagsForResource", "sso:DescribeInstanceAccessControlAttributeConfiguration", "sso:DescribePermissionSet", "sso:GetInlinePolicyForPermissionSet", @@ -1314,6 +1439,16 @@ "transfer:ListWorkflows", "voiceid:DescribeDomain", "voiceid:ListTagsForResource", + "vpc-lattice:GetAccessLogSubscription", + "vpc-lattice:GetService", + "vpc-lattice:GetServiceNetwork", + "vpc-lattice:GetTargetGroup", + "vpc-lattice:ListAccessLogSubscriptions", + "vpc-lattice:ListServiceNetworks", + "vpc-lattice:ListServices", + "vpc-lattice:ListTagsForResource", + "vpc-lattice:ListTargetGroups", + "vpc-lattice:ListTargets", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", diff --git a/docs/source/_static/managed-policies/AccessAnalyzerServiceRolePolicy.json b/docs/source/_static/managed-policies/AccessAnalyzerServiceRolePolicy.json index c4167f19f..e65e3abc1 100644 --- a/docs/source/_static/managed-policies/AccessAnalyzerServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AccessAnalyzerServiceRolePolicy.json @@ -23,6 +23,8 @@ "iam:ListEntitiesForPolicy", "iam:ListRoles", "iam:ListUsers", + "iam:ListRoleTags", + "iam:ListUserTags", "iam:GetUser", "iam:GetGroup", "iam:GenerateServiceLastAccessedDetails", diff --git a/docs/source/_static/managed-policies/AmazonBedrockReadOnly.json b/docs/source/_static/managed-policies/AmazonBedrockReadOnly.json index cce29461e..d10ace202 100644 --- a/docs/source/_static/managed-policies/AmazonBedrockReadOnly.json +++ b/docs/source/_static/managed-policies/AmazonBedrockReadOnly.json @@ -15,7 +15,19 @@ "bedrock:ListCustomModels", "bedrock:GetCustomModel", "bedrock:ListTagsForResource", - "bedrock:GetFoundationModelAvailability" + "bedrock:GetFoundationModelAvailability", + "bedrock:GetGuardrail", + "bedrock:ListGuardrails", + "bedrock:GetEvaluationJob", + "bedrock:ListEvaluationJobs", + "bedrock:GetModelInvocationJob", + "bedrock:ListModelInvocationJobs", + "bedrock:GetInferenceProfile", + "bedrock:ListInferenceProfiles", + "bedrock:ListImportedModels", + "bedrock:GetImportedModel", + "bedrock:ListModelImportJobs", + "bedrock:GetModelImportJob" ], "Resource": "*" } diff --git a/docs/source/_static/managed-policies/AmazonCognitoUnAuthedIdentitiesSessionPolicy.json b/docs/source/_static/managed-policies/AmazonCognitoUnAuthedIdentitiesSessionPolicy.json index 435e80f78..a715d9926 100644 --- a/docs/source/_static/managed-policies/AmazonCognitoUnAuthedIdentitiesSessionPolicy.json +++ b/docs/source/_static/managed-policies/AmazonCognitoUnAuthedIdentitiesSessionPolicy.json @@ -2,6 +2,7 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "CognitoUnAuthedIdentitiesSessionPolicy", "Effect": "Allow", "Action": [ "rum:PutRumEvents", @@ -13,7 +14,22 @@ "rekognition:*", "mobiletargeting:*", "firehose:*", - "personalize:*" + "personalize:*", + "geo:GetMap*", + "geo:SearchPlaceIndex*", + "geo:GetPlace", + "geo:CalculateRoute*", + "geo:*Geofence", + "geo:*Geofences", + "geo:*DevicePosition*", + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncryptTo", + "kms:ReEncryptFrom", + "kms:GenerateDataKey", + "kms:GenerateDataKeyPair", + "kms:GenerateDataKeyPairWithoutPlaintext", + "kms:GenerateDataKeyWithoutPlaintext" ], "Resource": "*" } diff --git a/docs/source/_static/managed-policies/AmazonConnectCampaignsServiceLinkedRolePolicy.json b/docs/source/_static/managed-policies/AmazonConnectCampaignsServiceLinkedRolePolicy.json index f49c9ce6e..691fdda6d 100644 --- a/docs/source/_static/managed-policies/AmazonConnectCampaignsServiceLinkedRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonConnectCampaignsServiceLinkedRolePolicy.json @@ -2,6 +2,7 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "ConnectCampaignAccess", "Effect": "Allow", "Action": [ "connect-campaigns:ListCampaigns" @@ -9,12 +10,72 @@ "Resource": "*" }, { + "Sid": "ConnectAccess", "Effect": "Allow", "Action": [ "connect:BatchPutContact", - "connect:StopContact" + "connect:StopContact", + "connect:DescribeContactFlow", + "connect:SendOutboundEmail" ], "Resource": "arn:aws:connect:*:*:instance/*" + }, + { + "Sid": "EventBridgeListRuleAccess", + "Effect": "Allow", + "Action": [ + "events:ListRules" + ], + "Resource": "arn:aws:events:*:*:rule/*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "EventBridgeManagedResourceAccess", + "Effect": "Allow", + "Action": [ + "events:DeleteRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Resource": "arn:aws:events:*:*:rule/ConnectCampaignsRule*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}", + "events:ManagedBy": "connect-campaigns.amazonaws.com" + } + } + }, + { + "Sid": "EventBridgeListTargetsByRuleAccess", + "Effect": "Allow", + "Action": [ + "events:ListTargetsByRule" + ], + "Resource": "arn:aws:events:*:*:rule/ConnectCampaignsRule*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "AllowWisdomForConnectCampaignsEnabledTaggedResources", + "Effect": "Allow", + "Action": [ + "wisdom:GetMessageTemplate", + "wisdom:RenderMessageTemplate" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/AmazonConnectCampaignsEnabled": "True" + } + } } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json b/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json index 23b7686a4..5f5eb74ca 100644 --- a/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonConnectServiceLinkedRolePolicy.json @@ -77,7 +77,14 @@ "profile:ListCalculatedAttributeDefinitions", "profile:ListCalculatedAttributesForProfile", "profile:GetDomain", - "profile:ListIntegrations" + "profile:ListIntegrations", + "profile:ListSegmentDefinitions", + "profile:ListProfileAttributeValues", + "profile:CreateSegmentEstimate", + "profile:GetSegmentEstimate", + "profile:BatchGetProfile", + "profile:BatchGetCalculatedAttributeForProfile", + "profile:GetSegmentMembership" ], "Resource": "arn:aws:profile:*:*:domains/amazon-connect-*" }, @@ -86,7 +93,8 @@ "Effect": "Allow", "Action": [ "profile:ListProfileObjects", - "profile:GetProfileObjectType" + "profile:GetProfileObjectType", + "profile:ListObjectTypeAttributes" ], "Resource": [ "arn:aws:profile:*:*:domains/amazon-connect-*/object-types/*" @@ -138,7 +146,21 @@ "wisdom:UpdateQuickResponse", "wisdom:DeleteQuickResponse", "wisdom:PutFeedback", - "wisdom:ListContentAssociations" + "wisdom:ListContentAssociations", + "wisdom:CreateMessageTemplate", + "wisdom:UpdateMessageTemplate", + "wisdom:UpdateMessageTemplateMetadata", + "wisdom:GetMessageTemplate", + "wisdom:DeleteMessageTemplate", + "wisdom:ListMessageTemplates", + "wisdom:SearchMessageTemplates", + "wisdom:ActivateMessageTemplate", + "wisdom:DeactivateMessageTemplate", + "wisdom:CreateMessageTemplateVersion", + "wisdom:ListMessageTemplateVersions", + "wisdom:CreateMessageTemplateAttachment", + "wisdom:DeleteMessageTemplateAttachment", + "wisdom:RenderMessageTemplate" ], "Resource": "*", "Condition": { @@ -170,6 +192,20 @@ "arn:aws:profile:*:*:domains/amazon-connect-*/calculated-attributes/*" ] }, + { + "Sid": "AllowCustomerProfilesSegmentationForConnectDomain", + "Effect": "Allow", + "Action": [ + "profile:CreateSegmentDefinition", + "profile:GetSegmentDefinition", + "profile:DeleteSegmentDefinition", + "profile:CreateSegmentSnapshot", + "profile:GetSegmentSnapshot" + ], + "Resource": [ + "arn:aws:profile:*:*:domains/amazon-connect-*/segment-definitions/*" + ] + }, { "Sid": "AllowPutMetricsForConnectNamespace", "Effect": "Allow", @@ -218,6 +254,88 @@ "Resource": [ "arn:aws:profile:*:*:domains/amazon-connect-*/object-types/*" ] + }, + { + "Sid": "AllowChimeSDKVoiceConnectorGetOperationForConnect", + "Effect": "Allow", + "Action": [ + "chime:GetVoiceConnector" + ], + "Resource": "arn:aws:chime:*:*:vc/*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/AmazonConnectEnabled": "True", + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "AllowChimeSDKVoiceConnectorListOperationForConnect", + "Effect": "Allow", + "Action": [ + "chime:ListVoiceConnectors" + ], + "Resource": "arn:aws:chime:*:*:vc/*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "SESPermissionsForManagingReceiptRules", + "Effect": "Allow", + "Action": [ + "ses:DescribeReceiptRule", + "ses:UpdateReceiptRule" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "SESPermissionForManagingConnectProvidedSESIdentity", + "Effect": "Allow", + "Action": [ + "ses:DeleteEmailIdentity" + ], + "Resource": "arn:aws:ses:*:*:identity/*.email.connect.aws*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "SESConfigurationSetPermissionsForSendingEmail", + "Effect": "Allow", + "Action": [ + "ses:SendRawEmail" + ], + "Resource": "arn:aws:ses:*:*:configuration-set/configuration-set-for-connect-DO-NOT-DELETE", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "PassRoleToSESForReceiptRuleManagement", + "Effect": "Allow", + "Action": [ + "iam:PassRole" + ], + "Resource": [ + "arn:aws:iam::*:role/service-role/AmazonConnectEmailSESAccessRole" + ], + "Condition": { + "StringLike": { + "iam:PassedToService": "ses.amazonaws.com" + } + } } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonConnectSynchronizationServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonConnectSynchronizationServiceRolePolicy.json index 384a1f370..8a1fc5078 100644 --- a/docs/source/_static/managed-policies/AmazonConnectSynchronizationServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonConnectSynchronizationServiceRolePolicy.json @@ -74,7 +74,12 @@ "connect:CreateAuthenticationProfile", "connect:UpdateAuthenticationProfile", "connect:DescribeAuthenticationProfile", - "connect:ListAuthenticationProfiles" + "connect:ListAuthenticationProfiles", + "connect:CreateHoursOfOperationOverride", + "connect:UpdateHoursOfOperationOverride", + "connect:DeleteHoursOfOperationOverride", + "connect:DescribeHoursOfOperationOverride", + "connect:ListHoursOfOperationOverrides" ], "Resource": "*" }, diff --git a/docs/source/_static/managed-policies/AmazonDataZoneRedshiftGlueProvisioningPolicy.json b/docs/source/_static/managed-policies/AmazonDataZoneRedshiftGlueProvisioningPolicy.json index 48c6b4831..46cd0ddbd 100644 --- a/docs/source/_static/managed-policies/AmazonDataZoneRedshiftGlueProvisioningPolicy.json +++ b/docs/source/_static/managed-policies/AmazonDataZoneRedshiftGlueProvisioningPolicy.json @@ -225,7 +225,8 @@ "iam:DeletePolicy", "iam:CreatePolicy", "iam:GetPolicy", - "iam:ListPolicyVersions" + "iam:ListPolicyVersions", + "iam:DeletePolicyVersion" ], "Resource": [ "arn:aws:iam::*:policy/datazone*" diff --git a/docs/source/_static/managed-policies/AmazonEC2ContainerRegistryPullOnly.json b/docs/source/_static/managed-policies/AmazonEC2ContainerRegistryPullOnly.json new file mode 100644 index 000000000..9acc9bcec --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonEC2ContainerRegistryPullOnly.json @@ -0,0 +1,15 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ecr:GetAuthorizationToken", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer", + "ecr:BatchImportUpstreamImage" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonEC2RolePolicyForLaunchWizard.json b/docs/source/_static/managed-policies/AmazonEC2RolePolicyForLaunchWizard.json index 03f2f71cb..d4494b629 100644 --- a/docs/source/_static/managed-policies/AmazonEC2RolePolicyForLaunchWizard.json +++ b/docs/source/_static/managed-policies/AmazonEC2RolePolicyForLaunchWizard.json @@ -144,7 +144,8 @@ "ssm:GetDocument" ], "Resource": [ - "arn:aws:ssm:*:*:document/AWSSAP-InstallBackint" + "arn:aws:ssm:*:*:document/AWSSAP-InstallBackint", + "arn:aws:ssm:*:*:document/AWSSAP-InstallBackintForAWSBackup" ] }, { diff --git a/docs/source/_static/managed-policies/AmazonECSInfrastructureRolePolicyForVolumes.json b/docs/source/_static/managed-policies/AmazonECSInfrastructureRolePolicyForVolumes.json index f7e385d2d..2498d9afd 100644 --- a/docs/source/_static/managed-policies/AmazonECSInfrastructureRolePolicyForVolumes.json +++ b/docs/source/_static/managed-policies/AmazonECSInfrastructureRolePolicyForVolumes.json @@ -15,6 +15,12 @@ } } }, + { + "Sid": "CreateEBSManagedVolumeFromSnapshot", + "Effect": "Allow", + "Action": "ec2:CreateVolume", + "Resource": "arn:aws:ec2:*:*:snapshot/*" + }, { "Sid": "TagOnCreateVolume", "Effect": "Allow", diff --git a/docs/source/_static/managed-policies/AmazonECS_FullAccess.json b/docs/source/_static/managed-policies/AmazonECS_FullAccess.json index fa569f519..04a08ee96 100644 --- a/docs/source/_static/managed-policies/AmazonECS_FullAccess.json +++ b/docs/source/_static/managed-policies/AmazonECS_FullAccess.json @@ -2,6 +2,7 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "ECSIntegrationsManagementPolicy", "Effect": "Allow", "Action": [ "application-autoscaling:DeleteScalingPolicy", @@ -124,6 +125,7 @@ ] }, { + "Sid": "SSMPolicy", "Effect": "Allow", "Action": [ "ssm:GetParameter", @@ -133,6 +135,7 @@ "Resource": "arn:aws:ssm:*:*:parameter/aws/service/ecs*" }, { + "Sid": "ManagedCloudformationResourcesCleanupPolicy", "Effect": "Allow", "Action": [ "ec2:DeleteInternetGateway", @@ -150,6 +153,7 @@ } }, { + "Sid": "TasksPassRolePolicy", "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ @@ -162,6 +166,20 @@ } }, { + "Sid": "InfrastructurePassRolePolicy", + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/ecsInfrastructureRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": "ecs.amazonaws.com" + } + } + }, + { + "Sid": "InstancePassRolePolicy", "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ @@ -177,6 +195,7 @@ } }, { + "Sid": "AutoScalingPassRolePolicy", "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ @@ -192,14 +211,15 @@ } }, { + "Sid": "ServiceLinkedRoleCreationPolicy", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ - "autoscaling.amazonaws.com", "ecs.amazonaws.com", + "autoscaling.amazonaws.com", "ecs.application-autoscaling.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com" @@ -208,6 +228,7 @@ } }, { + "Sid": "ELBTaggingPolicy", "Effect": "Allow", "Action": [ "elasticloadbalancing:AddTags" diff --git a/docs/source/_static/managed-policies/AmazonEKSBlockStoragePolicy.json b/docs/source/_static/managed-policies/AmazonEKSBlockStoragePolicy.json new file mode 100644 index 000000000..fd02a490f --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonEKSBlockStoragePolicy.json @@ -0,0 +1,91 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AttachVolume", + "ec2:DetachVolume", + "ec2:ModifyVolume", + "ec2:EnableFastSnapshotRestores" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + }, + { + "Effect": "Allow", + "Action": "ec2:CreateTags", + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": [ + "CreateVolume", + "CreateSnapshot" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateVolume" + ], + "Resource": "arn:aws:ec2:*:*:volume/*", + "Condition": { + "StringEquals": { + "aws:RequestTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + }, + "ForAllValues:StringLike": { + "aws:TagKeys": [ + "eks:eks-cluster-name", + "CSIVolumeName", + "ebs.csi.eks.amazonaws.com/cluster", + "kubernetes.io/cluster/*", + "kubernetes.io/created-for/*", + "Name", + "KubernetesCluster" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateVolume" + ], + "Resource": "arn:aws:ec2:*:*:snapshot/*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSnapshot" + ], + "Resource": "arn:aws:ec2:*:*:volume/*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSnapshot" + ], + "Resource": "arn:aws:ec2:*:*:snapshot/*", + "Condition": { + "StringEquals": { + "aws:RequestTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + }, + "ForAllValues:StringLike": { + "aws:TagKeys": [ + "eks:eks-cluster-name", + "CSIVolumeSnapshotName", + "ebs.csi.eks.amazonaws.com/cluster", + "kubernetes.io/cluster/*", + "Name" + ] + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonEKSClusterPolicy.json b/docs/source/_static/managed-policies/AmazonEKSClusterPolicy.json index 09fa0e9fd..7b4347503 100644 --- a/docs/source/_static/managed-policies/AmazonEKSClusterPolicy.json +++ b/docs/source/_static/managed-policies/AmazonEKSClusterPolicy.json @@ -32,6 +32,7 @@ "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", + "ec2:DescribeInstanceTopology", "elasticloadbalancing:AddTags", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:AttachLoadBalancerToSubnets", diff --git a/docs/source/_static/managed-policies/AmazonEKSComputePolicy.json b/docs/source/_static/managed-policies/AmazonEKSComputePolicy.json new file mode 100644 index 000000000..66f8c0510 --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonEKSComputePolicy.json @@ -0,0 +1,88 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:CreateFleet", + "ec2:RunInstances" + ], + "Resource": [ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateFleet", + "ec2:RunInstances" + ], + "Resource": "arn:aws:ec2:*:*:launch-template/*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateFleet", + "ec2:RunInstances", + "ec2:CreateLaunchTemplate" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:RequestTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + }, + "StringLike": { + "aws:RequestTag/eks:kubernetes-node-class-name": "*", + "aws:RequestTag/eks:kubernetes-node-pool-name": "*" + }, + "ForAllValues:StringLike": { + "aws:TagKeys": [ + "eks:eks-cluster-name", + "eks:kubernetes-node-class-name", + "eks:kubernetes-node-pool-name", + "kubernetes.io/cluster/*" + ] + } + } + }, + { + "Effect": "Allow", + "Action": "ec2:CreateTags", + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": [ + "CreateFleet", + "RunInstances", + "CreateLaunchTemplate" + ] + } + } + }, + { + "Effect": "Allow", + "Action": "iam:AddRoleToInstanceProfile", + "Resource": "arn:aws:iam::*:instance-profile/eks*" + }, + { + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": "*", + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonEKSLoadBalancingPolicy.json b/docs/source/_static/managed-policies/AmazonEKSLoadBalancingPolicy.json new file mode 100644 index 000000000..fb992016e --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonEKSLoadBalancingPolicy.json @@ -0,0 +1,231 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateRule", + "ec2:CreateSecurityGroup" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:RequestTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + }, + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "eks:eks-cluster-name", + "ingress.eks.amazonaws.com/stack", + "ingress.eks.amazonaws.com/resource", + "service.eks.amazonaws.com/stack", + "service.eks.amazonaws.com/resource" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Resource": "arn:aws:ec2:*:*:vpc/*" + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:RegisterTargets" + ], + "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress" + ], + "Resource": "arn:aws:ec2:*:*:security-group-rule/*", + "Condition": { + "StringEquals": { + "aws:RequestTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringLike": { + "aws:ResourceTag/Name": "eks-cluster-sg*" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress" + ], + "Resource": "arn:aws:ec2:*:*:security-group/*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:AddTags" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "elasticloadbalancing:CreateAction": [ + "CreateLoadBalancer", + "CreateTargetGroup", + "CreateListener", + "CreateRule" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": [ + "CreateSecurityGroup", + "AuthorizeSecurityGroupIngress" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:ModifyListenerAttributes", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyRule" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "wafv2:AssociateWebACL", + "wafv2:DisassociateWebACL" + ], + "Resource": [ + "arn:aws:wafv2:*:*:*/webacl/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "shield:CreateProtection" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:RequestTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + }, + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "eks:eks-cluster-name", + "ingress.eks.amazonaws.com/stack", + "ingress.eks.amazonaws.com/resource", + "service.eks.amazonaws.com/stack", + "service.eks.amazonaws.com/resource" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "shield:DeleteProtection" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "shield:TagResource" + ], + "Resource": "arn:aws:shield::*:protection/*", + "Condition": { + "StringEquals": { + "aws:RequestTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + }, + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "eks:eks-cluster-name", + "ingress.eks.amazonaws.com/stack", + "ingress.eks.amazonaws.com/resource", + "service.eks.amazonaws.com/stack", + "service.eks.amazonaws.com/resource" + ] + } + } + }, + { + "Effect": "Allow", + "Action": [ + "cognito-idp:DescribeUserPoolClient", + "acm:ListCertificates", + "acm:DescribeCertificate", + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource", + "elasticloadbalancing:SetWebAcl", + "elasticloadbalancing:DescribeTargetGroups" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Resource": "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonEKSLocalOutpostClusterPolicy.json b/docs/source/_static/managed-policies/AmazonEKSLocalOutpostClusterPolicy.json index b66f7e2a2..852bfe238 100644 --- a/docs/source/_static/managed-policies/AmazonEKSLocalOutpostClusterPolicy.json +++ b/docs/source/_static/managed-policies/AmazonEKSLocalOutpostClusterPolicy.json @@ -9,6 +9,7 @@ "ec2:DescribeTags", "ec2:DescribeNetworkInterfaces", "ec2:DescribeInstanceTypes", + "ec2:DescribeAvailabilityZones", "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", diff --git a/docs/source/_static/managed-policies/AmazonEKSNetworkingPolicy.json b/docs/source/_static/managed-policies/AmazonEKSNetworkingPolicy.json new file mode 100644 index 000000000..00dcffaf5 --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonEKSNetworkingPolicy.json @@ -0,0 +1,59 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "ec2:CreateNetworkInterface", + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:RequestTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + }, + "StringLike": { + "aws:RequestTag/eks:kubernetes-cni-node-name": "*" + }, + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "eks:eks-cluster-name", + "eks:kubernetes-cni-node-name" + ] + } + } + }, + { + "Effect": "Allow", + "Action": "ec2:CreateNetworkInterface", + "Resource": [ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Effect": "Allow", + "Action": "ec2:CreateTags", + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateNetworkInterface" + } + } + }, + { + "Effect": "Allow", + "Action": [ + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:UnassignPrivateIpAddresses", + "ec2:UnassignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:AssignIpv6Addresses" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/eks:eks-cluster-name": "${aws:PrincipalTag/eks:eks-cluster-name}" + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonEKSServicePolicy.json b/docs/source/_static/managed-policies/AmazonEKSServicePolicy.json index 0fdee77d0..278770f2b 100644 --- a/docs/source/_static/managed-policies/AmazonEKSServicePolicy.json +++ b/docs/source/_static/managed-policies/AmazonEKSServicePolicy.json @@ -15,7 +15,8 @@ "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "iam:ListAttachedRolePolicies", - "eks:UpdateClusterVersion" + "eks:UpdateClusterVersion", + "ec2:GetSecurityGroupsForVpc" ], "Resource": "*" }, @@ -30,6 +31,20 @@ "arn:aws:ec2:*:*:subnet/*" ] }, + { + "Effect": "Allow", + "Action": [ + "ec2:CreateTags" + ], + "Resource": [ + "arn:aws:ec2:*:*:network-interface/*" + ], + "Condition": { + "StringLike": { + "aws:RequestTag/Name": "eks-cluster-*" + } + } + }, { "Effect": "Allow", "Action": "route53:AssociateVPCWithHostedZone", @@ -56,7 +71,7 @@ { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", - "Resource": "*", + "Resource": "arn:aws:iam::*:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS", "Condition": { "StringLike": { "iam:AWSServiceName": "eks.amazonaws.com" diff --git a/docs/source/_static/managed-policies/AmazonEKSServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonEKSServiceRolePolicy.json index bbffa3baf..95daf9be0 100644 --- a/docs/source/_static/managed-policies/AmazonEKSServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonEKSServiceRolePolicy.json @@ -15,7 +15,8 @@ "ec2:DescribeVpcs", "ec2:CreateNetworkInterfacePermission", "iam:ListAttachedRolePolicies", - "ec2:CreateSecurityGroup" + "ec2:CreateSecurityGroup", + "ec2:GetSecurityGroupsForVpc" ], "Resource": "*" }, @@ -28,7 +29,7 @@ ], "Resource": "arn:aws:ec2:*:*:security-group/*", "Condition": { - "ForAnyValue:StringLike": { + "StringLike": { "ec2:ResourceTag/Name": "eks-cluster-sg*" } } @@ -41,7 +42,9 @@ ], "Resource": [ "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:subnet/*" + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*" ], "Condition": { "ForAnyValue:StringLike": { @@ -58,14 +61,12 @@ "ec2:DeleteTags" ], "Resource": [ - "arn:aws:ec2:*:*:security-group/*" + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:network-interface/*" ], "Condition": { - "ForAnyValue:StringLike": { - "aws:TagKeys": [ - "kubernetes.io/cluster/*" - ], - "aws:RequestTag/Name": "eks-cluster-sg*" + "StringLike": { + "aws:RequestTag/Name": "eks-cluster-*" } } }, @@ -91,6 +92,16 @@ "Effect": "Allow", "Action": "logs:PutLogEvents", "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" + }, + { + "Effect": "Allow", + "Action": "cloudwatch:PutMetricData", + "Resource": "*", + "Condition": { + "StringLike": { + "cloudwatch:namespace": "AWS/EKS" + } + } } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonEKSWorkerNodeMinimalPolicy.json b/docs/source/_static/managed-policies/AmazonEKSWorkerNodeMinimalPolicy.json new file mode 100644 index 000000000..2a73cac49 --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonEKSWorkerNodeMinimalPolicy.json @@ -0,0 +1,13 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "WorkerNodePermissions", + "Effect": "Allow", + "Action": [ + "eks-auth:AssumeRoleForPodIdentity" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonElasticFileSystemFullAccess.json b/docs/source/_static/managed-policies/AmazonElasticFileSystemFullAccess.json index ae5a5340b..5fe7d15c6 100644 --- a/docs/source/_static/managed-policies/AmazonElasticFileSystemFullAccess.json +++ b/docs/source/_static/managed-policies/AmazonElasticFileSystemFullAccess.json @@ -2,6 +2,8 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "ElasticFileSystemFullAccess", + "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricData", @@ -48,17 +50,17 @@ "elasticfilesystem:ListTagsForResource", "elasticfilesystem:Backup", "elasticfilesystem:Restore", + "elasticfilesystem:ReplicationRead", + "elasticfilesystem:ReplicationWrite", "kms:DescribeKey", "kms:ListAliases" ], - "Sid": "ElasticFileSystemFullAccess", - "Effect": "Allow", "Resource": "*" }, { - "Action": "iam:CreateServiceLinkedRole", "Sid": "CreateServiceLinkedRoleForEFS", "Effect": "Allow", + "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { @@ -67,6 +69,17 @@ ] } } + }, + { + "Sid": "IAMPassRoleAccessForEFS", + "Effect": "Allow", + "Action": "iam:PassRole", + "Resource": "arn:aws:iam::*:role/*", + "Condition": { + "StringLike": { + "iam:PassedToService": "elasticfilesystem.amazonaws.com" + } + } } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonElasticFileSystemReadOnlyAccess.json b/docs/source/_static/managed-policies/AmazonElasticFileSystemReadOnlyAccess.json index b395c450c..bba87514c 100644 --- a/docs/source/_static/managed-policies/AmazonElasticFileSystemReadOnlyAccess.json +++ b/docs/source/_static/managed-policies/AmazonElasticFileSystemReadOnlyAccess.json @@ -2,6 +2,7 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "ElasticFileSystemReadOnlyAccess", "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarmsForMetric", @@ -24,6 +25,7 @@ "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeReplicationConfigurations", "elasticfilesystem:ListTagsForResource", + "elasticfilesystem:ReplicationRead", "kms:ListAliases" ], "Resource": "*" diff --git a/docs/source/_static/managed-policies/AmazonElasticFileSystemServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonElasticFileSystemServiceRolePolicy.json index 49f383953..3ea839639 100644 --- a/docs/source/_static/managed-policies/AmazonElasticFileSystemServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonElasticFileSystemServiceRolePolicy.json @@ -76,7 +76,9 @@ "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:CreateReplicationConfiguration", "elasticfilesystem:DescribeReplicationConfigurations", - "elasticfilesystem:DeleteReplicationConfiguration" + "elasticfilesystem:DeleteReplicationConfiguration", + "elasticfilesystem:ReplicationRead", + "elasticfilesystem:ReplicationWrite" ], "Resource": "*" } diff --git a/docs/source/_static/managed-policies/AmazonGuardDutyServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonGuardDutyServiceRolePolicy.json index 24ef613ba..a25004544 100644 --- a/docs/source/_static/managed-policies/AmazonGuardDutyServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonGuardDutyServiceRolePolicy.json @@ -27,6 +27,7 @@ "eks:ListClusters", "eks:DescribeCluster", "ec2:DescribeVpcEndpointServices", + "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "ecs:ListClusters", "ecs:DescribeClusters" diff --git a/docs/source/_static/managed-policies/AmazonInspector2ServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonInspector2ServiceRolePolicy.json index 43107177c..854ba542a 100644 --- a/docs/source/_static/managed-policies/AmazonInspector2ServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonInspector2ServiceRolePolicy.json @@ -93,6 +93,7 @@ "lambda:ListFunctions", "lambda:GetFunction", "lambda:GetLayerVersion", + "lambda:ListTags", "cloudwatch:GetMetricData" ], "Resource": "*" diff --git a/docs/source/_static/managed-policies/AmazonOpenSearchServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonOpenSearchServiceRolePolicy.json index e2930914c..f1fad98cb 100644 --- a/docs/source/_static/managed-policies/AmazonOpenSearchServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonOpenSearchServiceRolePolicy.json @@ -126,7 +126,10 @@ "Resource": "*", "Condition": { "StringEquals": { - "cloudwatch:namespace": "AWS/ES" + "cloudwatch:namespace": [ + "AWS/ES", + "AWS/OpenSearch" + ] } } }, diff --git a/docs/source/_static/managed-policies/AmazonQDeveloperAccess.json b/docs/source/_static/managed-policies/AmazonQDeveloperAccess.json index 47a6de652..e35161d20 100644 --- a/docs/source/_static/managed-policies/AmazonQDeveloperAccess.json +++ b/docs/source/_static/managed-policies/AmazonQDeveloperAccess.json @@ -14,7 +14,8 @@ "q:StartTroubleshootingResolutionExplanation", "q:GetTroubleshootingResults", "q:UpdateTroubleshootingCommandResult", - "q:GetIdentityMetaData" + "q:GetIdentityMetaData", + "q:GenerateCodeFromCommands" ], "Resource": "*" }, diff --git a/docs/source/_static/managed-policies/AmazonQFullAccess.json b/docs/source/_static/managed-policies/AmazonQFullAccess.json index 104280a45..afc4cf4b8 100644 --- a/docs/source/_static/managed-policies/AmazonQFullAccess.json +++ b/docs/source/_static/managed-policies/AmazonQFullAccess.json @@ -16,7 +16,8 @@ "q:UpdateTroubleshootingCommandResult", "q:GetIdentityMetadata", "q:CreateAssignment", - "q:DeleteAssignment" + "q:DeleteAssignment", + "q:GenerateCodeFromCommands" ], "Resource": "*" }, diff --git a/docs/source/_static/managed-policies/AmazonRDSBetaServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonRDSBetaServiceRolePolicy.json index bba51e8c0..2945d0cdd 100644 --- a/docs/source/_static/managed-policies/AmazonRDSBetaServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonRDSBetaServiceRolePolicy.json @@ -38,13 +38,6 @@ ], "Resource": "*" }, - { - "Effect": "Allow", - "Action": [ - "sns:Publish" - ], - "Resource": "*" - }, { "Effect": "Allow", "Action": [ diff --git a/docs/source/_static/managed-policies/AmazonRDSPreviewServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonRDSPreviewServiceRolePolicy.json index 3053bc56b..129aeed6e 100644 --- a/docs/source/_static/managed-policies/AmazonRDSPreviewServiceRolePolicy.json +++ b/docs/source/_static/managed-policies/AmazonRDSPreviewServiceRolePolicy.json @@ -41,13 +41,6 @@ ], "Resource": "*" }, - { - "Effect": "Allow", - "Action": [ - "sns:Publish" - ], - "Resource": "*" - }, { "Effect": "Allow", "Action": [ diff --git a/docs/source/_static/managed-policies/AmazonRoute53ProfilesFullAccess.json b/docs/source/_static/managed-policies/AmazonRoute53ProfilesFullAccess.json index d8026e13d..b50711691 100644 --- a/docs/source/_static/managed-policies/AmazonRoute53ProfilesFullAccess.json +++ b/docs/source/_static/managed-policies/AmazonRoute53ProfilesFullAccess.json @@ -13,11 +13,13 @@ "route53profiles:DisassociateResourceFromProfile", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", + "route53profiles:GetProfilePolicy", "route53profiles:GetProfileResourceAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfileResourceAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", + "route53profiles:PutProfilePolicy", "route53profiles:TagResource", "route53profiles:UntagResource", "route53profiles:UpdateProfileResourceAssociation", diff --git a/docs/source/_static/managed-policies/AmazonRoute53ProfilesReadOnlyAccess.json b/docs/source/_static/managed-policies/AmazonRoute53ProfilesReadOnlyAccess.json index e3c761761..a9568aced 100644 --- a/docs/source/_static/managed-policies/AmazonRoute53ProfilesReadOnlyAccess.json +++ b/docs/source/_static/managed-policies/AmazonRoute53ProfilesReadOnlyAccess.json @@ -7,6 +7,7 @@ "Action": [ "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", + "route53profiles:GetProfilePolicy", "route53profiles:GetProfileResourceAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfileResourceAssociations", diff --git a/docs/source/_static/managed-policies/AmazonRoute53ResolverFullAccess.json b/docs/source/_static/managed-policies/AmazonRoute53ResolverFullAccess.json index 2ee114cbd..1e86a8293 100644 --- a/docs/source/_static/managed-policies/AmazonRoute53ResolverFullAccess.json +++ b/docs/source/_static/managed-policies/AmazonRoute53ResolverFullAccess.json @@ -2,6 +2,7 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "AmazonRoute53ResolverFullAccess", "Effect": "Allow", "Action": [ "route53resolver:*", diff --git a/docs/source/_static/managed-policies/AmazonRoute53ResolverReadOnlyAccess.json b/docs/source/_static/managed-policies/AmazonRoute53ResolverReadOnlyAccess.json index 61b9adb16..064d2e13c 100644 --- a/docs/source/_static/managed-policies/AmazonRoute53ResolverReadOnlyAccess.json +++ b/docs/source/_static/managed-policies/AmazonRoute53ResolverReadOnlyAccess.json @@ -2,6 +2,7 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "AmazonRoute53ResolverReadOnlyAccess", "Effect": "Allow", "Action": [ "route53resolver:Get*", diff --git a/docs/source/_static/managed-policies/AmazonSNSFullAccess.json b/docs/source/_static/managed-policies/AmazonSNSFullAccess.json index af3485769..407556762 100644 --- a/docs/source/_static/managed-policies/AmazonSNSFullAccess.json +++ b/docs/source/_static/managed-policies/AmazonSNSFullAccess.json @@ -2,11 +2,34 @@ "Version": "2012-10-17", "Statement": [ { - "Action": [ - "sns:*" - ], + "Sid": "SNSFullAccess", "Effect": "Allow", + "Action": "sns:*", "Resource": "*" + }, + { + "Sid": "SMSAccessViaSNS", + "Effect": "Allow", + "Action": [ + "sms-voice:DescribeVerifiedDestinationNumbers", + "sms-voice:CreateVerifiedDestinationNumber", + "sms-voice:SendDestinationNumberVerificationCode", + "sms-voice:SendTextMessage", + "sms-voice:DeleteVerifiedDestinationNumber", + "sms-voice:VerifyDestinationNumber", + "sms-voice:DescribeAccountAttributes", + "sms-voice:DescribeSpendLimits", + "sms-voice:DescribePhoneNumbers", + "sms-voice:SetTextMessageSpendLimitOverride", + "sms-voice:DescribeOptedOutNumbers", + "sms-voice:DeleteOptedOutNumber" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:CalledViaLast": "sns.amazonaws.com" + } + } } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonSNSReadOnlyAccess.json b/docs/source/_static/managed-policies/AmazonSNSReadOnlyAccess.json index 461123091..c12ad4eb0 100644 --- a/docs/source/_static/managed-policies/AmazonSNSReadOnlyAccess.json +++ b/docs/source/_static/managed-policies/AmazonSNSReadOnlyAccess.json @@ -2,12 +2,37 @@ "Version": "2012-10-17", "Statement": [ { + "Sid": "SNSReadOnlyAccess", "Effect": "Allow", "Action": [ "sns:GetTopicAttributes", - "sns:List*" + "sns:List*", + "sns:CheckIfPhoneNumberIsOptedOut", + "sns:GetEndpointAttributes", + "sns:GetDataProtectionPolicy", + "sns:GetPlatformApplicationAttributes", + "sns:GetSMSAttributes", + "sns:GetSMSSandboxAccountStatus", + "sns:GetSubscriptionAttributes" ], "Resource": "*" + }, + { + "Sid": "SMSAccessViaSNS", + "Effect": "Allow", + "Action": [ + "sms-voice:DescribeVerifiedDestinationNumbers", + "sms-voice:DescribeAccountAttributes", + "sms-voice:DescribeSpendLimits", + "sms-voice:DescribePhoneNumbers", + "sms-voice:DescribeOptedOutNumbers" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:CalledViaLast": "sns.amazonaws.com" + } + } } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonSageMakerCanvasDataPrepFullAccess.json b/docs/source/_static/managed-policies/AmazonSageMakerCanvasDataPrepFullAccess.json index 39cb804f3..c5d25e1d8 100644 --- a/docs/source/_static/managed-policies/AmazonSageMakerCanvasDataPrepFullAccess.json +++ b/docs/source/_static/managed-policies/AmazonSageMakerCanvasDataPrepFullAccess.json @@ -391,7 +391,10 @@ "Sid": "IAMPassOperationForEMRServerless", "Effect": "Allow", "Action": "iam:PassRole", - "Resource": "arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*", + "Resource": [ + "arn:aws:iam::*:role/service-role/AmazonSageMakerCanvasEMRSExecutionAccess-*", + "arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*" + ], "Condition": { "StringEquals": { "iam:PassedToService": "emr-serverless.amazonaws.com", diff --git a/docs/source/_static/managed-policies/AmazonSageMakerCanvasFullAccess.json b/docs/source/_static/managed-policies/AmazonSageMakerCanvasFullAccess.json index bd3b06e62..4844f17e2 100644 --- a/docs/source/_static/managed-policies/AmazonSageMakerCanvasFullAccess.json +++ b/docs/source/_static/managed-policies/AmazonSageMakerCanvasFullAccess.json @@ -512,7 +512,10 @@ "Sid": "IAMPassOperationForEMRServerless", "Effect": "Allow", "Action": "iam:PassRole", - "Resource": "arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*", + "Resource": [ + "arn:aws:iam::*:role/service-role/AmazonSageMakerCanvasEMRSExecutionAccess-*", + "arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*" + ], "Condition": { "StringEquals": { "iam:PassedToService": "emr-serverless.amazonaws.com", diff --git a/docs/source/_static/managed-policies/AmazonSageMakerHyperPodServiceRolePolicy.json b/docs/source/_static/managed-policies/AmazonSageMakerHyperPodServiceRolePolicy.json new file mode 100644 index 000000000..b24698231 --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonSageMakerHyperPodServiceRolePolicy.json @@ -0,0 +1,43 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "EKSClusterDescribePermissions", + "Effect": "Allow", + "Action": "eks:DescribeCluster", + "Resource": "*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "CloudWatchLogGroupPermissions", + "Effect": "Allow", + "Action": [ + "logs:CreateLogGroup" + ], + "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "CloudWatchLogStreamPermissions", + "Effect": "Allow", + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Resource": "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*:log-stream:*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonTimestreamInfluxDBFullAccess.json b/docs/source/_static/managed-policies/AmazonTimestreamInfluxDBFullAccess.json index d421e288e..664533f4e 100644 --- a/docs/source/_static/managed-policies/AmazonTimestreamInfluxDBFullAccess.json +++ b/docs/source/_static/managed-policies/AmazonTimestreamInfluxDBFullAccess.json @@ -38,7 +38,8 @@ "Action": [ "ec2:DescribeSubnets", "ec2:DescribeVpcs", - "ec2:DescribeSecurityGroups" + "ec2:DescribeSecurityGroups", + "ec2:DescribeRouteTables" ], "Resource": [ "*" diff --git a/docs/source/_static/managed-policies/AmazonVerifiedPermissionsFullAccess.json b/docs/source/_static/managed-policies/AmazonVerifiedPermissionsFullAccess.json new file mode 100644 index 000000000..a0ed70bac --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonVerifiedPermissionsFullAccess.json @@ -0,0 +1,24 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AccountLevelPermissions", + "Effect": "Allow", + "Action": [ + "verifiedpermissions:CreatePolicyStore", + "verifiedpermissions:ListPolicyStores" + ], + "Resource": "*" + }, + { + "Sid": "PolicyStoreLevelPermissions", + "Effect": "Allow", + "Action": [ + "verifiedpermissions:*" + ], + "Resource": [ + "arn:aws:verifiedpermissions::*:policy-store/*" + ] + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonVerifiedPermissionsReadOnlyAccess.json b/docs/source/_static/managed-policies/AmazonVerifiedPermissionsReadOnlyAccess.json new file mode 100644 index 000000000..de880e18e --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonVerifiedPermissionsReadOnlyAccess.json @@ -0,0 +1,32 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AccountLevelPermissions", + "Effect": "Allow", + "Action": [ + "verifiedpermissions:ListPolicyStores" + ], + "Resource": "*" + }, + { + "Sid": "PolicyStoreLevelPermissions", + "Effect": "Allow", + "Action": [ + "verifiedpermissions:GetIdentitySource", + "verifiedpermissions:GetPolicy", + "verifiedpermissions:GetPolicyStore", + "verifiedpermissions:GetPolicyTemplate", + "verifiedpermissions:GetSchema", + "verifiedpermissions:IsAuthorized", + "verifiedpermissions:IsAuthorizedWithToken", + "verifiedpermissions:ListIdentitySources", + "verifiedpermissions:ListPolicies", + "verifiedpermissions:ListPolicyTemplates" + ], + "Resource": [ + "arn:aws:verifiedpermissions::*:policy-store/*" + ] + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonWorkSpacesThinClientFullAccess.json b/docs/source/_static/managed-policies/AmazonWorkSpacesThinClientFullAccess.json new file mode 100644 index 000000000..36f11a840 --- /dev/null +++ b/docs/source/_static/managed-policies/AmazonWorkSpacesThinClientFullAccess.json @@ -0,0 +1,39 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AllowThinClientFullAccess", + "Effect": "Allow", + "Action": [ + "thinclient:*" + ], + "Resource": "*" + }, + { + "Sid": "AllowWorkSpacesAccess", + "Effect": "Allow", + "Action": [ + "workspaces:DescribeWorkspaceDirectories" + ], + "Resource": "*" + }, + { + "Sid": "AllowWorkSpacesWebAccess", + "Effect": "Allow", + "Action": [ + "workspaces-web:GetPortal", + "workspaces-web:GetUserSettings", + "workspaces-web:ListPortals" + ], + "Resource": "*" + }, + { + "Sid": "AllowAppStreamAccess", + "Effect": "Allow", + "Action": [ + "appstream:DescribeStacks" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AmazonWorkSpacesThinClientReadOnlyAccess.json b/docs/source/_static/managed-policies/AmazonWorkSpacesThinClientReadOnlyAccess.json index 95d20e06b..1018dc30a 100644 --- a/docs/source/_static/managed-policies/AmazonWorkSpacesThinClientReadOnlyAccess.json +++ b/docs/source/_static/managed-policies/AmazonWorkSpacesThinClientReadOnlyAccess.json @@ -5,16 +5,42 @@ "Sid": "AllowThinClientReadAccess", "Effect": "Allow", "Action": [ - "thinclient:GetEnvironment", - "thinclient:ListEnvironments", "thinclient:GetDevice", + "thinclient:GetEnvironment", + "thinclient:GetSoftwareSet", "thinclient:ListDevices", "thinclient:ListDeviceSessions", - "thinclient:GetSoftwareSet", + "thinclient:ListEnvironments", "thinclient:ListSoftwareSets", "thinclient:ListTagsForResource" ], - "Resource": "arn:aws:thinclient:*:*:*" + "Resource": "*" + }, + { + "Sid": "AllowWorkSpacesAccess", + "Effect": "Allow", + "Action": [ + "workspaces:DescribeWorkspaceDirectories" + ], + "Resource": "*" + }, + { + "Sid": "AllowWorkSpacesWebAccess", + "Effect": "Allow", + "Action": [ + "workspaces-web:GetPortal", + "workspaces-web:GetUserSettings", + "workspaces-web:ListPortals" + ], + "Resource": "*" + }, + { + "Sid": "AllowAppStreamAccess", + "Effect": "Allow", + "Action": [ + "appstream:DescribeStacks" + ], + "Resource": "*" } ] } \ No newline at end of file diff --git a/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedNotebookPolicy.json b/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedNotebookPolicy.json index 85e69d1b3..3f2d477f6 100644 --- a/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedNotebookPolicy.json +++ b/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedNotebookPolicy.json @@ -21,6 +21,20 @@ } } }, + { + "Sid": "AllowGlueTaggingAction", + "Effect": "Allow", + "Action": [ + "glue:TagResource" + ], + "Resource": "arn:aws:glue:*:*:session/*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/owner": "${aws:PrincipalTag/owner}", + "aws:RequestTag/owner": "${aws:PrincipalTag/owner}" + } + } + }, { "Sid": "NotebookAllowActions1", "Effect": "Allow", @@ -67,7 +81,6 @@ "Sid": "NotebookDenyActions", "Effect": "Deny", "Action": [ - "glue:TagResource", "glue:UntagResource", "tag:TagResources", "tag:UntagResources" @@ -90,7 +103,8 @@ "iam:PassRole" ], "Resource": [ - "arn:aws:iam::*:role/service-role/AwsGlueSessionServiceRoleUserRestrictedForNotebook*" + "arn:aws:iam::*:role/service-role/AwsGlueSessionServiceRoleUserRestrictedForNotebook*", + "arn:aws:iam::*:role/AwsGlueSessionUserRestrictedNotebookServiceRole*" ], "Condition": { "StringLike": { diff --git a/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedNotebookServiceRole.json b/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedNotebookServiceRole.json index 53d2d03c8..114f0585a 100644 --- a/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedNotebookServiceRole.json +++ b/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedNotebookServiceRole.json @@ -40,6 +40,20 @@ } } }, + { + "Sid": "AllowGlueTaggingAction", + "Effect": "Allow", + "Action": [ + "glue:TagResource" + ], + "Resource": "arn:aws:glue:*:*:session/*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/owner": "${aws:PrincipalTag/owner}", + "aws:RequestTag/owner": "${aws:PrincipalTag/owner}" + } + } + }, { "Effect": "Allow", "Action": [ @@ -72,7 +86,6 @@ { "Effect": "Deny", "Action": [ - "glue:TagResource", "glue:UntagResource", "tag:TagResources", "tag:UntagResources" diff --git a/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedPolicy.json b/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedPolicy.json index 0dd1a8bb1..f475fa9f1 100644 --- a/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedPolicy.json +++ b/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedPolicy.json @@ -21,6 +21,20 @@ } } }, + { + "Sid": "AllowGlueTaggingAction", + "Effect": "Allow", + "Action": [ + "glue:TagResource" + ], + "Resource": "arn:aws:glue:*:*:session/*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/owner": "${aws:userid}", + "aws:RequestTag/owner": "${aws:userid}" + } + } + }, { "Sid": "AllowCompletionActions", "Effect": "Allow", @@ -67,7 +81,6 @@ "Sid": "DenyTagActions", "Effect": "Deny", "Action": [ - "glue:TagResource", "glue:UntagResource", "tag:TagResources", "tag:UntagResources" diff --git a/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedServiceRole.json b/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedServiceRole.json index 3144fa1b3..4e71069c6 100644 --- a/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedServiceRole.json +++ b/docs/source/_static/managed-policies/AwsGlueSessionUserRestrictedServiceRole.json @@ -53,6 +53,20 @@ } } }, + { + "Sid": "AllowGlueTaggingAction", + "Effect": "Allow", + "Action": [ + "glue:TagResource" + ], + "Resource": "arn:aws:glue:*:*:session/*", + "Condition": { + "StringEquals": { + "aws:ResourceTag/owner": "${aws:userid}", + "aws:RequestTag/owner": "${aws:userid}" + } + } + }, { "Sid": "AllowStatementActions", "Effect": "Allow", @@ -88,7 +102,6 @@ "Sid": "DenyTagActions", "Effect": "Deny", "Action": [ - "glue:TagResource", "glue:UntagResource", "tag:TagResources", "tag:UntagResources" diff --git a/docs/source/_static/managed-policies/CloudWatchInternetMonitorFullAccess.json b/docs/source/_static/managed-policies/CloudWatchInternetMonitorFullAccess.json new file mode 100644 index 000000000..2107c2adc --- /dev/null +++ b/docs/source/_static/managed-policies/CloudWatchInternetMonitorFullAccess.json @@ -0,0 +1,70 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "FullAccessActions", + "Effect": "Allow", + "Action": [ + "internetmonitor:CreateMonitor", + "internetmonitor:DeleteMonitor", + "internetmonitor:GetHealthEvent", + "internetmonitor:GetInternetEvent", + "internetmonitor:GetMonitor", + "internetmonitor:GetQueryResults", + "internetmonitor:GetQueryStatus", + "internetmonitor:Link", + "internetmonitor:ListHealthEvents", + "internetmonitor:ListInternetEvents", + "internetmonitor:ListMonitors", + "internetmonitor:ListTagsForResource", + "internetmonitor:StartQuery", + "internetmonitor:StopQuery", + "internetmonitor:TagResource", + "internetmonitor:UntagResource", + "internetmonitor:UpdateMonitor" + ], + "Resource": "*" + }, + { + "Sid": "ServiceLinkedRoleActions", + "Effect": "Allow", + "Action": "iam:CreateServiceLinkedRole", + "Resource": "arn:aws:iam::*:role/aws-service-role/internetmonitor.amazonaws.com/AWSServiceRoleForInternetMonitor", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "internetmonitor.amazonaws.com" + } + } + }, + { + "Sid": "RolePolicyActions", + "Effect": "Allow", + "Action": [ + "iam:AttachRolePolicy" + ], + "Resource": "arn:aws:iam::*:role/aws-service-role/internetmonitor.amazonaws.com/AWSServiceRoleForInternetMonitor", + "Condition": { + "ArnEquals": { + "iam:PolicyARN": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy" + } + } + }, + { + "Sid": "ReadOnlyActions", + "Effect": "Allow", + "Action": [ + "cloudwatch:GetMetricData", + "cloudfront:GetDistribution", + "cloudfront:ListDistributions", + "ec2:DescribeVpcs", + "elasticloadbalancing:DescribeLoadBalancers", + "logs:DescribeLogGroups", + "logs:GetQueryResults", + "logs:StartQuery", + "logs:StopQuery", + "workspaces:DescribeWorkspaceDirectories" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/CloudWatchLambdaApplicationSignalsExecutionRolePolicy.json b/docs/source/_static/managed-policies/CloudWatchLambdaApplicationSignalsExecutionRolePolicy.json new file mode 100644 index 000000000..90b36eb47 --- /dev/null +++ b/docs/source/_static/managed-policies/CloudWatchLambdaApplicationSignalsExecutionRolePolicy.json @@ -0,0 +1,35 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "CloudWatchApplicationSignalsXrayWritePermissions", + "Effect": "Allow", + "Action": [ + "xray:PutTraceSegments" + ], + "Resource": [ + "*" + ], + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + }, + { + "Sid": "CloudWatchApplicationSignalsLogGroupWritePermissions", + "Effect": "Allow", + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Resource": "arn:aws:logs:*:*:log-group:/aws/application-signals/data:*", + "Condition": { + "StringEquals": { + "aws:ResourceAccount": "${aws:PrincipalAccount}" + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/CloudWatchSyntheticsFullAccess.json b/docs/source/_static/managed-policies/CloudWatchSyntheticsFullAccess.json index 2fd4a19db..80495b01d 100644 --- a/docs/source/_static/managed-policies/CloudWatchSyntheticsFullAccess.json +++ b/docs/source/_static/managed-policies/CloudWatchSyntheticsFullAccess.json @@ -114,7 +114,10 @@ "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:GetFunctionConfiguration", - "lambda:DeleteFunction" + "lambda:DeleteFunction", + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource" ], "Resource": [ "arn:aws:lambda:*:*:function:cwsyn-*" @@ -129,7 +132,8 @@ ], "Resource": [ "arn:aws:lambda:*:*:layer:cwsyn-*", - "arn:aws:lambda:*:*:layer:Synthetics:*" + "arn:aws:lambda:*:*:layer:Synthetics:*", + "arn:aws:lambda:*:*:layer:Synthetics_Selenium:*" ] }, { diff --git a/docs/source/_static/managed-policies/ElasticLoadBalancingFullAccess.json b/docs/source/_static/managed-policies/ElasticLoadBalancingFullAccess.json index ec91b7da8..175c8c482 100644 --- a/docs/source/_static/managed-policies/ElasticLoadBalancingFullAccess.json +++ b/docs/source/_static/managed-policies/ElasticLoadBalancingFullAccess.json @@ -22,6 +22,7 @@ "ec2:DescribeRouteTables", "ec2:DescribeCoipPools", "ec2:GetCoipPoolUsage", + "ec2:GetSecurityGroupsForVpc", "ec2:DescribeVpcPeeringConnections", "cognito-idp:DescribeUserPoolClient" ], diff --git a/docs/source/_static/managed-policies/IVSReadOnlyAccess.json b/docs/source/_static/managed-policies/IVSReadOnlyAccess.json index 2fc1fa540..63efd012d 100644 --- a/docs/source/_static/managed-policies/IVSReadOnlyAccess.json +++ b/docs/source/_static/managed-policies/IVSReadOnlyAccess.json @@ -9,9 +9,11 @@ "ivs:GetChannel", "ivs:GetComposition", "ivs:GetEncoderConfiguration", + "ivs:GetIngestConfiguration", "ivs:GetParticipant", "ivs:GetPlaybackKeyPair", "ivs:GetPlaybackRestrictionPolicy", + "ivs:GetPublicKey", "ivs:GetRecordingConfiguration", "ivs:GetStage", "ivs:GetStageSession", @@ -21,10 +23,12 @@ "ivs:ListChannels", "ivs:ListCompositions", "ivs:ListEncoderConfigurations", + "ivs:ListIngestConfigurations", "ivs:ListParticipants", "ivs:ListParticipantEvents", "ivs:ListPlaybackKeyPairs", "ivs:ListPlaybackRestrictionPolicies", + "ivs:ListPublicKeys", "ivs:ListRecordingConfigurations", "ivs:ListStages", "ivs:ListStageSessions", diff --git a/docs/source/_static/managed-policies/PowerUserAccess.json b/docs/source/_static/managed-policies/PowerUserAccess.json index 565169632..8a27abd67 100644 --- a/docs/source/_static/managed-policies/PowerUserAccess.json +++ b/docs/source/_static/managed-policies/PowerUserAccess.json @@ -13,12 +13,13 @@ { "Effect": "Allow", "Action": [ + "account:GetAccountInformation", + "account:GetPrimaryEmail", + "account:ListRegions", "iam:CreateServiceLinkedRole", "iam:DeleteServiceLinkedRole", "iam:ListRoles", - "organizations:DescribeOrganization", - "account:ListRegions", - "account:GetAccountInformation" + "organizations:DescribeOrganization" ], "Resource": "*" } diff --git a/docs/source/_static/managed-policies/QAppsServiceRolePolicy.json b/docs/source/_static/managed-policies/QAppsServiceRolePolicy.json new file mode 100644 index 000000000..e8a2bba06 --- /dev/null +++ b/docs/source/_static/managed-policies/QAppsServiceRolePolicy.json @@ -0,0 +1,18 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "QAppsPutMetricDataPermission", + "Effect": "Allow", + "Action": [ + "cloudwatch:PutMetricData" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "AWS/QApps" + } + } + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/ReadOnlyAccess.json b/docs/source/_static/managed-policies/ReadOnlyAccess.json index 3e0780505..6a3e1c89f 100644 --- a/docs/source/_static/managed-policies/ReadOnlyAccess.json +++ b/docs/source/_static/managed-policies/ReadOnlyAccess.json @@ -104,11 +104,11 @@ "application-signals:BatchGetServiceLevelObjectiveBudgetReport", "application-signals:GetService", "application-signals:GetServiceLevelObjective", - "application-signals:ListServices", "application-signals:ListServiceDependencies", "application-signals:ListServiceDependents", "application-signals:ListServiceLevelObjectives", "application-signals:ListServiceOperations", + "application-signals:ListServices", "application-signals:ListTagsForResource", "applicationinsights:Describe*", "applicationinsights:List*", @@ -219,12 +219,19 @@ "bedrock:GetAgentVersion", "bedrock:GetCustomModel", "bedrock:GetDataSource", + "bedrock:GetEvaluationJob", + "bedrock:GetFlow", + "bedrock:GetFlowAlias", + "bedrock:GetFlowVersion", "bedrock:GetFoundationModel", "bedrock:GetFoundationModelAvailability", + "bedrock:GetGuardrail", + "bedrock:GetInferenceProfile", "bedrock:GetIngestionJob", "bedrock:GetKnowledgeBase", "bedrock:GetModelCustomizationJob", "bedrock:GetModelInvocationLoggingConfiguration", + "bedrock:GetPrompt", "bedrock:GetProvisionedModelThroughput", "bedrock:GetUseCaseForModelAccess", "bedrock:ListAgentActionGroups", @@ -234,11 +241,18 @@ "bedrock:ListAgentVersions", "bedrock:ListCustomModels", "bedrock:ListDataSources", + "bedrock:ListEvaluationJobs", + "bedrock:ListFlows", + "bedrock:ListFlowAliases", + "bedrock:ListFlowVersions", "bedrock:ListFoundationModelAgreementOffers", "bedrock:ListFoundationModels", + "bedrock:ListGuardrails", + "bedrock:ListInferenceProfiles", "bedrock:ListIngestionJobs", "bedrock:ListKnowledgeBases", "bedrock:ListModelCustomizationJobs", + "bedrock:ListPrompts", "bedrock:ListProvisionedModelThroughputs", "billing:GetBillingData", "billing:GetBillingDetails", @@ -268,6 +282,7 @@ "braket:SearchJobs", "braket:SearchQuantumTasks", "budgets:Describe*", + "budgets:ListTagsForResource", "budgets:View*", "cassandra:Select", "ce:DescribeCostCategoryDefinition", @@ -294,8 +309,8 @@ "ce:GetSavingsPlansUtilizationDetails", "ce:GetTags", "ce:GetUsageForecast", - "ce:ListCostAllocationTags", "ce:ListCostAllocationTagBackfillHistory", + "ce:ListCostAllocationTags", "ce:ListCostCategoryDefinitions", "ce:ListSavingsPlansPurchaseRecommendationGeneration", "ce:ListTagsForResource", @@ -310,6 +325,17 @@ "chime:Retrieve*", "chime:Search*", "chime:Validate*", + "cleanrooms-ml:GetAudienceGenerationJob", + "cleanrooms-ml:GetAudienceModel", + "cleanrooms-ml:GetConfiguredAudienceModel", + "cleanrooms-ml:GetConfiguredAudienceModelPolicy", + "cleanrooms-ml:GetTrainingDataset", + "cleanrooms-ml:ListAudienceExportJobs", + "cleanrooms-ml:ListAudienceGenerationJobs", + "cleanrooms-ml:ListAudienceModels", + "cleanrooms-ml:ListConfiguredAudienceModels", + "cleanrooms-ml:ListTagsForResource", + "cleanrooms-ml:ListTrainingDatasets", "cleanrooms:BatchGetCollaborationAnalysisTemplate", "cleanrooms:BatchGetSchema", "cleanrooms:GetAnalysisTemplate", @@ -334,17 +360,6 @@ "cleanrooms:ListProtectedQueries", "cleanrooms:ListSchemas", "cleanrooms:ListTagsForResource", - "cleanrooms-ml:GetTrainingDataset", - "cleanrooms-ml:GetAudienceGenerationJob", - "cleanrooms-ml:GetAudienceModel", - "cleanrooms-ml:GetConfiguredAudienceModel", - "cleanrooms-ml:GetConfiguredAudienceModelPolicy", - "cleanrooms-ml:ListAudienceExportJobs", - "cleanrooms-ml:ListAudienceGenerationJobs", - "cleanrooms-ml:ListAudienceModels", - "cleanrooms-ml:ListConfiguredAudienceModels", - "cleanrooms-ml:ListTrainingDatasets", - "cleanrooms-ml:ListTagsForResource", "cloud9:Describe*", "cloud9:List*", "clouddirectory:BatchRead", @@ -543,6 +558,69 @@ "datapipeline:Validate*", "datasync:Describe*", "datasync:List*", + "datazone:GetAsset", + "datazone:GetAssetType", + "datazone:GetDataProduct", + "datazone:GetDataSource", + "datazone:GetDataSourceRun", + "datazone:GetDomain", + "datazone:GetDomainSharingPolicy", + "datazone:GetDomainUnit", + "datazone:GetEnvironment", + "datazone:GetEnvironmentAction", + "datazone:GetEnvironmentBlueprint", + "datazone:GetEnvironmentBlueprintConfiguration", + "datazone:GetEnvironmentProfile", + "datazone:GetFormType", + "datazone:GetGlossary", + "datazone:GetGlossaryTerm", + "datazone:GetGroupProfile", + "datazone:GetLineageNode", + "datazone:GetListing", + "datazone:GetListing", + "datazone:GetMetadataGenerationRun", + "datazone:GetProject", + "datazone:GetProjectProfile", + "datazone:GetSubscription", + "datazone:GetSubscriptionEligibility", + "datazone:GetSubscriptionGrant", + "datazone:GetSubscriptionRequestDetails", + "datazone:GetSubscriptionTarget", + "datazone:GetTimeSeriesDataPoint", + "datazone:GetUserProfile", + "datazone:ListAccountEnvironments", + "datazone:ListAssetRevisions", + "datazone:ListDataProductRevisions", + "datazone:ListDataSourceRunActivities", + "datazone:ListDataSourceRuns", + "datazone:ListDataSources", + "datazone:ListDomains", + "datazone:ListDomainUnitsForParent", + "datazone:ListEntityOwners", + "datazone:ListEnvironmentActions", + "datazone:ListEnvironmentBlueprintConfigurations", + "datazone:ListEnvironmentBlueprintConfigurationSummaries", + "datazone:ListEnvironmentBlueprints", + "datazone:ListEnvironmentProfiles", + "datazone:ListEnvironments", + "datazone:ListGroupsForUser", + "datazone:ListLineageNodeHistory", + "datazone:ListNotifications", + "datazone:ListPolicyGrants", + "datazone:ListProjectMemberships", + "datazone:ListProjectProfiles", + "datazone:ListProjects", + "datazone:ListSubscriptionGrants", + "datazone:ListSubscriptionRequests", + "datazone:ListSubscriptions", + "datazone:ListSubscriptionTargets", + "datazone:ListTagsForResource", + "datazone:ListTimeSeriesDataPoints", + "datazone:Search", + "datazone:SearchGroupProfiles", + "datazone:SearchListings", + "datazone:SearchTypes", + "datazone:SearchUserProfiles", "dax:BatchGetItem", "dax:Describe*", "dax:GetItem", @@ -575,6 +653,7 @@ "deadline:ListFleetMembers", "deadline:ListFleets", "deadline:ListJobMembers", + "deadline:ListJobParameterDefinitions", "deadline:ListJobs", "deadline:ListLicenseEndpoints", "deadline:ListMeteredProducts", @@ -897,8 +976,8 @@ "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTable", - "glue:GetTables", "glue:GetTableOptimizer", + "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions", "glue:GetTags", @@ -1087,8 +1166,8 @@ "iotwireless:GetEventConfigurationByResourceTypes", "iotwireless:GetFuotaTask", "iotwireless:GetLogLevelsByResourceTypes", - "iotwireless:GetMetrics", "iotwireless:GetMetricConfiguration", + "iotwireless:GetMetrics", "iotwireless:GetMulticastGroup", "iotwireless:GetMulticastGroupSession", "iotwireless:GetNetworkAnalyzerConfiguration", @@ -1131,25 +1210,29 @@ "ivs:GetChannel", "ivs:GetComposition", "ivs:GetEncoderConfiguration", - "ivs:GetStage", - "ivs:GetStageSession", + "ivs:GetIngestConfiguration", + "ivs:GetPublicKey", "ivs:GetParticipant", "ivs:GetPlaybackKeyPair", "ivs:GetPlaybackRestrictionPolicy", "ivs:GetRecordingConfiguration", + "ivs:GetStage", + "ivs:GetStageSession", "ivs:GetStreamSession", "ivs:ListChannels", "ivs:ListCompositions", "ivs:ListEncoderConfigurations", - "ivs:ListParticipants", + "ivs:ListIngestConfigurations", "ivs:ListParticipantEvents", + "ivs:ListParticipants", "ivs:ListPlaybackKeyPairs", "ivs:ListPlaybackRestrictionPolicies", + "ivs:ListPublicKeys", "ivs:ListRecordingConfigurations", "ivs:ListStages", "ivs:ListStageSessions", - "ivs:ListStreams", "ivs:ListStreamKeys", + "ivs:ListStreams", "ivs:ListStreamSessions", "ivs:ListTagsForResource", "ivschat:GetLoggingConfiguration", @@ -1270,13 +1353,13 @@ "lex:DescribeSlot", "lex:DescribeSlotType", "lex:Get*", - "lex:ListBotAliasReplicas", "lex:ListBotAliases", + "lex:ListBotAliasReplicas", "lex:ListBotChannels", "lex:ListBotLocales", "lex:ListBotReplicas", - "lex:ListBotVersionReplicas", "lex:ListBots", + "lex:ListBotVersionReplicas", "lex:ListBotVersions", "lex:ListBuiltInIntents", "lex:ListBuiltInSlotTypes", @@ -1687,6 +1770,11 @@ "pca-connector-ad:ListTagsForResource", "pca-connector-ad:ListTemplateGroupAccessControlEntries", "pca-connector-ad:ListTemplates", + "pca-connector-scep:GetChallengeMetadata", + "pca-connector-scep:GetConnector", + "pca-connector-scep:ListChallengeMetadata", + "pca-connector-scep:ListConnectors", + "pca-connector-scep:ListTagsForResource", "personalize:Describe*", "personalize:Get*", "personalize:List*", @@ -1728,6 +1816,25 @@ "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ViewPurchaseOrders", + "qbusiness:GetApplication", + "qbusiness:GetChatControlsConfiguration", + "qbusiness:GetDataSource", + "qbusiness:GetGroup", + "qbusiness:GetIndex", + "qbusiness:GetPlugin", + "qbusiness:GetRetriever", + "qbusiness:GetUser", + "qbusiness:GetWebExperience", + "qbusiness:ListApplications", + "qbusiness:ListDataSources", + "qbusiness:ListDataSourceSyncJobs", + "qbusiness:ListGroups", + "qbusiness:ListIndices", + "qbusiness:ListPlugins", + "qbusiness:ListRetrievers", + "qbusiness:ListSubscriptions", + "qbusiness:ListTagsForResource", + "qbusiness:ListWebExperiences", "qldb:DescribeJournalKinesisStream", "qldb:DescribeJournalS3Export", "qldb:DescribeLedger", @@ -1810,6 +1917,7 @@ "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:DescribeDraftAppVersionResourcesImportStatus", "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:DescribeResourceGroupingRecommendationTask", "resiliencehub:ListAlarmRecommendations", "resiliencehub:ListAppAssessmentComplianceDrifts", "resiliencehub:ListAppAssessmentResourceDrifts", @@ -1824,6 +1932,7 @@ "resiliencehub:ListAppVersions", "resiliencehub:ListRecommendationTemplates", "resiliencehub:ListResiliencyPolicies", + "resiliencehub:ListResourceGroupingRecommendations", "resiliencehub:ListSopRecommendations", "resiliencehub:ListSuggestedResiliencyPolicies", "resiliencehub:ListTagsForResource", @@ -1888,10 +1997,23 @@ "s3-outposts:GetBucket", "s3-outposts:GetBucketPolicy", "s3-outposts:GetBucketTagging", + "s3-outposts:GetBucketVersioning", "s3-outposts:GetLifecycleConfiguration", + "s3-outposts:GetObject", + "s3-outposts:GetObjectTagging", + "s3-outposts:GetObjectVersion", + "s3-outposts:GetObjectVersionForReplication", + "s3-outposts:GetObjectVersionTagging", + "s3-outposts:GetReplicationConfiguration", "s3-outposts:ListAccessPoints", + "s3-outposts:ListBucket", + "s3-outposts:ListBucketMultipartUploads", + "s3-outposts:ListBucketVersions", "s3-outposts:ListEndpoints", + "s3-outposts:ListMultipartUploadParts", + "s3-outposts:ListOutpostsWithS3", "s3-outposts:ListRegionalBuckets", + "s3-outposts:ListSharedEndpoints", "s3:DescribeJob", "s3:Get*", "s3:List*", @@ -1926,6 +2048,8 @@ "secretsmanager:Describe*", "secretsmanager:GetResourcePolicy", "secretsmanager:List*", + "securityhub:BatchGetAutomationRules", + "securityhub:BatchGetConfigurationPolicyAssociations", "securityhub:BatchGetControlEvaluations", "securityhub:BatchGetSecurityControls", "securityhub:BatchGetStandardsControlAssociations", @@ -2023,6 +2147,17 @@ "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm-incidents:ListTimelineEvents", + "ssm-sap:GetApplication", + "ssm-sap:GetComponent", + "ssm-sap:GetDatabase", + "ssm-sap:GetOperation", + "ssm-sap:GetResourcePermission", + "ssm-sap:ListApplications", + "ssm-sap:ListComponents", + "ssm-sap:ListDatabases", + "ssm-sap:ListOperationEvents", + "ssm-sap:ListOperations", + "ssm-sap:ListTagsForResource", "ssm:Describe*", "ssm:Get*", "ssm:List*", @@ -2105,6 +2240,17 @@ "translate:ListTerminologies", "translate:ListTextTranslationJobs", "trustedadvisor:Describe*", + "trustedadvisor:GetOrganizationRecommendation", + "trustedadvisor:GetRecommendation", + "trustedadvisor:ListChecks", + "trustedadvisor:ListOrganizationRecommendationAccounts", + "trustedadvisor:ListOrganizationRecommendationResources", + "trustedadvisor:ListOrganizationRecommendations", + "trustedadvisor:ListRecommendationResources", + "trustedadvisor:ListRecommendations", + "user-subscriptions:ListApplicationClaims", + "user-subscriptions:ListClaims", + "user-subscriptions:ListUserSubscriptions", "verifiedpermissions:GetIdentitySource", "verifiedpermissions:GetPolicy", "verifiedpermissions:GetPolicyStore", diff --git a/docs/source/_static/managed-policies/ResourceGroupsTaggingAPITagUntagSupportedResources.json b/docs/source/_static/managed-policies/ResourceGroupsTaggingAPITagUntagSupportedResources.json new file mode 100644 index 000000000..17aa07f28 --- /dev/null +++ b/docs/source/_static/managed-policies/ResourceGroupsTaggingAPITagUntagSupportedResources.json @@ -0,0 +1,340 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "a4b:TagResource", + "a4b:UntagResource", + "access-analyzer:TagResource", + "access-analyzer:UntagResource", + "acm-pca:TagCertificateAuthority", + "acm-pca:UntagCertificateAuthority", + "acm:AddTagsToCertificate", + "acm:RemoveTagsFromCertificate", + "amplify:TagResource", + "amplify:UntagResource", + "appconfig:TagResource", + "appconfig:UntagResource", + "appflow:TagResource", + "appflow:UntagResource", + "appmesh:TagResource", + "appmesh:UntagResource", + "appstream:TagResource", + "appstream:UntagResource", + "appsync:TagResource", + "appsync:UntagResource", + "athena:TagResource", + "athena:UntagResource", + "auditmanager:TagResource", + "auditmanager:UntagResource", + "autoscaling:CreateOrUpdateTags", + "autoscaling:DeleteTags", + "backup:TagResource", + "backup:UntagResource", + "batch:TagResource", + "batch:UntagResource", + "braket:TagResource", + "braket:UntagResource", + "cassandra:TagResource", + "cassandra:UntagResource", + "chime:TagResource", + "chime:UntagResource", + "cloud9:TagResource", + "cloud9:UntagResource", + "clouddirectory:TagResource", + "clouddirectory:UntagResource", + "cloudfront:TagResource", + "cloudfront:UntagResource", + "cloudhsm:TagResource", + "cloudhsm:UntagResource", + "cloudtrail:AddTags", + "cloudtrail:RemoveTags", + "cloudwatch:TagResource", + "cloudwatch:UntagResource", + "codeartifact:TagResource", + "codeartifact:UntagResource", + "codecommit:TagResource", + "codecommit:UntagResource", + "codedeploy:AddTagsToOnPremisesInstances", + "codedeploy:RemoveTagsFromOnPremisesInstances", + "codedeploy:TagResource", + "codedeploy:UntagResource", + "codeguru-profiler:TagResource", + "codeguru-profiler:UntagResource", + "codepipeline:TagResource", + "codepipeline:UntagResource", + "codestar-connections:TagResource", + "codestar-connections:UntagResource", + "codestar:TagProject", + "codestar:UntagProject", + "cognito-identity:TagResource", + "cognito-identity:UntagResource", + "cognito-idp:TagResource", + "cognito-idp:UntagResource", + "comprehend:TagResource", + "comprehend:UntagResource", + "config:TagResource", + "config:UntagResource", + "connect:TagResource", + "connect:UntagResource", + "dataexchange:TagResource", + "dataexchange:UntagResource", + "datapipeline:AddTags", + "datapipeline:RemoveTags", + "datasync:TagResource", + "datasync:UntagResource", + "deepcomposer:TagResource", + "deepcomposer:UntagResource", + "detective:TagResource", + "detective:UntagResource", + "devicefarm:TagResource", + "devicefarm:UntagResource", + "directconnect:TagResource", + "directconnect:UntagResource", + "dlm:TagResource", + "dlm:UntagResource", + "dms:AddTagsToResource", + "dms:RemoveTagsFromResource", + "dynamodb:TagResource", + "dynamodb:UntagResource", + "ec2:CreateTags", + "ec2:DeleteTags", + "ecr:TagResource", + "ecr:UntagResource", + "ecs:TagResource", + "ecs:UntagResource", + "eks:TagResource", + "eks:UntagResource", + "elastic-inference:TagResource", + "elastic-inference:UntagResource", + "elasticache:AddTagsToResource", + "elasticache:RemoveTagsFromResource", + "elasticbeanstalk:UpdateTagsForResource", + "elasticfilesystem:CreateTags", + "elasticfilesystem:DeleteTags", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags", + "elasticmapreduce:AddTags", + "elasticmapreduce:RemoveTags", + "emr-containers:TagResource", + "emr-containers:UntagResource", + "es:AddTags", + "es:RemoveTags", + "events:TagResource", + "events:UntagResource", + "firehose:TagDeliveryStream", + "firehose:UntagDeliveryStream", + "fms:TagResource", + "fms:UntagResource", + "forecast:TagResource", + "forecast:UntagResource", + "frauddetector:TagResource", + "frauddetector:UntagResource", + "fsx:TagResource", + "fsx:UntagResource", + "gamelift:TagResource", + "gamelift:UntagResource", + "glacier:AddTagsToVault", + "glacier:RemoveTagsFromVault", + "globalaccelerator:TagResource", + "globalaccelerator:UntagResource", + "glue:TagResource", + "glue:UntagResource", + "greengrass:TagResource", + "greengrass:UntagResource", + "groundstation:TagResource", + "groundstation:UntagResource", + "guardduty:TagResource", + "guardduty:UntagResource", + "iam:TagInstanceProfile", + "iam:TagMFADevice", + "iam:TagOpenIDConnectProvider", + "iam:TagPolicy", + "iam:TagRole", + "iam:TagSAMLProvider", + "iam:TagServerCertificate", + "iam:TagUser", + "iam:UntagInstanceProfile", + "iam:UntagMFADevice", + "iam:UntagOpenIDConnectProvider", + "iam:UntagPolicy", + "iam:UntagRole", + "iam:UntagSAMLProvider", + "iam:UntagServerCertificate", + "iam:UntagUser", + "imagebuilder:TagResource", + "imagebuilder:UntagResource", + "inspector:ListTagsForResource", + "inspector:SetTagsForResource", + "iot1click:TagResource", + "iot1click:UntagResource", + "iot:TagResource", + "iot:UntagResource", + "iotanalytics:TagResource", + "iotanalytics:UntagResource", + "iotdeviceadvisor:TagResource", + "iotdeviceadvisor:UntagResource", + "iotevents:TagResource", + "iotevents:UntagResource", + "iotfleethub:TagResource", + "iotfleethub:UntagResource", + "iotsitewise:TagResource", + "iotsitewise:UntagResource", + "iottwinmaker:TagResource", + "iottwinmaker:UntagResource", + "iotwireless:TagResource", + "iotwireless:UntagResource", + "ivs:TagResource", + "ivs:UntagResource", + "kafka:TagResource", + "kafka:UntagResource", + "kendra:TagResource", + "kendra:UntagResource", + "kinesis:AddTagsToStream", + "kinesis:RemoveTagsFromStream", + "kinesisanalytics:TagResource", + "kinesisanalytics:UntagResource", + "kms:TagResource", + "kms:UntagResource", + "lambda:TagResource", + "lambda:UntagResource", + "lex:TagResource", + "lex:UntagResource", + "license-manager:TagResource", + "license-manager:UntagResource", + "lightsail:TagResource", + "lightsail:UntagResource", + "logs:TagLogGroup", + "logs:TagResource", + "logs:UntagLogGroup", + "logs:UntagResource", + "lookoutequipment:TagResource", + "lookoutequipment:UntagResource", + "machinelearning:AddTags", + "machinelearning:DeleteTags", + "macie2:TagResource", + "macie2:UntagResource", + "managedblockchain:TagResource", + "managedblockchain:UntagResource", + "mediaconnect:TagResource", + "mediaconnect:UntagResource", + "mediaconvert:TagResource", + "mediaconvert:UntagResource", + "medialive:CreateTags", + "medialive:DeleteTags", + "mediapackage-vod:TagResource", + "mediapackage-vod:UntagResource", + "mediapackage:TagResource", + "mediapackage:UntagResource", + "mediatailor:TagResource", + "mediatailor:UntagResource", + "mobiletargeting:TagResource", + "mobiletargeting:UntagResource", + "mq:CreateTags", + "mq:DeleteTags", + "neptune-graph:TagResource", + "neptune-graph:UntagResource", + "network-firewall:TagResource", + "network-firewall:UntagResource", + "networkmanager:TagResource", + "networkmanager:UntagResource", + "opsworks-cm:TagResource", + "opsworks-cm:UntagResource", + "opsworks:TagResource", + "opsworks:UntagResource", + "organizations:TagResource", + "organizations:UntagResource", + "outposts:TagResource", + "outposts:UntagResource", + "qldb:TagResource", + "qldb:UntagResource", + "quicksight:TagResource", + "quicksight:UntagResource", + "ram:TagResource", + "ram:UntagResource", + "rds:AddTagsToResource", + "rds:RemoveTagsFromResource", + "redshift:CreateTags", + "redshift:DeleteTags", + "resource-explorer-2:TagResource", + "resource-explorer-2:UntagResource", + "resource-groups:Tag", + "resource-groups:Untag", + "robomaker:TagResource", + "robomaker:UntagResource", + "route53:ChangeTagsForResource", + "route53domains:DeleteTagsForDomain", + "route53domains:UpdateTagsForDomain", + "route53resolver:TagResource", + "route53resolver:UntagResource", + "s3:GetBucketTagging", + "s3:GetJobTagging", + "s3:GetObjectTagging", + "s3:GetObjectVersionTagging", + "s3:GetStorageLensConfigurationTagging", + "s3:DeleteJobTagging", + "s3:DeleteObjectTagging", + "s3:DeleteObjectVersionTagging", + "s3:PutBucketTagging", + "s3:PutJobTagging", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging", + "s3:PutStorageLensConfigurationTagging", + "s3:DeleteStorageLensConfigurationTagging", + "s3:TagResource", + "s3:UntagResource", + "sagemaker:AddTags", + "sagemaker:DeleteTags", + "savingsplans:TagResource", + "savingsplans:UntagResource", + "schemas:TagResource", + "schemas:UntagResource", + "secretsmanager:TagResource", + "secretsmanager:UntagResource", + "securityhub:TagResource", + "securityhub:UntagResource", + "servicediscovery:TagResource", + "servicediscovery:UntagResource", + "servicequotas:TagResource", + "servicequotas:UntagResource", + "ses:TagResource", + "ses:UntagResource", + "sns:TagResource", + "sns:UntagResource", + "sqs:TagQueue", + "sqs:UntagQueue", + "ssm:AddTagsToResource", + "ssm:RemoveTagsFromResource", + "states:TagResource", + "states:UntagResource", + "storagegateway:AddTagsToResource", + "storagegateway:RemoveTagsFromResource", + "swf:TagResource", + "swf:UntagResource", + "synthetics:TagResource", + "synthetics:UntagResource", + "tag:GetResources", + "tag:TagResources", + "tag:UntagResources", + "transfer:TagResource", + "transfer:UntagResource", + "waf-regional:TagResource", + "waf-regional:UntagResource", + "waf:TagResource", + "waf:UntagResource", + "wafv2:TagResource", + "wafv2:UntagResource", + "worklink:TagResource", + "worklink:UntagResource", + "workmail:TagResource", + "workmail:UntagResource", + "workspaces:CreateTags", + "workspaces:DeleteTags", + "xray:TagResource", + "xray:UntagResource" + ], + "Resource": "*" + } + ] +} \ No newline at end of file diff --git a/docs/source/_static/managed-policies/SSMQuickSetupRolePolicy.json b/docs/source/_static/managed-policies/SSMQuickSetupRolePolicy.json index 996f3b1ec..a4101ba34 100644 --- a/docs/source/_static/managed-policies/SSMQuickSetupRolePolicy.json +++ b/docs/source/_static/managed-policies/SSMQuickSetupRolePolicy.json @@ -62,7 +62,9 @@ ], "Resource": [ "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-*", - "arn:aws:cloudformation:*:*:stack/StackSet-AWS-QuickSetup-*" + "arn:aws:cloudformation:*:*:stackset/SSMQuickSetup*", + "arn:aws:cloudformation:*:*:stack/StackSet-AWS-QuickSetup-*", + "arn:aws:cloudformation:*:*:stack/StackSet-SSMQuickSetup*" ] }, { @@ -74,8 +76,11 @@ ], "Resource": [ "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-*", + "arn:aws:cloudformation:*:*:stackset/SSMQuickSetup*", "arn:aws:cloudformation:*:*:stack/StackSet-AWS-QuickSetup-*", + "arn:aws:cloudformation:*:*:stack/StackSet-SSMQuickSetup*", "arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-*", + "arn:aws:cloudformation:*:*:stackset-target/SSMQuickSetup*", "arn:aws:cloudformation:*:*:type/resource/*" ], "Condition": { diff --git a/docs/source/_static/managed-policies/SecurityAudit.json b/docs/source/_static/managed-policies/SecurityAudit.json index 873ce180e..bdc69fc37 100644 --- a/docs/source/_static/managed-policies/SecurityAudit.json +++ b/docs/source/_static/managed-policies/SecurityAudit.json @@ -16,6 +16,7 @@ "access-analyzer:ListFindings", "access-analyzer:ListTagsForResource", "account:GetAlternateContact", + "account:GetPrimaryEmail", "account:GetRegionOptStatus", "acm-pca:DescribeCertificateAuthority", "acm-pca:DescribeCertificateAuthorityAuditReport", @@ -425,11 +426,18 @@ "lightsail:GetInstances", "lightsail:GetLoadBalancers", "logs:Describe*", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", "logs:ListTagsForResource", "logs:ListTagsLogGroup", "lookoutequipment:ListDatasets", "lookoutmetrics:ListAnomalyDetectors", "lookoutvision:ListProjects", + "m2:ListEnvironments", + "m2:ListApplications", + "m2:GetEnvironment", + "m2:GetApplication", + "m2:ListTagsForResource", "machinelearning:DescribeMLModels", "macie2:ListFindings", "managedblockchain:ListNetworks", @@ -476,6 +484,17 @@ "profile:GetDomain", "profile:ListDomains", "profile:ListIntegrations", + "qbusiness:ListApplications", + "qbusiness:ListDataSourceSyncJobs", + "qbusiness:ListDataSources", + "qbusiness:ListDocuments", + "qbusiness:ListGroups", + "qbusiness:ListIndices", + "qbusiness:ListPlugins", + "qbusiness:ListRetrievers", + "qbusiness:ListSubscriptions", + "qbusiness:ListTagsForResource", + "qbusiness:ListWebExperiences", "qldb:DescribeJournalS3Export", "qldb:DescribeLedger", "qldb:ListJournalS3Exports", diff --git a/docs/source/_static/managed-policies/ViewOnlyAccess.json b/docs/source/_static/managed-policies/ViewOnlyAccess.json index 6f25cac95..347bd3f6e 100644 --- a/docs/source/_static/managed-policies/ViewOnlyAccess.json +++ b/docs/source/_static/managed-policies/ViewOnlyAccess.json @@ -179,6 +179,7 @@ "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:List*", @@ -234,6 +235,11 @@ "lookoutvision:ListModelPackagingJobs", "lookoutvision:ListModels", "lookoutvision:ListProjects", + "m2:ListEnvironments", + "m2:ListApplications", + "m2:GetEnvironment", + "m2:GetApplication", + "m2:ListTagsForResource", "machinelearning:Describe*", "mediaconnect:ListEntitlements", "mediaconnect:ListFlows", diff --git a/docs/source/_static/managed-policies/index.json b/docs/source/_static/managed-policies/index.json index 5ff6a1e0b..1d42e4c11 100644 --- a/docs/source/_static/managed-policies/index.json +++ b/docs/source/_static/managed-policies/index.json @@ -1 +1 @@ -["AccessAnalyzerServiceRolePolicy","AdministratorAccess","AdministratorAccess-Amplify","AdministratorAccess-AWSElasticBeanstalk","AlexaForBusinessDeviceSetup","AlexaForBusinessFullAccess","AlexaForBusinessGatewayExecution","AlexaForBusinessLifesizeDelegatedAccessPolicy","AlexaForBusinessNetworkProfileServicePolicy","AlexaForBusinessPolyDelegatedAccessPolicy","AlexaForBusinessReadOnlyAccess","AmazonAPIGatewayAdministrator","AmazonAPIGatewayInvokeFullAccess","AmazonAPIGatewayPushToCloudWatchLogs","AmazonAppFlowFullAccess","AmazonAppFlowReadOnlyAccess","AmazonAppStreamFullAccess","AmazonAppStreamPCAAccess","AmazonAppStreamReadOnlyAccess","AmazonAppStreamServiceAccess","AmazonAthenaFullAccess","AmazonAugmentedAIFullAccess","AmazonAugmentedAIHumanLoopFullAccess","AmazonAugmentedAIIntegratedAPIAccess","AmazonBedrockFullAccess","AmazonBedrockReadOnly","AmazonBedrockStudioPermissionsBoundary","AmazonBraketFullAccess","AmazonBraketJobsExecutionPolicy","AmazonBraketServiceRolePolicy","AmazonChimeFullAccess","AmazonChimeReadOnly","AmazonChimeSDK","AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy","AmazonChimeSDKMessagingServiceRolePolicy","AmazonChimeServiceRolePolicy","AmazonChimeTranscriptionServiceLinkedRolePolicy","AmazonChimeUserManagement","AmazonChimeVoiceConnectorServiceLinkedRolePolicy","AmazonCloudDirectoryFullAccess","AmazonCloudDirectoryReadOnlyAccess","AmazonCloudWatchEvidentlyFullAccess","AmazonCloudWatchEvidentlyReadOnlyAccess","AmazonCloudWatchEvidentlyServiceRolePolicy","AmazonCloudWatchRUMFullAccess","AmazonCloudWatchRUMReadOnlyAccess","AmazonCloudWatchRUMServiceRolePolicy","AmazonCodeCatalystFullAccess","AmazonCodeCatalystReadOnlyAccess","AmazonCodeCatalystSupportAccess","AmazonCodeGuruProfilerAgentAccess","AmazonCodeGuruProfilerFullAccess","AmazonCodeGuruProfilerReadOnlyAccess","AmazonCodeGuruReviewerFullAccess","AmazonCodeGuruReviewerReadOnlyAccess","AmazonCodeGuruReviewerServiceRolePolicy","AmazonCodeGuruSecurityFullAccess","AmazonCodeGuruSecurityScanAccess","AmazonCognitoDeveloperAuthenticatedIdentities","AmazonCognitoIdpEmailServiceRolePolicy","AmazonCognitoIdpServiceRolePolicy","AmazonCognitoPowerUser","AmazonCognitoReadOnly","AmazonCognitoUnAuthedIdentitiesSessionPolicy","AmazonCognitoUnauthenticatedIdentities","AmazonConnect_FullAccess","AmazonConnectCampaignsServiceLinkedRolePolicy","AmazonConnectReadOnlyAccess","AmazonConnectServiceLinkedRolePolicy","AmazonConnectSynchronizationServiceRolePolicy","AmazonConnectVoiceIDFullAccess","AmazonDataZoneDomainExecutionRolePolicy","AmazonDataZoneEnvironmentRolePermissionsBoundary","AmazonDataZoneFullAccess","AmazonDataZoneFullUserAccess","AmazonDataZoneGlueManageAccessRolePolicy","AmazonDataZoneRedshiftGlueProvisioningPolicy","AmazonDataZoneRedshiftManageAccessRolePolicy","AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary","AmazonDataZoneSageMakerManageAccessRolePolicy","AmazonDataZoneSageMakerProvisioningRolePolicy","AmazonDetectiveFullAccess","AmazonDetectiveInvestigatorAccess","AmazonDetectiveMemberAccess","AmazonDetectiveOrganizationsAccess","AmazonDetectiveServiceLinkedRolePolicy","AmazonDevOpsGuruConsoleFullAccess","AmazonDevOpsGuruFullAccess","AmazonDevOpsGuruOrganizationsAccess","AmazonDevOpsGuruReadOnlyAccess","AmazonDevOpsGuruServiceRolePolicy","AmazonDMSCloudWatchLogsRole","AmazonDMSRedshiftS3Role","AmazonDMSVPCManagementRole","AmazonDocDB-ElasticServiceRolePolicy","AmazonDocDBConsoleFullAccess","AmazonDocDBElasticFullAccess","AmazonDocDBElasticReadOnlyAccess","AmazonDocDBFullAccess","AmazonDocDBReadOnlyAccess","AmazonDRSVPCManagement","AmazonDynamoDBFullAccess","AmazonDynamoDBFullAccesswithDataPipeline","AmazonDynamoDBReadOnlyAccess","AmazonEBSCSIDriverPolicy","AmazonEC2ContainerRegistryFullAccess","AmazonEC2ContainerRegistryPowerUser","AmazonEC2ContainerRegistryReadOnly","AmazonEC2ContainerServiceAutoscaleRole","AmazonEC2ContainerServiceEventsRole","AmazonEC2ContainerServiceforEC2Role","AmazonEC2ContainerServiceRole","AmazonEC2FullAccess","AmazonEC2ReadOnlyAccess","AmazonEC2RoleforAWSCodeDeploy","AmazonEC2RoleforAWSCodeDeployLimited","AmazonEC2RoleforDataPipelineRole","AmazonEC2RoleforSSM","AmazonEC2RolePolicyForLaunchWizard","AmazonEC2SpotFleetAutoscaleRole","AmazonEC2SpotFleetTaggingRole","AmazonECS_FullAccess","AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity","AmazonECSInfrastructureRolePolicyForVolumes","AmazonECSServiceRolePolicy","AmazonECSTaskExecutionRolePolicy","AmazonEFSCSIDriverPolicy","AmazonEKS_CNI_Policy","AmazonEKSClusterPolicy","AmazonEKSConnectorServiceRolePolicy","AmazonEKSFargatePodExecutionRolePolicy","AmazonEKSForFargateServiceRolePolicy","AmazonEKSLocalOutpostClusterPolicy","AmazonEKSLocalOutpostServiceRolePolicy","AmazonEKSServicePolicy","AmazonEKSServiceRolePolicy","AmazonEKSVPCResourceController","AmazonEKSWorkerNodePolicy","AmazonElastiCacheFullAccess","AmazonElastiCacheReadOnlyAccess","AmazonElasticContainerRegistryPublicFullAccess","AmazonElasticContainerRegistryPublicPowerUser","AmazonElasticContainerRegistryPublicReadOnly","AmazonElasticFileSystemClientFullAccess","AmazonElasticFileSystemClientReadOnlyAccess","AmazonElasticFileSystemClientReadWriteAccess","AmazonElasticFileSystemFullAccess","AmazonElasticFileSystemReadOnlyAccess","AmazonElasticFileSystemServiceRolePolicy","AmazonElasticFileSystemsUtils","AmazonElasticMapReduceEditorsRole","AmazonElasticMapReduceforAutoScalingRole","AmazonElasticMapReduceforEC2Role","AmazonElasticMapReduceFullAccess","AmazonElasticMapReducePlacementGroupPolicy","AmazonElasticMapReduceReadOnlyAccess","AmazonElasticMapReduceRole","AmazonElasticsearchServiceRolePolicy","AmazonElasticTranscoder_FullAccess","AmazonElasticTranscoder_JobsSubmitter","AmazonElasticTranscoder_ReadOnlyAccess","AmazonElasticTranscoderRole","AmazonEMRCleanupPolicy","AmazonEMRContainersServiceRolePolicy","AmazonEMRFullAccessPolicy_v2","AmazonEMRReadOnlyAccessPolicy_v2","AmazonEMRServerlessServiceRolePolicy","AmazonEMRServicePolicy_v2","AmazonESCognitoAccess","AmazonESFullAccess","AmazonESReadOnlyAccess","AmazonEventBridgeApiDestinationsServiceRolePolicy","AmazonEventBridgeFullAccess","AmazonEventBridgePipesFullAccess","AmazonEventBridgePipesOperatorAccess","AmazonEventBridgePipesReadOnlyAccess","AmazonEventBridgeReadOnlyAccess","AmazonEventBridgeSchedulerFullAccess","AmazonEventBridgeSchedulerReadOnlyAccess","AmazonEventBridgeSchemasFullAccess","AmazonEventBridgeSchemasReadOnlyAccess","AmazonEventBridgeSchemasServiceRolePolicy","AmazonFISServiceRolePolicy","AmazonForecastFullAccess","AmazonFraudDetectorFullAccessPolicy","AmazonFreeRTOSFullAccess","AmazonFreeRTOSOTAUpdate","AmazonFSxConsoleFullAccess","AmazonFSxConsoleReadOnlyAccess","AmazonFSxFullAccess","AmazonFSxReadOnlyAccess","AmazonFSxServiceRolePolicy","AmazonGlacierFullAccess","AmazonGlacierReadOnlyAccess","AmazonGrafanaAthenaAccess","AmazonGrafanaCloudWatchAccess","AmazonGrafanaRedshiftAccess","AmazonGrafanaServiceLinkedRolePolicy","AmazonGuardDutyFullAccess","AmazonGuardDutyMalwareProtectionServiceRolePolicy","AmazonGuardDutyReadOnlyAccess","AmazonGuardDutyServiceRolePolicy","AmazonHealthLakeFullAccess","AmazonHealthLakeReadOnlyAccess","AmazonHoneycodeFullAccess","AmazonHoneycodeReadOnlyAccess","AmazonHoneycodeServiceRolePolicy","AmazonHoneycodeTeamAssociationFullAccess","AmazonHoneycodeTeamAssociationReadOnlyAccess","AmazonHoneycodeWorkbookFullAccess","AmazonHoneycodeWorkbookReadOnlyAccess","AmazonInspector2AgentlessServiceRolePolicy","AmazonInspector2FullAccess","AmazonInspector2ManagedCisPolicy","AmazonInspector2ReadOnlyAccess","AmazonInspector2ServiceRolePolicy","AmazonInspectorFullAccess","AmazonInspectorReadOnlyAccess","AmazonInspectorServiceRolePolicy","AmazonKendraFullAccess","AmazonKendraReadOnlyAccess","AmazonKeyspacesFullAccess","AmazonKeyspacesReadOnlyAccess","AmazonKeyspacesReadOnlyAccess_v2","AmazonKinesisAnalyticsFullAccess","AmazonKinesisAnalyticsReadOnly","AmazonKinesisFirehoseFullAccess","AmazonKinesisFirehoseReadOnlyAccess","AmazonKinesisFullAccess","AmazonKinesisReadOnlyAccess","AmazonKinesisVideoStreamsFullAccess","AmazonKinesisVideoStreamsReadOnlyAccess","AmazonLaunchWizardFullAccessV2","AmazonLexChannelsAccess","AmazonLexFullAccess","AmazonLexReadOnly","AmazonLexReplicationPolicy","AmazonLexRunBotsOnly","AmazonLexV2BotPolicy","AmazonLookoutEquipmentFullAccess","AmazonLookoutEquipmentReadOnlyAccess","AmazonLookoutMetricsFullAccess","AmazonLookoutMetricsReadOnlyAccess","AmazonLookoutVisionConsoleFullAccess","AmazonLookoutVisionConsoleReadOnlyAccess","AmazonLookoutVisionFullAccess","AmazonLookoutVisionReadOnlyAccess","AmazonMachineLearningBatchPredictionsAccess","AmazonMachineLearningCreateOnlyAccess","AmazonMachineLearningFullAccess","AmazonMachineLearningManageRealTimeEndpointOnlyAccess","AmazonMachineLearningReadOnlyAccess","AmazonMachineLearningRealTimePredictionOnlyAccess","AmazonMachineLearningRoleforRedshiftDataSourceV3","AmazonMacieFullAccess","AmazonMacieHandshakeRole","AmazonMacieReadOnlyAccess","AmazonMacieServiceRole","AmazonMacieServiceRolePolicy","AmazonManagedBlockchainConsoleFullAccess","AmazonManagedBlockchainFullAccess","AmazonManagedBlockchainReadOnlyAccess","AmazonManagedBlockchainServiceRolePolicy","AmazonMCSFullAccess","AmazonMCSReadOnlyAccess","AmazonMechanicalTurkFullAccess","AmazonMechanicalTurkReadOnly","AmazonMemoryDBFullAccess","AmazonMemoryDBReadOnlyAccess","AmazonMobileAnalyticsFinancialReportAccess","AmazonMobileAnalyticsFullAccess","AmazonMobileAnalyticsNon-financialReportAccess","AmazonMobileAnalyticsWriteOnlyAccess","AmazonMonitronFullAccess","AmazonMQApiFullAccess","AmazonMQApiReadOnlyAccess","AmazonMQFullAccess","AmazonMQReadOnlyAccess","AmazonMQServiceRolePolicy","AmazonMSKConnectReadOnlyAccess","AmazonMSKFullAccess","AmazonMSKReadOnlyAccess","AmazonMWAAServiceRolePolicy","AmazonNimbleStudio-LaunchProfileWorker","AmazonNimbleStudio-StudioAdmin","AmazonNimbleStudio-StudioUser","AmazonOmicsFullAccess","AmazonOmicsReadOnlyAccess","AmazonOneEnterpriseFullAccess","AmazonOneEnterpriseInstallerAccess","AmazonOneEnterpriseReadOnlyAccess","AmazonOpenSearchDashboardsServiceRolePolicy","AmazonOpenSearchDirectQueryGlueCreateAccess","AmazonOpenSearchIngestionFullAccess","AmazonOpenSearchIngestionReadOnlyAccess","AmazonOpenSearchIngestionServiceRolePolicy","AmazonOpenSearchServerlessServiceRolePolicy","AmazonOpenSearchServiceCognitoAccess","AmazonOpenSearchServiceFullAccess","AmazonOpenSearchServiceReadOnlyAccess","AmazonOpenSearchServiceRolePolicy","AmazonPersonalizeFullAccess","AmazonPollyFullAccess","AmazonPollyReadOnlyAccess","AmazonPrometheusConsoleFullAccess","AmazonPrometheusFullAccess","AmazonPrometheusQueryAccess","AmazonPrometheusRemoteWriteAccess","AmazonPrometheusScraperServiceRolePolicy","AmazonQDeveloperAccess","AmazonQFullAccess","AmazonQLDBConsoleFullAccess","AmazonQLDBFullAccess","AmazonQLDBReadOnly","AmazonRDSBetaServiceRolePolicy","AmazonRDSCustomInstanceProfileRolePolicy","AmazonRDSCustomPreviewServiceRolePolicy","AmazonRDSCustomServiceRolePolicy","AmazonRDSDataFullAccess","AmazonRDSDirectoryServiceAccess","AmazonRDSEnhancedMonitoringRole","AmazonRDSFullAccess","AmazonRDSPerformanceInsightsFullAccess","AmazonRDSPerformanceInsightsReadOnly","AmazonRDSPreviewServiceRolePolicy","AmazonRDSReadOnlyAccess","AmazonRDSServiceRolePolicy","AmazonRedshiftAllCommandsFullAccess","AmazonRedshiftDataFullAccess","AmazonRedshiftFullAccess","AmazonRedshiftQueryEditor","AmazonRedshiftQueryEditorV2FullAccess","AmazonRedshiftQueryEditorV2NoSharing","AmazonRedshiftQueryEditorV2ReadSharing","AmazonRedshiftQueryEditorV2ReadWriteSharing","AmazonRedshiftReadOnlyAccess","AmazonRedshiftServiceLinkedRolePolicy","AmazonRekognitionCustomLabelsFullAccess","AmazonRekognitionFullAccess","AmazonRekognitionReadOnlyAccess","AmazonRekognitionServiceRole","AmazonRoute53AutoNamingFullAccess","AmazonRoute53AutoNamingReadOnlyAccess","AmazonRoute53AutoNamingRegistrantAccess","AmazonRoute53DomainsFullAccess","AmazonRoute53DomainsReadOnlyAccess","AmazonRoute53FullAccess","AmazonRoute53ProfilesFullAccess","AmazonRoute53ProfilesReadOnlyAccess","AmazonRoute53ReadOnlyAccess","AmazonRoute53RecoveryClusterFullAccess","AmazonRoute53RecoveryClusterReadOnlyAccess","AmazonRoute53RecoveryControlConfigFullAccess","AmazonRoute53RecoveryControlConfigReadOnlyAccess","AmazonRoute53RecoveryReadinessFullAccess","AmazonRoute53RecoveryReadinessReadOnlyAccess","AmazonRoute53ResolverFullAccess","AmazonRoute53ResolverReadOnlyAccess","AmazonS3FullAccess","AmazonS3ObjectLambdaExecutionRolePolicy","AmazonS3OutpostsFullAccess","AmazonS3OutpostsReadOnlyAccess","AmazonS3ReadOnlyAccess","AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy","AmazonSageMakerCanvasAIServicesAccess","AmazonSageMakerCanvasBedrockAccess","AmazonSageMakerCanvasDataPrepFullAccess","AmazonSageMakerCanvasDirectDeployAccess","AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy","AmazonSageMakerCanvasForecastAccess","AmazonSageMakerCanvasFullAccess","AmazonSageMakerClusterInstanceRolePolicy","AmazonSageMakerCoreServiceRolePolicy","AmazonSageMakerEdgeDeviceFleetPolicy","AmazonSageMakerFeatureStoreAccess","AmazonSageMakerFullAccess","AmazonSageMakerGeospatialExecutionRole","AmazonSageMakerGeospatialFullAccess","AmazonSageMakerGroundTruthExecution","AmazonSageMakerMechanicalTurkAccess","AmazonSageMakerModelGovernanceUseAccess","AmazonSageMakerModelRegistryFullAccess","AmazonSageMakerNotebooksServiceRolePolicy","AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy","AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy","AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy","AmazonSageMakerPipelinesIntegrations","AmazonSageMakerReadOnly","AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy","AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy","AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy","AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy","AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy","AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy","AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy","AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy","AmazonSecurityLakeAdministrator","AmazonSecurityLakeMetastoreManager","AmazonSecurityLakePermissionsBoundary","AmazonSESFullAccess","AmazonSESReadOnlyAccess","AmazonSESServiceRolePolicy","AmazonSNSFullAccess","AmazonSNSReadOnlyAccess","AmazonSNSRole","AmazonSQSFullAccess","AmazonSQSReadOnlyAccess","AmazonSSMAutomationApproverAccess","AmazonSSMAutomationRole","AmazonSSMDirectoryServiceAccess","AmazonSSMFullAccess","AmazonSSMMaintenanceWindowRole","AmazonSSMManagedEC2InstanceDefaultPolicy","AmazonSSMManagedInstanceCore","AmazonSSMPatchAssociation","AmazonSSMReadOnlyAccess","AmazonSSMServiceRolePolicy","AmazonTextractFullAccess","AmazonTextractServiceRole","AmazonTimestreamConsoleFullAccess","AmazonTimestreamFullAccess","AmazonTimestreamInfluxDBFullAccess","AmazonTimestreamInfluxDBServiceRolePolicy","AmazonTimestreamReadOnlyAccess","AmazonTranscribeFullAccess","AmazonTranscribeReadOnlyAccess","AmazonVPCCrossAccountNetworkInterfaceOperations","AmazonVPCFullAccess","AmazonVPCNetworkAccessAnalyzerFullAccessPolicy","AmazonVPCReachabilityAnalyzerFullAccessPolicy","AmazonVPCReachabilityAnalyzerPathComponentReadPolicy","AmazonVPCReadOnlyAccess","AmazonWorkDocsFullAccess","AmazonWorkDocsReadOnlyAccess","AmazonWorkMailEventsServiceRolePolicy","AmazonWorkMailFullAccess","AmazonWorkMailMessageFlowFullAccess","AmazonWorkMailMessageFlowReadOnlyAccess","AmazonWorkMailReadOnlyAccess","AmazonWorkSpacesAdmin","AmazonWorkSpacesApplicationManagerAdminAccess","AmazonWorkspacesPCAAccess","AmazonWorkSpacesPoolServiceAccess","AmazonWorkSpacesSecureBrowserReadOnly","AmazonWorkSpacesSelfServiceAccess","AmazonWorkSpacesServiceAccess","AmazonWorkSpacesThinClientReadOnlyAccess","AmazonWorkSpacesWebReadOnly","AmazonWorkSpacesWebServiceRolePolicy","AmazonZocaloFullAccess","AmazonZocaloReadOnlyAccess","AmplifyBackendDeployFullAccess","APIGatewayServiceRolePolicy","AppIntegrationsServiceLinkedRolePolicy","ApplicationAutoScalingForAmazonAppStreamAccess","ApplicationDiscoveryServiceContinuousExportServiceRolePolicy","AppRunnerNetworkingServiceRolePolicy","AppRunnerServiceRolePolicy","AppStudioServiceRolePolicy","AutoScalingConsoleFullAccess","AutoScalingConsoleReadOnlyAccess","AutoScalingFullAccess","AutoScalingNotificationAccessRole","AutoScalingReadOnlyAccess","AutoScalingServiceRolePolicy","AWS_ConfigRole","AWSAccountActivityAccess","AWSAccountManagementFullAccess","AWSAccountManagementReadOnlyAccess","AWSAccountUsageReportAccess","AWSAgentlessDiscoveryService","AWSAppFabricFullAccess","AWSAppFabricReadOnlyAccess","AWSAppFabricServiceRolePolicy","AWSApplicationAutoscalingAppStreamFleetPolicy","AWSApplicationAutoscalingCassandraTablePolicy","AWSApplicationAutoscalingComprehendEndpointPolicy","AWSApplicationAutoScalingCustomResourcePolicy","AWSApplicationAutoscalingDynamoDBTablePolicy","AWSApplicationAutoscalingEC2SpotFleetRequestPolicy","AWSApplicationAutoscalingECSServicePolicy","AWSApplicationAutoscalingElastiCacheRGPolicy","AWSApplicationAutoscalingEMRInstanceGroupPolicy","AWSApplicationAutoscalingKafkaClusterPolicy","AWSApplicationAutoscalingLambdaConcurrencyPolicy","AWSApplicationAutoscalingNeptuneClusterPolicy","AWSApplicationAutoscalingRDSClusterPolicy","AWSApplicationAutoscalingSageMakerEndpointPolicy","AWSApplicationAutoscalingWorkSpacesPoolPolicy","AWSApplicationDiscoveryAgentAccess","AWSApplicationDiscoveryAgentlessCollectorAccess","AWSApplicationDiscoveryServiceFullAccess","AWSApplicationMigrationAgentInstallationPolicy","AWSApplicationMigrationAgentPolicy","AWSApplicationMigrationAgentPolicy_v2","AWSApplicationMigrationConversionServerPolicy","AWSApplicationMigrationEC2Access","AWSApplicationMigrationFullAccess","AWSApplicationMigrationMGHAccess","AWSApplicationMigrationReadOnlyAccess","AWSApplicationMigrationReplicationServerPolicy","AWSApplicationMigrationServiceEc2InstancePolicy","AWSApplicationMigrationServiceRolePolicy","AWSApplicationMigrationSSMAccess","AWSApplicationMigrationVCenterClientPolicy","AWSAppMeshEnvoyAccess","AWSAppMeshFullAccess","AWSAppMeshPreviewEnvoyAccess","AWSAppMeshPreviewServiceRolePolicy","AWSAppMeshReadOnly","AWSAppMeshServiceRolePolicy","AWSAppRunnerFullAccess","AWSAppRunnerReadOnlyAccess","AWSAppRunnerServicePolicyForECRAccess","AWSAppSyncAdministrator","AWSAppSyncInvokeFullAccess","AWSAppSyncPushToCloudWatchLogs","AWSAppSyncSchemaAuthor","AWSAppSyncServiceRolePolicy","AWSArtifactAccountSync","AWSArtifactReportsReadOnlyAccess","AWSArtifactServiceRolePolicy","AWSAuditManagerAdministratorAccess","AWSAuditManagerServiceRolePolicy","AWSAutoScalingPlansEC2AutoScalingPolicy","AWSBackupAuditAccess","AWSBackupDataTransferAccess","AWSBackupFullAccess","AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync","AWSBackupOperatorAccess","AWSBackupOrganizationAdminAccess","AWSBackupRestoreAccessForSAPHANA","AWSBackupServiceLinkedRolePolicyForBackup","AWSBackupServiceLinkedRolePolicyForBackupTest","AWSBackupServiceRolePolicyForBackup","AWSBackupServiceRolePolicyForRestores","AWSBackupServiceRolePolicyForS3Backup","AWSBackupServiceRolePolicyForS3Restore","AWSBatchFullAccess","AWSBatchServiceEventTargetRole","AWSBatchServiceRole","AWSBCMDataExportsServiceRolePolicy","AWSBillingConductorFullAccess","AWSBillingConductorReadOnlyAccess","AWSBillingReadOnlyAccess","AWSBudgetsActions_RolePolicyForResourceAdministrationWithSSM","AWSBudgetsActionsWithAWSResourceControlAccess","AWSBudgetsReadOnlyAccess","AWSBugBustFullAccess","AWSBugBustPlayerAccess","AWSBugBustServiceRolePolicy","AWSCertificateManagerFullAccess","AWSCertificateManagerPrivateCAAuditor","AWSCertificateManagerPrivateCAFullAccess","AWSCertificateManagerPrivateCAPrivilegedUser","AWSCertificateManagerPrivateCAReadOnly","AWSCertificateManagerPrivateCAUser","AWSCertificateManagerReadOnly","AWSChatbotServiceLinkedRolePolicy","AWSCleanRoomsFullAccess","AWSCleanRoomsFullAccessNoQuerying","AWSCleanRoomsMLFullAccess","AWSCleanRoomsMLReadOnlyAccess","AWSCleanRoomsReadOnlyAccess","AWSCloud9Administrator","AWSCloud9EnvironmentMember","AWSCloud9ServiceRolePolicy","AWSCloud9SSMInstanceProfile","AWSCloud9User","AWSCloudFormationFullAccess","AWSCloudFormationReadOnlyAccess","AWSCloudFrontLogger","AWSCloudHSMFullAccess","AWSCloudHSMReadOnlyAccess","AWSCloudHSMRole","AWSCloudMapDiscoverInstanceAccess","AWSCloudMapFullAccess","AWSCloudMapReadOnlyAccess","AWSCloudMapRegisterInstanceAccess","AWSCloudShellFullAccess","AWSCloudTrail_FullAccess","AWSCloudTrail_ReadOnlyAccess","AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy","AWSCodeArtifactAdminAccess","AWSCodeArtifactReadOnlyAccess","AWSCodeBuildAdminAccess","AWSCodeBuildDeveloperAccess","AWSCodeBuildReadOnlyAccess","AWSCodeCommitFullAccess","AWSCodeCommitPowerUser","AWSCodeCommitReadOnly","AWSCodeDeployDeployerAccess","AWSCodeDeployFullAccess","AWSCodeDeployReadOnlyAccess","AWSCodeDeployRole","AWSCodeDeployRoleForCloudFormation","AWSCodeDeployRoleForECS","AWSCodeDeployRoleForECSLimited","AWSCodeDeployRoleForLambda","AWSCodeDeployRoleForLambdaLimited","AWSCodePipeline_FullAccess","AWSCodePipeline_ReadOnlyAccess","AWSCodePipelineApproverAccess","AWSCodePipelineCustomActionAccess","AWSCodeStarFullAccess","AWSCodeStarNotificationsServiceRolePolicy","AWSCodeStarServiceRole","AWSCompromisedKeyQuarantine","AWSCompromisedKeyQuarantineV2","AWSConfigMultiAccountSetupPolicy","AWSConfigRemediationServiceRolePolicy","AWSConfigRoleForOrganizations","AWSConfigRulesExecutionRole","AWSConfigServiceRolePolicy","AWSConfigUserAccess","AWSConnector","AWSControlTowerAccountServiceRolePolicy","AWSControlTowerServiceRolePolicy","AWSCostAndUsageReportAutomationPolicy","AWSDataExchangeFullAccess","AWSDataExchangeProviderFullAccess","AWSDataExchangeReadOnly","AWSDataExchangeSubscriberFullAccess","AWSDataLifecycleManagerServiceRole","AWSDataLifecycleManagerServiceRoleForAMIManagement","AWSDataLifecycleManagerSSMFullAccess","AWSDataPipeline_FullAccess","AWSDataPipeline_PowerUser","AWSDataSyncDiscoveryServiceRolePolicy","AWSDataSyncFullAccess","AWSDataSyncReadOnlyAccess","AWSDeadlineCloud-FleetWorker","AWSDeadlineCloud-UserAccessFarms","AWSDeadlineCloud-UserAccessFleets","AWSDeadlineCloud-UserAccessJobs","AWSDeadlineCloud-UserAccessQueues","AWSDeadlineCloud-WorkerHost","AWSDeepLensLambdaFunctionAccessPolicy","AWSDeepLensServiceRolePolicy","AWSDeepRacerAccountAdminAccess","AWSDeepRacerCloudFormationAccessPolicy","AWSDeepRacerDefaultMultiUserAccess","AWSDeepRacerFullAccess","AWSDeepRacerRoboMakerAccessPolicy","AWSDeepRacerServiceRolePolicy","AWSDenyAll","AWSDeviceFarmFullAccess","AWSDeviceFarmServiceRolePolicy","AWSDeviceFarmTestGridServiceRolePolicy","AWSDirectConnectFullAccess","AWSDirectConnectReadOnlyAccess","AWSDirectConnectServiceRolePolicy","AWSDirectoryServiceFullAccess","AWSDirectoryServiceReadOnlyAccess","AWSDiscoveryContinuousExportFirehosePolicy","AWSDMSFleetAdvisorServiceRolePolicy","AWSDMSServerlessServiceRolePolicy","AWSEC2CapacityReservationFleetRolePolicy","AWSEC2FleetServiceRolePolicy","AWSEC2SpotFleetServiceRolePolicy","AWSEC2SpotServiceRolePolicy","AWSEC2VssSnapshotPolicy","AWSECRPullThroughCache_ServiceRolePolicy","AWSElasticBeanstalkCustomPlatformforEC2Role","AWSElasticBeanstalkEnhancedHealth","AWSElasticBeanstalkMaintenance","AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy","AWSElasticBeanstalkManagedUpdatesServiceRolePolicy","AWSElasticBeanstalkMulticontainerDocker","AWSElasticBeanstalkReadOnly","AWSElasticBeanstalkRoleCore","AWSElasticBeanstalkRoleCWL","AWSElasticBeanstalkRoleECS","AWSElasticBeanstalkRoleRDS","AWSElasticBeanstalkRoleSNS","AWSElasticBeanstalkRoleWorkerTier","AWSElasticBeanstalkService","AWSElasticBeanstalkServiceRolePolicy","AWSElasticBeanstalkWebTier","AWSElasticBeanstalkWorkerTier","AWSElasticDisasterRecoveryAgentInstallationPolicy","AWSElasticDisasterRecoveryAgentPolicy","AWSElasticDisasterRecoveryConsoleFullAccess","AWSElasticDisasterRecoveryConsoleFullAccess_v2","AWSElasticDisasterRecoveryConversionServerPolicy","AWSElasticDisasterRecoveryCrossAccountReplicationPolicy","AWSElasticDisasterRecoveryEc2InstancePolicy","AWSElasticDisasterRecoveryFailbackInstallationPolicy","AWSElasticDisasterRecoveryFailbackPolicy","AWSElasticDisasterRecoveryLaunchActionsPolicy","AWSElasticDisasterRecoveryNetworkReplicationPolicy","AWSElasticDisasterRecoveryReadOnlyAccess","AWSElasticDisasterRecoveryRecoveryInstancePolicy","AWSElasticDisasterRecoveryReplicationServerPolicy","AWSElasticDisasterRecoveryServiceRolePolicy","AWSElasticDisasterRecoveryStagingAccountPolicy","AWSElasticDisasterRecoveryStagingAccountPolicy_v2","AWSElasticLoadBalancingClassicServiceRolePolicy","AWSElasticLoadBalancingServiceRolePolicy","AWSElementalMediaConvertFullAccess","AWSElementalMediaConvertReadOnly","AWSElementalMediaLiveFullAccess","AWSElementalMediaLiveReadOnly","AWSElementalMediaPackageFullAccess","AWSElementalMediaPackageReadOnly","AWSElementalMediaPackageV2FullAccess","AWSElementalMediaPackageV2ReadOnly","AWSElementalMediaStoreFullAccess","AWSElementalMediaStoreReadOnly","AWSElementalMediaTailorFullAccess","AWSElementalMediaTailorReadOnly","AWSEnhancedClassicNetworkingMangementPolicy","AWSEntityResolutionConsoleFullAccess","AWSEntityResolutionConsoleReadOnlyAccess","AWSFaultInjectionSimulatorEC2Access","AWSFaultInjectionSimulatorECSAccess","AWSFaultInjectionSimulatorEKSAccess","AWSFaultInjectionSimulatorNetworkAccess","AWSFaultInjectionSimulatorRDSAccess","AWSFaultInjectionSimulatorSSMAccess","AWSFinSpaceServiceRolePolicy","AWSFMAdminFullAccess","AWSFMAdminReadOnlyAccess","AWSFMMemberReadOnlyAccess","AWSForWordPressPluginPolicy","AWSGitSyncServiceRolePolicy","AWSGlobalAcceleratorSLRPolicy","AWSGlueConsoleFullAccess","AWSGlueConsoleSageMakerNotebookFullAccess","AwsGlueDataBrewFullAccessPolicy","AWSGlueDataBrewServiceRole","AWSGlueSchemaRegistryFullAccess","AWSGlueSchemaRegistryReadonlyAccess","AWSGlueServiceNotebookRole","AWSGlueServiceRole","AwsGlueSessionUserRestrictedNotebookPolicy","AwsGlueSessionUserRestrictedNotebookServiceRole","AwsGlueSessionUserRestrictedPolicy","AwsGlueSessionUserRestrictedServiceRole","AWSGrafanaAccountAdministrator","AWSGrafanaConsoleReadOnlyAccess","AWSGrafanaWorkspacePermissionManagement","AWSGrafanaWorkspacePermissionManagementV2","AWSGreengrassFullAccess","AWSGreengrassReadOnlyAccess","AWSGreengrassResourceAccessRolePolicy","AWSGroundStationAgentInstancePolicy","AWSHealth_EventProcessorServiceRolePolicy","AWSHealthFullAccess","AWSHealthImagingFullAccess","AWSHealthImagingReadOnlyAccess","AWSIAMIdentityCenterAllowListForIdentityContext","AWSIdentitySyncFullAccess","AWSIdentitySyncReadOnlyAccess","AWSImageBuilderFullAccess","AWSImageBuilderReadOnlyAccess","AWSImportExportFullAccess","AWSImportExportReadOnlyAccess","AWSIncidentManagerIncidentAccessServiceRolePolicy","AWSIncidentManagerResolverAccess","AWSIncidentManagerServiceRolePolicy","AWSIoT1ClickFullAccess","AWSIoT1ClickReadOnlyAccess","AWSIoTAnalyticsFullAccess","AWSIoTAnalyticsReadOnlyAccess","AWSIoTConfigAccess","AWSIoTConfigReadOnlyAccess","AWSIoTDataAccess","AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction","AWSIoTDeviceDefenderAudit","AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction","AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction","AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction","AWSIoTDeviceDefenderUpdateCACertMitigationAction","AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction","AWSIoTDeviceTesterForFreeRTOSFullAccess","AWSIoTDeviceTesterForGreengrassFullAccess","AWSIoTEventsFullAccess","AWSIoTEventsReadOnlyAccess","AWSIoTFleetHubFederationAccess","AWSIoTFleetwiseServiceRolePolicy","AWSIoTFullAccess","AWSIoTLogging","AWSIoTOTAUpdate","AWSIoTRuleActions","AWSIoTSiteWiseConsoleFullAccess","AWSIoTSiteWiseFullAccess","AWSIoTSiteWiseMonitorPortalAccess","AWSIoTSiteWiseMonitorServiceRolePolicy","AWSIoTSiteWiseReadOnlyAccess","AWSIoTThingsRegistration","AWSIoTTwinMakerServiceRolePolicy","AWSIoTWirelessDataAccess","AWSIoTWirelessFullAccess","AWSIoTWirelessFullPublishAccess","AWSIoTWirelessGatewayCertManager","AWSIoTWirelessLogging","AWSIoTWirelessReadOnlyAccess","AWSIPAMServiceRolePolicy","AWSIQContractServiceRolePolicy","AWSIQFullAccess","AWSIQPermissionServiceRolePolicy","AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy","AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy","AWSKeyManagementServicePowerUser","AWSLakeFormationCrossAccountManager","AWSLakeFormationDataAdmin","AWSLambda_FullAccess","AWSLambda_ReadOnlyAccess","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","AWSLambdaENIManagementAccess","AWSLambdaExecute","AWSLambdaInvocation-DynamoDB","AWSLambdaKinesisExecutionRole","AWSLambdaMSKExecutionRole","AWSLambdaReplicator","AWSLambdaRole","AWSLambdaSQSQueueExecutionRole","AWSLambdaVPCAccessExecutionRole","AWSLicenseManagerConsumptionPolicy","AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy","AWSLicenseManagerMasterAccountRolePolicy","AWSLicenseManagerMemberAccountRolePolicy","AWSLicenseManagerServiceRolePolicy","AWSLicenseManagerUserSubscriptionsServiceRolePolicy","AWSM2ServicePolicy","AWSManagedServices_ContactsServiceRolePolicy","AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy","AWSManagedServices_EventsServiceRolePolicy","AWSManagedServicesDeploymentToolkitPolicy","AWSMarketplaceAmiIngestion","AWSMarketplaceDeploymentServiceRolePolicy","AWSMarketplaceFullAccess","AWSMarketplaceGetEntitlements","AWSMarketplaceImageBuildFullAccess","AWSMarketplaceLicenseManagementServiceRolePolicy","AWSMarketplaceManageSubscriptions","AWSMarketplaceMeteringFullAccess","AWSMarketplaceMeteringRegisterUsage","AWSMarketplaceProcurementSystemAdminFullAccess","AWSMarketplacePurchaseOrdersServiceRolePolicy","AWSMarketplaceRead-only","AWSMarketplaceResaleAuthorizationServiceRolePolicy","AWSMarketplaceSellerFullAccess","AWSMarketplaceSellerProductsFullAccess","AWSMarketplaceSellerProductsReadOnly","AWSMediaConnectServicePolicy","AWSMediaTailorServiceRolePolicy","AWSMigrationHubDiscoveryAccess","AWSMigrationHubDMSAccess","AWSMigrationHubFullAccess","AWSMigrationHubOrchestratorConsoleFullAccess","AWSMigrationHubOrchestratorInstanceRolePolicy","AWSMigrationHubOrchestratorPlugin","AWSMigrationHubOrchestratorServiceRolePolicy","AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess","AWSMigrationHubRefactorSpaces-SSMAutomationPolicy","AWSMigrationHubRefactorSpacesFullAccess","AWSMigrationHubRefactorSpacesServiceRolePolicy","AWSMigrationHubSMSAccess","AWSMigrationHubStrategyCollector","AWSMigrationHubStrategyConsoleFullAccess","AWSMigrationHubStrategyServiceRolePolicy","AWSMSKReplicatorExecutionRole","AWSNetworkFirewallServiceRolePolicy","AWSNetworkManagerCloudWANServiceRolePolicy","AWSNetworkManagerFullAccess","AWSNetworkManagerReadOnlyAccess","AWSNetworkManagerServiceRolePolicy","AWSOpsWorks_FullAccess","AWSOpsWorksCloudWatchLogs","AWSOpsWorksCMInstanceProfileRole","AWSOpsWorksCMServiceRole","AWSOpsWorksInstanceRegistration","AWSOpsWorksRegisterCLI_EC2","AWSOpsWorksRegisterCLI_OnPremises","AWSOrganizationsFullAccess","AWSOrganizationsReadOnlyAccess","AWSOrganizationsServiceTrustPolicy","AWSOutpostsAuthorizeServerPolicy","AWSOutpostsServiceRolePolicy","AWSPanoramaApplianceRolePolicy","AWSPanoramaApplianceServiceRolePolicy","AWSPanoramaFullAccess","AWSPanoramaGreengrassGroupRolePolicy","AWSPanoramaSageMakerRolePolicy","AWSPanoramaServiceLinkedRolePolicy","AWSPanoramaServiceRolePolicy","AWSPriceListServiceFullAccess","AWSPrivateCAAuditor","AWSPrivateCAFullAccess","AWSPrivateCAPrivilegedUser","AWSPrivateCAReadOnly","AWSPrivateCAUser","AWSPrivateMarketplaceAdminFullAccess","AWSPrivateMarketplaceRequests","AWSPrivateNetworksServiceRolePolicy","AWSProtonCodeBuildProvisioningBasicAccess","AWSProtonCodeBuildProvisioningServiceRolePolicy","AWSProtonDeveloperAccess","AWSProtonFullAccess","AWSProtonReadOnlyAccess","AWSProtonServiceGitSyncServiceRolePolicy","AWSProtonSyncServiceRolePolicy","AWSPurchaseOrdersServiceRolePolicy","AWSQuickSetupCFGCPacksPermissionsBoundary","AWSQuickSetupDeploymentRolePolicy","AWSQuickSetupDevOpsGuruPermissionsBoundary","AWSQuickSetupDistributorPermissionsBoundary","AWSQuickSetupPatchPolicyBaselineAccess","AWSQuickSetupPatchPolicyDeploymentRolePolicy","AWSQuickSetupPatchPolicyPermissionsBoundary","AWSQuickSetupSchedulerPermissionsBoundary","AWSQuickSetupSSMHostMgmtPermissionsBoundary","AWSQuickSightAssetBundleExportPolicy","AWSQuickSightAssetBundleImportPolicy","AWSQuicksightAthenaAccess","AWSQuickSightDescribeRDS","AWSQuickSightDescribeRedshift","AWSQuickSightElasticsearchPolicy","AWSQuickSightIoTAnalyticsAccess","AWSQuickSightListIAM","AWSQuicksightOpenSearchPolicy","AWSQuickSightSageMakerPolicy","AWSQuickSightTimestreamPolicy","AWSReachabilityAnalyzerServiceRolePolicy","AWSRefactoringToolkitFullAccess","AWSRefactoringToolkitSidecarPolicy","AWSrePostPrivateCloudWatchAccess","AWSRepostSpaceSupportOperationsPolicy","AWSResilienceHubAsssessmentExecutionPolicy","AWSResourceAccessManagerFullAccess","AWSResourceAccessManagerReadOnlyAccess","AWSResourceAccessManagerResourceShareParticipantAccess","AWSResourceAccessManagerServiceRolePolicy","AWSResourceExplorerFullAccess","AWSResourceExplorerOrganizationsAccess","AWSResourceExplorerReadOnlyAccess","AWSResourceExplorerServiceRolePolicy","AWSResourceGroupsReadOnlyAccess","AWSRoboMaker_FullAccess","AWSRoboMakerReadOnlyAccess","AWSRoboMakerServicePolicy","AWSRoboMakerServiceRolePolicy","AWSRolesAnywhereServicePolicy","AWSS3OnOutpostsServiceRolePolicy","AWSSavingsPlansFullAccess","AWSSavingsPlansReadOnlyAccess","AWSSecurityHubFullAccess","AWSSecurityHubOrganizationsAccess","AWSSecurityHubReadOnlyAccess","AWSSecurityHubServiceRolePolicy","AWSServiceCatalogAdminFullAccess","AWSServiceCatalogAdminReadOnlyAccess","AWSServiceCatalogAppRegistryFullAccess","AWSServiceCatalogAppRegistryReadOnlyAccess","AWSServiceCatalogAppRegistryServiceRolePolicy","AWSServiceCatalogEndUserFullAccess","AWSServiceCatalogEndUserReadOnlyAccess","AWSServiceCatalogOrgsDataSyncServiceRolePolicy","AWSServiceCatalogSyncServiceRolePolicy","AWSServiceRoleForAmazonEKSNodegroup","AWSServiceRoleForAmazonQDeveloper","AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy","AWSServiceRoleForCloudWatchMetrics_DbPerfInsightsServiceRolePolicy","AWSServiceRoleForCodeGuru-Profiler","AWSServiceRoleForCodeWhispererPolicy","AWSServiceRoleForEC2ScheduledInstances","AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy","AWSServiceRoleForImageBuilder","AWSServiceRoleForIoTSiteWise","AWSServiceRoleForLogDeliveryPolicy","AWSServiceRoleForMonitronPolicy","AWSServiceRoleForNeptuneGraphPolicy","AWSServiceRoleForPrivateMarketplaceAdminPolicy","AWSServiceRoleForSMS","AWSServiceRoleForUserSubscriptions","AWSServiceRolePolicyForBackupReports","AWSServiceRolePolicyForBackupRestoreTesting","AWSShieldDRTAccessPolicy","AWSShieldServiceRolePolicy","AWSSSMForSAPServiceLinkedRolePolicy","AWSSSMOpsInsightsServiceRolePolicy","AWSSSODirectoryAdministrator","AWSSSODirectoryReadOnly","AWSSSOMasterAccountAdministrator","AWSSSOMemberAccountAdministrator","AWSSSOReadOnly","AWSSSOServiceRolePolicy","AWSStepFunctionsConsoleFullAccess","AWSStepFunctionsFullAccess","AWSStepFunctionsReadOnlyAccess","AWSStorageGatewayFullAccess","AWSStorageGatewayReadOnlyAccess","AWSStorageGatewayServiceRolePolicy","AWSSupplyChainFederationAdminAccess","AWSSupportAccess","AWSSupportAppFullAccess","AWSSupportAppReadOnlyAccess","AWSSupportPlansFullAccess","AWSSupportPlansReadOnlyAccess","AWSSupportServiceRolePolicy","AWSSystemsManagerAccountDiscoveryServicePolicy","AWSSystemsManagerChangeManagementServicePolicy","AWSSystemsManagerEnableConfigRecordingExecutionPolicy","AWSSystemsManagerEnableExplorerExecutionPolicy","AWSSystemsManagerForSAPFullAccess","AWSSystemsManagerForSAPReadOnlyAccess","AWSSystemsManagerOpsDataSyncServiceRolePolicy","AWSThinkboxAssetServerPolicy","AWSThinkboxAWSPortalAdminPolicy","AWSThinkboxAWSPortalGatewayPolicy","AWSThinkboxAWSPortalWorkerPolicy","AWSThinkboxDeadlineResourceTrackerAccessPolicy","AWSThinkboxDeadlineResourceTrackerAdminPolicy","AWSThinkboxDeadlineSpotEventPluginAdminPolicy","AWSThinkboxDeadlineSpotEventPluginWorkerPolicy","AWSTransferConsoleFullAccess","AWSTransferFullAccess","AWSTransferLoggingAccess","AWSTransferReadOnlyAccess","AWSTrustedAdvisorPriorityFullAccess","AWSTrustedAdvisorPriorityReadOnlyAccess","AWSTrustedAdvisorReportingServiceRolePolicy","AWSTrustedAdvisorServiceRolePolicy","AWSUserNotificationsServiceLinkedRolePolicy","AWSVendorInsightsAssessorFullAccess","AWSVendorInsightsAssessorReadOnly","AWSVendorInsightsVendorFullAccess","AWSVendorInsightsVendorReadOnly","AWSVpcLatticeServiceRolePolicy","AWSVPCS2SVpnServiceRolePolicy","AWSVPCTransitGatewayServiceRolePolicy","AWSVPCVerifiedAccessServiceRolePolicy","AWSWAFConsoleFullAccess","AWSWAFConsoleReadOnlyAccess","AWSWAFFullAccess","AWSWAFReadOnlyAccess","AWSWellArchitectedDiscoveryServiceRolePolicy","AWSWellArchitectedOrganizationsServiceRolePolicy","AWSWickrFullAccess","AWSXrayCrossAccountSharingConfiguration","AWSXRayDaemonWriteAccess","AWSXrayFullAccess","AWSXrayReadOnlyAccess","AWSXrayWriteOnlyAccess","AWSZonalAutoshiftPracticeRunSLRPolicy","BatchServiceRolePolicy","Billing","CertificateManagerServiceRolePolicy","ClientVPNServiceConnectionsRolePolicy","ClientVPNServiceRolePolicy","CloudFormationStackSetsOrgAdminServiceRolePolicy","CloudFormationStackSetsOrgMemberServiceRolePolicy","CloudFrontFullAccess","CloudFrontReadOnlyAccess","CloudHSMServiceRolePolicy","CloudSearchFullAccess","CloudSearchReadOnlyAccess","CloudTrailServiceRolePolicy","CloudWatch-CrossAccountAccess","CloudWatchActionsEC2Access","CloudWatchAgentAdminPolicy","CloudWatchAgentServerPolicy","CloudWatchApplicationInsightsFullAccess","CloudWatchApplicationInsightsReadOnlyAccess","CloudwatchApplicationInsightsServiceLinkedRolePolicy","CloudWatchApplicationSignalsFullAccess","CloudWatchApplicationSignalsReadOnlyAccess","CloudWatchApplicationSignalsServiceRolePolicy","CloudWatchAutomaticDashboardsAccess","CloudWatchCrossAccountSharingConfiguration","CloudWatchEventsBuiltInTargetExecutionAccess","CloudWatchEventsFullAccess","CloudWatchEventsInvocationAccess","CloudWatchEventsReadOnlyAccess","CloudWatchEventsServiceRolePolicy","CloudWatchFullAccess","CloudWatchFullAccessV2","CloudWatchInternetMonitorServiceRolePolicy","CloudWatchLambdaInsightsExecutionRolePolicy","CloudWatchLogsCrossAccountSharingConfiguration","CloudWatchLogsFullAccess","CloudWatchLogsReadOnlyAccess","CloudWatchNetworkMonitorServiceRolePolicy","CloudWatchReadOnlyAccess","CloudWatchSyntheticsFullAccess","CloudWatchSyntheticsReadOnlyAccess","ComprehendDataAccessRolePolicy","ComprehendFullAccess","ComprehendMedicalFullAccess","ComprehendReadOnly","ComputeOptimizerReadOnlyAccess","ComputeOptimizerServiceRolePolicy","ConfigConformsServiceRolePolicy","CostOptimizationHubAdminAccess","CostOptimizationHubReadOnlyAccess","CostOptimizationHubServiceRolePolicy","CustomerProfilesServiceLinkedRolePolicy","DatabaseAdministrator","DataScientist","DAXServiceRolePolicy","DynamoDBCloudWatchContributorInsightsServiceRolePolicy","DynamoDBKinesisReplicationServiceRolePolicy","DynamoDBReplicationServiceRolePolicy","EC2FastLaunchFullAccess","EC2FastLaunchServiceRolePolicy","EC2FleetTimeShiftableServiceRolePolicy","Ec2ImageBuilderCrossAccountDistributionAccess","EC2ImageBuilderLifecycleExecutionPolicy","EC2InstanceConnect","Ec2InstanceConnectEndpoint","EC2InstanceProfileForImageBuilder","EC2InstanceProfileForImageBuilderECRContainerBuilds","ECRReplicationServiceRolePolicy","ECRTemplateServiceRolePolicy","ElastiCacheServiceRolePolicy","ElasticLoadBalancingFullAccess","ElasticLoadBalancingReadOnly","ElementalActivationsDownloadSoftwareAccess","ElementalActivationsFullAccess","ElementalActivationsGenerateLicenses","ElementalActivationsReadOnlyAccess","ElementalAppliancesSoftwareFullAccess","ElementalAppliancesSoftwareReadOnlyAccess","ElementalSupportCenterFullAccess","EMRDescribeClusterPolicyForEMRWAL","FMSServiceRolePolicy","FSxDeleteServiceLinkedRoleAccess","GameLiftGameServerGroupPolicy","GlobalAcceleratorFullAccess","GlobalAcceleratorReadOnlyAccess","GreengrassOTAUpdateArtifactAccess","GroundTruthSyntheticConsoleFullAccess","GroundTruthSyntheticConsoleReadOnlyAccess","Health_OrganizationsServiceRolePolicy","IAMAccessAdvisorReadOnly","IAMAccessAnalyzerFullAccess","IAMAccessAnalyzerReadOnlyAccess","IAMFullAccess","IAMReadOnlyAccess","IAMSelfManageServiceSpecificCredentials","IAMUserChangePassword","IAMUserSSHKeys","IVSFullAccess","IVSReadOnlyAccess","IVSRecordToS3","KafkaConnectServiceRolePolicy","KafkaServiceRolePolicy","KeyspacesReplicationServiceRolePolicy","LakeFormationDataAccessServiceRolePolicy","LexBotPolicy","LexChannelPolicy","LightsailExportAccess","MediaConnectGatewayInstanceRolePolicy","MediaPackageServiceRolePolicy","MemoryDBServiceRolePolicy","MigrationHubDMSAccessServiceRolePolicy","MigrationHubServiceRolePolicy","MigrationHubSMSAccessServiceRolePolicy","MonitronServiceRolePolicy","NeptuneConsoleFullAccess","NeptuneFullAccess","NeptuneGraphReadOnlyAccess","NeptuneReadOnlyAccess","NetworkAdministrator","OAMFullAccess","OAMReadOnlyAccess","OpensearchIngestionSelfManagedVpcePolicy","PartnerCentralAccountManagementUserRoleAssociation","PowerUserAccess","QBusinessServiceRolePolicy","QuickSightAccessForS3StorageManagementAnalyticsReadOnly","RDSCloudHsmAuthorizationRole","ReadOnlyAccess","ResourceGroupsandTagEditorFullAccess","ResourceGroupsandTagEditorReadOnlyAccess","ResourceGroupsServiceRolePolicy","ROSAAmazonEBSCSIDriverOperatorPolicy","ROSACloudNetworkConfigOperatorPolicy","ROSAControlPlaneOperatorPolicy","ROSAImageRegistryOperatorPolicy","ROSAIngressOperatorPolicy","ROSAInstallerPolicy","ROSAKMSProviderPolicy","ROSAKubeControllerPolicy","ROSAManageSubscription","ROSANodePoolManagementPolicy","ROSASRESupportPolicy","ROSAWorkerInstancePolicy","Route53RecoveryReadinessServiceRolePolicy","Route53ResolverServiceRolePolicy","S3StorageLensServiceRolePolicy","SecretsManagerReadWrite","SecurityAudit","SecurityLakeServiceLinkedRole","ServerMigration_ServiceRole","ServerMigrationConnector","ServerMigrationServiceConsoleFullAccess","ServerMigrationServiceLaunchRole","ServerMigrationServiceRoleForInstanceValidation","ServiceQuotasFullAccess","ServiceQuotasReadOnlyAccess","ServiceQuotasServiceRolePolicy","SimpleWorkflowFullAccess","SplitCostAllocationDataServiceRolePolicy","SSMQuickSetupRolePolicy","SupportUser","SystemAdministrator","TranslateFullAccess","TranslateReadOnly","ViewOnlyAccess","VMImportExportRoleForAWSConnector","VPCLatticeFullAccess","VPCLatticeReadOnlyAccess","VPCLatticeServicesInvokeAccess","WAFLoggingServiceRolePolicy","WAFRegionalLoggingServiceRolePolicy","WAFV2LoggingServiceRolePolicy","WellArchitectedConsoleFullAccess","WellArchitectedConsoleReadOnlyAccess","WorkLinkServiceRolePolicy"] \ No newline at end of file +["AccessAnalyzerServiceRolePolicy","AdministratorAccess","AdministratorAccess-Amplify","AdministratorAccess-AWSElasticBeanstalk","AlexaForBusinessDeviceSetup","AlexaForBusinessFullAccess","AlexaForBusinessGatewayExecution","AlexaForBusinessLifesizeDelegatedAccessPolicy","AlexaForBusinessNetworkProfileServicePolicy","AlexaForBusinessPolyDelegatedAccessPolicy","AlexaForBusinessReadOnlyAccess","AmazonAPIGatewayAdministrator","AmazonAPIGatewayInvokeFullAccess","AmazonAPIGatewayPushToCloudWatchLogs","AmazonAppFlowFullAccess","AmazonAppFlowReadOnlyAccess","AmazonAppStreamFullAccess","AmazonAppStreamPCAAccess","AmazonAppStreamReadOnlyAccess","AmazonAppStreamServiceAccess","AmazonAthenaFullAccess","AmazonAugmentedAIFullAccess","AmazonAugmentedAIHumanLoopFullAccess","AmazonAugmentedAIIntegratedAPIAccess","AmazonBedrockFullAccess","AmazonBedrockReadOnly","AmazonBedrockStudioPermissionsBoundary","AmazonBraketFullAccess","AmazonBraketJobsExecutionPolicy","AmazonBraketServiceRolePolicy","AmazonChimeFullAccess","AmazonChimeReadOnly","AmazonChimeSDK","AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy","AmazonChimeSDKMessagingServiceRolePolicy","AmazonChimeServiceRolePolicy","AmazonChimeTranscriptionServiceLinkedRolePolicy","AmazonChimeUserManagement","AmazonChimeVoiceConnectorServiceLinkedRolePolicy","AmazonCloudDirectoryFullAccess","AmazonCloudDirectoryReadOnlyAccess","AmazonCloudWatchEvidentlyFullAccess","AmazonCloudWatchEvidentlyReadOnlyAccess","AmazonCloudWatchEvidentlyServiceRolePolicy","AmazonCloudWatchRUMFullAccess","AmazonCloudWatchRUMReadOnlyAccess","AmazonCloudWatchRUMServiceRolePolicy","AmazonCodeCatalystFullAccess","AmazonCodeCatalystReadOnlyAccess","AmazonCodeCatalystSupportAccess","AmazonCodeGuruProfilerAgentAccess","AmazonCodeGuruProfilerFullAccess","AmazonCodeGuruProfilerReadOnlyAccess","AmazonCodeGuruReviewerFullAccess","AmazonCodeGuruReviewerReadOnlyAccess","AmazonCodeGuruReviewerServiceRolePolicy","AmazonCodeGuruSecurityFullAccess","AmazonCodeGuruSecurityScanAccess","AmazonCognitoDeveloperAuthenticatedIdentities","AmazonCognitoIdpEmailServiceRolePolicy","AmazonCognitoIdpServiceRolePolicy","AmazonCognitoPowerUser","AmazonCognitoReadOnly","AmazonCognitoUnAuthedIdentitiesSessionPolicy","AmazonCognitoUnauthenticatedIdentities","AmazonConnect_FullAccess","AmazonConnectCampaignsServiceLinkedRolePolicy","AmazonConnectReadOnlyAccess","AmazonConnectServiceLinkedRolePolicy","AmazonConnectSynchronizationServiceRolePolicy","AmazonConnectVoiceIDFullAccess","AmazonDataZoneDomainExecutionRolePolicy","AmazonDataZoneEnvironmentRolePermissionsBoundary","AmazonDataZoneFullAccess","AmazonDataZoneFullUserAccess","AmazonDataZoneGlueManageAccessRolePolicy","AmazonDataZoneRedshiftGlueProvisioningPolicy","AmazonDataZoneRedshiftManageAccessRolePolicy","AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary","AmazonDataZoneSageMakerManageAccessRolePolicy","AmazonDataZoneSageMakerProvisioningRolePolicy","AmazonDetectiveFullAccess","AmazonDetectiveInvestigatorAccess","AmazonDetectiveMemberAccess","AmazonDetectiveOrganizationsAccess","AmazonDetectiveServiceLinkedRolePolicy","AmazonDevOpsGuruConsoleFullAccess","AmazonDevOpsGuruFullAccess","AmazonDevOpsGuruOrganizationsAccess","AmazonDevOpsGuruReadOnlyAccess","AmazonDevOpsGuruServiceRolePolicy","AmazonDMSCloudWatchLogsRole","AmazonDMSRedshiftS3Role","AmazonDMSVPCManagementRole","AmazonDocDB-ElasticServiceRolePolicy","AmazonDocDBConsoleFullAccess","AmazonDocDBElasticFullAccess","AmazonDocDBElasticReadOnlyAccess","AmazonDocDBFullAccess","AmazonDocDBReadOnlyAccess","AmazonDRSVPCManagement","AmazonDynamoDBFullAccess","AmazonDynamoDBFullAccesswithDataPipeline","AmazonDynamoDBReadOnlyAccess","AmazonEBSCSIDriverPolicy","AmazonEC2ContainerRegistryFullAccess","AmazonEC2ContainerRegistryPowerUser","AmazonEC2ContainerRegistryPullOnly","AmazonEC2ContainerRegistryReadOnly","AmazonEC2ContainerServiceAutoscaleRole","AmazonEC2ContainerServiceEventsRole","AmazonEC2ContainerServiceforEC2Role","AmazonEC2ContainerServiceRole","AmazonEC2FullAccess","AmazonEC2ReadOnlyAccess","AmazonEC2RoleforAWSCodeDeploy","AmazonEC2RoleforAWSCodeDeployLimited","AmazonEC2RoleforDataPipelineRole","AmazonEC2RoleforSSM","AmazonEC2RolePolicyForLaunchWizard","AmazonEC2SpotFleetAutoscaleRole","AmazonEC2SpotFleetTaggingRole","AmazonECS_FullAccess","AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity","AmazonECSInfrastructureRolePolicyForVolumes","AmazonECSServiceRolePolicy","AmazonECSTaskExecutionRolePolicy","AmazonEFSCSIDriverPolicy","AmazonEKS_CNI_Policy","AmazonEKSBlockStoragePolicy","AmazonEKSClusterPolicy","AmazonEKSComputePolicy","AmazonEKSConnectorServiceRolePolicy","AmazonEKSFargatePodExecutionRolePolicy","AmazonEKSForFargateServiceRolePolicy","AmazonEKSLoadBalancingPolicy","AmazonEKSLocalOutpostClusterPolicy","AmazonEKSLocalOutpostServiceRolePolicy","AmazonEKSNetworkingPolicy","AmazonEKSServicePolicy","AmazonEKSServiceRolePolicy","AmazonEKSVPCResourceController","AmazonEKSWorkerNodeMinimalPolicy","AmazonEKSWorkerNodePolicy","AmazonElastiCacheFullAccess","AmazonElastiCacheReadOnlyAccess","AmazonElasticContainerRegistryPublicFullAccess","AmazonElasticContainerRegistryPublicPowerUser","AmazonElasticContainerRegistryPublicReadOnly","AmazonElasticFileSystemClientFullAccess","AmazonElasticFileSystemClientReadOnlyAccess","AmazonElasticFileSystemClientReadWriteAccess","AmazonElasticFileSystemFullAccess","AmazonElasticFileSystemReadOnlyAccess","AmazonElasticFileSystemServiceRolePolicy","AmazonElasticFileSystemsUtils","AmazonElasticMapReduceEditorsRole","AmazonElasticMapReduceforAutoScalingRole","AmazonElasticMapReduceforEC2Role","AmazonElasticMapReduceFullAccess","AmazonElasticMapReducePlacementGroupPolicy","AmazonElasticMapReduceReadOnlyAccess","AmazonElasticMapReduceRole","AmazonElasticsearchServiceRolePolicy","AmazonElasticTranscoder_FullAccess","AmazonElasticTranscoder_JobsSubmitter","AmazonElasticTranscoder_ReadOnlyAccess","AmazonElasticTranscoderRole","AmazonEMRCleanupPolicy","AmazonEMRContainersServiceRolePolicy","AmazonEMRFullAccessPolicy_v2","AmazonEMRReadOnlyAccessPolicy_v2","AmazonEMRServerlessServiceRolePolicy","AmazonEMRServicePolicy_v2","AmazonESCognitoAccess","AmazonESFullAccess","AmazonESReadOnlyAccess","AmazonEventBridgeApiDestinationsServiceRolePolicy","AmazonEventBridgeFullAccess","AmazonEventBridgePipesFullAccess","AmazonEventBridgePipesOperatorAccess","AmazonEventBridgePipesReadOnlyAccess","AmazonEventBridgeReadOnlyAccess","AmazonEventBridgeSchedulerFullAccess","AmazonEventBridgeSchedulerReadOnlyAccess","AmazonEventBridgeSchemasFullAccess","AmazonEventBridgeSchemasReadOnlyAccess","AmazonEventBridgeSchemasServiceRolePolicy","AmazonFISServiceRolePolicy","AmazonForecastFullAccess","AmazonFraudDetectorFullAccessPolicy","AmazonFreeRTOSFullAccess","AmazonFreeRTOSOTAUpdate","AmazonFSxConsoleFullAccess","AmazonFSxConsoleReadOnlyAccess","AmazonFSxFullAccess","AmazonFSxReadOnlyAccess","AmazonFSxServiceRolePolicy","AmazonGlacierFullAccess","AmazonGlacierReadOnlyAccess","AmazonGrafanaAthenaAccess","AmazonGrafanaCloudWatchAccess","AmazonGrafanaRedshiftAccess","AmazonGrafanaServiceLinkedRolePolicy","AmazonGuardDutyFullAccess","AmazonGuardDutyMalwareProtectionServiceRolePolicy","AmazonGuardDutyReadOnlyAccess","AmazonGuardDutyServiceRolePolicy","AmazonHealthLakeFullAccess","AmazonHealthLakeReadOnlyAccess","AmazonHoneycodeFullAccess","AmazonHoneycodeReadOnlyAccess","AmazonHoneycodeServiceRolePolicy","AmazonHoneycodeTeamAssociationFullAccess","AmazonHoneycodeTeamAssociationReadOnlyAccess","AmazonHoneycodeWorkbookFullAccess","AmazonHoneycodeWorkbookReadOnlyAccess","AmazonInspector2AgentlessServiceRolePolicy","AmazonInspector2FullAccess","AmazonInspector2ManagedCisPolicy","AmazonInspector2ReadOnlyAccess","AmazonInspector2ServiceRolePolicy","AmazonInspectorFullAccess","AmazonInspectorReadOnlyAccess","AmazonInspectorServiceRolePolicy","AmazonKendraFullAccess","AmazonKendraReadOnlyAccess","AmazonKeyspacesFullAccess","AmazonKeyspacesReadOnlyAccess","AmazonKeyspacesReadOnlyAccess_v2","AmazonKinesisAnalyticsFullAccess","AmazonKinesisAnalyticsReadOnly","AmazonKinesisFirehoseFullAccess","AmazonKinesisFirehoseReadOnlyAccess","AmazonKinesisFullAccess","AmazonKinesisReadOnlyAccess","AmazonKinesisVideoStreamsFullAccess","AmazonKinesisVideoStreamsReadOnlyAccess","AmazonLaunchWizardFullAccessV2","AmazonLexChannelsAccess","AmazonLexFullAccess","AmazonLexReadOnly","AmazonLexReplicationPolicy","AmazonLexRunBotsOnly","AmazonLexV2BotPolicy","AmazonLookoutEquipmentFullAccess","AmazonLookoutEquipmentReadOnlyAccess","AmazonLookoutMetricsFullAccess","AmazonLookoutMetricsReadOnlyAccess","AmazonLookoutVisionConsoleFullAccess","AmazonLookoutVisionConsoleReadOnlyAccess","AmazonLookoutVisionFullAccess","AmazonLookoutVisionReadOnlyAccess","AmazonMachineLearningBatchPredictionsAccess","AmazonMachineLearningCreateOnlyAccess","AmazonMachineLearningFullAccess","AmazonMachineLearningManageRealTimeEndpointOnlyAccess","AmazonMachineLearningReadOnlyAccess","AmazonMachineLearningRealTimePredictionOnlyAccess","AmazonMachineLearningRoleforRedshiftDataSourceV3","AmazonMacieFullAccess","AmazonMacieHandshakeRole","AmazonMacieReadOnlyAccess","AmazonMacieServiceRole","AmazonMacieServiceRolePolicy","AmazonManagedBlockchainConsoleFullAccess","AmazonManagedBlockchainFullAccess","AmazonManagedBlockchainReadOnlyAccess","AmazonManagedBlockchainServiceRolePolicy","AmazonMCSFullAccess","AmazonMCSReadOnlyAccess","AmazonMechanicalTurkFullAccess","AmazonMechanicalTurkReadOnly","AmazonMemoryDBFullAccess","AmazonMemoryDBReadOnlyAccess","AmazonMobileAnalyticsFinancialReportAccess","AmazonMobileAnalyticsFullAccess","AmazonMobileAnalyticsNon-financialReportAccess","AmazonMobileAnalyticsWriteOnlyAccess","AmazonMonitronFullAccess","AmazonMQApiFullAccess","AmazonMQApiReadOnlyAccess","AmazonMQFullAccess","AmazonMQReadOnlyAccess","AmazonMQServiceRolePolicy","AmazonMSKConnectReadOnlyAccess","AmazonMSKFullAccess","AmazonMSKReadOnlyAccess","AmazonMWAAServiceRolePolicy","AmazonNimbleStudio-LaunchProfileWorker","AmazonNimbleStudio-StudioAdmin","AmazonNimbleStudio-StudioUser","AmazonOmicsFullAccess","AmazonOmicsReadOnlyAccess","AmazonOneEnterpriseFullAccess","AmazonOneEnterpriseInstallerAccess","AmazonOneEnterpriseReadOnlyAccess","AmazonOpenSearchDashboardsServiceRolePolicy","AmazonOpenSearchDirectQueryGlueCreateAccess","AmazonOpenSearchIngestionFullAccess","AmazonOpenSearchIngestionReadOnlyAccess","AmazonOpenSearchIngestionServiceRolePolicy","AmazonOpenSearchServerlessServiceRolePolicy","AmazonOpenSearchServiceCognitoAccess","AmazonOpenSearchServiceFullAccess","AmazonOpenSearchServiceReadOnlyAccess","AmazonOpenSearchServiceRolePolicy","AmazonPersonalizeFullAccess","AmazonPollyFullAccess","AmazonPollyReadOnlyAccess","AmazonPrometheusConsoleFullAccess","AmazonPrometheusFullAccess","AmazonPrometheusQueryAccess","AmazonPrometheusRemoteWriteAccess","AmazonPrometheusScraperServiceRolePolicy","AmazonQDeveloperAccess","AmazonQFullAccess","AmazonQLDBConsoleFullAccess","AmazonQLDBFullAccess","AmazonQLDBReadOnly","AmazonRDSBetaServiceRolePolicy","AmazonRDSCustomInstanceProfileRolePolicy","AmazonRDSCustomPreviewServiceRolePolicy","AmazonRDSCustomServiceRolePolicy","AmazonRDSDataFullAccess","AmazonRDSDirectoryServiceAccess","AmazonRDSEnhancedMonitoringRole","AmazonRDSFullAccess","AmazonRDSPerformanceInsightsFullAccess","AmazonRDSPerformanceInsightsReadOnly","AmazonRDSPreviewServiceRolePolicy","AmazonRDSReadOnlyAccess","AmazonRDSServiceRolePolicy","AmazonRedshiftAllCommandsFullAccess","AmazonRedshiftDataFullAccess","AmazonRedshiftFullAccess","AmazonRedshiftQueryEditor","AmazonRedshiftQueryEditorV2FullAccess","AmazonRedshiftQueryEditorV2NoSharing","AmazonRedshiftQueryEditorV2ReadSharing","AmazonRedshiftQueryEditorV2ReadWriteSharing","AmazonRedshiftReadOnlyAccess","AmazonRedshiftServiceLinkedRolePolicy","AmazonRekognitionCustomLabelsFullAccess","AmazonRekognitionFullAccess","AmazonRekognitionReadOnlyAccess","AmazonRekognitionServiceRole","AmazonRoute53AutoNamingFullAccess","AmazonRoute53AutoNamingReadOnlyAccess","AmazonRoute53AutoNamingRegistrantAccess","AmazonRoute53DomainsFullAccess","AmazonRoute53DomainsReadOnlyAccess","AmazonRoute53FullAccess","AmazonRoute53ProfilesFullAccess","AmazonRoute53ProfilesReadOnlyAccess","AmazonRoute53ReadOnlyAccess","AmazonRoute53RecoveryClusterFullAccess","AmazonRoute53RecoveryClusterReadOnlyAccess","AmazonRoute53RecoveryControlConfigFullAccess","AmazonRoute53RecoveryControlConfigReadOnlyAccess","AmazonRoute53RecoveryReadinessFullAccess","AmazonRoute53RecoveryReadinessReadOnlyAccess","AmazonRoute53ResolverFullAccess","AmazonRoute53ResolverReadOnlyAccess","AmazonS3FullAccess","AmazonS3ObjectLambdaExecutionRolePolicy","AmazonS3OutpostsFullAccess","AmazonS3OutpostsReadOnlyAccess","AmazonS3ReadOnlyAccess","AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy","AmazonSageMakerCanvasAIServicesAccess","AmazonSageMakerCanvasBedrockAccess","AmazonSageMakerCanvasDataPrepFullAccess","AmazonSageMakerCanvasDirectDeployAccess","AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy","AmazonSageMakerCanvasForecastAccess","AmazonSageMakerCanvasFullAccess","AmazonSageMakerClusterInstanceRolePolicy","AmazonSageMakerCoreServiceRolePolicy","AmazonSageMakerEdgeDeviceFleetPolicy","AmazonSageMakerFeatureStoreAccess","AmazonSageMakerFullAccess","AmazonSageMakerGeospatialExecutionRole","AmazonSageMakerGeospatialFullAccess","AmazonSageMakerGroundTruthExecution","AmazonSageMakerHyperPodServiceRolePolicy","AmazonSageMakerMechanicalTurkAccess","AmazonSageMakerModelGovernanceUseAccess","AmazonSageMakerModelRegistryFullAccess","AmazonSageMakerNotebooksServiceRolePolicy","AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy","AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy","AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy","AmazonSageMakerPipelinesIntegrations","AmazonSageMakerReadOnly","AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy","AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy","AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy","AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy","AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy","AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy","AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy","AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy","AmazonSecurityLakeAdministrator","AmazonSecurityLakeMetastoreManager","AmazonSecurityLakePermissionsBoundary","AmazonSESFullAccess","AmazonSESReadOnlyAccess","AmazonSESServiceRolePolicy","AmazonSNSFullAccess","AmazonSNSReadOnlyAccess","AmazonSNSRole","AmazonSQSFullAccess","AmazonSQSReadOnlyAccess","AmazonSSMAutomationApproverAccess","AmazonSSMAutomationRole","AmazonSSMDirectoryServiceAccess","AmazonSSMFullAccess","AmazonSSMMaintenanceWindowRole","AmazonSSMManagedEC2InstanceDefaultPolicy","AmazonSSMManagedInstanceCore","AmazonSSMPatchAssociation","AmazonSSMReadOnlyAccess","AmazonSSMServiceRolePolicy","AmazonTextractFullAccess","AmazonTextractServiceRole","AmazonTimestreamConsoleFullAccess","AmazonTimestreamFullAccess","AmazonTimestreamInfluxDBFullAccess","AmazonTimestreamInfluxDBServiceRolePolicy","AmazonTimestreamReadOnlyAccess","AmazonTranscribeFullAccess","AmazonTranscribeReadOnlyAccess","AmazonVerifiedPermissionsFullAccess","AmazonVerifiedPermissionsReadOnlyAccess","AmazonVPCCrossAccountNetworkInterfaceOperations","AmazonVPCFullAccess","AmazonVPCNetworkAccessAnalyzerFullAccessPolicy","AmazonVPCReachabilityAnalyzerFullAccessPolicy","AmazonVPCReachabilityAnalyzerPathComponentReadPolicy","AmazonVPCReadOnlyAccess","AmazonWorkDocsFullAccess","AmazonWorkDocsReadOnlyAccess","AmazonWorkMailEventsServiceRolePolicy","AmazonWorkMailFullAccess","AmazonWorkMailMessageFlowFullAccess","AmazonWorkMailMessageFlowReadOnlyAccess","AmazonWorkMailReadOnlyAccess","AmazonWorkSpacesAdmin","AmazonWorkSpacesApplicationManagerAdminAccess","AmazonWorkspacesPCAAccess","AmazonWorkSpacesPoolServiceAccess","AmazonWorkSpacesSecureBrowserReadOnly","AmazonWorkSpacesSelfServiceAccess","AmazonWorkSpacesServiceAccess","AmazonWorkSpacesThinClientFullAccess","AmazonWorkSpacesThinClientReadOnlyAccess","AmazonWorkSpacesWebReadOnly","AmazonWorkSpacesWebServiceRolePolicy","AmazonZocaloFullAccess","AmazonZocaloReadOnlyAccess","AmplifyBackendDeployFullAccess","APIGatewayServiceRolePolicy","AppIntegrationsServiceLinkedRolePolicy","ApplicationAutoScalingForAmazonAppStreamAccess","ApplicationDiscoveryServiceContinuousExportServiceRolePolicy","AppRunnerNetworkingServiceRolePolicy","AppRunnerServiceRolePolicy","AppStudioServiceRolePolicy","AutoScalingConsoleFullAccess","AutoScalingConsoleReadOnlyAccess","AutoScalingFullAccess","AutoScalingNotificationAccessRole","AutoScalingReadOnlyAccess","AutoScalingServiceRolePolicy","AWS_ConfigRole","AWSAccountActivityAccess","AWSAccountManagementFullAccess","AWSAccountManagementReadOnlyAccess","AWSAccountUsageReportAccess","AWSAgentlessDiscoveryService","AWSAppFabricFullAccess","AWSAppFabricReadOnlyAccess","AWSAppFabricServiceRolePolicy","AWSApplicationAutoscalingAppStreamFleetPolicy","AWSApplicationAutoscalingCassandraTablePolicy","AWSApplicationAutoscalingComprehendEndpointPolicy","AWSApplicationAutoScalingCustomResourcePolicy","AWSApplicationAutoscalingDynamoDBTablePolicy","AWSApplicationAutoscalingEC2SpotFleetRequestPolicy","AWSApplicationAutoscalingECSServicePolicy","AWSApplicationAutoscalingElastiCacheRGPolicy","AWSApplicationAutoscalingEMRInstanceGroupPolicy","AWSApplicationAutoscalingKafkaClusterPolicy","AWSApplicationAutoscalingLambdaConcurrencyPolicy","AWSApplicationAutoscalingNeptuneClusterPolicy","AWSApplicationAutoscalingRDSClusterPolicy","AWSApplicationAutoscalingSageMakerEndpointPolicy","AWSApplicationAutoscalingWorkSpacesPoolPolicy","AWSApplicationDiscoveryAgentAccess","AWSApplicationDiscoveryAgentlessCollectorAccess","AWSApplicationDiscoveryServiceFullAccess","AWSApplicationMigrationAgentInstallationPolicy","AWSApplicationMigrationAgentPolicy","AWSApplicationMigrationAgentPolicy_v2","AWSApplicationMigrationConversionServerPolicy","AWSApplicationMigrationEC2Access","AWSApplicationMigrationFullAccess","AWSApplicationMigrationMGHAccess","AWSApplicationMigrationReadOnlyAccess","AWSApplicationMigrationReplicationServerPolicy","AWSApplicationMigrationServiceEc2InstancePolicy","AWSApplicationMigrationServiceRolePolicy","AWSApplicationMigrationSSMAccess","AWSApplicationMigrationVCenterClientPolicy","AWSAppMeshEnvoyAccess","AWSAppMeshFullAccess","AWSAppMeshPreviewEnvoyAccess","AWSAppMeshPreviewServiceRolePolicy","AWSAppMeshReadOnly","AWSAppMeshServiceRolePolicy","AWSAppRunnerFullAccess","AWSAppRunnerReadOnlyAccess","AWSAppRunnerServicePolicyForECRAccess","AWSAppSyncAdministrator","AWSAppSyncInvokeFullAccess","AWSAppSyncPushToCloudWatchLogs","AWSAppSyncSchemaAuthor","AWSAppSyncServiceRolePolicy","AWSArtifactAccountSync","AWSArtifactReportsReadOnlyAccess","AWSArtifactServiceRolePolicy","AWSAuditManagerAdministratorAccess","AWSAuditManagerServiceRolePolicy","AWSAutoScalingPlansEC2AutoScalingPolicy","AWSBackupAuditAccess","AWSBackupDataTransferAccess","AWSBackupFullAccess","AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync","AWSBackupOperatorAccess","AWSBackupOrganizationAdminAccess","AWSBackupRestoreAccessForSAPHANA","AWSBackupServiceLinkedRolePolicyForBackup","AWSBackupServiceLinkedRolePolicyForBackupTest","AWSBackupServiceRolePolicyForBackup","AWSBackupServiceRolePolicyForRestores","AWSBackupServiceRolePolicyForS3Backup","AWSBackupServiceRolePolicyForS3Restore","AWSBatchFullAccess","AWSBatchServiceEventTargetRole","AWSBatchServiceRole","AWSBCMDataExportsServiceRolePolicy","AWSBillingConductorFullAccess","AWSBillingConductorReadOnlyAccess","AWSBillingReadOnlyAccess","AWSBudgetsActions_RolePolicyForResourceAdministrationWithSSM","AWSBudgetsActionsWithAWSResourceControlAccess","AWSBudgetsReadOnlyAccess","AWSBugBustFullAccess","AWSBugBustPlayerAccess","AWSBugBustServiceRolePolicy","AWSCertificateManagerFullAccess","AWSCertificateManagerPrivateCAAuditor","AWSCertificateManagerPrivateCAFullAccess","AWSCertificateManagerPrivateCAPrivilegedUser","AWSCertificateManagerPrivateCAReadOnly","AWSCertificateManagerPrivateCAUser","AWSCertificateManagerReadOnly","AWSChatbotServiceLinkedRolePolicy","AWSCleanRoomsFullAccess","AWSCleanRoomsFullAccessNoQuerying","AWSCleanRoomsMLFullAccess","AWSCleanRoomsMLReadOnlyAccess","AWSCleanRoomsReadOnlyAccess","AWSCloud9Administrator","AWSCloud9EnvironmentMember","AWSCloud9ServiceRolePolicy","AWSCloud9SSMInstanceProfile","AWSCloud9User","AWSCloudFormationFullAccess","AWSCloudFormationReadOnlyAccess","AWSCloudFrontLogger","AWSCloudFrontVPCOriginServiceRolePolicy","AWSCloudHSMFullAccess","AWSCloudHSMReadOnlyAccess","AWSCloudHSMRole","AWSCloudMapDiscoverInstanceAccess","AWSCloudMapFullAccess","AWSCloudMapReadOnlyAccess","AWSCloudMapRegisterInstanceAccess","AWSCloudShellFullAccess","AWSCloudTrail_FullAccess","AWSCloudTrail_ReadOnlyAccess","AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy","AWSCodeArtifactAdminAccess","AWSCodeArtifactReadOnlyAccess","AWSCodeBuildAdminAccess","AWSCodeBuildDeveloperAccess","AWSCodeBuildReadOnlyAccess","AWSCodeCommitFullAccess","AWSCodeCommitPowerUser","AWSCodeCommitReadOnly","AWSCodeDeployDeployerAccess","AWSCodeDeployFullAccess","AWSCodeDeployReadOnlyAccess","AWSCodeDeployRole","AWSCodeDeployRoleForCloudFormation","AWSCodeDeployRoleForECS","AWSCodeDeployRoleForECSLimited","AWSCodeDeployRoleForLambda","AWSCodeDeployRoleForLambdaLimited","AWSCodePipeline_FullAccess","AWSCodePipeline_ReadOnlyAccess","AWSCodePipelineApproverAccess","AWSCodePipelineCustomActionAccess","AWSCodeStarFullAccess","AWSCodeStarNotificationsServiceRolePolicy","AWSCodeStarServiceRole","AWSCompromisedKeyQuarantine","AWSCompromisedKeyQuarantineV2","AWSCompromisedKeyQuarantineV3","AWSConfigMultiAccountSetupPolicy","AWSConfigRemediationServiceRolePolicy","AWSConfigRoleForOrganizations","AWSConfigRulesExecutionRole","AWSConfigServiceRolePolicy","AWSConfigUserAccess","AWSConnector","AWSControlTowerAccountServiceRolePolicy","AWSControlTowerServiceRolePolicy","AWSCostAndUsageReportAutomationPolicy","AWSDataExchangeDataGrantOwnerFullAccess","AWSDataExchangeDataGrantReceiverFullAccess","AWSDataExchangeFullAccess","AWSDataExchangeProviderFullAccess","AWSDataExchangeReadOnly","AWSDataExchangeServiceRolePolicyForLicenseManagement","AWSDataExchangeServiceRolePolicyForOrganizationDiscovery","AWSDataExchangeSubscriberFullAccess","AWSDataLifecycleManagerServiceRole","AWSDataLifecycleManagerServiceRoleForAMIManagement","AWSDataLifecycleManagerSSMFullAccess","AWSDataPipeline_FullAccess","AWSDataPipeline_PowerUser","AWSDataSyncDiscoveryServiceRolePolicy","AWSDataSyncFullAccess","AWSDataSyncReadOnlyAccess","AWSDataSyncServiceRolePolicy","AWSDeadlineCloud-FleetWorker","AWSDeadlineCloud-UserAccessFarms","AWSDeadlineCloud-UserAccessFleets","AWSDeadlineCloud-UserAccessJobs","AWSDeadlineCloud-UserAccessQueues","AWSDeadlineCloud-WorkerHost","AWSDeepLensLambdaFunctionAccessPolicy","AWSDeepLensServiceRolePolicy","AWSDeepRacerAccountAdminAccess","AWSDeepRacerCloudFormationAccessPolicy","AWSDeepRacerDefaultMultiUserAccess","AWSDeepRacerFullAccess","AWSDeepRacerRoboMakerAccessPolicy","AWSDeepRacerServiceRolePolicy","AWSDenyAll","AWSDeviceFarmFullAccess","AWSDeviceFarmServiceRolePolicy","AWSDeviceFarmTestGridServiceRolePolicy","AWSDirectConnectFullAccess","AWSDirectConnectReadOnlyAccess","AWSDirectConnectServiceRolePolicy","AWSDirectoryServiceDataFullAccess","AWSDirectoryServiceDataReadOnlyAccess","AWSDirectoryServiceFullAccess","AWSDirectoryServiceReadOnlyAccess","AWSDiscoveryContinuousExportFirehosePolicy","AWSDMSFleetAdvisorServiceRolePolicy","AWSDMSServerlessServiceRolePolicy","AWSEC2CapacityReservationFleetRolePolicy","AWSEC2FleetServiceRolePolicy","AWSEC2SpotFleetServiceRolePolicy","AWSEC2SpotServiceRolePolicy","AWSEC2VssSnapshotPolicy","AWSECRPullThroughCache_ServiceRolePolicy","AWSElasticBeanstalkCustomPlatformforEC2Role","AWSElasticBeanstalkEnhancedHealth","AWSElasticBeanstalkMaintenance","AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy","AWSElasticBeanstalkManagedUpdatesServiceRolePolicy","AWSElasticBeanstalkMulticontainerDocker","AWSElasticBeanstalkReadOnly","AWSElasticBeanstalkRoleCore","AWSElasticBeanstalkRoleCWL","AWSElasticBeanstalkRoleECS","AWSElasticBeanstalkRoleRDS","AWSElasticBeanstalkRoleSNS","AWSElasticBeanstalkRoleWorkerTier","AWSElasticBeanstalkService","AWSElasticBeanstalkServiceRolePolicy","AWSElasticBeanstalkWebTier","AWSElasticBeanstalkWorkerTier","AWSElasticDisasterRecoveryAgentInstallationPolicy","AWSElasticDisasterRecoveryAgentPolicy","AWSElasticDisasterRecoveryConsoleFullAccess","AWSElasticDisasterRecoveryConsoleFullAccess_v2","AWSElasticDisasterRecoveryConversionServerPolicy","AWSElasticDisasterRecoveryCrossAccountReplicationPolicy","AWSElasticDisasterRecoveryEc2InstancePolicy","AWSElasticDisasterRecoveryFailbackInstallationPolicy","AWSElasticDisasterRecoveryFailbackPolicy","AWSElasticDisasterRecoveryLaunchActionsPolicy","AWSElasticDisasterRecoveryNetworkReplicationPolicy","AWSElasticDisasterRecoveryReadOnlyAccess","AWSElasticDisasterRecoveryRecoveryInstancePolicy","AWSElasticDisasterRecoveryReplicationServerPolicy","AWSElasticDisasterRecoveryServiceRolePolicy","AWSElasticDisasterRecoveryStagingAccountPolicy","AWSElasticDisasterRecoveryStagingAccountPolicy_v2","AWSElasticLoadBalancingClassicServiceRolePolicy","AWSElasticLoadBalancingServiceRolePolicy","AWSElementalMediaConvertFullAccess","AWSElementalMediaConvertReadOnly","AWSElementalMediaLiveFullAccess","AWSElementalMediaLiveReadOnly","AWSElementalMediaPackageFullAccess","AWSElementalMediaPackageReadOnly","AWSElementalMediaPackageV2FullAccess","AWSElementalMediaPackageV2ReadOnly","AWSElementalMediaStoreFullAccess","AWSElementalMediaStoreReadOnly","AWSElementalMediaTailorFullAccess","AWSElementalMediaTailorReadOnly","AWSEnhancedClassicNetworkingMangementPolicy","AWSEntityResolutionConsoleFullAccess","AWSEntityResolutionConsoleReadOnlyAccess","AWSFaultInjectionSimulatorEC2Access","AWSFaultInjectionSimulatorECSAccess","AWSFaultInjectionSimulatorEKSAccess","AWSFaultInjectionSimulatorNetworkAccess","AWSFaultInjectionSimulatorRDSAccess","AWSFaultInjectionSimulatorSSMAccess","AWSFinSpaceServiceRolePolicy","AWSFMAdminFullAccess","AWSFMAdminReadOnlyAccess","AWSFMMemberReadOnlyAccess","AWSForWordPressPluginPolicy","AWSGitSyncServiceRolePolicy","AWSGlobalAcceleratorSLRPolicy","AWSGlueConsoleFullAccess","AWSGlueConsoleSageMakerNotebookFullAccess","AwsGlueDataBrewFullAccessPolicy","AWSGlueDataBrewServiceRole","AWSGlueSchemaRegistryFullAccess","AWSGlueSchemaRegistryReadonlyAccess","AWSGlueServiceNotebookRole","AWSGlueServiceRole","AwsGlueSessionUserRestrictedNotebookPolicy","AwsGlueSessionUserRestrictedNotebookServiceRole","AwsGlueSessionUserRestrictedPolicy","AwsGlueSessionUserRestrictedServiceRole","AWSGrafanaAccountAdministrator","AWSGrafanaConsoleReadOnlyAccess","AWSGrafanaWorkspacePermissionManagement","AWSGrafanaWorkspacePermissionManagementV2","AWSGreengrassFullAccess","AWSGreengrassReadOnlyAccess","AWSGreengrassResourceAccessRolePolicy","AWSGroundStationAgentInstancePolicy","AWSHealth_EventProcessorServiceRolePolicy","AWSHealthFullAccess","AWSHealthImagingFullAccess","AWSHealthImagingReadOnlyAccess","AWSIAMIdentityCenterAllowListForIdentityContext","AWSIdentitySyncFullAccess","AWSIdentitySyncReadOnlyAccess","AWSImageBuilderFullAccess","AWSImageBuilderReadOnlyAccess","AWSImportExportFullAccess","AWSImportExportReadOnlyAccess","AWSIncidentManagerIncidentAccessServiceRolePolicy","AWSIncidentManagerResolverAccess","AWSIncidentManagerServiceRolePolicy","AWSIoT1ClickFullAccess","AWSIoT1ClickReadOnlyAccess","AWSIoTAnalyticsFullAccess","AWSIoTAnalyticsReadOnlyAccess","AWSIoTConfigAccess","AWSIoTConfigReadOnlyAccess","AWSIoTDataAccess","AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction","AWSIoTDeviceDefenderAudit","AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction","AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction","AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction","AWSIoTDeviceDefenderUpdateCACertMitigationAction","AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction","AWSIoTDeviceTesterForFreeRTOSFullAccess","AWSIoTDeviceTesterForGreengrassFullAccess","AWSIoTEventsFullAccess","AWSIoTEventsReadOnlyAccess","AWSIoTFleetHubFederationAccess","AWSIoTFleetwiseServiceRolePolicy","AWSIoTFullAccess","AWSIoTLogging","AWSIoTOTAUpdate","AWSIoTRuleActions","AWSIoTSiteWiseConsoleFullAccess","AWSIoTSiteWiseFullAccess","AWSIoTSiteWiseMonitorPortalAccess","AWSIoTSiteWiseMonitorServiceRolePolicy","AWSIoTSiteWiseReadOnlyAccess","AWSIoTThingsRegistration","AWSIoTTwinMakerServiceRolePolicy","AWSIoTWirelessDataAccess","AWSIoTWirelessFullAccess","AWSIoTWirelessFullPublishAccess","AWSIoTWirelessGatewayCertManager","AWSIoTWirelessLogging","AWSIoTWirelessReadOnlyAccess","AWSIPAMServiceRolePolicy","AWSIQContractServiceRolePolicy","AWSIQFullAccess","AWSIQPermissionServiceRolePolicy","AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy","AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy","AWSKeyManagementServicePowerUser","AWSLakeFormationCrossAccountManager","AWSLakeFormationDataAdmin","AWSLambda_FullAccess","AWSLambda_ReadOnlyAccess","AWSLambdaBasicExecutionRole","AWSLambdaDynamoDBExecutionRole","AWSLambdaENIManagementAccess","AWSLambdaExecute","AWSLambdaInvocation-DynamoDB","AWSLambdaKinesisExecutionRole","AWSLambdaMSKExecutionRole","AWSLambdaReplicator","AWSLambdaRole","AWSLambdaSQSQueueExecutionRole","AWSLambdaVPCAccessExecutionRole","AWSLicenseManagerConsumptionPolicy","AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy","AWSLicenseManagerMasterAccountRolePolicy","AWSLicenseManagerMemberAccountRolePolicy","AWSLicenseManagerServiceRolePolicy","AWSLicenseManagerUserSubscriptionsServiceRolePolicy","AWSM2ServicePolicy","AWSManagedServices_ContactsServiceRolePolicy","AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy","AWSManagedServices_EventsServiceRolePolicy","AWSManagedServicesDeploymentToolkitPolicy","AWSMarketplaceAmiIngestion","AWSMarketplaceDeploymentServiceRolePolicy","AWSMarketplaceFullAccess","AWSMarketplaceGetEntitlements","AWSMarketplaceImageBuildFullAccess","AWSMarketplaceLicenseManagementServiceRolePolicy","AWSMarketplaceManageSubscriptions","AWSMarketplaceMeteringFullAccess","AWSMarketplaceMeteringRegisterUsage","AWSMarketplaceProcurementSystemAdminFullAccess","AWSMarketplacePurchaseOrdersServiceRolePolicy","AWSMarketplaceRead-only","AWSMarketplaceResaleAuthorizationServiceRolePolicy","AWSMarketplaceSellerFullAccess","AWSMarketplaceSellerProductsFullAccess","AWSMarketplaceSellerProductsReadOnly","AWSMediaConnectServicePolicy","AWSMediaTailorServiceRolePolicy","AWSMigrationHubDiscoveryAccess","AWSMigrationHubDMSAccess","AWSMigrationHubFullAccess","AWSMigrationHubOrchestratorConsoleFullAccess","AWSMigrationHubOrchestratorInstanceRolePolicy","AWSMigrationHubOrchestratorPlugin","AWSMigrationHubOrchestratorServiceRolePolicy","AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess","AWSMigrationHubRefactorSpaces-SSMAutomationPolicy","AWSMigrationHubRefactorSpacesFullAccess","AWSMigrationHubRefactorSpacesServiceRolePolicy","AWSMigrationHubSMSAccess","AWSMigrationHubStrategyCollector","AWSMigrationHubStrategyConsoleFullAccess","AWSMigrationHubStrategyServiceRolePolicy","AWSMSKReplicatorExecutionRole","AWSNetworkFirewallServiceRolePolicy","AWSNetworkManagerCloudWANServiceRolePolicy","AWSNetworkManagerFullAccess","AWSNetworkManagerReadOnlyAccess","AWSNetworkManagerServiceRolePolicy","AWSOpsWorks_FullAccess","AWSOpsWorksCloudWatchLogs","AWSOpsWorksCMInstanceProfileRole","AWSOpsWorksCMServiceRole","AWSOpsWorksInstanceRegistration","AWSOpsWorksRegisterCLI_EC2","AWSOpsWorksRegisterCLI_OnPremises","AWSOrganizationsFullAccess","AWSOrganizationsReadOnlyAccess","AWSOrganizationsServiceTrustPolicy","AWSOutpostsAuthorizeServerPolicy","AWSOutpostsServiceRolePolicy","AWSPanoramaApplianceRolePolicy","AWSPanoramaApplianceServiceRolePolicy","AWSPanoramaFullAccess","AWSPanoramaGreengrassGroupRolePolicy","AWSPanoramaSageMakerRolePolicy","AWSPanoramaServiceLinkedRolePolicy","AWSPanoramaServiceRolePolicy","AWSPCSServiceRolePolicy","AWSPriceListServiceFullAccess","AWSPrivateCAAuditor","AWSPrivateCAFullAccess","AWSPrivateCAPrivilegedUser","AWSPrivateCAReadOnly","AWSPrivateCAUser","AWSPrivateMarketplaceAdminFullAccess","AWSPrivateMarketplaceRequests","AWSPrivateNetworksServiceRolePolicy","AWSProtonCodeBuildProvisioningBasicAccess","AWSProtonCodeBuildProvisioningServiceRolePolicy","AWSProtonDeveloperAccess","AWSProtonFullAccess","AWSProtonReadOnlyAccess","AWSProtonServiceGitSyncServiceRolePolicy","AWSProtonSyncServiceRolePolicy","AWSPurchaseOrdersServiceRolePolicy","AWSQuickSetupCFGCPacksPermissionsBoundary","AWSQuickSetupDeploymentRolePolicy","AWSQuickSetupDevOpsGuruPermissionsBoundary","AWSQuickSetupDistributorPermissionsBoundary","AWSQuickSetupPatchPolicyBaselineAccess","AWSQuickSetupPatchPolicyDeploymentRolePolicy","AWSQuickSetupPatchPolicyPermissionsBoundary","AWSQuickSetupSchedulerPermissionsBoundary","AWSQuickSetupSSMHostMgmtPermissionsBoundary","AWSQuickSightAssetBundleExportPolicy","AWSQuickSightAssetBundleImportPolicy","AWSQuicksightAthenaAccess","AWSQuickSightDescribeRDS","AWSQuickSightDescribeRedshift","AWSQuickSightElasticsearchPolicy","AWSQuickSightIoTAnalyticsAccess","AWSQuickSightListIAM","AWSQuicksightOpenSearchPolicy","AWSQuickSightSageMakerPolicy","AWSQuickSightTimestreamPolicy","AWSReachabilityAnalyzerServiceRolePolicy","AWSRefactoringToolkitFullAccess","AWSRefactoringToolkitSidecarPolicy","AWSrePostPrivateCloudWatchAccess","AWSRepostSpaceSupportOperationsPolicy","AWSResilienceHubAsssessmentExecutionPolicy","AWSResourceAccessManagerFullAccess","AWSResourceAccessManagerReadOnlyAccess","AWSResourceAccessManagerResourceShareParticipantAccess","AWSResourceAccessManagerServiceRolePolicy","AWSResourceExplorerFullAccess","AWSResourceExplorerOrganizationsAccess","AWSResourceExplorerReadOnlyAccess","AWSResourceExplorerServiceRolePolicy","AWSResourceGroupsReadOnlyAccess","AWSRoboMaker_FullAccess","AWSRoboMakerReadOnlyAccess","AWSRoboMakerServicePolicy","AWSRoboMakerServiceRolePolicy","AWSRolesAnywhereServicePolicy","AWSS3OnOutpostsServiceRolePolicy","AWSSavingsPlansFullAccess","AWSSavingsPlansReadOnlyAccess","AWSSecurityHubFullAccess","AWSSecurityHubOrganizationsAccess","AWSSecurityHubReadOnlyAccess","AWSSecurityHubServiceRolePolicy","AWSServiceCatalogAdminFullAccess","AWSServiceCatalogAdminReadOnlyAccess","AWSServiceCatalogAppRegistryFullAccess","AWSServiceCatalogAppRegistryReadOnlyAccess","AWSServiceCatalogAppRegistryServiceRolePolicy","AWSServiceCatalogEndUserFullAccess","AWSServiceCatalogEndUserReadOnlyAccess","AWSServiceCatalogOrgsDataSyncServiceRolePolicy","AWSServiceCatalogSyncServiceRolePolicy","AWSServiceRoleForAmazonEKSNodegroup","AWSServiceRoleForAmazonQDeveloper","AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy","AWSServiceRoleForCloudWatchMetrics_DbPerfInsightsServiceRolePolicy","AWSServiceRoleForCodeGuru-Profiler","AWSServiceRoleForCodeWhispererPolicy","AWSServiceRoleForEC2ScheduledInstances","AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy","AWSServiceRoleForImageBuilder","AWSServiceRoleForIoTSiteWise","AWSServiceRoleForLogDeliveryPolicy","AWSServiceRoleForMonitronPolicy","AWSServiceRoleForNeptuneGraphPolicy","AWSServiceRoleForPrivateMarketplaceAdminPolicy","AWSServiceRoleForProcurementInsightsPolicy","AWSServiceRoleForSMS","AWSServiceRoleForUserSubscriptions","AWSServiceRolePolicyForBackupReports","AWSServiceRolePolicyForBackupRestoreTesting","AWSShieldDRTAccessPolicy","AWSShieldServiceRolePolicy","AWSSocialMessagingServiceRolePolicy","AWSSSMForSAPServiceLinkedRolePolicy","AWSSSMOpsInsightsServiceRolePolicy","AWSSSODirectoryAdministrator","AWSSSODirectoryReadOnly","AWSSSOMasterAccountAdministrator","AWSSSOMemberAccountAdministrator","AWSSSOReadOnly","AWSSSOServiceRolePolicy","AWSStepFunctionsConsoleFullAccess","AWSStepFunctionsFullAccess","AWSStepFunctionsReadOnlyAccess","AWSStorageGatewayFullAccess","AWSStorageGatewayReadOnlyAccess","AWSStorageGatewayServiceRolePolicy","AWSSupplyChainFederationAdminAccess","AWSSupportAccess","AWSSupportAppFullAccess","AWSSupportAppReadOnlyAccess","AWSSupportPlansFullAccess","AWSSupportPlansReadOnlyAccess","AWSSupportServiceRolePolicy","AWSSystemsManagerAccountDiscoveryServicePolicy","AWSSystemsManagerChangeManagementServicePolicy","AWSSystemsManagerEnableConfigRecordingExecutionPolicy","AWSSystemsManagerEnableExplorerExecutionPolicy","AWSSystemsManagerForSAPFullAccess","AWSSystemsManagerForSAPReadOnlyAccess","AWSSystemsManagerOpsDataSyncServiceRolePolicy","AWSThinkboxAssetServerPolicy","AWSThinkboxAWSPortalAdminPolicy","AWSThinkboxAWSPortalGatewayPolicy","AWSThinkboxAWSPortalWorkerPolicy","AWSThinkboxDeadlineResourceTrackerAccessPolicy","AWSThinkboxDeadlineResourceTrackerAdminPolicy","AWSThinkboxDeadlineSpotEventPluginAdminPolicy","AWSThinkboxDeadlineSpotEventPluginWorkerPolicy","AWSTransferConsoleFullAccess","AWSTransferFullAccess","AWSTransferLoggingAccess","AWSTransferReadOnlyAccess","AWSTrustedAdvisorPriorityFullAccess","AWSTrustedAdvisorPriorityReadOnlyAccess","AWSTrustedAdvisorReportingServiceRolePolicy","AWSTrustedAdvisorServiceRolePolicy","AWSUserNotificationsServiceLinkedRolePolicy","AWSVendorInsightsAssessorFullAccess","AWSVendorInsightsAssessorReadOnly","AWSVendorInsightsVendorFullAccess","AWSVendorInsightsVendorReadOnly","AWSVpcLatticeServiceRolePolicy","AWSVPCS2SVpnServiceRolePolicy","AWSVPCTransitGatewayServiceRolePolicy","AWSVPCVerifiedAccessServiceRolePolicy","AWSWAFConsoleFullAccess","AWSWAFConsoleReadOnlyAccess","AWSWAFFullAccess","AWSWAFReadOnlyAccess","AWSWellArchitectedDiscoveryServiceRolePolicy","AWSWellArchitectedOrganizationsServiceRolePolicy","AWSWickrFullAccess","AWSXrayCrossAccountSharingConfiguration","AWSXRayDaemonWriteAccess","AWSXrayFullAccess","AWSXrayReadOnlyAccess","AWSXrayWriteOnlyAccess","AWSZonalAutoshiftPracticeRunSLRPolicy","BatchServiceRolePolicy","Billing","CertificateManagerServiceRolePolicy","ClientVPNServiceConnectionsRolePolicy","ClientVPNServiceRolePolicy","CloudFormationStackSetsOrgAdminServiceRolePolicy","CloudFormationStackSetsOrgMemberServiceRolePolicy","CloudFrontFullAccess","CloudFrontReadOnlyAccess","CloudHSMServiceRolePolicy","CloudSearchFullAccess","CloudSearchReadOnlyAccess","CloudTrailServiceRolePolicy","CloudWatch-CrossAccountAccess","CloudWatchActionsEC2Access","CloudWatchAgentAdminPolicy","CloudWatchAgentServerPolicy","CloudWatchApplicationInsightsFullAccess","CloudWatchApplicationInsightsReadOnlyAccess","CloudwatchApplicationInsightsServiceLinkedRolePolicy","CloudWatchApplicationSignalsFullAccess","CloudWatchApplicationSignalsReadOnlyAccess","CloudWatchApplicationSignalsServiceRolePolicy","CloudWatchAutomaticDashboardsAccess","CloudWatchCrossAccountSharingConfiguration","CloudWatchEventsBuiltInTargetExecutionAccess","CloudWatchEventsFullAccess","CloudWatchEventsInvocationAccess","CloudWatchEventsReadOnlyAccess","CloudWatchEventsServiceRolePolicy","CloudWatchFullAccess","CloudWatchFullAccessV2","CloudWatchInternetMonitorFullAccess","CloudWatchInternetMonitorServiceRolePolicy","CloudWatchLambdaApplicationSignalsExecutionRolePolicy","CloudWatchLambdaInsightsExecutionRolePolicy","CloudWatchLogsCrossAccountSharingConfiguration","CloudWatchLogsFullAccess","CloudWatchLogsReadOnlyAccess","CloudWatchNetworkMonitorServiceRolePolicy","CloudWatchReadOnlyAccess","CloudWatchSyntheticsFullAccess","CloudWatchSyntheticsReadOnlyAccess","ComprehendDataAccessRolePolicy","ComprehendFullAccess","ComprehendMedicalFullAccess","ComprehendReadOnly","ComputeOptimizerReadOnlyAccess","ComputeOptimizerServiceRolePolicy","ConfigConformsServiceRolePolicy","CostOptimizationHubAdminAccess","CostOptimizationHubReadOnlyAccess","CostOptimizationHubServiceRolePolicy","CustomerProfilesServiceLinkedRolePolicy","DatabaseAdministrator","DataScientist","DAXServiceRolePolicy","DynamoDBCloudWatchContributorInsightsServiceRolePolicy","DynamoDBKinesisReplicationServiceRolePolicy","DynamoDBReplicationServiceRolePolicy","EC2FastLaunchFullAccess","EC2FastLaunchServiceRolePolicy","EC2FleetTimeShiftableServiceRolePolicy","Ec2ImageBuilderCrossAccountDistributionAccess","EC2ImageBuilderLifecycleExecutionPolicy","EC2InstanceConnect","Ec2InstanceConnectEndpoint","EC2InstanceProfileForImageBuilder","EC2InstanceProfileForImageBuilderECRContainerBuilds","ECRReplicationServiceRolePolicy","ECRTemplateServiceRolePolicy","ElastiCacheServiceRolePolicy","ElasticLoadBalancingFullAccess","ElasticLoadBalancingReadOnly","ElementalActivationsDownloadSoftwareAccess","ElementalActivationsFullAccess","ElementalActivationsGenerateLicenses","ElementalActivationsReadOnlyAccess","ElementalAppliancesSoftwareFullAccess","ElementalAppliancesSoftwareReadOnlyAccess","ElementalSupportCenterFullAccess","EMRDescribeClusterPolicyForEMRWAL","FMSServiceRolePolicy","FSxDeleteServiceLinkedRoleAccess","GameLiftGameServerGroupPolicy","GlobalAcceleratorFullAccess","GlobalAcceleratorReadOnlyAccess","GreengrassOTAUpdateArtifactAccess","GroundTruthSyntheticConsoleFullAccess","GroundTruthSyntheticConsoleReadOnlyAccess","Health_OrganizationsServiceRolePolicy","IAMAccessAdvisorReadOnly","IAMAccessAnalyzerFullAccess","IAMAccessAnalyzerReadOnlyAccess","IAMFullAccess","IAMReadOnlyAccess","IAMSelfManageServiceSpecificCredentials","IAMUserChangePassword","IAMUserSSHKeys","IVSFullAccess","IVSReadOnlyAccess","IVSRecordToS3","KafkaConnectServiceRolePolicy","KafkaServiceRolePolicy","KeyspacesReplicationServiceRolePolicy","LakeFormationDataAccessServiceRolePolicy","LexBotPolicy","LexChannelPolicy","LightsailExportAccess","MediaConnectGatewayInstanceRolePolicy","MediaPackageServiceRolePolicy","MemoryDBServiceRolePolicy","MigrationHubDMSAccessServiceRolePolicy","MigrationHubServiceRolePolicy","MigrationHubSMSAccessServiceRolePolicy","MonitronServiceRolePolicy","NeptuneConsoleFullAccess","NeptuneFullAccess","NeptuneGraphReadOnlyAccess","NeptuneReadOnlyAccess","NetworkAdministrator","OAMFullAccess","OAMReadOnlyAccess","OpensearchIngestionSelfManagedVpcePolicy","PartnerCentralAccountManagementUserRoleAssociation","PowerUserAccess","QAppsServiceRolePolicy","QBusinessServiceRolePolicy","QuickSightAccessForS3StorageManagementAnalyticsReadOnly","RDSCloudHsmAuthorizationRole","ReadOnlyAccess","ResourceGroupsandTagEditorFullAccess","ResourceGroupsandTagEditorReadOnlyAccess","ResourceGroupsServiceRolePolicy","ResourceGroupsTaggingAPITagUntagSupportedResources","ROSAAmazonEBSCSIDriverOperatorPolicy","ROSACloudNetworkConfigOperatorPolicy","ROSAControlPlaneOperatorPolicy","ROSAImageRegistryOperatorPolicy","ROSAIngressOperatorPolicy","ROSAInstallerPolicy","ROSAKMSProviderPolicy","ROSAKubeControllerPolicy","ROSAManageSubscription","ROSANodePoolManagementPolicy","ROSASRESupportPolicy","ROSAWorkerInstancePolicy","Route53RecoveryReadinessServiceRolePolicy","Route53ResolverServiceRolePolicy","S3StorageLensServiceRolePolicy","SecretsManagerReadWrite","SecurityAudit","SecurityLakeServiceLinkedRole","ServerMigration_ServiceRole","ServerMigrationConnector","ServerMigrationServiceConsoleFullAccess","ServerMigrationServiceLaunchRole","ServerMigrationServiceRoleForInstanceValidation","ServiceQuotasFullAccess","ServiceQuotasReadOnlyAccess","ServiceQuotasServiceRolePolicy","SimpleWorkflowFullAccess","SplitCostAllocationDataServiceRolePolicy","SSMQuickSetupRolePolicy","SupportUser","SystemAdministrator","TranslateFullAccess","TranslateReadOnly","ViewOnlyAccess","VMImportExportRoleForAWSConnector","VPCLatticeFullAccess","VPCLatticeReadOnlyAccess","VPCLatticeServicesInvokeAccess","WAFLoggingServiceRolePolicy","WAFRegionalLoggingServiceRolePolicy","WAFV2LoggingServiceRolePolicy","WellArchitectedConsoleFullAccess","WellArchitectedConsoleReadOnlyAccess","WorkLinkServiceRolePolicy"] \ No newline at end of file diff --git a/lib/generated/aws-managed-policies/cdk-iam-floyd.ts b/lib/generated/aws-managed-policies/cdk-iam-floyd.ts index 97e4aa864..f4cd7e9c8 100644 --- a/lib/generated/aws-managed-policies/cdk-iam-floyd.ts +++ b/lib/generated/aws-managed-policies/cdk-iam-floyd.ts @@ -544,6 +544,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEC2ContainerRegistryPowerUser); } + /** Provides access to pull images from Amazon EC2 Container Registry repositories. */ + public AmazonEC2ContainerRegistryPullOnly(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEC2ContainerRegistryPullOnly); + } + /** Provides read-only access to Amazon EC2 Container Registry repositories. */ public AmazonEC2ContainerRegistryReadOnly(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEC2ContainerRegistryReadOnly); @@ -649,11 +654,21 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSCNIPolicy); } + /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's block storage resources. */ + public AmazonEKSBlockStoragePolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSBlockStoragePolicy); + } + /** This policy provides Kubernetes the permissions it requires to manage resources on your behalf. Kubernetes requires Ec2:CreateTags permissions to place identifying information on EC2 resources including but not limited to Instances, Security Groups, and Elastic Network Interfaces. */ public AmazonEKSClusterPolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSClusterPolicy); } + /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's compute resources. */ + public AmazonEKSComputePolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSComputePolicy); + } + /** This policy allows Amazon EKS to manage AWS resources for EKS connector */ public AmazonEKSConnectorServiceRolePolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSConnectorServiceRolePolicy); @@ -669,6 +684,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSForFargateServiceRolePolicy); } + /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's load balancing resources. */ + public AmazonEKSLoadBalancingPolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSLoadBalancingPolicy); + } + /** This policy provides permissions to EKS local cluster's control-plane instances running in your account to manage resources on your behalf. */ public AmazonEKSLocalOutpostClusterPolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSLocalOutpostClusterPolicy); @@ -679,6 +699,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSLocalOutpostServiceRolePolicy); } + /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's networking resources. */ + public AmazonEKSNetworkingPolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSNetworkingPolicy); + } + /** This policy allows Amazon Elastic Container Service for Kubernetes to create and manage the necessary resources to operate EKS Clusters. */ public AmazonEKSServicePolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSServicePolicy); @@ -694,6 +719,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSVPCResourceController); } + /** This policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters. */ + public AmazonEKSWorkerNodeMinimalPolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSWorkerNodeMinimalPolicy); + } + /** This policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters. */ public AmazonEKSWorkerNodePolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonEKSWorkerNodePolicy); @@ -1904,6 +1934,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonSageMakerGroundTruthExecution); } + /** This policy grants permissions to Amazon SageMaker HyperPod to related AWS services such as Amazon EKS, Amazon CloudWatch etc. */ + public AmazonSageMakerHyperPodServiceRolePolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonSageMakerHyperPodServiceRolePolicy); + } + /** Provides access to create Amazon Augmented AI FlowDefinition resources against any Workteam. */ public AmazonSageMakerMechanicalTurkAccess(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonSageMakerMechanicalTurkAccess); @@ -2139,6 +2174,16 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonTranscribeReadOnlyAccess); } + /** Provides full access to Verified Permissions */ + public AmazonVerifiedPermissionsFullAccess(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonVerifiedPermissionsFullAccess); + } + + /** Provides read-only access to the Verified Permissions service. */ + public AmazonVerifiedPermissionsReadOnlyAccess(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonVerifiedPermissionsReadOnlyAccess); + } + /** Provides access to create network interfaces and attach them to cross-account resources */ public AmazonVPCCrossAccountNetworkInterfaceOperations(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonVPCCrossAccountNetworkInterfaceOperations); @@ -2239,6 +2284,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonWorkSpacesServiceAccess); } + /** Provides full access to Amazon WorkSpaces Thin Client as well as limited access to required related services */ + public AmazonWorkSpacesThinClientFullAccess(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonWorkSpacesThinClientFullAccess); + } + /** Provides read-only access to Amazon WorkSpaces Thin Client and its dependencies */ public AmazonWorkSpacesThinClientReadOnlyAccess(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AmazonWorkSpacesThinClientReadOnlyAccess); @@ -2869,6 +2919,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSCloudFrontLogger); } + /** Allows CloudFront to manage EC2 Elastic Network Interfaces and Security Groups on your behalf. */ + public AWSCloudFrontVPCOriginServiceRolePolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSCloudFrontVPCOriginServiceRolePolicy); + } + /** Provides full access to all CloudHSM resources. */ public AWSCloudHSMFullAccess(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSCloudHSMFullAccess); @@ -3054,6 +3109,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSCompromisedKeyQuarantineV2); } + /** Denies access to certain actions, applied by AWS in the event that an IAM user's credentials have been compromised or exposed publicly. The policy aims to limit the potential damage that may be caused by fraud-related activity leading to unauthorized charges, while not impacting the existing resources. Do NOT remove this policy. Instead, please follow the instructions specified in the support case created for you regarding this event. */ + public AWSCompromisedKeyQuarantineV3(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSCompromisedKeyQuarantineV3); + } + /** Allows Config to call AWS services and deploy config resources across organization */ public AWSConfigMultiAccountSetupPolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSConfigMultiAccountSetupPolicy); @@ -3104,6 +3164,16 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSCostAndUsageReportAutomationPolicy); } + /** Gives Data Grant owners access to AWS Data Exchange actions using the AWS Management Console and SDK. */ + public AWSDataExchangeDataGrantOwnerFullAccess(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDataExchangeDataGrantOwnerFullAccess); + } + + /** Gives Data Grant receiver access to AWS Data Exchange actions using the AWS Management Console and SDK. */ + public AWSDataExchangeDataGrantReceiverFullAccess(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDataExchangeDataGrantReceiverFullAccess); + } + /** Grants full access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */ public AWSDataExchangeFullAccess(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDataExchangeFullAccess); @@ -3119,6 +3189,16 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDataExchangeReadOnly); } + /** Allows AWS Data Exchange to access AWS Services and Resources used or managed by AWS Data Exchange for license management. */ + public AWSDataExchangeServiceRolePolicyForLicenseManagement(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDataExchangeServiceRolePolicyForLicenseManagement); + } + + /** Allows AWS Data Exchange to read data about your AWS Organization to determine eligibility for AWS Data Exchange data grants license distribution. */ + public AWSDataExchangeServiceRolePolicyForOrganizationDiscovery(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDataExchangeServiceRolePolicyForOrganizationDiscovery); + } + /** Grants data subscriber access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */ public AWSDataExchangeSubscriberFullAccess(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDataExchangeSubscriberFullAccess); @@ -3164,6 +3244,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDataSyncReadOnlyAccess); } + /** Allows DataSync to integrate with other AWS services on your behalf */ + public AWSDataSyncServiceRolePolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDataSyncServiceRolePolicy); + } + /** Provides AWS Deadline Cloud workers with access to run tasks on a farm. */ public AWSDeadlineCloudFleetWorker(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDeadlineCloudFleetWorker); @@ -3269,6 +3354,16 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDirectConnectServiceRolePolicy); } + /** Provides full access to AWS Directory Service Data. */ + public AWSDirectoryServiceDataFullAccess(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDirectoryServiceDataFullAccess); + } + + /** Provides read-only access to AWS Directory Service Data */ + public AWSDirectoryServiceDataReadOnlyAccess(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDirectoryServiceDataReadOnlyAccess); + } + /** Provides full access to AWS Directory Service. */ public AWSDirectoryServiceFullAccess(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSDirectoryServiceFullAccess); @@ -4454,6 +4549,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSPanoramaServiceRolePolicy); } + /** Grants permissions to PCS to manage resources on your behalf. */ + public AWSPCSServiceRolePolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSPCSServiceRolePolicy); + } + /** Provides full access to AWS Price List Service. */ public AWSPriceListServiceFullAccess(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSPriceListServiceFullAccess); @@ -4889,6 +4989,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSServiceRoleForPrivateMarketplaceAdminPolicy); } + /** Policy for Procurement Insights to obtain Organization Account details */ + public AWSServiceRoleForProcurementInsightsPolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSServiceRoleForProcurementInsightsPolicy); + } + /** Provides access to AWS services and resources necessary to migrate service instances into AWS including EC2, S3 and Cloudformation. */ public AWSServiceRoleForSMS(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSServiceRoleForSMS); @@ -4919,6 +5024,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSShieldServiceRolePolicy); } + /** Provides access to publish metrics and provide insights for your social message sending. */ + public AWSSocialMessagingServiceRolePolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSSocialMessagingServiceRolePolicy); + } + /** Provides AWS Systems Manager for SAP with the permissions needed to manage and integrate SAP software with AWS. */ public AWSSSMForSAPServiceLinkedRolePolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.AWSSSMForSAPServiceLinkedRolePolicy); @@ -5409,11 +5519,21 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.CloudWatchFullAccessV2); } + /** Provides full access to actions for working with Amazon CloudWatch Internet Monitor. Also provides access to other services, such as Amazon CloudWatch, Amazon EC2, Amazon CloudFront, Amazon WorkSpaces, and Elastic Load Balancing, that are necessary to use the Internet Monitor service for monitoring and storing information about application traffic. */ + public CloudWatchInternetMonitorFullAccess(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.CloudWatchInternetMonitorFullAccess); + } + /** Allows Internet Monitor to access EC2, Workspaces, and CloudFront resources, and other required services on your behalf. */ public CloudWatchInternetMonitorServiceRolePolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.CloudWatchInternetMonitorServiceRolePolicy); } + /** Provides write access to X-Ray and CloudWatch Application Signals log group. */ + public CloudWatchLambdaApplicationSignalsExecutionRolePolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.CloudWatchLambdaApplicationSignalsExecutionRolePolicy); + } + /** Policy required for the Lambda Insights Extension */ public CloudWatchLambdaInsightsExecutionRolePolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.CloudWatchLambdaInsightsExecutionRolePolicy); @@ -5869,6 +5989,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.PowerUserAccess); } + /** Grants permissions to AWS Services and Resources used or managed by Amazon Q Apps. */ + public QAppsServiceRolePolicy(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.QAppsServiceRolePolicy); + } + /** Grants permissions to AWS Services and Resources used or managed by Amazon Q */ public QBusinessServiceRolePolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.QBusinessServiceRolePolicy); @@ -5904,6 +6029,11 @@ export class AwsManagedPolicy extends AwsManagedPolicyStatic { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.ResourceGroupsServiceRolePolicy); } + /** Provides permissions to tag and untag all the resources supported by Resource Groups Tagging API. This policy also grants the permissions required to retrieve all tagged, or previously tagged, resources through the Resource Groups Tagging API. */ + public ResourceGroupsTaggingAPITagUntagSupportedResources(): aws_iam.IManagedPolicy { + return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.ResourceGroupsTaggingAPITagUntagSupportedResources); + } + /** Allows the OpenShift Amazon EBS Container Storage Interface (CSI) Driver Operator to install and maintain the Amazon EBS CSI driver on a Red Hat OpenShift Service on AWS (ROSA) cluster. The Amazon EBS CSI driver allows ROSA clusters to manage the lifecycle of Amazon EBS volumes for persistent volumes. */ public ROSAAmazonEBSCSIDriverOperatorPolicy(): aws_iam.IManagedPolicy { return aws_iam.ManagedPolicy.fromAwsManagedPolicyName(AwsManagedPolicyStatic.ROSAAmazonEBSCSIDriverOperatorPolicy); diff --git a/lib/generated/aws-managed-policies/iam-floyd.ts b/lib/generated/aws-managed-policies/iam-floyd.ts index 022f13fc0..6bdb89d7d 100644 --- a/lib/generated/aws-managed-policies/iam-floyd.ts +++ b/lib/generated/aws-managed-policies/iam-floyd.ts @@ -214,6 +214,8 @@ export class AwsManagedPolicy { public static AmazonEC2ContainerRegistryFullAccess = 'AmazonEC2ContainerRegistryFullAccess'; /** Provides full access to Amazon EC2 Container Registry repositories, but does not allow repository deletion or policy changes. */ public static AmazonEC2ContainerRegistryPowerUser = 'AmazonEC2ContainerRegistryPowerUser'; + /** Provides access to pull images from Amazon EC2 Container Registry repositories. */ + public static AmazonEC2ContainerRegistryPullOnly = 'AmazonEC2ContainerRegistryPullOnly'; /** Provides read-only access to Amazon EC2 Container Registry repositories. */ public static AmazonEC2ContainerRegistryReadOnly = 'AmazonEC2ContainerRegistryReadOnly'; /** Policy to enable Task Autoscaling for Amazon EC2 Container Service */ @@ -256,18 +258,26 @@ export class AwsManagedPolicy { public static AmazonEFSCSIDriverPolicy = 'service-role/AmazonEFSCSIDriverPolicy'; /** This policy provides the Amazon VPC CNI Plugin (amazon-vpc-cni-k8s) the permissions it requires to modify the IP address configuration on your EKS worker nodes. This permission set allows the CNI to list, describe, and modify Elastic Network Interfaces on your behalf. More information on the AWS VPC CNI Plugin is available here: https://github.com/aws/amazon-vpc-cni-k8s */ public static AmazonEKSCNIPolicy = 'AmazonEKS_CNI_Policy'; + /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's block storage resources. */ + public static AmazonEKSBlockStoragePolicy = 'AmazonEKSBlockStoragePolicy'; /** This policy provides Kubernetes the permissions it requires to manage resources on your behalf. Kubernetes requires Ec2:CreateTags permissions to place identifying information on EC2 resources including but not limited to Instances, Security Groups, and Elastic Network Interfaces. */ public static AmazonEKSClusterPolicy = 'AmazonEKSClusterPolicy'; + /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's compute resources. */ + public static AmazonEKSComputePolicy = 'AmazonEKSComputePolicy'; /** This policy allows Amazon EKS to manage AWS resources for EKS connector */ public static AmazonEKSConnectorServiceRolePolicy = 'aws-service-role/AmazonEKSConnectorServiceRolePolicy'; /** Provides access to other AWS service resources that are required to run Amazon EKS pods on AWS Fargate */ public static AmazonEKSFargatePodExecutionRolePolicy = 'AmazonEKSFargatePodExecutionRolePolicy'; /** This policy grants necessary permissions to Amazon EKS to run fargate tasks */ public static AmazonEKSForFargateServiceRolePolicy = 'aws-service-role/AmazonEKSForFargateServiceRolePolicy'; + /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's load balancing resources. */ + public static AmazonEKSLoadBalancingPolicy = 'AmazonEKSLoadBalancingPolicy'; /** This policy provides permissions to EKS local cluster's control-plane instances running in your account to manage resources on your behalf. */ public static AmazonEKSLocalOutpostClusterPolicy = 'AmazonEKSLocalOutpostClusterPolicy'; /** Allows Amazon EKS Local to call AWS services on your behalf. */ public static AmazonEKSLocalOutpostServiceRolePolicy = 'aws-service-role/AmazonEKSLocalOutpostServiceRolePolicy'; + /** Policy attached to the EKS Cluster Role that grants permissions to manage the cluster's networking resources. */ + public static AmazonEKSNetworkingPolicy = 'AmazonEKSNetworkingPolicy'; /** This policy allows Amazon Elastic Container Service for Kubernetes to create and manage the necessary resources to operate EKS Clusters. */ public static AmazonEKSServicePolicy = 'AmazonEKSServicePolicy'; /** A Service-Linked Role required for Amazon EKS to call AWS services on your behalf. */ @@ -275,6 +285,8 @@ export class AwsManagedPolicy { /** Policy used by VPC Resource Controller to manage ENI and IPs for worker nodes. */ public static AmazonEKSVPCResourceController = 'AmazonEKSVPCResourceController'; /** This policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters. */ + public static AmazonEKSWorkerNodeMinimalPolicy = 'AmazonEKSWorkerNodeMinimalPolicy'; + /** This policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters. */ public static AmazonEKSWorkerNodePolicy = 'AmazonEKSWorkerNodePolicy'; /** Provides full access to Amazon ElastiCache via the AWS Management Console. */ public static AmazonElastiCacheFullAccess = 'AmazonElastiCacheFullAccess'; @@ -758,6 +770,8 @@ export class AwsManagedPolicy { public static AmazonSageMakerGeospatialFullAccess = 'service-role/AmazonSageMakerGeospatialFullAccess'; /** Provides access to AWS services that are required to run SageMaker GroundTruth Labeling job */ public static AmazonSageMakerGroundTruthExecution = 'AmazonSageMakerGroundTruthExecution'; + /** This policy grants permissions to Amazon SageMaker HyperPod to related AWS services such as Amazon EKS, Amazon CloudWatch etc. */ + public static AmazonSageMakerHyperPodServiceRolePolicy = 'aws-service-role/AmazonSageMakerHyperPodServiceRolePolicy'; /** Provides access to create Amazon Augmented AI FlowDefinition resources against any Workteam. */ public static AmazonSageMakerMechanicalTurkAccess = 'AmazonSageMakerMechanicalTurkAccess'; /** This AWS managed policy grants permissions needed to use all Amazon SageMaker Governance features. The policy also provides select access to related services (e.g., S3, KMS). */ @@ -852,6 +866,10 @@ export class AwsManagedPolicy { public static AmazonTranscribeFullAccess = 'AmazonTranscribeFullAccess'; /** Provides access to read only operation for Amazon Transcribe */ public static AmazonTranscribeReadOnlyAccess = 'AmazonTranscribeReadOnlyAccess'; + /** Provides full access to Verified Permissions */ + public static AmazonVerifiedPermissionsFullAccess = 'AmazonVerifiedPermissionsFullAccess'; + /** Provides read-only access to the Verified Permissions service. */ + public static AmazonVerifiedPermissionsReadOnlyAccess = 'AmazonVerifiedPermissionsReadOnlyAccess'; /** Provides access to create network interfaces and attach them to cross-account resources */ public static AmazonVPCCrossAccountNetworkInterfaceOperations = 'AmazonVPCCrossAccountNetworkInterfaceOperations'; /** Provides full access to Amazon VPC via the AWS Management Console. */ @@ -892,6 +910,8 @@ export class AwsManagedPolicy { public static AmazonWorkSpacesSelfServiceAccess = 'AmazonWorkSpacesSelfServiceAccess'; /** Provides customer account access to AWS WorkSpaces service for launching a Workspace. */ public static AmazonWorkSpacesServiceAccess = 'AmazonWorkSpacesServiceAccess'; + /** Provides full access to Amazon WorkSpaces Thin Client as well as limited access to required related services */ + public static AmazonWorkSpacesThinClientFullAccess = 'AmazonWorkSpacesThinClientFullAccess'; /** Provides read-only access to Amazon WorkSpaces Thin Client and its dependencies */ public static AmazonWorkSpacesThinClientReadOnlyAccess = 'AmazonWorkSpacesThinClientReadOnlyAccess'; /** Provides read-only access to Amazon WorkSpaces Web and its dependencies through the AWS Management Console, SDK, and CLI. */ @@ -1144,6 +1164,8 @@ export class AwsManagedPolicy { public static AWSCloudFormationReadOnlyAccess = 'AWSCloudFormationReadOnlyAccess'; /** Grants CloudFront Logger write permissions to CloudWatch Logs. */ public static AWSCloudFrontLogger = 'aws-service-role/AWSCloudFrontLogger'; + /** Allows CloudFront to manage EC2 Elastic Network Interfaces and Security Groups on your behalf. */ + public static AWSCloudFrontVPCOriginServiceRolePolicy = 'aws-service-role/AWSCloudFrontVPCOriginServiceRolePolicy'; /** Provides full access to all CloudHSM resources. */ public static AWSCloudHSMFullAccess = 'AWSCloudHSMFullAccess'; /** Provides read only access to all CloudHSM resources. */ @@ -1218,6 +1240,8 @@ export class AwsManagedPolicy { public static AWSCompromisedKeyQuarantine = 'AWSCompromisedKeyQuarantine'; /** Denies access to certain actions, applied by the AWS team in the event that an IAM user's credentials have been compromised or exposed publicly. Do NOT remove this policy. Instead, please follow the instructions specified in the support case created for you regarding this event. */ public static AWSCompromisedKeyQuarantineV2 = 'AWSCompromisedKeyQuarantineV2'; + /** Denies access to certain actions, applied by AWS in the event that an IAM user's credentials have been compromised or exposed publicly. The policy aims to limit the potential damage that may be caused by fraud-related activity leading to unauthorized charges, while not impacting the existing resources. Do NOT remove this policy. Instead, please follow the instructions specified in the support case created for you regarding this event. */ + public static AWSCompromisedKeyQuarantineV3 = 'AWSCompromisedKeyQuarantineV3'; /** Allows Config to call AWS services and deploy config resources across organization */ public static AWSConfigMultiAccountSetupPolicy = 'aws-service-role/AWSConfigMultiAccountSetupPolicy'; /** Allows AWS Config to remediate noncompliant resources on your behalf. */ @@ -1238,12 +1262,20 @@ export class AwsManagedPolicy { public static AWSControlTowerServiceRolePolicy = 'service-role/AWSControlTowerServiceRolePolicy'; /** Grants permissions to to describe the organization of the account, create S3 buckets for the MAP program and apply tags to it, create a Cost and Usage Report, and describe Cost and Usage Report definitions. */ public static AWSCostAndUsageReportAutomationPolicy = 'service-role/AWSCostAndUsageReportAutomationPolicy'; + /** Gives Data Grant owners access to AWS Data Exchange actions using the AWS Management Console and SDK. */ + public static AWSDataExchangeDataGrantOwnerFullAccess = 'AWSDataExchangeDataGrantOwnerFullAccess'; + /** Gives Data Grant receiver access to AWS Data Exchange actions using the AWS Management Console and SDK. */ + public static AWSDataExchangeDataGrantReceiverFullAccess = 'AWSDataExchangeDataGrantReceiverFullAccess'; /** Grants full access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */ public static AWSDataExchangeFullAccess = 'AWSDataExchangeFullAccess'; /** Grants data provider access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */ public static AWSDataExchangeProviderFullAccess = 'AWSDataExchangeProviderFullAccess'; /** Grants read-only access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. */ public static AWSDataExchangeReadOnly = 'AWSDataExchangeReadOnly'; + /** Allows AWS Data Exchange to access AWS Services and Resources used or managed by AWS Data Exchange for license management. */ + public static AWSDataExchangeServiceRolePolicyForLicenseManagement = 'aws-service-role/AWSDataExchangeServiceRolePolicyForLicenseManagement'; + /** Allows AWS Data Exchange to read data about your AWS Organization to determine eligibility for AWS Data Exchange data grants license distribution. */ + public static AWSDataExchangeServiceRolePolicyForOrganizationDiscovery = 'aws-service-role/AWSDataExchangeServiceRolePolicyForOrganizationDiscovery'; /** Grants data subscriber access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */ public static AWSDataExchangeSubscriberFullAccess = 'AWSDataExchangeSubscriberFullAccess'; /** Provides appropriate permissions to AWS Data Lifecycle Manager to take actions on AWS resources */ @@ -1262,6 +1294,8 @@ export class AwsManagedPolicy { public static AWSDataSyncFullAccess = 'AWSDataSyncFullAccess'; /** Provides read-only access to AWS DataSync */ public static AWSDataSyncReadOnlyAccess = 'AWSDataSyncReadOnlyAccess'; + /** Allows DataSync to integrate with other AWS services on your behalf */ + public static AWSDataSyncServiceRolePolicy = 'aws-service-role/AWSDataSyncServiceRolePolicy'; /** Provides AWS Deadline Cloud workers with access to run tasks on a farm. */ public static AWSDeadlineCloudFleetWorker = 'AWSDeadlineCloud-FleetWorker'; /** Provides user workstation access to AWS Deadline Cloud farms with limited Read-Only permissions to call other necessary services. Attach this policy to the user role associated with your studio. */ @@ -1304,6 +1338,10 @@ export class AwsManagedPolicy { public static AWSDirectConnectReadOnlyAccess = 'AWSDirectConnectReadOnlyAccess'; /** Provides AWS Direct Connect permission to create and manage AWS resources on your behalf. */ public static AWSDirectConnectServiceRolePolicy = 'aws-service-role/AWSDirectConnectServiceRolePolicy'; + /** Provides full access to AWS Directory Service Data. */ + public static AWSDirectoryServiceDataFullAccess = 'AWSDirectoryServiceDataFullAccess'; + /** Provides read-only access to AWS Directory Service Data */ + public static AWSDirectoryServiceDataReadOnlyAccess = 'AWSDirectoryServiceDataReadOnlyAccess'; /** Provides full access to AWS Directory Service. */ public static AWSDirectoryServiceFullAccess = 'AWSDirectoryServiceFullAccess'; /** Provides read only access to AWS Directory Service. */ @@ -1778,6 +1816,8 @@ export class AwsManagedPolicy { public static AWSPanoramaServiceLinkedRolePolicy = 'aws-service-role/AWSPanoramaServiceLinkedRolePolicy'; /** Allows AWS Panorama to manage resources in Amazon S3, AWS IoT, AWS IoT GreenGrass, AWS Lambda, Amazon SageMaker, and Amazon CloudWatch Logs, and to pass service roles to AWS IoT, AWS IoT GreenGrass, and Amazon SageMaker. */ public static AWSPanoramaServiceRolePolicy = 'service-role/AWSPanoramaServiceRolePolicy'; + /** Grants permissions to PCS to manage resources on your behalf. */ + public static AWSPCSServiceRolePolicy = 'aws-service-role/AWSPCSServiceRolePolicy'; /** Provides full access to AWS Price List Service. */ public static AWSPriceListServiceFullAccess = 'AWSPriceListServiceFullAccess'; /** Provides auditor access to AWS Private Certificate Authority */ @@ -1952,6 +1992,8 @@ export class AwsManagedPolicy { public static AWSServiceRoleForNeptuneGraphPolicy = 'aws-service-role/AWSServiceRoleForNeptuneGraphPolicy'; /** Provides permissions to describe and update Private Marketplace resources and describe AWS Organizations */ public static AWSServiceRoleForPrivateMarketplaceAdminPolicy = 'aws-service-role/AWSServiceRoleForPrivateMarketplaceAdminPolicy'; + /** Policy for Procurement Insights to obtain Organization Account details */ + public static AWSServiceRoleForProcurementInsightsPolicy = 'aws-service-role/AWSServiceRoleForProcurementInsightsPolicy'; /** Provides access to AWS services and resources necessary to migrate service instances into AWS including EC2, S3 and Cloudformation. */ public static AWSServiceRoleForSMS = 'aws-service-role/AWSServiceRoleForSMS'; /** Provides access to the User Subscriptions service to your Identity Center resources to automatically update your subscriptions. */ @@ -1964,6 +2006,8 @@ export class AwsManagedPolicy { public static AWSShieldDRTAccessPolicy = 'service-role/AWSShieldDRTAccessPolicy'; /** Allows AWS Shield to access AWS resources on your behalf to provide DDoS protection. */ public static AWSShieldServiceRolePolicy = 'aws-service-role/AWSShieldServiceRolePolicy'; + /** Provides access to publish metrics and provide insights for your social message sending. */ + public static AWSSocialMessagingServiceRolePolicy = 'aws-service-role/AWSSocialMessagingServiceRolePolicy'; /** Provides AWS Systems Manager for SAP with the permissions needed to manage and integrate SAP software with AWS. */ public static AWSSSMForSAPServiceLinkedRolePolicy = 'aws-service-role/AWSSSMForSAPServiceLinkedRolePolicy'; /** Policy for Service Linked Role AWSServiceRoleForAmazonSSM_OpsInsights */ @@ -2160,8 +2204,12 @@ export class AwsManagedPolicy { public static CloudWatchFullAccess = 'CloudWatchFullAccess'; /** Provides full access to CloudWatch. */ public static CloudWatchFullAccessV2 = 'CloudWatchFullAccessV2'; + /** Provides full access to actions for working with Amazon CloudWatch Internet Monitor. Also provides access to other services, such as Amazon CloudWatch, Amazon EC2, Amazon CloudFront, Amazon WorkSpaces, and Elastic Load Balancing, that are necessary to use the Internet Monitor service for monitoring and storing information about application traffic. */ + public static CloudWatchInternetMonitorFullAccess = 'CloudWatchInternetMonitorFullAccess'; /** Allows Internet Monitor to access EC2, Workspaces, and CloudFront resources, and other required services on your behalf. */ public static CloudWatchInternetMonitorServiceRolePolicy = 'aws-service-role/CloudWatchInternetMonitorServiceRolePolicy'; + /** Provides write access to X-Ray and CloudWatch Application Signals log group. */ + public static CloudWatchLambdaApplicationSignalsExecutionRolePolicy = 'CloudWatchLambdaApplicationSignalsExecutionRolePolicy'; /** Policy required for the Lambda Insights Extension */ public static CloudWatchLambdaInsightsExecutionRolePolicy = 'CloudWatchLambdaInsightsExecutionRolePolicy'; /** Provides capabilities to manage Observability Access Manager links and establish sharing of CloudWatch Logs resources */ @@ -2344,6 +2392,8 @@ export class AwsManagedPolicy { public static PartnerCentralAccountManagementUserRoleAssociation = 'PartnerCentralAccountManagementUserRoleAssociation'; /** Provides full access to AWS services and resources, but does not allow management of Users and groups. */ public static PowerUserAccess = 'PowerUserAccess'; + /** Grants permissions to AWS Services and Resources used or managed by Amazon Q Apps. */ + public static QAppsServiceRolePolicy = 'aws-service-role/QAppsServiceRolePolicy'; /** Grants permissions to AWS Services and Resources used or managed by Amazon Q */ public static QBusinessServiceRolePolicy = 'aws-service-role/QBusinessServiceRolePolicy'; /** Policy used by QuickSight team to access customer data produced by S3 Storage Management Analytics. */ @@ -2358,6 +2408,8 @@ export class AwsManagedPolicy { public static ResourceGroupsandTagEditorReadOnlyAccess = 'ResourceGroupsandTagEditorReadOnlyAccess'; /** Allows AWS Resource Groups to query the AWS services that own your resources to keep the group up-to-date */ public static ResourceGroupsServiceRolePolicy = 'aws-service-role/ResourceGroupsServiceRolePolicy'; + /** Provides permissions to tag and untag all the resources supported by Resource Groups Tagging API. This policy also grants the permissions required to retrieve all tagged, or previously tagged, resources through the Resource Groups Tagging API. */ + public static ResourceGroupsTaggingAPITagUntagSupportedResources = 'ResourceGroupsTaggingAPITagUntagSupportedResources'; /** Allows the OpenShift Amazon EBS Container Storage Interface (CSI) Driver Operator to install and maintain the Amazon EBS CSI driver on a Red Hat OpenShift Service on AWS (ROSA) cluster. The Amazon EBS CSI driver allows ROSA clusters to manage the lifecycle of Amazon EBS volumes for persistent volumes. */ public static ROSAAmazonEBSCSIDriverOperatorPolicy = 'service-role/ROSAAmazonEBSCSIDriverOperatorPolicy'; /** Allows the OpenShift Cloud Network Config Controller Operator to provision and manage networking resources for use by the Red Hat OpenShift Service on AWS (ROSA) cluster networking overlay. The OpenShift Cloud Network Operator interfaces with AWS APIs on behalf of the network plugins via CustomResourceDefinitions. The operator uses these policy permissions to manage private IP addresses for Amazon EC2 instances as part of the ROSA cluster. */