/ open-webui.git / app / env / lib / python3.11 / site-packages / moto / iam / aws_managed_policies.py

# Imported via `make aws_managed_policies` aws_managed_policies_data = """ { "AIOpsAssistantPolicy":{ "CreateDate":"2024-12-02T16:21:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "access-analyzer:GetAnalyzer", "access-analyzer:List*", "acm-pca:Describe*", "acm-pca:GetCertificate", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:List*", "acm:DescribeCertificate", "acm:GetAccountConfiguration", "airflow:List*", "amplify:GetApp", "amplify:GetBranch", "amplify:GetDomainAssociation", "amplify:List*", "aoss:BatchGetCollection", "aoss:BatchGetLifecyclePolicy", "aoss:BatchGetVpcEndpoint", "aoss:GetAccessPolicy", "aoss:GetSecurityConfig", "aoss:GetSecurityPolicy", "aoss:List*", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetEnvironment", "appconfig:GetHostedConfigurationVersion", "appconfig:List*", "appflow:Describe*", "appflow:List*", "application-autoscaling:Describe*", "application-signals:BatchGetServiceLevelObjectiveBudgetReport", "application-signals:GetService", "application-signals:GetServiceLevelObjective", "application-signals:List*", "applicationinsights:Describe*", "applicationinsights:List*", "apprunner:Describe*", "apprunner:List*", "appstream:Describe*", "appstream:List*", "appsync:GetApiAssociation", "appsync:GetDomainName", "appsync:GetFunction", "appsync:GetResolver", "appsync:GetSourceApiAssociation", "appsync:List*", "aps:Describe*", "aps:List*", "arc-zonal-shift:GetManagedResource", "arc-zonal-shift:List*", "athena:GetCapacityAssignmentConfiguration", "athena:GetCapacityReservation", "athena:GetDataCatalog", "athena:GetNamedQuery", "athena:GetPreparedStatement", "athena:GetWorkGroup", "athena:List*", "auditmanager:GetAssessment", "auditmanager:List*", "autoscaling:Describe*", "backup-gateway:GetHypervisor", "backup-gateway:List*", "backup:Describe*", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:GetRestoreTestingPlan", "backup:GetRestoreTestingSelection", "backup:List*", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", "batch:DescribeSchedulingPolicies", "batch:List*", "bedrock:GetAgent", "bedrock:GetAgentActionGroup", "bedrock:GetAgentAlias", "bedrock:GetAgentKnowledgeBase", "bedrock:GetDataSource", "bedrock:GetGuardrail", "bedrock:GetKnowledgeBase", "bedrock:List*", "budgets:Describe*", "budgets:List*", "ce:Describe*", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", "ce:List*", "chatbot:Describe*", "chatbot:GetMicrosoftTeamsChannelConfiguration", "chatbot:List*", "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:List*", "cleanrooms:GetAnalysisTemplate", "cleanrooms:GetCollaboration", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetConfiguredTableAssociation", "cleanrooms:GetMembership", "cleanrooms:List*", "cloudformation:Describe*", "cloudformation:GetResource", "cloudformation:GetStackPolicy", "cloudformation:GetTemplate", "cloudformation:List*", "cloudfront:Describe*", "cloudfront:GetCachePolicy", "cloudfront:GetCloudFrontOriginAccessIdentity", "cloudfront:GetContinuousDeploymentPolicy", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:GetFunction", "cloudfront:GetKeyGroup", "cloudfront:GetMonitoringSubscription", "cloudfront:GetOriginAccessControl", "cloudfront:GetOriginRequestPolicy", "cloudfront:GetPublicKey", "cloudfront:GetRealtimeLogConfig", "cloudfront:GetResponseHeadersPolicy", "cloudfront:List*", "cloudtrail:Describe*", "cloudtrail:GetChannel", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", "cloudtrail:GetInsightSelectors", "cloudtrail:GetQueryResults", "cloudtrail:GetResourcePolicy", "cloudtrail:GetTrail", "cloudtrail:GetTrailStatus", "cloudtrail:List*", "cloudtrail:LookupEvents", "cloudtrail:StartQuery", "cloudwatch:Describe*", "cloudwatch:GenerateQuery", "cloudwatch:GetDashboard", "cloudwatch:GetInsightRuleReport", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStream", "cloudwatch:GetService", "cloudwatch:GetServiceLevelObjective", "cloudwatch:List*", "codeartifact:Describe*", "codeartifact:GetDomainPermissionsPolicy", "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:List*", "codebuild:BatchGetFleets", "codebuild:List*", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codedeploy:BatchGetDeployments", "codedeploy:BatchGetDeploymentTargets", "codedeploy:GetApplication", "codedeploy:GetDeploymentConfig", "codedeploy:List*", "codeguru-profiler:Describe*", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:List*", "codeguru-reviewer:Describe*", "codeguru-reviewer:List*", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:List*", "codestar-connections:GetConnection", "codestar-connections:GetRepositoryLink", "codestar-connections:GetSyncConfiguration", "codestar-connections:List*", "codestar-notifications:Describe*", "codestar-notifications:List*", "cognito-identity:DescribeIdentityPool", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:ListIdentityPools", "cognito-identity:ListTagsForResource", "cognito-idp:AdminListGroupsForUser", "cognito-idp:DescribeIdentityProvider", "cognito-idp:DescribeResourceServer", "cognito-idp:DescribeRiskConfiguration", "cognito-idp:DescribeUserImportJob", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolDomain", "cognito-idp:GetGroup", "cognito-idp:GetLogDeliveryConfiguration", "cognito-idp:GetUICustomization", "cognito-idp:GetUserPoolMfaConfig", "cognito-idp:GetWebACLForResource", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", "cognito-idp:ListResourceServers", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", "cognito-idp:ListUsers", "cognito-idp:ListTagsForResource", "comprehend:Describe*", "comprehend:List*", "config:Describe*", "config:GetStoredQuery", "config:List*", "connect:Describe*", "connect:GetTaskTemplate", "connect:List*", "databrew:Describe*", "databrew:List*", "datapipeline:Describe*", "datapipeline:GetPipelineDefinition", "datapipeline:List*", "datasync:Describe*", "datasync:List*", "deadline:GetFarm", "deadline:GetFleet", "deadline:GetLicenseEndpoint", "deadline:GetMonitor", "deadline:GetQueue", "deadline:GetQueueEnvironment", "deadline:GetQueueFleetAssociation", "deadline:GetStorageProfile", "deadline:List*", "detective:GetMembers", "detective:List*", "devicefarm:GetDevicePool", "devicefarm:GetInstanceProfile", "devicefarm:GetNetworkProfile", "devicefarm:GetProject", "devicefarm:GetTestGridProject", "devicefarm:GetVPCEConfiguration", "devicefarm:List*", "devops-guru:Describe*", "devops-guru:GetResourceCollection", "devops-guru:List*", "dms:Describe*", "dms:List*", "ds:Describe*", "dynamodb:Describe*", "dynamodb:GetResourcePolicy", "dynamodb:List*", "ec2:Describe*", "ec2:GetAssociatedEnclaveCertificateIamRoles", "ec2:GetIpamPoolAllocations", "ec2:GetIpamPoolCidrs", "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeContent", "ec2:GetSnapshotBlockPublicAccessState", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:GetVerifiedAccessEndpointPolicy", "ec2:GetVerifiedAccessGroupPolicy", "ec2:GetVerifiedAccessInstanceWebAcl", "ec2:SearchLocalGatewayRoutes", "ec2:SearchTransitGatewayRoutes", "ecr:Describe*", "ecr:GetLifecyclePolicy", "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "ecr:List*", "ecs:Describe*", "ecs:List*", "eks:Describe*", "eks:List*", "elastic-inference:Describe*", "elasticache:Describe*", "elasticache:List*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticfilesystem:Describe*", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:List*", "emr-containers:Describe*", "emr-containers:List*", "emr-serverless:GetApplication", "emr-serverless:List*", "es:Describe*", "es:List*", "events:Describe*", "events:List*", "evidently:GetExperiment", "evidently:GetFeature", "evidently:GetLaunch", "evidently:GetProject", "evidently:GetSegment", "evidently:List*", "firehose:Describe*", "firehose:List*", "fis:GetExperimentTemplate", "fis:GetTargetAccountConfiguration", "fis:List*", "fms:GetNotificationChannel", "fms:GetPolicy", "fms:List*", "forecast:Describe*", "forecast:List*", "frauddetector:BatchGetVariable", "frauddetector:Describe*", "frauddetector:GetDetectors", "frauddetector:GetDetectorVersion", "frauddetector:GetEntityTypes", "frauddetector:GetEventTypes", "frauddetector:GetExternalModels", "frauddetector:GetLabels", "frauddetector:GetListElements", "frauddetector:GetListsMetadata", "frauddetector:GetModelVersion", "frauddetector:GetOutcomes", "frauddetector:GetRules", "frauddetector:GetVariables", "frauddetector:List*", "fsx:Describe*", "gamelift:Describe*", "gamelift:List*", "globalaccelerator:Describe*", "globalaccelerator:List*", "glue:GetDatabase", "glue:GetDatabases", "glue:GetJob", "glue:GetRegistry", "glue:GetSchema", "glue:GetSchemaVersion", "glue:GetTable", "glue:GetTags", "glue:GetTrigger", "glue:List*", "glue:querySchemaVersionMetadata", "grafana:Describe*", "grafana:List*", "greengrass:Describe*", "greengrass:GetDeployment", "greengrass:List*", "groundstation:GetConfig", "groundstation:GetDataflowEndpointGroup", "groundstation:GetMissionProfile", "groundstation:List*", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetIPSet", "guardduty:GetMalwareProtectionPlan", "guardduty:GetMasterAccount", "guardduty:GetMembers", "guardduty:GetThreatIntelSet", "guardduty:List*", "health:DescribeEvents", "health:DescribeEventDetails", "healthlake:Describe*", "healthlake:List*", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetInstanceProfile", "iam:GetLoginProfile", "iam:GetOpenIDConnectProvider", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetServiceLinkedRoleDeletionStatus", "iam:GetUser", "iam:GetUserPolicy", "iam:ListOpenIDConnectProviders", "iam:ListServerCertificates", "iam:ListVirtualMFADevices", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership", "identitystore:ListGroupMemberships", "identitystore:ListGroups", "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", "imagebuilder:GetImage", "imagebuilder:GetImagePipeline", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:GetLifecyclePolicy", "imagebuilder:GetWorkflow", "imagebuilder:List*", "inspector2:List*", "inspector:Describe*", "inspector:List*", "internetmonitor:GetMonitor", "internetmonitor:List*", "iot:Describe*", "iot:GetPackage", "iot:GetPackageVersion", "iot:GetPolicy", "iot:GetThingShadow", "iot:GetTopicRule", "iot:GetTopicRuleDestination", "iot:GetV2LoggingOptions", "iot:List*", "iotanalytics:Describe*", "iotanalytics:List*", "iotevents:Describe*", "iotevents:List*", "iotfleethub:Describe*", "iotfleethub:List*", "iotsitewise:Describe*", "iotsitewise:List*", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:GetNetworkAnalyzerConfiguration", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayTaskDefinition", "iotwireless:List*", "ivs:GetChannel", "ivs:GetEncoderConfiguration", "ivs:GetPlaybackRestrictionPolicy", "ivs:GetRecordingConfiguration", "ivs:GetStage", "ivs:List*", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom", "ivschat:List*", "kafka:Describe*", "kafka:GetClusterPolicy", "kafka:List*", "kafkaconnect:Describe*", "kafkaconnect:List*", "kendra:Describe*", "kendra:List*", "kinesis:Describe*", "kinesis:List*", "kinesisanalytics:Describe*", "kinesisanalytics:List*", "kinesisvideo:Describe*", "kms:DescribeKey", "kms:ListResourceTags", "kms:ListKeys", "lakeformation:Describe*", "lakeformation:GetLFTag", "lakeformation:GetResourceLFTags", "lakeformation:List*", "lambda:GetAlias", "lambda:GetCodeSigningConfig", "lambda:GetEventSourceMapping", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetFunctionConfiguration", "lambda:GetFunctionEventInvokeConfig", "lambda:GetFunctionRecursionConfig", "lambda:GetFunctionUrlConfig", "lambda:GetLayerVersion", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:GetProvisionedConcurrencyConfig", "lambda:GetRuntimeManagementConfig", "lambda:List*", "launchwizard:GetDeployment", "launchwizard:List*", "lex:Describe*", "lex:List*", "license-manager:GetLicense", "license-manager:List*", "lightsail:GetAlarms", "lightsail:GetBuckets", "lightsail:GetCertificates", "lightsail:GetContainerServices", "lightsail:GetDisk", "lightsail:GetDisks", "lightsail:GetInstance", "lightsail:GetInstances", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancers", "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "logs:Describe*", "logs:FilterLogEvents", "logs:GetDataProtectionPolicy", "logs:GetDelivery", "logs:GetDeliveryDestination", "logs:GetDeliveryDestinationPolicy", "logs:GetDeliverySource", "logs:GetLogAnomalyDetector", "logs:GetLogDelivery", "logs:GetQueryResults", "logs:List*", "logs:StartQuery", "logs:StopLiveTail", "logs:StopQuery", "logs:TestMetricFilter", "lookoutmetrics:Describe*", "lookoutmetrics:List*", "lookoutvision:Describe*", "lookoutvision:List*", "m2:GetApplication", "m2:GetEnvironment", "m2:List*", "macie2:GetAllowList", "macie2:GetCustomDataIdentifier", "macie2:GetFindingsFilter", "macie2:GetMacieSession", "macie2:List*", "mediaconnect:Describe*", "mediaconnect:List*", "medialive:Describe*", "medialive:GetCloudWatchAlarmTemplate", "medialive:GetCloudWatchAlarmTemplateGroup", "medialive:GetEventBridgeRuleTemplate", "medialive:GetEventBridgeRuleTemplateGroup", "medialive:GetSignalMap", "medialive:List*", "mediapackage-vod:Describe*", "mediapackage-vod:List*", "mediapackage:Describe*", "mediapackage:List*", "mediapackagev2:GetChannel", "mediapackagev2:GetChannelGroup", "mediapackagev2:GetChannelPolicy", "mediapackagev2:GetOriginEndpoint", "mediapackagev2:GetOriginEndpointPolicy", "mediapackagev2:List*", "memorydb:Describe*", "memorydb:List*", "mobiletargeting:GetInAppTemplate", "mobiletargeting:List*", "mq:Describe*", "mq:List*", "network-firewall:Describe*", "network-firewall:List*", "networkmanager:Describe*", "networkmanager:GetConnectAttachment", "networkmanager:GetConnectPeer", "networkmanager:GetCoreNetwork", "networkmanager:GetCoreNetworkPolicy", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetDevices", "networkmanager:GetLinkAssociations", "networkmanager:GetLinks", "networkmanager:GetSites", "networkmanager:GetSiteToSiteVpnAttachment", "networkmanager:GetTransitGatewayPeering", "networkmanager:GetTransitGatewayRegistrations", "networkmanager:GetTransitGatewayRouteTableAttachment", "networkmanager:GetVpcAttachment", "networkmanager:List*", "nimble:GetLaunchProfile", "nimble:GetStreamingImage", "nimble:GetStudio", "nimble:GetStudioComponent", "nimble:List*", "oam:GetLink", "oam:GetSink", "oam:GetSinkPolicy", "oam:List*", "omics:GetAnnotationStore", "omics:GetReferenceStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:GetWorkflow", "omics:List*", "opsworks-cm:Describe*", "opsworks-cm:List*", "organizations:Describe*", "organizations:List*", "osis:GetPipeline", "osis:List*", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:List*", "pca-connector-ad:GetConnector", "pca-connector-ad:GetDirectoryRegistration", "pca-connector-ad:GetServicePrincipalName", "pca-connector-ad:GetTemplate", "pca-connector-ad:GetTemplateGroupAccessControlEntry", "pca-connector-ad:List*", "pca-connector-scep:GetChallengeMetadata", "pca-connector-scep:GetConnector", "pca-connector-scep:List*", "personalize:Describe*", "personalize:List*", "pipes:Describe*", "pipes:List*", "proton:GetEnvironmentTemplate", "proton:GetServiceTemplate", "proton:List*", "qbusiness:GetApplication", "qbusiness:GetDataSource", "qbusiness:GetIndex", "qbusiness:GetPlugin", "qbusiness:GetRetriever", "qbusiness:GetWebExperience", "qbusiness:List*", "qldb:Describe*", "qldb:List*", "ram:GetPermission", "ram:List*", "rds:Describe*", "rds:List*", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:List*", "redshift:Describe*", "refactor-spaces:GetApplication", "refactor-spaces:GetEnvironment", "refactor-spaces:GetRoute", "refactor-spaces:List*", "rekognition:Describe*", "rekognition:List*", "resiliencehub:Describe*", "resiliencehub:List*", "resource-explorer-2:GetDefaultView", "resource-explorer-2:GetIndex", "resource-explorer-2:GetView", "resource-explorer-2:List*", "resource-groups:GetGroup", "resource-groups:GetGroupConfiguration", "resource-groups:GetGroupQuery", "resource-groups:GetTags", "resource-groups:List*", "robomaker:Describe*", "robomaker:List*", "route53-recovery-control-config:Describe*", "route53-recovery-control-config:List*", "route53-recovery-readiness:GetCell", "route53-recovery-readiness:GetReadinessCheck", "route53-recovery-readiness:GetRecoveryGroup", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:List*", "route53:GetDNSSEC", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:List*", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:GetProfileResourceAssociation", "route53profiles:List*", "route53resolver:GetFirewallDomainList", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetFirewallRuleGroupAssociation", "route53resolver:GetOutpostResolver", "route53resolver:GetResolverConfig", "route53resolver:GetResolverQueryLogConfig", "route53resolver:GetResolverQueryLogConfigAssociation", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:List*", "rum:GetAppMonitor", "rum:List*", "s3-outposts:GetAccessPoint", "s3-outposts:GetAccessPointPolicy", "s3-outposts:GetBucket", "s3-outposts:GetBucketPolicy", "s3-outposts:GetBucketTagging", "s3-outposts:GetLifecycleConfiguration", "s3-outposts:List*", "s3:GetAccelerateConfiguration", "s3:GetAccessGrant", "s3:GetAccessGrantsInstance", "s3:GetAccessGrantsLocation", "s3:GetAccessPoint", "s3:GetAccessPointConfigurationForObjectLambda", "s3:GetAccessPointForObjectLambda", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:GetAnalyticsConfiguration", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketOwnershipControls", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetBucketTagging", "s3:GetBucketVersioning", "S3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetIntelligentTieringConfiguration", "s3:GetInventoryConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMetricsConfiguration", "s3:GetMultiRegionAccessPoint", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", "s3:GetStorageLensGroup", "s3:List*", "sagemaker:Describe*", "sagemaker:List*", "scheduler:GetSchedule", "scheduler:GetScheduleGroup", "scheduler:List*", "schemas:Describe*", "schemas:GetResourcePolicy", "schemas:List*", "secretsmanager:Describe*", "secretsmanager:GetResourcePolicy", "secretsmanager:List*", "securityhub:BatchGetAutomationRules", "securityhub:BatchGetSecurityControls", "securityhub:Describe*", "securityhub:GetConfigurationPolicy", "securityhub:GetConfigurationPolicyAssociation", "securityhub:GetEnabledStandards", "securityhub:GetFindingAggregator", "securityhub:GetInsights", "securityhub:List*", "securitylake:GetSubscriber", "securitylake:List*", "servicecatalog:Describe*", "servicecatalog:GetApplication", "servicecatalog:GetAttributeGroup", "servicecatalog:List*", "servicequotas:GetServiceQuota", "ses:Describe*", "ses:GetAccount", "ses:GetAddonInstance", "ses:GetAddonSubscription", "ses:GetArchive", "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetContactList", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", "ses:GetEmailIdentity", "ses:GetEmailTemplate", "ses:GetIngressPoint", "ses:GetRelay", "ses:GetRuleSet", "ses:GetTemplate", "ses:GetTrafficPolicy", "ses:List*", "shield:Describe*", "shield:List*", "signer:GetSigningProfile", "signer:List*", "sns:GetDataProtectionPolicy", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:List*", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:List*", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:List*", "ssm-incidents:GetReplicationSet", "ssm-incidents:GetResponsePlan", "ssm-incidents:List*", "ssm-sap:GetApplication", "ssm-sap:List*", "ssm:Describe*", "ssm:GetDefaultPatchBaseline", "ssm:GetDocument", "ssm:GetParameters", "ssm:GetPatchBaseline", "ssm:GetResourcePolicies", "ssm:List*", "sso-directory:SearchGroups", "sso-directory:SearchUsers", "sso:GetInlinePolicyForPermissionSet", "sso:GetManagedApplicationInstance", "sso:GetPermissionsBoundaryForPermissionSet", "sso:GetSharedSsoConfiguration", "sso:ListAccountAssignments", "sso:ListApplicationAssignments", "sso:ListApplications", "sso:ListCustomerManagedPolicyReferencesInPermissionSet", "sso:ListInstances", "sso:ListManagedPoliciesInPermissionSet", "sso:ListTagsForResource", "states:Describe*", "states:List*", "synthetics:Describe*", "synthetics:GetCanary", "synthetics:GetGroup", "synthetics:List*", "tag:GetResources", "timestream:Describe*", "timestream:List*", "transfer:Describe*", "transfer:List*", "verifiedpermissions:GetIdentitySource", "verifiedpermissions:GetPolicy", "verifiedpermissions:GetPolicyStore", "verifiedpermissions:GetPolicyTemplate", "verifiedpermissions:GetSchema", "verifiedpermissions:List*", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetAuthPolicy", "vpc-lattice:GetListener", "vpc-lattice:GetResourcePolicy", "vpc-lattice:GetRule", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetServiceNetworkServiceAssociation", "vpc-lattice:GetServiceNetworkVpcAssociation", "vpc-lattice:GetTargetGroup", "vpc-lattice:List*", "wafv2:GetIPSet", "wafv2:GetLoggingConfiguration", "wafv2:GetRegexPatternSet", "wafv2:GetRuleGroup", "wafv2:GetWebACL", "wafv2:GetWebACLForResource", "wafv2:List*", "workspaces-web:GetBrowserSettings", "workspaces-web:GetIdentityProvider", "workspaces-web:GetNetworkSettings", "workspaces-web:GetPortal", "workspaces-web:GetPortalServiceProviderMetadata", "workspaces-web:GetTrustStore", "workspaces-web:GetUserAccessLoggingSettings", "workspaces-web:GetUserSettings", "workspaces-web:List*", "workspaces:Describe*", "xray:BatchGetTraces", "xray:GetGroup", "xray:GetGroups", "xray:GetSamplingRules", "xray:GetServiceGraph", "xray:GetTraceSummaries", "xray:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"AIOPSServiceAccess" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion", "s3:GetObjectAcl" ], "Condition":{ "StringEquals":{ "aws:PrincipalAccount":[ "${aws:ResourceAccount}" ], "aws:ViaAWSService":[ "amplify.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::amplify", "arn:aws:s3:::cdk--assets--*" ], "Sid":"AIOPSS3AccessForAmplify" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/restapis/*/deployments", "arn:aws:apigateway:*::/restapis/*/deployments/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integrations", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integrations/*", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*", "arn:aws:apigateway:*::/apis/*/deployments", "arn:aws:apigateway:*::/apis/*/deployments/*", "arn:aws:apigateway:*::/apis/*/integrations", "arn:aws:apigateway:*::/apis/*/integrations/*", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*" ], "Sid":"AIOPSAPIGatewayAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-02T16:21:06+00:00" }, "AIOpsConsoleAdminPolicy":{ "CreateDate":"2024-12-02T23:51:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aiops:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AIOpsAdmin" }, { "Action":[ "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"OrganizationsAccess" }, { "Action":[ "sso:PutApplicationAccessScope", "sso:PutApplicationAssignmentConfiguration", "sso:PutApplicationGrant", "sso:PutApplicationAuthenticationMethod", "sso:DeleteApplication" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"aiops.amazonaws.com", "aws:ResourceTag/ManagedByAmazonAIOperations":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"SSOApplicationManagement" }, { "Action":[ "sso:CreateApplication", "sso:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "ManagedByAmazonAIOperations" ] }, "StringEquals":{ "aws:CalledViaLast":"aiops.amazonaws.com", "aws:RequestTag/ManagedByAmazonAIOperations":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:sso:::instance/*", "arn:aws:sso::aws:applicationProvider/aiops" ], "Sid":"SSOApplicationTagManagement" }, { "Action":[ "sso:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "ManagedByAmazonAIOperations" ] }, "StringEquals":{ "aws:CalledViaLast":"aiops.amazonaws.com", "aws:ResourceTag/ManagedByAmazonAIOperations":"true" } }, "Effect":"Allow", "Resource":"arn:aws:sso::*:application/*", "Sid":"SSOTagManagement" }, { "Action":[ "identitystore:DescribeUser", "sso:ListApplications", "sso:ListInstances", "sso:DescribeRegisteredRegions", "sso:GetSharedSsoConfiguration", "sso:DescribeInstance", "sso:GetSSOStatus", "sso-directory:DescribeUsers" ], "Effect":"Allow", "Resource":"*", "Sid":"SSOManagementAccess" }, { "Action":[ "sts:SetContext" ], "Effect":"Allow", "Resource":"arn:aws:sts::*:self", "Sid":"AllowSTSContextSetting" }, { "Action":[ "signin:ListTrustedIdentityPropagationApplicationsForConsole" ], "Effect":"Allow", "Resource":"*", "Sid":"IdentityPropagationAccess" }, { "Action":[ "cloudtrail:ListTrails", "cloudtrail:DescribeTrails", "cloudtrail:ListEventDataStores" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudtrailAccess" }, { "Action":[ "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"KMSAccess" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:PutResourcePolicy", "secretsmanager:UpdateSecret", "secretsmanager:DeleteSecret" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:aws/ssm/3p/*", "Sid":"SSMIntegrationSecretsManagerAccess" }, { "Action":[ "ssm:GetServiceSetting", "ssm:UpdateServiceSetting" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:servicesetting/integrations/*", "Sid":"SSMIntegrationAccess" }, { "Action":[ "iam:CreatePolicy" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:policy/service-role/AWSServiceRoleSSMIntegrationsPolicy*", "Sid":"SSMIntegrationCreatePolicy" }, { "Action":[ "chatbot:DescribeChimeWebhookConfigurations", "chatbot:DescribeSlackWorkspaces", "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations", "chatbot:ListMicrosoftTeamsConfiguredTeams" ], "Effect":"Allow", "Resource":"*", "Sid":"ChatbotConfigurations" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"aiops.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"IAMPassRoleToAIOps" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMListRoles" }, { "Action":[ "tag:GetTagKeys" ], "Effect":"Allow", "Resource":"*", "Sid":"TagBoundaryPermission" }, { "Action":[ "iam:PassRole" ], "Condition":{ "ArnEquals":{ "iam:AssociatedResourceArn":"arn:aws:aiops:*:*:investigation-group/*" }, "StringEquals":{ "iam:PassedToService":"ssm.integrations.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"IAMPassRoleToSSMIntegration" }, { "Action":[ "ssm:CreateOpsItem", "ssm:AddTagsToResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Integration" ] }, "StringEquals":{ "aws:RequestTag/Integration":"CloudWatch", "aws:ResourceTag/Integration":"CloudWatch" } }, "Effect":"Allow", "Resource":"arn:*:ssm:*:*:opsitem/*", "Sid":"SSMOpsItemAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-02T23:51:06+00:00" }, "AIOpsOperatorAccess":{ "CreateDate":"2024-12-02T23:51:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aiops:CreateInvestigation", "aiops:CreateInvestigationEvent", "aiops:CreateInvestigationResource", "aiops:DeleteInvestigation", "aiops:Get*", "aiops:List*", "aiops:UpdateInvestigation", "aiops:UpdateInvestigationEvent" ], "Effect":"Allow", "Resource":"*", "Sid":"AIOpsOperatorAccess" }, { "Action":[ "identitystore:DescribeUser", "sso:DescribeInstance", "sso-directory:DescribeUsers" ], "Effect":"Allow", "Resource":"*", "Sid":"SSOManagementAccess" }, { "Action":[ "sts:SetContext" ], "Effect":"Allow", "Resource":"arn:aws:sts::*:self", "Sid":"AllowSTSContextSetting" }, { "Action":[ "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:servicesetting/integrations/*", "Sid":"SSMSettingServiceIntegration" }, { "Action":[ "ssm:AddTagsToResource", "ssm:CreateOpsItem" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"Integration" }, "StringEquals":{ "aws:RequestTag/Integration":[ "CloudWatch" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"SSMIntegrationTagAccess" }, { "Action":[ "ssm:DeleteOpsItem", "ssm:UpdateOpsItem" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/Integration":[ "CloudWatch" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"SSMOpsItemIntegration" }, { "Action":[ "ssm:AddTagsToResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"Integration" }, "StringEquals":{ "aws:ResourceTag/Integration":[ "CloudWatch" ] } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:opsitem/*", "Sid":"SSMTagOperation" }, { "Action":[ "ssm:GetOpsSummary" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMOpsSummaryIntegration" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-02T23:51:07+00:00" }, "AIOpsReadOnlyAccess":{ "CreateDate":"2024-12-02T23:51:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aiops:Get*", "aiops:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"AIOpsReadOnlyAccess" }, { "Action":[ "identitystore:DescribeUser", "sso:DescribeInstance", "sso-directory:DescribeUsers" ], "Effect":"Allow", "Resource":"*", "Sid":"SSOManagementAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-02T23:51:07+00:00" }, "APIGatewayServiceRolePolicy":{ "CreateDate":"2017-10-20T17:23:10+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:RemoveListenerCertificates", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingTargets", "xray:GetSamplingRules", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "servicediscovery:DiscoverInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "firehose:DescribeDeliveryStream", "firehose:PutRecord", "firehose:PutRecordBatch" ], "Effect":"Allow", "Resource":"arn:aws:firehose:*:*:deliverystream/amazon-apigateway-*" }, { "Action":[ "acm:DescribeCertificate", "acm:GetCertificate" ], "Effect":"Allow", "Resource":"arn:aws:acm:*:*:certificate/*" }, { "Action":"ec2:CreateNetworkInterfacePermission", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Owner", "VpcLinkId" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeVpcs", "ec2:DescribeNetworkInterfacePermissions", "ec2:UnassignPrivateIpAddresses", "ec2:DescribeSubnets", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":"servicediscovery:GetNamespace", "Effect":"Allow", "Resource":"arn:aws:servicediscovery:*:*:namespace/*" }, { "Action":"servicediscovery:GetService", "Effect":"Allow", "Resource":"arn:aws:servicediscovery:*:*:service/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-07-12T22:24:40+00:00" }, "AWS-SSM-Automation-DiagnosisBucketPolicy":{ "CreateDate":"2024-11-15T23:31:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*/actions/*/${aws:PrincipalAccount}/*", "Sid":"AllowReadWriteToSsmDiagnosisBucketInSameAccount" }, { "Action":[ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Condition":{ "StringEquals":{ "aws:ResourceOrgId":"${aws:PrincipalOrgId}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*/actions/*/${aws:PrincipalAccount}/*", "Sid":"AllowReadWriteToSsmDiagnosisBucketWithinOrg" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "s3:prefix":"*/${aws:PrincipalAccount}/*" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*", "Sid":"AllowReadOnlyAccessListBucketOnSsmDiagnosisBucketInSameAccount" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringEquals":{ "aws:ResourceOrgId":"${aws:PrincipalOrgId}" }, "StringLike":{ "s3:prefix":"*/${aws:PrincipalAccount}/*" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*", "Sid":"AllowReadOnlyAccessListBucketOnSsmDiagnosisBucketWithinOrg" }, { "Action":[ "s3:GetEncryptionConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*", "Sid":"AllowGetEncryptionConfigurationOnSsmDiagnosisBucketInSameAccount" }, { "Action":[ "s3:GetEncryptionConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceOrgId":"${aws:PrincipalOrgId}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*", "Sid":"AllowGetEncryptionConfigurationOnSsmDiagnosisBucketWithinOrg" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T23:31:17+00:00" }, "AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy":{ "CreateDate":"2024-11-16T00:01:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:DescribeAutomationExecutions", "ssm:DescribeAutomationStepExecutions", "ssm:GetAutomationExecution" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyAccessSSMResource" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWS-*UnmanagedEC2*:*" ], "Sid":"AllowExecuteSSMAutomation" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*" }, "Bool":{ "aws:ViaAWSService":"true" }, "StringEquals":{ "aws:ResourceTag/SystemsManagerManaged":"true" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"AllowKMSOperations" }, { "Action":"sts:AssumeRole", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-SSM-DiagnosisExecutionRole*", "Sid":"AllowAssumeDiagnosisExecutionRoleWithinAccount" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-SSM-DiagnosisAdminRole*", "Sid":"AllowPassRoleOnSelfToSsm" }, { "Action":[ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*/actions/*", "Sid":"AllowReadWriteToSsmDiagnosisBucketInSameAccount" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*", "Sid":"AllowListBucketOnSsmDiagnosisBucketInSameAccount" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-16T00:01:45+00:00" }, "AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy":{ "CreateDate":"2024-11-16T00:08:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeInstances", "ec2:DescribeInternetGateways" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyAccessEC2Resource" }, { "Action":[ "ssm:DescribeAutomationStepExecutions", "ssm:DescribeInstanceInformation", "ssm:DescribeAutomationExecutions", "ssm:GetAutomationExecution" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyAccessSSMResource" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWS-*UnmanagedEC2*:*" ], "Sid":"AllowExecuteSSMAutomation" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*" }, "Bool":{ "aws:ViaAWSService":"true" }, "StringEquals":{ "aws:ResourceTag/SystemsManagerManaged":"true" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"AllowKMSOperations" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-SSM-DiagnosisExecutionRole*", "Sid":"AllowPassRoleOnSelfToSsm" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-16T00:08:07+00:00" }, "AWS-SSM-DiagnosisAutomation-OperationalAccountAdministrationRolePolicy":{ "CreateDate":"2024-11-16T00:11:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:ListRoots", "organizations:ListChildren" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyAccessOrganization" }, { "Action":"sts:AssumeRole", "Condition":{ "StringEquals":{ "aws:ResourceOrgId":"${aws:PrincipalOrgId}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-SSM-DiagnosisExecutionRole*", "Sid":"AllowAssumeDiagnosisExecutionRoleWithinOrg" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-16T00:11:14+00:00" }, "AWS-SSM-RemediationAutomation-AdministrationRolePolicy":{ "CreateDate":"2024-11-16T00:14:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:DescribeAutomationExecutions", "ssm:DescribeAutomationStepExecutions", "ssm:GetAutomationExecution" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyAccessSSMResource" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWS-OrchestrateUnmanagedEC2Actions:*", "arn:aws:ssm:*:*:automation-definition/AWS-RemediateSSMAgent*:*" ], "Sid":"AllowExecuteSSMAutomation" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*" }, "Bool":{ "aws:ViaAWSService":"true" }, "StringEquals":{ "aws:ResourceTag/SystemsManagerManaged":"true" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"AllowKMSOperations" }, { "Action":"sts:AssumeRole", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-SSM-RemediationExecutionRole*", "Sid":"AllowAssumeRemediationExecutionRoleWithinAccount" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-SSM-RemediationAdminRole*", "Sid":"AllowPassRoleOnSelfToSsm" }, { "Action":[ "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*/actions/*", "Sid":"AllowReadWriteToSsmDiagnosisBucketInSameAccount" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*", "Sid":"AllowListBucketOnSsmDiagnosisBucketInSameAccount" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-16T00:14:44+00:00" }, "AWS-SSM-RemediationAutomation-ExecutionRolePolicy":{ "CreateDate":"2024-11-16T00:17:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:GetAutomationExecution", "ssm:DescribeAutomationExecutions", "ssm:DescribeAutomationStepExecutions" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyAccessSSMResource" }, { "Action":[ "ec2:DescribeVpcAttribute", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyAccessEC2Resource" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/SystemsManager::FindingNetworkingSecurityGroups::VPCE::SG":"VPCEndpointSecurityGroup" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"AllowCreateVpcEndpointForTaggedSecurityGroup" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*" ], "Sid":"AllowCreateVpcEndpoint" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEquals":{ "aws:RequestTag/SystemsManager::FindingNetworkingVPCEndpoints::VPCE":"VPCEndpoint" }, "StringLike":{ "ec2:VpceServiceName":[ "com.amazonaws.*.ssm", "com.amazonaws.*.ssmmessages", "com.amazonaws.*.ec2messages" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"RestrictCreateVpcEndpointForSSMService" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "aws:RequestTag/SystemsManager::FindingNetworkingVPCEndpoints::VPCE":"VPCEndpoint", "ec2:CreateAction":[ "CreateVpcEndpoint" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"RestrictCreateVpcEndpointWithTag" }, { "Action":[ "ec2:ModifyVpcAttribute" ], "Condition":{ "StringEquals":{ "ec2:Attribute":[ "EnableDnsSupport", "EnableDnsHostnames" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*" ], "Sid":"AllowModifyVpcAttributeForDns" }, { "Action":[ "ec2:AuthorizeSecurityGroupEgress" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"AllowSecurityGroupRuleUpdate" }, { "Action":[ "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/SystemsManager::FindingNetworkingSecurityGroups::VPCE::SG":"VPCEndpointSecurityGroup" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"AllowSecurityGroupRuleUpdateForTaggedResource" }, { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress" ], "Condition":{ "StringEquals":{ "aws:RequestTag/SystemsManager::FindingNetworkingSecurityGroups::SG::Rule":"HTTPSAccess" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group-rule/*" ], "Sid":"AllowSecurityGroupRuleUpdateWithTag" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "aws:RequestTag/SystemsManager::FindingNetworkingSecurityGroups::SG::Rule":"HTTPSAccess", "ec2:CreateAction":[ "AuthorizeSecurityGroupEgress", "AuthorizeSecurityGroupIngress" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group-rule/*" ], "Sid":"AllowSecurityGroupRuleUpdateTagRule" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*" ], "Sid":"AllowCreateSecurityGroupForVPCEndpoint" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/SystemsManager::FindingNetworkingSecurityGroups::VPCE::SG":"VPCEndpointSecurityGroup" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"AllowCreateSecurityGroupWithTag" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "aws:RequestTag/SystemsManager::FindingNetworkingSecurityGroups::VPCE::SG":"VPCEndpointSecurityGroup", "ec2:CreateAction":[ "CreateSecurityGroup" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"AllowTagCreationForSecurityGroupTags" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWS-OrchestrateUnmanagedEC2Actions:*", "arn:aws:ssm:*:*:automation-definition/AWS-RemediateSSMAgent*:*" ], "Sid":"AllowExecuteSSMAutomation" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":"arn:aws:s3:::do-not-delete-ssm-diagnosis-*" }, "Bool":{ "aws:ViaAWSService":"true" }, "StringEquals":{ "aws:ResourceTag/SystemsManagerManaged":"true" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"AllowKMSOperations" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-SSM-RemediationExecutionRole*", "Sid":"AllowPassRoleOnSelfToSsm" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-16T00:17:57+00:00" }, "AWS-SSM-RemediationAutomation-OperationalAccountAdministrationRolePolicy":{ "CreateDate":"2024-11-16T00:25:12+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:ListRoots", "organizations:ListChildren" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyAccessOrganization" }, { "Action":"sts:AssumeRole", "Condition":{ "StringEquals":{ "aws:ResourceOrgId":"${aws:PrincipalOrgId}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-SSM-RemediationExecutionRole*", "Sid":"AllowAssumeRemediationExecutionRoleWithinOrg" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-16T00:25:12+00:00" }, "AWSAccountActivityAccess":{ "CreateDate":"2015-02-06T18:41:18+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "account:GetAccountInformation", "account:GetAlternateContact", "account:GetChallengeQuestions", "account:GetContactInformation", "account:GetRegionOptStatus", "account:ListRegions", "billing:GetIAMAccessPreference", "billing:GetSellerOfRecord", "payments:ListPaymentPreferences" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-portal:ViewBilling" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-07T17:02:30+00:00" }, "AWSAccountManagementFullAccess":{ "CreateDate":"2021-09-30T23:20:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"account:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-30T23:20:37+00:00" }, "AWSAccountManagementReadOnlyAccess":{ "CreateDate":"2021-09-30T23:29:53+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "account:Get*", "account:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-30T23:29:53+00:00" }, "AWSAccountUsageReportAccess":{ "CreateDate":"2015-02-06T18:41:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aws-portal:ViewUsage" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:19+00:00" }, "AWSAgentlessDiscoveryService":{ "CreateDate":"2016-08-02T01:35:11+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "awsconnector:RegisterConnector", "awsconnector:GetConnectorHealth" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:GetUser", "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::connector-platform-upgrade-info/*", "arn:aws:s3:::connector-platform-upgrade-info", "arn:aws:s3:::connector-platform-upgrade-bundles/*", "arn:aws:s3:::connector-platform-upgrade-bundles", "arn:aws:s3:::connector-platform-release-notes/*", "arn:aws:s3:::connector-platform-release-notes", "arn:aws:s3:::prod.agentless.discovery.connector.upgrade/*", "arn:aws:s3:::prod.agentless.discovery.connector.upgrade" ] }, { "Action":[ "s3:PutObject", "s3:PutObjectAcl" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::import-to-ec2-connector-debug-logs/*" ] }, { "Action":[ "SNS:Publish" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:metrics-sns-topic-for-*" }, { "Action":[ "Discovery:*" ], "Effect":"Allow", "Resource":"*", "Sid":"Discovery" }, { "Action":[ "arsenal:RegisterOnPremisesAgent" ], "Effect":"Allow", "Resource":"*", "Sid":"arsenal" }, { "Action":[ "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-02-24T23:08:23+00:00" }, "AWSAppFabricFullAccess":{ "CreateDate":"2023-06-27T19:51:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "appfabric:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"KMSListAccess" }, { "Action":[ "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3ReadAccess" }, { "Action":[ "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams" ], "Effect":"Allow", "Resource":"*", "Sid":"FirehoseReadAccess" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"appfabric.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/appfabric.amazonaws.com/AWSServiceRoleForAppFabric", "Sid":"AllowUseOfServiceLinkedRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-27T19:51:17+00:00" }, "AWSAppFabricReadOnlyAccess":{ "CreateDate":"2023-06-27T19:52:02+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "appfabric:GetAppAuthorization", "appfabric:GetAppBundle", "appfabric:GetIngestion", "appfabric:GetIngestionDestination", "appfabric:ListAppAuthorizations", "appfabric:ListAppBundles", "appfabric:ListIngestionDestinations", "appfabric:ListIngestions", "appfabric:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-27T19:52:02+00:00" }, "AWSAppFabricServiceRolePolicy":{ "CreateDate":"2023-06-26T21:07:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/AppFabric" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchEmitMetric" }, { "Action":[ "s3:PutObject" ], "Condition":{ "StringEquals":{ "s3:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*/AWSAppFabric/*", "Sid":"S3PutObject" }, { "Action":[ "firehose:PutRecordBatch" ], "Condition":{ "StringEqualsIgnoreCase":{ "aws:ResourceTag/AWSAppFabricManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:firehose:*:*:deliverystream/*", "Sid":"FirehosePutRecord" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-26T21:07:45+00:00" }, "AWSAppMeshEnvoyAccess":{ "CreateDate":"2019-07-03T21:29:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "appmesh:StreamAggregatedResources" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-07-03T21:29:37+00:00" }, "AWSAppMeshFullAccess":{ "CreateDate":"2019-04-16T17:50:40+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "appmesh:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":[ "appmesh.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStack*", "cloudformation:UpdateStack" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" }, { "Action":[ "acm:ListCertificates", "acm:DescribeCertificate", "acm-pca:DescribeCertificateAuthority", "acm-pca:ListCertificateAuthorities" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:ListInstances" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-07T19:54:08+00:00" }, "AWSAppMeshPreviewEnvoyAccess":{ "CreateDate":"2019-08-05T23:32:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "appmesh-preview:StreamAggregatedResources" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-05T23:32:39+00:00" }, "AWSAppMeshPreviewServiceRolePolicy":{ "CreateDate":"2019-06-19T19:07:00+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "servicediscovery:DiscoverInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudMapServiceDiscovery" }, { "Action":[ "acm:DescribeCertificate" ], "Effect":"Allow", "Resource":"*", "Sid":"ACMCertificateVerification" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-21T21:06:29+00:00" }, "AWSAppMeshReadOnly":{ "CreateDate":"2019-04-16T17:51:11+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "appmesh:Describe*", "appmesh:List*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudformation:DescribeStack*" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" }, { "Action":[ "acm:ListCertificates", "acm:DescribeCertificate", "acm-pca:DescribeCertificateAuthority", "acm-pca:ListCertificateAuthorities" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:ListInstances" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-07T19:53:16+00:00" }, "AWSAppMeshServiceRolePolicy":{ "CreateDate":"2019-06-03T18:30:51+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "servicediscovery:DiscoverInstances", "servicediscovery:DiscoverInstancesRevision" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudMapServiceDiscovery" }, { "Action":[ "acm:DescribeCertificate" ], "Effect":"Allow", "Resource":"*", "Sid":"ACMCertificateVerification" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-10T16:46:37+00:00" }, "AWSAppRunnerFullAccess":{ "CreateDate":"2022-01-11T04:02:09+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"apprunner.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/apprunner.amazonaws.com/AWSServiceRoleForAppRunner" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"apprunner.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"apprunner:*", "Effect":"Allow", "Resource":"*", "Sid":"AppRunnerAdminAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-01-11T04:02:09+00:00" }, "AWSAppRunnerReadOnlyAccess":{ "CreateDate":"2022-02-24T21:24:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "apprunner:List*", "apprunner:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-02-24T21:24:15+00:00" }, "AWSAppRunnerServicePolicyForECRAccess":{ "CreateDate":"2021-05-14T19:17:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:DescribeImages", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-05-14T19:17:21+00:00" }, "AWSAppSyncAdministrator":{ "CreateDate":"2018-03-20T21:20:28+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "appsync:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "appsync.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"appsync.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-04T19:23:49+00:00" }, "AWSAppSyncInvokeFullAccess":{ "CreateDate":"2018-03-20T21:21:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "appsync:GraphQL", "appsync:GetGraphqlApi", "appsync:ListGraphqlApis", "appsync:ListApiKeys" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-03-20T21:21:20+00:00" }, "AWSAppSyncPushToCloudWatchLogs":{ "CreateDate":"2018-04-09T19:38:55+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-04-09T19:38:55+00:00" }, "AWSAppSyncSchemaAuthor":{ "CreateDate":"2018-03-20T21:21:06+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "appsync:GraphQL", "appsync:CreateResolver", "appsync:CreateType", "appsync:DeleteResolver", "appsync:DeleteType", "appsync:GetResolver", "appsync:GetType", "appsync:GetDataSource", "appsync:GetSchemaCreationStatus", "appsync:GetIntrospectionSchema", "appsync:GetGraphqlApi", "appsync:ListTypes", "appsync:ListApiKeys", "appsync:ListResolvers", "appsync:ListDataSources", "appsync:ListGraphqlApis", "appsync:StartSchemaCreation", "appsync:UpdateResolver", "appsync:UpdateType", "appsync:TagResource", "appsync:UntagResource", "appsync:ListTagsForResource", "appsync:CreateFunction", "appsync:UpdateFunction", "appsync:GetFunction", "appsync:DeleteFunction", "appsync:ListFunctions", "appsync:ListResolversByFunction", "appsync:EvaluateMappingTemplate", "appsync:EvaluateCode" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-01T18:36:20+00:00" }, "AWSAppSyncServiceRolePolicy":{ "CreateDate":"2020-01-21T19:56:53+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingTargets", "xray:GetSamplingRules", "xray:GetSamplingStatisticSummaries" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-01-21T19:56:53+00:00" }, "AWSApplicationAutoScalingCustomResourcePolicy":{ "CreateDate":"2018-06-04T23:22:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "execute-api:Invoke", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-06-04T23:22:44+00:00" }, "AWSApplicationAutoscalingAppStreamFleetPolicy":{ "CreateDate":"2017-10-20T19:04:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "appstream:UpdateFleet", "appstream:DescribeFleets", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-10-20T19:04:06+00:00" }, "AWSApplicationAutoscalingCassandraTablePolicy":{ "CreateDate":"2020-03-18T22:49:23+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"cassandra:Select", "Effect":"Allow", "Resource":[ "arn:*:cassandra:*:*:/keyspace/system/table/*", "arn:*:cassandra:*:*:/keyspace/system_schema/table/*", "arn:*:cassandra:*:*:/keyspace/system_schema_mcs/table/*" ] }, { "Action":[ "cassandra:Alter", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-03-18T22:49:23+00:00" }, "AWSApplicationAutoscalingComprehendEndpointPolicy":{ "CreateDate":"2019-11-14T18:39:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "comprehend:UpdateEndpoint", "comprehend:DescribeEndpoint", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-14T18:39:07+00:00" }, "AWSApplicationAutoscalingDynamoDBTablePolicy":{ "CreateDate":"2017-10-20T21:34:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "dynamodb:DescribeTable", "dynamodb:UpdateTable", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-10-20T21:34:57+00:00" }, "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy":{ "CreateDate":"2017-10-25T18:23:27+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSpotFleetRequests", "ec2:ModifySpotFleetRequest", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-10-25T18:23:27+00:00" }, "AWSApplicationAutoscalingECSServicePolicy":{ "CreateDate":"2017-10-25T23:53:08+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ecs:DescribeServices", "ecs:UpdateService", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-24T20:05:50+00:00" }, "AWSApplicationAutoscalingEMRInstanceGroupPolicy":{ "CreateDate":"2017-10-26T00:57:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ModifyInstanceGroups", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-10-26T00:57:39+00:00" }, "AWSApplicationAutoscalingElastiCacheRGPolicy":{ "CreateDate":"2021-08-17T23:41:42+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "elasticache:DescribeReplicationGroups", "elasticache:ModifyCacheCluster", "elasticache:ModifyReplicationGroupShardConfiguration", "elasticache:IncreaseReplicaCount", "elasticache:DecreaseReplicaCount", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameters" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ElastiCacheActionsOnAllClusters" }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:*" ], "Sid":"CloudWatchActionsOnAllAlarms" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" ], "Sid":"CloudWatchActionsOnTargetTrackingAlarms" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-26T17:37:06+00:00" }, "AWSApplicationAutoscalingKafkaClusterPolicy":{ "CreateDate":"2020-08-24T18:36:01+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "kafka:DescribeCluster", "kafka:DescribeClusterOperation", "kafka:UpdateBrokerStorage", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-24T18:36:01+00:00" }, "AWSApplicationAutoscalingLambdaConcurrencyPolicy":{ "CreateDate":"2019-10-21T20:04:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lambda:PutProvisionedConcurrencyConfig", "lambda:GetProvisionedConcurrencyConfig", "lambda:DeleteProvisionedConcurrencyConfig", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-21T20:04:17+00:00" }, "AWSApplicationAutoscalingNeptuneClusterPolicy":{ "CreateDate":"2021-09-02T21:14:55+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "rds:ListTagsForResource", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "rds:DescribeDBClusterParameters", "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"rds:AddTagsToResource", "Condition":{ "StringEquals":{ "rds:DatabaseEngine":"neptune" } }, "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:db:autoscaled-reader*" ] }, { "Action":"rds:CreateDBInstance", "Condition":{ "StringEquals":{ "rds:DatabaseEngine":"neptune" } }, "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:db:autoscaled-reader*", "arn:aws:rds:*:*:cluster:*" ] }, { "Action":[ "rds:DeleteDBInstance" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:db:autoscaled-reader*" ] }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-02T21:14:55+00:00" }, "AWSApplicationAutoscalingRDSClusterPolicy":{ "CreateDate":"2017-10-17T17:46:56+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "rds:AddTagsToResource", "rds:CreateDBInstance", "rds:DeleteDBInstance", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "rds:ModifyDBCluster", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":"rds.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-08-07T19:14:24+00:00" }, "AWSApplicationAutoscalingSageMakerEndpointPolicy":{ "CreateDate":"2018-02-06T19:58:21+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeInferenceComponent", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateInferenceComponentRuntimeConfig", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SageMaker" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" ], "Sid":"SageMakerCloudWatchUpdate" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-13T18:52:34+00:00" }, "AWSApplicationAutoscalingWorkSpacesPoolPolicy":{ "CreateDate":"2024-06-17T18:39:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "workspaces:DescribeWorkspacesPools", "workspaces:UpdateWorkspacesPool" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"WorkSpacesActionsOnAllPools" }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:*" ], "Sid":"CloudWatchActionsOnAllAlarms" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" ], "Sid":"CloudWatchActionsOnTargetTrackingAlarms" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-17T18:39:07+00:00" }, "AWSApplicationDiscoveryAgentAccess":{ "CreateDate":"2016-05-11T21:38:47+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "arsenal:RegisterOnPremisesAgent" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-02-24T22:26:45+00:00" }, "AWSApplicationDiscoveryAgentlessCollectorAccess":{ "CreateDate":"2022-08-16T21:00:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "arsenal:RegisterOnPremisesAgent" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ecr-public:DescribeImages" ], "Effect":"Allow", "Resource":"arn:aws:ecr-public::446372222237:repository/6e5498e4-8c31-4f57-9991-13b4b992ff7b" }, { "Action":[ "ecr-public:GetAuthorizationToken" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sts:GetServiceBearerToken" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-16T21:00:59+00:00" }, "AWSApplicationDiscoveryServiceFullAccess":{ "CreateDate":"2016-05-11T21:30:50+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "mgh:*", "discovery:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"continuousexport.discovery.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "migrationhub.amazonaws.com", "dmsintegration.migrationhub.amazonaws.com", "smsintegration.migrationhub.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-19T21:21:26+00:00" }, "AWSApplicationMigrationAgentInstallationPolicy":{ "CreateDate":"2022-06-19T07:51:04+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mgn:GetAgentInstallationAssetsForMgn", "mgn:SendClientMetricsForMgn", "mgn:SendClientLogsForMgn", "mgn:RegisterAgentForMgn", "mgn:VerifyClientRoleForMgn" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "mgn:IssueClientCertificateForMgn" ], "Effect":"Allow", "Resource":"arn:aws:mgn:*:*:source-server/*" }, { "Action":"mgn:TagResource", "Condition":{ "StringEquals":{ "mgn:CreateAction":"RegisterAgentForMgn" } }, "Effect":"Allow", "Resource":"arn:aws:mgn:*:*:source-server/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-09-20T11:21:24+00:00" }, "AWSApplicationMigrationAgentPolicy":{ "CreateDate":"2021-04-07T07:00:21+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mgn:SendAgentMetricsForMgn", "mgn:SendAgentLogsForMgn", "mgn:SendClientMetricsForMgn", "mgn:SendClientLogsForMgn" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "mgn:RegisterAgentForMgn", "mgn:UpdateAgentSourcePropertiesForMgn", "mgn:UpdateAgentReplicationInfoForMgn", "mgn:UpdateAgentConversionInfoForMgn", "mgn:GetAgentInstallationAssetsForMgn", "mgn:GetAgentCommandForMgn", "mgn:GetAgentConfirmedResumeInfoForMgn", "mgn:GetAgentRuntimeConfigurationForMgn", "mgn:UpdateAgentBacklogForMgn", "mgn:GetAgentReplicationInfoForMgn" ], "Effect":"Allow", "Resource":"*" }, { "Action":"mgn:TagResource", "Effect":"Allow", "Resource":"arn:aws:mgn:*:*:source-server/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-09-20T11:13:40+00:00" }, "AWSApplicationMigrationAgentPolicy_v2":{ "CreateDate":"2022-06-06T14:14:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mgn:SendAgentMetricsForMgn", "mgn:SendAgentLogsForMgn", "mgn:UpdateAgentSourcePropertiesForMgn", "mgn:UpdateAgentReplicationInfoForMgn", "mgn:UpdateAgentConversionInfoForMgn", "mgn:GetAgentCommandForMgn", "mgn:GetAgentConfirmedResumeInfoForMgn", "mgn:GetAgentRuntimeConfigurationForMgn", "mgn:UpdateAgentBacklogForMgn", "mgn:GetAgentReplicationInfoForMgn", "mgn:IssueClientCertificateForMgn" ], "Effect":"Allow", "Resource":"arn:aws:mgn:*:*:source-server/${aws:SourceIdentity}" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-06-06T14:14:38+00:00" }, "AWSApplicationMigrationConversionServerPolicy":{ "CreateDate":"2021-04-07T06:48:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mgn:SendClientMetricsForMgn", "mgn:SendClientLogsForMgn", "mgn:GetChannelCommandsForMgn", "mgn:SendChannelCommandResultForMgn" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-07T06:48:58+00:00" }, "AWSApplicationMigrationEC2Access":{ "CreateDate":"2021-04-07T07:05:22+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole" ] }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:DescribeSnapshots", "ec2:DescribeImages", "ec2:DescribeVolumes" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "mgn.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate", "ec2:DeleteLaunchTemplateVersions" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*" }, { "Action":[ "ec2:CreateLaunchTemplate" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "mgn.amazonaws.com" ] }, "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*" }, { "Action":[ "ec2:DeleteLaunchTemplate" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "mgn.amazonaws.com" ] }, "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*" }, { "Action":[ "ec2:DeleteVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ModifyInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":"ec2:CreateSecurityGroup", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:DetachVolume", "ec2:AttachVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ec2:AttachVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:DetachVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ] }, { "Action":"ec2:CreateTags", "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "StringEquals":{ "ec2:CreateAction":[ "CreateSecurityGroup", "CreateVolume", "CreateSnapshot", "RunInstances", "CreateLaunchTemplate" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:network-interface/*" ] }, { "Action":[ "ec2:CreateTags", "ec2:ModifyVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ] }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-11T13:07:07+00:00" }, "AWSApplicationMigrationFullAccess":{ "CreateDate":"2021-04-07T06:56:05+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "mgn:*" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor0" }, { "Action":[ "kms:ListAliases", "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor1" }, { "Action":[ "ec2:DescribeKeyPairs", "ec2:DescribeTags", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor2" }, { "Action":"license-manager:ListLicenseConfigurations", "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor3" }, { "Action":"elasticloadbalancing:DescribeLoadBalancers", "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor4" }, { "Action":"iam:ListInstanceProfiles", "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor5" }, { "Action":"iam:PassRole", "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSApplicationMigrationLaunchInstanceWithSsmRole", "arn:aws:iam::*:role/service-role/AWSApplicationMigrationLaunchInstanceWithDrsRole" ], "Sid":"VisualEditor6" }, { "Action":[ "drs:DescribeSourceServers" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor7" }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"VisualEditor8" }, { "Action":[ "ssm:ListCommandInvocations" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor9" }, { "Action":[ "ssm:DescribeInstanceInformation", "ssm:GetCommandInvocation" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor10" }, { "Action":[ "ssm:DescribeDocument", "ssm:SendCommand" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSDisasterRecovery-InstallDRAgentOnInstance", "arn:aws:ssm:*:*:document/AWSMigration-*" ], "Sid":"VisualEditor11" }, { "Action":[ "drs:DisconnectSourceServer" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceConfiguredDR":"false" } }, "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"VisualEditor12" }, { "Action":[ "ssm:GetParameter", "ssm:PutParameter" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSApplicationMigrationService-*", "Sid":"VisualEditor13" }, { "Action":[ "servicequotas:GetServiceQuota" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor14" }, { "Action":[ "ssm:GetAutomationExecution" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:automation-execution/*", "Sid":"VisualEditor15" }, { "Action":[ "ssm:GetDocument" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSDisasterRecovery-InstallDRAgentOnInstance", "arn:aws:ssm:*:*:document/AWSMigration-*" ], "Sid":"VisualEditor16" }, { "Action":[ "ssm:GetParameters" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSApplicationMigrationService-*", "Sid":"VisualEditor17" }, { "Action":[ "ssm:StartAutomationExecution" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"mgn.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:automation-definition/AWSMigration-*:$DEFAULT", "Sid":"VisualEditor18" }, { "Action":"ssm:ListCommands", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor19" }, { "Action":[ "ssm:DescribeParameters" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "mgn.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor20" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-19T08:30:02+00:00" }, "AWSApplicationMigrationMGHAccess":{ "CreateDate":"2021-04-07T07:10:01+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mgh:AssociateCreatedArtifact", "mgh:CreateProgressUpdateStream", "mgh:DisassociateCreatedArtifact", "mgh:GetHomeRegion", "mgh:ImportMigrationTask", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-07T07:10:01+00:00" }, "AWSApplicationMigrationReadOnlyAccess":{ "CreateDate":"2021-04-07T07:15:26+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "mgn:DescribeJobLogItems", "mgn:DescribeJobs", "mgn:DescribeSourceServers", "mgn:DescribeReplicationConfigurationTemplates", "mgn:GetLaunchConfiguration", "mgn:DescribeVcenterClients", "mgn:GetReplicationConfiguration", "mgn:DescribeLaunchConfigurationTemplates", "mgn:ListSourceServerActions", "mgn:ListTemplateActions", "mgn:ListApplications", "mgn:ListWaves", "mgn:ListExports", "mgn:ListImports", "mgn:ListImportErrors", "mgn:ListExportErrors" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "servicequotas:GetServiceQuota" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-20T08:58:08+00:00" }, "AWSApplicationMigrationReplicationServerPolicy":{ "CreateDate":"2021-04-07T07:21:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mgn:SendClientMetricsForMgn", "mgn:SendClientLogsForMgn", "mgn:GetChannelCommandsForMgn", "mgn:SendChannelCommandResultForMgn", "mgn:GetAgentSnapshotCreditsForMgn", "mgn:DescribeReplicationServerAssociationsForMgn", "mgn:DescribeSnapshotRequestsForMgn", "mgn:BatchDeleteSnapshotRequestForMgn", "mgn:NotifyAgentAuthenticationForMgn", "mgn:BatchCreateVolumeSnapshotGroupForMgn", "mgn:UpdateAgentReplicationProcessStateForMgn", "mgn:NotifyAgentReplicationProgressForMgn", "mgn:NotifyAgentConnectedForMgn", "mgn:NotifyAgentDisconnectedForMgn" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateSnapshot" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-07T07:21:57+00:00" }, "AWSApplicationMigrationSSMAccess":{ "CreateDate":"2022-11-27T09:29:05+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ssm:GetCommandInvocation", "ssm:DescribeInstanceInformation" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "mgn.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ssm:SendCommand", "ssm:DescribeDocument", "ssm:StartAutomationExecution" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "mgn.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/*", "arn:aws:ssm:*:*:automation-definition/*:*" ] }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "mgn.amazonaws.com" ] }, "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "ssm:ListDocuments" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm:ListDocumentVersions", "ssm:GetDocument" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:document/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-20T10:57:51+00:00" }, "AWSApplicationMigrationServiceEc2InstancePolicy":{ "CreateDate":"2023-08-22T13:19:02+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mgn:SendClientLogsForMgn", "mgn:RegisterAgentForMgn", "mgn:GetAgentInstallationAssetsForMgn" ], "Effect":"Allow", "Resource":"*", "Sid":"MgnAgentInstallation" }, { "Action":[ "mgn:SendAgentMetricsForMgn", "mgn:SendAgentLogsForMgn", "mgn:UpdateAgentSourcePropertiesForMgn", "mgn:UpdateAgentReplicationInfoForMgn", "mgn:UpdateAgentConversionInfoForMgn", "mgn:GetAgentCommandForMgn", "mgn:GetAgentConfirmedResumeInfoForMgn", "mgn:GetAgentRuntimeConfigurationForMgn", "mgn:UpdateAgentBacklogForMgn", "mgn:GetAgentReplicationInfoForMgn" ], "Effect":"Allow", "Resource":"arn:aws:mgn:*:*:source-server/*", "Sid":"MgnAgentReplication" }, { "Action":"mgn:TagResource", "Condition":{ "StringEquals":{ "mgn:CreateAction":"RegisterAgentForMgn" } }, "Effect":"Allow", "Resource":"arn:aws:mgn:*:*:source-server/*", "Sid":"MgnSourceServerTagResource" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-03T14:19:47+00:00" }, "AWSApplicationMigrationServiceRolePolicy":{ "CreateDate":"2021-04-07T06:43:20+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":"mgn:ListTagsForResource", "Effect":"Allow", "Resource":"*" }, { "Action":"kms:ListRetirableGrants", "Effect":"Allow", "Resource":"*" }, { "Action":[ "mgh:AssociateCreatedArtifact", "mgh:CreateProgressUpdateStream", "mgh:DisassociateCreatedArtifact", "mgh:GetHomeRegion", "mgh:ImportMigrationTask", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:GetEbsDefaultKmsKeyId", "ec2:GetEbsEncryptionByDefault" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:DescribeAccount" ], "Effect":"Allow", "Resource":"arn:aws:organizations::*:account/*" }, { "Action":[ "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:RegisterImage", "ec2:DeregisterImage" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*" }, { "Action":[ "ec2:DeleteVolume" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ModifyInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*" }, { "Action":[ "ec2:CreateLaunchTemplate" ], "Condition":{ "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Null":{ "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:DetachVolume", "ec2:AttachVolume" ], "Condition":{ "Null":{ "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ec2:AttachVolume" ], "Condition":{ "Null":{ "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:DetachVolume" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "Null":{ "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ] }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSApplicationMigrationReplicationServerRole", "arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole" ] }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateLaunchTemplate", "CreateSecurityGroup", "CreateVolume", "CreateSnapshot", "RunInstances" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-16T10:37:07+00:00" }, "AWSApplicationMigrationVCenterClientPolicy":{ "CreateDate":"2021-11-08T12:53:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mgn:CreateVcenterClientForMgn", "mgn:DescribeVcenterClients" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "mgn:GetVcenterClientCommandsForMgn", "mgn:SendVcenterClientCommandResultForMgn", "mgn:SendVcenterClientLogsForMgn", "mgn:SendVcenterClientMetricsForMgn", "mgn:DeleteVcenterClient", "mgn:TagResource", "mgn:NotifyVcenterClientStartedForMgn" ], "Effect":"Allow", "Resource":"arn:aws:mgn:*:*:vcenter-client/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-08T12:53:08+00:00" }, "AWSArtifactAccountSync":{ "CreateDate":"2018-04-10T23:04:33+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:ListAccounts", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-04-10T23:04:33+00:00" }, "AWSArtifactAgreementsFullAccess":{ "CreateDate":"2024-11-22T19:36:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Effect":"Allow", "Resource":"*", "Sid":"ListAgreementActions" }, { "Action":[ "artifact:GetAgreement", "artifact:AcceptNdaForAgreement", "artifact:GetNdaForAgreement", "artifact:AcceptAgreement" ], "Effect":"Allow", "Resource":"arn:aws:artifact:::agreement/*", "Sid":"AWSAgreementActions" }, { "Action":[ "artifact:GetCustomerAgreement", "artifact:TerminateAgreement" ], "Effect":"Allow", "Resource":"arn:aws:artifact::*:customer-agreement/*", "Sid":"CustomerAgreementActions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "artifact.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact", "Sid":"CreateServiceLinkedRoleForOrganizationsIntegration" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact", "Sid":"GetRoleToCheckForRoleExistence" }, { "Action":[ "organizations:EnableAWSServiceAccess", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"EnableServiceTrust" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-22T19:36:07+00:00" }, "AWSArtifactAgreementsReadOnlyAccess":{ "CreateDate":"2024-11-22T19:36:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "artifact:ListAgreements", "artifact:ListCustomerAgreements" ], "Effect":"Allow", "Resource":"*", "Sid":"ListAgreementsActions" }, { "Action":[ "artifact:GetCustomerAgreement" ], "Effect":"Allow", "Resource":"arn:aws:artifact::*:customer-agreement/*", "Sid":"GetCustomerAgreementActions" }, { "Action":[ "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSOrganizationActions" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/artifact.amazonaws.com/AWSServiceRoleForArtifact", "Sid":"GetRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-22T19:36:07+00:00" }, "AWSArtifactReportsReadOnlyAccess":{ "CreateDate":"2024-01-02T22:42:58+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Effect":"Allow", "Resource":"*", "Sid":"ArtifactReportActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-24T18:37:06+00:00" }, "AWSArtifactServiceRolePolicy":{ "CreateDate":"2023-08-21T20:27:31+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-21T20:27:31+00:00" }, "AWSAuditManagerAdministratorAccess":{ "CreateDate":"2020-12-11T20:02:42+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "auditmanager:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AuditManagerAccess" }, { "Action":[ "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:ListParents", "organizations:ListChildren" ], "Effect":"Allow", "Resource":"*", "Sid":"OrganizationsAccess" }, { "Action":[ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator", "organizations:EnableAWSServiceAccess" ], "Condition":{ "StringLikeIfExists":{ "organizations:ServicePrincipal":[ "auditmanager.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowOnlyAuditManagerIntegration" }, { "Action":[ "iam:GetUser", "iam:ListUsers", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMAccess" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"auditmanager.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", "Sid":"IAMAccessCreateSLR" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:UpdateRoleDescription", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", "Sid":"IAMAccessManageSLR" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3Access" }, { "Action":[ "kms:DescribeKey", "kms:ListKeys", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"KmsAccess" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":"true" }, "StringLike":{ "kms:ViaService":"auditmanager.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"KmsCreateGrantAccess" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSAccess" }, { "Action":[ "events:PutRule" ], "Condition":{ "ForAllValues:StringEquals":{ "events:source":[ "aws.securityhub" ] }, "StringEquals":{ "events:detail-type":"Security Hub Findings - Imported" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateEventsAccess" }, { "Action":[ "events:DeleteRule", "events:DescribeRule", "events:EnableRule", "events:DisableRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", "Sid":"EventsAccess" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"TagAccess" }, { "Action":[ "controlcatalog:ListCommonControls", "controlcatalog:ListDomains", "controlcatalog:ListObjectives" ], "Effect":"Allow", "Resource":"*", "Sid":"ControlCatalogAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-15T23:46:15+00:00" }, "AWSAuditManagerServiceRolePolicy":{ "CreateDate":"2020-12-08T15:12:12+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "acm:GetAccountConfiguration", "acm:ListCertificates", "autoscaling:DescribeAutoScalingGroups", "backup:ListBackupPlans", "backup:ListRecoveryPointsByResource", "bedrock:GetCustomModel", "bedrock:GetFoundationModel", "bedrock:GetModelCustomizationJob", "bedrock:GetModelInvocationLoggingConfiguration", "bedrock:ListCustomModels", "bedrock:ListFoundationModels", "bedrock:ListGuardrails", "bedrock:ListModelCustomizationJobs", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:ListDistributions", "cloudtrail:GetTrail", "cloudtrail:ListTrails", "cloudtrail:DescribeTrails", "cloudtrail:LookupEvents", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cognito-idp:DescribeUserPool", "config:DescribeConfigRules", "config:DescribeDeliveryChannels", "config:ListDiscoveredResources", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeVirtualGateways", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeBackup", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTable", "dynamodb:ListBackups", "dynamodb:ListGlobalTables", "dynamodb:ListTables", "ec2:DescribeInstanceCreditSpecifications", "ec2:DescribeInstanceAttribute", "ec2:DescribeSecurityGroupRules", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:GetLaunchTemplateData", "ec2:DescribeAddresses", "ec2:DescribeCustomerGateways", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeLocalGatewayVirtualInterfaces", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeTransitGateways", "ec2:DescribeVolumes", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetEbsDefaultKmsKeyId", "ec2:GetEbsEncryptionByDefault", "ecs:DescribeClusters", "eks:DescribeAddonVersions", "elasticache:DescribeCacheClusters", "elasticache:DescribeServiceUpdates", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeSslPolicies", "elasticloadbalancing:DescribeTargetGroups", "elasticmapreduce:ListClusters", "elasticmapreduce:ListSecurityConfigurations", "events:DescribeRule", "events:ListConnections", "events:ListEventBuses", "events:ListEventSources", "events:ListRules", "firehose:ListDeliveryStreams", "fsx:DescribeFileSystems", "guardduty:ListDetectors", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccessKeyLastUsed", "iam:GetCredentialReport", "iam:GetGroupPolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRolePolicy", "iam:GetUser", "iam:GetUserPolicy", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:ListAttachedGroupPolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupsForUser", "iam:ListGroupPolicies", "iam:ListGroups", "iam:ListOpenIdConnectProviders", "iam:ListPolicies", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListSamlProviders", "iam:ListUserPolicies", "iam:ListUsers", "iam:ListVirtualMFADevices", "iam:ListPolicyVersions", "iam:ListAccessKeys", "iam:ListAttachedRolePolicies", "iam:ListMfaDeviceTags", "iam:ListMfaDevices", "kafka:ListClusters", "kafka:ListKafkaVersions", "kinesis:ListStreams", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeys", "lambda:ListFunctions", "license-manager:ListAssociationsForLicenseConfiguration", "license-manager:ListLicenseConfigurations", "license-manager:ListUsageForLicenseConfiguration", "logs:DescribeDestinations", "logs:DescribeExportTasks", "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "logs:DescribeResourcePolicies", "logs:FilterLogEvents", "logs:GetDataProtectionPolicy", "es:DescribeDomains", "es:DescribeDomain", "es:DescribeDomainConfig", "es:ListDomainNames", "organizations:DescribeOrganization", "organizations:DescribePolicy", "rds:DescribeCertificates", "rds:DescribeDBClusterEndpoints", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "rds:DescribeDBClusters", "rds:DescribeDBInstanceAutomatedBackups", "redshift:DescribeClusters", "redshift:DescribeClusterSnapshots", "redshift:DescribeLoggingStatus", "route53:GetQueryLoggingConfig", "sagemaker:DescribeAlgorithm", "sagemaker:DescribeFlowDefinition", "sagemaker:DescribeHumanTaskUi", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelCard", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeDomain", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeLabelingJob", "sagemaker:DescribeModel", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeUserProfile", "sagemaker:ListAlgorithms", "sagemaker:ListDomains", "sagemaker:ListEndpoints", "sagemaker:ListEndpointConfigs", "sagemaker:ListFlowDefinitions", "sagemaker:ListHumanTaskUis", "sagemaker:ListLabelingJobs", "sagemaker:ListModels", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelCards", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListMonitoringAlerts", "sagemaker:ListMonitoringSchedules", "sagemaker:ListTrainingJobs", "sagemaker:ListUserProfiles", "s3:GetBucketPublicAccessBlock", "s3:GetBucketVersioning", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:ListAllMyBuckets", "secretsmanager:DescribeSecret", "secretsmanager:ListSecrets", "securityhub:DescribeStandards", "sns:ListTagsForResource", "sns:ListTopics", "sqs:ListQueues", "waf-regional:GetRule", "waf-regional:GetWebAcl", "waf:GetRule", "waf:GetRuleGroup", "waf:ListActivatedRulesInRuleGroup", "waf:ListWebAcls", "wafv2:ListWebAcls", "waf-regional:GetLoggingConfiguration", "waf-regional:ListRuleGroups", "waf-regional:ListSubscribedRuleGroups", "waf-regional:ListWebACLs", "waf-regional:ListRules", "waf:ListRuleGroups", "waf:ListRules" ], "Effect":"Allow", "Resource":"*", "Sid":"APIsAccess" }, { "Action":[ "s3:GetBucketAcl", "s3:GetBucketLogging", "s3:GetBucketOwnershipControls", "s3:GetBucketPolicy", "s3:GetBucketTagging" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"S3Access" }, { "Action":[ "apigateway:GET" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/restapis/*/stages" ], "Sid":"APIGatewayAccess" }, { "Action":[ "events:PutRule" ], "Condition":{ "ForAllValues:StringEquals":{ "events:source":[ "aws.securityhub" ] }, "Null":{ "events:source":"false" }, "StringEquals":{ "events:detail-type":"Security Hub Findings - Imported" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", "Sid":"CreateEventsAccess" }, { "Action":[ "events:DeleteRule", "events:DescribeRule", "events:EnableRule", "events:DisableRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", "Sid":"EventsAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-24T23:22:25+00:00" }, "AWSAutoScalingPlansEC2AutoScalingPolicy":{ "CreateDate":"2018-08-23T22:46:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:GetMetricData", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeScheduledActions", "autoscaling:BatchPutScheduledUpdateGroupAction", "autoscaling:BatchDeleteScheduledAction" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-08-23T22:46:59+00:00" }, "AWSBCMDataExportsServiceRolePolicy":{ "CreateDate":"2024-06-10T17:40:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cost-optimization-hub:ListEnrollmentStatuses", "cost-optimization-hub:ListRecommendations" ], "Effect":"Allow", "Resource":"*", "Sid":"CostOptimizationRecommendationAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-10T17:40:19+00:00" }, "AWSBackupAuditAccess":{ "CreateDate":"2021-08-24T01:02:23+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "backup:CreateFramework", "backup:UpdateFramework", "backup:ListFrameworks", "backup:DescribeFramework", "backup:DeleteFramework", "backup:ListBackupPlans", "backup:ListBackupVaults", "backup:CreateReportPlan", "backup:UpdateReportPlan", "backup:ListReportPlans", "backup:DescribeReportPlan", "backup:DeleteReportPlan", "backup:StartReportJob", "backup:ListReportJobs", "backup:DescribeReportJob" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeComplianceByConfigRule" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "config:GetComplianceDetailsByConfigRule" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:config-rule/*" }, { "Action":[ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-10T21:23:31+00:00" }, "AWSBackupDataTransferAccess":{ "CreateDate":"2022-11-10T22:48:05+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "backup-storage:StartObject", "backup-storage:PutChunk", "backup-storage:GetChunk", "backup-storage:ListChunks", "backup-storage:ListObjects", "backup-storage:GetObjectMetadata", "backup-storage:NotifyObjectComplete" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-10T22:48:05+00:00" }, "AWSBackupFullAccess":{ "CreateDate":"2019-11-18T22:21:52+00:00", "DefaultVersionId":"v19", "Document":{ "Statement":[ { "Action":"backup:*", "Effect":"Allow", "Resource":"*", "Sid":"AwsBackupAllAccessPermissions" }, { "Action":"backup-storage:*", "Effect":"Allow", "Resource":"*", "Sid":"AwsBackupStorageAllAccessPermissions" }, { "Action":[ "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:DescribeDBInstances", "rds:describeDBEngineVersions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describeDBSubnetGroups", "rds:describeDBClusterSnapshots", "rds:describeDBClusters", "rds:describeDBParameterGroups", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBClusterAutomatedBackups" ], "Effect":"Allow", "Resource":"*", "Sid":"RdsPermissions" }, { "Action":[ "rds:DeleteDBSnapshot", "rds:DeleteDBClusterSnapshot" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "backup.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"RdsDeletePermissions" }, { "Action":[ "dynamodb:ListBackups", "dynamodb:ListTables" ], "Effect":"Allow", "Resource":"*", "Sid":"DynamoDbPermissions" }, { "Action":[ "dynamodb:DeleteBackup" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "backup.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DynamoDbDeleteBackupPermissions" }, { "Action":[ "elasticfilesystem:DescribeFilesystems" ], "Effect":"Allow", "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", "Sid":"EfsFileSystemPermissions" }, { "Action":[ "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:describeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSecurityGroups", "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DescribePlacementGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeVpcEndpoints", "ec2:DescribeAddresses" ], "Effect":"Allow", "Resource":"*", "Sid":"Ec2Permissions" }, { "Action":[ "ec2:DeleteSnapshot", "ec2:DeregisterImage" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "backup.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"Ec2DeletePermissions" }, { "Action":[ "tag:GetTagKeys", "tag:GetTagValues", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"ResourceGroupTaggingPermissions" }, { "Action":[ "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeStorediSCSIVolumes" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*", "Sid":"StorageGatewayVolumePermissions" }, { "Action":[ "storagegateway:ListGateways" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:*", "Sid":"StorageGatewayPermissions" }, { "Action":[ "storagegateway:DescribeGatewayInformation", "storagegateway:ListLocalDisks" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:gateway/*", "Sid":"StorageGatewayGatewayPermissions" }, { "Action":[ "storagegateway:ListVolumes" ], "Effect":"Allow", "Resource":"*", "Sid":"StorageGatewayGatewayStarPermissions" }, { "Action":[ "iam:ListRoles", "iam:GetRole" ], "Effect":"Allow", "Resource":"*", "Sid":"IamRolePermissions" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "backup.amazonaws.com", "restore-testing.backup.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*AwsBackup*", "arn:aws:iam::*:role/*AWSBackup*" ], "Sid":"IamPassRolePermissions" }, { "Action":"organizations:DescribeOrganization", "Effect":"Allow", "Resource":"*", "Sid":"AwsOrganizationsPermissions" }, { "Action":[ "kms:ListKeys", "kms:DescribeKey", "kms:GenerateDataKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"KmsPermissions" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":true }, "ForAnyValue:StringEquals":{ "kms:EncryptionContextKeys":"aws:backup:backup-vault" }, "StringLike":{ "kms:ViaService":"backup.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"KmsCreateGrantPermissions" }, { "Action":[ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":"*", "Sid":"SystemManagerCommandPermissions" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" ], "Sid":"SystemManagerSendCommandPermissions" }, { "Action":[ "fsx:DescribeFileSystems", "fsx:DescribeBackups", "fsx:DescribeVolumes", "fsx:DescribeStorageVirtualMachines" ], "Effect":"Allow", "Resource":"*", "Sid":"FsxPermissions" }, { "Action":"fsx:DeleteBackup", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "backup.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:backup/*", "Sid":"FsxDeletePermissions" }, { "Action":"ds:DescribeDirectories", "Effect":"Allow", "Resource":"*", "Sid":"DirectoryServicePermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "backup.amazonaws.com", "restore-testing.backup.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"IamCreateServiceLinkedRolePermissions" }, { "Action":[ "backup-gateway:AssociateGatewayToServer", "backup-gateway:CreateGateway", "backup-gateway:DeleteGateway", "backup-gateway:DeleteHypervisor", "backup-gateway:DisassociateGatewayFromServer", "backup-gateway:ImportHypervisorConfiguration", "backup-gateway:ListGateways", "backup-gateway:ListHypervisors", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup-gateway:PutMaintenanceStartTime", "backup-gateway:TagResource", "backup-gateway:TestHypervisorConfiguration", "backup-gateway:UntagResource", "backup-gateway:UpdateGatewayInformation", "backup-gateway:UpdateHypervisor" ], "Effect":"Allow", "Resource":"*", "Sid":"BackupGatewayPermissions" }, { "Action":[ "backup-gateway:GetHypervisor", "backup-gateway:GetHypervisorPropertyMappings", "backup-gateway:PutHypervisorPropertyMappings", "backup-gateway:StartVirtualMachinesMetadataSync" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:hypervisor/*", "Sid":"BackupGatewayHypervisorPermissions" }, { "Action":[ "backup-gateway:GetVirtualMachine" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:vm/*", "Sid":"BackupGatewayVirtualMachinePermissions" }, { "Action":[ "backup-gateway:GetBandwidthRateLimitSchedule", "backup-gateway:GetGateway", "backup-gateway:PutBandwidthRateLimitSchedule" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:gateway/*", "Sid":"BackupGatewayGatewayPermissions" }, { "Action":"cloudwatch:GetMetricData", "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchPermissions" }, { "Action":[ "timestream:ListTables", "timestream:ListDatabases" ], "Effect":"Allow", "Resource":[ "arn:aws:timestream:*:*:database/*" ], "Sid":"TimestreamDatabasePermissions" }, { "Action":[ "timestream:DescribeEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"TimestreamPermissions" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"S3BucketPermissions" }, { "Action":[ "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeSnapshotSchedules" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:cluster:*", "arn:aws:redshift:*:*:subnetgroup:*", "arn:aws:redshift:*:*:snapshot:*/*", "arn:aws:redshift:*:*:snapshotschedule:*" ], "Sid":"RedshiftResourcesPermissions" }, { "Action":[ "redshift:DescribeNodeConfigurationOptions", "redshift:DescribeOrderableClusterOptions", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterTracks" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftPermissions" }, { "Action":[ "redshift-serverless:ListNamespaces", "redshift-serverless:ListSnapshots", "redshift-serverless:ListWorkgroups" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RedshiftServerlessListPermissions" }, { "Action":[ "redshift-serverless:GetNamespace", "redshift-serverless:GetSnapshot", "redshift-serverless:GetWorkgroup" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*", "arn:aws:redshift-serverless:*:*:snapshot/*" ], "Sid":"RedshiftServerlessGetPermissions" }, { "Action":[ "redshift-serverless:DeleteSnapshot" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "backup.amazonaws.com" ] }, "Null":{ "aws:ResourceTag/aws:backup:source-resource":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:snapshot/*" ], "Sid":"RedshiftServerlessDeletetPermissions" }, { "Action":[ "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/*" ], "Sid":"CloudFormationStackPermissions" }, { "Action":[ "ssm-sap:GetOperation", "ssm-sap:ListDatabases", "ssm-sap:GetDatabase", "ssm-sap:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"SystemsManagerForSapPermissions" }, { "Action":[ "ram:GetResourceShareAssociations" ], "Effect":"Allow", "Resource":"*", "Sid":"ResourceAccessManagerPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-27T21:52:06+00:00" }, "AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync":{ "CreateDate":"2022-12-15T19:43:11+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "backup-gateway:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:vm/*", "Sid":"ListVmTags" }, { "Action":[ "backup-gateway:TagResource", "backup-gateway:UntagResource" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:vm/*", "Sid":"VMTagPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-15T19:43:11+00:00" }, "AWSBackupOperatorAccess":{ "CreateDate":"2019-11-18T22:23:17+00:00", "DefaultVersionId":"v17", "Document":{ "Statement":[ { "Action":[ "backup:Get*", "backup:List*", "backup:Describe*", "backup:CreateBackupSelection", "backup:DeleteBackupSelection", "backup:StartBackupJob", "backup:StartRestoreJob", "backup:StartCopyJob" ], "Effect":"Allow", "Resource":"*", "Sid":"AwsBackupAllAccess" }, { "Action":[ "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:DescribeDBInstances", "rds:describeDBEngineVersions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describeDBSubnetGroups", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBParameterGroups", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBClusterAutomatedBackups" ], "Effect":"Allow", "Resource":"*", "Sid":"RDSDescribeAccess" }, { "Action":[ "dynamodb:ListBackups", "dynamodb:ListTables" ], "Effect":"Allow", "Resource":"*", "Sid":"DynamoDBAccess" }, { "Action":[ "elasticfilesystem:DescribeFilesystems" ], "Effect":"Allow", "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", "Sid":"EFSAccess" }, { "Action":[ "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:describeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSecurityGroups", "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DescribePlacementGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeVpcEndpoints", "ec2:DescribeAddresses" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Access" }, { "Action":[ "tag:GetTagKeys", "tag:GetTagValues", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"TagReadAccess" }, { "Action":[ "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeStorediSCSIVolumes" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*", "Sid":"StorageGatewaySCSIAccess" }, { "Action":[ "storagegateway:ListGateways" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:*", "Sid":"StorageGatewayReadAccess" }, { "Action":[ "storagegateway:DescribeGatewayInformation", "storagegateway:ListLocalDisks" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:gateway/*", "Sid":"StorageGatewayDiskReadAccess" }, { "Action":[ "storagegateway:ListVolumes" ], "Effect":"Allow", "Resource":"*", "Sid":"StorageGatewayVolumeReadAccess" }, { "Action":[ "iam:ListRoles", "iam:GetRole" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMRoleAccess" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"backup.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*AwsBackup*", "arn:aws:iam::*:role/*AWSBackup*" ], "Sid":"PassRoleAccess" }, { "Action":"organizations:DescribeOrganization", "Effect":"Allow", "Resource":"*", "Sid":"OrganizationsAccess" }, { "Action":[ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMReadAccess" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" ], "Sid":"SSMComandAccess" }, { "Action":"fsx:DescribeBackups", "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:backup/*", "Sid":"FSXDescribeAccess" }, { "Action":"fsx:DescribeFileSystems", "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:file-system/*", "Sid":"FSxFileAccess" }, { "Action":"fsx:DescribeVolumes", "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:volume/*/*", "Sid":"FSxVolumeAccess" }, { "Action":"fsx:DescribeStorageVirtualMachines", "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:storage-virtual-machine/*/*", "Sid":"FSxMachineAccess" }, { "Action":"ds:DescribeDirectories", "Effect":"Allow", "Resource":"*", "Sid":"DirectoryServiceAccess" }, { "Action":[ "backup-gateway:ListGateways", "backup-gateway:ListHypervisors", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines" ], "Effect":"Allow", "Resource":"*", "Sid":"BackupGatewayListAccess" }, { "Action":[ "backup-gateway:GetHypervisor", "backup-gateway:GetHypervisorPropertyMappings" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:hypervisor/*", "Sid":"BackupGatewayHypervisorAccess" }, { "Action":[ "backup-gateway:GetVirtualMachine" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:vm/*", "Sid":"BackupGatewayMachineAccess" }, { "Action":[ "backup-gateway:GetBandwidthRateLimitSchedule", "backup-gateway:GetGateway" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:gateway/*", "Sid":"BackupGatewayAccess" }, { "Action":"cloudwatch:GetMetricData", "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchAccess" }, { "Action":[ "timestream:ListDatabases", "timestream:ListTables" ], "Effect":"Allow", "Resource":[ "arn:aws:timestream:*:*:database/*" ], "Sid":"TimestreamListAccess" }, { "Action":[ "timestream:DescribeEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"TimestreamDescribeAccess" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"S3ListAccess" }, { "Action":[ "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeSnapshotSchedules" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:cluster:*", "arn:aws:redshift:*:*:subnetgroup:*", "arn:aws:redshift:*:*:snapshot:*/*", "arn:aws:redshift:*:*:snapshotschedule:*" ], "Sid":"RedshiftAccess" }, { "Action":[ "redshift:DescribeNodeConfigurationOptions", "redshift:DescribeOrderableClusterOptions", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterTracks" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftOptionsAccess" }, { "Action":[ "redshift-serverless:ListNamespaces", "redshift-serverless:ListSnapshots", "redshift-serverless:ListWorkgroups" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RedshiftServerlessListPermissions" }, { "Action":[ "redshift-serverless:GetNamespace", "redshift-serverless:GetSnapshot", "redshift-serverless:GetWorkgroup" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*", "arn:aws:redshift-serverless:*:*:snapshot/*" ], "Sid":"RedshiftServerlessGetPermissions" }, { "Action":[ "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/*" ], "Sid":"CloudFormationAccess" }, { "Action":[ "ssm-sap:GetOperation", "ssm-sap:ListDatabases" ], "Effect":"Allow", "Resource":"*", "Sid":"SAPAccess" }, { "Action":[ "ssm-sap:GetDatabase", "ssm-sap:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:ssm-sap:*:*:*", "Sid":"SAPDatabaseAccess" }, { "Action":[ "ram:GetResourceShareAssociations" ], "Effect":"Allow", "Resource":"*", "Sid":"RAMAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-27T21:52:05+00:00" }, "AWSBackupOrganizationAdminAccess":{ "CreateDate":"2020-06-24T16:23:14+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "organizations:DisableAWSServiceAccess", "organizations:EnableAWSServiceAccess", "organizations:ListDelegatedAdministrators" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "backup.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "backup.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:organizations::*:account/*" }, { "Action":[ "organizations:AttachPolicy", "organizations:ListPoliciesForTarget", "organizations:ListTargetsForPolicy", "organizations:DetachPolicy", "organizations:DisablePolicyType", "organizations:DescribePolicy", "organizations:DescribeEffectivePolicy", "organizations:ListPolicies", "organizations:EnablePolicyType", "organizations:CreatePolicy", "organizations:UpdatePolicy", "organizations:DeletePolicy" ], "Condition":{ "StringLikeIfExists":{ "organizations:PolicyType":[ "BACKUP_POLICY" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:ListRoots", "organizations:ListParents", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:ListOrganizationalUnitsForParent", "organizations:ListChildren", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-18T18:26:40+00:00" }, "AWSBackupRestoreAccessForSAPHANA":{ "CreateDate":"2022-11-10T22:43:27+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "backup:Get*", "backup:List*", "backup:Describe*", "backup:StartBackupJob", "backup:StartRestoreJob" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm-sap:GetOperation", "ssm-sap:ListDatabases" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm-sap:BackupDatabase", "ssm-sap:RestoreDatabase", "ssm-sap:UpdateHanaBackupSettings", "ssm-sap:GetDatabase", "ssm-sap:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:ssm-sap:*:*:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-10T22:43:27+00:00" }, "AWSBackupSearchOperatorAccess":{ "CreateDate":"2025-02-27T21:52:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "backup-search:StartSearchJob", "backup-search:ListSearchJobs", "backup-search:ListSearchResultExportJobs", "backup:ListIndexedRecoveryPointsForSearch" ], "Effect":"Allow", "Resource":"*", "Sid":"StartSearchAndListPermissions" }, { "Action":[ "backup:SearchRecoveryPoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::snapshot/*", "arn:aws:backup:*:*:recovery-point:*" ], "Sid":"BackupSearchRecoveryPointPermissions" }, { "Action":[ "backup-search:StartSearchResultExportJob", "backup-search:StopSearchJob", "backup-search:GetSearchJob", "backup-search:GetSearchResultExportJob", "backup-search:ListSearchJobResults", "backup-search:ListSearchJobBackups" ], "Effect":"Allow", "Resource":[ "arn:aws:backup-search:*:*:search-job/*", "arn:aws:backup-search:*:*:search-export-job/*" ], "Sid":"SearchAndExportPermissions" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ForAllValues:StringEquals":{ "kms:EncryptionContextKeys":[ "aws:backup-search:search-job" ] }, "StringLike":{ "kms:ViaService":[ "backup.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSDataKeyForSearchAndExportPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-25T19:52:05+00:00" }, "AWSBackupServiceLinkedRolePolicyForBackup":{ "CreateDate":"2020-06-02T23:08:40+00:00", "DefaultVersionId":"v18", "Document":{ "Statement":[ { "Action":[ "elasticfilesystem:Backup", "elasticfilesystem:DescribeTags" ], "Condition":{ "StringLike":{ "aws:ResourceTag/aws:elasticfilesystem:default-backup":"enabled" } }, "Effect":"Allow", "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", "Sid":"EFSResourcePermissions" }, { "Action":[ "tag:GetResources", "elasticfilesystem:DescribeFileSystems", "dynamodb:ListTables", "storagegateway:ListVolumes", "ec2:DescribeVolumes", "ec2:DescribeInstances", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "fsx:DescribeFileSystems", "fsx:DescribeVolumes", "s3:ListAllMyBuckets", "s3:GetBucketTagging" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribePermissions" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":"CopySnapshot" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"SnapshotCopyTagPermissions" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AWSBackupManagedResource" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" ], "Sid":"EC2CreateBackupTagPermissions" }, { "Action":"ec2:CreateTags", "Condition":{ "Null":{ "ec2:ResourceTag/AWSBackupManagedResource":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" ], "Sid":"EC2CreateTagsPermissions" }, { "Action":[ "ec2:DescribeSnapshots", "ec2:DescribeSnapshotTierStatus", "ec2:DescribeImages", "rds:DescribeDBSnapshots", "rds:DescribeDBClusterSnapshots" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2RDSDescribePermissions" }, { "Action":"ec2:CopySnapshot", "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"EBSCopyPermissions" }, { "Action":"ec2:CopyImage", "Effect":"Allow", "Resource":"*", "Sid":"EC2CopyPermissions" }, { "Action":[ "ec2:DeregisterImage", "ec2:DeleteSnapshot", "ec2:ModifySnapshotTier" ], "Condition":{ "Null":{ "ec2:ResourceTag/AWSBackupManagedResource":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2ModifyPermissions" }, { "Action":[ "rds:AddTagsToResource", "rds:CopyDBSnapshot", "rds:DeleteDBSnapshot", "rds:DeleteDBInstanceAutomatedBackup" ], "Effect":"Allow", "Resource":"arn:aws:rds:*:*:snapshot:awsbackup:*", "Sid":"RDSInstanceAndSnashotPermissions" }, { "Action":[ "rds:AddTagsToResource", "rds:CopyDBClusterSnapshot", "rds:DeleteDBClusterSnapshot" ], "Effect":"Allow", "Resource":"arn:aws:rds:*:*:cluster-snapshot:awsbackup:*", "Sid":"RDSClusterPermissions" }, { "Action":[ "rds:AddTagsToResource" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:snapshot-tenant-database:awsbackup:*" ], "Sid":"RDSSnapshotTenantDatabasePermissions" }, { "Action":"kms:DescribeKey", "Effect":"Allow", "Resource":"*", "Sid":"KMSDescribePermissions" }, { "Action":[ "kms:ListGrants", "kms:ReEncryptFrom", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com", "rds.*.amazonaws.com", "fsx.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSGrantPermissions" }, { "Action":"kms:CreateGrant", "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":"true" }, "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com", "rds.*.amazonaws.com", "fsx.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSCreateGrantPermissions" }, { "Action":[ "fsx:CopyBackup", "fsx:TagResource", "fsx:DescribeBackups", "fsx:DeleteBackup" ], "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:backup/*", "Sid":"FsxPermissions" }, { "Action":"dynamodb:DeleteBackup", "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*", "Sid":"DynamoDBDeletePermissions" }, { "Action":[ "backup-gateway:ListVirtualMachines" ], "Effect":"Allow", "Resource":"*", "Sid":"BackupGateway" }, { "Action":[ "backup-gateway:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:vm/*", "Sid":"ListTagsForBackupGateway" }, { "Action":[ "dynamodb:ListTagsOfResource", "dynamodb:DescribeTable" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/*", "Sid":"DynamoDBPermissions" }, { "Action":[ "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeStorediSCSIVolumes" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*", "Sid":"StorageGatewayPermissions" }, { "Action":[ "events:DeleteRule", "events:PutTargets", "events:DescribeRule", "events:EnableRule", "events:PutRule", "events:RemoveTargets", "events:ListTargetsByRule", "events:DisableRule" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/AwsBackupManagedRule*" ], "Sid":"EventBridgePermissions" }, { "Action":"events:ListRules", "Effect":"Allow", "Resource":"*", "Sid":"EventBridgeRulesPermissions" }, { "Action":[ "ssm-sap:GetOperation", "ssm-sap:UpdateHANABackupSettings" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMSAPPermissions" }, { "Action":[ "timestream:ListDatabases", "timestream:ListTables", "timestream:ListTagsForResource", "timestream:DescribeDatabase", "timestream:DescribeTable", "timestream:GetAwsBackupStatus", "timestream:GetAwsRestoreStatus" ], "Effect":"Allow", "Resource":[ "arn:aws:timestream:*:*:database/*" ], "Sid":"TimestreamResourcePermissions" }, { "Action":[ "timestream:DescribeEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"TimestreamPermissions" }, { "Action":[ "redshift:DescribeClusterSnapshots", "redshift:DescribeTags" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:snapshot:*/*", "arn:aws:redshift:*:*:cluster:*" ], "Sid":"RedshiftDescribePermissions" }, { "Action":[ "redshift:DeleteClusterSnapshot" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:snapshot:*/*" ], "Sid":"RedshiftClusterSnapshotPermissions" }, { "Action":[ "redshift:DescribeClusters" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:cluster:*" ], "Sid":"RedshiftClusterPermissions" }, { "Action":[ "redshift-serverless:GetNamespace", "redshift-serverless:GetSnapshot", "redshift-serverless:GetWorkgroup" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*", "arn:aws:redshift-serverless:*:*:snapshot/*" ], "Sid":"RedshiftServerlessGetPermissions" }, { "Action":[ "redshift-serverless:DeleteSnapshot" ], "Condition":{ "Null":{ "aws:ResourceTag/aws:backup:source-resource":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:snapshot/*" ], "Sid":"RedshiftServerlessDeleteSnapshotPermissions" }, { "Action":[ "redshift-serverless:ListNamespaces", "redshift-serverless:ListSnapshots", "redshift-serverless:ListTagsForResource", "redshift-serverless:ListWorkgroups" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RedshiftServerlessListPermissions" }, { "Action":[ "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/*" ], "Sid":"CloudformationStackPermissions" }, { "Action":[ "backup:TagResource" ], "Condition":{ "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:backup:*:*:recovery-point:*", "Sid":"RecoveryPointTaggingPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-21T23:22:06+00:00" }, "AWSBackupServiceLinkedRolePolicyForBackupTest":{ "CreateDate":"2020-05-12T17:37:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elasticfilesystem:Backup", "elasticfilesystem:DescribeTags" ], "Condition":{ "StringLike":{ "aws:ResourceTag/aws:elasticfilesystem:default-backup":"enabled" } }, "Effect":"Allow", "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-12T17:37:29+00:00" }, "AWSBackupServiceRolePolicyForBackup":{ "CreateDate":"2019-01-10T21:01:28+00:00", "DefaultVersionId":"v21", "Document":{ "Statement":[ { "Action":[ "dynamodb:DescribeTable", "dynamodb:CreateBackup" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/*", "Sid":"DynamoDBPermissions" }, { "Action":[ "dynamodb:DescribeBackup", "dynamodb:DeleteBackup" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*", "Sid":"DynamoDBBackupResourcePermissions" }, { "Action":[ "rds:AddTagsToResource", "rds:ListTagsForResource", "rds:DescribeDBSnapshots", "rds:CreateDBSnapshot", "rds:CopyDBSnapshot", "rds:DescribeDBInstances", "rds:CreateDBClusterSnapshot", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshots", "rds:CopyDBClusterSnapshot", "rds:DescribeDBClusterAutomatedBackups" ], "Effect":"Allow", "Resource":"*", "Sid":"DynamoDBBackupPermissions" }, { "Action":"rds:DeleteDBInstanceAutomatedBackup", "Effect":"Allow", "Resource":"arn:aws:rds:*:*:auto-backup:*", "Sid":"RDSInstanceAutomatedBackupPermissions" }, { "Action":[ "rds:ModifyDBCluster" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:cluster:*" ], "Sid":"RDSClusterPermissions" }, { "Action":"rds:DeleteDBClusterAutomatedBackup", "Effect":"Allow", "Resource":"arn:aws:rds:*:*:cluster-auto-backup:*", "Sid":"RDSClusterBackupPermissions" }, { "Action":[ "rds:ModifyDBInstance" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:db:*" ], "Sid":"RDSModifyPermissions" }, { "Action":[ "rds:DeleteDBSnapshot", "rds:ModifyDBSnapshotAttribute" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:snapshot:awsbackup:*" ], "Sid":"RDSBackupPermissions" }, { "Action":[ "rds:DeleteDBClusterSnapshot", "rds:ModifyDBClusterSnapshotAttribute" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" ], "Sid":"RDSClusterModifyPermissions" }, { "Action":[ "storagegateway:CreateSnapshot", "storagegateway:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*", "Sid":"StorageGatewayPermissions" }, { "Action":[ "ec2:CopySnapshot" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"EBSCopyPermissions" }, { "Action":[ "ec2:CopyImage" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2CopyPermissions" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteSnapshot" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"EBSTagAndDeletePermissions" }, { "Action":[ "ec2:CreateImage", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceCreditSpecifications", "ec2:DescribeNetworkInterfaces", "ec2:DescribeElasticGpus", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSnapshotTierStatus" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Permissions" }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:image/*", "Sid":"EC2TagPermissions" }, { "Action":[ "ec2:ModifySnapshotAttribute", "ec2:ModifyImageAttribute" ], "Condition":{ "Null":{ "aws:ResourceTag/aws:backup:source-resource":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2ModifyPermissions" }, { "Action":[ "ec2:ModifySnapshotTier" ], "Condition":{ "Null":{ "aws:ResourceTag/aws:backup:source-resource":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"EBSSnapshotTierPermissions" }, { "Action":[ "backup:DescribeBackupVault", "backup:CopyIntoBackupVault" ], "Effect":"Allow", "Resource":"arn:aws:backup:*:*:backup-vault:*", "Sid":"BackupVaultPermissions" }, { "Action":[ "backup:CopyFromBackupVault" ], "Effect":"Allow", "Resource":"*", "Sid":"BackupVaultCopyPermissions" }, { "Action":[ "elasticfilesystem:Backup", "elasticfilesystem:DescribeTags" ], "Effect":"Allow", "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", "Sid":"EFSPermissions" }, { "Action":[ "ec2:CreateSnapshot", "ec2:DeleteSnapshot", "ec2:DescribeVolumes", "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"EBSResourcePermissions" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "dynamodb.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSDynamoDBPermissions" }, { "Action":"kms:DescribeKey", "Effect":"Allow", "Resource":"*", "Sid":"KMSPermissions" }, { "Action":"kms:CreateGrant", "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSCreateGrantPermissions" }, { "Action":[ "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSDataKeyEC2Permissions" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"GetResourcesPermissions" }, { "Action":[ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMPermissions" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" ], "Sid":"SSMSendPermissions" }, { "Action":"fsx:DescribeBackups", "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:backup/*", "Sid":"FsxBackupPermissions" }, { "Action":"fsx:CreateBackup", "Effect":"Allow", "Resource":[ "arn:aws:fsx:*:*:file-system/*", "arn:aws:fsx:*:*:backup/*", "arn:aws:fsx:*:*:volume/*" ], "Sid":"FsxCreateBackupPermissions" }, { "Action":"fsx:DescribeFileSystems", "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:file-system/*", "Sid":"FsxPermissions" }, { "Action":"fsx:DescribeVolumes", "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:volume/*", "Sid":"FsxVolumePermissions" }, { "Action":"fsx:ListTagsForResource", "Effect":"Allow", "Resource":[ "arn:aws:fsx:*:*:file-system/*", "arn:aws:fsx:*:*:volume/*" ], "Sid":"FsxListTagsPermissions" }, { "Action":"fsx:DeleteBackup", "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:backup/*", "Sid":"FsxDeletePermissions" }, { "Action":[ "fsx:ListTagsForResource", "fsx:ManageBackupPrincipalAssociations", "fsx:CopyBackup", "fsx:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:backup/*", "Sid":"FsxResourcePermissions" }, { "Action":[ "dynamodb:StartAwsBackupJob", "dynamodb:ListTagsOfResource" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/*", "Sid":"DynamodbBackupPermissions" }, { "Action":[ "backup-gateway:Backup", "backup-gateway:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:vm/*", "Sid":"BackupGatewayBackupPermissions" }, { "Action":[ "cloudformation:ListStacks", "cloudformation:GetTemplate", "cloudformation:DescribeStacks", "cloudformation:ListStackResources" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/*/*", "Sid":"CloudformationStackPermissions" }, { "Action":[ "redshift:CreateClusterSnapshot", "redshift:DescribeClusterSnapshots", "redshift:DescribeTags" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:snapshot:*/*", "arn:aws:redshift:*:*:cluster:*" ], "Sid":"RedshiftCreatePermissions" }, { "Action":[ "redshift:DeleteClusterSnapshot" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:snapshot:*/*" ], "Sid":"RedshiftSnapshotPermissions" }, { "Action":[ "redshift:DescribeClusters" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:cluster:*" ], "Sid":"RedshiftPermissions" }, { "Action":[ "redshift:CreateTags" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:snapshot:*/*" ], "Sid":"RedshiftResourcePermissions" }, { "Action":[ "redshift-serverless:CreateSnapshot" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:snapshot/*", "arn:aws:redshift-serverless:*:*:namespace/*" ], "Sid":"RedshiftServerlessCreatePermissions" }, { "Action":[ "redshift-serverless:DeleteSnapshot" ], "Condition":{ "Null":{ "aws:ResourceTag/aws:backup:source-resource":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:snapshot/*" ], "Sid":"RedshiftServerlessSnapshotPermissions" }, { "Action":[ "redshift-serverless:GetNamespace" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*" ], "Sid":"RedshiftServerlessGetPermissions" }, { "Action":[ "redshift-serverless:GetSnapshot", "redshift-serverless:TagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:snapshot/*" ], "Sid":"RedshiftServerlessResourcePermissions" }, { "Action":[ "redshift-serverless:ListNamespaces", "redshift-serverless:ListSnapshots", "redshift-serverless:ListTagsForResource" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RedshiftServerlessListPermissions" }, { "Action":[ "timestream:StartAwsBackupJob", "timestream:GetAwsBackupStatus", "timestream:ListTables", "timestream:ListDatabases", "timestream:ListTagsForResource", "timestream:DescribeTable", "timestream:DescribeDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:timestream:*:*:database/*" ], "Sid":"TimestreamResourcePermissions" }, { "Action":[ "timestream:DescribeEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"TimestreamEndpointPermissions" }, { "Action":[ "ssm-sap:GetOperation", "ssm-sap:ListDatabases" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMSAPPermissions" }, { "Action":[ "ssm-sap:BackupDatabase", "ssm-sap:UpdateHanaBackupSettings", "ssm-sap:GetDatabase", "ssm-sap:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:ssm-sap:*:*:*", "Sid":"SSMSAPResourcePermissions" }, { "Action":[ "backup:TagResource" ], "Condition":{ "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:backup:*:*:recovery-point:*", "Sid":"RecoveryPointTaggingPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-27T21:52:06+00:00" }, "AWSBackupServiceRolePolicyForIndexing":{ "CreateDate":"2024-12-17T18:37:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*", "Sid":"EBSReadOnlyPermissions" }, { "Action":"kms:DescribeKey", "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSReadOnlyPermissions" }, { "Action":[ "ebs:ListSnapshotBlocks", "ebs:GetSnapshotBlock" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"EBSDirectReadAPIPermissions" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSDataKeyForEC2Permissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-17T18:37:06+00:00" }, "AWSBackupServiceRolePolicyForItemRestores":{ "CreateDate":"2024-12-17T18:37:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*", "Sid":"EBSReadOnlyPermissions" }, { "Action":"kms:DescribeKey", "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSReadOnlyPermissions" }, { "Action":[ "ebs:ListSnapshotBlocks", "ebs:GetSnapshotBlock" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"EBSDirectReadAPIPermissions" }, { "Action":[ "s3:GetBucketLocation", "s3:ListBucket" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"S3ReadonlyPermissions" }, { "Action":[ "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*/*", "Sid":"S3PermissionsForFileLevelRestore" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com", "s3.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSDataKeyForS3AndEC2Permissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-17T18:37:06+00:00" }, "AWSBackupServiceRolePolicyForRestores":{ "CreateDate":"2019-01-12T00:23:54+00:00", "DefaultVersionId":"v22", "Document":{ "Statement":[ { "Action":[ "dynamodb:Scan", "dynamodb:Query", "dynamodb:UpdateItem", "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:DescribeTable" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/*", "Sid":"DynamoDBPermissions" }, { "Action":[ "dynamodb:RestoreTableFromBackup" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*", "Sid":"DynamoDBBackupResourcePermissions" }, { "Action":[ "ec2:CreateVolume", "ec2:DeleteVolume" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"EBSPermissions" }, { "Action":[ "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "ec2:DescribeSnapshotTierStatus" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2DescribePermissions" }, { "Action":[ "storagegateway:DeleteVolume", "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeStorediSCSIVolumes", "storagegateway:AddTagsToResource" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*", "Sid":"StorageGatewayVolumePermissions" }, { "Action":[ "storagegateway:DescribeGatewayInformation", "storagegateway:CreateStorediSCSIVolume", "storagegateway:CreateCachediSCSIVolume" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:gateway/*", "Sid":"StorageGatewayGatewayPermissions" }, { "Action":[ "storagegateway:ListVolumes" ], "Effect":"Allow", "Resource":"arn:aws:storagegateway:*:*:*", "Sid":"StorageGatewayListPermissions" }, { "Action":[ "rds:DescribeDBInstances", "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:RestoreDBInstanceFromDBSnapshot", "rds:DeleteDBInstance", "rds:AddTagsToResource", "rds:DescribeDBClusters", "rds:RestoreDBClusterFromSnapshot", "rds:DeleteDBCluster", "rds:RestoreDBInstanceToPointInTime", "rds:DescribeDBClusterSnapshots", "rds:RestoreDBClusterToPointInTime", "rds:CreateTenantDatabase", "rds:DeleteTenantDatabase" ], "Effect":"Allow", "Resource":"*", "Sid":"RDSPermissions" }, { "Action":[ "elasticfilesystem:Restore", "elasticfilesystem:CreateFilesystem", "elasticfilesystem:DescribeFilesystems", "elasticfilesystem:DeleteFilesystem", "elasticfilesystem:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", "Sid":"EFSPermissions" }, { "Action":"kms:DescribeKey", "Effect":"Allow", "Resource":"*", "Sid":"KMSDescribePermissions" }, { "Action":[ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:ReEncryptTo", "kms:ReEncryptFrom", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "dynamodb.*.amazonaws.com", "ec2.*.amazonaws.com", "elasticfilesystem.*.amazonaws.com", "rds.*.amazonaws.com", "redshift.*.amazonaws.com", "redshift-serverless.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSPermissions" }, { "Action":"kms:CreateGrant", "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSCreateGrantPermissions" }, { "Action":[ "ebs:CompleteSnapshot", "ebs:StartSnapshot", "ebs:PutSnapshotBlock" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"EBSSnapshotBlockPermissions" }, { "Action":[ "rds:CreateDBInstance" ], "Effect":"Allow", "Resource":"arn:aws:rds:*:*:db:*", "Sid":"RDSResourcePermissions" }, { "Action":[ "ec2:DeleteSnapshot", "ec2:DeleteTags", "ec2:RestoreSnapshotTier" ], "Condition":{ "Null":{ "aws:ResourceTag/aws:backup:source-resource":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"EC2DeleteAndRestorePermissions" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws:backup:source-resource" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:instance/*" ], "Sid":"EC2CreateTagsScopedPermissions" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2RunInstancesPermissions" }, { "Action":[ "ec2:TerminateInstances" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"EC2TerminateInstancesPermissions" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringLike":{ "ec2:CreateAction":[ "RunInstances", "CreateVolume" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"EC2CreateTagsPermissions" }, { "Action":[ "fsx:CreateFileSystemFromBackup" ], "Effect":"Allow", "Resource":[ "arn:aws:fsx:*:*:file-system/*", "arn:aws:fsx:*:*:backup/*" ], "Sid":"FsxPermissions" }, { "Action":[ "fsx:DescribeFileSystems", "fsx:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:file-system/*", "Sid":"FsxTagPermissions" }, { "Action":"fsx:DescribeBackups", "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:backup/*", "Sid":"FsxBackupPermissions" }, { "Action":[ "fsx:DeleteFileSystem", "fsx:UntagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/aws:backup:source-resource":"false" } }, "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:file-system/*", "Sid":"FsxDeletePermissions" }, { "Action":[ "fsx:DescribeVolumes" ], "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:volume/*", "Sid":"FsxDescribePermissions" }, { "Action":[ "fsx:CreateVolumeFromBackup", "fsx:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws:backup:source-resource" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:fsx:*:*:volume/*" ], "Sid":"FsxVolumeTagPermissions" }, { "Action":[ "fsx:CreateVolumeFromBackup", "fsx:TagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:fsx:*:*:storage-virtual-machine/*", "arn:aws:fsx:*:*:backup/*", "arn:aws:fsx:*:*:volume/*" ], "Sid":"FsxBackupTagPermissions" }, { "Action":[ "fsx:DeleteVolume", "fsx:UntagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/aws:backup:source-resource":"false" } }, "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:volume/*", "Sid":"FsxVolumePermissions" }, { "Action":"ds:DescribeDirectories", "Effect":"Allow", "Resource":"*", "Sid":"DSPermissions" }, { "Action":[ "dynamodb:RestoreTableFromAwsBackup" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/*", "Sid":"DynamoDBRestorePermissions" }, { "Action":[ "backup-gateway:Restore" ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:hypervisor/*", "Sid":"GatewayRestorePermissions" }, { "Action":[ "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:*/*/*", "Sid":"CloudformationChangeSetPermissions" }, { "Action":[ "redshift:RestoreFromClusterSnapshot", "redshift:RestoreTableFromClusterSnapshot" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:snapshot:*/*", "arn:aws:redshift:*:*:cluster:*", "arn:aws:redshift-serverless:*:*:snapshot/*" ], "Sid":"RedshiftClusterSnapshotPermissions" }, { "Action":[ "redshift:DescribeClusters" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:cluster:*" ], "Sid":"RedshiftClusterPermissions" }, { "Action":[ "redshift:DescribeTableRestoreStatus" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftTablePermissions" }, { "Action":[ "redshift-serverless:RestoreTableFromSnapshot" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*", "arn:aws:redshift-serverless:*:*:snapshot/*" ], "Sid":"RedshiftServerlessSnapshotPermissions" }, { "Action":[ "redshift-serverless:GetNamespace" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*" ], "Sid":"RedshiftServerlessNamespacePermissions" }, { "Action":[ "redshift-serverless:GetTableRestoreStatus" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RedshiftServerlessTablePermissions" }, { "Action":[ "timestream:StartAwsRestoreJob", "timestream:GetAwsRestoreStatus", "timestream:ListTables", "timestream:ListTagsForResource", "timestream:ListDatabases", "timestream:DescribeTable", "timestream:DescribeDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:timestream:*:*:database/*" ], "Sid":"TimestreamResourcePermissions" }, { "Action":[ "timestream:DescribeEndpoints" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"TimestreamEndpointPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-27T21:52:06+00:00" }, "AWSBackupServiceRolePolicyForS3Backup":{ "CreateDate":"2022-02-18T17:40:24+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":"cloudwatch:GetMetricData", "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchGetMetricDataPermissions" }, { "Action":[ "events:DeleteRule", "events:PutTargets", "events:DescribeRule", "events:EnableRule", "events:PutRule", "events:RemoveTargets", "events:ListTargetsByRule", "events:DisableRule" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/AwsBackupManagedRule*" ], "Sid":"EventBridgePermissionsForAwsBackupManagedRule" }, { "Action":"events:ListRules", "Effect":"Allow", "Resource":"*", "Sid":"EventBridgeListRulesPermissions" }, { "Action":[ "kms:Decrypt", "kms:DescribeKey" ], "Condition":{ "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"KmsPermissions" }, { "Action":[ "s3:GetBucketTagging", "s3:GetInventoryConfiguration", "s3:ListBucketVersions", "s3:ListBucket", "s3:GetBucketVersioning", "s3:GetBucketLocation", "s3:GetBucketAcl", "s3:PutInventoryConfiguration", "s3:GetBucketNotification", "s3:PutBucketNotification" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"S3BucketPermissions" }, { "Action":[ "s3:GetObjectAcl", "s3:GetObject", "s3:GetObjectVersionTagging", "s3:GetObjectVersionAcl", "s3:GetObjectTagging", "s3:GetObjectVersion" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*/*", "Sid":"S3ObjectPermissions" }, { "Action":"s3:ListAllMyBuckets", "Effect":"Allow", "Resource":"*", "Sid":"S3ListBucketPermissions" }, { "Action":[ "backup:TagResource" ], "Condition":{ "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:backup:*:*:recovery-point:*", "Sid":"RecoveryPointTaggingPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-17T17:12:03+00:00" }, "AWSBackupServiceRolePolicyForS3Restore":{ "CreateDate":"2022-02-18T17:39:37+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:CreateBucket", "s3:ListBucketVersions", "s3:ListBucket", "s3:GetBucketVersioning", "s3:GetBucketLocation", "s3:PutBucketVersioning", "s3:PutBucketOwnershipControls", "s3:GetBucketOwnershipControls" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*" ] }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion", "s3:DeleteObject", "s3:PutObjectVersionAcl", "s3:GetObjectVersionAcl", "s3:GetObjectTagging", "s3:PutObjectTagging", "s3:GetObjectAcl", "s3:PutObjectAcl", "s3:ListMultipartUploadParts", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*/*" ] }, { "Action":[ "kms:DescribeKey", "kms:GenerateDataKey", "kms:Decrypt" ], "Condition":{ "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-07T00:06:00+00:00" }, "AWSBatchFullAccess":{ "CreateDate":"2016-12-06T19:35:42+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "batch:*", "cloudwatch:GetMetricStatistics", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeKeyPairs", "ec2:DescribeVpcs", "ec2:DescribeImages", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ecs:DescribeClusters", "ecs:Describe*", "ecs:List*", "eks:DescribeCluster", "eks:ListClusters", "logs:Describe*", "logs:Get*", "logs:TestMetricFilter", "logs:FilterLogEvents", "iam:ListInstanceProfiles", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSBatchServiceRole", "arn:aws:iam::*:role/service-role/AWSBatchServiceRole", "arn:aws:iam::*:role/ecsInstanceRole", "arn:aws:iam::*:instance-profile/ecsInstanceRole", "arn:aws:iam::*:role/iaws-ec2-spot-fleet-role", "arn:aws:iam::*:role/aws-ec2-spot-fleet-role", "arn:aws:iam::*:role/AWSBatchJobRole*" ] }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"batch.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*Batch*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-24T16:09:09+00:00" }, "AWSBatchServiceEventTargetRole":{ "CreateDate":"2018-02-28T22:31:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "batch:SubmitJob" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-02-28T22:31:13+00:00" }, "AWSBatchServiceRole":{ "CreateDate":"2016-12-06T19:36:24+00:00", "DefaultVersionId":"v13", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceAttribute", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeKeyPairs", "ec2:DescribeImages", "ec2:DescribeImageAttribute", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeVpcClassicLink", "ec2:DescribeLaunchTemplateVersions", "ec2:CreateLaunchTemplate", "ec2:DeleteLaunchTemplate", "ec2:RequestSpotFleet", "ec2:CancelSpotFleetRequests", "ec2:ModifySpotFleetRequest", "ec2:TerminateInstances", "ec2:RunInstances", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeScalingActivities", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "autoscaling:SetDesiredCapacity", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "autoscaling:SuspendProcesses", "autoscaling:PutNotificationConfiguration", "autoscaling:TerminateInstanceInAutoScalingGroup", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", "ecs:ListAccountSettings", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "ecs:ListTasks", "ecs:CreateCluster", "ecs:DeleteCluster", "ecs:RegisterTaskDefinition", "ecs:DeregisterTaskDefinition", "ecs:RunTask", "ecs:StartTask", "ecs:StopTask", "ecs:UpdateContainerAgent", "ecs:DeregisterContainerInstance", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "iam:GetInstanceProfile", "iam:GetRole" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSBatchPolicyStatement1" }, { "Action":"ecs:TagResource", "Effect":"Allow", "Resource":[ "arn:aws:ecs:*:*:task/*_Batch_*" ], "Sid":"AWSBatchPolicyStatement2" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "ecs-tasks.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSBatchPolicyStatement3" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "spot.amazonaws.com", "spotfleet.amazonaws.com", "autoscaling.amazonaws.com", "ecs.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSBatchPolicyStatement4" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"RunInstances" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSBatchPolicyStatement5" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-05T18:49:44+00:00" }, "AWSBillingConductorFullAccess":{ "CreateDate":"2022-04-13T18:02:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "billingconductor:*", "organizations:ListAccounts", "pricing:DescribeServices" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-13T18:02:29+00:00" }, "AWSBillingConductorReadOnlyAccess":{ "CreateDate":"2022-04-13T18:02:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "billingconductor:List*", "organizations:ListAccounts", "pricing:DescribeServices" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-13T18:02:59+00:00" }, "AWSBillingReadOnlyAccess":{ "CreateDate":"2020-08-27T20:08:51+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "account:GetAccountInformation", "aws-portal:ViewBilling", "billing:GetBillingData", "billing:GetBillingDetails", "billing:GetBillingNotifications", "billing:GetBillingPreferences", "billing:GetCredits", "billing:GetContractInformation", "billing:GetIAMAccessPreference", "billing:GetSellerOfRecord", "billing:ListBillingViews", "budgets:ViewBudget", "budgets:DescribeBudgetActionsForBudget", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionHistories", "ce:DescribeCostCategoryDefinition", "ce:GetCostAndUsage", "ce:ListCostCategoryDefinitions", "ce:ListTagsForResource", "ce:ListCostAllocationTags", "ce:ListCostAllocationTagBackfillHistory", "ce:GetTags", "ce:GetDimensionValues", "consolidatedbilling:ListLinkedAccounts", "consolidatedbilling:GetAccountBillingRole", "cur:GetClassicReport", "cur:GetClassicReportPreferences", "cur:GetUsageReport", "cur:DescribeReportDefinitions", "freetier:GetFreeTierAlertPreference", "freetier:GetFreeTierUsage", "invoicing:BatchGetInvoiceProfile", "invoicing:GetInvoiceEmailDeliveryPreferences", "invoicing:GetInvoicePDF", "invoicing:GetInvoiceUnit", "invoicing:ListInvoiceSummaries", "invoicing:ListInvoiceUnits", "invoicing:ListTagsForResource", "mapcredits:ListQuarterSpend", "mapcredits:ListAssociatedPrograms", "mapcredits:ListQuarterCredits", "payments:GetFinancingApplication", "payments:GetFinancingLine", "payments:GetFinancingLineWithdrawal", "payments:GetFinancingOption", "payments:GetPaymentInstrument", "payments:GetPaymentStatus", "payments:ListFinancingApplications", "payments:ListFinancingLines", "payments:ListFinancingLineWithdrawals", "payments:ListPaymentInstruments", "payments:ListPaymentPreferences", "payments:ListPaymentProgramOptions", "payments:ListPaymentProgramStatus", "payments:ListTagsForResource", "purchase-orders:GetPurchaseOrder", "purchase-orders:ViewPurchaseOrders", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ListTagsForResource", "sustainability:GetCarbonFootprintSummary", "tax:GetTaxRegistrationDocument", "tax:GetTaxInheritance", "tax:ListTaxRegistrations" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor0" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-12T18:07:07+00:00" }, "AWSBudgetsActionsWithAWSResourceControlAccess":{ "CreateDate":"2020-10-15T17:19:12+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "budgets:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-portal:ViewBilling" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"budgets.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-portal:ModifyBilling", "ec2:DescribeInstances", "iam:ListGroups", "iam:ListPolicies", "iam:ListRoles", "iam:ListUsers", "organizations:ListAccounts", "organizations:ListOrganizationalUnitsForParent", "organizations:ListPolicies", "organizations:ListRoots", "rds:DescribeDBInstances", "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-15T17:19:12+00:00" }, "AWSBudgetsActions_RolePolicyForResourceAdministrationWithSSM":{ "CreateDate":"2022-05-25T19:03:30+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstanceStatus", "ec2:StartInstances", "ec2:StopInstances", "rds:DescribeDBInstances", "rds:StartDBInstance", "rds:StopDBInstance" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWS-StartEC2Instance:*", "arn:aws:ssm:*:*:automation-definition/AWS-StopEC2Instance:*", "arn:aws:ssm:*:*:automation-definition/AWS-StartRdsInstance:*", "arn:aws:ssm:*:*:automation-definition/AWS-StopRdsInstance:*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-05-25T19:03:30+00:00" }, "AWSBudgetsReadOnlyAccess":{ "CreateDate":"2020-10-15T17:18:28+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "aws-portal:ViewBilling", "budgets:ViewBudget", "budgets:Describe*", "budgets:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSBudgetsReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-17T17:41:25+00:00" }, "AWSBugBustFullAccess":{ "CreateDate":"2021-06-24T07:03:26+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListRecommendations", "codeguru-reviewer:ListCodeReviews" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeGuruReviewerPermission" }, { "Action":[ "codeguru-profiler:ListProfilingGroups", "codeguru-profiler:DescribeProfilingGroup" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeGuruProfilerPermission" }, { "Action":[ "bugbust:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSBugBustFullAccess" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"bugbust.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/bugbust.amazonaws.com/AWSServiceRoleForBugBust", "Sid":"AWSBugBustSLRCreation" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-07-22T20:04:29+00:00" }, "AWSBugBustPlayerAccess":{ "CreateDate":"2021-06-24T07:15:00+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListRecommendations" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeGuruReviewerPermission" }, { "Action":[ "codeguru-profiler:DescribeProfilingGroup" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeGuruProfilerPermission" }, { "Action":[ "bugbust:ListBugs", "bugbust:ListProfilingGroups", "bugbust:JoinEvent", "bugbust:GetEvent", "bugbust:ListEvents", "bugbust:GetJoinEventStatus", "bugbust:ListEventScores", "bugbust:ListEventParticipants", "bugbust:UpdateWorkItem", "bugbust:ListPullRequests" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSBugBustPlayerAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-06-24T07:15:00+00:00" }, "AWSBugBustServiceRolePolicy":{ "CreateDate":"2021-06-24T06:59:05+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codeguru-reviewer:ListRecommendations", "codeguru-reviewer:UntagResource", "codeguru-reviewer:DescribeCodeReview" ], "Condition":{ "StringLike":{ "aws:ResourceTag/bugbust":"enabled" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-06-24T06:59:05+00:00" }, "AWSCertificateManagerFullAccess":{ "CreateDate":"2016-01-21T17:02:36+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "acm:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"acm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus", "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-17T22:18:28+00:00" }, "AWSCertificateManagerPrivateCAAuditor":{ "CreateDate":"2018-10-23T16:51:08+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "acm-pca:CreateCertificateAuthorityAuditReport", "acm-pca:DescribeCertificateAuthority", "acm-pca:DescribeCertificateAuthorityAuditReport", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", "acm-pca:GetPolicy", "acm-pca:ListPermissions", "acm-pca:ListTags" ], "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:ListCertificateAuthorities" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-17T22:54:12+00:00" }, "AWSCertificateManagerPrivateCAFullAccess":{ "CreateDate":"2018-10-23T16:54:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "acm-pca:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-10-23T16:54:50+00:00" }, "AWSCertificateManagerPrivateCAPrivilegedUser":{ "CreateDate":"2019-06-20T17:43:13+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "acm-pca:IssueCertificate" ], "Condition":{ "ArnLike":{ "acm-pca:TemplateArn":[ "arn:aws:acm-pca:*:*:template/*CACertificate*/V*" ] } }, "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:IssueCertificate" ], "Condition":{ "ArnNotLike":{ "acm-pca:TemplateArn":[ "arn:aws:acm-pca:*:*:template/*CACertificate*/V*" ] } }, "Effect":"Deny", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:RevokeCertificate", "acm-pca:GetCertificate", "acm-pca:ListPermissions" ], "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:ListCertificateAuthorities" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-22T19:52:05+00:00" }, "AWSCertificateManagerPrivateCAReadOnly":{ "CreateDate":"2018-10-23T16:57:04+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":{ "Action":[ "acm-pca:DescribeCertificateAuthority", "acm-pca:DescribeCertificateAuthorityAuditReport", "acm-pca:ListCertificateAuthorities", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", "acm-pca:GetPolicy", "acm-pca:ListPermissions", "acm-pca:ListTags" ], "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-17T22:54:22+00:00" }, "AWSCertificateManagerPrivateCAUser":{ "CreateDate":"2018-10-23T16:53:33+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "acm-pca:IssueCertificate" ], "Condition":{ "ArnLike":{ "acm-pca:TemplateArn":[ "arn:aws:acm-pca:*:*:template/EndEntityCertificate/V*" ] } }, "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:IssueCertificate" ], "Condition":{ "ArnNotLike":{ "acm-pca:TemplateArn":[ "arn:aws:acm-pca:*:*:template/EndEntityCertificate/V*" ] } }, "Effect":"Deny", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:RevokeCertificate", "acm-pca:GetCertificate", "acm-pca:ListPermissions" ], "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:ListCertificateAuthorities" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-22T15:52:06+00:00" }, "AWSCertificateManagerReadOnly":{ "CreateDate":"2016-01-21T17:07:33+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":{ "Action":[ "acm:DescribeCertificate", "acm:ListCertificates", "acm:GetCertificate", "acm:ListTagsForCertificate", "acm:GetAccountConfiguration" ], "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-03-15T16:25:21+00:00" }, "AWSChatbotServiceLinkedRolePolicy":{ "CreateDate":"2019-11-18T16:39:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Unsubscribe", "sns:Subscribe", "sns:ListSubscriptions" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:PutLogEvents", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/chatbot/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-18T16:39:50+00:00" }, "AWSCleanRoomsFullAccess":{ "CreateDate":"2023-01-12T16:10:54+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cleanrooms:*" ], "Effect":"Allow", "Resource":"*", "Sid":"CleanRoomsAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/*cleanrooms*", "Sid":"PassServiceRole" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"ListRolesToPickServiceRole" }, { "Action":[ "iam:GetRole", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/*cleanrooms*", "Sid":"GetRoleAndListRolePoliciesToInspectServiceRole" }, { "Action":[ "iam:ListPolicies" ], "Effect":"Allow", "Resource":"*", "Sid":"ListPoliciesToInspectServiceRolePolicy" }, { "Action":[ "iam:GetPolicy", "iam:GetPolicyVersion" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:policy/*cleanrooms*", "Sid":"GetPolicyToInspectServiceRolePolicy" }, { "Action":[ "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetPartition", "glue:GetPartitions", "glue:GetSchema", "glue:GetSchemaVersion", "glue:BatchGetPartition" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleDisplayTables" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsolePickQueryResultsBucketListAll" }, { "Action":[ "s3:GetBucketLocation", "s3:ListBucketVersions" ], "Effect":"Allow", "Resource":"arn:aws:s3:::cleanrooms-queryresults*", "Sid":"SetQueryResultsBucket" }, { "Action":[ "s3:ListBucket", "s3:PutObject" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::cleanrooms-queryresults*", "Sid":"WriteQueryResults" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::cleanrooms-queryresults*", "Sid":"ConsoleDisplayQueryResults" }, { "Action":[ "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"EstablishLogDeliveries" }, { "Action":[ "logs:DescribeLogGroups" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"SetupLogGroupsDescribe" }, { "Action":[ "logs:CreateLogGroup" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", "Sid":"SetupLogGroupsCreate" }, { "Action":[ "logs:DescribeResourcePolicies", "logs:PutResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"SetupLogGroupsResourcePolicy" }, { "Action":[ "logs:StartQuery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", "Sid":"ConsoleLogSummaryQueryLogs" }, { "Action":[ "logs:GetQueryResults" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleLogSummaryObtainLogs" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-21T15:35:13+00:00" }, "AWSCleanRoomsFullAccessNoQuerying":{ "CreateDate":"2023-01-12T16:12:31+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "cleanrooms:BatchGetCollaborationAnalysisTemplate", "cleanrooms:BatchGetSchema", "cleanrooms:BatchGetSchemaAnalysisRule", "cleanrooms:CreateAnalysisTemplate", "cleanrooms:CreateCollaboration", "cleanrooms:CreateConfiguredTable", "cleanrooms:CreateConfiguredTableAnalysisRule", "cleanrooms:CreateConfiguredTableAssociation", "cleanrooms:CreateMembership", "cleanrooms:DeleteAnalysisTemplate", "cleanrooms:DeleteCollaboration", "cleanrooms:DeleteConfiguredTable", "cleanrooms:DeleteConfiguredTableAnalysisRule", "cleanrooms:DeleteConfiguredTableAssociation", "cleanrooms:DeleteMember", "cleanrooms:DeleteMembership", "cleanrooms:GetAnalysisTemplate", "cleanrooms:GetCollaborationAnalysisTemplate", "cleanrooms:GetCollaboration", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetConfiguredTableAssociation", "cleanrooms:GetMembership", "cleanrooms:GetProtectedQuery", "cleanrooms:GetSchema", "cleanrooms:GetSchemaAnalysisRule", "cleanrooms:ListAnalysisTemplates", "cleanrooms:ListCollaborationAnalysisTemplates", "cleanrooms:ListCollaborations", "cleanrooms:ListConfiguredTableAssociations", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMembers", "cleanrooms:ListMemberships", "cleanrooms:ListProtectedQueries", "cleanrooms:ListSchemas", "cleanrooms:UpdateAnalysisTemplate", "cleanrooms:UpdateCollaboration", "cleanrooms:UpdateConfiguredTable", "cleanrooms:UpdateConfiguredTableAnalysisRule", "cleanrooms:UpdateConfiguredTableAssociation", "cleanrooms:UpdateMembership", "cleanrooms:ListTagsForResource", "cleanrooms:UntagResource", "cleanrooms:TagResource" ], "Effect":"Allow", "Resource":"*", "Sid":"CleanRoomsAccess" }, { "Action":[ "cleanrooms:StartProtectedQuery", "cleanrooms:UpdateProtectedQuery" ], "Effect":"Deny", "Resource":"*", "Sid":"CleanRoomsNoQuerying" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/*cleanrooms*", "Sid":"PassServiceRole" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"ListRolesToPickServiceRole" }, { "Action":[ "iam:GetRole", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/*cleanrooms*", "Sid":"GetRoleAndListRolePoliciesToInspectServiceRole" }, { "Action":[ "iam:ListPolicies" ], "Effect":"Allow", "Resource":"*", "Sid":"ListPoliciesToInspectServiceRolePolicy" }, { "Action":[ "iam:GetPolicy", "iam:GetPolicyVersion" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:policy/*cleanrooms*", "Sid":"GetPolicyToInspectServiceRolePolicy" }, { "Action":[ "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetPartition", "glue:GetPartitions", "glue:GetSchema", "glue:GetSchemaVersion", "glue:BatchGetPartition" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleDisplayTables" }, { "Action":[ "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"EstablishLogDeliveries" }, { "Action":[ "logs:DescribeLogGroups" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"SetupLogGroupsDescribe" }, { "Action":[ "logs:CreateLogGroup" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", "Sid":"SetupLogGroupsCreate" }, { "Action":[ "logs:DescribeResourcePolicies", "logs:PutResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cleanrooms.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"SetupLogGroupsResourcePolicy" }, { "Action":[ "logs:StartQuery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", "Sid":"ConsoleLogSummaryQueryLogs" }, { "Action":[ "logs:GetQueryResults" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleLogSummaryObtainLogs" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-14T18:31:21+00:00" }, "AWSCleanRoomsMLFullAccess":{ "CreateDate":"2023-11-29T21:02:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cleanrooms-ml:*" ], "Effect":"Allow", "Resource":"*", "Sid":"CleanRoomsMLFullAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"cleanrooms-ml.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/cleanrooms-ml*" ], "Sid":"PassServiceRole" }, { "Action":[ "cleanrooms:GetCollaboration", "cleanrooms:BatchGetSchema", "cleanrooms:GetConfiguredAudienceModelAssociation", "cleanrooms:GetMembership", "cleanrooms:ListAnalysisTemplates", "cleanrooms:ListCollaborationAnalysisTemplates", "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations", "cleanrooms:ListCollaborations", "cleanrooms:ListConfiguredTableAssociations", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMembers", "cleanrooms:ListMemberships", "cleanrooms:ListProtectedQueries", "cleanrooms:ListSchemas", "cleanrooms:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"CleanRoomsConsoleNavigation" }, { "Action":[ "cleanrooms:ListMembers" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cleanrooms-ml.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CollaborationMembershipCheck" }, { "Action":[ "cleanrooms:CreateConfiguredAudienceModelAssociation" ], "Effect":"Allow", "Resource":"*", "Sid":"AssociateModels" }, { "Action":[ "cleanrooms:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:cleanrooms:*:*:membership/*/configuredaudiencemodelassociation/*", "Sid":"TagAssociations" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"ListRolesToPickServiceRole" }, { "Action":[ "iam:GetRole", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/cleanrooms-ml*", "arn:aws:iam::*:role/role/cleanrooms-ml*" ], "Sid":"GetRoleAndListRolePoliciesToInspectServiceRole" }, { "Action":[ "iam:ListPolicies" ], "Effect":"Allow", "Resource":"*", "Sid":"ListPoliciesToInspectServiceRolePolicy" }, { "Action":[ "iam:GetPolicy", "iam:GetPolicyVersion" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:policy/*cleanroomsml*", "Sid":"GetPolicyToInspectServiceRolePolicy" }, { "Action":[ "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetPartition", "glue:GetPartitions", "glue:GetSchema", "glue:GetSchemaVersion", "glue:BatchGetPartition" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleDisplayTables" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsolePickOutputBucket" }, { "Action":[ "s3:ListBucket", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*cleanrooms-ml*", "Sid":"ConsolePickS3Location" }, { "Action":[ "ecr:DescribeRepositories", "ecr:ListImages" ], "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/*", "Sid":"ConsoleDescribeECRRepositories" }, { "Action":[ "cleanrooms:PassMembership", "cleanrooms:PassCollaboration" ], "Effect":"Allow", "Resource":"*", "Sid":"PassCleanRoomsResources" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-10T20:07:07+00:00" }, "AWSCleanRoomsMLReadOnlyAccess":{ "CreateDate":"2023-11-29T20:55:31+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cleanrooms:GetCollaboration", "cleanrooms:GetConfiguredAudienceModelAssociation", "cleanrooms:GetMembership", "cleanrooms:ListAnalysisTemplates", "cleanrooms:ListCollaborationAnalysisTemplates", "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations", "cleanrooms:ListCollaborations", "cleanrooms:ListConfiguredTableAssociations", "cleanrooms:ListConfiguredTables", "cleanrooms:ListMembers", "cleanrooms:ListMemberships", "cleanrooms:ListProtectedQueries", "cleanrooms:ListSchemas", "cleanrooms:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"CleanRoomsConsoleNavigation" }, { "Action":[ "cleanrooms-ml:Get*", "cleanrooms-ml:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"CleanRoomsMLRead" }, { "Action":[ "cleanrooms:PassMembership", "cleanrooms:PassCollaboration" ], "Effect":"Allow", "Resource":"*", "Sid":"PassCleanRoomsResources" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-10T20:52:06+00:00" }, "AWSCleanRoomsReadOnlyAccess":{ "CreateDate":"2023-01-12T16:10:48+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cleanrooms:BatchGet*", "cleanrooms:Get*", "cleanrooms:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"CleanRoomsRead" }, { "Action":[ "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetPartition", "glue:GetPartitions", "glue:GetSchema", "glue:GetSchemaVersion", "glue:BatchGetPartition" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleDisplayTables" }, { "Action":[ "logs:StartQuery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", "Sid":"ConsoleLogSummaryQueryLogs" }, { "Action":[ "logs:GetQueryResults" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleLogSummaryObtainLogs" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-01-12T16:10:48+00:00" }, "AWSCloud9Administrator":{ "CreateDate":"2017-11-30T16:17:28+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "cloud9:*", "iam:GetUser", "iam:ListUsers", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"cloud9.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm:StartSession", "ssm:GetConnectionStatus" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloud9.amazonaws.com" }, "StringLike":{ "ssm:resourceTag/aws:cloud9:environment":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-11T12:59:29+00:00" }, "AWSCloud9EnvironmentMember":{ "CreateDate":"2017-11-30T16:18:28+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "cloud9:GetUserSettings", "cloud9:UpdateUserSettings", "cloud9:GetMigrationExperiences", "iam:GetUser", "iam:ListUsers" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloud9:DescribeEnvironmentMemberships" ], "Condition":{ "Null":{ "cloud9:EnvironmentId":"true", "cloud9:UserArn":"true" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ssm:StartSession", "ssm:GetConnectionStatus" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloud9.amazonaws.com" }, "StringLike":{ "ssm:resourceTag/aws:cloud9:environment":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-27T10:07:07+00:00" }, "AWSCloud9SSMInstanceProfile":{ "CreateDate":"2020-05-14T11:40:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel", "ssm:UpdateInstanceInformation" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-14T11:40:49+00:00" }, "AWSCloud9ServiceRolePolicy":{ "CreateDate":"2017-11-30T13:44:08+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "ec2:RunInstances", "ec2:CreateSecurityGroup", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "cloudformation:CreateStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:TerminateInstances", "ec2:DeleteSecurityGroup", "ec2:AuthorizeSecurityGroupIngress" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudformation:DeleteStack" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/aws-cloud9-*" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringLike":{ "aws:RequestTag/Name":"aws-cloud9-*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-name":"aws-cloud9-*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:license-manager:*:*:license-configuration:*" ] }, { "Action":[ "iam:ListInstanceProfiles", "iam:GetInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/cloud9/*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSCloud9SSMAccessRole" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-01-17T14:06:15+00:00" }, "AWSCloud9User":{ "CreateDate":"2017-11-30T16:16:17+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "cloud9:UpdateUserSettings", "cloud9:GetUserSettings", "cloud9:GetMigrationExperiences", "iam:GetUser", "iam:ListUsers", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloud9:CreateEnvironmentEC2", "cloud9:CreateEnvironmentSSH" ], "Condition":{ "Null":{ "cloud9:OwnerArn":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloud9:GetUserPublicKey" ], "Condition":{ "Null":{ "cloud9:UserArn":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloud9:DescribeEnvironmentMemberships" ], "Condition":{ "Null":{ "cloud9:EnvironmentId":"true", "cloud9:UserArn":"true" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"cloud9.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm:StartSession", "ssm:GetConnectionStatus" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloud9.amazonaws.com" }, "StringLike":{ "ssm:resourceTag/aws:cloud9:environment":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-27T10:07:06+00:00" }, "AWSCloudFormationFullAccess":{ "CreateDate":"2019-07-26T21:50:35+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudformation:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-07-26T21:50:35+00:00" }, "AWSCloudFormationReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:49+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "cloudformation:Describe*", "cloudformation:EstimateTemplateCost", "cloudformation:Get*", "cloudformation:List*", "cloudformation:ValidateTemplate", "cloudformation:Detect*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-13T17:40:07+00:00" }, "AWSCloudFrontLogger":{ "CreateDate":"2018-06-12T20:15:23+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/cloudfront/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-22T19:33:51+00:00" }, "AWSCloudFrontVPCOriginServiceRolePolicy":{ "CreateDate":"2024-10-24T17:45:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:RequestTag/aws.cloudfront.vpcorigin":"enabled" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"EC2Action1" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"EC2Action2" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/aws.cloudfront.vpcorigin":"enabled" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"EC2Action3" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*" ], "Sid":"EC2Action4" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:AssignIpv6Addresses", "ec2:UnassignIpv6Addresses" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/aws.cloudfront.vpcorigin":"enabled" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2Action5" }, { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeSubnets", "ec2:DescribeRegions", "ec2:DescribeAddresses" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Action6" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "aws:RequestTag/aws.cloudfront.vpcorigin":"enabled", "ec2:CreateAction":[ "CreateNetworkInterface", "CreateSecurityGroup" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"EC2Action7" }, { "Action":[ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeTargetGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"ElbAction1" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-24T17:45:25+00:00" }, "AWSCloudHSMFullAccess":{ "CreateDate":"2015-02-06T18:39:51+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"cloudhsm:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:39:51+00:00" }, "AWSCloudHSMReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudhsm:Get*", "cloudhsm:List*", "cloudhsm:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:39:52+00:00" }, "AWSCloudHSMRole":{ "CreateDate":"2015-02-06T18:41:23+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:CreateTags", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DetachNetworkInterface" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:23+00:00" }, "AWSCloudMapDiscoverInstanceAccess":{ "CreateDate":"2018-11-29T00:02:42+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "servicediscovery:DiscoverInstances", "servicediscovery:DiscoverInstancesRevision" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-20T21:48:09+00:00" }, "AWSCloudMapFullAccess":{ "CreateDate":"2018-11-28T23:57:31+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "route53:GetHostedZone", "route53:ListHostedZonesByName", "route53:CreateHostedZone", "route53:DeleteHostedZone", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:GetHealthCheck", "route53:DeleteHealthCheck", "route53:UpdateHealthCheck", "ec2:DescribeVpcs", "ec2:DescribeRegions", "ec2:DescribeInstances", "servicediscovery:*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-07-29T19:15:35+00:00" }, "AWSCloudMapReadOnlyAccess":{ "CreateDate":"2018-11-28T23:45:26+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "servicediscovery:Get*", "servicediscovery:List*", "servicediscovery:DiscoverInstances", "servicediscovery:DiscoverInstancesRevision" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-20T21:47:45+00:00" }, "AWSCloudMapRegisterInstanceAccess":{ "CreateDate":"2018-11-29T00:04:57+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "route53:GetHostedZone", "route53:ListHostedZonesByName", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:GetHealthCheck", "route53:DeleteHealthCheck", "route53:UpdateHealthCheck", "servicediscovery:Get*", "servicediscovery:List*", "servicediscovery:RegisterInstance", "servicediscovery:DeregisterInstance", "servicediscovery:DiscoverInstances", "servicediscovery:DiscoverInstancesRevision", "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-20T21:47:06+00:00" }, "AWSCloudShellFullAccess":{ "CreateDate":"2020-12-15T18:07:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudshell:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-15T18:07:44+00:00" }, "AWSCloudTrail_FullAccess":{ "CreateDate":"2020-10-08T23:41:15+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "sns:AddPermission", "sns:CreateTopic", "sns:SetTopicAttributes", "sns:GetTopicAttributes" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:aws-cloudtrail-logs*" ] }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:CreateBucket", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-cloudtrail-logs*" ] }, { "Action":[ "s3:ListAllMyBuckets", "s3:GetBucketLocation", "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":"*" }, { "Action":"cloudtrail:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:aws-cloudtrail-logs*" ] }, { "Action":[ "iam:ListRoles", "iam:GetRolePolicy", "iam:GetUser" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"cloudtrail.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:CreateKey", "kms:CreateAlias", "kms:ListKeys", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "lambda:ListFunctions" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "dynamodb:ListGlobalTables", "dynamodb:ListTables" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-22T19:01:00+00:00" }, "AWSCloudTrail_ReadOnlyAccess":{ "CreateDate":"2022-06-14T17:19:05+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudtrail:Get*", "cloudtrail:Describe*", "cloudtrail:List*", "cloudtrail:LookupEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-06-14T17:19:05+00:00" }, "AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy":{ "CreateDate":"2021-04-27T13:30:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"ssm-incidents:StartIncident", "Effect":"Allow", "Resource":"*", "Sid":"StartIncidentPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-27T13:30:52+00:00" }, "AWSCodeArtifactAdminAccess":{ "CreateDate":"2020-06-16T23:53:23+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codeartifact:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"sts:GetServiceBearerToken", "Condition":{ "StringEquals":{ "sts:AWSServiceName":"codeartifact.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-16T23:53:23+00:00" }, "AWSCodeArtifactReadOnlyAccess":{ "CreateDate":"2020-06-25T21:23:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codeartifact:Describe*", "codeartifact:Get*", "codeartifact:List*", "codeartifact:ReadFromRepository" ], "Effect":"Allow", "Resource":"*" }, { "Action":"sts:GetServiceBearerToken", "Condition":{ "StringEquals":{ "sts:AWSServiceName":"codeartifact.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-25T21:23:52+00:00" }, "AWSCodeBuildAdminAccess":{ "CreateDate":"2016-12-01T19:04:44+00:00", "DefaultVersionId":"v15", "Document":{ "Statement":[ { "Action":[ "codebuild:*", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetRepository", "codecommit:ListBranches", "codecommit:ListRepositories", "cloudwatch:GetMetricStatistics", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ecr:DescribeRepositories", "ecr:ListImages", "elasticfilesystem:DescribeFileSystems", "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:ListTargetsByRule", "events:ListRuleNamesByTarget", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "logs:GetLogEvents", "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSServicesAccess" }, { "Action":[ "logs:DeleteLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*", "Sid":"CWLDeleteLogGroupAccess" }, { "Action":[ "ssm:PutParameter" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/CodeBuild/*", "Sid":"SSMParameterWriteAccess" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", "Resource":"arn:aws:ecs:*:*:task/*/*", "Sid":"SSMStartSessionAccess" }, { "Action":[ "codestar-connections:CreateConnection", "codestar-connections:DeleteConnection", "codestar-connections:UpdateConnectionInstallation", "codestar-connections:TagResource", "codestar-connections:UntagResource", "codestar-connections:ListConnections", "codestar-connections:ListInstallationTargets", "codestar-connections:ListTagsForResource", "codestar-connections:GetConnection", "codestar-connections:GetIndividualAccessToken", "codestar-connections:GetInstallationUrl", "codestar-connections:PassConnection", "codestar-connections:StartOAuthHandshake", "codestar-connections:UseConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"CodeStarConnectionsReadWriteAccess" }, { "Action":[ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Condition":{ "ArnLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codebuild:*:*:project/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsReadWriteAccess" }, { "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsListAccess" }, { "Action":[ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:codestar-notifications*", "Sid":"CodeStarNotificationsSNSTopicCreateAccess" }, { "Action":[ "sns:ListTopics", "sns:GetTopicAttributes" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSTopicListAccess" }, { "Action":[ "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsChatbotAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-16T20:07:07+00:00" }, "AWSCodeBuildDeveloperAccess":{ "CreateDate":"2016-12-01T19:02:32+00:00", "DefaultVersionId":"v16", "Document":{ "Statement":[ { "Action":[ "codebuild:StartBuild", "codebuild:StopBuild", "codebuild:StartBuildBatch", "codebuild:StopBuildBatch", "codebuild:RetryBuild", "codebuild:RetryBuildBatch", "codebuild:BatchGet*", "codebuild:GetResourcePolicy", "codebuild:DescribeTestCases", "codebuild:DescribeCodeCoverages", "codebuild:List*", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetRepository", "codecommit:ListBranches", "cloudwatch:GetMetricStatistics", "events:DescribeRule", "events:ListTargetsByRule", "events:ListRuleNamesByTarget", "logs:GetLogEvents", "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSServicesAccess" }, { "Action":[ "ssm:PutParameter" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/CodeBuild/*", "Sid":"SSMParameterWriteAccess" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", "Resource":"arn:aws:ecs:*:*:task/*/*", "Sid":"SSMStartSessionAccess" }, { "Action":[ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"CodeStarConnectionsUserAccess" }, { "Action":[ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Condition":{ "ArnLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codebuild:*:*:project/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsReadWriteAccess" }, { "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsListAccess" }, { "Action":[ "sns:ListTopics", "sns:GetTopicAttributes" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSTopicListAccess" }, { "Action":[ "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsChatbotAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-16T20:07:06+00:00" }, "AWSCodeBuildReadOnlyAccess":{ "CreateDate":"2016-12-01T19:03:41+00:00", "DefaultVersionId":"v13", "Document":{ "Statement":[ { "Action":[ "codebuild:BatchGet*", "codebuild:GetResourcePolicy", "codebuild:List*", "codebuild:DescribeTestCases", "codebuild:DescribeCodeCoverages", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetRepository", "cloudwatch:GetMetricStatistics", "events:DescribeRule", "events:ListTargetsByRule", "events:ListRuleNamesByTarget", "logs:GetLogEvents" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSServicesAccess" }, { "Action":[ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"CodeStarConnectionsUserAccess" }, { "Action":[ "codestar-notifications:DescribeNotificationRule" ], "Condition":{ "ArnLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codebuild:*:*:project/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsPowerUserAccess" }, { "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsListAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-16T19:52:06+00:00" }, "AWSCodeCommitFullAccess":{ "CreateDate":"2015-07-09T17:02:19+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "codecommit:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/codecommit*", "Sid":"CloudWatchEventsCodeCommitRulesAccess" }, { "Action":[ "sns:CreateTopic", "sns:DeleteTopic", "sns:Subscribe", "sns:Unsubscribe", "sns:SetTopicAttributes" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:codecommit*", "Sid":"SNSTopicAndSubscriptionAccess" }, { "Action":[ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSTopicAndSubscriptionReadAccess" }, { "Action":[ "lambda:ListFunctions" ], "Effect":"Allow", "Resource":"*", "Sid":"LambdaReadOnlyListAccess" }, { "Action":[ "iam:ListUsers" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMReadOnlyListAccess" }, { "Action":[ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:user/${aws:username}", "Sid":"IAMReadOnlyConsoleAccess" }, { "Action":[ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:user/${aws:username}", "Sid":"IAMUserSSHKeys" }, { "Action":[ "iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:user/${aws:username}", "Sid":"IAMSelfManageServiceSpecificCredentials" }, { "Action":[ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Condition":{ "ArnLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codecommit:*:*:*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsReadWriteAccess" }, { "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsListAccess" }, { "Action":[ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:codestar-notifications*", "Sid":"CodeStarNotificationsSNSTopicCreateAccess" }, { "Action":[ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonCodeGuruReviewerFullAccess" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"codeguru-reviewer.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Sid":"AmazonCodeGuruReviewerSLRCreation" }, { "Action":[ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"codeguru-reviewer.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchEventsManagedRules" }, { "Action":[ "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsChatbotAccess" }, { "Action":[ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Effect":"Allow", "Resource":"arn:aws:codestar-connections:*:*:connection/*", "Sid":"CodeStarConnectionsReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-10T20:07:06+00:00" }, "AWSCodeCommitPowerUser":{ "CreateDate":"2015-07-09T17:06:49+00:00", "DefaultVersionId":"v16", "Document":{ "Statement":[ { "Action":[ "codecommit:AssociateApprovalRuleTemplateWithRepository", "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Create*", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:Describe*", "codecommit:DisassociateApprovalRuleTemplateFromRepository", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:Merge*", "codecommit:OverridePullRequestApprovalRules", "codecommit:Put*", "codecommit:Post*", "codecommit:TagResource", "codecommit:Test*", "codecommit:UntagResource", "codecommit:Update*", "codecommit:GitPull", "codecommit:GitPush" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/codecommit*", "Sid":"CloudWatchEventsCodeCommitRulesAccess" }, { "Action":[ "sns:Subscribe", "sns:Unsubscribe" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:codecommit*", "Sid":"SNSTopicAndSubscriptionAccess" }, { "Action":[ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSTopicAndSubscriptionReadAccess" }, { "Action":[ "lambda:ListFunctions" ], "Effect":"Allow", "Resource":"*", "Sid":"LambdaReadOnlyListAccess" }, { "Action":[ "iam:ListUsers" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMReadOnlyListAccess" }, { "Action":[ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:user/${aws:username}", "Sid":"IAMReadOnlyConsoleAccess" }, { "Action":[ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:user/${aws:username}", "Sid":"IAMUserSSHKeys" }, { "Action":[ "iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:user/${aws:username}", "Sid":"IAMSelfManageServiceSpecificCredentials" }, { "Action":[ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Condition":{ "ArnLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codecommit:*:*:*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsReadWriteAccess" }, { "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsListAccess" }, { "Action":[ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonCodeGuruReviewerFullAccess" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"codeguru-reviewer.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Sid":"AmazonCodeGuruReviewerSLRCreation" }, { "Action":[ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"codeguru-reviewer.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchEventsManagedRules" }, { "Action":[ "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsChatbotAccess" }, { "Action":[ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Effect":"Allow", "Resource":"arn:aws:codestar-connections:*:*:connection/*", "Sid":"CodeStarConnectionsReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-10T20:07:07+00:00" }, "AWSCodeCommitReadOnly":{ "CreateDate":"2015-07-09T17:05:06+00:00", "DefaultVersionId":"v12", "Document":{ "Statement":[ { "Action":[ "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Describe*", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:GitPull" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/codecommit*", "Sid":"CloudWatchEventsCodeCommitRulesReadOnlyAccess" }, { "Action":[ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSSubscriptionAccess" }, { "Action":[ "lambda:ListFunctions" ], "Effect":"Allow", "Resource":"*", "Sid":"LambdaReadOnlyListAccess" }, { "Action":[ "iam:ListUsers" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMReadOnlyListAccess" }, { "Action":[ "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials", "iam:ListAccessKeys", "iam:GetSSHPublicKey" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:user/${aws:username}", "Sid":"IAMReadOnlyConsoleAccess" }, { "Action":[ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Effect":"Allow", "Resource":"arn:aws:codestar-connections:*:*:connection/*", "Sid":"CodeStarConnectionsReadOnlyAccess" }, { "Action":[ "codestar-notifications:DescribeNotificationRule" ], "Condition":{ "ArnLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codecommit:*:*:*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsReadOnlyAccess" }, { "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsListAccess" }, { "Action":[ "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonCodeGuruReviewerReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-10T20:07:07+00:00" }, "AWSCodeDeployDeployerAccess":{ "CreateDate":"2015-05-19T18:18:43+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "codedeploy:Batch*", "codedeploy:CreateDeployment", "codedeploy:Get*", "codedeploy:List*", "codedeploy:RegisterApplicationRevision" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Condition":{ "ArnLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codedeploy:*:*:application:*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsReadWriteAccess" }, { "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsListAccess" }, { "Action":[ "chatbot:DescribeSlackChannelConfigurations" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsChatbotAccess" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSTopicListAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-16T20:22:07+00:00" }, "AWSCodeDeployFullAccess":{ "CreateDate":"2015-05-19T18:13:23+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":"codedeploy:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Condition":{ "ArnLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codedeploy:*:*:application:*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsReadWriteAccess" }, { "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsListAccess" }, { "Action":[ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:codestar-notifications*", "Sid":"CodeStarNotificationsSNSTopicCreateAccess" }, { "Action":[ "chatbot:DescribeSlackChannelConfigurations" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsChatbotAccess" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSTopicListAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-16T20:22:06+00:00" }, "AWSCodeDeployReadOnlyAccess":{ "CreateDate":"2015-05-19T18:21:32+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "codedeploy:Batch*", "codedeploy:Get*", "codedeploy:List*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "codestar-notifications:DescribeNotificationRule" ], "Condition":{ "ArnLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codedeploy:*:*:application:*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsPowerUserAccess" }, { "Action":[ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsListAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-16T20:07:07+00:00" }, "AWSCodeDeployRole":{ "CreateDate":"2015-05-04T18:05:37+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "autoscaling:CompleteLifecycleAction", "autoscaling:DeleteLifecycleHook", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLifecycleHooks", "autoscaling:PutLifecycleHook", "autoscaling:RecordLifecycleActionHeartbeat", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "autoscaling:UpdateAutoScalingGroup", "autoscaling:EnableMetricsCollection", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeNotificationConfigurations", "autoscaling:SuspendProcesses", "autoscaling:ResumeProcesses", "autoscaling:AttachLoadBalancers", "autoscaling:AttachLoadBalancerTargetGroups", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:PutNotificationConfiguration", "autoscaling:PutWarmPool", "autoscaling:DescribeScalingActivities", "autoscaling:DeleteAutoScalingGroup", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:TerminateInstances", "tag:GetResources", "sns:Publish", "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeregisterTargets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-16T20:38:58+00:00" }, "AWSCodeDeployRoleForCloudFormation":{ "CreateDate":"2020-05-19T17:12:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:CodeDeployHook_*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-19T17:12:52+00:00" }, "AWSCodeDeployRoleForECS":{ "CreateDate":"2018-11-27T20:40:57+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ecs:DescribeServices", "ecs:CreateTaskSet", "ecs:UpdateServicePrimaryTaskSet", "ecs:DeleteTaskSet", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:ModifyRule", "lambda:InvokeFunction", "cloudwatch:DescribeAlarms", "sns:Publish", "s3:GetObject", "s3:GetObjectVersion" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "ecs-tasks.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-23T22:37:46+00:00" }, "AWSCodeDeployRoleForECSLimited":{ "CreateDate":"2018-11-27T20:42:42+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ecs:DescribeServices", "ecs:CreateTaskSet", "ecs:UpdateServicePrimaryTaskSet", "ecs:DeleteTaskSet", "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:CodeDeployTopic_*" }, { "Action":[ "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:ModifyRule" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:CodeDeployHook_*" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Condition":{ "StringEquals":{ "s3:ExistingObjectTag/UseWithCodeDeploy":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "ecs-tasks.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/ecsTaskExecutionRole", "arn:aws:iam::*:role/ECSTaskExecution*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-23T22:10:29+00:00" }, "AWSCodeDeployRoleForLambda":{ "CreateDate":"2017-11-28T14:05:44+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarms", "lambda:UpdateAlias", "lambda:GetAlias", "lambda:GetProvisionedConcurrencyConfig", "sns:Publish" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*/CodeDeploy/*" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Condition":{ "StringEquals":{ "s3:ExistingObjectTag/UseWithCodeDeploy":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:CodeDeployHook_*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T19:53:10+00:00" }, "AWSCodeDeployRoleForLambdaLimited":{ "CreateDate":"2020-08-17T17:14:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarms", "lambda:UpdateAlias", "lambda:GetAlias", "lambda:GetProvisionedConcurrencyConfig" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*/CodeDeploy/*" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Condition":{ "StringEquals":{ "s3:ExistingObjectTag/UseWithCodeDeploy":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:CodeDeployHook_*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-17T17:14:14+00:00" }, "AWSCodePipelineApproverAccess":{ "CreateDate":"2016-07-28T18:59:17+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:GetPipelineExecution", "codepipeline:ListPipelineExecutions", "codepipeline:ListPipelines", "codepipeline:PutApprovalResult" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-08-02T17:24:58+00:00" }, "AWSCodePipelineCustomActionAccess":{ "CreateDate":"2015-07-09T17:02:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codepipeline:AcknowledgeJob", "codepipeline:GetJobDetails", "codepipeline:PollForJobs", "codepipeline:PutJobFailureResult", "codepipeline:PutJobSuccessResult" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-07-09T17:02:54+00:00" }, "AWSCodePipeline_FullAccess":{ "CreateDate":"2020-08-03T22:38:28+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "codepipeline:*", "cloudformation:DescribeStacks", "cloudformation:ListStacks", "cloudformation:ListChangeSets", "cloudtrail:DescribeTrails", "codebuild:BatchGetProjects", "codebuild:CreateProject", "codebuild:ListCuratedEnvironmentImages", "codebuild:ListProjects", "codecommit:ListBranches", "codecommit:GetReferences", "codecommit:ListRepositories", "codedeploy:BatchGetDeploymentGroups", "codedeploy:ListApplications", "codedeploy:ListDeploymentGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ecr:DescribeRepositories", "ecr:ListImages", "ecs:ListClusters", "ecs:ListServices", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeEnvironments", "iam:ListRoles", "iam:GetRole", "lambda:ListFunctions", "events:ListRules", "events:ListTargetsByRule", "events:DescribeRule", "opsworks:DescribeApps", "opsworks:DescribeLayers", "opsworks:DescribeStacks", "s3:ListAllMyBuckets", "sns:ListTopics", "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes", "states:ListStateMachines" ], "Effect":"Allow", "Resource":"*", "Sid":"CodePipelineAuthoringAccess" }, { "Action":[ "s3:GetObject", "s3:ListBucket", "s3:GetBucketPolicy", "s3:GetBucketVersioning", "s3:GetObjectVersion", "s3:CreateBucket", "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3::*:codepipeline-*", "Sid":"CodePipelineArtifactsReadWriteAccess" }, { "Action":[ "cloudtrail:PutEventSelectors", "cloudtrail:CreateTrail", "cloudtrail:GetEventSelectors", "cloudtrail:StartLogging" ], "Effect":"Allow", "Resource":"arn:aws:cloudtrail:*:*:trail/codepipeline-source-trail", "Sid":"CodePipelineSourceTrailReadWriteAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "events.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/cwe-role-*" ], "Sid":"EventsIAMPassRole" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "codepipeline.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CodePipelineIAMPassRole" }, { "Action":[ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:DisableRule", "events:RemoveTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/codepipeline-*" ], "Sid":"CodePipelineEventsReadWriteAccess" }, { "Action":[ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Condition":{ "StringLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codepipeline:*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsReadWriteAccess" }, { "Action":[ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:codestar-notifications*", "Sid":"CodeStarNotificationsSNSTopicCreateAccess" }, { "Action":[ "chatbot:DescribeSlackChannelConfigurations", "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsChatbotAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-14T17:06:23+00:00" }, "AWSCodePipeline_ReadOnlyAccess":{ "CreateDate":"2020-08-03T22:25:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:GetPipelineExecution", "codepipeline:ListPipelineExecutions", "codepipeline:ListActionExecutions", "codepipeline:ListActionTypes", "codepipeline:ListPipelines", "codepipeline:ListTagsForResource", "s3:ListAllMyBuckets", "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject", "s3:ListBucket", "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3::*:codepipeline-*" }, { "Action":[ "codestar-notifications:DescribeNotificationRule" ], "Condition":{ "StringLike":{ "codestar-notifications:NotificationsForResource":"arn:aws:codepipeline:*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeStarNotificationsReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-03T22:25:17+00:00" }, "AWSCodeStarFullAccess":{ "CreateDate":"2017-04-19T16:23:19+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "codestar:*", "ec2:DescribeKeyPairs", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "cloud9:DescribeEnvironment*", "cloud9:ValidateEnvironmentName" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeStarEC2" }, { "Action":[ "cloudformation:DescribeStack*", "cloudformation:ListStacks*", "cloudformation:GetTemplateSummary" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/awscodestar-*" ], "Sid":"CodeStarCF" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-28T00:06:28+00:00" }, "AWSCodeStarNotificationsServiceRolePolicy":{ "CreateDate":"2019-11-05T16:10:21+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/awscodestarnotifications-*" }, { "Action":[ "sns:CreateTopic" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:CodeStarNotifications-*" }, { "Action":[ "codecommit:GetCommentsForPullRequest", "codecommit:GetCommentsForComparedCommit", "chatbot:DescribeSlackChannelConfigurations", "chatbot:UpdateSlackChannelConfiguration", "codecommit:GetDifferences", "codepipeline:ListActionExecutions" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "codecommit:GetFile" ], "Condition":{ "StringNotEquals":{ "aws:ResourceTag/ExcludeFileContentFromNotifications":"true" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-03-19T16:01:55+00:00" }, "AWSCodeStarServiceRole":{ "CreateDate":"2017-04-19T15:20:50+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "events:PutTargets", "events:RemoveTargets", "events:PutRule", "events:DeleteRule", "events:DescribeRule" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/awscodestar-*" ], "Sid":"ProjectEventRules" }, { "Action":[ "cloudformation:*Stack*", "cloudformation:CreateChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:GetTemplate" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/awscodestar-*", "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/aws-cloud9-*", "arn:aws:cloudformation:*:aws:transform/CodeStar*" ], "Sid":"ProjectStack" }, { "Action":[ "cloudformation:GetTemplateSummary", "cloudformation:DescribeChangeSet" ], "Effect":"Allow", "Resource":"*", "Sid":"ProjectStackTemplate" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::awscodestar-*/*" ], "Sid":"ProjectQuickstarts" }, { "Action":[ "s3:*" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-codestar-*", "arn:aws:s3:::elasticbeanstalk-*" ], "Sid":"ProjectS3Buckets" }, { "Action":[ "codestar:*", "codecommit:*", "codepipeline:*", "codedeploy:*", "codebuild:*", "autoscaling:*", "cloudwatch:Put*", "ec2:*", "elasticbeanstalk:*", "elasticloadbalancing:*", "iam:ListRoles", "logs:*", "sns:*", "cloud9:CreateEnvironmentEC2", "cloud9:DeleteEnvironment", "cloud9:DescribeEnvironment*", "cloud9:ListEnvironments" ], "Effect":"Allow", "Resource":"*", "Sid":"ProjectServices" }, { "Action":[ "iam:AttachRolePolicy", "iam:CreateRole", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:DetachRolePolicy", "iam:GetRole", "iam:PassRole", "iam:GetRolePolicy", "iam:PutRolePolicy", "iam:SetDefaultPolicyVersion", "iam:CreatePolicy", "iam:DeletePolicy", "iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:RemoveRoleFromInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/CodeStarWorker*", "arn:aws:iam::*:policy/CodeStarWorker*", "arn:aws:iam::*:instance-profile/awscodestar-*" ], "Sid":"ProjectWorkerRoles" }, { "Action":[ "iam:AttachUserPolicy", "iam:DetachUserPolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyArn":[ "arn:aws:iam::*:policy/CodeStar_*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ProjectTeamMembers" }, { "Action":[ "iam:CreatePolicy", "iam:DeletePolicy", "iam:CreatePolicyVersion", "iam:DeletePolicyVersion", "iam:ListEntitiesForPolicy", "iam:ListPolicyVersions", "iam:GetPolicy", "iam:GetPolicyVersion" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:policy/CodeStar_*" ], "Sid":"ProjectRoles" }, { "Action":[ "iam:ListAttachedRolePolicies" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-codestar-service-role", "arn:aws:iam::*:role/service-role/aws-codestar-service-role" ], "Sid":"InspectServiceRole" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"cloud9.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"IAMLinkRole" }, { "Action":[ "config:DescribeConfigRules" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DescribeConfigRuleForARN" }, { "Action":[ "codestar-connections:UseConnection", "codestar-connections:GetConnection" ], "Effect":"Allow", "Resource":"*", "Sid":"ProjectCodeStarConnections" }, { "Action":"codestar-connections:PassConnection", "Condition":{ "StringEqualsIfExists":{ "codestar-connections:PassedToService":"codepipeline.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"ProjectCodeStarConnectionsPassConnections" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-20T19:11:03+00:00" }, "AWSCompromisedKeyQuarantine":{ "CreateDate":"2020-08-11T18:04:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:AttachGroupPolicy", "iam:AttachRolePolicy", "iam:AttachUserPolicy", "iam:ChangePassword", "iam:CreateAccessKey", "iam:CreateInstanceProfile", "iam:CreateLoginProfile", "iam:CreateRole", "iam:CreateUser", "iam:DetachUserPolicy", "iam:PutUserPermissionsBoundary", "iam:PutUserPolicy", "iam:UpdateAccessKey", "iam:UpdateAccountPasswordPolicy", "iam:UpdateUser", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "organizations:CreateAccount", "organizations:CreateOrganization", "organizations:InviteAccountToOrganization", "lambda:CreateFunction", "lightsail:Create*", "lightsail:Start*", "lightsail:Delete*", "lightsail:Update*", "lightsail:GetInstanceAccessDetails", "lightsail:DownloadDefaultKeyPair" ], "Effect":"Deny", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-11T18:04:13+00:00" }, "AWSCompromisedKeyQuarantineV2":{ "CreateDate":"2021-04-21T22:30:59+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "cloudtrail:LookupEvents", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "iam:AddUserToGroup", "iam:AttachGroupPolicy", "iam:AttachRolePolicy", "iam:AttachUserPolicy", "iam:ChangePassword", "iam:CreateAccessKey", "iam:CreateInstanceProfile", "iam:CreateLoginProfile", "iam:CreatePolicyVersion", "iam:CreateRole", "iam:CreateUser", "iam:DetachUserPolicy", "iam:PassRole", "iam:PutGroupPolicy", "iam:PutRolePolicy", "iam:PutUserPermissionsBoundary", "iam:PutUserPolicy", "iam:SetDefaultPolicyVersion", "iam:UpdateAccessKey", "iam:UpdateAccountPasswordPolicy", "iam:UpdateAssumeRolePolicy", "iam:UpdateLoginProfile", "iam:UpdateUser", "lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:CreateFunction", "lambda:GetPolicy", "lambda:ListTags", "lambda:PutProvisionedConcurrencyConfig", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateFunctionCode", "lightsail:Create*", "lightsail:Delete*", "lightsail:DownloadDefaultKeyPair", "lightsail:GetInstanceAccessDetails", "lightsail:Start*", "lightsail:Update*", "organizations:CreateAccount", "organizations:CreateOrganization", "organizations:InviteAccountToOrganization", "s3:DeleteBucket", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutLifecycleConfiguration", "s3:PutBucketAcl", "s3:PutBucketOwnershipControls", "s3:DeleteBucketPolicy", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccountPublicAccessBlock", "s3:PutBucketPolicy", "s3:ListAllMyBuckets", "ec2:PurchaseReservedInstancesOffering", "ec2:AcceptReservedInstancesExchangeQuote", "ec2:CreateReservedInstancesListing", "savingsplans:CreateSavingsPlan", "ecs:CreateService", "ecs:CreateCluster", "ecs:RegisterTaskDefinition", "ecr:GetAuthorizationToken", "bedrock:CreateModelInvocationJob", "bedrock:InvokeModelWithResponseStream", "bedrock:CreateFoundationModelAgreement", "bedrock:PutFoundationModelEntitlement", "bedrock:InvokeModel", "s3:CreateBucket", "s3:PutBucketCors", "s3:GetObject", "s3:ListBucket", "sagemaker:CreateEndpointConfig", "sagemaker:CreateProcessingJob", "ses:GetSendQuota", "ses:ListIdentities", "sts:GetSessionToken", "sts:GetFederationToken", "amplify:CreateDeployment", "amplify:CreateBackendEnvironment", "codebuild:CreateProject", "glue:CreateJob", "iam:DeleteRole", "iam:DeleteAccessKey", "iam:ListUsers", "lambda:GetEventSourceMapping", "sns:GetSMSAttributes", "mediapackagev2:CreateChannel" ], "Effect":"Deny", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-02T16:41:39+00:00" }, "AWSCompromisedKeyQuarantineV3":{ "CreateDate":"2024-08-21T17:36:49+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudtrail:LookupEvents", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "iam:AddUserToGroup", "iam:AttachGroupPolicy", "iam:AttachRolePolicy", "iam:AttachUserPolicy", "iam:ChangePassword", "iam:CreateAccessKey", "iam:CreateInstanceProfile", "iam:CreateLoginProfile", "iam:CreatePolicyVersion", "iam:CreateRole", "iam:CreateUser", "iam:DetachUserPolicy", "iam:PassRole", "iam:PutGroupPolicy", "iam:PutRolePolicy", "iam:PutUserPermissionsBoundary", "iam:PutUserPolicy", "iam:SetDefaultPolicyVersion", "iam:UpdateAccessKey", "iam:UpdateAccountPasswordPolicy", "iam:UpdateAssumeRolePolicy", "iam:UpdateLoginProfile", "iam:UpdateUser", "lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:CreateFunction", "lambda:GetPolicy", "lambda:ListTags", "lambda:PutProvisionedConcurrencyConfig", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateFunctionCode", "lightsail:Create*", "lightsail:Delete*", "lightsail:DownloadDefaultKeyPair", "lightsail:GetInstanceAccessDetails", "lightsail:Start*", "lightsail:Update*", "organizations:CreateAccount", "organizations:CreateOrganization", "organizations:InviteAccountToOrganization", "s3:DeleteBucket", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutLifecycleConfiguration", "s3:PutBucketAcl", "s3:PutBucketOwnershipControls", "s3:DeleteBucketPolicy", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccountPublicAccessBlock", "s3:PutBucketPolicy", "s3:ListAllMyBuckets", "ec2:PurchaseReservedInstancesOffering", "ec2:AcceptReservedInstancesExchangeQuote", "ec2:CreateReservedInstancesListing", "savingsplans:CreateSavingsPlan", "ecs:CreateService", "ecs:CreateCluster", "ecs:RegisterTaskDefinition", "ecr:GetAuthorizationToken", "bedrock:CreateModelInvocationJob", "bedrock:InvokeModelWithResponseStream", "bedrock:CreateFoundationModelAgreement", "bedrock:PutFoundationModelEntitlement", "bedrock:InvokeModel", "s3:CreateBucket", "s3:PutBucketCors", "s3:GetObject", "s3:ListBucket", "sagemaker:CreateEndpointConfig", "sagemaker:CreateProcessingJob", "ses:GetSendQuota", "ses:ListIdentities", "sts:GetSessionToken", "sts:GetFederationToken", "amplify:CreateDeployment", "amplify:CreateBackendEnvironment", "codebuild:CreateProject", "glue:CreateJob", "iam:DeleteRole", "iam:DeleteAccessKey", "iam:ListUsers", "lambda:GetEventSourceMapping", "sns:GetSMSAttributes", "mediapackagev2:CreateChannel" ], "Effect":"Deny", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-02T16:52:27+00:00" }, "AWSConfigMultiAccountSetupPolicy":{ "CreateDate":"2019-06-17T18:03:16+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "config:PutConfigRule", "config:DeleteConfigRule" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/config-multiaccountsetup.amazonaws.com/*" }, { "Action":[ "config:DescribeConfigurationRecorders" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeAccount" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "config:PutConformancePack", "config:DeleteConformancePack" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:conformance-pack/aws-service-conformance-pack/config-multiaccountsetup.amazonaws.com/*" }, { "Action":[ "config:DescribeConformancePackStatus" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"config-conforms.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-24T01:39:49+00:00" }, "AWSConfigRemediationServiceRolePolicy":{ "CreateDate":"2019-06-18T21:21:35+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:GetDocument", "ssm:DescribeDocument", "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-18T21:21:35+00:00" }, "AWSConfigRoleForOrganizations":{ "CreateDate":"2018-03-19T22:53:01+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-24T20:19:13+00:00" }, "AWSConfigRulesExecutionRole":{ "CreateDate":"2016-03-25T17:59:36+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*/AWSLogs/*/Config/*" }, { "Action":[ "config:Put*", "config:Get*", "config:List*", "config:Describe*", "config:BatchGet*", "config:Select*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-05-13T21:33:30+00:00" }, "AWSConfigServiceRolePolicy":{ "CreateDate":"2018-05-30T23:31:46+00:00", "DefaultVersionId":"v56", "Document":{ "Statement":[ { "Action":[ "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "account:GetAlternateContact", "acm-pca:DescribeCertificateAuthority", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:ListCertificateAuthorities", "acm-pca:ListTags", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", "airflow:GetEnvironment", "airflow:ListEnvironments", "airflow:ListTagsForResource", "amplify:GetApp", "amplify:GetBranch", "amplify:ListApps", "amplify:ListBranches", "amplifyuibuilder:ExportThemes", "amplifyuibuilder:GetTheme", "amplifyuibuilder:ListThemes", "aoss:BatchGetCollection", "aoss:BatchGetLifecyclePolicy", "aoss:BatchGetVpcEndpoint", "aoss:GetAccessPolicy", "aoss:GetSecurityConfig", "aoss:GetSecurityPolicy", "aoss:ListAccessPolicies", "aoss:ListCollections", "aoss:ListLifecyclePolicies", "aoss:ListSecurityConfigs", "aoss:ListSecurityPolicies", "aoss:ListVpcEndpoints", "app-integrations:GetApplication", "app-integrations:GetEventIntegration", "app-integrations:ListApplications", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "app-integrations:ListTagsForResource", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", "appconfig:GetExtension", "appconfig:GetExtensionAssociation", "appconfig:GetHostedConfigurationVersion", "appconfig:ListApplications", "appconfig:ListConfigurationProfiles", "appconfig:ListDeployments", "appconfig:ListDeploymentStrategies", "appconfig:ListEnvironments", "appconfig:ListExtensionAssociations", "appconfig:ListExtensions", "appconfig:ListHostedConfigurationVersions", "appconfig:ListTagsForResource", "appflow:DescribeConnectorProfiles", "appflow:DescribeFlow", "appflow:ListFlows", "appflow:ListTagsForResource", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "appmesh:DescribeGatewayRoute", "appmesh:DescribeMesh", "appmesh:DescribeRoute", "appmesh:DescribeVirtualGateway", "appmesh:DescribeVirtualNode", "appmesh:DescribeVirtualRouter", "appmesh:DescribeVirtualService", "appmesh:ListGatewayRoutes", "appmesh:ListMeshes", "appmesh:ListRoutes", "appmesh:ListTagsForResource", "appmesh:ListVirtualGateways", "appmesh:ListVirtualNodes", "appmesh:ListVirtualRouters", "appmesh:ListVirtualServices", "apprunner:DescribeService", "apprunner:DescribeVpcConnector", "apprunner:ListServices", "apprunner:ListTagsForResource", "apprunner:ListVpcConnectors", "appstream:DescribeAppBlockBuilders", "appstream:DescribeApplications", "appstream:DescribeDirectoryConfigs", "appstream:DescribeFleets", "appstream:DescribeStacks", "appstream:ListTagsForResource", "appsync:GetApiCache", "appsync:GetGraphqlApi", "appsync:ListGraphqlApis", "aps:DescribeAlertManagerDefinition", "aps:DescribeLoggingConfiguration", "APS:DescribeRuleGroupsNamespace", "APS:DescribeWorkspace", "aps:ListRuleGroupsNamespaces", "aps:ListTagsForResource", "APS:ListWorkspaces", "athena:GetDataCatalog", "athena:GetPreparedStatement", "athena:GetWorkGroup", "athena:ListDataCatalogs", "athena:ListPreparedStatements", "athena:ListTagsForResource", "athena:ListWorkGroups", "auditmanager:GetAccountStatus", "auditmanager:GetAssessment", "auditmanager:ListAssessments", "autoscaling-plans:DescribeScalingPlanResources", "autoscaling-plans:DescribeScalingPlans", "autoscaling-plans:GetScalingPlanResourceForecastData", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", "autoscaling:DescribeWarmPool", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup:DescribeBackupVault", "backup:DescribeFramework", "backup:DescribeProtectedResource", "backup:DescribeRecoveryPoint", "backup:DescribeReportPlan", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:GetRestoreTestingPlan", "backup:GetRestoreTestingSelection", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListFrameworks", "backup:ListRecoveryPointsByBackupVault", "backup:ListReportPlans", "backup:ListRestoreTestingPlans", "backup:ListRestoreTestingSelections", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "batch:ListTagsForResource", "billingconductor:ListAccountAssociations", "billingconductor:ListBillingGroups", "billingconductor:ListCustomLineItems", "billingconductor:ListPricingPlans", "billingconductor:ListPricingRules", "billingconductor:ListPricingRulesAssociatedToPricingPlan", "billingconductor:ListTagsForResource", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionsForBudget", "budgets:ViewBudget", "cassandra:Select", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "cloud9:DescribeEnvironmentMemberships", "cloud9:DescribeEnvironments", "cloud9:ListEnvironments", "cloud9:ListTagsForResource", "cloudformation:DescribeType", "cloudformation:GetResource", "cloudformation:ListResources", "cloudformation:ListStackResources", "cloudformation:ListStacks", "cloudformation:ListTypes", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:GetResponseHeadersPolicy", "cloudfront:ListDistributions", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "cloudfront:ListResponseHeadersPolicies", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudTrail:GetChannel", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", "cloudtrail:GetInsightSelectors", "cloudtrail:GetTrailStatus", "cloudTrail:ListChannels", "cloudtrail:ListEventDataStores", "cloudtrail:ListTags", "cloudtrail:ListTrails", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAnomalyDetectors", "cloudwatch:GetDashboard", "cloudwatch:GetMetricStream", "cloudwatch:ListDashboards", "cloudwatch:ListMetricStreams", "cloudwatch:ListTagsForResource", "codeartifact:DescribeRepository", "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:ListDomains", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codeartifact:ListRepositories", "codeartifact:ListTagsForResource", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codecommit:ListRepositories", "codecommit:ListTagsForResource", "codedeploy:GetDeploymentConfig", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "cognito-identity:DescribeIdentityPool", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:GetPrincipalTagAttributeMap", "cognito-identity:ListIdentityPools", "cognito-identity:ListTagsForResource", "cognito-idp:DescribeIdentityProvider", "cognito-idp:DescribeResourceServer", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:DescribeUserPoolDomain", "cognito-idp:GetGroup", "cognito-idp:GetUserPoolMfaConfig", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", "cognito-idp:ListResourceServers", "cognito-idp:ListTagsForResource", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", "connect:DescribeEvaluationForm", "connect:DescribeInstance", "connect:DescribeInstanceStorageConfig", "connect:DescribePhoneNumber", "connect:DescribePrompt", "connect:DescribeQueue", "connect:DescribeQuickConnect", "connect:DescribeRoutingProfile", "connect:DescribeRule", "connect:DescribeSecurityProfile", "connect:DescribeUser", "connect:GetTaskTemplate", "connect:ListApprovedOrigins", "connect:ListEvaluationForms", "connect:ListInstanceAttributes", "connect:ListInstances", "connect:ListInstanceStorageConfigs", "connect:ListIntegrationAssociations", "connect:ListPhoneNumbers", "connect:ListPhoneNumbersV2", "connect:ListPrompts", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListQuickConnects", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListRules", "connect:ListSecurityKeys", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "connect:ListTagsForResource", "connect:ListTaskTemplates", "connect:ListUsers", "connect:SearchAvailablePhoneNumbers", "databrew:DescribeDataset", "databrew:DescribeJob", "databrew:DescribeProject", "databrew:DescribeRecipe", "databrew:DescribeRuleset", "databrew:DescribeSchedule", "databrew:ListDatasets", "databrew:ListJobs", "databrew:ListProjects", "databrew:ListRecipes", "databrew:ListRecipeVersions", "databrew:ListRulesets", "databrew:ListSchedules", "datasync:DescribeAgent", "datasync:DescribeLocationEfs", "datasync:DescribeLocationFsxLustre", "datasync:DescribeLocationFsxWindows", "datasync:DescribeLocationHdfs", "datasync:DescribeLocationNfs", "datasync:DescribeLocationObjectStorage", "datasync:DescribeLocationS3", "datasync:DescribeLocationSmb", "datasync:DescribeTask", "datasync:ListAgents", "datasync:ListLocations", "datasync:ListTagsForResource", "datasync:ListTasks", "datazone:GetDomain", "datazone:ListDomains", "dax:DescribeClusters", "dax:DescribeParameterGroups", "dax:DescribeParameters", "dax:DescribeSubnetGroups", "dax:ListTags", "detective:ListGraphs", "detective:ListTagsForResource", "devicefarm:GetInstanceProfile", "devicefarm:GetNetworkProfile", "devicefarm:GetProject", "devicefarm:GetTestGridProject", "devicefarm:ListInstanceProfiles", "devicefarm:ListNetworkProfiles", "devicefarm:ListProjects", "devicefarm:ListTagsForResource", "devicefarm:ListTestGridProjects", "devops-guru:GetResourceCollection", "devops-guru:ListNotificationChannels", "dms:DescribeCertificates", "dms:DescribeEndpoints", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", "dms:DescribeReplicationTaskAssessmentRuns", "dms:DescribeReplicationTasks", "dms:ListTagsForResource", "ds:DescribeDirectories", "ds:DescribeDomainControllers", "ds:DescribeEventTopics", "ds:ListLogSubscriptions", "ds:ListTagsForResource", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:DescribeClientVpnAuthorizationRules", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeDhcpOptions", "ec2:DescribeFleets", "ec2:DescribeNetworkAcls", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables", "ec2:DescribeSpotFleetRequests", "ec2:DescribeTags", "ec2:DescribeTrafficMirrorFilters", "ec2:DescribeTrafficMirrorSessions", "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumes", "ec2:GetAllowedImagesSettings", "ec2:GetEbsEncryptionByDefault", "ec2:GetInstanceTypesFromInstanceRequirements", "ec2:GetIpamPoolAllocations", "ec2:GetIpamPoolCidrs", "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", "ec2:GetSnapshotBlockPublicAccessState", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", "ecr:BatchGetRepositoryScanningConfiguration", "ecr:DescribePullThroughCacheRules", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", "ecs:DescribeCapacityProviders", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListServices", "ecs:ListTagsForResource", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "eks:DescribeAddon", "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeIdentityProviderConfig", "eks:DescribeNodegroup", "eks:ListAddons", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListIdentityProviderConfigs", "eks:ListNodegroups", "eks:ListTagsForResource", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheParameters", "elasticache:DescribeCacheSecurityGroups", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeGlobalReplicationGroups", "elasticache:DescribeReplicationGroups", "elasticache:DescribeSnapshots", "elasticache:DescribeUserGroups", "elasticache:DescribeUsers", "elasticache:ListTagsForResource", "elasticbeanstalk:DescribeConfigurationSettings", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeTags", "elasticloadbalancing:DescribeListenerCertificates", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:DescribeStudio", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetStudioSessionMapping", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ListStudios", "elasticmapreduce:ListStudioSessionMappings", "emr-containers:DescribeVirtualCluster", "emr-containers:ListVirtualClusters", "emr-serverless:GetApplication", "emr-serverless:ListApplications", "es:DescribeDomain", "es:DescribeDomains", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:GetCompatibleElasticsearchVersions", "es:GetCompatibleVersions", "es:ListDomainNames", "es:ListTags", "events:DescribeApiDestination", "events:DescribeArchive", "events:DescribeConnection", "events:DescribeEndpoint", "events:DescribeEventBus", "events:DescribeRule", "events:ListApiDestinations", "events:ListArchives", "events:ListConnections", "events:ListEndpoints", "events:ListEventBuses", "events:ListRules", "events:ListTagsForResource", "events:ListTargetsByRule", "evidently:GetLaunch", "evidently:GetProject", "evidently:GetSegment", "evidently:ListLaunches", "evidently:ListProjects", "evidently:ListSegments", "evidently:ListTagsForResource", "finspace:GetEnvironment", "finspace:ListEnvironments", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", "fis:GetExperimentTemplate", "fis:ListExperimentTemplates", "fms:GetNotificationChannel", "fms:GetPolicy", "fms:ListPolicies", "fms:ListTagsForResource", "forecast:DescribeDataset", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "forecast:ListDatasets", "forecast:ListTagsForResource", "frauddetector:GetDetectors", "frauddetector:GetDetectorVersion", "frauddetector:GetEntityTypes", "frauddetector:GetEventTypes", "frauddetector:GetExternalModels", "frauddetector:GetLabels", "frauddetector:GetModels", "frauddetector:GetOutcomes", "frauddetector:GetRules", "frauddetector:GetVariables", "frauddetector:ListTagsForResource", "fsx:DescribeBackups", "fsx:DescribeDataRepositoryAssociations", "fsx:DescribeFileSystems", "fsx:DescribeSnapshots", "fsx:DescribeStorageVirtualMachines", "fsx:DescribeVolumes", "fsx:ListTagsForResource", "gamelift:DescribeAlias", "gamelift:DescribeBuild", "gamelift:DescribeFleetAttributes", "gamelift:DescribeFleetCapacity", "gamelift:DescribeFleetLocationAttributes", "gamelift:DescribeFleetLocationCapacity", "gamelift:DescribeFleetPortSettings", "gamelift:DescribeGameServerGroup", "gamelift:DescribeGameSessionQueues", "gamelift:DescribeMatchmakingConfigurations", "gamelift:DescribeMatchmakingRuleSets", "gamelift:DescribeRuntimeConfiguration", "gamelift:DescribeScript", "gamelift:DescribeVpcPeeringAuthorizations", "gamelift:DescribeVpcPeeringConnections", "gamelift:ListAliases", "gamelift:ListBuilds", "gamelift:ListFleets", "gamelift:ListGameServerGroups", "gamelift:ListScripts", "gamelift:ListTagsForResource", "geo:DescribeGeofenceCollection", "geo:DescribeMap", "geo:DescribePlaceIndex", "geo:DescribeRouteCalculator", "geo:DescribeTracker", "geo:ListGeofenceCollections", "geo:ListMaps", "geo:ListPlaceIndexes", "geo:ListRouteCalculators", "geo:ListTrackerConsumers", "geo:ListTrackers", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", "globalaccelerator:ListTagsForResource", "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetWorkflows", "glue:GetClassifier", "glue:GetClassifiers", "glue:GetCrawler", "glue:GetCrawlers", "glue:GetDatabase", "glue:GetDatabases", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobs", "glue:GetMLTransform", "glue:GetMLTransforms", "glue:GetPartition", "glue:GetPartitions", "glue:GetRegistry", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTable", "glue:GetTags", "glue:GetTrigger", "glue:GetWorkflow", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListMLTransforms", "glue:ListRegistries", "glue:ListTriggers", "glue:ListWorkflows", "grafana:DescribeWorkspace", "grafana:DescribeWorkspaceAuthentication", "grafana:DescribeWorkspaceConfiguration", "grafana:ListWorkspaces", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetConfig", "groundstation:GetDataflowEndpointGroup", "groundstation:GetMissionProfile", "groundstation:ListConfigs", "groundstation:ListDataflowEndpointGroups", "groundstation:ListMissionProfiles", "groundstation:ListTagsForResource", "guardduty:DescribePublishingDestination", "guardduty:GetAdministratorAccount", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetFindings", "guardduty:GetIPSet", "guardduty:GetMasterAccount", "guardduty:GetMemberDetectors", "guardduty:GetMembers", "guardduty:GetThreatIntelSet", "guardduty:ListDetectors", "guardduty:ListFilters", "guardduty:ListFindings", "guardduty:ListIPSets", "guardduty:ListMembers", "guardduty:ListOrganizationAdminAccounts", "guardduty:ListPublishingDestinations", "guardduty:ListTagsForResource", "guardduty:ListThreatIntelSets", "healthlake:DescribeFHIRDatastore", "healthlake:ListFHIRDatastores", "healthlake:ListTagsForResource", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetInstanceProfile", "iam:GetOpenIDConnectProvider", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAccessKeys", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroups", "iam:ListGroupsForUser", "iam:ListInstanceProfiles", "iam:ListInstanceProfilesForRole", "iam:ListInstanceProfileTags", "iam:ListMFADevices", "iam:ListMFADeviceTags", "iam:ListOpenIDConnectProviders", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListSAMLProviders", "iam:ListServerCertificates", "iam:ListUserPolicies", "iam:ListUsers", "iam:ListVirtualMFADevices", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership", "identitystore:ListGroupMemberships", "identitystore:ListGroups", "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", "imagebuilder:GetImage", "imagebuilder:GetImagePipeline", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:GetLifecyclePolicy", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", "imagebuilder:ListContainerRecipes", "imagebuilder:ListDistributionConfigurations", "imagebuilder:ListImageBuildVersions", "imagebuilder:ListImagePipelines", "imagebuilder:ListImageRecipes", "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", "imagebuilder:ListLifecyclePolicies", "inspector2:BatchGetAccountStatus", "inspector2:GetDelegatedAdminAccount", "inspector2:ListFilters", "inspector2:ListMembers", "iot:DescribeAccountAuditConfiguration", "iot:DescribeAuthorizer", "iot:DescribeBillingGroup", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:DescribeCustomMetric", "iot:DescribeDimension", "iot:DescribeDomainConfiguration", "iot:DescribeFleetMetric", "iot:DescribeJobTemplate", "iot:DescribeMitigationAction", "iot:DescribeProvisioningTemplate", "iot:DescribeRoleAlias", "iot:DescribeScheduledAudit", "iot:DescribeSecurityProfile", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:GetPolicy", "iot:GetTopicRule", "iot:GetTopicRuleDestination", "iot:ListAuthorizers", "iot:ListBillingGroups", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListCustomMetrics", "iot:ListDimensions", "iot:ListDomainConfigurations", "iot:ListFleetMetrics", "iot:ListJobTemplates", "iot:ListMitigationActions", "iot:ListPolicies", "iot:ListProvisioningTemplates", "iot:ListRoleAliases", "iot:ListScheduledAudits", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTagsForResource", "iot:ListTargetsForSecurityProfile", "iot:ListThingGroups", "iot:ListThingTypes", "iot:ListTopicRuleDestinations", "iot:ListTopicRules", "iot:ListV2LoggingLevels", "iot:ValidateSecurityProfileBehaviors", "iotanalytics:DescribeChannel", "iotanalytics:DescribeDataset", "iotanalytics:DescribeDatastore", "iotanalytics:DescribePipeline", "iotanalytics:ListChannels", "iotanalytics:ListDatasets", "iotanalytics:ListDatastores", "iotanalytics:ListPipelines", "iotanalytics:ListTagsForResource", "iotevents:DescribeAlarmModel", "iotevents:DescribeDetectorModel", "iotevents:DescribeInput", "iotevents:ListAlarmModels", "iotevents:ListDetectorModels", "iotevents:ListInputs", "iotevents:ListTagsForResource", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotsitewise:DescribeAccessPolicy", "iotsitewise:DescribeAsset", "iotsitewise:DescribeAssetModel", "iotsitewise:DescribeDashboard", "iotsitewise:DescribeGateway", "iotsitewise:DescribePortal", "iotsitewise:DescribeProject", "iotsitewise:ListAccessPolicies", "iotsitewise:ListAssetModels", "iotsitewise:ListAssets", "iotsitewise:ListDashboards", "iotsitewise:ListGateways", "iotsitewise:ListPortals", "iotsitewise:ListProjectAssets", "iotsitewise:ListProjects", "iotsitewise:ListTagsForResource", "iottwinmaker:GetComponentType", "iottwinmaker:GetEntity", "iottwinmaker:GetScene", "iottwinmaker:GetSyncJob", "iottwinmaker:GetWorkspace", "iottwinmaker:ListComponentTypes", "iottwinmaker:ListEntities", "iottwinmaker:ListScenes", "iottwinmaker:ListSyncJobs", "iottwinmaker:ListTagsForResource", "iottwinmaker:ListWorkspaces", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayTaskDefinition", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "iotwireless:ListServiceProfiles", "iotwireless:ListTagsForResource", "iotwireless:ListWirelessDevices", "iotwireless:ListWirelessGateways", "iotwireless:ListWirelessGatewayTaskDefinitions", "ivs:GetChannel", "ivs:GetEncoderConfiguration", "ivs:GetPlaybackKeyPair", "ivs:GetPlaybackRestrictionPolicy", "ivs:GetRecordingConfiguration", "ivs:GetStage", "ivs:GetStorageConfiguration", "ivs:GetStreamKey", "ivs:ListChannels", "ivs:ListEncoderConfigurations", "ivs:ListPlaybackKeyPairs", "ivs:ListPlaybackRestrictionPolicies", "ivs:ListRecordingConfigurations", "ivs:ListStages", "ivs:ListStorageConfigurations", "ivs:ListStreamKeys", "ivs:ListTagsForResource", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom", "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "kafka:DescribeCluster", "kafka:DescribeClusterV2", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:DescribeVpcConnection", "kafka:GetClusterPolicy", "kafka:ListClusters", "kafka:ListClustersV2", "kafka:ListConfigurations", "kafka:ListScramSecrets", "kafka:ListTagsForResource", "kafka:ListVpcConnections", "kafkaconnect:DescribeConnector", "kafkaconnect:ListConnectors", "kendra:DescribeIndex", "kendra:ListIndices", "kendra:ListTagsForResource", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:DescribeApplication", "kinesisanalytics:ListApplications", "kinesisanalytics:ListTagsForResource", "kinesisvideo:DescribeSignalingChannel", "kinesisvideo:DescribeStream", "kinesisvideo:ListSignalingChannels", "kinesisvideo:ListStreams", "kinesisvideo:ListTagsForResource", "kinesisvideo:ListTagsForStream", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListKeys", "kms:ListResourceTags", "lakeformation:DescribeResource", "lakeformation:GetDataLakeSettings", "lakeformation:ListPermissions", "lakeformation:ListResources", "lambda:GetAlias", "lambda:GetCodeSigningConfig", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetLayerVersion", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListCodeSigningConfigs", "lambda:ListFunctions", "lambda:ListLayers", "lambda:ListLayerVersions", "lambda:ListTags", "lambda:ListVersionsByFunction", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotVersion", "lex:DescribeResourcePolicy", "lex:ListBotAliases", "lex:ListBotLocales", "lex:ListBots", "lex:ListBotVersions", "lex:ListTagsForResource", "license-manager:GetGrant", "license-manager:GetLicense", "license-manager:ListDistributedGrants", "license-manager:ListLicenses", "license-manager:ListReceivedGrants", "lightsail:GetAlarms", "lightsail:GetBuckets", "lightsail:GetCertificates", "lightsail:GetContainerServices", "lightsail:GetDisk", "lightsail:GetDisks", "lightsail:GetDistributions", "lightsail:GetInstance", "lightsail:GetInstances", "lightsail:GetKeyPair", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancers", "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetRelationalDatabase", "lightsail:GetRelationalDatabaseParameters", "lightsail:GetRelationalDatabases", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "logs:DescribeDestinations", "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "logs:GetDataProtectionPolicy", "logs:GetLogAnomalyDetector", "logs:GetLogDelivery", "logs:ListLogAnomalyDetectors", "logs:ListLogDeliveries", "logs:ListTagsLogGroup", "lookoutequipment:DescribeInferenceScheduler", "lookoutequipment:ListTagsForResource", "lookoutmetrics:DescribeAlert", "lookoutmetrics:DescribeAnomalyDetector", "lookoutmetrics:ListAlerts", "lookoutmetrics:ListAnomalyDetectors", "lookoutmetrics:ListMetricSets", "lookoutmetrics:ListTagsForResource", "lookoutvision:DescribeProject", "lookoutvision:ListProjects", "m2:GetEnvironment", "m2:ListEnvironments", "m2:ListTagsForResource", "macie2:DescribeOrganizationConfiguration", "macie2:GetAutomatedDiscoveryConfiguration", "macie2:GetClassificationExportConfiguration", "macie2:GetCustomDataIdentifier", "macie2:GetFindingsPublicationConfiguration", "macie2:GetMacieSession", "macie2:ListCustomDataIdentifiers", "macie2:ListTagsForResource", "managedblockchain:GetMember", "managedblockchain:GetNetwork", "managedblockchain:GetNode", "managedblockchain:ListInvitations", "managedblockchain:ListMembers", "managedblockchain:ListNodes", "mediaconnect:DescribeBridge", "mediaconnect:DescribeFlow", "mediaconnect:DescribeGateway", "mediaconnect:ListBridges", "mediaconnect:ListFlows", "mediaconnect:ListGateways", "mediaconnect:ListTagsForResource", "mediapackage-vod:DescribePackagingConfiguration", "mediapackage-vod:DescribePackagingGroup", "mediapackage-vod:ListPackagingConfigurations", "mediapackage-vod:ListPackagingGroups", "mediapackage-vod:ListTagsForResource", "mediatailor:DescribeChannel", "mediatailor:DescribeLiveSource", "mediatailor:DescribeSourceLocation", "mediatailor:DescribeVodSource", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListChannels", "mediatailor:ListLiveSources", "mediatailor:ListPlaybackConfigurations", "mediatailor:ListSourceLocations", "mediatailor:ListVodSources", "memorydb:DescribeAcls", "memorydb:DescribeClusters", "memorydb:DescribeParameterGroups", "memorydb:DescribeParameters", "memorydb:DescribeSubnetGroups", "memorydb:DescribeUsers", "memorydb:ListTags", "mobiletargeting:GetApp", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetApps", "mobiletargeting:GetCampaign", "mobiletargeting:GetCampaigns", "mobiletargeting:GetEmailChannel", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:GetInAppTemplate", "mobiletargeting:GetSegment", "mobiletargeting:GetSegments", "mobiletargeting:ListTagsForResource", "mobiletargeting:ListTemplates", "mq:DescribeBroker", "mq:ListBrokers", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", "networkmanager:DescribeGlobalNetworks", "networkmanager:GetConnectPeer", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetDevices", "networkmanager:GetLinkAssociations", "networkmanager:GetLinks", "networkmanager:GetSites", "networkmanager:GetTransitGatewayRegistrations", "networkmanager:ListConnectPeers", "networkmanager:ListTagsForResource", "nimble:GetLaunchProfile", "nimble:GetLaunchProfileDetails", "nimble:GetStreamingImage", "nimble:GetStudio", "nimble:GetStudioComponent", "nimble:ListLaunchProfiles", "nimble:ListStreamingImages", "nimble:ListStudioComponents", "nimble:ListStudios", "oam:GetSink", "oam:GetSinkPolicy", "oam:ListSinks", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:GetWorkflow", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "omics:ListWorkflows", "opsworks:DescribeInstances", "opsworks:DescribeLayers", "opsworks:DescribeTimeBasedAutoScaling", "opsworks:DescribeVolumes", "opsworks:ListTags", "organizations:DescribeAccount", "organizations:DescribeEffectivePolicy", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:DescribeResourcePolicy", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListPolicies", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListTagsForResource", "organizations:ListTargetsForPolicy", "panorama:DescribeApplicationInstance", "panorama:DescribeApplicationInstanceDetails", "panorama:DescribePackage", "panorama:DescribePackageVersion", "panorama:ListApplicationInstances", "panorama:ListNodes", "panorama:ListPackages", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "profile:GetDomain", "profile:GetIntegration", "profile:GetProfileObjectType", "profile:ListDomains", "profile:ListIntegrations", "profile:ListProfileObjectTypes", "profile:ListTagsForResource", "quicksight:DescribeAccountSubscription", "quicksight:DescribeAnalysis", "quicksight:DescribeAnalysisPermissions", "quicksight:DescribeDashboard", "quicksight:DescribeDashboardPermissions", "quicksight:DescribeDataSet", "quicksight:DescribeDataSetPermissions", "quicksight:DescribeDataSetRefreshProperties", "quicksight:DescribeDataSource", "quicksight:DescribeDataSourcePermissions", "quicksight:DescribeTemplate", "quicksight:DescribeTemplatePermissions", "quicksight:DescribeTheme", "quicksight:DescribeThemePermissions", "quicksight:ListAnalyses", "quicksight:ListDashboards", "quicksight:ListDataSets", "quicksight:ListDataSources", "quicksight:ListTagsForResource", "quicksight:ListTemplates", "quicksight:ListThemes", "ram:GetPermission", "ram:GetResourceShareAssociations", "ram:GetResourceShares", "ram:ListPermissionAssociations", "ram:ListPermissions", "ram:ListPermissionVersions", "ram:ListResources", "ram:ListResourceSharePermissions", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBProxies", "rds:DescribeDBProxyEndpoints", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEventSubscriptions", "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:ListTagsForResource", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:ListNamespaces", "redshift-serverless:ListTagsForResource", "redshift-serverless:ListWorkgroups", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeEndpointAccess", "redshift:DescribeEndpointAuthorization", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", "redshift:DescribeScheduledActions", "redshift:DescribeTags", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "rekognition:DescribeProjects", "rekognition:DescribeStreamProcessor", "rekognition:ListStreamProcessors", "rekognition:ListTagsForResource", "resiliencehub:DescribeApp", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:DescribeResiliencyPolicy", "resiliencehub:ListApps", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListResiliencyPolicies", "resiliencehub:ListTagsForResource", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "resource-groups:GetGroup", "resource-groups:GetGroupConfiguration", "resource-groups:GetGroupQuery", "resource-groups:GetTags", "resource-groups:ListGroupResources", "resource-groups:ListGroups", "robomaker:DescribeRobotApplication", "robomaker:DescribeSimulationApplication", "robomaker:ListRobotApplications", "robomaker:ListSimulationApplications", "route53-recovery-control-config:DescribeCluster", "route53-recovery-control-config:DescribeControlPanel", "route53-recovery-control-config:DescribeRoutingControl", "route53-recovery-control-config:DescribeSafetyRule", "route53-recovery-control-config:ListClusters", "route53-recovery-control-config:ListControlPanels", "route53-recovery-control-config:ListRoutingControls", "route53-recovery-control-config:ListSafetyRules", "route53-recovery-control-config:ListTagsForResource", "route53-recovery-readiness:GetCell", "route53-recovery-readiness:GetReadinessCheck", "route53-recovery-readiness:GetRecoveryGroup", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:ListCells", "route53-recovery-readiness:ListReadinessChecks", "route53-recovery-readiness:ListRecoveryGroups", "route53-recovery-readiness:ListResourceSets", "route53:GetChange", "route53:GetDNSSEC", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListCidrBlocks", "route53:ListCidrCollections", "route53:ListCidrLocations", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", "route53resolver:GetFirewallDomainList", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetFirewallRuleGroupAssociation", "route53resolver:GetResolverDnssecConfig", "route53resolver:GetResolverEndpoint", "route53resolver:GetResolverQueryLogConfig", "route53resolver:GetResolverQueryLogConfigAssociation", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:ListFirewallDomainLists", "route53resolver:ListFirewallDomains", "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListFirewallRules", "route53resolver:ListResolverDnssecConfigs", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverQueryLogConfigAssociations", "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors", "rum:ListTagsForResource", "s3-outposts:GetAccessPoint", "s3-outposts:GetAccessPointPolicy", "s3-outposts:GetBucket", "s3-outposts:GetBucketPolicy", "s3-outposts:GetBucketTagging", "s3-outposts:GetLifecycleConfiguration", "s3-outposts:ListAccessPoints", "s3-outposts:ListEndpoints", "s3-outposts:ListRegionalBuckets", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointForObjectLambda", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatus", "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMultiRegionAccessPoint", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", "s3:GetStorageLensGroup", "s3:ListAccessPoints", "s3:ListAccessPointsForObjectLambda", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListMultiRegionAccessPoints", "s3:ListStorageLensConfigurations", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "s3express:GetBucketPolicy", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "s3express:ListAllMyDirectoryBuckets", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeDomain", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeFeatureGroup", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceExperiment", "sagemaker:DescribeModel", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribePipeline", "sagemaker:DescribeProject", "sagemaker:DescribeWorkteam", "sagemaker:ListAppImageConfigs", "sagemaker:ListCodeRepositories", "sagemaker:ListDataQualityJobDefinitions", "sagemaker:ListDeviceFleets", "sagemaker:ListDomains", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListFeatureGroups", "sagemaker:ListImages", "sagemaker:ListImageVersions", "sagemaker:ListInferenceExperiments", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelExplainabilityJobDefinitions", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelines", "sagemaker:ListProjects", "sagemaker:ListTags", "sagemaker:ListWorkteams", "scheduler:GetSchedule", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListSchedules", "scheduler:ListTagsForResource", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", "schemas:GetResourcePolicy", "schemas:ListDiscoverers", "schemas:ListRegistries", "schemas:ListSchemas", "sdb:GetAttributes", "sdb:ListDomains", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", "serviceCatalog:DescribePortfolioShares", "servicediscovery:GetInstance", "servicediscovery:GetNamespace", "servicediscovery:GetService", "servicediscovery:ListInstances", "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:ListTagsForResource", "ses:DescribeReceiptRule", "ses:DescribeReceiptRuleSet", "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetContactList", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", "ses:GetEmailTemplate", "ses:GetTemplate", "ses:ListConfigurationSets", "ses:ListContactLists", "ses:ListDedicatedIpPools", "ses:ListEmailTemplates", "ses:ListReceiptFilters", "ses:ListReceiptRuleSets", "ses:ListTemplates", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", "signer:GetSigningProfile", "signer:ListProfilePermissions", "signer:ListSigningProfiles", "sns:GetDataProtectionPolicy", "sns:GetSMSSandboxAccountStatus", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", "ssm-sap:ListTagsForResource", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:GetServiceSetting", "ssm:ListDocuments", "ssm:ListTagsForResource", "sso:DescribeInstanceAccessControlAttributeConfiguration", "sso:DescribePermissionSet", "sso:GetInlinePolicyForPermissionSet", "sso:ListManagedPoliciesInPermissionSet", "sso:ListPermissionSets", "sso:ListTagsForResource", "states:DescribeActivity", "states:DescribeStateMachine", "states:ListActivities", "states:ListStateMachines", "states:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", "sts:GetCallerIdentity", "support:DescribeCases", "synthetics:DescribeCanaries", "synthetics:DescribeCanariesLastRun", "synthetics:DescribeRuntimeVersions", "synthetics:GetCanary", "synthetics:GetCanaryRuns", "synthetics:GetGroup", "synthetics:ListAssociatedGroups", "synthetics:ListGroupResources", "synthetics:ListGroups", "synthetics:ListTagsForResource", "tag:GetResources", "timestream:DescribeDatabase", "timestream:DescribeEndpoints", "timestream:DescribeTable", "timestream:ListDatabases", "timestream:ListTables", "timestream:ListTagsForResource", "transfer:DescribeAgreement", "transfer:DescribeCertificate", "transfer:DescribeConnector", "transfer:DescribeProfile", "transfer:DescribeServer", "transfer:DescribeUser", "transfer:DescribeWorkflow", "transfer:ListAgreements", "transfer:ListCertificates", "transfer:ListConnectors", "transfer:ListProfiles", "transfer:ListServers", "transfer:ListTagsForResource", "transfer:ListUsers", "transfer:ListWorkflows", "voiceid:DescribeDomain", "voiceid:ListTagsForResource", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", "vpc-lattice:ListTargets", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", "waf-regional:ListLoggingConfigurations", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration", "wafv2:GetRuleGroup", "wafv2:ListRuleGroups", "wafv2:ListTagsForResource", "workspaces:DescribeConnectionAliases", "workspaces:DescribeTags", "workspaces:DescribeWorkspaces" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSConfigServiceRolePolicyStatementID" }, { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*", "Sid":"AWSConfigSLRLogStatementID" }, { "Action":"logs:PutLogEvents", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*", "Sid":"AWSConfigSLRLogEventStatementID" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*", "arn:aws:apigateway:*::/apis/*/integrations", "arn:aws:apigateway:*::/apis/*/integrations/*", "arn:aws:apigateway:*::/domainnames", "arn:aws:apigateway:*::/clientcertificates", "arn:aws:apigateway:*::/clientcertificates/*", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", "arn:aws:apigateway:*::/restapis/*/resources/*", "arn:aws:apigateway:*::/apis/*/routes/*", "arn:aws:apigateway:*::/apis/*/routes", "arn:aws:apigateway:*::/v2/apis/*/routes", "arn:aws:apigateway:*::/v2/apis/*/routes/*", "arn:aws:apigateway:*::/v2/apis", "arn:aws:apigateway:*::/v2/apis/*", "arn:aws:apigateway:*::/v2/apis/*/integrations", "arn:aws:apigateway:*::/v2/apis/*/integrations/*" ], "Sid":"AWSConfigSLRApiGatewayStatementID" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-27T16:07:06+00:00" }, "AWSConfigUserAccess":{ "CreateDate":"2015-02-18T19:38:41+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "config:Get*", "config:Describe*", "config:Deliver*", "config:List*", "config:Select*", "tag:GetResources", "tag:GetTagKeys", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:LookupEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-03-18T20:27:47+00:00" }, "AWSConnector":{ "CreateDate":"2015-02-11T17:14:31+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"iam:GetUser", "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl", "s3:AbortMultipartUpload", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts" ], "Effect":"Allow", "Resource":"arn:aws:s3:::import-to-ec2-*" }, { "Action":[ "ec2:CancelConversionTask", "ec2:CancelExportTask", "ec2:CreateImage", "ec2:CreateInstanceExportTask", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteTags", "ec2:DeleteVolume", "ec2:DescribeConversionTasks", "ec2:DescribeExportTasks", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:DescribeTags", "ec2:DetachVolume", "ec2:ImportInstance", "ec2:ImportVolume", "ec2:ModifyInstanceAttribute", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ImportImage", "ec2:DescribeImportImageTasks", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CancelImportTask", "ec2:ImportSnapshot", "ec2:DescribeImportSnapshotTasks" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "SNS:Publish" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:metrics-sns-topic-for-*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-09-28T19:50:38+00:00" }, "AWSControlTowerAccountServiceRolePolicy":{ "CreateDate":"2023-06-05T22:04:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"events:PutRule", "Condition":{ "ForAnyValue:StringEquals":{ "events:source":"aws.securityhub" }, "Null":{ "events:detail-type":"false" }, "StringEquals":{ "events:ManagedBy":"controltower.amazonaws.com", "events:detail-type":"Security Hub Findings - Imported" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*ControlTower*", "Sid":"AllowPutRuleOnSpecificSourcesAndDetailTypes" }, { "Action":[ "events:DeleteRule", "events:EnableRule", "events:DisableRule", "events:PutTargets", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"controltower.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*ControlTower*", "Sid":"AllowOtherOperationsOnRulesManagedByControlTower" }, { "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*ControlTower*", "Sid":"AllowDescribeOperationsOnRulesManagedByControlTower" }, { "Action":"sns:publish", "Condition":{ "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sns:*:*:aws-controltower-AggregateSecurityNotifications", "Sid":"AllowControlTowerToPublishSecurityNotifications" }, { "Action":[ "securityhub:DescribeStandardsControls", "securityhub:GetEnabledStandards" ], "Effect":"Allow", "Resource":"arn:aws:securityhub:*:*:hub/default", "Sid":"AllowActionsForSecurityHubIntegration" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-05T22:04:50+00:00" }, "AWSControlTowerServiceRolePolicy":{ "CreateDate":"2019-05-03T18:19:11+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "cloudformation:CreateStack", "cloudformation:CreateStackInstances", "cloudformation:CreateStackSet", "cloudformation:DeleteStack", "cloudformation:DeleteStackInstances", "cloudformation:DeleteStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStacks", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:UpdateStack", "cloudformation:UpdateStackInstances", "cloudformation:UpdateStackSet" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:type/resource/AWS-IAM-Role" ] }, { "Action":[ "cloudformation:CreateStack", "cloudformation:CreateStackInstances", "cloudformation:CreateStackSet", "cloudformation:DeleteStack", "cloudformation:DeleteStackInstances", "cloudformation:DeleteStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStacks", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackSetOperation", "cloudformation:GetTemplate", "cloudformation:ListStackInstances", "cloudformation:UpdateStack", "cloudformation:UpdateStackInstances", "cloudformation:UpdateStackSet" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/AWSControlTower*/*", "arn:aws:cloudformation:*:*:stack/StackSet-AWSControlTower*/*", "arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*", "arn:aws:cloudformation:*:*:stackset-target/AWSControlTower*/*" ] }, { "Action":[ "cloudtrail:CreateTrail", "cloudtrail:DeleteTrail", "cloudtrail:GetTrailStatus", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", "cloudtrail:PutEventSelectors", "logs:CreateLogStream", "logs:PutLogEvents", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:aws-controltower/CloudTrailLogs:*", "arn:aws:cloudtrail:*:*:trail/aws-controltower*" ] }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-controltower*/*" ] }, { "Action":[ "sts:AssumeRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSControlTowerExecution", "arn:aws:iam::*:role/AWSControlTowerBlueprintAccess" ] }, { "Action":[ "cloudtrail:DescribeTrails", "ec2:DescribeAvailabilityZones", "iam:ListRoles", "logs:CreateLogGroup", "logs:DescribeLogGroups", "organizations:CreateAccount", "organizations:DescribeAccount", "organizations:DescribeCreateAccountStatus", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListPoliciesForTarget", "organizations:ListTargetsForPolicy", "organizations:ListRoots", "organizations:MoveAccount", "servicecatalog:AssociatePrincipalWithPortfolio" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole", "iam:GetUser", "iam:ListAttachedRolePolicies", "iam:GetRolePolicy" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSControlTowerStackSetRole", "arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole", "arn:aws:iam::*:role/service-role/AWSControlTowerConfigAggregatorRoleForOrganizations" ] }, { "Action":[ "config:DeleteConfigurationAggregator", "config:PutConfigurationAggregator", "config:TagResource" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/aws-control-tower":"managed-by-control-tower" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:EnableAWSServiceAccess", "organizations:DisableAWSServiceAccess" ], "Condition":{ "StringLike":{ "organizations:ServicePrincipal":[ "config.amazonaws.com", "cloudtrail.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"cloudtrail.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "account:EnableRegion", "account:ListRegions", "account:GetRegionOptStatus" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudformation:SetTypeConfiguration", "cloudformation:DeactivateType", "cloudformation:ActivateType" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:type/hook/AWS-ControlTower*", "Sid":"AllowActionsForCloudFormationHooksIntegration" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-13T18:22:06+00:00" }, "AWSCostAndUsageReportAutomationPolicy":{ "CreateDate":"2021-11-01T21:27:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetBucketTagging", "s3:PutBucketTagging", "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:ListBucket", "s3:CreateBucket" ], "Effect":"Allow", "Resource":"arn:aws:s3:::aws-map-cur-bucket-*" }, { "Action":[ "cur:PutReportDefinition", "cur:DeleteReportDefinition", "cur:DescribeReportDefinitions" ], "Effect":"Allow", "Resource":"arn:aws:cur:*:*:definition/map-migrated-report" }, { "Action":"cur:DescribeReportDefinitions", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-01T21:27:29+00:00" }, "AWSDMSFleetAdvisorServiceRolePolicy":{ "CreateDate":"2023-03-06T09:10:42+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/DMS/FleetAdvisor" } }, "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-06T09:10:42+00:00" }, "AWSDMSServerlessServiceRolePolicy":{ "CreateDate":"2023-05-18T20:28:05+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "dms:CreateReplicationInstance", "dms:CreateReplicationTask" ], "Condition":{ "StringEquals":{ "dms:req-tag/ResourceCreatedBy":"DMSServerless" } }, "Effect":"Allow", "Resource":"*", "Sid":"id0" }, { "Action":[ "dms:DescribeReplicationInstances", "dms:DescribeReplicationTasks" ], "Effect":"Allow", "Resource":"*", "Sid":"id1" }, { "Action":[ "dms:StartReplicationTask", "dms:StopReplicationTask", "dms:ModifyReplicationTask", "dms:DeleteReplicationTask", "dms:ModifyReplicationInstance", "dms:DeleteReplicationInstance" ], "Condition":{ "StringEqualsIgnoreCase":{ "aws:ResourceTag/ResourceCreatedBy":"DMSServerless" } }, "Effect":"Allow", "Resource":[ "arn:aws:dms:*:*:rep:*", "arn:aws:dms:*:*:task:*" ], "Sid":"id2" }, { "Action":[ "dms:TestConnection", "dms:DeleteConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:dms:*:*:rep:*", "arn:aws:dms:*:*:endpoint:*" ], "Sid":"id3" }, { "Action":[ "s3:PutObject", "s3:DeleteObject", "s3:GetObject", "s3:PutObjectTagging" ], "Condition":{ "StringEquals":{ "s3:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::dms-serverless-premigration-results-*" ], "Sid":"id4" }, { "Action":[ "s3:PutBucketPolicy", "s3:ListBucket", "s3:GetBucketLocation", "s3:CreateBucket" ], "Condition":{ "StringEquals":{ "s3:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::dms-serverless-premigration-results-*" ], "Sid":"id5" }, { "Action":[ "dms:StartReplicationTaskAssessmentRun" ], "Condition":{ "StringEqualsIgnoreCase":{ "aws:ResourceTag/ResourceCreatedBy":"DMSServerless" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"id6" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-07T17:52:06+00:00" }, "AWSDataExchangeDataGrantOwnerFullAccess":{ "CreateDate":"2024-10-24T14:43:43+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "dataexchange:CreateDataSet", "dataexchange:UpdateDataSet", "dataexchange:GetDataSet", "dataexchange:DeleteDataSet", "dataexchange:ListDataSets", "dataexchange:CreateRevision", "dataexchange:UpdateRevision", "dataexchange:GetRevision", "dataexchange:DeleteRevision", "dataexchange:RevokeRevision", "dataexchange:ListDataSetRevisions", "dataexchange:CreateAsset", "dataexchange:UpdateAsset", "dataexchange:GetAsset", "dataexchange:DeleteAsset", "dataexchange:ListRevisionAssets", "dataexchange:SendApiAsset", "dataexchange:CreateDataGrant", "dataexchange:GetDataGrant", "dataexchange:DeleteDataGrant", "dataexchange:ListDataGrants", "dataexchange:PublishToDataGrant", "dataexchange:SendDataSetNotification", "dataexchange:TagResource", "dataexchange:UntagResource" ], "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeActions" }, { "Action":[ "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:CancelJob" ], "Condition":{ "StringEquals":{ "dataexchange:JobType":[ "IMPORT_ASSETS_FROM_S3", "IMPORT_ASSET_FROM_SIGNED_URL", "EXPORT_ASSETS_TO_S3", "EXPORT_ASSET_TO_SIGNED_URL", "IMPORT_ASSET_FROM_API_GATEWAY_API", "IMPORT_ASSETS_FROM_REDSHIFT_DATA_SHARES", "IMPORT_ASSETS_FROM_LAKE_FORMATION_TAG_POLICY" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeJobsActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-24T14:43:43+00:00" }, "AWSDataExchangeDataGrantReceiverFullAccess":{ "CreateDate":"2024-10-24T14:45:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "dataexchange:GetDataSet", "dataexchange:ListDataSets", "dataexchange:GetRevision", "dataexchange:ListDataSetRevisions", "dataexchange:GetAsset", "dataexchange:ListRevisionAssets", "dataexchange:SendApiAsset" ], "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeReadOnlyActions" }, { "Action":[ "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:CancelJob" ], "Condition":{ "StringEquals":{ "dataexchange:JobType":[ "EXPORT_ASSETS_TO_S3", "EXPORT_ASSET_TO_SIGNED_URL", "EXPORT_REVISIONS_TO_S3" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeExportActions" }, { "Action":[ "dataexchange:CreateEventAction", "dataexchange:UpdateEventAction", "dataexchange:DeleteEventAction", "dataexchange:GetEventAction", "dataexchange:ListEventActions" ], "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeEventActionActions" }, { "Action":[ "dataexchange:AcceptDataGrant", "dataexchange:ListReceivedDataGrants", "dataexchange:GetReceivedDataGrant" ], "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeDataGrantActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-24T14:45:58+00:00" }, "AWSDataExchangeFullAccess":{ "CreateDate":"2019-11-13T19:27:59+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "dataexchange:*" ], "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeActions" }, { "Action":"s3:GetObject", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "dataexchange.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*aws-data-exchange*", "Sid":"S3GetActionConditionalResourceAndADX" }, { "Action":"s3:GetObject", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "dataexchange.amazonaws.com" ] }, "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/AWSDataExchange":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"S3GetActionConditionalTagAndADX" }, { "Action":[ "s3:PutObject", "s3:PutObjectAcl" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "dataexchange.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*aws-data-exchange*", "Sid":"S3WriteActions" }, { "Action":[ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3ReadActions" }, { "Action":[ "aws-marketplace:DescribeEntity", "aws-marketplace:ListEntities", "aws-marketplace:StartChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:UpdateAgreementApprovalRequest", "aws-marketplace:SearchAgreements", "aws-marketplace:GetAgreementTerms", "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceProviderActions" }, { "Action":[ "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe", "aws-marketplace:ViewSubscriptions", "aws-marketplace:GetAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:CancelAgreementRequest", "aws-marketplace:ListPrivateListings", "aws-marketplace:DescribeAgreement" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceSubscriberActions" }, { "Action":[ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Effect":"Allow", "Resource":"*", "Sid":"KMSActions" }, { "Action":[ "redshift:AuthorizeDataShare" ], "Condition":{ "StringEqualsIgnoreCase":{ "redshift:ConsumerIdentifier":"ADX" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftConditionalActions" }, { "Action":[ "redshift:DescribeDataSharesForProducer", "redshift:DescribeDataShares" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftActions" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":"*", "Sid":"APIGatewayActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-24T19:54:18+00:00" }, "AWSDataExchangeProviderFullAccess":{ "CreateDate":"2019-11-13T19:27:55+00:00", "DefaultVersionId":"v12", "Document":{ "Statement":[ { "Action":[ "dataexchange:CreateDataSet", "dataexchange:CreateRevision", "dataexchange:CreateAsset", "dataexchange:Get*", "dataexchange:Update*", "dataexchange:List*", "dataexchange:Delete*", "dataexchange:TagResource", "dataexchange:UntagResource", "dataexchange:PublishDataSet", "dataexchange:SendApiAsset", "dataexchange:RevokeRevision", "dataexchange:SendDataSetNotification", "tag:GetTagKeys", "tag:GetTagValues" ], "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeActions" }, { "Action":[ "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:CancelJob" ], "Condition":{ "StringEquals":{ "dataexchange:JobType":[ "IMPORT_ASSETS_FROM_S3", "IMPORT_ASSET_FROM_SIGNED_URL", "EXPORT_ASSETS_TO_S3", "EXPORT_ASSET_TO_SIGNED_URL", "IMPORT_ASSET_FROM_API_GATEWAY_API", "IMPORT_ASSETS_FROM_REDSHIFT_DATA_SHARES" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeJobsActions" }, { "Action":"s3:GetObject", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "dataexchange.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*aws-data-exchange*", "Sid":"S3GetActionConditionalResourceAndADX" }, { "Action":"s3:GetObject", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "dataexchange.amazonaws.com" ] }, "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/AWSDataExchange":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"S3GetActionConditionalTagAndADX" }, { "Action":[ "s3:PutObject", "s3:PutObjectAcl" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "dataexchange.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*aws-data-exchange*", "Sid":"S3WriteActions" }, { "Action":[ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3ReadActions" }, { "Action":[ "aws-marketplace:DescribeEntity", "aws-marketplace:ListEntities", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:UpdateAgreementApprovalRequest", "aws-marketplace:SearchAgreements", "aws-marketplace:GetAgreementTerms" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceActions" }, { "Action":[ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Effect":"Allow", "Resource":"*", "Sid":"KMSActions" }, { "Action":[ "redshift:AuthorizeDataShare" ], "Condition":{ "StringEqualsIgnoreCase":{ "redshift:ConsumerIdentifier":"ADX" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftConditionalActions" }, { "Action":[ "redshift:DescribeDataSharesForProducer", "redshift:DescribeDataShares" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftActions" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":"*", "Sid":"APIGatewayActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-15T17:32:54+00:00" }, "AWSDataExchangeReadOnly":{ "CreateDate":"2019-11-13T19:27:37+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "dataexchange:GetAsset", "dataexchange:GetDataSet", "dataexchange:GetEventAction", "dataexchange:GetJob", "dataexchange:GetRevision", "dataexchange:GetDataGrant", "dataexchange:GetReceivedDataGrant", "dataexchange:ListDataGrants", "dataexchange:ListReceivedDataGrants", "dataexchange:ListDataSetRevisions", "dataexchange:ListDataSets", "dataexchange:ListEventActions", "dataexchange:ListJobs", "dataexchange:ListRevisionAssets", "dataexchange:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeReadOnlyActions" }, { "Action":[ "aws-marketplace:ViewSubscriptions", "aws-marketplace:GetAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:DescribeEntity", "aws-marketplace:ListEntities", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:SearchAgreements", "aws-marketplace:GetAgreementTerms", "aws-marketplace:ListPrivateListings", "aws-marketplace:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceReadOnlyActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-24T14:40:40+00:00" }, "AWSDataExchangeServiceRolePolicyForLicenseManagement":{ "CreateDate":"2024-10-10T14:54:27+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeOrganization", "license-manager:ListDistributedGrants", "license-manager:GetGrant", "license-manager:CreateGrantVersion", "license-manager:DeleteGrant" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowLicenseManagerActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-10T14:54:27+00:00" }, "AWSDataExchangeServiceRolePolicyForOrganizationDiscovery":{ "CreateDate":"2024-10-10T14:33:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowAWSOrganizationsActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-10T14:33:13+00:00" }, "AWSDataExchangeSubscriberFullAccess":{ "CreateDate":"2019-11-13T19:27:52+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "dataexchange:Get*", "dataexchange:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeReadOnlyActions" }, { "Action":[ "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:CancelJob" ], "Condition":{ "StringEquals":{ "dataexchange:JobType":[ "EXPORT_ASSETS_TO_S3", "EXPORT_ASSET_TO_SIGNED_URL", "EXPORT_REVISIONS_TO_S3" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeExportActions" }, { "Action":[ "dataexchange:CreateEventAction", "dataexchange:UpdateEventAction", "dataexchange:DeleteEventAction", "dataexchange:SendApiAsset" ], "Effect":"Allow", "Resource":"*", "Sid":"DataExchangeEventActionActions" }, { "Action":"s3:GetObject", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "dataexchange.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*aws-data-exchange*", "Sid":"S3GetActionConditionalResourceAndADX" }, { "Action":[ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3ReadActions" }, { "Action":[ "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe", "aws-marketplace:ViewSubscriptions", "aws-marketplace:GetAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:CancelAgreementRequest", "aws-marketplace:ListPrivateListings" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceSubscriberActions" }, { "Action":[ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Effect":"Allow", "Resource":"*", "Sid":"KMSActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-21T17:36:35+00:00" }, "AWSDataLifecycleManagerSSMFullAccess":{ "CreateDate":"2023-10-31T20:29:44+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ssm:GetCommandInvocation", "ssm:ListCommands", "ssm:DescribeInstanceInformation" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSSMReadOnlyAccess" }, { "Action":[ "ssm:SendCommand", "ssm:DescribeDocument", "ssm:GetDocument" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/DLMScriptsAccess":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/*" ], "Sid":"AllowTaggedSSMDocumentsOnly" }, { "Action":[ "ssm:SendCommand", "ssm:DescribeDocument", "ssm:GetDocument" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ssm:*:*:document/AWSSystemsManagerSAP-CreateDLMSnapshotForSAPHANA" ], "Sid":"AllowSpecificAWSOwnedSSMDocuments" }, { "Action":[ "ssm:SendCommand" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"AllowAllEC2Instances" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-16T22:31:54+00:00" }, "AWSDataLifecycleManagerServiceRole":{ "CreateDate":"2018-07-06T19:34:16+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "ec2:CreateSnapshot", "ec2:CreateSnapshots", "ec2:DeleteSnapshot", "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeSnapshots", "ec2:EnableFastSnapshotRestores", "ec2:DescribeFastSnapshotRestores", "ec2:DisableFastSnapshotRestores", "ec2:CopySnapshot", "ec2:ModifySnapshotAttribute", "ec2:DescribeSnapshotAttribute", "ec2:DescribeSnapshotTierStatus", "ec2:ModifySnapshotTier", "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*" }, { "Action":[ "events:PutRule", "events:DeleteRule", "events:DescribeRule", "events:EnableRule", "events:DisableRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/AwsDataLifecycleRule.managed-cwe.*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-16T17:37:06+00:00" }, "AWSDataLifecycleManagerServiceRoleForAMIManagement":{ "CreateDate":"2020-10-21T19:39:41+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"ec2:CreateTags", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*::image/*" ] }, { "Action":[ "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeImageAttribute", "ec2:DescribeVolumes", "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:DeleteSnapshot", "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*" }, { "Action":[ "ec2:ResetImageAttribute", "ec2:DeregisterImage", "ec2:CreateImage", "ec2:CopyImage", "ec2:ModifyImageAttribute" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:EnableImageDeprecation", "ec2:DisableImageDeprecation" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*::image/*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-19T17:03:44+00:00" }, "AWSDataPipeline_FullAccess":{ "CreateDate":"2017-01-19T23:14:54+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:List*", "dynamodb:DescribeTable", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "sns:ListTopics", "sns:Subscribe", "iam:ListRoles", "iam:GetRolePolicy", "iam:GetInstanceProfile", "iam:ListInstanceProfiles", "datapipeline:*" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"iam:PassRole", "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", "arn:aws:iam::*:role/DataPipelineDefaultRole" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-08-17T18:48:39+00:00" }, "AWSDataPipeline_PowerUser":{ "CreateDate":"2017-01-19T23:16:46+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:List*", "dynamodb:DescribeTable", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "sns:ListTopics", "iam:ListRoles", "iam:GetRolePolicy", "iam:GetInstanceProfile", "iam:ListInstanceProfiles", "datapipeline:*" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"iam:PassRole", "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", "arn:aws:iam::*:role/DataPipelineDefaultRole" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-08-17T18:49:42+00:00" }, "AWSDataSyncDiscoveryServiceRolePolicy":{ "CreateDate":"2023-03-20T22:19:51+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"datasync" } }, "Effect":"Allow", "Resource":[ "arn:*:secretsmanager:*:*:secret:datasync!*" ] }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream" ], "Effect":"Allow", "Resource":[ "arn:*:logs:*:*:log-group:/aws/datasync*" ] }, { "Action":[ "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:*:logs:*:*:log-group:/aws/datasync:log-stream:*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-20T22:19:51+00:00" }, "AWSDataSyncFullAccess":{ "CreateDate":"2019-01-18T19:40:36+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "datasync:*", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:ModifyNetworkInterfaceAttribute", "fsx:DescribeFileSystems", "fsx:DescribeStorageVirtualMachines", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "iam:GetRole", "iam:ListRoles", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:DescribeResourcePolicies", "outposts:ListOutposts", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketVersions", "s3-outposts:ListAccessPoints", "s3-outposts:ListRegionalBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"DataSyncFullAccessPermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "datasync.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DataSyncPassRolePermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"datasync.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/datasync.amazonaws.com/AWSServiceRoleForDataSync", "Sid":"DataSyncCreateSLRPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-18T20:07:03+00:00" }, "AWSDataSyncReadOnlyAccess":{ "CreateDate":"2019-01-18T19:18:44+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "datasync:Describe*", "datasync:List*", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "fsx:DescribeFileSystems", "iam:GetRole", "iam:ListRoles", "logs:DescribeLogGroups", "logs:DescribeResourcePolicies", "s3:ListAllMyBuckets", "s3:ListBucket" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-30T17:59:22+00:00" }, "AWSDataSyncServiceRolePolicy":{ "CreateDate":"2024-10-09T17:45:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream" ], "Effect":"Allow", "Resource":[ "arn:*:logs:*:*:log-group:/aws/datasync*" ], "Sid":"DataSyncCloudWatchLogCreateAccess" }, { "Action":[ "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:*:logs:*:*:log-group:/aws/datasync*:log-stream:*" ], "Sid":"DataSyncCloudWatchLogStreamUpdateAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-09T17:45:40+00:00" }, "AWSDeadlineCloud-FleetWorker":{ "CreateDate":"2024-04-01T17:21:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "deadline:AssumeFleetRoleForWorker", "deadline:UpdateWorker", "deadline:UpdateWorkerSchedule", "deadline:BatchGetJobEntity", "deadline:AssumeQueueRoleForWorker" ], "Condition":{ "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"RunTasksPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-01T17:21:47+00:00" }, "AWSDeadlineCloud-UserAccessFarms":{ "CreateDate":"2024-04-01T16:54:00+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "identitystore:DescribeGroup", "identitystore:DescribeUser", "identitystore:ListGroupMembershipsForMember", "deadline:GetApplicationVersion", "ec2:DescribeInstanceTypes", "identitystore:ListUsers" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AdditionalPermissions" }, { "Action":[ "deadline:AssociateMemberToFarm", "deadline:AssociateMemberToFleet", "deadline:AssociateMemberToJob", "deadline:AssociateMemberToQueue", "deadline:CreateBudget", "deadline:DeleteBudget", "deadline:DisassociateMemberFromFarm", "deadline:DisassociateMemberFromFleet", "deadline:DisassociateMemberFromJob", "deadline:DisassociateMemberFromQueue", "deadline:GetBudget", "deadline:GetSessionsStatisticsAggregation", "deadline:ListBudgets", "deadline:StartSessionsStatisticsAggregation", "deadline:UpdateBudget" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FarmMembershipLevels":[ "OWNER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerLevelPermissions" }, { "Action":[ "deadline:AssociateMemberToFarm", "deadline:AssociateMemberToFleet", "deadline:AssociateMemberToJob", "deadline:AssociateMemberToQueue" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FarmMembershipLevels":[ "MANAGER" ] }, "StringEquals":{ "deadline:AssociatedMembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER", "" ], "deadline:MembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ManagerLevelMemberAssociation" }, { "Action":[ "deadline:DisassociateMemberFromFarm", "deadline:DisassociateMemberFromFleet", "deadline:DisassociateMemberFromJob", "deadline:DisassociateMemberFromQueue" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FarmMembershipLevels":[ "MANAGER" ] }, "StringEquals":{ "deadline:AssociatedMembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER", "" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ManagerLevelMemberDisassociation" }, { "Action":[ "deadline:ListFarmMembers", "deadline:ListFleetMembers", "deadline:ListJobMembers", "deadline:ListQueueMembers", "deadline:UpdateJob", "deadline:UpdateSession", "deadline:UpdateStep", "deadline:UpdateTask" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FarmMembershipLevels":[ "OWNER", "MANAGER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerManagerPermissions" }, { "Action":[ "deadline:AssumeQueueRoleForUser", "deadline:CreateJob" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FarmMembershipLevels":[ "OWNER", "MANAGER", "CONTRIBUTOR" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerManagerContributorPermissions" }, { "Action":[ "deadline:AssumeFleetRoleForRead", "deadline:AssumeQueueRoleForRead", "deadline:GetFarm", "deadline:GetFleet", "deadline:GetJob", "deadline:GetJobTemplate", "deadline:GetQueue", "deadline:GetQueueEnvironment", "deadline:GetQueueFleetAssociation", "deadline:GetSession", "deadline:GetSessionAction", "deadline:GetStep", "deadline:GetStorageProfile", "deadline:GetStorageProfileForQueue", "deadline:GetTask", "deadline:GetWorker", "deadline:ListJobParameterDefinitions", "deadline:ListQueueEnvironments", "deadline:ListQueueFleetAssociations", "deadline:ListSessionActions", "deadline:ListSessions", "deadline:ListSessionsForWorker", "deadline:ListStepConsumers", "deadline:ListStepDependencies", "deadline:ListSteps", "deadline:ListStorageProfiles", "deadline:ListStorageProfilesForQueue", "deadline:ListTasks", "deadline:ListWorkers", "deadline:SearchJobs", "deadline:SearchSteps", "deadline:SearchTasks", "deadline:SearchWorkers" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FarmMembershipLevels":[ "OWNER", "MANAGER", "CONTRIBUTOR", "VIEWER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllLevelsPermissions" }, { "Action":[ "deadline:ListFarms", "deadline:ListFleets", "deadline:ListJobs", "deadline:ListQueues" ], "Condition":{ "StringEquals":{ "deadline:RequesterPrincipalId":"${deadline:PrincipalId}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ListBasedOnMembership" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-07T17:57:52+00:00" }, "AWSDeadlineCloud-UserAccessFleets":{ "CreateDate":"2024-04-01T17:01:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "identitystore:DescribeGroup", "identitystore:DescribeUser", "identitystore:ListGroupMembershipsForMember", "deadline:GetApplicationVersion", "ec2:DescribeInstanceTypes", "identitystore:ListUsers" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AdditionalPermissions" }, { "Action":[ "deadline:AssociateMemberToFleet", "deadline:DisassociateMemberFromFleet" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FleetMembershipLevels":[ "OWNER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerLevelPermissions" }, { "Action":[ "deadline:AssociateMemberToFleet" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FleetMembershipLevels":[ "MANAGER" ] }, "StringEquals":{ "deadline:AssociatedMembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER", "" ], "deadline:MembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ManagerLevelMemberAssociation" }, { "Action":[ "deadline:DisassociateMemberFromFleet" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FleetMembershipLevels":[ "MANAGER" ] }, "StringEquals":{ "deadline:AssociatedMembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER", "" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ManagerLevelMemberDisassociation" }, { "Action":[ "deadline:ListFleetMembers" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FleetMembershipLevels":[ "OWNER", "MANAGER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerManagerPermissions" }, { "Action":[ "deadline:AssumeFleetRoleForRead", "deadline:GetFleet", "deadline:GetQueueFleetAssociation", "deadline:GetWorker", "deadline:ListQueueFleetAssociations", "deadline:ListSessionsForWorker", "deadline:ListWorkers", "deadline:SearchWorkers" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:FleetMembershipLevels":[ "OWNER", "MANAGER", "CONTRIBUTOR", "VIEWER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllLevelsPermissions" }, { "Action":[ "deadline:ListFleets" ], "Condition":{ "StringEquals":{ "deadline:RequesterPrincipalId":"${deadline:PrincipalId}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ListBasedOnMembership" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-01T17:01:50+00:00" }, "AWSDeadlineCloud-UserAccessJobs":{ "CreateDate":"2024-04-01T17:05:38+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "identitystore:DescribeGroup", "identitystore:DescribeUser", "identitystore:ListGroupMembershipsForMember", "deadline:GetApplicationVersion", "ec2:DescribeInstanceTypes", "identitystore:ListUsers" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AdditionalPermissions" }, { "Action":[ "deadline:AssociateMemberToJob", "deadline:DisassociateMemberFromJob" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:JobMembershipLevels":[ "OWNER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerLevelPermissions" }, { "Action":[ "deadline:AssociateMemberToJob" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:JobMembershipLevels":[ "MANAGER" ] }, "StringEquals":{ "deadline:AssociatedMembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER", "" ], "deadline:MembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ManagerLevelMemberAssociation" }, { "Action":[ "deadline:DisassociateMemberFromJob" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:JobMembershipLevels":[ "MANAGER" ] }, "StringEquals":{ "deadline:AssociatedMembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER", "" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ManagerLevelMemberDisassociation" }, { "Action":[ "deadline:ListJobMembers", "deadline:UpdateJob", "deadline:UpdateSession", "deadline:UpdateStep", "deadline:UpdateTask" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:JobMembershipLevels":[ "OWNER", "MANAGER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerManagerPermissions" }, { "Action":[ "deadline:GetJob", "deadline:GetJobTemplate", "deadline:GetSession", "deadline:GetSessionAction", "deadline:GetStep", "deadline:GetTask", "deadline:ListJobParameterDefinitions", "deadline:ListSessionActions", "deadline:ListSessions", "deadline:ListStepConsumers", "deadline:ListStepDependencies", "deadline:ListSteps", "deadline:ListTasks", "deadline:SearchSteps", "deadline:SearchTasks" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:JobMembershipLevels":[ "OWNER", "MANAGER", "CONTRIBUTOR", "VIEWER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllLevelsPermissions" }, { "Action":[ "deadline:ListJobs" ], "Condition":{ "StringEquals":{ "deadline:RequesterPrincipalId":"${deadline:PrincipalId}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ListBasedOnMembership" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-07T18:24:52+00:00" }, "AWSDeadlineCloud-UserAccessQueues":{ "CreateDate":"2024-04-01T17:10:03+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "identitystore:DescribeGroup", "identitystore:DescribeUser", "identitystore:ListGroupMembershipsForMember", "deadline:GetApplicationVersion", "ec2:DescribeInstanceTypes", "identitystore:ListUsers" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AdditionalPermissions" }, { "Action":[ "deadline:AssociateMemberToJob", "deadline:AssociateMemberToQueue", "deadline:DisassociateMemberFromJob", "deadline:DisassociateMemberFromQueue" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:QueueMembershipLevels":[ "OWNER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerLevelPermissions" }, { "Action":[ "deadline:AssociateMemberToJob", "deadline:AssociateMemberToQueue" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:QueueMembershipLevels":[ "MANAGER" ] }, "StringEquals":{ "deadline:AssociatedMembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER", "" ], "deadline:MembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ManagerLevelMemberAssociation" }, { "Action":[ "deadline:DisassociateMemberFromJob", "deadline:DisassociateMemberFromQueue" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:QueueMembershipLevels":[ "MANAGER" ] }, "StringEquals":{ "deadline:AssociatedMembershipLevel":[ "MANAGER", "CONTRIBUTOR", "VIEWER", "" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ManagerLevelMemberDisassociation" }, { "Action":[ "deadline:ListJobMembers", "deadline:ListQueueMembers", "deadline:UpdateJob", "deadline:UpdateSession", "deadline:UpdateStep", "deadline:UpdateTask" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:QueueMembershipLevels":[ "OWNER", "MANAGER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerManagerPermissions" }, { "Action":[ "deadline:AssumeQueueRoleForUser", "deadline:CreateJob" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:QueueMembershipLevels":[ "OWNER", "MANAGER", "CONTRIBUTOR" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"OwnerManagerContributorPermissions" }, { "Action":[ "deadline:AssumeQueueRoleForRead", "deadline:GetJob", "deadline:GetJobTemplate", "deadline:GetQueue", "deadline:GetQueueEnvironment", "deadline:GetQueueFleetAssociation", "deadline:GetSession", "deadline:GetSessionAction", "deadline:GetStep", "deadline:GetStorageProfileForQueue", "deadline:GetTask", "deadline:ListJobParameterDefinitions", "deadline:ListQueueEnvironments", "deadline:ListQueueFleetAssociations", "deadline:ListSessionActions", "deadline:ListSessions", "deadline:ListStepConsumers", "deadline:ListStepDependencies", "deadline:ListSteps", "deadline:ListStorageProfilesForQueue", "deadline:ListTasks", "deadline:SearchJobs", "deadline:SearchSteps", "deadline:SearchTasks" ], "Condition":{ "ForAnyValue:StringEquals":{ "deadline:QueueMembershipLevels":[ "OWNER", "MANAGER", "CONTRIBUTOR", "VIEWER" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllLevelsPermissions" }, { "Action":[ "deadline:ListJobs", "deadline:ListQueues" ], "Condition":{ "StringEquals":{ "deadline:RequesterPrincipalId":"${deadline:PrincipalId}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ListBasedOnMembership" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-07T18:25:13+00:00" }, "AWSDeadlineCloud-WorkerHost":{ "CreateDate":"2024-04-01T17:28:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "deadline:CreateWorker", "deadline:AssumeFleetRoleForWorker" ], "Condition":{ "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"JoinFleetPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-01T17:28:28+00:00" }, "AWSDeepLensLambdaFunctionAccessPolicy":{ "CreateDate":"2017-11-29T15:47:18+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "s3:ListBucket", "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::deeplens*/*", "arn:aws:s3:::deeplens*" ], "Sid":"DeepLensS3ObjectAccess" }, { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/greengrass/*", "Sid":"DeepLensGreenGrassCloudWatchAccess" }, { "Action":[ "deeplens:*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepLensAccess" }, { "Action":[ "kinesisvideo:DescribeStream", "kinesisvideo:CreateStream", "kinesisvideo:GetDataEndpoint", "kinesisvideo:PutMedia" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepLensKinesisVideoAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-11T23:11:55+00:00" }, "AWSDeepLensServiceRolePolicy":{ "CreateDate":"2017-11-29T15:46:36+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "iot:CreateThing", "iot:DeleteThing", "iot:DeleteThingShadow", "iot:DescribeThing", "iot:GetThingShadow", "iot:UpdateThing", "iot:UpdateThingShadow" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/deeplens*" ], "Sid":"DeepLensIoTThingAccess" }, { "Action":[ "iot:AttachThingPrincipal", "iot:DetachThingPrincipal", "iot:UpdateCertificate", "iot:DeleteCertificate", "iot:DetachPrincipalPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/deeplens*", "arn:aws:iot:*:*:cert/*" ], "Sid":"DeepLensIoTCertificateAccess" }, { "Action":[ "iot:CreateKeysAndCertificate", "iot:CreatePolicy", "iot:CreatePolicyVersion" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepLensIoTCreateCertificateAndPolicyAccess" }, { "Action":[ "iot:AttachPrincipalPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:policy/deeplens*", "arn:aws:iot:*:*:cert/*" ], "Sid":"DeepLensIoTAttachCertificatePolicyAccess" }, { "Action":[ "iot:GetThingShadow", "iot:UpdateThingShadow" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/deeplens*" ], "Sid":"DeepLensIoTDataAccess" }, { "Action":[ "iot:DescribeEndpoint" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepLensIoTEndpointAccess" }, { "Action":[ "deeplens:*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepLensAccess" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::deeplens*" ], "Sid":"DeepLensS3ObjectAccess" }, { "Action":[ "s3:DeleteBucket", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::deeplens*" ], "Sid":"DeepLensS3Buckets" }, { "Action":[ "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepLensCreateS3Buckets" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "greengrass.amazonaws.com", "sagemaker.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepLensIAMPassRoleAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEqualsIfExists":{ "iam:PassedToService":"lambda.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSDeepLens*", "arn:aws:iam::*:role/service-role/AWSDeepLens*" ], "Sid":"DeepLensIAMLambdaPassRoleAccess" }, { "Action":[ "greengrass:AssociateRoleToGroup", "greengrass:AssociateServiceRoleToAccount", "greengrass:CreateResourceDefinition", "greengrass:CreateResourceDefinitionVersion", "greengrass:CreateCoreDefinition", "greengrass:CreateCoreDefinitionVersion", "greengrass:CreateDeployment", "greengrass:CreateFunctionDefinition", "greengrass:CreateFunctionDefinitionVersion", "greengrass:CreateGroup", "greengrass:CreateGroupCertificateAuthority", "greengrass:CreateGroupVersion", "greengrass:CreateLoggerDefinition", "greengrass:CreateLoggerDefinitionVersion", "greengrass:CreateSubscriptionDefinition", "greengrass:CreateSubscriptionDefinitionVersion", "greengrass:DeleteCoreDefinition", "greengrass:DeleteFunctionDefinition", "greengrass:DeleteGroup", "greengrass:DeleteLoggerDefinition", "greengrass:DeleteSubscriptionDefinition", "greengrass:DisassociateRoleFromGroup", "greengrass:DisassociateServiceRoleFromAccount", "greengrass:GetAssociatedRole", "greengrass:GetConnectivityInfo", "greengrass:GetCoreDefinition", "greengrass:GetCoreDefinitionVersion", "greengrass:GetDeploymentStatus", "greengrass:GetDeviceDefinition", "greengrass:GetDeviceDefinitionVersion", "greengrass:GetFunctionDefinition", "greengrass:GetFunctionDefinitionVersion", "greengrass:GetGroup", "greengrass:GetGroupCertificateAuthority", "greengrass:GetGroupCertificateConfiguration", "greengrass:GetGroupVersion", "greengrass:GetLoggerDefinition", "greengrass:GetLoggerDefinitionVersion", "greengrass:GetResourceDefinition", "greengrass:GetServiceRoleForAccount", "greengrass:GetSubscriptionDefinition", "greengrass:GetSubscriptionDefinitionVersion", "greengrass:ListCoreDefinitionVersions", "greengrass:ListCoreDefinitions", "greengrass:ListDeployments", "greengrass:ListDeviceDefinitionVersions", "greengrass:ListDeviceDefinitions", "greengrass:ListFunctionDefinitionVersions", "greengrass:ListFunctionDefinitions", "greengrass:ListGroupCertificateAuthorities", "greengrass:ListGroupVersions", "greengrass:ListGroups", "greengrass:ListLoggerDefinitionVersions", "greengrass:ListLoggerDefinitions", "greengrass:ListSubscriptionDefinitionVersions", "greengrass:ListSubscriptionDefinitions", "greengrass:ResetDeployments", "greengrass:UpdateConnectivityInfo", "greengrass:UpdateCoreDefinition", "greengrass:UpdateDeviceDefinition", "greengrass:UpdateFunctionDefinition", "greengrass:UpdateGroup", "greengrass:UpdateGroupCertificateConfiguration", "greengrass:UpdateLoggerDefinition", "greengrass:UpdateSubscriptionDefinition", "greengrass:UpdateResourceDefinition" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepLensGreenGrassAccess" }, { "Action":[ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:ListFunctions", "lambda:ListVersionsByFunction", "lambda:PublishVersion", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:deeplens*" ], "Sid":"DeepLensLambdaAdminFunctionAccess" }, { "Action":[ "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:ListFunctions", "lambda:ListVersionsByFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:*" ], "Sid":"DeepLensLambdaUsersFunctionAccess" }, { "Action":[ "sagemaker:CreateTrainingJob", "sagemaker:DescribeTrainingJob", "sagemaker:StopTrainingJob" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:training-job/deeplens*" ], "Sid":"DeepLensSageMakerWriteAccess" }, { "Action":[ "sagemaker:DescribeTrainingJob" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:training-job/*" ], "Sid":"DeepLensSageMakerReadAccess" }, { "Action":[ "kinesisvideo:CreateStream", "kinesisvideo:DescribeStream", "kinesisvideo:DeleteStream" ], "Effect":"Allow", "Resource":[ "arn:aws:kinesisvideo:*:*:stream/deeplens*/*" ], "Sid":"DeepLensKinesisVideoStreamAccess" }, { "Action":[ "kinesisvideo:GetDataEndpoint" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepLensKinesisVideoEndpointAccess" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-25T19:25:06+00:00" }, "AWSDeepRacerAccountAdminAccess":{ "CreateDate":"2021-10-28T01:27:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "deepracer:*" ], "Condition":{ "Null":{ "deepracer:UserToken":"true" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeepRacerAdminAccessStatement" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-10-28T01:27:13+00:00" }, "AWSDeepRacerCloudFormationAccessPolicy":{ "CreateDate":"2019-02-28T21:59:49+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudformation:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:AllocateAddress", "ec2:AttachInternetGateway", "ec2:AssociateRouteTable", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:DeleteInternetGateway", "ec2:DeleteNatGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpoints", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DetachInternetGateway", "ec2:DisassociateRouteTable", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ReleaseAddress", "ec2:ReplaceNetworkAclAssociation", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLikeIfExists":{ "iam:PassedToService":"lambda.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AWSDeepRacerLambdaAccessRole" }, { "Action":[ "lambda:CreateFunction", "lambda:GetFunction", "lambda:DeleteFunction", "lambda:TagResource", "lambda:UpdateFunctionCode" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:*DeepRacer*", "arn:aws:lambda:*:*:function:*Deepracer*", "arn:aws:lambda:*:*:function:*deepracer*" ] }, { "Action":[ "s3:PutBucketPolicy", "s3:CreateBucket", "s3:ListBucket", "s3:GetBucketAcl", "s3:DeleteBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*DeepRacer*", "arn:aws:s3:::*Deepracer*", "arn:aws:s3:::*deepracer*" ] }, { "Action":[ "robomaker:CreateSimulationApplication", "robomaker:CreateSimulationApplicationVersion", "robomaker:DeleteSimulationApplication", "robomaker:DescribeSimulationApplication", "robomaker:ListSimulationApplications", "robomaker:TagResource", "robomaker:UpdateSimulationApplication" ], "Effect":"Allow", "Resource":[ "arn:aws:robomaker:*:*:/createSimulationApplication", "arn:aws:robomaker:*:*:simulation-application/deepracer*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-14T17:02:04+00:00" }, "AWSDeepRacerDefaultMultiUserAccess":{ "CreateDate":"2021-10-28T01:27:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "deepracer:Add*", "deepracer:Remove*", "deepracer:Create*", "deepracer:Perform*", "deepracer:Clone*", "deepracer:Get*", "deepracer:List*", "deepracer:Edit*", "deepracer:Start*", "deepracer:Set*", "deepracer:Update*", "deepracer:Delete*", "deepracer:Stop*", "deepracer:Import*", "deepracer:Tag*", "deepracer:Untag*" ], "Condition":{ "Bool":{ "deepracer:MultiUser":"true" }, "Null":{ "deepracer:UserToken":"false" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "deepracer:GetAccountConfig", "deepracer:GetTrack", "deepracer:ListTracks", "deepracer:TestRewardFunction" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "deepracer:Admin*" ], "Effect":"Deny", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-10-28T01:27:13+00:00" }, "AWSDeepRacerFullAccess":{ "CreateDate":"2020-10-05T22:03:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:ListBucket", "s3:GetBucketAcl", "s3:GetObject", "s3:GetObjectVersion", "s3:GetObjectAcl", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*DeepRacer*", "arn:aws:s3:::*Deepracer*", "arn:aws:s3:::*deepracer*", "arn:aws:s3:::dr-*", "arn:aws:s3:::*DeepRacer*/*", "arn:aws:s3:::*Deepracer*/*", "arn:aws:s3:::*deepracer*/*", "arn:aws:s3:::dr-*/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-05T22:03:10+00:00" }, "AWSDeepRacerRoboMakerAccessPolicy":{ "CreateDate":"2019-02-28T21:59:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "robomaker:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:PutMetricData", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs", "arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs:log-stream:*" ] }, { "Action":[ "s3:GetObject", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*DeepRacer*", "arn:aws:s3:::*Deepracer*", "arn:aws:s3:::*deepracer*", "arn:aws:s3:::dr-*" ] }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/DeepRacer":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesisvideo:CreateStream", "kinesisvideo:DescribeStream", "kinesisvideo:GetDataEndpoint", "kinesisvideo:PutMedia", "kinesisvideo:TagStream" ], "Effect":"Allow", "Resource":[ "arn:aws:kinesisvideo:*:*:stream/dr-*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-02-28T21:59:58+00:00" }, "AWSDeepRacerServiceRolePolicy":{ "CreateDate":"2019-02-28T21:58:09+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "deepracer:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "robomaker:*", "sagemaker:*", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudformation:ListStackResources", "cloudformation:DescribeStacks", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStackEvents", "cloudformation:DetectStackDrift", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:DescribeStackResourceDrifts" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"robomaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSDeepRacer*", "arn:aws:iam::*:role/service-role/AWSDeepRacer*" ] }, { "Action":[ "cloudwatch:GetMetricData", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:InvokeFunction", "lambda:UpdateFunctionCode" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:*DeepRacer*", "arn:aws:lambda:*:*:function:*Deepracer*", "arn:aws:lambda:*:*:function:*deepracer*", "arn:aws:lambda:*:*:function:*dr-*" ] }, { "Action":[ "s3:GetObject", "s3:GetBucketLocation", "s3:DeleteObject", "s3:ListBucket", "s3:PutObject", "s3:PutBucketPolicy", "s3:GetBucketAcl" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*DeepRacer*", "arn:aws:s3:::*Deepracer*", "arn:aws:s3:::*deepracer*", "arn:aws:s3:::dr-*" ] }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/DeepRacer":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesisvideo:CreateStream", "kinesisvideo:DeleteStream", "kinesisvideo:DescribeStream", "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetHLSStreamingSessionURL", "kinesisvideo:GetMedia", "kinesisvideo:PutMedia", "kinesisvideo:TagStream" ], "Effect":"Allow", "Resource":[ "arn:aws:kinesisvideo:*:*:stream/dr-*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-12T20:55:34+00:00" }, "AWSDenyAll":{ "CreateDate":"2019-05-01T22:36:14+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "*" ], "Effect":"Deny", "Resource":"*", "Sid":"DenyAll" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-18T16:42:05+00:00" }, "AWSDeviceFarmFullAccess":{ "CreateDate":"2015-07-13T16:37:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "devicefarm:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-07-13T16:37:38+00:00" }, "AWSDeviceFarmServiceRolePolicy":{ "CreateDate":"2022-09-20T21:02:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:RequestTag/AWSDeviceFarmManaged":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AWSDeviceFarmManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AWSDeviceFarmManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-09-20T21:02:28+00:00" }, "AWSDeviceFarmTestGridServiceRolePolicy":{ "CreateDate":"2021-05-26T22:01:35+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:RequestTag/AWSDeviceFarmManaged":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AWSDeviceFarmManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AWSDeviceFarmManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-05-26T22:01:35+00:00" }, "AWSDirectConnectFullAccess":{ "CreateDate":"2015-02-06T18:40:07+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "directconnect:*", "ec2:DescribeVpnGateways", "ec2:DescribeTransitGateways" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-04-30T15:29:29+00:00" }, "AWSDirectConnectReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:08+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "directconnect:Describe*", "directconnect:List*", "ec2:DescribeVpnGateways", "ec2:DescribeTransitGateways" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-18T18:48:22+00:00" }, "AWSDirectConnectServiceRolePolicy":{ "CreateDate":"2021-01-14T18:35:27+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds", "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:*directconnect*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-14T18:35:27+00:00" }, "AWSDirectoryServiceDataFullAccess":{ "CreateDate":"2024-09-18T21:45:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ds:AccessDSData", "ds-data:AddGroupMember", "ds-data:CreateGroup", "ds-data:CreateUser", "ds-data:DeleteGroup", "ds-data:DeleteUser", "ds-data:DescribeGroup", "ds-data:DescribeUser", "ds-data:DisableUser", "ds-data:ListGroupMembers", "ds-data:ListGroups", "ds-data:ListGroupsForMember", "ds-data:ListUsers", "ds-data:RemoveGroupMember", "ds-data:SearchGroups", "ds-data:SearchUsers", "ds-data:UpdateGroup", "ds-data:UpdateUser" ], "Effect":"Allow", "Resource":[ "arn:aws:ds:*:*:directory/*" ], "Sid":"DSDataFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-18T21:45:17+00:00" }, "AWSDirectoryServiceDataReadOnlyAccess":{ "CreateDate":"2024-09-18T22:00:34+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ds:AccessDSData", "ds-data:DescribeGroup", "ds-data:DescribeUser", "ds-data:ListGroupMembers", "ds-data:ListGroups", "ds-data:ListGroupsForMember", "ds-data:ListUsers", "ds-data:SearchGroups", "ds-data:SearchUsers" ], "Effect":"Allow", "Resource":[ "arn:aws:ds:*:*:directory/*" ], "Sid":"DSDataReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-18T22:00:34+00:00" }, "AWSDirectoryServiceFullAccess":{ "CreateDate":"2015-02-06T18:41:11+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "ds:*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:DescribeSecurityGroups", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "iam:ListRoles", "organizations:ListAccountsForParent", "organizations:ListRoots", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"DirectoryServiceFullAccess" }, { "Action":[ "sns:CreateTopic", "sns:DeleteTopic", "sns:SetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:DirectoryMonitoring*", "Sid":"DirectoryServiceEventTopic" }, { "Action":[ "organizations:EnableAWSServiceAccess", "organizations:DisableAWSServiceAccess" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":"ds.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"DirectoryServiceOrganizations" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"DirectoryServiceTags" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-02T20:38:17+00:00" }, "AWSDirectoryServiceReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:12+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ds:Check*", "ds:Describe*", "ds:Get*", "ds:List*", "ds:Verify*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "sns:ListTopics", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-09-25T21:54:01+00:00" }, "AWSDiscoveryContinuousExportFirehosePolicy":{ "CreateDate":"2018-08-09T18:29:39+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "glue:GetTableVersions" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:AbortMultipartUpload", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-application-discovery-service-*" ] }, { "Action":[ "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose:log-stream:*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-06-08T17:32:46+00:00" }, "AWSEC2CapacityReservationFleetRolePolicy":{ "CreateDate":"2021-09-29T14:43:09+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeCapacityReservations", "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateCapacityReservation", "ec2:CancelCapacityReservation", "ec2:ModifyCapacityReservation" ], "Condition":{ "ArnLike":{ "ec2:CapacityReservationFleet":"arn:aws:ec2:*:*:capacity-reservation-fleet/crf-*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:capacity-reservation/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateCapacityReservation" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:capacity-reservation/*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-03T23:22:06+00:00" }, "AWSEC2FleetServiceRolePolicy":{ "CreateDate":"2018-03-21T00:08:55+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:RequestSpotInstances", "ec2:DescribeInstanceStatus", "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"spot.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2SpotManagement" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:spot-instances-request/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"RunInstances" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ] }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:ec2:fleet-id":"*" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-04T20:10:31+00:00" }, "AWSEC2SpotFleetServiceRolePolicy":{ "CreateDate":"2017-10-23T19:13:06+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:RequestSpotInstances", "ec2:DescribeInstanceStatus", "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:spot-instances-request/*", "arn:aws:ec2:*:*:spot-fleet-request/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:ec2spot:fleet-request-id":"*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" ] }, { "Action":[ "elasticloadbalancing:RegisterTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:*/*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-03-16T19:16:21+00:00" }, "AWSEC2SpotServiceRolePolicy":{ "CreateDate":"2017-09-18T18:51:54+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringNotEquals":{ "ec2:InstanceMarketType":"spot" } }, "Effect":"Deny", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"RunInstances" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-12-12T00:13:51+00:00" }, "AWSEC2VssSnapshotPolicy":{ "CreateDate":"2024-03-27T16:32:53+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstanceAttribute" ], "Condition":{ "ArnLike":{ "ec2:SourceInstanceARN":"arn:aws:ec2:*:*:instance/${ec2:InstanceId}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"DescribeInstanceInfo" }, { "Action":[ "ec2:CreateSnapshots" ], "Condition":{ "StringLike":{ "aws:RequestTag/AwsVssConfig":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*" ], "Sid":"CreateSnapshotsWithTag" }, { "Action":[ "ec2:CreateSnapshots" ], "Condition":{ "ArnLike":{ "ec2:SourceInstanceARN":"arn:aws:ec2:*:*:instance/${ec2:InstanceId}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"CreateSnapshotsAccessInstance" }, { "Action":[ "ec2:CreateSnapshots" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ], "Sid":"CreateSnapshotsAccessVolume" }, { "Action":[ "ec2:CreateImage" ], "Condition":{ "StringLike":{ "aws:RequestTag/AwsVssConfig":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:image/*" ], "Sid":"CreateImageWithTag" }, { "Action":[ "ec2:CreateImage" ], "Condition":{ "ArnLike":{ "ec2:SourceInstanceARN":"arn:aws:ec2:*:*:instance/${ec2:InstanceId}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"CreateImageAccessInstance" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateImage", "CreateSnapshots" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:image/*" ], "Sid":"CreateTagsOnResourceCreation" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AppConsistent", "Device" ] }, "StringLike":{ "ec2:ResourceTag/AwsVssConfig":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:image/*" ], "Sid":"CreateTagsAfterResourceCreation" }, { "Action":[ "ec2:DescribeImages", "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeImagesAndSnapshots" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-20T17:44:08+00:00" }, "AWSECRPullThroughCache_ServiceRolePolicy":{ "CreateDate":"2021-11-26T21:51:09+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:PutImage", "ecr:BatchGetImage", "ecr:BatchImportUpstreamImage", "ecr:GetDownloadUrlForLayer", "ecr:GetImageCopyStatus" ], "Effect":"Allow", "Resource":"*", "Sid":"ECR" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:ecr-pullthroughcache/*", "Sid":"SecretsManager" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-06T21:22:07+00:00" }, "AWSElasticBeanstalkCustomPlatformforEC2Role":{ "CreateDate":"2017-02-21T22:50:30+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:AttachVolume", "ec2:AuthorizeSecurityGroupIngress", "ec2:CopyImage", "ec2:CreateImage", "ec2:CreateKeypair", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteKeypair", "ec2:DeleteSecurityGroup", "ec2:DeleteSnapshot", "ec2:DeleteVolume", "ec2:DeregisterImage", "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DetachVolume", "ec2:GetPasswordData", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:ModifySnapshotAttribute", "ec2:RegisterImage", "ec2:RunInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Access" }, { "Action":[ "s3:Get*", "s3:List*", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::elasticbeanstalk-*", "arn:aws:s3:::elasticbeanstalk-*/*" ], "Sid":"BucketAccess" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/platform/*", "Sid":"CloudWatchLogsAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-02-21T22:50:30+00:00" }, "AWSElasticBeanstalkEnhancedHealth":{ "CreateDate":"2016-02-08T23:17:27+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetHealth", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:GetConsoleOutput", "ec2:AssociateAddress", "ec2:DescribeAddresses", "ec2:DescribeSecurityGroups", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeNotificationConfigurations", "sns:Publish" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "logs:DescribeLogStreams", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-04-09T22:12:53+00:00" }, "AWSElasticBeanstalkMaintenance":{ "CreateDate":"2019-01-11T23:22:52+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:ListChangeSets", "cloudformation:DescribeStacks", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ], "Sid":"AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks" }, { "Action":"elasticloadbalancing:DescribeLoadBalancers", "Effect":"Allow", "Resource":"*", "Sid":"AllowElasticBeanstalkStacksUpdateExecuteSuccessfully" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-29T21:48:04+00:00" }, "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy":{ "CreateDate":"2021-03-03T22:18:00+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "elasticbeanstalk:*" ], "Effect":"Allow", "Resource":"*", "Sid":"ElasticBeanstalkPermissions" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"AllowPassRoleToElasticBeanstalkAndDownstreamServices" }, { "Action":[ "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeScheduledActions", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSubnets", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "logs:DescribeLogGroups", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeOrderableDBInstanceOptions", "sns:ListSubscriptionsByTopic" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ReadOnlyPermissions" }, { "Action":[ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateSecurityGroup", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteSecurityGroup", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2BroadOperationPermissions" }, { "Action":"ec2:RunInstances", "Condition":{ "ArnLike":{ "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2RunInstancesOperationPermissions" }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":[ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"EC2TerminateInstancesOperationPermissions" }, { "Action":[ "ecs:CreateCluster", "ecs:DescribeClusters", "ecs:RegisterTaskDefinition" ], "Effect":"Allow", "Resource":"*", "Sid":"ECSBroadOperationPermissions" }, { "Action":"ecs:DeleteCluster", "Effect":"Allow", "Resource":"arn:aws:ecs:*:*:cluster/awseb-*", "Sid":"ECSDeleteClusterOperationPermissions" }, { "Action":[ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteScheduledAction", "autoscaling:DetachInstances", "autoscaling:DeletePolicy", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:PutNotificationConfiguration", "autoscaling:ResumeProcesses", "autoscaling:SetDesiredCapacity", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" ], "Sid":"ASGOperationPermissions" }, { "Action":[ "cloudformation:*" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ], "Sid":"CFNOperationPermissions" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*" ], "Sid":"ELBOperationPermissions" }, { "Action":[ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", "Sid":"CWLogsOperationPermissions" }, { "Action":[ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectVersionAcl" ], "Effect":"Allow", "Resource":"arn:aws:s3:::elasticbeanstalk-*/*", "Sid":"S3ObjectOperationPermissions" }, { "Action":[ "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:ListBucket", "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3:::elasticbeanstalk-*", "Sid":"S3BucketOperationPermissions" }, { "Action":[ "sns:CreateTopic", "sns:GetTopicAttributes", "sns:SetTopicAttributes", "sns:Subscribe" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:ElasticBeanstalkNotifications-*", "Sid":"SNSOperationPermissions" }, { "Action":[ "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:awseb-e-*", "arn:aws:sqs:*:*:eb-*" ], "Sid":"SQSOperationPermissions" }, { "Action":[ "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:awseb-*", "arn:aws:cloudwatch:*:*:alarm:eb-*" ], "Sid":"CWPutMetricAlarmOperationPermissions" }, { "Action":[ "ecs:TagResource" ], "Condition":{ "StringEquals":{ "ecs:CreateAction":[ "CreateCluster", "RegisterTaskDefinition" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowECSTagResource" }, { "Action":"ec2:createTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateLaunchTemplate", "RunInstances" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"LaunchTemplateTagPropagationPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-27T16:07:07+00:00" }, "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy":{ "CreateDate":"2019-11-21T22:35:06+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":"iam:PassRole", "Condition":{ "StringLikeIfExists":{ "iam:PassedToService":[ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPassRoleToElasticBeanstalkAndDownstreamServices" }, { "Action":[ "ec2:releaseAddress", "ec2:allocateAddress", "ec2:DisassociateAddress", "ec2:AssociateAddress" ], "Effect":"Allow", "Resource":"*", "Sid":"SingleInstanceAPIs" }, { "Action":[ "ecs:RegisterTaskDefinition", "ecs:DeRegisterTaskDefinition", "ecs:List*", "ecs:Describe*" ], "Effect":"Allow", "Resource":"*", "Sid":"ECS" }, { "Action":[ "elasticbeanstalk:*" ], "Effect":"Allow", "Resource":"*", "Sid":"ElasticBeanstalkAPIs" }, { "Action":[ "cloudformation:Describe*", "cloudformation:List*", "ec2:Describe*", "autoscaling:Describe*", "elasticloadbalancing:Describe*", "logs:DescribeLogGroups", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyAPIs" }, { "Action":[ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteScheduledAction", "autoscaling:DetachInstances", "autoscaling:PutNotificationConfiguration", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:ResumeProcesses", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" ], "Sid":"ASG" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:CancelUpdateStack", "cloudformation:DeleteStack", "cloudformation:GetTemplate", "cloudformation:UpdateStack", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ], "Sid":"CFN" }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":[ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"EC2" }, { "Action":[ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectVersionAcl" ], "Effect":"Allow", "Resource":"arn:aws:s3:::elasticbeanstalk-*/*", "Sid":"S3Obj" }, { "Action":[ "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:ListBucket", "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3:::elasticbeanstalk-*", "Sid":"S3Bucket" }, { "Action":[ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", "Sid":"CWL" }, { "Action":[ "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeRegisterTargets", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*" ], "Sid":"ELB" }, { "Action":[ "sns:CreateTopic" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*", "Sid":"SNS" }, { "Action":[ "ec2:CreateLaunchTemplate", "ec2:DeleteLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:DeleteLaunchTemplateVersions" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"EC2LaunchTemplate" }, { "Action":"ec2:RunInstances", "Condition":{ "ArnLike":{ "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowLaunchTemplateRunInstances" }, { "Action":[ "ecs:TagResource" ], "Condition":{ "StringEquals":{ "ecs:CreateAction":[ "RegisterTaskDefinition" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowECSTagResource" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-29T23:11:34+00:00" }, "AWSElasticBeanstalkMulticontainerDocker":{ "CreateDate":"2016-02-08T23:15:29+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ecs:Poll", "ecs:StartTask", "ecs:StopTask", "ecs:DiscoverPollEndpoint", "ecs:StartTelemetrySession", "ecs:RegisterContainerInstance", "ecs:DeregisterContainerInstance", "ecs:DescribeContainerInstances", "ecs:Submit*", "ecs:DescribeTasks" ], "Effect":"Allow", "Resource":"*", "Sid":"ECSAccess" }, { "Action":[ "ecs:TagResource" ], "Condition":{ "StringEquals":{ "ecs:CreateAction":[ "RegisterContainerInstance", "StartTask" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowECSTagResource" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-23T22:04:20+00:00" }, "AWSElasticBeanstalkReadOnly":{ "CreateDate":"2021-01-22T19:02:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "acm:ListCertificates", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribePolicies", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeScheduledActions", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudformation:ListStacks", "cloudformation:ValidateTemplate", "cloudtrail:LookupEvents", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeAvailabilityZones", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticbeanstalk:Check*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:RequestEnvironmentInfo", "elasticbeanstalk:RetrieveEnvironmentInfo", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeSSLPolicies", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "iam:GetRole", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListServerCertificates", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribeDBSnapshots", "s3:ListAllMyBuckets", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sqs:ListQueues" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAPIs" }, { "Action":[ "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:ListBucket" ], "Effect":"Allow", "Resource":"arn:aws:s3:::elasticbeanstalk-*", "Sid":"AllowS3" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-22T19:02:37+00:00" }, "AWSElasticBeanstalkRoleCWL":{ "CreateDate":"2020-06-05T21:49:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", "Sid":"AllowCWL" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-05T21:49:06+00:00" }, "AWSElasticBeanstalkRoleCore":{ "CreateDate":"2020-06-05T21:48:24+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/awseb-e-*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"TerminateInstances" }, { "Action":[ "ec2:ReleaseAddress", "ec2:AllocateAddress", "ec2:DisassociateAddress", "ec2:AssociateAddress", "ec2:CreateTags", "ec2:DeleteTags", "ec2:CreateSecurityGroup", "ec2:DeleteSecurityGroup", "ec2:AuthorizeSecurityGroup*", "ec2:RevokeSecurityGroup*", "ec2:CreateLaunchTemplate*", "ec2:DeleteLaunchTemplate*" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2" }, { "Action":"ec2:RunInstances", "Condition":{ "ArnLike":{ "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"LTRunInstances" }, { "Action":[ "autoscaling:AttachInstances", "autoscaling:*LoadBalancer*", "autoscaling:*AutoScalingGroup", "autoscaling:*LaunchConfiguration", "autoscaling:DeleteScheduledAction", "autoscaling:DetachInstances", "autoscaling:PutNotificationConfiguration", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:ResumeProcesses", "autoscaling:SuspendProcesses", "autoscaling:*Tags" ], "Effect":"Allow", "Resource":[ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*" ], "Sid":"ASG" }, { "Action":[ "autoscaling:DeletePolicy" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ASGPolicy" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"elasticbeanstalk.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" ], "Sid":"EBSLR" }, { "Action":[ "s3:Delete*", "s3:Get*", "s3:Put*" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::elasticbeanstalk-*/*", "arn:aws:s3:::elasticbeanstalk-env-resources-*/*" ], "Sid":"S3Obj" }, { "Action":[ "s3:GetBucket*", "s3:ListBucket", "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3:::elasticbeanstalk-*", "Sid":"S3Bucket" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudformation:UpdateStack", "cloudformation:ContinueUpdateRollback", "cloudformation:CancelUpdateStack", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/awseb-e-*", "Sid":"CFN" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:awseb-*", "Sid":"CloudWatch" }, { "Action":[ "elasticloadbalancing:Create*", "elasticloadbalancing:Delete*", "elasticloadbalancing:Modify*", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeRegisterTargets", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:*Tags", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:SetRulePriorities", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/awseb-*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/awseb-*/*", "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", "arn:aws:elasticloadbalancing:*:*:listener/app/awseb-*", "arn:aws:elasticloadbalancing:*:*:listener/net/awseb-*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*" ], "Sid":"ELB" }, { "Action":[ "autoscaling:Describe*", "cloudformation:Describe*", "logs:Describe*", "ec2:Describe*", "ecs:Describe*", "ecs:List*", "elasticloadbalancing:Describe*", "rds:Describe*", "sns:List*", "iam:List*", "acm:Describe*", "acm:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"ListAPIs" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-elasticbeanstalk-*", "Sid":"AllowPassRole" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-30T00:01:53+00:00" }, "AWSElasticBeanstalkRoleECS":{ "CreateDate":"2020-06-05T21:47:27+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ecs:CreateCluster", "ecs:DeleteCluster", "ecs:RegisterTaskDefinition", "ecs:DeRegisterTaskDefinition" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowECS" }, { "Action":[ "ecs:TagResource" ], "Condition":{ "StringEquals":{ "ecs:CreateAction":[ "CreateCluster", "RegisterTaskDefinition" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowECSTagResource" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-23T22:43:56+00:00" }, "AWSElasticBeanstalkRoleRDS":{ "CreateDate":"2020-06-05T21:46:55+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "rds:CreateDBSecurityGroup", "rds:DeleteDBSecurityGroup", "rds:AuthorizeDBSecurityGroupIngress", "rds:CreateDBInstance", "rds:ModifyDBInstance", "rds:DeleteDBInstance" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:secgrp:awseb-e-*", "arn:aws:rds:*:*:db:*" ], "Sid":"AllowRDS" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-05T21:46:55+00:00" }, "AWSElasticBeanstalkRoleSNS":{ "CreateDate":"2020-06-05T21:46:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sns:CreateTopic", "sns:SetTopicAttributes", "sns:DeleteTopic" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" ], "Sid":"AllowBeanstalkManageSNS" }, { "Action":[ "sns:GetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe", "sns:Publish" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSNSPublish" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-05T21:46:22+00:00" }, "AWSElasticBeanstalkRoleWorkerTier":{ "CreateDate":"2020-06-05T21:43:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sqs:TagQueue", "sqs:DeleteQueue", "sqs:GetQueueAttributes", "sqs:CreateQueue" ], "Effect":"Allow", "Resource":"arn:aws:sqs:*:*:awseb-e-*", "Sid":"AllowSQS" }, { "Action":[ "dynamodb:CreateTable", "dynamodb:TagResource", "dynamodb:DescribeTable", "dynamodb:DeleteTable" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/awseb-e-*", "Sid":"AllowDDB" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-05T21:43:37+00:00" }, "AWSElasticBeanstalkService":{ "CreateDate":"2016-04-11T20:27:23+00:00", "DefaultVersionId":"v17", "Document":{ "Statement":[ { "Action":[ "cloudformation:*" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ], "Sid":"AllowCloudformationOperationsOnElasticBeanstalkStacks" }, { "Action":[ "logs:DeleteLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" ], "Sid":"AllowDeleteCloudwatchLogGroups" }, { "Action":[ "ecs:TagResource" ], "Condition":{ "StringEquals":{ "ecs:CreateAction":[ "CreateCluster", "RegisterTaskDefinition" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowECSTagResource" }, { "Action":[ "s3:*" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::elasticbeanstalk-*", "arn:aws:s3:::elasticbeanstalk-*/*" ], "Sid":"AllowS3OperationsOnElasticBeanstalkBuckets" }, { "Action":"ec2:RunInstances", "Condition":{ "ArnLike":{ "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowLaunchTemplateRunInstances" }, { "Action":[ "elasticloadbalancing:AddTags" ], "Condition":{ "StringEquals":{ "elasticloadbalancing:CreateAction":[ "CreateLoadBalancer" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowELBAddTags" }, { "Action":[ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteScheduledAction", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeScheduledActions", "autoscaling:DetachInstances", "autoscaling:DeletePolicy", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:PutNotificationConfiguration", "autoscaling:ResumeProcesses", "autoscaling:SetDesiredCapacity", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "cloudwatch:PutMetricAlarm", "ec2:AssociateAddress", "ec2:AllocateAddress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:CreateSecurityGroup", "ec2:DeleteSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInstanceAttribute", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeVpcClassicLink", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:TerminateInstances", "ecs:CreateCluster", "ecs:DeleteCluster", "ecs:DescribeClusters", "ecs:RegisterTaskDefinition", "elasticbeanstalk:*", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeregisterTargets", "iam:ListRoles", "iam:PassRole", "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DescribeLogGroups", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeOrderableDBInstanceOptions", "s3:GetObject", "s3:GetObjectAcl", "s3:ListBucket", "sns:CreateTopic", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", "sns:Subscribe", "sns:SetTopicAttributes", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "codebuild:CreateProject", "codebuild:DeleteProject", "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowOperations" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-05-10T19:29:34+00:00" }, "AWSElasticBeanstalkServiceRolePolicy":{ "CreateDate":"2017-09-13T23:46:37+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ], "Sid":"AllowCloudformationReadOperationsOnElasticBeanstalkStacks" }, { "Action":[ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribeScalingActivities", "autoscaling:PutNotificationConfiguration", "ec2:DescribeInstanceStatus", "ec2:AssociateAddress", "ec2:DescribeAddresses", "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeTargetGroups", "lambda:GetFunction", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sns:Publish" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowOperations" }, { "Action":[ "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DeleteLogGroup", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", "Sid":"AllowOperationsOnHealthStreamingLogs" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-06T21:59:51+00:00" }, "AWSElasticBeanstalkWebTier":{ "CreateDate":"2016-02-08T23:08:54+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "s3:Get*", "s3:List*", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::elasticbeanstalk-*", "arn:aws:s3:::elasticbeanstalk-*/*" ], "Sid":"BucketAccess" }, { "Action":[ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Effect":"Allow", "Resource":"*", "Sid":"XRayAccess" }, { "Action":[ "logs:PutLogEvents", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" ], "Sid":"CloudWatchLogsAccess" }, { "Action":[ "elasticbeanstalk:PutInstanceStatistics" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticbeanstalk:*:*:application/*", "arn:aws:elasticbeanstalk:*:*:environment/*" ], "Sid":"ElasticBeanstalkHealthAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-09T19:38:36+00:00" }, "AWSElasticBeanstalkWorkerTier":{ "CreateDate":"2016-02-08T23:12:02+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"MetricsAccess" }, { "Action":[ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Effect":"Allow", "Resource":"*", "Sid":"XRayAccess" }, { "Action":[ "sqs:ChangeMessageVisibility", "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage" ], "Effect":"Allow", "Resource":"*", "Sid":"QueueAccess" }, { "Action":[ "s3:Get*", "s3:List*", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::elasticbeanstalk-*", "arn:aws:s3:::elasticbeanstalk-*/*" ], "Sid":"BucketAccess" }, { "Action":[ "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:UpdateItem" ], "Effect":"Allow", "Resource":[ "arn:aws:dynamodb:*:*:table/*-stack-AWSEBWorkerCronLeaderRegistry*" ], "Sid":"DynamoPeriodicTasks" }, { "Action":[ "logs:PutLogEvents", "logs:CreateLogStream" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" ], "Sid":"CloudWatchLogsAccess" }, { "Action":[ "elasticbeanstalk:PutInstanceStatistics" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticbeanstalk:*:*:application/*", "arn:aws:elasticbeanstalk:*:*:environment/*" ], "Sid":"ElasticBeanstalkHealthAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-09T19:53:40+00:00" }, "AWSElasticDisasterRecoveryAgentInstallationPolicy":{ "CreateDate":"2021-11-17T10:37:54+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "drs:GetAgentInstallationAssetsForDrs", "drs:SendClientLogsForDrs", "drs:SendClientMetricsForDrs", "drs:CreateSourceServerForDrs", "drs:CreateRecoveryInstanceForDrs", "drs:DescribeRecoveryInstances", "drs:CreateSourceNetwork" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSAgentInstallationPolicy1" }, { "Action":"drs:TagResource", "Condition":{ "StringEquals":{ "drs:CreateAction":"CreateSourceServerForDrs" } }, "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"DRSAgentInstallationPolicy2" }, { "Action":"drs:TagResource", "Condition":{ "StringEquals":{ "drs:CreateAction":"CreateRecoveryInstanceForDrs" } }, "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"DRSAgentInstallationPolicy3" }, { "Action":"drs:TagResource", "Condition":{ "StringEquals":{ "drs:CreateAction":"CreateSourceNetwork" } }, "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-network/*", "Sid":"DRSAgentInstallationPolicy4" }, { "Action":"drs:IssueAgentCertificateForDrs", "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"DRSAgentInstallationPolicy5" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T12:38:51+00:00" }, "AWSElasticDisasterRecoveryAgentPolicy":{ "CreateDate":"2021-11-17T10:32:32+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "drs:SendAgentMetricsForDrs", "drs:SendAgentLogsForDrs", "drs:UpdateAgentSourcePropertiesForDrs", "drs:UpdateAgentReplicationInfoForDrs", "drs:UpdateAgentConversionInfoForDrs", "drs:GetAgentCommandForDrs", "drs:GetAgentConfirmedResumeInfoForDrs", "drs:GetAgentRuntimeConfigurationForDrs", "drs:UpdateAgentBacklogForDrs", "drs:GetAgentReplicationInfoForDrs", "drs:IssueAgentCertificateForDrs" ], "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/${aws:SourceIdentity}", "Sid":"DRSAgentPolicy1" }, { "Action":[ "drs:GetAgentInstallationAssetsForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSAgentPolicy2" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T13:44:15+00:00" }, "AWSElasticDisasterRecoveryConsoleFullAccess":{ "CreateDate":"2021-11-17T10:46:29+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "drs:*" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess1" }, { "Action":[ "kms:ListAliases", "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess2" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId", "ec2:DescribeKeyPairs", "ec2:DescribeCapacityReservations", "ec2:DescribeHosts" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess3" }, { "Action":"license-manager:ListLicenseConfigurations", "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess4" }, { "Action":"resource-groups:ListGroups", "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess5" }, { "Action":"elasticloadbalancing:DescribeLoadBalancers", "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess6" }, { "Action":[ "iam:ListInstanceProfiles", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess7" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole" ], "Sid":"ConsoleFullAccess8" }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"ConsoleFullAccess9" }, { "Action":[ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"ConsoleFullAccess10" }, { "Action":[ "ec2:CreateLaunchTemplate" ], "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"ConsoleFullAccess11" }, { "Action":[ "ec2:DeleteVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess12" }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ModifyInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ConsoleFullAccess13" }, { "Action":[ "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"ConsoleFullAccess14" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess15" }, { "Action":"ec2:CreateSecurityGroup", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*", "Sid":"ConsoleFullAccess16" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"ConsoleFullAccess17" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess18" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"ConsoleFullAccess19" }, { "Action":[ "ec2:DetachVolume", "ec2:AttachVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ConsoleFullAccess20" }, { "Action":[ "ec2:DetachVolume", "ec2:AttachVolume", "ec2:StartInstances", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] }, "StringEquals":{ "ec2:ResourceTag/AWSDRS":"AllowLaunchingIntoThisInstance" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ConsoleFullAccess21" }, { "Action":[ "ec2:AttachVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess22" }, { "Action":[ "ec2:DetachVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess23" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ConsoleFullAccess24" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ], "Sid":"ConsoleFullAccess25" }, { "Action":"ec2:CreateTags", "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "StringEquals":{ "ec2:CreateAction":[ "CreateSecurityGroup", "CreateVolume", "CreateSnapshot", "RunInstances" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*" ], "Sid":"ConsoleFullAccess26" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateLaunchTemplate" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"ConsoleFullAccess27" }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess28" }, { "Action":[ "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess29" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"ConsoleFullAccess30" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-12T07:52:06+00:00" }, "AWSElasticDisasterRecoveryConsoleFullAccess_v2":{ "CreateDate":"2023-11-27T13:35:19+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "drs:*" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess1" }, { "Action":[ "kms:ListAliases", "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess2" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId", "ec2:DescribeKeyPairs", "ec2:DescribeCapacityReservations", "ec2:DescribeHosts", "ec2:GetInstanceTypesFromInstanceRequirements" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess3" }, { "Action":"license-manager:ListLicenseConfigurations", "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess4" }, { "Action":"resource-groups:ListGroups", "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess5" }, { "Action":"elasticloadbalancing:DescribeLoadBalancers", "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess6" }, { "Action":[ "iam:ListInstanceProfiles", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess7" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole" ], "Sid":"ConsoleFullAccess8" }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"ConsoleFullAccess9" }, { "Action":[ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"ConsoleFullAccess10" }, { "Action":[ "ec2:CreateLaunchTemplate" ], "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"ConsoleFullAccess11" }, { "Action":[ "ec2:DeleteVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess12" }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ModifyInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ConsoleFullAccess13" }, { "Action":[ "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"ConsoleFullAccess14" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess15" }, { "Action":"ec2:CreateSecurityGroup", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*", "Sid":"ConsoleFullAccess16" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"ConsoleFullAccess17" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess18" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"ConsoleFullAccess19" }, { "Action":[ "ec2:DetachVolume", "ec2:AttachVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ConsoleFullAccess20" }, { "Action":[ "ec2:DetachVolume", "ec2:AttachVolume", "ec2:StartInstances", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] }, "StringEquals":{ "ec2:ResourceTag/AWSDRS":"AllowLaunchingIntoThisInstance" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ConsoleFullAccess21" }, { "Action":[ "ec2:AttachVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess22" }, { "Action":[ "ec2:DetachVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ConsoleFullAccess23" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ConsoleFullAccess24" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ], "Sid":"ConsoleFullAccess25" }, { "Action":"ec2:CreateTags", "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "StringEquals":{ "ec2:CreateAction":[ "CreateSecurityGroup", "CreateVolume", "CreateSnapshot", "RunInstances", "CreateNetworkInterface" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"ConsoleFullAccess26" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateLaunchTemplate" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"ConsoleFullAccess27" }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess28" }, { "Action":[ "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess29" }, { "Action":[ "ssm:DescribeInstanceInformation", "ssm:DescribeParameters" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ConsoleFullAccess30" }, { "Action":[ "ssm:SendCommand", "ssm:StartAutomationExecution" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWS-CreateImage:$DEFAULT", "arn:aws:ssm:*:*:document/AWSMigration-ValidateNetworkConnectivity", "arn:aws:ssm:*:*:document/AWSMigration-VerifyMountedVolumes", "arn:aws:ssm:*:*:document/AWSMigration-ValidateHttpResponse", "arn:aws:ssm:*:*:document/AWSMigration-ValidateDiskSpace", "arn:aws:ssm:*:*:document/AWSMigration-VerifyProcessIsRunning", "arn:aws:ssm:*:*:document/AWSMigration-LinuxTimeSyncSetting", "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure" ], "Sid":"ConsoleFullAccess31" }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"ConsoleFullAccess32" }, { "Action":[ "ssm:ListDocuments", "ssm:ListCommandInvocations" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleFullAccess33" }, { "Action":[ "ssm:GetParameter", "ssm:PutParameter" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecoveryService-*", "Sid":"ConsoleFullAccess34" }, { "Action":[ "ssm:DescribeDocument", "ssm:GetDocument" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:document/*", "Sid":"ConsoleFullAccess35" }, { "Action":[ "ssm:GetParameters" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecovery-*" ], "Sid":"ConsoleFullAccess36" }, { "Action":[ "ssm:GetAutomationExecution" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:automation-execution/*", "Sid":"ConsoleFullAccess37" }, { "Action":[ "ec2:AssociateIamInstanceProfile" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"ConsoleFullAccess38" }, { "Action":"ec2:CreateFleet", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:fleet/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:launch-template/*" ], "Sid":"ConsoleFullAccess39" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] }, "StringEquals":{ "ec2:CreateAction":[ "CreateFleet" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*" ], "Sid":"ConsoleFullAccess40" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"ConsoleFullAccess41" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"ConsoleFullAccess42" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"ConsoleFullAccess43" }, { "Action":[ "ec2:CreateNetworkInterfacePermission" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"ConsoleFullAccess44" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-05T15:22:06+00:00" }, "AWSElasticDisasterRecoveryConversionServerPolicy":{ "CreateDate":"2021-11-17T13:42:23+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "drs:SendClientMetricsForDrs", "drs:SendClientLogsForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSConversionServerPolicy1" }, { "Action":[ "drs:GetChannelCommandsForDrs", "drs:SendChannelCommandResultForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSConversionServerPolicy2" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T13:13:38+00:00" }, "AWSElasticDisasterRecoveryCrossAccountReplicationPolicy":{ "CreateDate":"2023-05-14T07:16:47+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVolumes", "ec2:DescribeVolumeAttribute", "ec2:DescribeInstances", "drs:DescribeSourceServers", "drs:DescribeReplicationConfigurationTemplates", "drs:CreateSourceServerForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountPolicy1" }, { "Action":[ "drs:TagResource" ], "Condition":{ "StringEquals":{ "drs:CreateAction":"CreateSourceServerForDrs" } }, "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"CrossAccountPolicy2" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-17T13:19:58+00:00" }, "AWSElasticDisasterRecoveryEc2InstancePolicy":{ "CreateDate":"2022-05-26T12:30:18+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "drs:GetAgentInstallationAssetsForDrs", "drs:SendClientLogsForDrs", "drs:SendClientMetricsForDrs", "drs:CreateSourceServerForDrs", "drs:CreateSourceNetwork" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSEc2InstancePolicy1" }, { "Action":[ "drs:TagResource" ], "Condition":{ "StringEquals":{ "drs:CreateAction":"CreateSourceServerForDrs" } }, "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"DRSEc2InstancePolicy2" }, { "Action":[ "drs:TagResource" ], "Condition":{ "StringEquals":{ "drs:CreateAction":"CreateSourceNetwork" } }, "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-network/*", "Sid":"DRSEc2InstancePolicy3" }, { "Action":[ "drs:SendAgentMetricsForDrs", "drs:SendAgentLogsForDrs", "drs:UpdateAgentSourcePropertiesForDrs", "drs:UpdateAgentReplicationInfoForDrs", "drs:UpdateAgentConversionInfoForDrs", "drs:GetAgentCommandForDrs", "drs:GetAgentConfirmedResumeInfoForDrs", "drs:GetAgentRuntimeConfigurationForDrs", "drs:UpdateAgentBacklogForDrs", "drs:GetAgentReplicationInfoForDrs" ], "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"DRSEc2InstancePolicy4" }, { "Action":[ "sts:AssumeRole", "sts:TagSession" ], "Condition":{ "ForAnyValue:StringEquals":{ "sts:TransitiveTagKeys":"SourceInstanceARN" }, "StringLike":{ "aws:RequestTag/SourceInstanceARN":"${ec2:SourceInstanceARN}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/DRSCrossAccountAgentAuthorizedRole_*" ], "Sid":"DRSEc2InstancePolicy5" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T13:39:44+00:00" }, "AWSElasticDisasterRecoveryFailbackInstallationPolicy":{ "CreateDate":"2021-11-17T11:02:03+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "drs:SendClientLogsForDrs", "drs:SendClientMetricsForDrs", "drs:DescribeRecoveryInstances", "drs:DescribeSourceServers" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSFailbackInstallationPolicy1" }, { "Action":[ "drs:TagResource", "drs:IssueAgentCertificateForDrs", "drs:AssociateFailbackClientToRecoveryInstanceForDrs", "drs:GetSuggestedFailbackClientDeviceMappingForDrs", "drs:UpdateAgentReplicationInfoForDrs", "drs:UpdateFailbackClientDeviceMappingForDrs" ], "Effect":"Allow", "Resource":"arn:aws:drs:*:*:recovery-instance/*", "Sid":"DRSFailbackInstallationPolicy2" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T13:43:08+00:00" }, "AWSElasticDisasterRecoveryFailbackPolicy":{ "CreateDate":"2021-11-17T10:41:40+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "drs:SendClientMetricsForDrs", "drs:SendClientLogsForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSFailbackPolicy1" }, { "Action":[ "drs:GetChannelCommandsForDrs", "drs:SendChannelCommandResultForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSFailbackPolicy2" }, { "Action":[ "drs:DescribeReplicationServerAssociationsForDrs", "drs:DescribeRecoveryInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSFailbackPolicy3" }, { "Action":[ "drs:GetFailbackCommandForDrs", "drs:UpdateFailbackClientLastSeenForDrs", "drs:NotifyAgentAuthenticationForDrs", "drs:UpdateAgentReplicationProcessStateForDrs", "drs:NotifyAgentReplicationProgressForDrs", "drs:NotifyAgentConnectedForDrs", "drs:NotifyAgentDisconnectedForDrs", "drs:NotifyConsistencyAttainedForDrs", "drs:GetFailbackLaunchRequestedForDrs", "drs:IssueAgentCertificateForDrs" ], "Effect":"Allow", "Resource":"arn:aws:drs:*:*:recovery-instance/${aws:SourceIdentity}", "Sid":"DRSFailbackPolicy4" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T12:56:46+00:00" }, "AWSElasticDisasterRecoveryLaunchActionsPolicy":{ "CreateDate":"2023-09-13T07:38:26+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ssm:DescribeInstanceInformation", "ssm:DescribeParameters" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"LaunchActionsPolicy1" }, { "Action":[ "ssm:SendCommand", "ssm:StartAutomationExecution" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/*", "arn:aws:ssm:*:*:automation-definition/*:*" ], "Sid":"LaunchActionsPolicy2" }, { "Action":[ "ssm:SendCommand", "ssm:StartAutomationExecution" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*::document/AWS-*", "arn:aws:ssm:*::document/AWSCodeDeployAgent-*", "arn:aws:ssm:*::document/AWSConfigRemediation-*", "arn:aws:ssm:*::document/AWSConformancePacks-*", "arn:aws:ssm:*::document/AWSDisasterRecovery-*", "arn:aws:ssm:*::document/AWSDistroOTel-*", "arn:aws:ssm:*::document/AWSDocs-*", "arn:aws:ssm:*::document/AWSEC2-*", "arn:aws:ssm:*::document/AWSEC2Launch-*", "arn:aws:ssm:*::document/AWSFIS-*", "arn:aws:ssm:*::document/AWSFleetManager-*", "arn:aws:ssm:*::document/AWSIncidents-*", "arn:aws:ssm:*::document/AWSKinesisTap-*", "arn:aws:ssm:*::document/AWSMigration-*", "arn:aws:ssm:*::document/AWSNVMe-*", "arn:aws:ssm:*::document/AWSNitroEnclavesWindows-*", "arn:aws:ssm:*::document/AWSObservabilityExporter-*", "arn:aws:ssm:*::document/AWSPVDriver-*", "arn:aws:ssm:*::document/AWSQuickSetupType-*", "arn:aws:ssm:*::document/AWSQuickStarts-*", "arn:aws:ssm:*::document/AWSRefactorSpaces-*", "arn:aws:ssm:*::document/AWSResilienceHub-*", "arn:aws:ssm:*::document/AWSSAP-*", "arn:aws:ssm:*::document/AWSSAPTools-*", "arn:aws:ssm:*::document/AWSSQLServer-*", "arn:aws:ssm:*::document/AWSSSO-*", "arn:aws:ssm:*::document/AWSSupport-*", "arn:aws:ssm:*::document/AWSSystemsManagerSAP-*", "arn:aws:ssm:*::document/AmazonCloudWatch-*", "arn:aws:ssm:*::document/AmazonCloudWatchAgent-*", "arn:aws:ssm:*::document/AmazonECS-*", "arn:aws:ssm:*::document/AmazonEFSUtils-*", "arn:aws:ssm:*::document/AmazonEKS-*", "arn:aws:ssm:*::document/AmazonInspector-*", "arn:aws:ssm:*::document/AmazonInspector2-*", "arn:aws:ssm:*::document/AmazonInternal-*", "arn:aws:ssm:*::document/AwsEnaNetworkDriver-*", "arn:aws:ssm:*::document/AwsVssComponents-*", "arn:aws:ssm:*::automation-definition/AWS-*:*", "arn:aws:ssm:*::automation-definition/AWSCodeDeployAgent-*:*", "arn:aws:ssm:*::automation-definition/AWSConfigRemediation-*:*", "arn:aws:ssm:*::automation-definition/AWSConformancePacks-*:*", "arn:aws:ssm:*::automation-definition/AWSDisasterRecovery-*:*", "arn:aws:ssm:*::automation-definition/AWSDistroOTel-*:*", "arn:aws:ssm:*::automation-definition/AWSDocs-*:*", "arn:aws:ssm:*::automation-definition/AWSEC2-*:*", "arn:aws:ssm:*::automation-definition/AWSEC2Launch-*:*", "arn:aws:ssm:*::automation-definition/AWSFIS-*:*", "arn:aws:ssm:*::automation-definition/AWSFleetManager-*:*", "arn:aws:ssm:*::automation-definition/AWSIncidents-*:*", "arn:aws:ssm:*::automation-definition/AWSKinesisTap-*:*", "arn:aws:ssm:*::automation-definition/AWSMigration-*:*", "arn:aws:ssm:*::automation-definition/AWSNVMe-*:*", "arn:aws:ssm:*::automation-definition/AWSNitroEnclavesWindows-*:*", "arn:aws:ssm:*::automation-definition/AWSObservabilityExporter-*:*", "arn:aws:ssm:*::automation-definition/AWSPVDriver-*:*", "arn:aws:ssm:*::automation-definition/AWSQuickSetupType-*:*", "arn:aws:ssm:*::automation-definition/AWSQuickStarts-*:*", "arn:aws:ssm:*::automation-definition/AWSRefactorSpaces-*:*", "arn:aws:ssm:*::automation-definition/AWSResilienceHub-*:*", "arn:aws:ssm:*::automation-definition/AWSSAP-*:*", "arn:aws:ssm:*::automation-definition/AWSSAPTools-*:*", "arn:aws:ssm:*::automation-definition/AWSSQLServer-*:*", "arn:aws:ssm:*::automation-definition/AWSSSO-*:*", "arn:aws:ssm:*::automation-definition/AWSSupport-*:*", "arn:aws:ssm:*::automation-definition/AWSSystemsManagerSAP-*:*", "arn:aws:ssm:*::automation-definition/AmazonCloudWatch-*:*", "arn:aws:ssm:*::automation-definition/AmazonCloudWatchAgent-*:*", "arn:aws:ssm:*::automation-definition/AmazonECS-*:*", "arn:aws:ssm:*::automation-definition/AmazonEFSUtils-*:*", "arn:aws:ssm:*::automation-definition/AmazonEKS-*:*", "arn:aws:ssm:*::automation-definition/AmazonInspector-*:*", "arn:aws:ssm:*::automation-definition/AmazonInspector2-*:*", "arn:aws:ssm:*::automation-definition/AmazonInternal-*:*", "arn:aws:ssm:*::automation-definition/AwsEnaNetworkDriver-*:*", "arn:aws:ssm:*::automation-definition/AwsVssComponents-*:*" ], "Sid":"LaunchActionsPolicy3" }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] }, "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"LaunchActionsPolicy4" }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "drs.amazonaws.com" ] }, "StringEquals":{ "aws:ResourceTag/AWSDRS":"AllowLaunchingIntoThisInstance" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"LaunchActionsPolicy5" }, { "Action":[ "ssm:ListDocuments", "ssm:ListCommandInvocations" ], "Effect":"Allow", "Resource":"*", "Sid":"LaunchActionsPolicy6" }, { "Action":[ "ssm:ListDocumentVersions", "ssm:GetDocument", "ssm:DescribeDocument" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:document/*", "Sid":"LaunchActionsPolicy7" }, { "Action":[ "ssm:GetAutomationExecution" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:automation-execution/*", "Sid":"LaunchActionsPolicy8" }, { "Action":[ "ssm:GetParameters" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecoveryService-*", "Sid":"LaunchActionsPolicy9" }, { "Action":[ "ssm:GetParameter", "ssm:PutParameter" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecoveryService-*", "Sid":"LaunchActionsPolicy10" }, { "Action":"iam:PassRole", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"drs.amazonaws.com" }, "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole" ], "Sid":"LaunchActionsPolicy11" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-19T07:29:42+00:00" }, "AWSElasticDisasterRecoveryNetworkReplicationPolicy":{ "CreateDate":"2023-06-11T12:36:48+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcAttribute", "ec2:DescribeInternetGateways", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeNetworkAcls", "ec2:DescribeSecurityGroups", "ec2:DescribeRouteTables", "ec2:DescribeAvailabilityZones", "ec2:DescribeDhcpOptions", "ec2:DescribeInstances", "ec2:DescribeManagedPrefixLists", "ec2:GetManagedPrefixListEntries", "ec2:GetManagedPrefixListAssociations" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSNetworkReplicationPolicy1" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-02T13:25:23+00:00" }, "AWSElasticDisasterRecoveryReadOnlyAccess":{ "CreateDate":"2021-11-17T10:50:05+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "drs:DescribeJobLogItems", "drs:DescribeJobs", "drs:DescribeRecoveryInstances", "drs:DescribeRecoverySnapshots", "drs:DescribeReplicationConfigurationTemplates", "drs:DescribeSourceServers", "drs:GetFailbackReplicationConfiguration", "drs:GetLaunchConfiguration", "drs:GetReplicationConfiguration", "drs:ListExtensibleSourceServers", "drs:ListStagingAccounts", "drs:ListTagsForResource", "drs:ListLaunchActions" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSReadOnlyAccess1" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:GetInstanceTypesFromInstanceRequirements" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSReadOnlyAccess2" }, { "Action":"iam:ListRoles", "Effect":"Allow", "Resource":"*", "Sid":"DRSReadOnlyAccess4" }, { "Action":"ssm:ListCommandInvocations", "Effect":"Allow", "Resource":"*", "Sid":"DRSReadOnlyAccess5" }, { "Action":"ssm:GetParameter", "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecovery-*", "Sid":"DRSReadOnlyAccess6" }, { "Action":[ "ssm:DescribeDocument", "ssm:GetDocument" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWS-CreateImage", "arn:aws:ssm:*:*:document/AWSMigration-ValidateNetworkConnectivity", "arn:aws:ssm:*:*:document/AWSMigration-VerifyMountedVolumes", "arn:aws:ssm:*:*:document/AWSMigration-ValidateHttpResponse", "arn:aws:ssm:*:*:document/AWSMigration-ValidateDiskSpace", "arn:aws:ssm:*:*:document/AWSMigration-VerifyProcessIsRunning", "arn:aws:ssm:*:*:document/AWSMigration-LinuxTimeSyncSetting", "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure" ], "Sid":"DRSReadOnlyAccess7" }, { "Action":[ "ssm:GetAutomationExecution" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:automation-execution/*", "Sid":"DRSReadOnlyAccess8" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-29T19:39:26+00:00" }, "AWSElasticDisasterRecoveryRecoveryInstancePolicy":{ "CreateDate":"2021-11-17T10:20:43+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "drs:SendAgentMetricsForDrs", "drs:SendAgentLogsForDrs", "drs:UpdateAgentSourcePropertiesForDrs", "drs:UpdateAgentReplicationInfoForDrs", "drs:UpdateAgentConversionInfoForDrs", "drs:GetAgentCommandForDrs", "drs:GetAgentConfirmedResumeInfoForDrs", "drs:GetAgentRuntimeConfigurationForDrs", "drs:UpdateAgentBacklogForDrs", "drs:GetAgentReplicationInfoForDrs", "drs:UpdateReplicationCertificateForDrs", "drs:NotifyReplicationServerAuthenticationForDrs" ], "Condition":{ "StringEquals":{ "drs:EC2InstanceARN":"${ec2:SourceInstanceARN}" } }, "Effect":"Allow", "Resource":"arn:aws:drs:*:*:recovery-instance/*", "Sid":"DRSRecoveryInstancePolicy1" }, { "Action":[ "drs:DescribeRecoveryInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSRecoveryInstancePolicy2" }, { "Action":[ "ec2:DescribeInstanceTypes" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSRecoveryInstancePolicy3" }, { "Action":[ "drs:GetAgentInstallationAssetsForDrs", "drs:SendClientLogsForDrs", "drs:CreateSourceServerForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSRecoveryInstancePolicy4" }, { "Action":[ "drs:TagResource" ], "Condition":{ "StringEquals":{ "drs:CreateAction":"CreateSourceServerForDrs" } }, "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"DRSRecoveryInstancePolicy5" }, { "Action":[ "drs:SendAgentMetricsForDrs", "drs:SendAgentLogsForDrs", "drs:UpdateAgentSourcePropertiesForDrs", "drs:UpdateAgentReplicationInfoForDrs", "drs:UpdateAgentConversionInfoForDrs", "drs:GetAgentCommandForDrs", "drs:GetAgentConfirmedResumeInfoForDrs", "drs:GetAgentRuntimeConfigurationForDrs", "drs:UpdateAgentBacklogForDrs", "drs:GetAgentReplicationInfoForDrs" ], "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"DRSRecoveryInstancePolicy6" }, { "Action":[ "sts:AssumeRole", "sts:TagSession" ], "Condition":{ "ForAnyValue:StringEquals":{ "sts:TransitiveTagKeys":"SourceInstanceARN" }, "StringLike":{ "aws:RequestTag/SourceInstanceARN":"${ec2:SourceInstanceARN}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/DRSCrossAccountAgentAuthorizedRole_*" ], "Sid":"DRSRecoveryInstancePolicy7" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T13:11:08+00:00" }, "AWSElasticDisasterRecoveryReplicationServerPolicy":{ "CreateDate":"2021-11-17T13:34:00+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "drs:SendClientMetricsForDrs", "drs:SendClientLogsForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSReplicationServerPolicy1" }, { "Action":[ "drs:GetChannelCommandsForDrs", "drs:SendChannelCommandResultForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSReplicationServerPolicy2" }, { "Action":[ "drs:GetAgentSnapshotCreditsForDrs", "drs:DescribeReplicationServerAssociationsForDrs", "drs:DescribeSnapshotRequestsForDrs", "drs:BatchDeleteSnapshotRequestForDrs", "drs:NotifyAgentAuthenticationForDrs", "drs:BatchCreateVolumeSnapshotGroupForDrs", "drs:UpdateAgentReplicationProcessStateForDrs", "drs:NotifyAgentReplicationProgressForDrs", "drs:NotifyAgentConnectedForDrs", "drs:NotifyAgentDisconnectedForDrs", "drs:NotifyVolumeEventForDrs", "drs:SendVolumeStatsForDrs" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSReplicationServerPolicy3" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSReplicationServerPolicy4" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"DRSReplicationServerPolicy5" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"DRSReplicationServerPolicy6" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateSnapshot" } }, "Effect":"Allow", "Resource":"*", "Sid":"DRSReplicationServerPolicy7" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T13:28:14+00:00" }, "AWSElasticDisasterRecoveryServiceRolePolicy":{ "CreateDate":"2021-11-17T10:56:17+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "drs:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSServiceRolePolicy1" }, { "Action":[ "drs:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:drs:*:*:recovery-instance/*", "Sid":"DRSServiceRolePolicy2" }, { "Action":[ "drs:CreateRecoveryInstanceForDrs", "drs:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:drs:*:*:source-server/*", "Sid":"DRSServiceRolePolicy3" }, { "Action":"iam:GetInstanceProfile", "Effect":"Allow", "Resource":"*", "Sid":"DRSServiceRolePolicy4" }, { "Action":"kms:ListRetirableGrants", "Effect":"Allow", "Resource":"*", "Sid":"DRSServiceRolePolicy5" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVolumeAttribute", "ec2:GetEbsDefaultKmsKeyId", "ec2:GetEbsEncryptionByDefault", "ec2:DescribeVpcAttribute", "ec2:DescribeInternetGateways", "ec2:DescribeVpcs", "ec2:DescribeNetworkAcls", "ec2:DescribeRouteTables", "ec2:DescribeDhcpOptions", "ec2:DescribeManagedPrefixLists", "ec2:GetManagedPrefixListEntries", "ec2:GetManagedPrefixListAssociations", "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSServiceRolePolicy6" }, { "Action":[ "ec2:RegisterImage" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSServiceRolePolicy7" }, { "Action":[ "ec2:DeregisterImage" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"DRSServiceRolePolicy8" }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"DRSServiceRolePolicy9" }, { "Action":[ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"DRSServiceRolePolicy10" }, { "Action":[ "ec2:DeleteVolume", "ec2:ModifyVolume" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"DRSServiceRolePolicy11" }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ModifyInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"DRSServiceRolePolicy12" }, { "Action":[ "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"DRSServiceRolePolicy13" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"DRSServiceRolePolicy14" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"DRSServiceRolePolicy15" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*", "Sid":"DRSServiceRolePolicy16" }, { "Action":[ "ec2:CreateLaunchTemplate" ], "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"DRSServiceRolePolicy17" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"DRSServiceRolePolicy18" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"DRSServiceRolePolicy19" }, { "Action":[ "ec2:DetachVolume", "ec2:AttachVolume" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"DRSServiceRolePolicy20" }, { "Action":[ "ec2:AttachVolume" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"DRSServiceRolePolicy21" }, { "Action":[ "ec2:DetachVolume" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"DRSServiceRolePolicy22" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"DRSServiceRolePolicy23" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ], "Sid":"DRSServiceRolePolicy24" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryReplicationServerRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole" ], "Sid":"DRSServiceRolePolicy25" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateLaunchTemplate", "CreateSecurityGroup", "CreateVolume", "CreateSnapshot", "RunInstances", "CreateNetworkInterface" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"DRSServiceRolePolicy26" }, { "Action":"ec2:CreateTags", "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:image/*" ], "Sid":"DRSServiceRolePolicy27" }, { "Action":"cloudwatch:GetMetricData", "Effect":"Allow", "Resource":"*", "Sid":"DRSServiceRolePolicy28" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"DRSServiceRolePolicy29" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "Null":{ "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"DRSServiceRolePolicy30" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"DRSServiceRolePolicy31" }, { "Action":[ "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"DRSServiceRolePolicy32" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"DRSServiceRolePolicy33" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-05T14:07:06+00:00" }, "AWSElasticDisasterRecoveryStagingAccountPolicy":{ "CreateDate":"2022-05-26T09:49:18+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "drs:DescribeSourceServers", "drs:DescribeRecoverySnapshots", "drs:CreateConvertedSnapshotForDrs", "drs:GetReplicationConfiguration", "drs:DescribeJobs", "drs:DescribeJobLogItems" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSStagingAccountPolicy1" }, { "Action":[ "ec2:ModifySnapshotAttribute" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" }, "StringEquals":{ "ec2:Add/userId":"${aws:SourceIdentity}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"DRSStagingAccountPolicy2" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T13:07:49+00:00" }, "AWSElasticDisasterRecoveryStagingAccountPolicy_v2":{ "CreateDate":"2023-01-05T12:11:44+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "drs:DescribeSourceServers", "drs:DescribeRecoverySnapshots", "drs:CreateConvertedSnapshotForDrs", "drs:GetReplicationConfiguration", "drs:DescribeJobs", "drs:DescribeJobLogItems" ], "Effect":"Allow", "Resource":"*", "Sid":"DRSStagingAccountPolicyv21" }, { "Action":[ "ec2:ModifySnapshotAttribute" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" }, "StringEquals":{ "ec2:Add/userId":"${aws:SourceIdentity}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"DRSStagingAccountPolicyv22" }, { "Action":"drs:IssueAgentCertificateForDrs", "Effect":"Allow", "Resource":[ "arn:aws:drs:*:*:source-server/*" ], "Sid":"DRSStagingAccountPolicyv23" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T13:32:09+00:00" }, "AWSElasticLoadBalancingClassicServiceRolePolicy":{ "CreateDate":"2017-09-19T22:36:18+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAddresses", "ec2:DescribeInstances", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "ec2:DescribeAccountAttributes", "ec2:DescribeClassicLinkInstances", "ec2:DescribeVpcClassicLink", "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:AuthorizeSecurityGroupIngress", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:AttachNetworkInterface", "ec2:DetachNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:AssignIpv6Addresses", "ec2:UnassignIpv6Addresses" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-07T23:04:27+00:00" }, "AWSElasticLoadBalancingServiceRolePolicy":{ "CreateDate":"2017-09-19T22:19:04+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAddresses", "ec2:DescribeCoipPools", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "ec2:DescribeAccountAttributes", "ec2:DescribeClassicLinkInstances", "ec2:DescribeVpcClassicLink", "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:GetCoipPoolUsage", "ec2:GetSecurityGroupsForVpc", "ec2:ModifyNetworkInterfaceAttribute", "ec2:AllocateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:AttachNetworkInterface", "ec2:DetachNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:AssignIpv6Addresses", "ec2:ReleaseAddress", "ec2:UnassignIpv6Addresses", "ec2:DescribeVpcPeeringConnections", "ec2:AllocateIpamPoolCidr", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "outposts:GetOutpostInstanceTypes" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-17T20:22:06+00:00" }, "AWSElementalMediaConnectFullAccess":{ "CreateDate":"2025-02-12T20:07:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mediaconnect:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-12T20:07:07+00:00" }, "AWSElementalMediaConnectReadOnlyAccess":{ "CreateDate":"2025-02-12T20:07:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mediaconnect:ListBridges", "mediaconnect:ListEntitlements", "mediaconnect:ListFlows", "mediaconnect:ListGatewayInstances", "mediaconnect:ListGateways", "mediaconnect:ListOfferings", "mediaconnect:ListReservations", "mediaconnect:DescribeBridge", "mediaconnect:DescribeFlow", "mediaconnect:DescribeFlowSourceMetadata", "mediaconnect:DescribeFlowSourceThumbnail", "mediaconnect:DescribeGateway", "mediaconnect:DescribeGatewayInstance", "mediaconnect:DescribeOffering", "mediaconnect:DescribeReservation", "mediaconnect:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-12T20:07:07+00:00" }, "AWSElementalMediaConvertFullAccess":{ "CreateDate":"2018-06-25T19:25:35+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mediaconvert:*", "s3:ListAllMyBuckets", "s3:ListBucket" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "mediaconvert.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-10T22:52:25+00:00" }, "AWSElementalMediaConvertReadOnly":{ "CreateDate":"2018-06-25T19:25:14+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mediaconvert:Get*", "mediaconvert:List*", "mediaconvert:DescribeEndpoints", "s3:ListAllMyBuckets", "s3:ListBucket" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-10T22:52:18+00:00" }, "AWSElementalMediaLiveFullAccess":{ "CreateDate":"2020-07-08T17:07:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":"medialive:*", "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-07-08T17:07:14+00:00" }, "AWSElementalMediaLiveReadOnly":{ "CreateDate":"2020-07-08T16:38:07+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "medialive:Get*", "medialive:List*", "medialive:Describe*" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSElementalMediaLiveReadOnly" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-22T17:08:46+00:00" }, "AWSElementalMediaPackageFullAccess":{ "CreateDate":"2017-12-29T23:39:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":"mediapackage:*", "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-29T23:39:52+00:00" }, "AWSElementalMediaPackageReadOnly":{ "CreateDate":"2017-12-30T00:04:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":[ "mediapackage:List*", "mediapackage:Describe*" ], "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-30T00:04:29+00:00" }, "AWSElementalMediaPackageV2FullAccess":{ "CreateDate":"2023-07-25T20:29:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":"mediapackagev2:*", "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-07-25T20:29:37+00:00" }, "AWSElementalMediaPackageV2ReadOnly":{ "CreateDate":"2023-07-25T20:31:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":[ "mediapackagev2:List*", "mediapackagev2:Get*" ], "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-07-25T20:31:25+00:00" }, "AWSElementalMediaStoreFullAccess":{ "CreateDate":"2018-03-05T23:15:31+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mediastore:*" ], "Condition":{ "Bool":{ "aws:SecureTransport":"true" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-03-05T23:15:31+00:00" }, "AWSElementalMediaStoreReadOnly":{ "CreateDate":"2018-03-08T19:48:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mediastore:Get*", "mediastore:List*", "mediastore:Describe*" ], "Condition":{ "Bool":{ "aws:SecureTransport":"true" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-03-08T19:48:22+00:00" }, "AWSElementalMediaTailorFullAccess":{ "CreateDate":"2021-11-23T00:04:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":"mediatailor:*", "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-23T00:04:39+00:00" }, "AWSElementalMediaTailorReadOnly":{ "CreateDate":"2021-11-23T00:05:01+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":[ "mediatailor:List*", "mediatailor:Describe*", "mediatailor:Get*" ], "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-23T00:05:01+00:00" }, "AWSEnhancedClassicNetworkingMangementPolicy":{ "CreateDate":"2017-09-20T17:29:09+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-09-20T17:29:09+00:00" }, "AWSEntityResolutionConsoleFullAccess":{ "CreateDate":"2023-08-17T17:54:14+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "entityresolution:*" ], "Effect":"Allow", "Resource":"*", "Sid":"EntityResolutionAccess" }, { "Action":[ "glue:GetSchema", "glue:SearchTables", "glue:GetSchemaByDefinition", "glue:GetSchemaVersion", "glue:GetSchemaVersionsDiff", "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueSourcesConsoleDisplay" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3BucketsConsoleDisplay" }, { "Action":[ "s3:ListBucket", "s3:GetBucketLocation", "s3:ListBucketVersions", "s3:GetBucketVersioning" ], "Effect":"Allow", "Resource":"*", "Sid":"S3SourcesConsoleDisplay" }, { "Action":[ "tag:GetTagKeys", "tag:GetTagValues" ], "Effect":"Allow", "Resource":"*", "Sid":"TaggingConsoleDisplay" }, { "Action":[ "kms:DescribeKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"KMSConsoleDisplay" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"ListRolesToPickRoleForPassing" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "entityresolution.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*entityresolution*", "Sid":"PassRoleToEntityResolutionService" }, { "Action":[ "events:DeleteRule", "events:PutTargets", "events:PutRule" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/entity-resolution-automatic*" ], "Sid":"ManageEventBridgeRules" }, { "Action":[ "dataexchange:GetDataSet" ], "Effect":"Allow", "Resource":"*", "Sid":"ADXReadAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-16T18:46:10+00:00" }, "AWSEntityResolutionConsoleReadOnlyAccess":{ "CreateDate":"2023-08-17T18:18:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "entityresolution:Get*", "entityresolution:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"EntityResolutionRead" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-17T18:18:36+00:00" }, "AWSFMAdminFullAccess":{ "CreateDate":"2018-05-09T18:06:18+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "fms:*", "waf:*", "waf-regional:*", "elasticloadbalancing:SetWebACL", "firehose:ListDeliveryStreams", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListRoots", "organizations:ListChildren", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "shield:GetSubscriptionState", "route53resolver:ListFirewallRuleGroups", "route53resolver:GetFirewallRuleGroup", "wafv2:ListRuleGroups", "wafv2:ListAvailableManagedRuleGroups", "wafv2:CheckCapacity", "wafv2:PutLoggingConfiguration", "wafv2:ListAvailableManagedRuleGroupVersions", "network-firewall:DescribeRuleGroup", "network-firewall:DescribeRuleGroupMetadata", "network-firewall:ListRuleGroups", "ec2:DescribeAvailabilityZones", "ec2:DescribeRegions" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:PutBucketPolicy", "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-waf-logs-*" ] }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "fms.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:EnableAWSServiceAccess", "organizations:ListDelegatedAdministrators", "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "fms.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-20T23:39:06+00:00" }, "AWSFMAdminReadOnlyAccess":{ "CreateDate":"2018-05-09T20:07:39+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "fms:Get*", "fms:List*", "waf:Get*", "waf:List*", "waf-regional:Get*", "waf-regional:List*", "firehose:ListDeliveryStreams", "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListRoots", "organizations:ListChildren", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "shield:GetSubscriptionState", "route53resolver:ListFirewallRuleGroups", "route53resolver:GetFirewallRuleGroup", "wafv2:ListRuleGroups", "wafv2:ListAvailableManagedRuleGroups", "wafv2:CheckCapacity", "wafv2:ListAvailableManagedRuleGroupVersions", "network-firewall:DescribeRuleGroup", "network-firewall:DescribeRuleGroupMetadata", "network-firewall:ListRuleGroups", "ec2:DescribeAvailabilityZones", "ec2:DescribeRegions" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-waf-logs-*" ] }, { "Action":[ "organizations:ListDelegatedAdministrators" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "fms.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-31T22:42:13+00:00" }, "AWSFMMemberReadOnlyAccess":{ "CreateDate":"2018-05-09T21:05:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "fms:GetAdminAccount", "waf:Get*", "waf:List*", "waf-regional:Get*", "waf-regional:List*", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-05-09T21:05:29+00:00" }, "AWSFaultInjectionSimulatorEC2Access":{ "CreateDate":"2022-10-26T20:39:26+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "ec2:RebootInstances", "ec2:SendSpotInstanceInterruptions", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"AllowEc2Actions" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":"true" }, "StringLike":{ "kms:ViaService":"ec2.*.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:kms:*:*:key/*" ], "Sid":"AllowEc2InstancesWithEncryptedEbsVolumes" }, { "Action":[ "ssm:SendCommand" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:document/*" ], "Sid":"AllowSSMSendOnEc2" }, { "Action":[ "ssm:CancelCommand", "ssm:ListCommands" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSSMStopOnEc2" }, { "Action":"ec2:DescribeInstances", "Effect":"Allow", "Resource":"*", "Sid":"DescribeInstances" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-12T10:07:06+00:00" }, "AWSFaultInjectionSimulatorECSAccess":{ "CreateDate":"2022-10-26T20:37:56+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ecs:DescribeClusters", "ecs:ListContainerInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ecs:*:*:cluster/*" ], "Sid":"Clusters" }, { "Action":[ "ecs:DescribeTasks", "ecs:StopTask" ], "Effect":"Allow", "Resource":[ "arn:aws:ecs:*:*:task/*/*" ], "Sid":"Tasks" }, { "Action":[ "ecs:UpdateContainerInstancesState" ], "Effect":"Allow", "Resource":[ "arn:aws:ecs:*:*:container-instance/*/*" ], "Sid":"ContainerInstances" }, { "Action":[ "ecs:ListTasks" ], "Effect":"Allow", "Resource":"*", "Sid":"ListTasks" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:document/*" ], "Sid":"SSMSend" }, { "Action":[ "ssm:ListCommands", "ssm:CancelCommand" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMList" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"TargetResolutionByTags" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-07T14:52:07+00:00" }, "AWSFaultInjectionSimulatorEKSAccess":{ "CreateDate":"2022-10-26T20:34:43+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":"ec2:DescribeInstances", "Effect":"Allow", "Resource":"*", "Sid":"DescribeInstances" }, { "Action":"ec2:TerminateInstances", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"TerminateInstances" }, { "Action":"ec2:DescribeSubnets", "Effect":"Allow", "Resource":"*", "Sid":"DescribeSubnets" }, { "Action":"eks:DescribeCluster", "Effect":"Allow", "Resource":"arn:aws:eks:*:*:cluster/*", "Sid":"DescribeCluster" }, { "Action":"eks:DescribeNodegroup", "Effect":"Allow", "Resource":"arn:aws:eks:*:*:nodegroup/*", "Sid":"DescribeNodeGroup" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"TargetResolutionByTags" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-11T14:07:07+00:00" }, "AWSFaultInjectionSimulatorNetworkAccess":{ "CreateDate":"2022-10-26T20:32:50+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "aws:RequestTag/managedByFIS":"true", "ec2:CreateAction":"CreateNetworkAcl" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-acl/*", "Sid":"CreateTagsOnNetworkAcl" }, { "Action":"ec2:CreateNetworkAcl", "Condition":{ "StringEquals":{ "aws:RequestTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-acl/*", "Sid":"CreateNetworkAcl" }, { "Action":[ "ec2:CreateNetworkAclEntry", "ec2:DeleteNetworkAcl" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-acl/*", "arn:aws:ec2:*:*:vpc/*" ], "Sid":"DeleteNetworkAcl" }, { "Action":"ec2:CreateNetworkAcl", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*", "Sid":"CreateNetworkAclOnVpc" }, { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeManagedPrefixLists", "ec2:DescribeSubnets", "ec2:DescribeNetworkAcls", "ec2:DescribeVpcEndpoints", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeRouteTables", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGateways" ], "Effect":"Allow", "Resource":"*", "Sid":"VpcActions" }, { "Action":"ec2:ReplaceNetworkAclAssociation", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-acl/*" ], "Sid":"ReplaceNetworkAclAssociation" }, { "Action":"ec2:GetManagedPrefixListEntries", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:prefix-list/*", "Sid":"GetManagedPrefixListEntries" }, { "Action":"ec2:CreateRouteTable", "Condition":{ "StringEquals":{ "aws:RequestTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:route-table/*", "Sid":"CreateRouteTable" }, { "Action":"ec2:CreateRouteTable", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*", "Sid":"CreateRouteTableOnVpc" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "aws:RequestTag/managedByFIS":"true", "ec2:CreateAction":"CreateRouteTable" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:route-table/*", "Sid":"CreateTagsOnRouteTable" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "aws:RequestTag/managedByFIS":"true", "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"CreateTagsOnNetworkInterface" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "aws:RequestTag/managedByFIS":"true", "ec2:CreateAction":"CreateManagedPrefixList" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:prefix-list/*", "Sid":"CreateTagsOnPrefixList" }, { "Action":"ec2:DeleteRouteTable", "Condition":{ "StringEquals":{ "ec2:ResourceTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:route-table/*", "arn:aws:ec2:*:*:vpc/*" ], "Sid":"DeleteRouteTable" }, { "Action":"ec2:CreateRoute", "Condition":{ "StringEquals":{ "ec2:ResourceTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:route-table/*", "Sid":"CreateRoute" }, { "Action":"ec2:CreateNetworkInterface", "Condition":{ "StringEquals":{ "aws:RequestTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"CreateNetworkInterface" }, { "Action":"ec2:CreateNetworkInterface", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateNetworkInterfaceOnSubnet" }, { "Action":"ec2:DeleteNetworkInterface", "Condition":{ "StringEquals":{ "ec2:ResourceTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"DeleteNetworkInterface" }, { "Action":"ec2:CreateManagedPrefixList", "Condition":{ "StringEquals":{ "aws:RequestTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:prefix-list/*", "Sid":"CreateManagedPrefixList" }, { "Action":"ec2:DeleteManagedPrefixList", "Condition":{ "StringEquals":{ "ec2:ResourceTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:prefix-list/*", "Sid":"DeleteManagedPrefixList" }, { "Action":"ec2:ModifyManagedPrefixList", "Condition":{ "StringEquals":{ "ec2:ResourceTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:prefix-list/*", "Sid":"ModifyManagedPrefixList" }, { "Action":"ec2:ReplaceRouteTableAssociation", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*" ], "Sid":"ReplaceRouteTableAssociation" }, { "Action":"ec2:AssociateRouteTable", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*" ], "Sid":"AssociateRouteTable" }, { "Action":"ec2:DisassociateRouteTable", "Condition":{ "StringEquals":{ "ec2:ResourceTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:route-table/*" ], "Sid":"DisassociateRouteTable" }, { "Action":"ec2:DisassociateRouteTable", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*" ], "Sid":"DisassociateRouteTableOnSubnet" }, { "Action":"ec2:ModifyVpcEndpoint", "Condition":{ "StringEquals":{ "ec2:ResourceTag/managedByFIS":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:route-table/*" ], "Sid":"ModifyVpcEndpointOnRouteTable" }, { "Action":"ec2:ModifyVpcEndpoint", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"ModifyVpcEndpoint" }, { "Action":[ "ec2:DisassociateTransitGatewayRouteTable", "ec2:AssociateTransitGatewayRouteTable" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:transit-gateway-route-table/*", "arn:aws:ec2:*:*:transit-gateway-attachment/*" ], "Sid":"TransitGatewayRouteTableAssociation" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-11T13:52:06+00:00" }, "AWSFaultInjectionSimulatorRDSAccess":{ "CreateDate":"2022-10-26T20:30:57+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "rds:FailoverDBCluster" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:cluster:*" ], "Sid":"AllowFailover" }, { "Action":[ "rds:RebootDBInstance" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:db:*" ], "Sid":"AllowReboot" }, { "Action":[ "rds:DescribeDBClusters", "rds:DescribeDBInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeResources" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"TargetResolutionByTags" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-18T15:07:06+00:00" }, "AWSFaultInjectionSimulatorSSMAccess":{ "CreateDate":"2022-10-26T15:33:44+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/*:*" ] }, { "Action":[ "ssm:GetAutomationExecution", "ssm:StopAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-execution/*" ] }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:document/*" ] }, { "Action":[ "ssm:ListCommands", "ssm:CancelCommand" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-18T15:07:07+00:00" }, "AWSFinSpaceServiceRolePolicy":{ "CreateDate":"2023-05-12T16:42:03+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/FinSpace", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSFinSpaceServiceRolePolicy" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-01T21:05:00+00:00" }, "AWSForWordPressPluginPolicy":{ "CreateDate":"2019-10-30T00:27:46+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "polly:SynthesizeSpeech", "polly:DescribeVoices", "translate:TranslateText" ], "Effect":"Allow", "Resource":"*", "Sid":"Permissions1" }, { "Action":[ "s3:ListBucket", "s3:GetBucketAcl", "s3:GetBucketPolicy", "s3:PutObject", "s3:DeleteObject", "s3:CreateBucket", "s3:PutObjectAcl" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::audio_for_wordpress*", "arn:aws:s3:::audio-for-wordpress*" ], "Sid":"Permissions2" }, { "Action":[ "acm:AddTagsToCertificate", "acm:DescribeCertificate", "acm:RequestCertificate", "cloudformation:CreateStack", "cloudfront:ListDistributions" ], "Condition":{ "StringEquals":{ "aws:RequestedRegion":"us-east-1" } }, "Effect":"Allow", "Resource":"*", "Sid":"Permissions3" }, { "Action":[ "acm:DeleteCertificate", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:UpdateStack", "cloudfront:CreateDistribution", "cloudfront:CreateInvalidation", "cloudfront:DeleteDistribution", "cloudfront:GetDistribution", "cloudfront:GetInvalidation", "cloudfront:TagResource", "cloudfront:UpdateDistribution" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/createdBy":"AWSForWordPressPlugin" } }, "Effect":"Allow", "Resource":"*", "Sid":"Permissions4" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-01-20T23:20:47+00:00" }, "AWSGitSyncServiceRolePolicy":{ "CreateDate":"2023-11-16T17:05:42+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "codestar-connections:UseConnection", "codeconnections:UseConnection" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"AccessGitRepos" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-26T18:12:31+00:00" }, "AWSGlobalAcceleratorSLRPolicy":{ "CreateDate":"2019-04-05T19:39:13+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeSubnets", "ec2:DescribeRegions", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:DescribeAddresses" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Action1" }, { "Action":[ "ec2:DeleteSecurityGroup", "ec2:AssignIpv6Addresses", "ec2:UnassignIpv6Addresses" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/AWSServiceName":"GlobalAccelerator" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2Action2" }, { "Action":[ "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroups", "ec2:GetSecurityGroupsForVpc" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Action3" }, { "Action":[ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeTargetGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"ElbAction1" }, { "Action":"ec2:CreateTags", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"EC2Action4" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-29T18:23:36+00:00" }, "AWSGlueConsoleFullAccess":{ "CreateDate":"2017-08-14T13:37:39+00:00", "DefaultVersionId":"v14", "Document":{ "Statement":[ { "Action":[ "glue:*", "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "iam:ListRoles", "iam:ListUsers", "iam:ListGroups", "iam:ListRolePolicies", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeRouteTables", "ec2:DescribeVpcAttribute", "ec2:DescribeKeyPairs", "ec2:DescribeInstances", "ec2:DescribeImages", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "rds:DescribeDBSubnetGroups", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketAcl", "s3:GetBucketLocation", "cloudformation:ListStacks", "cloudformation:DescribeStacks", "cloudformation:GetTemplateSummary", "dynamodb:ListTables", "kms:ListAliases", "kms:DescribeKey", "cloudwatch:GetMetricData", "cloudwatch:ListDashboards", "databrew:ListRecipes", "databrew:ListRecipeVersions", "databrew:DescribeRecipe" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"BaseAppPermissions" }, { "Action":[ "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*/*", "arn:aws:s3:::*/*aws-glue-*/*", "arn:aws:s3:::aws-glue-*" ] }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*" ] }, { "Action":[ "logs:GetLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:/aws-glue/*" ] }, { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/aws-glue*/*" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Action":[ "ec2:TerminateInstances", "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/aws:cloudformation:logical-id":"ZeppelinInstance" }, "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/aws-glue-*/*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "glue.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSGlueServiceRole*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSGlueServiceNotebookRole*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "glue.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-07-14T14:37:54+00:00" }, "AWSGlueConsoleSageMakerNotebookFullAccess":{ "CreateDate":"2018-10-05T17:52:35+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "glue:*", "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "iam:ListRoles", "iam:ListRolePolicies", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeRouteTables", "ec2:DescribeVpcAttribute", "ec2:DescribeKeyPairs", "ec2:DescribeInstances", "ec2:DescribeImages", "ec2:CreateNetworkInterface", "ec2:AttachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", "rds:DescribeDBInstances", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketAcl", "s3:GetBucketLocation", "cloudformation:DescribeStacks", "cloudformation:GetTemplateSummary", "dynamodb:ListTables", "kms:ListAliases", "kms:DescribeKey", "sagemaker:ListNotebookInstances", "cloudformation:ListStacks", "cloudwatch:GetMetricData", "cloudwatch:ListDashboards" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*/*aws-glue-*/*", "arn:aws:s3:::aws-glue-*" ] }, { "Action":[ "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*" ] }, { "Action":[ "logs:GetLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:/aws-glue/*" ] }, { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/aws-glue*/*" }, { "Action":[ "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateNotebookInstance", "sagemaker:DeleteNotebookInstance", "sagemaker:DescribeNotebookInstance", "sagemaker:StartNotebookInstance", "sagemaker:StopNotebookInstance", "sagemaker:UpdateNotebookInstance", "sagemaker:ListTags" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*" }, { "Action":[ "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:ListNotebookInstanceLifecycleConfigs" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/aws-glue-*" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Action":[ "ec2:TerminateInstances", "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/aws:cloudformation:logical-id":"ZeppelinInstance" }, "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/aws-glue-*/*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "tag:GetResources" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "aws-glue-*" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "glue.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSGlueServiceRole*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSGlueServiceNotebookRole*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "sagemaker.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSGlueServiceSageMakerNotebookRole*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "glue.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-07-15T15:24:19+00:00" }, "AWSGlueDataBrewServiceRole":{ "CreateDate":"2020-12-04T21:26:50+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "glue:GetDatabases", "glue:GetPartitions", "glue:GetTable", "glue:GetTables", "glue:GetConnection" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"GlueDataPermissions" }, { "Action":[ "glue:BatchGetCustomEntityTypes", "glue:GetCustomEntityType" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"GluePIIPermissions" }, { "Action":[ "s3:ListBucket", "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::databrew-public-datasets-*" ], "Sid":"S3PublicDatasetAccess" }, { "Action":[ "ec2:DescribeVpcEndpoints", "ec2:DescribeRouteTables", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"EC2NetworkingPermissions" }, { "Action":"ec2:DeleteNetworkInterface", "Condition":{ "StringLike":{ "aws:ResourceTag/aws-glue-service-resource":"*" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"EC2DeleteGlueNetworkInterfacePermissions" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws-glue-service-resource" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"EC2GlueTaggingPermissions" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws-glue-databrew/*" ], "Sid":"GlueDatabrewLogGroupPermissions" }, { "Action":[ "lakeformation:GetDataAccess" ], "Effect":"Allow", "Resource":"*", "Sid":"LakeFormationPermissions" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:databrew!default-*", "Sid":"SecretsManagerPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-20T23:28:52+00:00" }, "AWSGlueSchemaRegistryFullAccess":{ "CreateDate":"2020-11-20T00:19:00+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "glue:CreateRegistry", "glue:UpdateRegistry", "glue:DeleteRegistry", "glue:GetRegistry", "glue:ListRegistries", "glue:CreateSchema", "glue:UpdateSchema", "glue:DeleteSchema", "glue:GetSchema", "glue:ListSchemas", "glue:RegisterSchemaVersion", "glue:DeleteSchemaVersions", "glue:GetSchemaByDefinition", "glue:GetSchemaVersion", "glue:GetSchemaVersionsDiff", "glue:ListSchemaVersions", "glue:CheckSchemaVersionValidity", "glue:PutSchemaVersionMetadata", "glue:RemoveSchemaVersionMetadata", "glue:QuerySchemaVersionMetadata" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSGlueSchemaRegistryFullAccess" }, { "Action":[ "glue:GetTags", "glue:TagResource", "glue:UnTagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:schema/*", "arn:aws:glue:*:*:registry/*" ], "Sid":"AWSGlueSchemaRegistryTagsFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-20T00:19:00+00:00" }, "AWSGlueSchemaRegistryReadonlyAccess":{ "CreateDate":"2020-11-20T00:20:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "glue:GetRegistry", "glue:ListRegistries", "glue:GetSchema", "glue:ListSchemas", "glue:GetSchemaByDefinition", "glue:GetSchemaVersion", "glue:ListSchemaVersions", "glue:GetSchemaVersionsDiff", "glue:CheckSchemaVersionValidity", "glue:QuerySchemaVersionMetadata", "glue:GetTags" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSGlueSchemaRegistryReadonlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-20T00:20:06+00:00" }, "AWSGlueServiceNotebookRole":{ "CreateDate":"2017-08-14T13:37:42+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "glue:CreateDatabase", "glue:CreatePartition", "glue:CreateTable", "glue:DeleteDatabase", "glue:DeletePartition", "glue:DeleteTable", "glue:GetDatabase", "glue:GetDatabases", "glue:GetPartition", "glue:GetPartitions", "glue:GetTable", "glue:GetTableVersions", "glue:GetTables", "glue:UpdateDatabase", "glue:UpdatePartition", "glue:UpdateTable", "glue:CreateConnection", "glue:CreateJob", "glue:DeleteConnection", "glue:DeleteJob", "glue:GetConnection", "glue:GetConnections", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobs", "glue:UpdateJob", "glue:BatchDeleteConnection", "glue:UpdateConnection", "glue:GetUserDefinedFunction", "glue:UpdateUserDefinedFunction", "glue:GetUserDefinedFunctions", "glue:DeleteUserDefinedFunction", "glue:CreateUserDefinedFunction", "glue:BatchGetPartition", "glue:BatchDeletePartition", "glue:BatchCreatePartition", "glue:BatchDeleteTable", "glue:UpdateDevEndpoint", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "codewhisperer:GenerateRecommendations" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::crawler-public*", "arn:aws:s3:::aws-glue*" ] }, { "Action":[ "s3:PutObject", "s3:DeleteObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue*" ] }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws-glue-service-resource" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-09T15:59:41+00:00" }, "AWSGlueServiceRole":{ "CreateDate":"2017-08-14T13:37:21+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "glue:*", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "ec2:DescribeVpcEndpoints", "ec2:DescribeRouteTables", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "iam:ListRolePolicies", "iam:GetRole", "iam:GetRolePolicy", "cloudwatch:PutMetricData" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*" ] }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*/*", "arn:aws:s3:::*/*aws-glue-*/*" ] }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::crawler-public*", "arn:aws:s3:::aws-glue-*" ] }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:*:/aws-glue/*" ] }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws-glue-service-resource" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-11T16:39:47+00:00" }, "AWSGrafanaAccountAdministrator":{ "CreateDate":"2021-02-23T00:20:38+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSGrafanaOrganizationAdmin" }, { "Action":"iam:GetRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"GrafanaIAMGetRolePermission" }, { "Action":[ "grafana:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSGrafanaPermissions" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"grafana.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"GrafanaIAMPassRolePermission" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-02-15T22:36:18+00:00" }, "AWSGrafanaConsoleReadOnlyAccess":{ "CreateDate":"2021-02-23T00:10:40+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "grafana:Describe*", "grafana:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSGrafanaConsoleReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-02-15T22:30:54+00:00" }, "AWSGrafanaWorkspacePermissionManagement":{ "CreateDate":"2021-02-23T00:15:54+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "grafana:DescribeWorkspace", "grafana:DescribeWorkspaceAuthentication", "grafana:UpdatePermissions", "grafana:ListPermissions", "grafana:ListWorkspaces" ], "Effect":"Allow", "Resource":"arn:aws:grafana:*:*:/workspaces*", "Sid":"AWSGrafanaPermissions" }, { "Action":[ "sso:DescribeRegisteredRegions", "sso:GetSharedSsoConfiguration", "sso:ListDirectoryAssociations", "sso:GetManagedApplicationInstance", "sso:ListProfiles", "sso:AssociateProfile", "sso:DisassociateProfile", "sso:GetProfile", "sso:ListProfileAssociations", "sso-directory:DescribeUser", "sso-directory:DescribeGroup" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMIdentityCenterPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-15T22:17:26+00:00" }, "AWSGrafanaWorkspacePermissionManagementV2":{ "CreateDate":"2024-01-05T18:39:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "grafana:DescribeWorkspace", "grafana:DescribeWorkspaceAuthentication", "grafana:UpdatePermissions", "grafana:ListPermissions", "grafana:ListWorkspaces" ], "Effect":"Allow", "Resource":"arn:aws:grafana:*:*:/workspaces*", "Sid":"AWSGrafanaPermissions" }, { "Action":[ "sso:DescribeRegisteredRegions", "sso:GetSharedSsoConfiguration", "sso:ListDirectoryAssociations", "sso:GetManagedApplicationInstance", "sso:ListProfiles", "sso:GetProfile", "sso:ListProfileAssociations", "sso-directory:DescribeUser", "sso-directory:DescribeGroup" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMIdentityCenterPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-05T18:39:46+00:00" }, "AWSGreengrassFullAccess":{ "CreateDate":"2017-05-03T00:47:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "greengrass:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-05-03T00:47:37+00:00" }, "AWSGreengrassReadOnlyAccess":{ "CreateDate":"2018-10-30T16:01:43+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "greengrass:List*", "greengrass:Get*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-10-30T16:01:43+00:00" }, "AWSGreengrassResourceAccessRolePolicy":{ "CreateDate":"2017-02-14T21:17:24+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "iot:DeleteThingShadow", "iot:GetThingShadow", "iot:UpdateThingShadow" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/GG_*", "arn:aws:iot:*:*:thing/*-gcm", "arn:aws:iot:*:*:thing/*-gda", "arn:aws:iot:*:*:thing/*-gci" ], "Sid":"AllowGreengrassAccessToShadows" }, { "Action":[ "iot:DescribeThing" ], "Effect":"Allow", "Resource":"arn:aws:iot:*:*:thing/*", "Sid":"AllowGreengrassToDescribeThings" }, { "Action":[ "iot:DescribeCertificate" ], "Effect":"Allow", "Resource":"arn:aws:iot:*:*:cert/*", "Sid":"AllowGreengrassToDescribeCertificates" }, { "Action":[ "greengrass:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowGreengrassToCallGreengrassServices" }, { "Action":[ "lambda:GetFunction", "lambda:GetFunctionConfiguration" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowGreengrassToGetLambdaFunctions" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:greengrass-*", "Sid":"AllowGreengrassToGetGreengrassSecrets" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*Greengrass*", "arn:aws:s3:::*GreenGrass*", "arn:aws:s3:::*greengrass*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*sagemaker*" ], "Sid":"AllowGreengrassAccessToS3Objects" }, { "Action":[ "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowGreengrassAccessToS3BucketLocation" }, { "Action":[ "sagemaker:DescribeTrainingJob" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:training-job/*" ], "Sid":"AllowGreengrassAccessToSageMakerTrainingJobs" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-14T00:35:02+00:00" }, "AWSGroundStationAgentInstancePolicy":{ "CreateDate":"2023-03-29T15:23:12+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "groundstation:RegisterAgent", "groundstation:UpdateAgentStatus", "groundstation:GetAgentConfiguration" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-29T15:23:12+00:00" }, "AWSHealthFullAccess":{ "CreateDate":"2016-12-06T12:30:31+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "organizations:EnableAWSServiceAccess", "organizations:DisableAWSServiceAccess" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":"health.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "health:*", "organizations:ListAccounts", "organizations:ListParents", "organizations:DescribeAccount", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"health.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-16T18:11:34+00:00" }, "AWSHealthImagingFullAccess":{ "CreateDate":"2023-07-25T23:39:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "medical-imaging:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"medical-imaging.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-07-25T23:39:40+00:00" }, "AWSHealthImagingReadOnlyAccess":{ "CreateDate":"2023-07-25T23:40:40+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "medical-imaging:GetDICOMImportJob", "medical-imaging:GetDatastore", "medical-imaging:GetImageFrame", "medical-imaging:GetImageSet", "medical-imaging:GetImageSetMetadata", "medical-imaging:ListDICOMImportJobs", "medical-imaging:ListDatastores", "medical-imaging:ListImageSetVersions", "medical-imaging:ListTagsForResource", "medical-imaging:SearchImageSets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-01T15:18:49+00:00" }, "AWSHealth_EventProcessorServiceRolePolicy":{ "CreateDate":"2023-01-13T19:24:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "events:DeleteRule", "events:PutTargets", "events:PutRule", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"event-processor.health.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-01-13T19:24:56+00:00" }, "AWSIAMIdentityCenterAllowListForIdentityContext":{ "CreateDate":"2023-11-08T15:21:33+00:00", "DefaultVersionId":"v12", "Document":{ "Statement":[ { "Effect":"Deny", "NotAction":[ "aoss:APIAccessAll", "athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:CreateNamedQuery", "athena:CreatePreparedStatement", "athena:DeleteNamedQuery", "athena:DeletePreparedStatement", "athena:GetNamedQuery", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetQueryRuntimeStatistics", "athena:GetWorkGroup", "athena:ListNamedQueries", "athena:ListPreparedStatements", "athena:ListQueryExecutions", "athena:StartQueryExecution", "athena:StopQueryExecution", "athena:UpdateNamedQuery", "athena:UpdatePreparedStatement", "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetTableMetadata", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListTableMetadata", "athena:ListWorkGroups", "elasticmapreduce:GetClusterSessionCredentials", "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:DescribeCluster", "elasticmapreduce:CancelSteps", "elasticmapreduce:DescribeStep", "elasticmapreduce:ListSteps", "es:ESHttpHead", "es:ESHttpPost", "es:ESHttpGet", "es:ESHttpPatch", "es:ESHttpDelete", "es:ESHttpPut", "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetTableVersions", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition", "glue:GetColumnStatisticsForPartition", "glue:GetColumnStatisticsForTable", "glue:SearchTables", "glue:CreateDatabase", "glue:UpdateDatabase", "glue:DeleteDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:BatchUpdatePartition", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "lakeformation:GetDataAccess", "s3:GetAccessGrantsInstanceForPrefix", "s3:GetDataAccess", "s3:ListCallerAccessGrants", "q:StartConversation", "q:SendMessage", "q:ListConversations", "q:GetConversation", "q:StartTroubleshootingAnalysis", "q:GetTroubleshootingResults", "q:StartTroubleshootingResolutionExplanation", "q:UpdateTroubleshootingCommandResult", "qapps:CreateQApp", "qapps:PredictProblemStatementFromConversation", "qapps:PredictQAppFromProblemStatement", "qapps:CopyQApp", "qapps:GetQApp", "qapps:ListQApps", "qapps:UpdateQApp", "qapps:DeleteQApp", "qapps:AssociateQAppWithUser", "qapps:DisassociateQAppFromUser", "qapps:ImportDocumentToQApp", "qapps:ImportDocumentToQAppSession", "qapps:CreateLibraryItem", "qapps:GetLibraryItem", "qapps:UpdateLibraryItem", "qapps:CreateLibraryItemReview", "qapps:ListLibraryItems", "qapps:CreateSubscriptionToken", "qapps:StartQAppSession", "qapps:StopQAppSession", "qapps:PredictQApp", "qapps:ImportDocument", "qapps:AssociateLibraryItemReview", "qapps:DisassociateLibraryItemReview", "qapps:GetQAppSession", "qapps:UpdateQAppSession", "qapps:GetQAppSessionMetadata", "qapps:UpdateQAppSessionMetadata", "qapps:TagResource", "qapps:ListQAppSessionData", "qapps:ExportQAppSessionData", "qbusiness:Chat", "qbusiness:ChatSync", "qbusiness:ListConversations", "qbusiness:ListMessages", "qbusiness:DeleteConversation", "qbusiness:PutFeedback", "sts:SetContext" ], "Resource":"*", "Sid":"TrustedIdentityPropagation" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-01T14:19:12+00:00" }, "AWSIPAMServiceRolePolicy":{ "CreateDate":"2021-11-30T19:08:11+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeByoipCidrs", "ec2:DescribeIpv6Pools", "ec2:DescribeNetworkInterfaces", "ec2:DescribePublicIpv4Pools", "ec2:DescribeSecurityGroups", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:GetIpamDiscoveredAccounts", "ec2:GetIpamDiscoveredPublicAddresses", "ec2:GetIpamDiscoveredResourceCidrs", "globalaccelerator:ListAccelerators", "globalaccelerator:ListByoipCidrs", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListDelegatedAdministrators", "organizations:ListChildren", "organizations:ListParents", "organizations:DescribeOrganizationalUnit" ], "Effect":"Allow", "Resource":"*", "Sid":"IPAMDiscoveryDescribeActions" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/IPAM" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchMetricsPublishActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-08T16:29:09+00:00" }, "AWSIQContractServiceRolePolicy":{ "CreateDate":"2019-08-22T19:28:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:Subscribe" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-22T19:28:39+00:00" }, "AWSIQFullAccess":{ "CreateDate":"2019-04-04T23:13:42+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iq:*", "iq-permission:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "permission.iq.amazonaws.com", "contract.iq.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-25T20:22:34+00:00" }, "AWSIQPermissionServiceRolePolicy":{ "CreateDate":"2019-08-22T19:36:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:DeleteRole", "iam:ListAttachedRolePolicies" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSIQPermission-*" }, { "Action":[ "iam:AttachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":"arn:aws:iam::aws:policy/AWSDenyAll" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSIQPermission-*" }, { "Action":[ "iam:DetachRolePolicy" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSIQPermission-*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-22T19:36:29+00:00" }, "AWSIdentitySyncFullAccess":{ "CreateDate":"2022-03-23T23:29:33+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ds:AuthorizeApplication", "ds:UnauthorizeApplication" ], "Effect":"Allow", "Resource":"arn:*:ds:*:*:*/*" }, { "Action":[ "identity-sync:DeleteSyncProfile", "identity-sync:CreateSyncProfile", "identity-sync:GetSyncProfile", "identity-sync:StartSync", "identity-sync:StopSync", "identity-sync:CreateSyncFilter", "identity-sync:DeleteSyncFilter", "identity-sync:ListSyncFilters", "identity-sync:CreateSyncTarget", "identity-sync:DeleteSyncTarget", "identity-sync:GetSyncTarget", "identity-sync:UpdateSyncTarget" ], "Effect":"Allow", "Resource":"arn:*:identity-sync:*:*:*/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-03-23T23:29:33+00:00" }, "AWSIdentitySyncReadOnlyAccess":{ "CreateDate":"2022-03-23T23:29:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "identity-sync:GetSyncProfile", "identity-sync:ListSyncFilters", "identity-sync:GetSyncTarget" ], "Effect":"Allow", "Resource":"arn:*:identity-sync:*:*:*/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-03-23T23:29:52+00:00" }, "AWSImageBuilderFullAccess":{ "CreateDate":"2019-12-20T18:25:12+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "imagebuilder:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:*imagebuilder*" }, { "Action":[ "license-manager:ListLicenseConfigurations", "license-manager:ListLicenseSpecificationsForResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" }, { "Action":[ "iam:GetInstanceProfile" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:instance-profile/*imagebuilder*" }, { "Action":[ "iam:ListInstanceProfiles", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/*imagebuilder*", "arn:aws:iam::*:role/*imagebuilder*" ] }, { "Action":[ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListBucket" ], "Effect":"Allow", "Resource":"arn:aws:s3::*:*imagebuilder*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"imagebuilder.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" }, { "Action":[ "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:DescribeVpcs", "ec2:DescribeRegions", "ec2:DescribeVolumes", "ec2:DescribeSubnets", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplates" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-13T17:33:42+00:00" }, "AWSImageBuilderReadOnlyAccess":{ "CreateDate":"2019-12-19T22:29:23+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "imagebuilder:Get*", "imagebuilder:List*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-19T22:29:23+00:00" }, "AWSImportExportFullAccess":{ "CreateDate":"2015-02-06T18:40:43+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "importexport:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:43+00:00" }, "AWSImportExportReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:42+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "importexport:ListJobs", "importexport:GetStatus" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:42+00:00" }, "AWSIncidentManagerIncidentAccessServiceRolePolicy":{ "CreateDate":"2023-11-13T00:01:23+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "codedeploy:BatchGetDeployments", "codedeploy:ListDeployments", "codedeploy:ListDeploymentTargets", "autoscaling:DescribeAutoScalingInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"IncidentAccessPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-20T23:02:11+00:00" }, "AWSIncidentManagerResolverAccess":{ "CreateDate":"2021-05-10T06:12:34+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm-incidents:StartIncident" ], "Effect":"Allow", "Resource":"*", "Sid":"StartIncidentPermissions" }, { "Action":[ "ssm-incidents:ListResponsePlans", "ssm-incidents:GetResponsePlan" ], "Effect":"Allow", "Resource":"*", "Sid":"ResponsePlanReadOnlyPermissions" }, { "Action":[ "ssm-incidents:ListIncidentRecords", "ssm-incidents:GetIncidentRecord", "ssm-incidents:UpdateIncidentRecord", "ssm-incidents:ListTimelineEvents", "ssm-incidents:CreateTimelineEvent", "ssm-incidents:GetTimelineEvent", "ssm-incidents:UpdateTimelineEvent", "ssm-incidents:DeleteTimelineEvent", "ssm-incidents:ListRelatedItems", "ssm-incidents:UpdateRelatedItems" ], "Effect":"Allow", "Resource":"*", "Sid":"IncidentRecordResolverPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-05-10T06:12:34+00:00" }, "AWSIncidentManagerServiceRolePolicy":{ "CreateDate":"2021-05-10T03:34:45+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ssm-incidents:ListIncidentRecords", "ssm-incidents:CreateTimelineEvent" ], "Effect":"Allow", "Resource":"*", "Sid":"UpdateIncidentRecordPermissions" }, { "Action":[ "ssm:CreateOpsItem", "ssm:AssociateOpsItemRelatedItem" ], "Effect":"Allow", "Resource":"*", "Sid":"RelatedOpsItemPermissions" }, { "Action":"ssm-contacts:StartEngagement", "Effect":"Allow", "Resource":"*", "Sid":"IncidentEngagementPermissions" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/IncidentManager", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"PutMetricDataPermission" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-28T02:52:06+00:00" }, "AWSIoT1ClickFullAccess":{ "CreateDate":"2018-05-11T22:10:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot1click:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-05-11T22:10:14+00:00" }, "AWSIoT1ClickReadOnlyAccess":{ "CreateDate":"2018-05-11T21:49:24+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot1click:Describe*", "iot1click:Get*", "iot1click:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-05-11T21:49:24+00:00" }, "AWSIoTAnalyticsFullAccess":{ "CreateDate":"2018-06-18T23:02:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotanalytics:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-06-18T23:02:45+00:00" }, "AWSIoTAnalyticsReadOnlyAccess":{ "CreateDate":"2018-06-18T21:37:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotanalytics:Describe*", "iotanalytics:List*", "iotanalytics:Get*", "iotanalytics:SampleChannelData" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-06-18T21:37:49+00:00" }, "AWSIoTConfigAccess":{ "CreateDate":"2015-10-27T21:52:07+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "iot:AcceptCertificateTransfer", "iot:AddThingToThingGroup", "iot:AssociateTargetsWithJob", "iot:AttachPolicy", "iot:AttachPrincipalPolicy", "iot:AttachThingPrincipal", "iot:CancelCertificateTransfer", "iot:CancelJob", "iot:CancelJobExecution", "iot:ClearDefaultAuthorizer", "iot:CreateAuthorizer", "iot:CreateCertificateFromCsr", "iot:CreateJob", "iot:CreateKeysAndCertificate", "iot:CreateOTAUpdate", "iot:CreatePolicy", "iot:CreatePolicyVersion", "iot:CreateRoleAlias", "iot:CreateStream", "iot:CreateThing", "iot:CreateThingGroup", "iot:CreateThingType", "iot:CreateTopicRule", "iot:DeleteAuthorizer", "iot:DeleteCACertificate", "iot:DeleteCertificate", "iot:DeleteJob", "iot:DeleteJobExecution", "iot:DeleteOTAUpdate", "iot:DeletePolicy", "iot:DeletePolicyVersion", "iot:DeleteRegistrationCode", "iot:DeleteRoleAlias", "iot:DeleteStream", "iot:DeleteThing", "iot:DeleteThingGroup", "iot:DeleteThingType", "iot:DeleteTopicRule", "iot:DeleteV2LoggingLevel", "iot:DeprecateThingType", "iot:DescribeAuthorizer", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:DescribeDefaultAuthorizer", "iot:DescribeEndpoint", "iot:DescribeEventConfigurations", "iot:DescribeIndex", "iot:DescribeJob", "iot:DescribeJobExecution", "iot:DescribeRoleAlias", "iot:DescribeStream", "iot:DescribeThing", "iot:DescribeThingGroup", "iot:DescribeThingRegistrationTask", "iot:DescribeThingType", "iot:DetachPolicy", "iot:DetachPrincipalPolicy", "iot:DetachThingPrincipal", "iot:DisableTopicRule", "iot:EnableTopicRule", "iot:GetEffectivePolicies", "iot:GetIndexingConfiguration", "iot:GetJobDocument", "iot:GetLoggingOptions", "iot:GetOTAUpdate", "iot:GetPolicy", "iot:GetPolicyVersion", "iot:GetRegistrationCode", "iot:GetTopicRule", "iot:GetV2LoggingOptions", "iot:ListAttachedPolicies", "iot:ListAuthorizers", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListCertificatesByCA", "iot:ListIndices", "iot:ListJobExecutionsForJob", "iot:ListJobExecutionsForThing", "iot:ListJobs", "iot:ListOTAUpdates", "iot:ListOutgoingCertificates", "iot:ListPolicies", "iot:ListPolicyPrincipals", "iot:ListPolicyVersions", "iot:ListPrincipalPolicies", "iot:ListPrincipalThings", "iot:ListRoleAliases", "iot:ListStreams", "iot:ListTargetsForPolicy", "iot:ListThingGroups", "iot:ListThingGroupsForThing", "iot:ListThingPrincipals", "iot:ListThingRegistrationTaskReports", "iot:ListThingRegistrationTasks", "iot:ListThings", "iot:ListThingsInThingGroup", "iot:ListThingTypes", "iot:ListTopicRules", "iot:ListV2LoggingLevels", "iot:RegisterCACertificate", "iot:RegisterCertificate", "iot:RegisterThing", "iot:RejectCertificateTransfer", "iot:RemoveThingFromThingGroup", "iot:ReplaceTopicRule", "iot:SearchIndex", "iot:SetDefaultAuthorizer", "iot:SetDefaultPolicyVersion", "iot:SetLoggingOptions", "iot:SetV2LoggingLevel", "iot:SetV2LoggingOptions", "iot:StartThingRegistrationTask", "iot:StopThingRegistrationTask", "iot:TestAuthorization", "iot:TestInvokeAuthorizer", "iot:TransferCertificate", "iot:UpdateAuthorizer", "iot:UpdateCACertificate", "iot:UpdateCertificate", "iot:UpdateEventConfigurations", "iot:UpdateIndexingConfiguration", "iot:UpdateRoleAlias", "iot:UpdateStream", "iot:UpdateThing", "iot:UpdateThingGroup", "iot:UpdateThingGroupsForThing", "iot:UpdateAccountAuditConfiguration", "iot:DescribeAccountAuditConfiguration", "iot:DeleteAccountAuditConfiguration", "iot:StartOnDemandAuditTask", "iot:CancelAuditTask", "iot:DescribeAuditTask", "iot:ListAuditTasks", "iot:CreateScheduledAudit", "iot:UpdateScheduledAudit", "iot:DeleteScheduledAudit", "iot:DescribeScheduledAudit", "iot:ListScheduledAudits", "iot:ListAuditFindings", "iot:CreateSecurityProfile", "iot:DescribeSecurityProfile", "iot:UpdateSecurityProfile", "iot:DeleteSecurityProfile", "iot:AttachSecurityProfile", "iot:DetachSecurityProfile", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTargetsForSecurityProfile", "iot:ListActiveViolations", "iot:ListViolationEvents", "iot:ValidateSecurityProfileBehaviors" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-27T20:48:00+00:00" }, "AWSIoTConfigReadOnlyAccess":{ "CreateDate":"2015-10-27T21:52:31+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "iot:DescribeAuthorizer", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:DescribeDefaultAuthorizer", "iot:DescribeEndpoint", "iot:DescribeEventConfigurations", "iot:DescribeIndex", "iot:DescribeJob", "iot:DescribeJobExecution", "iot:DescribeRoleAlias", "iot:DescribeStream", "iot:DescribeThing", "iot:DescribeThingGroup", "iot:DescribeThingRegistrationTask", "iot:DescribeThingType", "iot:GetEffectivePolicies", "iot:GetIndexingConfiguration", "iot:GetJobDocument", "iot:GetLoggingOptions", "iot:GetOTAUpdate", "iot:GetPolicy", "iot:GetPolicyVersion", "iot:GetRegistrationCode", "iot:GetTopicRule", "iot:GetV2LoggingOptions", "iot:ListAttachedPolicies", "iot:ListAuthorizers", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListCertificatesByCA", "iot:ListIndices", "iot:ListJobExecutionsForJob", "iot:ListJobExecutionsForThing", "iot:ListJobs", "iot:ListOTAUpdates", "iot:ListOutgoingCertificates", "iot:ListPolicies", "iot:ListPolicyPrincipals", "iot:ListPolicyVersions", "iot:ListPrincipalPolicies", "iot:ListPrincipalThings", "iot:ListRoleAliases", "iot:ListStreams", "iot:ListTargetsForPolicy", "iot:ListThingGroups", "iot:ListThingGroupsForThing", "iot:ListThingPrincipals", "iot:ListThingRegistrationTaskReports", "iot:ListThingRegistrationTasks", "iot:ListThings", "iot:ListThingsInThingGroup", "iot:ListThingTypes", "iot:ListTopicRules", "iot:ListV2LoggingLevels", "iot:SearchIndex", "iot:TestAuthorization", "iot:TestInvokeAuthorizer", "iot:DescribeAccountAuditConfiguration", "iot:DescribeAuditTask", "iot:ListAuditTasks", "iot:DescribeScheduledAudit", "iot:ListScheduledAudits", "iot:ListAuditFindings", "iot:DescribeSecurityProfile", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTargetsForSecurityProfile", "iot:ListActiveViolations", "iot:ListViolationEvents", "iot:ValidateSecurityProfileBehaviors" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-27T20:52:40+00:00" }, "AWSIoTDataAccess":{ "CreateDate":"2015-10-27T21:51:18+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "iot:Connect", "iot:Publish", "iot:Subscribe", "iot:Receive", "iot:GetThingShadow", "iot:UpdateThingShadow", "iot:DeleteThingShadow", "iot:ListNamedShadowsForThing" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-06-23T21:34:47+00:00" }, "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction":{ "CreateDate":"2019-08-07T17:55:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot:ListPrincipalThings", "iot:AddThingToThingGroup" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-07T17:55:37+00:00" }, "AWSIoTDeviceDefenderAudit":{ "CreateDate":"2018-07-18T21:17:40+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "iot:GetLoggingOptions", "iot:GetV2LoggingOptions", "iot:ListCACertificates", "iot:ListCertificates", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:ListPolicies", "iot:GetPolicy", "iot:GetEffectivePolicies", "iot:ListRoleAliases", "iot:DescribeRoleAlias", "cognito-identity:GetIdentityPoolRoles", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies", "iam:GetRole", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRolePolicy", "iam:GenerateServiceLastAccessedDetails", "iam:GetServiceLastAccessedDetails" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-25T23:52:43+00:00" }, "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction":{ "CreateDate":"2019-08-07T17:04:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot:SetV2LoggingOptions" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "iot.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-07T17:04:07+00:00" }, "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction":{ "CreateDate":"2019-08-07T17:04:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-07T17:04:37+00:00" }, "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction":{ "CreateDate":"2019-08-07T17:04:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot:CreatePolicyVersion" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-07T17:04:57+00:00" }, "AWSIoTDeviceDefenderUpdateCACertMitigationAction":{ "CreateDate":"2019-08-07T17:05:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot:UpdateCACertificate" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-07T17:05:49+00:00" }, "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction":{ "CreateDate":"2019-08-07T17:06:00+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot:UpdateCertificate" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-07T17:06:00+00:00" }, "AWSIoTDeviceTesterForFreeRTOSFullAccess":{ "CreateDate":"2020-02-12T20:33:53+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"iot.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/idt-*", "Sid":"VisualEditor0" }, { "Action":[ "iot:DeleteThing", "iot:AttachThingPrincipal", "iot:DeleteCertificate", "iot:GetRegistrationCode", "iot:CreatePolicy", "iot:UpdateCACertificate", "s3:ListBucket", "iot:DescribeEndpoint", "iot:CreateOTAUpdate", "iot:CreateStream", "signer:ListSigningJobs", "acm:ListCertificates", "iot:CreateKeysAndCertificate", "iot:UpdateCertificate", "iot:CreateCertificateFromCsr", "iot:DetachThingPrincipal", "iot:RegisterCACertificate", "iot:CreateThing", "iam:ListRoles", "iot:RegisterCertificate", "iot:DeleteCACertificate", "signer:PutSigningProfile", "s3:ListAllMyBuckets", "signer:ListSigningPlatforms", "iot-device-tester:SendMetrics", "iot-device-tester:SupportedVersion", "iot-device-tester:LatestIdt", "iot-device-tester:CheckVersion", "iot-device-tester:DownloadTestSuite" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor1" }, { "Action":[ "iam:GetRole", "signer:StartSigningJob", "acm:GetCertificate", "signer:DescribeSigningJob", "s3:CreateBucket", "execute-api:Invoke", "s3:DeleteBucket", "s3:PutBucketVersioning", "signer:CancelSigningProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", "arn:aws:signer:*:*:/signing-profiles/*", "arn:aws:signer:*:*:/signing-jobs/*", "arn:aws:iam::*:role/idt-*", "arn:aws:acm:*:*:certificate/*", "arn:aws:s3:::idt-*", "arn:aws:s3:::afr-ota*" ], "Sid":"VisualEditor2" }, { "Action":[ "iot:DeleteStream", "iot:DeleteCertificate", "iot:AttachPolicy", "iot:DetachPolicy", "iot:DeletePolicy", "s3:ListBucketVersions", "iot:UpdateCertificate", "iot:GetOTAUpdate", "iot:DeleteOTAUpdate", "iot:DescribeJobExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::afr-ota*", "arn:aws:iot:*:*:thinggroup/idt*", "arn:aws:iam::*:role/idt-*" ], "Sid":"VisualEditor3" }, { "Action":[ "iot:DeleteCertificate", "iot:AttachPolicy", "iot:DetachPolicy", "s3:DeleteObjectVersion", "iot:DeleteOTAUpdate", "s3:PutObject", "s3:GetObject", "iot:DeleteStream", "iot:DeletePolicy", "s3:DeleteObject", "iot:UpdateCertificate", "iot:GetOTAUpdate", "s3:GetObjectVersion", "iot:DescribeJobExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::afr-ota*/*", "arn:aws:s3:::idt-*/*", "arn:aws:iot:*:*:policy/idt*", "arn:aws:iam::*:role/idt-*", "arn:aws:iot:*:*:otaupdate/idt*", "arn:aws:iot:*:*:thing/idt*", "arn:aws:iot:*:*:cert/*", "arn:aws:iot:*:*:job/*", "arn:aws:iot:*:*:stream/*" ], "Sid":"VisualEditor4" }, { "Action":[ "s3:PutObject", "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::afr-ota*/*", "arn:aws:s3:::idt-*/*" ], "Sid":"VisualEditor5" }, { "Action":[ "iot:CancelJobExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:job/*", "arn:aws:iot:*:*:thing/idt*" ], "Sid":"VisualEditor6" }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/Owner":"IoTDeviceTester" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"VisualEditor7" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteSecurityGroup" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/Owner":"IoTDeviceTester" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"VisualEditor8" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringEquals":{ "aws:RequestTag/Owner":"IoTDeviceTester" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"VisualEditor9" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:placement-group/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*" ], "Sid":"VisualEditor10" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/Owner":"IoTDeviceTester" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"VisualEditor11" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ssm:DescribeParameters", "ssm:GetParameters" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor12" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "Owner" ] }, "StringEquals":{ "ec2:CreateAction":[ "RunInstances", "CreateSecurityGroup" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ], "Sid":"VisualEditor13" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-10T20:30:07+00:00" }, "AWSIoTDeviceTesterForGreengrassFullAccess":{ "CreateDate":"2020-02-20T21:21:27+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "iot.amazonaws.com", "lambda.amazonaws.com", "greengrass.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/idt-*", "Sid":"VisualEditor1" }, { "Action":[ "lambda:CreateFunction", "iot:DeleteCertificate", "lambda:DeleteFunction", "execute-api:Invoke", "iot:UpdateCertificate" ], "Effect":"Allow", "Resource":[ "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", "arn:aws:lambda:*:*:function:idt-*", "arn:aws:iot:*:*:cert/*" ], "Sid":"VisualEditor2" }, { "Action":[ "iot:CreateThing", "iot:DeleteThing" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/idt-*", "arn:aws:iot:*:*:cert/*" ], "Sid":"VisualEditor3" }, { "Action":[ "iot:AttachPolicy", "iot:DetachPolicy", "iot:DeletePolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:policy/idt-*", "arn:aws:iot:*:*:cert/*" ], "Sid":"VisualEditor4" }, { "Action":[ "iot:CreateJob", "iot:DescribeJob", "iot:DescribeJobExecution", "iot:DeleteJob" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/idt-*", "arn:aws:iot:*:*:job/*" ], "Sid":"VisualEditor5" }, { "Action":[ "iot:DescribeEndpoint", "greengrass:*", "iam:ListAttachedRolePolicies", "iot:CreatePolicy", "iot:GetThingShadow", "iot:CreateKeysAndCertificate", "iot:ListThings", "iot:UpdateThingShadow", "iot:CreateCertificateFromCsr", "iot-device-tester:SendMetrics", "iot-device-tester:SupportedVersion", "iot-device-tester:LatestIdt", "iot-device-tester:CheckVersion", "iot-device-tester:DownloadTestSuite" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor6" }, { "Action":[ "iot:DetachThingPrincipal", "iot:AttachThingPrincipal" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/idt-*", "arn:aws:iot:*:*:cert/*" ], "Sid":"VisualEditor7" }, { "Action":[ "s3:PutObject", "s3:DeleteObjectVersion", "s3:ListBucketVersions", "s3:CreateBucket", "s3:DeleteObject", "s3:DeleteBucket" ], "Effect":"Allow", "Resource":"arn:aws:s3:::idt*", "Sid":"VisualEditor8" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-25T17:01:56+00:00" }, "AWSIoTEventsFullAccess":{ "CreateDate":"2019-01-10T22:51:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotevents:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-01-10T22:51:57+00:00" }, "AWSIoTEventsReadOnlyAccess":{ "CreateDate":"2019-01-10T22:50:08+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iotevents:Describe*", "iotevents:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-23T17:22:04+00:00" }, "AWSIoTFleetHubFederationAccess":{ "CreateDate":"2020-12-15T08:08:05+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "iot:DescribeIndex", "iot:DescribeThingGroup", "iot:GetBucketsAggregation", "iot:GetCardinality", "iot:GetIndexingConfiguration", "iot:GetPercentiles", "iot:GetStatistics", "iot:SearchIndex", "iot:CreateFleetMetric", "iot:ListFleetMetrics", "iot:DeleteFleetMetric", "iot:DescribeFleetMetric", "iot:UpdateFleetMetric", "iot:DescribeCustomMetric", "iot:ListCustomMetrics", "iot:ListDimensions", "iot:ListMetricValues", "iot:ListThingGroups", "iot:ListThingsInThingGroup", "iot:ListJobTemplates", "iot:DescribeJobTemplate", "iot:ListJobs", "iot:CreateJob", "iot:CancelJob", "iot:DescribeJob", "iot:ListJobExecutionsForJob", "iot:ListJobExecutionsForThing", "iot:DescribeJobExecution", "iot:ListSecurityProfiles", "iot:DescribeSecurityProfile", "iot:ListActiveViolations", "iot:GetThingShadow", "iot:ListNamedShadowsForThing", "iot:CancelJobExecution", "iot:DescribeEndpoint", "iotfleethub:DescribeApplication", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptionsByTopic", "sns:Subscribe", "sns:Unsubscribe" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:iotfleethub*" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarmHistory" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:iotfleethub*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-04T18:03:01+00:00" }, "AWSIoTFleetwiseServiceRolePolicy":{ "CreateDate":"2022-09-21T23:27:48+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/IoTFleetWise" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-09-21T23:27:48+00:00" }, "AWSIoTFullAccess":{ "CreateDate":"2015-10-08T15:19:49+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iot:*", "iotjobsdata:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-05-19T21:39:11+00:00" }, "AWSIoTLogging":{ "CreateDate":"2015-10-08T15:17:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:PutMetricFilter", "logs:PutRetentionPolicy", "logs:GetLogEvents", "logs:DeleteLogStream" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-10-08T15:17:25+00:00" }, "AWSIoTManagedIntegrationsFullAccess":{ "CreateDate":"2025-03-05T19:22:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"iotmanagedintegrations:*", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"iotmanagedintegrations.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/iotmanagedintegrations.amazonaws.com/AWSServiceRoleForIoTManagedIntegrations" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-05T19:22:06+00:00" }, "AWSIoTManagedIntegrationsRolePolicy":{ "CreateDate":"2025-03-05T21:22:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup" ], "Condition":{ "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/iotmanagedintegrations/*" ], "Sid":"CloudWatchLogs" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents" ], "Condition":{ "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/iotmanagedintegrations/*:log-stream:*" ], "Sid":"CloudWatchStreams" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/IoTManagedIntegrations", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchMetrics" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-05T21:22:06+00:00" }, "AWSIoTOTAUpdate":{ "CreateDate":"2017-12-20T20:36:53+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":[ "iot:CreateJob", "signer:DescribeSigningJob" ], "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-20T20:36:53+00:00" }, "AWSIoTRuleActions":{ "CreateDate":"2015-10-08T15:14:51+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":{ "Action":[ "dynamodb:PutItem", "kinesis:PutRecord", "iot:Publish", "s3:PutObject", "sns:Publish", "sqs:SendMessage*", "cloudwatch:SetAlarmState", "cloudwatch:PutMetricData", "es:ESHttpPut", "firehose:PutRecord" ], "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-01-16T19:28:19+00:00" }, "AWSIoTSiteWiseConsoleFullAccess":{ "CreateDate":"2019-05-31T21:37:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"iotsitewise:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "iotanalytics:List*", "iotanalytics:Describe*", "iotanalytics:Create*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iot:DescribeEndpoint", "iot:GetThingShadow" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "greengrass:GetGroup", "greengrass:GetGroupVersion", "greengrass:GetCoreDefinitionVersion", "greengrass:ListGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:ListSecrets", "secretsmanager:CreateSecret" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:UpdateSecret" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:greengrass-*" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"iotsitewise.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"iotsitewise.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-05-31T21:37:49+00:00" }, "AWSIoTSiteWiseFullAccess":{ "CreateDate":"2018-12-04T20:53:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotsitewise:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-12-04T20:53:39+00:00" }, "AWSIoTSiteWiseMonitorPortalAccess":{ "CreateDate":"2020-05-19T20:01:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotsitewise:CreateProject", "iotsitewise:DescribeProject", "iotsitewise:UpdateProject", "iotsitewise:DeleteProject", "iotsitewise:ListProjects", "iotsitewise:BatchAssociateProjectAssets", "iotsitewise:BatchDisassociateProjectAssets", "iotsitewise:ListProjectAssets", "iotsitewise:CreateDashboard", "iotsitewise:DescribeDashboard", "iotsitewise:UpdateDashboard", "iotsitewise:DeleteDashboard", "iotsitewise:ListDashboards", "iotsitewise:CreateAccessPolicy", "iotsitewise:DescribeAccessPolicy", "iotsitewise:UpdateAccessPolicy", "iotsitewise:DeleteAccessPolicy", "iotsitewise:ListAccessPolicies", "iotsitewise:DescribeAsset", "iotsitewise:ListAssets", "iotsitewise:ListAssociatedAssets", "iotsitewise:DescribeAssetProperty", "iotsitewise:GetAssetPropertyValue", "iotsitewise:GetAssetPropertyValueHistory", "iotsitewise:GetAssetPropertyAggregates", "sso-directory:DescribeUsers" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-19T20:01:21+00:00" }, "AWSIoTSiteWiseMonitorServiceRolePolicy":{ "CreateDate":"2019-11-14T00:59:10+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iotsitewise:CreateProject", "iotsitewise:DescribeProject", "iotsitewise:UpdateProject", "iotsitewise:DeleteProject", "iotsitewise:ListProjects", "iotsitewise:BatchAssociateProjectAssets", "iotsitewise:BatchDisassociateProjectAssets", "iotsitewise:ListProjectAssets", "iotsitewise:CreateDashboard", "iotsitewise:DescribeDashboard", "iotsitewise:UpdateDashboard", "iotsitewise:DeleteDashboard", "iotsitewise:ListDashboards", "iotsitewise:CreateAccessPolicy", "iotsitewise:DescribeAccessPolicy", "iotsitewise:UpdateAccessPolicy", "iotsitewise:DeleteAccessPolicy", "iotsitewise:ListAccessPolicies", "iotsitewise:DescribeAsset", "iotsitewise:ListAssets", "iotsitewise:ListAssociatedAssets", "iotsitewise:DescribeAssetProperty", "iotsitewise:GetAssetPropertyValue", "iotsitewise:GetAssetPropertyValueHistory", "iotsitewise:GetAssetPropertyAggregates", "sso-directory:DescribeUsers" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-13T22:19:25+00:00" }, "AWSIoTSiteWiseReadOnlyAccess":{ "CreateDate":"2018-12-04T20:55:11+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iotsitewise:Describe*", "iotsitewise:List*", "iotsitewise:Get*", "iotsitewise:BatchGet*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-09-16T19:05:20+00:00" }, "AWSIoTThingsRegistration":{ "CreateDate":"2017-12-01T20:21:52+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "iot:AddThingToThingGroup", "iot:AttachPolicy", "iot:AttachPrincipalPolicy", "iot:AttachThingPrincipal", "iot:CreateCertificateFromCsr", "iot:CreatePolicy", "iot:CreateThing", "iot:DescribeCertificate", "iot:DescribeThing", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:DetachPolicy", "iot:DetachThingPrincipal", "iot:GetPolicy", "iot:ListAttachedPolicies", "iot:ListPolicyPrincipals", "iot:ListPrincipalPolicies", "iot:ListPrincipalThings", "iot:ListTargetsForPolicy", "iot:ListThingGroupsForThing", "iot:ListThingPrincipals", "iot:RegisterCertificate", "iot:RegisterThing", "iot:RemoveThingFromThingGroup", "iot:UpdateCertificate", "iot:UpdateThing", "iot:UpdateThingGroupsForThing", "iot:AddThingToBillingGroup", "iot:DescribeBillingGroup", "iot:RemoveThingFromBillingGroup" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-05T19:20:12+00:00" }, "AWSIoTTwinMakerServiceRolePolicy":{ "CreateDate":"2023-11-13T18:59:42+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotsitewise:DescribeAsset" ], "Effect":"Allow", "Resource":[ "arn:aws:iotsitewise:*:*:asset/*" ], "Sid":"SiteWiseAssetReadAccess" }, { "Action":[ "iotsitewise:DescribeAssetModel" ], "Effect":"Allow", "Resource":[ "arn:aws:iotsitewise:*:*:asset-model/*" ], "Sid":"SiteWiseAssetModelReadAccess" }, { "Action":[ "iotsitewise:ListAssets", "iotsitewise:ListAssetModels" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SiteWiseAssetModelAndAssetListAccess" }, { "Action":[ "iottwinmaker:GetEntity", "iottwinmaker:CreateEntity", "iottwinmaker:UpdateEntity", "iottwinmaker:DeleteEntity", "iottwinmaker:ListEntities", "iottwinmaker:GetComponentType", "iottwinmaker:CreateComponentType", "iottwinmaker:UpdateComponentType", "iottwinmaker:DeleteComponentType", "iottwinmaker:ListComponentTypes" ], "Condition":{ "ForAnyValue:StringEquals":{ "iottwinmaker:linkedServices":[ "IOTSITEWISE" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iottwinmaker:*:*:workspace/*" ], "Sid":"TwinMakerAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-13T18:59:42+00:00" }, "AWSIoTWirelessDataAccess":{ "CreateDate":"2020-12-15T15:31:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotwireless:SendDataToWirelessDevice" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-15T15:31:39+00:00" }, "AWSIoTWirelessFullAccess":{ "CreateDate":"2020-12-15T15:27:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotwireless:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-15T15:27:57+00:00" }, "AWSIoTWirelessFullPublishAccess":{ "CreateDate":"2020-12-15T15:29:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot:DescribeEndpoint", "iot:Publish" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-15T15:29:59+00:00" }, "AWSIoTWirelessGatewayCertManager":{ "CreateDate":"2020-12-15T15:30:48+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot:CreateKeysAndCertificate", "iot:DescribeCertificate", "iot:ListCertificates" ], "Effect":"Allow", "Resource":"*", "Sid":"IoTWirelessGatewayCertManager" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-15T15:30:48+00:00" }, "AWSIoTWirelessLogging":{ "CreateDate":"2020-12-15T15:32:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/iotwireless*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-15T15:32:40+00:00" }, "AWSIoTWirelessReadOnlyAccess":{ "CreateDate":"2020-12-15T15:28:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotwireless:List*", "iotwireless:Get*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-15T15:28:56+00:00" }, "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy":{ "CreateDate":"2018-11-14T20:10:53+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudhsm:Describe*", "ec2:CreateNetworkInterface", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup", "ec2:DescribeVpcs", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-10T19:03:34+00:00" }, "AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy":{ "CreateDate":"2021-06-16T15:37:37+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "kms:SynchronizeMultiRegionKey" ], "Effect":"Allow", "Resource":"*", "Sid":"KMSSynchronizeMultiRegionKey" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-13T22:53:54+00:00" }, "AWSKeyManagementServicePowerUser":{ "CreateDate":"2015-02-06T18:40:40+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "kms:CreateAlias", "kms:CreateKey", "kms:DeleteAlias", "kms:Describe*", "kms:GenerateRandom", "kms:Get*", "kms:List*", "kms:TagResource", "kms:UntagResource", "iam:ListGroups", "iam:ListRoles", "iam:ListUsers" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-03-07T00:55:11+00:00" }, "AWSLakeFormationCrossAccountManager":{ "CreateDate":"2020-08-04T20:59:46+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "ram:CreateResourceShare" ], "Condition":{ "StringLikeIfExists":{ "ram:RequestedResourceType":[ "glue:Table", "glue:Database", "glue:Catalog" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowCreateResourceShare" }, { "Action":[ "ram:UpdateResourceShare", "ram:DeleteResourceShare", "ram:AssociateResourceShare", "ram:DisassociateResourceShare", "ram:GetResourceShares" ], "Condition":{ "StringLike":{ "ram:ResourceShareName":[ "LakeFormation*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowManageResourceShare" }, { "Action":[ "ram:AssociateResourceSharePermission" ], "Condition":{ "ArnLike":{ "ram:PermissionArn":[ "arn:aws:ram::aws:permission/AWSRAMLFEnabled*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowManageResourceSharePermissions" }, { "Action":[ "glue:PutResourcePolicy", "glue:DeleteResourcePolicy", "organizations:DescribeOrganization", "organizations:DescribeAccount", "ram:Get*", "ram:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowXAcctManagerPermissions" }, { "Action":[ "organizations:ListRoots", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowOrganizationsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-25T00:37:06+00:00" }, "AWSLakeFormationDataAdmin":{ "CreateDate":"2019-08-08T17:33:44+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "lakeformation:*", "cloudtrail:DescribeTrails", "cloudtrail:LookupEvents", "glue:CreateCatalog", "glue:UpdateCatalog", "glue:DeleteCatalog", "glue:GetCatalog", "glue:GetCatalogs", "glue:GetDatabase", "glue:GetDatabases", "glue:CreateDatabase", "glue:UpdateDatabase", "glue:DeleteDatabase", "glue:GetConnections", "glue:SearchTables", "glue:GetTable", "glue:CreateTable", "glue:UpdateTable", "glue:DeleteTable", "glue:GetTableVersions", "glue:GetPartitions", "glue:GetTables", "glue:ListWorkflows", "glue:BatchGetWorkflows", "glue:DeleteWorkflow", "glue:GetWorkflowRuns", "glue:StartWorkflowRun", "glue:GetWorkflow", "s3:ListBucket", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "iam:ListUsers", "iam:ListRoles", "iam:GetRole", "iam:GetRolePolicy" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSLakeFormationDataAdminAllow" }, { "Action":[ "lakeformation:PutDataLakeSettings" ], "Effect":"Deny", "Resource":"*", "Sid":"AWSLakeFormationDataAdminDeny" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-03T15:06:06+00:00" }, "AWSLambdaBasicExecutionRole":{ "CreateDate":"2015-04-09T15:03:43+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-04-09T15:03:43+00:00" }, "AWSLambdaDynamoDBExecutionRole":{ "CreateDate":"2015-04-09T15:09:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-04-09T15:09:29+00:00" }, "AWSLambdaENIManagementAccess":{ "CreateDate":"2016-12-06T00:37:27+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-01T20:07:26+00:00" }, "AWSLambdaExecute":{ "CreateDate":"2015-02-06T18:40:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:*" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:*" }, { "Action":[ "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:46+00:00" }, "AWSLambdaInvocation-DynamoDB":{ "CreateDate":"2015-02-06T18:40:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:47+00:00" }, "AWSLambdaKinesisExecutionRole":{ "CreateDate":"2015-04-09T15:14:16+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "kinesis:DescribeStream", "kinesis:DescribeStreamSummary", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:ListShards", "kinesis:ListStreams", "kinesis:SubscribeToShard", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-19T20:09:24+00:00" }, "AWSLambdaMSKExecutionRole":{ "CreateDate":"2020-08-11T17:35:05+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "kafka:DescribeCluster", "kafka:DescribeClusterV2", "kafka:GetBootstrapBrokers", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-02T20:08:02+00:00" }, "AWSLambdaReplicator":{ "CreateDate":"2017-05-23T17:53:03+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:DisableReplication" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:*" ], "Sid":"LambdaCreateDeletePermission" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLikeIfExists":{ "iam:PassedToService":"lambda.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"IamPassRolePermission" }, { "Action":[ "cloudfront:ListDistributionsByLambdaFunction" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"CloudFrontListDistributions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-08T00:17:54+00:00" }, "AWSLambdaRole":{ "CreateDate":"2015-02-06T18:41:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:28+00:00" }, "AWSLambdaSQSQueueExecutionRole":{ "CreateDate":"2018-06-14T21:50:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-06-14T21:50:45+00:00" }, "AWSLambdaVPCAccessExecutionRole":{ "CreateDate":"2016-02-11T23:15:26+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSLambdaVPCAccessExecutionPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-05T22:38:26+00:00" }, "AWSLambda_FullAccess":{ "CreateDate":"2020-11-17T21:14:08+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "cloudwatch:ListMetrics", "cloudwatch:GetMetricData", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "kms:ListAliases", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoles", "lambda:*", "logs:DescribeLogGroups", "states:DescribeStateMachine", "states:ListStateMachines", "tag:GetResources", "xray:GetTraceSummaries", "xray:BatchGetTraces" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"lambda.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:FilterLogEvents", "logs:StartLiveTail", "logs:StopLiveTail" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-17T21:37:06+00:00" }, "AWSLambda_ReadOnlyAccess":{ "CreateDate":"2020-11-17T21:10:32+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStacks", "cloudformation:ListStackResources", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "kms:ListAliases", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoles", "logs:DescribeLogGroups", "lambda:Get*", "lambda:List*", "states:DescribeStateMachine", "states:ListStateMachines", "tag:GetResources", "xray:GetTraceSummaries", "xray:BatchGetTraces" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:FilterLogEvents", "logs:StartQuery", "logs:StopQuery", "logs:DescribeQueries", "logs:GetLogGroupFields", "logs:GetLogRecord", "logs:GetQueryResults", "logs:StartLiveTail", "logs:StopLiveTail" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-17T21:07:06+00:00" }, "AWSLicenseManagerConsumptionPolicy":{ "CreateDate":"2021-08-11T23:18:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":[ "license-manager:CheckoutLicense", "license-manager:CheckInLicense", "license-manager:ExtendLicenseConsumption", "license-manager:GetLicense" ], "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-11T23:18:08+00:00" }, "AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy":{ "CreateDate":"2022-12-20T18:54:54+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeRegions" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"EC2Permissions" }, { "Action":[ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:DescribeAccount", "organizations:ListChildren", "organizations:ListParents", "organizations:ListAccountsForParent", "organizations:ListRoots", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"OrganizationPermissions" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/LicenseManagerLinuxSubscriptions":"enabled" } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:*" ], "Sid":"SecretsManagerPermissions" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/LicenseManagerLinuxSubscriptions":"enabled" }, "StringLike":{ "kms:ViaService":[ "secretsmanager.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:kms:*:*:key/*" ], "Sid":"KMSPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-08T22:04:56+00:00" }, "AWSLicenseManagerMasterAccountRolePolicy":{ "CreateDate":"2018-11-26T19:03:51+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "s3:GetBucketLocation", "s3:ListBucket", "s3:GetLifecycleConfiguration", "s3:PutLifecycleConfiguration", "s3:GetBucketPolicy", "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-license-manager-service-*" ], "Sid":"S3BucketPermissions" }, { "Action":[ "s3:AbortMultipartUpload", "s3:PutObject", "s3:GetObject", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-license-manager-service-*" ], "Sid":"S3ObjectPermissions1" }, { "Action":[ "s3:DeleteObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-license-manager-service-*/resource_sync/*" ], "Sid":"S3ObjectPermissions2" }, { "Action":[ "athena:GetQueryExecution", "athena:GetQueryResults", "athena:StartQueryExecution" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AthenaPermissions" }, { "Action":[ "glue:GetTable", "glue:GetPartition", "glue:GetPartitions" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"GluePermissions" }, { "Action":[ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:DescribeAccount", "organizations:ListChildren", "organizations:ListParents", "organizations:ListAccountsForParent", "organizations:ListRoots", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"OrganizationPermissions" }, { "Action":[ "ram:GetResourceShares", "ram:GetResourceShareAssociations", "ram:TagResource" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RAMPermissions1" }, { "Action":[ "ram:CreateResourceShare" ], "Condition":{ "StringEquals":{ "aws:RequestTag/Service":"LicenseManager" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"RAMPermissions2" }, { "Action":[ "ram:AssociateResourceShare", "ram:DisassociateResourceShare", "ram:UpdateResourceShare", "ram:DeleteResourceShare" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/Service":"LicenseManager" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"RAMPermissions3" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"IAMGetRoles" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "cloudformation.amazonaws.com", "glue.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/LicenseManagerServiceResourceDataSyncRole*" ], "Sid":"IAMPassRoles" }, { "Action":[ "cloudformation:UpdateStack", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*" ], "Sid":"CloudformationPermission" }, { "Action":[ "glue:CreateTable", "glue:UpdateTable", "glue:DeleteTable", "glue:UpdateJob", "glue:UpdateCrawler" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler", "arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob", "arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*", "arn:aws:glue:*:*:table/license_manager_resource_sync/*", "arn:aws:glue:*:*:database/license_manager_resource_inventory_db", "arn:aws:glue:*:*:database/license_manager_resource_sync" ], "Sid":"GlueUpdatePermissions" }, { "Action":[ "resource-groups:PutGroupPolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "ram.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"RGPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-05-31T20:50:26+00:00" }, "AWSLicenseManagerMemberAccountRolePolicy":{ "CreateDate":"2018-11-26T19:04:32+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "license-manager:UpdateLicenseSpecificationsForResource", "license-manager:GetLicenseConfiguration" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"LicenseManagerPermissions" }, { "Action":[ "ssm:ListInventoryEntries", "ssm:GetInventory", "ssm:CreateAssociation", "ssm:CreateResourceDataSync", "ssm:DeleteResourceDataSync", "ssm:ListResourceDataSync", "ssm:ListAssociations" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SSMPermissions" }, { "Action":[ "ram:AcceptResourceShareInvitation", "ram:GetResourceShareInvitations" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RAMPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-15T22:09:32+00:00" }, "AWSLicenseManagerServiceRolePolicy":{ "CreateDate":"2018-11-26T19:02:53+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"license-management.marketplace.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/license-management.marketplace.amazonaws.com/AWSServiceRoleForMarketplaceLicenseManagement" ], "Sid":"IAMPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"license-manager.member-account.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:*:iam::*:role/aws-service-role/license-manager.member-account.amazonaws.com/AWSServiceRoleForAWSLicenseManagerMemberAccountRole" ], "Sid":"IAMPermissionsForCreatingMemberSLR" }, { "Action":[ "s3:GetBucketLocation", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-license-manager-service-*" ], "Sid":"S3BucketPermissions1" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"S3BucketPermissions2" }, { "Action":[ "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-license-manager-service-*" ], "Sid":"S3ObjectPermissions" }, { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:aws-license-manager-service-*" ], "Sid":"SNSAccountPermissions" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SNSTopicPermissions" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeImages", "ec2:DescribeHosts" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"EC2Permissions" }, { "Action":[ "ssm:ListInventoryEntries", "ssm:GetInventory", "ssm:CreateAssociation" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SSMPermissions" }, { "Action":[ "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"OrganizationPermissions" }, { "Action":[ "license-manager:GetServiceSettings", "license-manager:GetLicense*", "license-manager:UpdateLicenseSpecificationsForResource", "license-manager:List*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"LicenseManagerPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-07-30T01:43:19+00:00" }, "AWSLicenseManagerUserSubscriptionsServiceRolePolicy":{ "CreateDate":"2022-07-30T01:17:18+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ds:DescribeDirectories", "ds:GetAuthorizedApplicationDetails" ], "Effect":"Allow", "Resource":"*", "Sid":"DSReadPermissions" }, { "Action":[ "ssm:GetInventory", "ssm:GetCommandInvocation", "ssm:ListCommandInvocations", "ssm:DescribeInstanceInformation" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMReadPermissions" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeVpcPeeringConnections" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2ReadPermissions" }, { "Action":[ "ec2:TerminateInstances", "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:productCode":[ "bz0vcy31ooqlzk5tsash4r1ik", "d44g89hc0gp9jdzm99rznthpw", "77yzkpa7kvee1y1tt7wnsdwoc", "a8jthu9h8pjsn4b8ylvfl6sfr", "7at6der8hnlov1g347e6tdkde", "3t0v0vuhvxjzm6m462f9v8iz4", "4gs2prcp03ojilgkjx8m3ifh7" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"EC2WritePermissions" }, { "Action":[ "ssm:SendCommand" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*::document/AWS-RunPowerShellScript" ], "Sid":"SSMDocumentExecutionPermissions" }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AWSLicenseManager":"UserSubscriptions" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"SSMInstanceExecutionPermissions" }, { "Action":[ "route53:GetHostedZone", "route53:ListResourceRecordSets" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadHostedZonePermissions" }, { "Action":[ "ec2:DescribeSecurityGroupRules" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadSecurityGroupRulePermissions" }, { "Action":[ "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeSubnetsPermissions" }, { "Action":[ "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeNetworkInterfacePermissions" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:license-manager-user-*", "Sid":"ReadSecretPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-08T02:54:26+00:00" }, "AWSM2ServicePolicy":{ "CreateDate":"2022-06-07T20:26:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSubnets", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterfacePermission", "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "elasticfilesystem:DescribeMountTargets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeregisterTargets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "fsx:DescribeFileSystems" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/M2" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-06-07T20:26:39+00:00" }, "AWSMSKReplicatorExecutionRole":{ "CreateDate":"2023-12-06T00:07:52+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "kafka-cluster:Connect", "kafka-cluster:DescribeCluster", "kafka-cluster:AlterCluster", "kafka-cluster:DescribeTopic", "kafka-cluster:CreateTopic", "kafka-cluster:AlterTopic", "kafka-cluster:WriteData", "kafka-cluster:ReadData", "kafka-cluster:AlterGroup", "kafka-cluster:DescribeGroup", "kafka-cluster:DescribeTopicDynamicConfiguration", "kafka-cluster:AlterTopicDynamicConfiguration", "kafka-cluster:WriteDataIdempotently" ], "Effect":"Allow", "Resource":[ "arn:aws:kafka:*:*:cluster/*" ], "Sid":"ClusterPermissions" }, { "Action":[ "kafka-cluster:DescribeTopic", "kafka-cluster:CreateTopic", "kafka-cluster:AlterTopic", "kafka-cluster:WriteData", "kafka-cluster:ReadData", "kafka-cluster:DescribeTopicDynamicConfiguration", "kafka-cluster:AlterTopicDynamicConfiguration", "kafka-cluster:AlterCluster" ], "Effect":"Allow", "Resource":[ "arn:aws:kafka:*:*:topic/*/*" ], "Sid":"TopicPermissions" }, { "Action":[ "kafka-cluster:AlterGroup", "kafka-cluster:DescribeGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:kafka:*:*:group/*/*" ], "Sid":"GroupPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-25T21:36:08+00:00" }, "AWSManagedServicesDeploymentToolkitPolicy":{ "CreateDate":"2022-06-09T18:33:03+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketPolicy", "s3:GetBucketVersioning", "s3:GetLifecycleConfiguration", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectAttributes", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectTagging", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:GetObjectVersionAttributes", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionTagging", "s3:GetObjectVersionTorrent", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutBucketAcl", "s3:PutBucketLogging", "s3:PutBucketObjectLockConfiguration", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutEncryptionConfiguration", "s3:PutLifecycleConfiguration" ], "Effect":"Allow", "Resource":"arn:aws:s3:::ams-cdktoolkit*", "Sid":"AMSCDKToolkitS3Permissions" }, { "Action":[ "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DeleteStack", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", "cloudformation:GetTemplate", "cloudformation:GetTemplateSummary", "cloudformation:TagResource", "cloudformation:UntagResource", "cloudformation:UpdateTerminationProtection" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/ams-cdk-toolkit*", "Sid":"AMSCDKToolkitCloudFormationPermissions" }, { "Action":[ "ecr:BatchGetRepositoryScanningConfiguration", "ecr:CreateRepository", "ecr:DeleteLifecyclePolicy", "ecr:DeleteRepository", "ecr:DeleteRepositoryPolicy", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:ListTagsForResource", "ecr:PutImageScanningConfiguration", "ecr:PutImageTagMutability", "ecr:PutLifecyclePolicy", "ecr:SetRepositoryPolicy", "ecr:TagResource", "ecr:UntagResource" ], "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/ams-cdktoolkit*", "Sid":"AMSCDKToolkitECRPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-04T20:41:54+00:00" }, "AWSManagedServices_ContactsServiceRolePolicy":{ "CreateDate":"2023-03-23T17:07:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:ListRoleTags", "iam:ListUserTags", "tag:GetResources", "ec2:DescribeTags" ], "Effect":"Allow", "Resource":"*" }, { "Action":"s3:GetBucketTagging", "Condition":{ "NumericGreaterThanEquals":{ "s3:TlsVersion":"1.2" }, "StringEquals":{ "s3:authType":"REST-HEADER", "s3:signatureversion":"AWS4-HMAC-SHA256" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-23T17:07:46+00:00" }, "AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy":{ "CreateDate":"2022-12-19T23:11:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudformation:UpdateTermination*", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackResources", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:GetTemplateSummary", "cloudformation:DescribeStacks" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/ams-detective-controls-config-recorder", "arn:aws:cloudformation:*:*:stack/ams-detective-controls-config-rules-cdk", "arn:aws:cloudformation:*:*:stack/ams-detective-controls-infrastructure-cdk" ] }, { "Action":[ "config:DescribeAggregationAuthorizations", "config:PutAggregationAuthorization", "config:TagResource", "config:PutConfigRule" ], "Effect":"Allow", "Resource":[ "arn:aws:config:*:*:aggregation-authorization/540708452589/*", "arn:aws:config:*:*::config-rule/*" ] }, { "Action":[ "s3:GetBucketPolicy", "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteObject", "s3:ListBucket", "s3:ListBucketVersions", "s3:GetBucketAcl", "s3:PutObject", "s3:PutBucketAcl", "s3:PutBucketLogging", "s3:PutBucketObjectLockConfiguration", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutEncryptionConfiguration" ], "Effect":"Allow", "Resource":"arn:aws:s3:::ams-config-record-bucket-*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-19T23:11:17+00:00" }, "AWSManagedServices_EventsServiceRolePolicy":{ "CreateDate":"2023-02-07T18:41:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "events:DeleteRule", "events:PutTargets", "events:PutRule", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"events.managedservices.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-07T18:41:22+00:00" }, "AWSManagedServices_SelfServiceReporting_ServiceRolePolicy":{ "CreateDate":"2025-01-08T21:22:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators", "organizations:DescribeAccount", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-08T21:22:06+00:00" }, "AWSMarketplaceAmiIngestion":{ "CreateDate":"2020-09-25T20:55:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:ModifySnapshotAttribute" ], "Effect":"Allow", "Resource":"arn:aws:ec2:us-east-1::snapshot/snap-*" }, { "Action":[ "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeSnapshotAttribute", "ec2:ModifyImageAttribute" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-25T20:55:10+00:00" }, "AWSMarketplaceDeploymentServiceRolePolicy":{ "CreateDate":"2023-11-15T23:34:33+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:PutSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:RemoveRegionsFromReplication" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:marketplace-deployment*!*" ], "Sid":"ManageMarketplaceDeploymentSecrets" }, { "Action":[ "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ListSecrets" }, { "Action":[ "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "expirationDate" ] }, "Null":{ "aws:RequestTag/expirationDate":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:marketplace-deployment!*", "Sid":"TagMarketplaceDeploymentSecrets" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-15T23:34:33+00:00" }, "AWSMarketplaceFullAccess":{ "CreateDate":"2015-02-11T17:21:45+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:*", "cloudformation:CreateStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:List*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DeleteSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:DescribeInstanceStatus", "ssm:GetAutomationExecution", "ssm:ListDocuments", "ssm:DescribeDocument", "sns:ListTopics", "sns:GetTopicAttributes", "sns:CreateTopic", "iam:GetRole", "iam:GetInstanceProfile", "iam:ListRoles", "iam:ListInstanceProfiles" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListBucket", "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*image-build*" ] }, { "Action":[ "sns:Publish", "sns:setTopicAttributes" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:*image-build*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:AssociatedResourceARN":[ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ], "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-03-04T17:04:00+00:00" }, "AWSMarketplaceGetEntitlements":{ "CreateDate":"2017-03-27T19:37:24+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:GetEntitlements" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceGetEntitlements" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-05T01:27:20+00:00" }, "AWSMarketplaceImageBuildFullAccess":{ "CreateDate":"2018-07-31T23:29:49+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:ListBuilds", "aws-marketplace:StartBuild", "aws-marketplace:DescribeBuilds" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:TerminateInstances", "Condition":{ "StringLike":{ "ec2:ResourceTag/marketplace-image-build:build-id":"*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*Automation*", "arn:aws:iam::*:role/*Instance*" ] }, { "Action":[ "ssm:GetAutomationExecution", "ssm:ListDocuments", "ssm:DescribeDocument", "ec2:DeregisterImage", "ec2:CopyImage", "ec2:DescribeSnapshots", "ec2:DescribeSecurityGroups", "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:RunInstances", "ec2:DescribeInstanceStatus", "sns:GetTopicAttributes", "iam:GetRole", "iam:GetInstanceProfile" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*image-build*" ] }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:*image-build*" ] }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:AssociatedResourceARN":[ "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" ], "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringLike":{ "aws:RequestTag/marketplace-image-build:build-id":"*" }, "StringNotEquals":{ "ec2:CreateAction":"RunInstances" } }, "Effect":"Deny", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-03-04T17:05:09+00:00" }, "AWSMarketplaceLicenseManagementServiceRolePolicy":{ "CreateDate":"2020-12-03T08:33:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeOrganization", "license-manager:ListReceivedGrants", "license-manager:ListDistributedGrants", "license-manager:GetGrant", "license-manager:CreateGrant", "license-manager:CreateGrantVersion", "license-manager:DeleteGrant", "license-manager:AcceptGrant" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowLicenseManagerActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-03T08:33:40+00:00" }, "AWSMarketplaceManageSubscriptions":{ "CreateDate":"2015-02-06T18:40:32+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:ViewSubscriptions", "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:ListPrivateListings" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:UpdatePurchaseOrders", "aws-marketplace:ListAgreementCharges" ], "Condition":{ "ForAllValues:StringEquals":{ "aws-marketplace:AgreementType":[ "PurchaseAgreement" ] }, "Null":{ "aws-marketplace:AgreementType":"false" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-20T19:22:33+00:00" }, "AWSMarketplaceMeteringFullAccess":{ "CreateDate":"2016-03-17T22:39:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:MeterUsage" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-03-17T22:39:22+00:00" }, "AWSMarketplaceMeteringRegisterUsage":{ "CreateDate":"2019-11-21T01:17:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:RegisterUsage" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-21T01:17:54+00:00" }, "AWSMarketplaceProcurementSystemAdminFullAccess":{ "CreateDate":"2019-06-25T13:07:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:PutProcurementSystemConfiguration", "aws-marketplace:DescribeProcurementSystemConfiguration", "organizations:Describe*", "organizations:List*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-25T13:07:47+00:00" }, "AWSMarketplacePurchaseOrdersServiceRolePolicy":{ "CreateDate":"2021-10-27T15:12:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "purchase-orders:ViewPurchaseOrders", "purchase-orders:ModifyPurchaseOrders" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowPurchaseOrderActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-10-27T15:12:37+00:00" }, "AWSMarketplaceRead-only":{ "CreateDate":"2015-02-06T18:40:31+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:ViewSubscriptions", "aws-marketplace:ListAgreementCharges", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:ListBuilds", "aws-marketplace:DescribeBuilds", "iam:ListRoles", "iam:ListInstanceProfiles", "sns:GetTopicAttributes", "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:ListPrivateListings" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-20T18:14:55+00:00" }, "AWSMarketplaceResaleAuthorizationServiceRolePolicy":{ "CreateDate":"2024-03-05T18:47:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ram:CreateResourceShare" ], "Condition":{ "ArnLike":{ "ram:ResourceArn":"arn:aws:aws-marketplace:*:*:AWSMarketplace/ResaleAuthorization/*" }, "Null":{ "ram:Principal":"true" }, "StringEquals":{ "ram:RequestedResourceType":"aws-marketplace:Entity" } }, "Effect":"Allow", "Resource":[ "arn:aws:ram:*:*:*" ], "Sid":"AllowResaleAuthorizationShareActionsRAMCreate" }, { "Action":[ "ram:AssociateResourceShare" ], "Condition":{ "Null":{ "ram:Principal":"false" }, "StringEquals":{ "ram:ResourceShareName":"AWSMarketplaceResaleAuthorization" } }, "Effect":"Allow", "Resource":[ "arn:aws:ram:*:*:*" ], "Sid":"AllowResaleAuthorizationShareActionsRAMAssociate" }, { "Action":[ "ram:AcceptResourceShareInvitation" ], "Condition":{ "StringEquals":{ "ram:ResourceShareName":"AWSMarketplaceResaleAuthorization" } }, "Effect":"Allow", "Resource":[ "arn:aws:ram:*:*:*" ], "Sid":"AllowResaleAuthorizationShareActionsRAMAccept" }, { "Action":[ "ram:GetResourceShareInvitations", "ram:GetResourceShareAssociations" ], "Effect":"Allow", "Resource":[ "arn:aws:ram:*:*:*" ], "Sid":"AllowResaleAuthorizationShareActionsRAMGet" }, { "Action":[ "aws-marketplace:PutResourcePolicy", "aws-marketplace:GetResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "ram.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/ResaleAuthorization/*", "Sid":"AllowResaleAuthorizationShareActionsMarketplace" }, { "Action":[ "aws-marketplace:DescribeEntity" ], "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/ResaleAuthorization/*", "Sid":"AllowResaleAuthorizationShareActionsMarketplaceDescribe" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-05T18:47:54+00:00" }, "AWSMarketplaceSellerFullAccess":{ "CreateDate":"2019-07-02T20:40:09+00:00", "DefaultVersionId":"v16", "Document":{ "Statement":[ { "Action":[ "aws-marketplace-management:uploadFiles", "aws-marketplace-management:viewReports", "aws-marketplace-management:viewSupport", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:GetSellerDashboard", "aws-marketplace:ListAssessments", "aws-marketplace:DescribeAssessment", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", "ec2:ModifySnapshotAttribute" ], "Effect":"Allow", "Resource":"*", "Sid":"MarketplaceManagement" }, { "Action":[ "aws-marketplace:SearchAgreements", "aws-marketplace:DescribeAgreement", "aws-marketplace:GetAgreementTerms" ], "Condition":{ "ForAllValues:StringEquals":{ "aws-marketplace:AgreementType":[ "PurchaseAgreement" ] }, "StringEquals":{ "aws-marketplace:PartyType":"Proposer" } }, "Effect":"Allow", "Resource":"*", "Sid":"AgreementAccess" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMGetRole" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"assets.marketplace.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"AssetScanning" }, { "Action":[ "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" ], "Effect":"Allow", "Resource":"*", "Sid":"VendorInsights" }, { "Action":[ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*", "Sid":"TagManagement" }, { "Action":[ "aws-marketplace-management:GetSellerVerificationDetails", "aws-marketplace-management:PutSellerVerificationDetails", "aws-marketplace-management:GetBankAccountVerificationDetails", "aws-marketplace-management:PutBankAccountVerificationDetails", "aws-marketplace-management:GetSecondaryUserVerificationDetails", "aws-marketplace-management:PutSecondaryUserVerificationDetails", "aws-marketplace-management:GetAdditionalSellerNotificationRecipients", "aws-marketplace-management:PutAdditionalSellerNotificationRecipients", "payments:GetPaymentInstrument", "payments:CreatePaymentInstrument", "tax:GetTaxInterview", "tax:PutTaxInterview", "tax:GetTaxInfoReportingDocument", "tax:ListSupplementalTaxRegistrations", "tax:PutSupplementalTaxRegistration", "tax:DeleteSupplementalTaxRegistration", "tax:GetTaxRegistration" ], "Effect":"Allow", "Resource":"*", "Sid":"SellerSettings" }, { "Action":[ "support:CreateCase" ], "Effect":"Allow", "Resource":"*", "Sid":"Support" }, { "Action":[ "aws-marketplace:GetResourcePolicy", "aws-marketplace:PutResourcePolicy", "aws-marketplace:DeleteResourcePolicy" ], "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*", "Sid":"ResourcePolicyManagement" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"resale-authorization.marketplace.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateServiceLinkedRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-14T19:52:06+00:00" }, "AWSMarketplaceSellerOfferManagement":{ "CreateDate":"2024-11-19T00:41:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListChangeSets" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceChangeSetReadAccess" }, { "Action":[ "aws-marketplace:StartChangeSet" ], "Effect":"Allow", "Resource":[ "arn:aws:aws-marketplace:*:*:AWSMarketplace/Offer/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/ChangeSet/*" ], "Sid":"AWSMarketplaceOfferManagement" }, { "Action":[ "aws-marketplace:StartChangeSet" ], "Condition":{ "StringEquals":{ "catalog:ChangeType":"CreateOfferOnProduct" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceCreateOfferOnProduct" }, { "Action":[ "aws-marketplace:ListEntities" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceListEntities" }, { "Action":[ "aws-marketplace:DescribeEntity" ], "Effect":"Allow", "Resource":[ "arn:aws:aws-marketplace:*:*:AWSMarketplace/Offer/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/ContainerProduct/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/ProfessionalServicesProduct/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/SaaSProduct/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/AmiProduct/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/ResaleAuthorization/*" ], "Sid":"AWSMarketplaceEntitiesReadAccess" }, { "Action":[ "aws-marketplace:SearchAgreements", "aws-marketplace:DescribeAgreement", "aws-marketplace:GetAgreementTerms" ], "Condition":{ "ForAllValues:StringEquals":{ "aws-marketplace:AgreementType":[ "PurchaseAgreement" ] }, "StringEquals":{ "aws-marketplace:PartyType":"Proposer" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSMarketplaceAgreementsReadAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-19T00:41:38+00:00" }, "AWSMarketplaceSellerProductsFullAccess":{ "CreateDate":"2019-07-02T21:06:25+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListAssessments", "aws-marketplace:DescribeAssessment", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", "ec2:ModifySnapshotAttribute" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"assets.marketplace.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" }, { "Action":[ "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" }, { "Action":[ "aws-marketplace:GetResourcePolicy", "aws-marketplace:PutResourcePolicy", "aws-marketplace:DeleteResourcePolicy" ], "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-10T19:06:12+00:00" }, "AWSMarketplaceSellerProductsReadOnly":{ "CreateDate":"2019-07-02T21:40:47+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListAssessments", "aws-marketplace:DescribeAssessment", "ec2:DescribeImages", "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" }, { "Action":[ "aws-marketplace:GetResourcePolicy" ], "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-10T18:51:14+00:00" }, "AWSMediaConnectServicePolicy":{ "CreateDate":"2023-04-03T22:11:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecs:UpdateService", "ecs:DeleteService", "ecs:CreateService", "ecs:DescribeServices", "ecs:PutAttributes", "ecs:DeleteAttributes", "ecs:RunTask", "ecs:ListTasks", "ecs:StartTask", "ecs:StopTask", "ecs:DescribeTasks", "ecs:DescribeContainerInstances", "ecs:UpdateContainerInstancesState" ], "Condition":{ "ArnLike":{ "ecs:cluster":"arn:aws:ecs:*:*:cluster/MediaConnectGateway" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ecs:CreateCluster", "ecs:RegisterTaskDefinition" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ecs:UpdateCluster", "ecs:UpdateClusterSettings", "ecs:ListAttributes", "ecs:DescribeClusters", "ecs:DeregisterContainerInstance", "ecs:ListContainerInstances" ], "Effect":"Allow", "Resource":"arn:aws:ecs:*:*:cluster/MediaConnectGateway" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-03T22:11:40+00:00" }, "AWSMediaTailorServiceRolePolicy":{ "CreateDate":"2021-09-17T22:27:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"logs:PutLogEvents", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:MediaTailor/*:log-stream:*" }, { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:MediaTailor/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-17T22:27:10+00:00" }, "AWSMigrationHubDMSAccess":{ "CreateDate":"2017-08-14T14:00:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mgh:CreateProgressUpdateStream" ], "Effect":"Allow", "Resource":"arn:aws:mgh:*:*:progressUpdateStream/DMS" }, { "Action":[ "mgh:AssociateCreatedArtifact", "mgh:DescribeMigrationTask", "mgh:DisassociateCreatedArtifact", "mgh:ImportMigrationTask", "mgh:ListCreatedArtifacts", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes", "mgh:NotifyApplicationState", "mgh:DescribeApplicationState", "mgh:AssociateDiscoveredResource", "mgh:DisassociateDiscoveredResource", "mgh:ListDiscoveredResources" ], "Effect":"Allow", "Resource":"arn:aws:mgh:*:*:progressUpdateStream/DMS/*" }, { "Action":[ "mgh:ListMigrationTasks", "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-07T17:51:53+00:00" }, "AWSMigrationHubDiscoveryAccess":{ "CreateDate":"2017-08-14T13:30:51+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "discovery:ListConfigurations", "discovery:DescribeConfigurations" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"aws:migrationhub:source-id" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Action":"dms:AddTagsToResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"aws:migrationhub:source-id" } }, "Effect":"Allow", "Resource":[ "arn:aws:dms:*:*:endpoint:*" ] }, { "Action":[ "ec2:DescribeInstanceAttribute" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-06T17:34:42+00:00" }, "AWSMigrationHubFullAccess":{ "CreateDate":"2017-08-14T14:02:54+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "mgh:*", "discovery:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"continuousexport.discovery.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "migrationhub.amazonaws.com", "dmsintegration.migrationhub.amazonaws.com", "smsintegration.migrationhub.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-19T21:14:41+00:00" }, "AWSMigrationHubOrchestratorConsoleFullAccess":{ "CreateDate":"2022-04-20T02:26:28+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "migrationhub-orchestrator:*" ], "Effect":"Allow", "Resource":"*", "Sid":"MHO" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"ListAllMyBuckets" }, { "Action":[ "s3:GetObject", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::migrationhub-orchestrator-*", "arn:aws:s3:::migrationhub-orchestrator-*/*" ], "Sid":"S3MHO" }, { "Action":[ "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*", "Sid":"ListSecrets" }, { "Action":[ "discovery:DescribeConfigurations", "discovery:ListConfigurations", "discovery:GetDiscoverySummary" ], "Effect":"Allow", "Resource":"*", "Sid":"Configuration" }, { "Action":[ "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*", "Sid":"GetHomeRegion" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Describe" }, { "Action":[ "kms:ListKeys", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"KMS" }, { "Action":[ "iam:ListInstanceProfiles", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMListProfileRole" }, { "Action":[ "ecs:ListClusters" ], "Effect":"Allow", "Resource":"*", "Sid":"ECS" }, { "Action":[ "account:ListRegions" ], "Effect":"Allow", "Resource":"*", "Sid":"Account" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"migrationhub-orchestrator.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateServiceRole" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/migrationhub-orchestrator.amazonaws.com/AWSServiceRoleForMigrationHubOrchestrator*", "Sid":"GetRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-05T17:34:16+00:00" }, "AWSMigrationHubOrchestratorInstanceRolePolicy":{ "CreateDate":"2022-04-20T02:43:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:migrationhub-orchestrator-*" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::migrationhub-orchestrator-*", "arn:aws:s3:::aws-migrationhub-orchestrator-*/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-20T02:43:50+00:00" }, "AWSMigrationHubOrchestratorPlugin":{ "CreateDate":"2022-04-20T02:25:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:CreateBucket", "s3:PutObject", "s3:GetObject", "s3:GetBucketAcl" ], "Effect":"Allow", "Resource":"arn:aws:s3:::migrationhub-orchestrator-*" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*" }, { "Action":[ "execute-api:Invoke", "execute-api:ManageConnections" ], "Effect":"Allow", "Resource":[ "arn:aws:execute-api:*:*:*/prod/*/put-log-data", "arn:aws:execute-api:*:*:*/prod/*/put-metric-data" ] }, { "Action":[ "migrationhub-orchestrator:RegisterPlugin", "migrationhub-orchestrator:GetMessage", "migrationhub-orchestrator:SendMessage" ], "Effect":"Allow", "Resource":"arn:aws:migrationhub-orchestrator:*:*:*" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:migrationhub-orchestrator-*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-20T02:25:10+00:00" }, "AWSMigrationHubOrchestratorServiceRolePolicy":{ "CreateDate":"2022-04-20T02:24:04+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "discovery:DescribeConfigurations", "discovery:ListConfigurations" ], "Effect":"Allow", "Resource":"*", "Sid":"ApplicationDiscoveryService" }, { "Action":[ "launchwizard:ListProvisionedApps", "launchwizard:DescribeProvisionedApp", "launchwizard:ListDeployments", "launchwizard:GetDeployment" ], "Effect":"Allow", "Resource":"*", "Sid":"LaunchWizard" }, { "Action":[ "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2instances" }, { "Action":[ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"mgn.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"ec2MGNLaunchTemplate" }, { "Action":[ "ec2:DescribeLaunchTemplates" ], "Effect":"Allow", "Resource":"*", "Sid":"ec2LaunchTemplates" }, { "Action":[ "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*", "Sid":"getHomeRegion" }, { "Action":[ "ssm:SendCommand", "ssm:GetCommandInvocation", "ssm:CancelCommand" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*::document/AWS-RunRemoteScript", "arn:aws:ec2:*:*:instance/*", "arn:aws:s3:::aws-migrationhub-orchestrator-*", "arn:aws:s3:::migrationhub-orchestrator-*" ], "Sid":"SSMcommand" }, { "Action":[ "ssm:DescribeInstanceInformation", "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SSM" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::migrationhub-orchestrator-*", "arn:aws:s3:::migrationhub-orchestrator-*/*" ], "Sid":"s3GetObject" }, { "Action":[ "events:PutTargets", "events:DescribeRule", "events:DeleteRule", "events:PutRule", "events:RemoveTargets" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/MigrationHubOrchestratorManagedRule*", "Sid":"EventBridge" }, { "Action":[ "mgn:GetReplicationConfiguration", "mgn:GetLaunchConfiguration", "mgn:StartCutover", "mgn:FinalizeCutover", "mgn:StartTest", "mgn:UpdateReplicationConfiguration", "mgn:DescribeSourceServers", "mgn:MarkAsArchived", "mgn:ChangeServerLifeCycleState" ], "Effect":"Allow", "Resource":"*", "Sid":"MGN" }, { "Action":[ "ec2:DescribeImportImageTasks" ], "Effect":"Allow", "Resource":"*", "Sid":"ec2DescribeImportImage" }, { "Action":"s3:ListBucket", "Condition":{ "StringLike":{ "s3:prefix":"migrationhub-orchestrator-vmie-*" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"s3ListBucket" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-04T18:25:12+00:00" }, "AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess":{ "CreateDate":"2023-04-03T20:09:48+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "refactor-spaces:*" ], "Effect":"Allow", "Resource":"*", "Sid":"RefactorSpaces" }, { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcs", "ec2:DescribeTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInternetGateways" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Describe" }, { "Action":[ "ec2:CreateVpcEndpointServiceConfiguration" ], "Effect":"Allow", "Resource":"*", "Sid":"VpcEndpointServiceConfigurationCreate" }, { "Action":[ "ec2:DeleteTags" ], "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:environment-id":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2TagsDelete" }, { "Action":"ec2:DeleteVpcEndpointServiceConfigurations", "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:application-id":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"VpcEndpointServiceConfigurationDelete" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateLoadBalancer" ], "Condition":{ "Null":{ "aws:RequestTag/refactor-spaces:application-id":"false" } }, "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", "Sid":"ELBLoadBalancerCreate" }, { "Action":[ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeListeners" ], "Effect":"Allow", "Resource":"*", "Sid":"ELBDescribe" }, { "Action":[ "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:CreateListener", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteTargetGroup" ], "Condition":{ "StringLike":{ "aws:ResourceTag/refactor-spaces:route-id":[ "*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ELBModify" }, { "Action":"elasticloadbalancing:DeleteLoadBalancer", "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", "Sid":"ELBLoadBalancerDelete" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateListener" ], "Condition":{ "Null":{ "aws:RequestTag/refactor-spaces:route-id":"false" } }, "Effect":"Allow", "Resource":[ "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", "arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" ], "Sid":"ELBListenerCreate" }, { "Action":"elasticloadbalancing:DeleteListener", "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*", "Sid":"ELBListenerDelete" }, { "Action":[ "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:RegisterTargets" ], "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*", "Sid":"ELBTargetGroupModify" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateTargetGroup" ], "Condition":{ "Null":{ "aws:RequestTag/refactor-spaces:route-id":"false" } }, "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*", "Sid":"ELBTargetGroupCreate" }, { "Action":[ "apigateway:GET", "apigateway:DELETE", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT", "apigateway:UpdateRestApiPolicy" ], "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:application-id":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/vpclinks", "arn:aws:apigateway:*::/vpclinks/*", "arn:aws:apigateway:*::/tags", "arn:aws:apigateway:*::/tags/*" ], "Sid":"APIGatewayModify" }, { "Action":"apigateway:GET", "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/vpclinks", "arn:aws:apigateway:*::/vpclinks/*" ], "Sid":"APIGatewayVpcLinksGet" }, { "Action":[ "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"OrganizationDescribe" }, { "Action":[ "cloudformation:CreateStack" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudformationStackCreate" }, { "Action":[ "cloudformation:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/*", "Sid":"CloudformationStackTag" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"refactor-spaces.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateRefactorSpacesSLR" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateELBSLR" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-11T18:16:48+00:00" }, "AWSMigrationHubRefactorSpaces-SSMAutomationPolicy":{ "CreateDate":"2023-08-10T15:08:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstanceStatus", "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:ModifyInstanceAttribute" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/refactor-spaces:ssm:optin":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ec2:ModifyInstanceAttribute" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"refactor-spaces:ssm:environment-id" }, "StringEquals":{ "aws:ResourceTag/refactor-spaces:ssm:optin":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":"ssm:GetParameters", "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSApplicationMigrationService-*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-10T15:08:14+00:00" }, "AWSMigrationHubRefactorSpacesFullAccess":{ "CreateDate":"2021-11-29T07:12:55+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "refactor-spaces:*" ], "Effect":"Allow", "Resource":"*", "Sid":"RefactorSpaces" }, { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcs", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGateways", "ec2:DescribeTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInternetGateways" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Describe" }, { "Action":[ "ec2:CreateTransitGateway", "ec2:CreateSecurityGroup", "ec2:CreateTransitGatewayVpcAttachment" ], "Condition":{ "Null":{ "aws:RequestTag/refactor-spaces:environment-id":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"RequestTagTransitGatewayCreate" }, { "Action":[ "ec2:CreateTransitGateway", "ec2:CreateSecurityGroup", "ec2:CreateTransitGatewayVpcAttachment" ], "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:environment-id":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"ResourceTagTransitGatewayCreate" }, { "Action":[ "ec2:CreateVpcEndpointServiceConfiguration" ], "Effect":"Allow", "Resource":"*", "Sid":"VpcEndpointServiceConfigurationCreate" }, { "Action":[ "ec2:DeleteTransitGateway", "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupIngress", "ec2:DeleteSecurityGroup", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:CreateRoute", "ec2:DeleteRoute", "ec2:DeleteTags" ], "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:environment-id":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2NetworkingModify" }, { "Action":"ec2:DeleteVpcEndpointServiceConfigurations", "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:application-id":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"VpcEndpointServiceConfigurationDelete" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateLoadBalancer" ], "Condition":{ "Null":{ "aws:RequestTag/refactor-spaces:application-id":"false" } }, "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", "Sid":"ELBLoadBalancerCreate" }, { "Action":[ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeListeners" ], "Effect":"Allow", "Resource":"*", "Sid":"ELBDescribe" }, { "Action":[ "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:CreateListener", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteTargetGroup" ], "Condition":{ "StringLike":{ "aws:ResourceTag/refactor-spaces:route-id":[ "*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ELBModify" }, { "Action":"elasticloadbalancing:DeleteLoadBalancer", "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", "Sid":"ELBLoadBalancerDelete" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateListener" ], "Condition":{ "Null":{ "aws:RequestTag/refactor-spaces:route-id":"false" } }, "Effect":"Allow", "Resource":[ "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", "arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" ], "Sid":"ELBListenerCreate" }, { "Action":"elasticloadbalancing:DeleteListener", "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*", "Sid":"ELBListenerDelete" }, { "Action":[ "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:RegisterTargets" ], "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*", "Sid":"ELBTargetGroupModify" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateTargetGroup" ], "Condition":{ "Null":{ "aws:RequestTag/refactor-spaces:route-id":"false" } }, "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*", "Sid":"ELBTargetGroupCreate" }, { "Action":[ "apigateway:GET", "apigateway:DELETE", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT", "apigateway:UpdateRestApiPolicy" ], "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:application-id":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/vpclinks", "arn:aws:apigateway:*::/vpclinks/*", "arn:aws:apigateway:*::/tags", "arn:aws:apigateway:*::/tags/*" ], "Sid":"APIGatewayModify" }, { "Action":"apigateway:GET", "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/vpclinks", "arn:aws:apigateway:*::/vpclinks/*" ], "Sid":"APIGatewayVpcLinksGet" }, { "Action":[ "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"OrganizationDescribe" }, { "Action":[ "cloudformation:CreateStack" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudformationStackCreate" }, { "Action":[ "cloudformation:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/*", "Sid":"CloudformationStackTag" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"refactor-spaces.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateRefactorSpacesSLR" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateELBSLR" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-11T17:45:46+00:00" }, "AWSMigrationHubRefactorSpacesServiceRolePolicy":{ "CreateDate":"2021-11-29T06:50:15+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeTransitGatewayVpcAttachments", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeTargetGroups", "ram:GetResourceShareAssociations" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupIngress", "ec2:DeleteSecurityGroup", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:CreateRoute", "ec2:DeleteRoute", "ec2:DeleteTags", "ram:DeleteResourceShare", "ram:AssociateResourceShare", "ram:DisassociateResourceShare" ], "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:environment-id":"false" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:DeleteVpcEndpointServiceConfigurations", "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:application-id":"false" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:CreateListener", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteTargetGroup" ], "Condition":{ "StringLike":{ "aws:ResourceTag/refactor-spaces:route-id":[ "*" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "apigateway:PUT", "apigateway:POST", "apigateway:GET", "apigateway:PATCH", "apigateway:DELETE" ], "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:application-id":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/vpclinks/*", "arn:aws:apigateway:*::/tags", "arn:aws:apigateway:*::/tags/*" ] }, { "Action":"apigateway:GET", "Effect":"Allow", "Resource":"arn:aws:apigateway:*::/vpclinks/*" }, { "Action":"elasticloadbalancing:DeleteLoadBalancer", "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateListener" ], "Condition":{ "Null":{ "aws:RequestTag/refactor-spaces:route-id":"false" } }, "Effect":"Allow", "Resource":[ "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", "arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" ] }, { "Action":"elasticloadbalancing:DeleteListener", "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" }, { "Action":[ "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:RegisterTargets" ], "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" }, { "Action":[ "elasticloadbalancing:DeregisterTargets" ], "Condition":{ "Null":{ "aws:ResourceTag/refactor-spaces:route-id":"false" } }, "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateTargetGroup" ], "Condition":{ "Null":{ "aws:RequestTag/refactor-spaces:route-id":"false" } }, "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-07-20T15:57:53+00:00" }, "AWSMigrationHubSMSAccess":{ "CreateDate":"2017-08-14T13:57:54+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mgh:CreateProgressUpdateStream" ], "Effect":"Allow", "Resource":"arn:aws:mgh:*:*:progressUpdateStream/SMS" }, { "Action":[ "mgh:AssociateCreatedArtifact", "mgh:DescribeMigrationTask", "mgh:DisassociateCreatedArtifact", "mgh:ImportMigrationTask", "mgh:ListCreatedArtifacts", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes", "mgh:NotifyApplicationState", "mgh:DescribeApplicationState", "mgh:AssociateDiscoveredResource", "mgh:DisassociateDiscoveredResource", "mgh:ListDiscoveredResources" ], "Effect":"Allow", "Resource":"arn:aws:mgh:*:*:progressUpdateStream/SMS/*" }, { "Action":[ "mgh:ListMigrationTasks", "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-07T18:01:22+00:00" }, "AWSMigrationHubStrategyCollector":{ "CreateDate":"2021-10-19T20:15:15+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:PutObject", "s3:GetBucketAcl", "s3:CreateBucket", "s3:PutEncryptionConfiguration", "s3:PutBucketPublicAccessBlock", "s3:PutBucketVersioning", "s3:PutLifecycleConfiguration", "s3:ListBucket", "s3:GetBucketLocation" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::migrationhub-strategy-*", "Sid":"MHSRAllowS3Resources" }, { "Action":[ "s3:ListAllMyBuckets" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"MHSRAllowS3ListBucket" }, { "Action":[ "application-transformation:PutMetricData", "application-transformation:PutLogData", "application-transformation:StartPortingCompatibilityAssessment", "application-transformation:GetPortingCompatibilityAssessment", "application-transformation:StartPortingRecommendationAssessment", "application-transformation:GetPortingRecommendationAssessment" ], "Effect":"Allow", "Resource":"*", "Sid":"MHSRAllowMetricsAndLogs" }, { "Action":[ "execute-api:Invoke", "execute-api:ManageConnections" ], "Effect":"Allow", "Resource":[ "arn:aws:execute-api:*:*:*/prod/*/put-log-data", "arn:aws:execute-api:*:*:*/prod/*/put-metric-data" ], "Sid":"MHSRAllowExecuteAPI" }, { "Action":[ "migrationhub-strategy:RegisterCollector", "migrationhub-strategy:GetAntiPattern", "migrationhub-strategy:GetMessage", "migrationhub-strategy:SendMessage", "migrationhub-strategy:ListAntiPatterns", "migrationhub-strategy:ListJarArtifacts", "migrationhub-strategy:UpdateCollectorConfiguration", "migrationhub-strategy:PutLogData", "migrationhub-strategy:PutMetricData" ], "Effect":"Allow", "Resource":"arn:aws:migrationhub-strategy:*:*:*", "Sid":"MHSRAllowCollectorAPI" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:migrationhub-strategy-*", "Sid":"MHSRAllowSecretsManager" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-01T16:21:02+00:00" }, "AWSMigrationHubStrategyConsoleFullAccess":{ "CreateDate":"2021-10-19T20:13:26+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "migrationhub-strategy:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*" }, { "Action":[ "s3:GetObject", "s3:CreateBucket", "s3:PutEncryptionConfiguration", "s3:PutBucketPublicAccessBlock", "s3:PutBucketPolicy", "s3:PutBucketVersioning", "s3:PutLifecycleConfiguration" ], "Effect":"Allow", "Resource":"arn:aws:s3:::migrationhub-strategy-*" }, { "Action":[ "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "discovery:GetDiscoverySummary", "discovery:DescribeTags", "discovery:DescribeConfigurations", "discovery:ListConfigurations" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"migrationhub-strategy.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/migrationhub-strategy.amazonaws.com/AWSMigrationHubStrategyServiceRolePolicy*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-09T00:00:06+00:00" }, "AWSMigrationHubStrategyServiceRolePolicy":{ "CreateDate":"2021-10-19T20:02:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "discovery:ListConfigurations", "discovery:DescribeConfigurations", "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*", "Sid":"permissionsForAds" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*" }, { "Action":[ "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Effect":"Allow", "Resource":"arn:aws:s3:::migrationhub-strategy-*", "Sid":"permissionsForS3" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-10-19T20:02:37+00:00" }, "AWSNetworkFirewallServiceRolePolicy":{ "CreateDate":"2020-11-17T17:17:26+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*" }, { "Action":"acm:DescribeCertificate", "Effect":"Allow", "Resource":"*" }, { "Action":"resource-groups:ListGroupResources", "Effect":"Allow", "Resource":"*" }, { "Action":"tag:GetResources", "Condition":{ "StringEquals":{ "aws:CalledViaLast":"resource-groups.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/AWSNetworkFirewallManaged":"true", "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" }, { "Action":[ "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AWSNetworkFirewallManaged":"true" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-30T17:19:09+00:00" }, "AWSNetworkManagerCloudWANServiceRolePolicy":{ "CreateDate":"2022-07-12T12:17:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateTransitGatewayRouteTableAnnouncement", "ec2:DeleteTransitGatewayRouteTableAnnouncement", "ec2:EnableTransitGatewayRouteTablePropagation", "ec2:DisableTransitGatewayRouteTablePropagation" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-12T12:17:49+00:00" }, "AWSNetworkManagerFullAccess":{ "CreateDate":"2019-12-03T17:37:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"networkmanager:*", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "networkmanager.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T17:37:58+00:00" }, "AWSNetworkManagerReadOnlyAccess":{ "CreateDate":"2019-12-03T17:35:05+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "networkmanager:Describe*", "networkmanager:Get*", "networkmanager:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T17:35:05+00:00" }, "AWSNetworkManagerServiceRolePolicy":{ "CreateDate":"2019-12-03T14:03:35+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGatewayAttachments", "directconnect:DescribeLocations", "directconnect:DescribeVirtualInterfaces", "ec2:DescribeCustomerGateways", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGateways", "ec2:DescribeVpnConnections", "ec2:DescribeVpcs", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:SearchTransitGatewayRoutes", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayConnects", "ec2:DescribeTransitGatewayConnectPeers", "ec2:DescribeRegions", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators", "ec2:DescribeTransitGatewayRouteTableAnnouncements", "ec2:DescribeTransitGatewayPolicyTables", "ec2:GetTransitGatewayPolicyTableAssociations", "ec2:GetTransitGatewayPolicyTableEntries" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-27T19:41:29+00:00" }, "AWSObservabilityAdminServiceRolePolicy":{ "CreateDate":"2024-11-27T19:36:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListChildren", "organizations:ListParents", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "config:PutServiceLinkedConfigurationRecorder", "config:DeleteServiceLinkedConfigurationRecorder" ], "Effect":"Allow", "Resource":[ "arn:aws:config:*:*:configuration-recorder/AWSConfigurationRecorderForObservabilityAdmin/*" ] }, { "Action":[ "config:PutConfigurationAggregator", "config:DeleteConfigurationAggregator", "config:SelectAggregateResourceConfig" ], "Effect":"Allow", "Resource":[ "arn:aws:config:*:*:config-aggregator/aws-service-config-aggregator/observabilityadmin.amazonaws.com/*" ] }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "config.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "config.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig" ] }, { "Action":[ "organizations:EnableAWSServiceAccess" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "config.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:ListDelegatedAdministrators" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "observabilityadmin.amazonaws.com", "config.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-27T19:36:07+00:00" }, "AWSOpsWorksCMInstanceProfileRole":{ "CreateDate":"2016-11-24T09:48:22+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStackResource", "cloudformation:SignalResource" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListMultipartUploadParts", "s3:PutObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::aws-opsworks-cm-*" }, { "Action":"acm:GetCertificate", "Effect":"Allow", "Resource":"*" }, { "Action":"secretsmanager:GetSecretValue", "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-23T17:34:03+00:00" }, "AWSOpsWorksCMServiceRole":{ "CreateDate":"2016-11-24T09:49:46+00:00", "DefaultVersionId":"v14", "Document":{ "Statement":[ { "Action":[ "s3:CreateBucket", "s3:DeleteObject", "s3:DeleteBucket", "s3:GetObject", "s3:ListBucket", "s3:PutBucketPolicy", "s3:PutObject", "s3:GetBucketTagging", "s3:PutBucketTagging" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-opsworks-cm-*" ] }, { "Action":[ "tag:UntagResources", "tag:TagResources" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ssm:DescribeInstanceInformation", "ssm:GetCommandInvocation", "ssm:ListCommandInvocations", "ssm:ListCommands" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "StringLike":{ "ssm:resourceTag/aws:cloudformation:stack-name":"aws-opsworks-cm-*" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ssm:SendCommand" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*::document/*", "arn:aws:s3:::aws-opsworks-cm-*" ] }, { "Action":[ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateImage", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateTags", "ec2:DeleteSecurityGroup", "ec2:DeleteSnapshot", "ec2:DeregisterImage", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:RunInstances", "ec2:StopInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:TerminateInstances", "ec2:RebootInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-name":"aws-opsworks-cm-*" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "opsworks-cm:DeleteServer", "opsworks-cm:StartMaintenance" ], "Effect":"Allow", "Resource":[ "arn:aws:opsworks-cm:*:*:server/*" ] }, { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:UpdateStack" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/aws-opsworks-cm-*" ] }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-opsworks-cm-*", "arn:aws:iam::*:role/service-role/aws-opsworks-cm-*" ] }, { "Action":[ "acm:DeleteCertificate", "acm:ImportCertificate" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:UpdateSecret", "secretsmanager:DeleteSecret", "secretsmanager:TagResource", "secretsmanager:UntagResource" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*" }, { "Action":"ec2:DeleteTags", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:elastic-ip/*", "arn:aws:ec2:*:*:security-group/*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-23T17:32:13+00:00" }, "AWSOpsWorksCloudWatchLogs":{ "CreateDate":"2017-03-30T17:47:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-03-30T17:47:19+00:00" }, "AWSOpsWorksInstanceRegistration":{ "CreateDate":"2016-06-03T14:23:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "opsworks:DescribeStackProvisioningParameters", "opsworks:DescribeStacks", "opsworks:RegisterInstance" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-06-03T14:23:15+00:00" }, "AWSOpsWorksRegisterCLI_EC2":{ "CreateDate":"2019-06-18T15:56:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "opsworks:AssignInstance", "opsworks:CreateLayer", "opsworks:DeregisterInstance", "opsworks:DescribeInstances", "opsworks:DescribeStackProvisioningParameters", "opsworks:DescribeStacks", "opsworks:UnassignInstance" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-18T15:56:17+00:00" }, "AWSOpsWorksRegisterCLI_OnPremises":{ "CreateDate":"2019-06-18T15:33:16+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "opsworks:AssignInstance", "opsworks:CreateLayer", "opsworks:DeregisterInstance", "opsworks:DescribeInstances", "opsworks:DescribeStackProvisioningParameters", "opsworks:DescribeStacks", "opsworks:UnassignInstance" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:CreateGroup", "iam:AddUserToGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:group/AWS/OpsWorks/OpsWorks-*" ] }, { "Action":[ "iam:CreateUser", "iam:CreateAccessKey" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" ] }, { "Action":[ "iam:AttachUserPolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":"arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-18T15:33:16+00:00" }, "AWSOpsWorks_FullAccess":{ "CreateDate":"2021-01-22T16:29:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:GetMetricStatistics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "iam:GetRolePolicy", "iam:ListInstanceProfiles", "iam:ListRoles", "iam:ListUsers", "opsworks:*" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"opsworks.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-22T16:29:08+00:00" }, "AWSOrganizationsFullAccess":{ "CreateDate":"2018-11-06T20:31:57+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":"organizations:*", "Effect":"Allow", "Resource":"*", "Sid":"AWSOrganizationsFullAccess" }, { "Action":[ "account:PutAlternateContact", "account:DeleteAlternateContact", "account:GetAlternateContact", "account:GetContactInformation", "account:PutContactInformation", "account:ListRegions", "account:EnableRegion", "account:DisableRegion" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSOrganizationsFullAccessAccount" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"organizations.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSOrganizationsFullAccessCreateSLR" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-06T17:49:01+00:00" }, "AWSOrganizationsReadOnlyAccess":{ "CreateDate":"2018-11-06T20:32:38+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "organizations:Describe*", "organizations:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSOrganizationsReadOnly" }, { "Action":[ "account:GetAlternateContact", "account:GetContactInformation", "account:ListRegions", "account:GetRegionOptStatus", "account:GetPrimaryEmail" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSOrganizationsReadOnlyAccount" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-07T21:32:16+00:00" }, "AWSOrganizationsServiceTrustPolicy":{ "CreateDate":"2017-10-10T23:04:07+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iam:DeleteRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/organizations.amazonaws.com/*" ], "Sid":"AllowDeletionOfServiceLinkedRoleForOrganizations" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowCreationOfServiceLinkedRoles" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-01T06:01:18+00:00" }, "AWSOutpostsAuthorizeServerPolicy":{ "CreateDate":"2023-01-04T19:23:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "outposts:StartConnection", "outposts:GetConnection" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-01-04T19:23:22+00:00" }, "AWSOutpostsServiceRolePolicy":{ "CreateDate":"2020-11-09T22:55:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-09T22:55:56+00:00" }, "AWSPCSServiceRolePolicy":{ "CreateDate":"2024-08-27T16:01:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "Null":{ "aws:RequestTag/AWSPCSManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"PermissionsToCreatePCSNetworkInterfaces" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"PermissionsToCreatePCSNetworkInterfacesInSubnet" }, { "Action":[ "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterfacePermission" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSPCSManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"PermissionsToManagePCSNetworkInterfaces" }, { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeNetworkInterfaces", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeKeyPairs", "ec2:DescribeImages", "ec2:DescribeImageAttribute" ], "Effect":"Allow", "Resource":"*", "Sid":"PermissionsToDescribePCSResources" }, { "Action":[ "ec2:CreateLaunchTemplate" ], "Condition":{ "Null":{ "aws:RequestTag/AWSPCSManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"PermissionsToCreatePCSLaunchTemplates" }, { "Action":[ "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:CreateLaunchTemplateVersion" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSPCSManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"PermissionsToManagePCSLaunchTemplates" }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSPCSManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"PermissionsToTerminatePCSManagedInstances" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*/AWSPCS*", "arn:aws:iam::*:role/AWSPCS*", "arn:aws:iam::*:role/aws-pcs/*", "arn:aws:iam::*:role/*/aws-pcs/*" ], "Sid":"PermissionsToPassRoleToEC2" }, { "Action":[ "ec2:RunInstances", "ec2:CreateFleet" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:placement-group/*", "arn:aws:ec2:*:*:capacity-reservation/*", "arn:aws:resource-groups:*:*:group/*", "arn:aws:ec2:*:*:fleet/*", "arn:aws:ec2:*:*:spot-instances-request/*" ], "Sid":"PermissionsToControlClusterInstanceAttributes" }, { "Action":[ "ec2:RunInstances", "ec2:CreateFleet" ], "Condition":{ "Null":{ "aws:RequestTag/AWSPCSManaged":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"PermissionsToProvisionClusterInstances" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "RunInstances", "CreateLaunchTemplate", "CreateFleet", "CreateNetworkInterface" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"PermissionsToTagPCSResources" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/PCS" } }, "Effect":"Allow", "Resource":"*", "Sid":"PermissionsToPublishMetrics" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:UpdateSecretVersionStage", "secretsmanager:DeleteSecret" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"pcs" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:pcs!*", "Sid":"PermissionsToManageSecret" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-27T16:01:15+00:00" }, "AWSPanoramaApplianceRolePolicy":{ "CreateDate":"2020-12-01T13:13:18+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", "Sid":"PanoramaDeviceCreateLogStream" }, { "Action":"logs:CreateLogGroup", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/panorama_device*", "Sid":"PanoramaDeviceCreateLogGroup" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T13:13:18+00:00" }, "AWSPanoramaApplianceServiceRolePolicy":{ "CreateDate":"2021-10-20T12:14:03+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/panorama/devices/*" ], "Sid":"PanoramaDeviceCreateLogStream" }, { "Action":"logs:CreateLogGroup", "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/panorama_device*", "arn:aws:logs:*:*:log-group:/aws/panorama/devices/*" ], "Sid":"PanoramaDeviceCreateLogGroup" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"PanoramaDeviceMetrics" } }, "Effect":"Allow", "Resource":"*", "Sid":"PanoramaDevicePutMetric" }, { "Action":[ "s3:GetObject", "s3:ListBucket", "s3:GetObjectVersion" ], "Condition":{ "ArnLike":{ "s3:DataAccessPointArn":"arn:aws:s3:*:*:accesspoint/panorama*" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*-nodepackage-store-*", "arn:aws:s3:::*-application-payload-store-*", "arn:aws:s3:*:*:accesspoint/panorama*" ], "Sid":"PanoramaDeviceS3Access" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-10T20:06:11+00:00" }, "AWSPanoramaFullAccess":{ "CreateDate":"2020-12-01T13:12:47+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "panorama:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:PutObject", "s3:PutObjectAcl", "s3:DeleteObject", "s3:GetObject", "s3:ListBucket" ], "Condition":{ "ArnLike":{ "s3:DataAccessPointArn":"arn:aws:s3:*:*:accesspoint/panorama*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds", "secretsmanager:PutSecretValue", "secretsmanager:UpdateSecret" ], "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:panorama*", "arn:aws:secretsmanager:*:*:secret:Panorama*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"panorama.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:Describe*", "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:TestMetricFilter", "logs:FilterLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/panorama/devices/*" ] }, { "Action":[ "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:*" ] }, { "Action":[ "cloudwatch:ListMetrics", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:ListRoles", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"panorama.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-10T20:36:08+00:00" }, "AWSPanoramaGreengrassGroupRolePolicy":{ "CreateDate":"2020-12-01T13:10:22+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:ListBucket", "s3:GetBucket*", "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*aws-panorama*" ], "Sid":"PanoramaS3Access" }, { "Action":"cloudwatch:PutDashboard", "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch::*:dashboard/panorama*" ], "Sid":"PanoramaCLoudWatchPutDashboard" }, { "Action":"cloudwatch:PutMetricData", "Effect":"Allow", "Resource":"*", "Sid":"PanoramaCloudWatchPutMetricData" }, { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/greengrass/*", "Sid":"PanoramaGreenGrassCloudWatchAccess" }, { "Action":[ "panorama:*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PanoramaAccess" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-06T19:30:35+00:00" }, "AWSPanoramaSageMakerRolePolicy":{ "CreateDate":"2020-12-01T13:13:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:PutObject", "s3:GetBucket*" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*aws-panorama*" ], "Sid":"PanoramaSageMakerS3Access" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T13:13:54+00:00" }, "AWSPanoramaServiceLinkedRolePolicy":{ "CreateDate":"2021-10-20T12:12:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot:CreateThing", "iot:DeleteThing", "iot:DeleteThingShadow", "iot:DescribeThing", "iot:GetThingShadow", "iot:UpdateThing", "iot:UpdateThingShadow" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/panorama*" ], "Sid":"PanoramaIoTThingAccess" }, { "Action":[ "iot:AttachThingPrincipal", "iot:DetachThingPrincipal", "iot:UpdateCertificate", "iot:DeleteCertificate", "iot:AttachPrincipalPolicy", "iot:DetachPrincipalPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/panorama*", "arn:aws:iot:*:*:cert/*" ], "Sid":"PanoramaIoTCertificateAccess" }, { "Action":[ "iot:CreateKeysAndCertificate" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PanoramaIoTCreateCertificateAccess" }, { "Action":[ "iot:CreatePolicy", "iot:CreatePolicyVersion", "iot:AttachPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:policy/panorama*" ], "Sid":"PanoramaIoTCreatePolicyAndVersionAccess" }, { "Action":[ "iot:DescribeJobExecution", "iot:CreateJob", "iot:DeleteJob" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:job/panorama*", "arn:aws:iot:*:*:thing/panorama*" ], "Sid":"PanoramaIoTJobAccess" }, { "Action":[ "iot:DescribeEndpoint" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PanoramaIoTEndpointAccess" }, { "Action":[ "panorama:Describe*", "panorama:List*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PanoramaReadOnlyAccess" }, { "Action":[ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:CreateSecret", "secretsmanager:ListSecretVersionIds", "secretsmanager:DeleteSecret" ], "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:panorama*", "arn:aws:secretsmanager:*:*:secret:Panorama*" ], "Sid":"SecretsManagerPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-10-20T12:12:50+00:00" }, "AWSPanoramaServiceRolePolicy":{ "CreateDate":"2020-12-01T13:14:43+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iot:CreateThing", "iot:DeleteThing", "iot:DeleteThingShadow", "iot:DescribeThing", "iot:GetThingShadow", "iot:UpdateThing", "iot:UpdateThingShadow" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/panorama*" ], "Sid":"PanoramaIoTThingAccess" }, { "Action":[ "iot:AttachThingPrincipal", "iot:DetachThingPrincipal", "iot:UpdateCertificate", "iot:DeleteCertificate", "iot:AttachPrincipalPolicy", "iot:DetachPrincipalPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:thing/panorama*", "arn:aws:iot:*:*:cert/*" ], "Sid":"PanoramaIoTCertificateAccess" }, { "Action":[ "iot:CreateKeysAndCertificate", "iot:CreatePolicy" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PanoramaIoTCreateCertificateAndPolicyAccess" }, { "Action":[ "iot:CreatePolicyVersion" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:policy/panorama*" ], "Sid":"PanoramaIoTCreatePolicyVersionAccess" }, { "Action":[ "iot:DescribeJobExecution", "iot:CreateJob", "iot:DeleteJob" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:job/panorama*", "arn:aws:iot:*:*:thing/panorama*" ], "Sid":"PanoramaIoTJobAccess" }, { "Action":[ "iot:DescribeEndpoint" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PanoramaIoTEndpointAccess" }, { "Action":[ "panorama:Describe*", "panorama:List*", "panorama:Get*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PanoramaAccess" }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:DeleteBucket", "s3:ListBucket", "s3:GetBucket*", "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*aws-panorama*" ], "Sid":"PanoramaS3Access" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "sagemaker.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSPanoramaSageMakerRole", "arn:aws:iam::*:role/service-role/AWSPanoramaSageMakerRole" ], "Sid":"PanoramaIAMPassSageMakerRoleAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "greengrass.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSPanoramaGreengrassGroupRole", "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassGroupRole", "arn:aws:iam::*:role/AWSPanoramaGreengrassRole", "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassRole" ], "Sid":"PanoramaIAMPassGreengrassRoleAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEqualsIfExists":{ "iam:PassedToService":"iot.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSPanoramaApplianceRole", "arn:aws:iam::*:role/service-role/AWSPanoramaApplianceRole" ], "Sid":"PanoramaIAMPassIoTRoleAccess" }, { "Action":[ "greengrass:AssociateRoleToGroup", "greengrass:AssociateServiceRoleToAccount", "greengrass:CreateResourceDefinition", "greengrass:CreateResourceDefinitionVersion", "greengrass:CreateCoreDefinition", "greengrass:CreateCoreDefinitionVersion", "greengrass:CreateDeployment", "greengrass:CreateFunctionDefinition", "greengrass:CreateFunctionDefinitionVersion", "greengrass:CreateGroup", "greengrass:CreateGroupCertificateAuthority", "greengrass:CreateGroupVersion", "greengrass:CreateLoggerDefinition", "greengrass:CreateLoggerDefinitionVersion", "greengrass:CreateSubscriptionDefinition", "greengrass:CreateSubscriptionDefinitionVersion", "greengrass:DeleteCoreDefinition", "greengrass:DeleteFunctionDefinition", "greengrass:DeleteResourceDefinition", "greengrass:DeleteGroup", "greengrass:DeleteLoggerDefinition", "greengrass:DeleteSubscriptionDefinition", "greengrass:DisassociateRoleFromGroup", "greengrass:DisassociateServiceRoleFromAccount", "greengrass:GetAssociatedRole", "greengrass:GetConnectivityInfo", "greengrass:GetCoreDefinition", "greengrass:GetCoreDefinitionVersion", "greengrass:GetDeploymentStatus", "greengrass:GetDeviceDefinition", "greengrass:GetDeviceDefinitionVersion", "greengrass:GetFunctionDefinition", "greengrass:GetFunctionDefinitionVersion", "greengrass:GetGroup", "greengrass:GetGroupCertificateAuthority", "greengrass:GetGroupCertificateConfiguration", "greengrass:GetGroupVersion", "greengrass:GetLoggerDefinition", "greengrass:GetLoggerDefinitionVersion", "greengrass:GetResourceDefinition", "greengrass:GetServiceRoleForAccount", "greengrass:GetSubscriptionDefinition", "greengrass:GetSubscriptionDefinitionVersion", "greengrass:ListCoreDefinitionVersions", "greengrass:ListCoreDefinitions", "greengrass:ListDeployments", "greengrass:ListDeviceDefinitionVersions", "greengrass:ListDeviceDefinitions", "greengrass:ListFunctionDefinitionVersions", "greengrass:ListFunctionDefinitions", "greengrass:ListGroupCertificateAuthorities", "greengrass:ListGroupVersions", "greengrass:ListGroups", "greengrass:ListLoggerDefinitionVersions", "greengrass:ListLoggerDefinitions", "greengrass:ListSubscriptionDefinitionVersions", "greengrass:ListSubscriptionDefinitions", "greengrass:ResetDeployments", "greengrass:UpdateConnectivityInfo", "greengrass:UpdateCoreDefinition", "greengrass:UpdateDeviceDefinition", "greengrass:UpdateFunctionDefinition", "greengrass:UpdateGroup", "greengrass:UpdateGroupCertificateConfiguration", "greengrass:UpdateLoggerDefinition", "greengrass:UpdateSubscriptionDefinition", "greengrass:UpdateResourceDefinition" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PanoramaGreenGrassAccess" }, { "Action":[ "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:ListFunctions", "lambda:ListVersionsByFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:*" ], "Sid":"PanoramaLambdaUsersFunctionAccess" }, { "Action":[ "sagemaker:CreateTrainingJob", "sagemaker:StopTrainingJob", "sagemaker:CreateCompilationJob", "sagemaker:DescribeCompilationJob", "sagemaker:StopCompilationJob" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:training-job/panorama*", "arn:aws:sagemaker:*:*:compilation-job/panorama*" ], "Sid":"PanoramaSageMakerWriteAccess" }, { "Action":[ "sagemaker:ListCompilationJobs" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PanoramaSageMakerListAccess" }, { "Action":[ "sagemaker:DescribeTrainingJob" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:training-job/*" ], "Sid":"PanoramaSageMakerReadAccess" }, { "Action":[ "iot:AttachPolicy", "iot:CreateRoleAlias" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:policy/panorama*", "arn:aws:iot:*:*:rolealias/panorama*" ], "Sid":"PanoramaCWLogsAccess" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T13:14:43+00:00" }, "AWSPartnerCentralFullAccess":{ "CreateDate":"2024-11-18T23:33:28+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"partnercentral-account-management.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/PartnerCentralRoleFor*", "Sid":"PassAWSPartnerCentralRole" }, { "Action":[ "iam:ListRoles", "Partnercentral-account-management:AssociatePartnerUser", "Partnercentral-account-management:DisassociatePartnerUser" ], "Effect":"Allow", "Resource":"*", "Sid":"PartnerUserRoleAssociation" }, { "Action":[ "partnercentral:*" ], "Condition":{ "StringEquals":{ "partnercentral:Catalog":[ "AWS", "Sandbox" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSPartnerCentralAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"resource-snapshot-job.partnercentral-selling.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*" ], "Sid":"PassAWSPartnerCentralSnapshotJobRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-10T18:21:17+00:00" }, "AWSPartnerCentralOpportunityManagement":{ "CreateDate":"2024-11-14T19:09:05+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "partnercentral:AcceptEngagementInvitation", "partnercentral:AssignOpportunity", "partnercentral:AssociateOpportunity", "partnercentral:CreateEngagement", "partnercentral:CreateEngagementInvitation", "partnercentral:CreateOpportunity", "partnercentral:CreateResourceSnapshot", "partnercentral:CreateResourceSnapshotJob", "partnercentral:DeleteResourceSnapshotJob", "partnercentral:DisassociateOpportunity", "partnercentral:GetAwsOpportunitySummary", "partnercentral:GetEngagement", "partnercentral:GetEngagementInvitation", "partnercentral:GetOpportunity", "partnercentral:GetResourceSnapshot", "partnercentral:GetResourceSnapshotJob", "partnercentral:ListEngagementByAcceptingInvitationTasks", "partnercentral:ListEngagementFromOpportunityTasks", "partnercentral:ListEngagementInvitations", "partnercentral:ListEngagementMembers", "partnercentral:ListEngagementResourceAssociations", "partnercentral:ListEngagements", "partnercentral:ListOpportunities", "partnercentral:ListResourceSnapshotJobs", "partnercentral:ListResourceSnapshots", "partnercentral:ListSolutions", "partnercentral:RejectEngagementInvitation", "partnercentral:StartEngagementByAcceptingInvitationTask", "partnercentral:StartEngagementFromOpportunityTask", "partnercentral:StartResourceSnapshotJob", "partnercentral:StopResourceSnapshotJob", "partnercentral:SubmitOpportunity", "partnercentral:UpdateOpportunity" ], "Effect":"Allow", "Resource":"*", "Sid":"OpportunityManagement" }, { "Action":[ "aws-marketplace:ListEntities" ], "Effect":"Allow", "Resource":"*", "Sid":"ListingAWSMarketplaceEntities" }, { "Action":[ "aws-marketplace:DescribeEntity" ], "Effect":"Allow", "Resource":[ "arn:aws:aws-marketplace:*:*:AWSMarketplace/Offer/*" ], "Sid":"AWSMarketplaceOffersAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-04T23:06:07+00:00" }, "AWSPartnerCentralSandboxFullAccess":{ "CreateDate":"2024-11-14T19:10:37+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "partnercentral:*" ], "Condition":{ "StringEquals":{ "partnercentral:Catalog":"Sandbox" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSPartnerCentralSandboxAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"resource-snapshot-job.partnercentral-selling.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*" ], "Sid":"PassAWSPartnerCentralSnapshotJobRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-10T18:21:19+00:00" }, "AWSPartnerCentralSellingResourceSnapshotJobExecutionRolePolicy":{ "CreateDate":"2024-12-10T18:21:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "partnercentral:CreateResourceSnapshot" ], "Effect":"Allow", "Resource":[ "arn:aws:partnercentral:*::catalog/AWS/engagement/*", "arn:aws:partnercentral:*::catalog/Sandbox/engagement/*" ] }, { "Action":[ "partnercentral:GetOpportunity" ], "Effect":"Allow", "Resource":[ "arn:aws:partnercentral:*:*:catalog/AWS/opportunity/*", "arn:aws:partnercentral:*:*:catalog/Sandbox/opportunity/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-10T18:21:15+00:00" }, "AWSPartnerLedSupportReadOnlyAccess":{ "CreateDate":"2024-11-22T20:06:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/account", "arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*", "arn:aws:apigateway:*::/apis/*/authorizers", "arn:aws:apigateway:*::/apis/*/authorizers/*", "arn:aws:apigateway:*::/apis/*/deployments", "arn:aws:apigateway:*::/apis/*/deployments/*", "arn:aws:apigateway:*::/apis/*/integrations", "arn:aws:apigateway:*::/apis/*/integrations/*", "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", "arn:aws:apigateway:*::/apis/*/models", "arn:aws:apigateway:*::/apis/*/models/*", "arn:aws:apigateway:*::/apis/*/routes", "arn:aws:apigateway:*::/apis/*/routes/*", "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*", "arn:aws:apigateway:*::/clientcertificates", "arn:aws:apigateway:*::/clientcertificates/*", "arn:aws:apigateway:*::/domainnames", "arn:aws:apigateway:*::/domainnames/*", "arn:aws:apigateway:*::/domainnames/*/apimappings", "arn:aws:apigateway:*::/domainnames/*/apimappings/*", "arn:aws:apigateway:*::/domainnames/*/basepathmappings", "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/restapis/*/authorizers", "arn:aws:apigateway:*::/restapis/*/authorizers/*", "arn:aws:apigateway:*::/restapis/*/deployments", "arn:aws:apigateway:*::/restapis/*/deployments/*", "arn:aws:apigateway:*::/restapis/*/models", "arn:aws:apigateway:*::/restapis/*/models/*", "arn:aws:apigateway:*::/restapis/*/models/*/default_template", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/resources/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/usageplans", "arn:aws:apigateway:*::/usageplans/*", "arn:aws:apigateway:*::/vpclinks", "arn:aws:apigateway:*::/vpclinks/*" ] }, { "Action":[ "acm-pca:describeCertificateAuthority", "acm-pca:describeCertificateAuthorityAuditReport", "acm-pca:getCertificate", "acm-pca:getCertificateAuthorityCertificate", "acm-pca:getCertificateAuthorityCsr", "acm-pca:listCertificateAuthorities", "acm-pca:listTags", "acm:describeCertificate", "acm:getAccountConfiguration", "acm:getCertificate", "acm:listCertificates", "acm:listTagsForCertificate", "athena:batchGetNamedQuery", "athena:batchGetQueryExecution", "athena:getCalculationExecution", "athena:getCalculationExecutionStatus", "athena:getDataCatalog", "athena:getNamedQuery", "athena:getNotebookMetadata", "athena:getQueryExecution", "athena:getQueryRuntimeStatistics", "athena:getSession", "athena:getSessionStatus", "athena:getWorkGroup", "athena:listApplicationDPUSizes", "athena:listCalculationExecutions", "athena:listDataCatalogs", "athena:listEngineVersions", "athena:listExecutors", "athena:listNamedQueries", "athena:listNotebookMetadata", "athena:listNotebookSessions", "athena:listQueryExecutions", "athena:listSessions", "athena:listTagsForResource", "athena:listWorkGroups", "backup-gateway:getGateway", "backup-gateway:getHypervisor", "backup-gateway:getHypervisorPropertyMappings", "backup-gateway:getVirtualMachine", "backup-gateway:listGateways", "backup-gateway:listHypervisors", "backup-gateway:listVirtualMachines", "backup:describeBackupJob", "backup:describeBackupVault", "backup:describeCopyJob", "backup:describeFramework", "backup:describeGlobalSettings", "backup:describeProtectedResource", "backup:describeRecoveryPoint", "backup:describeRegionSettings", "backup:describeReportJob", "backup:describeReportPlan", "backup:describeRestoreJob", "backup:getBackupPlan", "backup:getBackupPlanFromJSON", "backup:getBackupPlanFromTemplate", "backup:getBackupSelection", "backup:getBackupVaultAccessPolicy", "backup:getBackupVaultNotifications", "backup:getLegalHold", "backup:getRecoveryPointRestoreMetadata", "backup:getRestoreJobMetadata", "backup:getRestoreTestingInferredMetadata", "backup:getRestoreTestingPlan", "backup:getRestoreTestingSelection", "backup:getSupportedResourceTypes", "backup:listBackupJobs", "backup:listBackupPlanTemplates", "backup:listBackupPlanVersions", "backup:listBackupPlans", "backup:listBackupSelections", "backup:listBackupVaults", "backup:listCopyJobs", "backup:listFrameworks", "backup:listLegalHolds", "backup:listProtectedResources", "backup:listRecoveryPointsByBackupVault", "backup:listRecoveryPointsByLegalHold", "backup:listRecoveryPointsByResource", "backup:listReportJobs", "backup:listReportPlans", "backup:listRestoreJobs", "backup:listRestoreJobsByProtectedResource", "backup:listRestoreTestingPlans", "backup:listRestoreTestingSelections", "backup:listTags", "cloudformation:batchDescribeTypeConfigurations", "cloudformation:describeAccountLimits", "cloudformation:describeChangeSet", "cloudformation:describeChangeSetHooks", "cloudformation:describePublisher", "cloudformation:describeStackEvents", "cloudformation:describeStackInstance", "cloudformation:describeStackResource", "cloudformation:describeStackResources", "cloudformation:describeStackSet", "cloudformation:describeStackSetOperation", "cloudformation:describeStacks", "cloudformation:describeType", "cloudformation:describeTypeRegistration", "cloudformation:estimateTemplateCost", "cloudformation:getStackPolicy", "cloudformation:getTemplate", "cloudformation:getTemplateSummary", "cloudformation:listChangeSets", "cloudformation:listExports", "cloudformation:listImports", "cloudformation:listStackInstances", "cloudformation:listStackResources", "cloudformation:listStackSetOperationResults", "cloudformation:listStackSetOperations", "cloudformation:listStackSets", "cloudformation:listStacks", "cloudformation:listTypeRegistrations", "cloudformation:listTypeVersions", "cloudformation:listTypes", "cloudfront:describeFunction", "cloudfront:getCachePolicy", "cloudfront:getCachePolicyConfig", "cloudfront:getCloudFrontOriginAccessIdentity", "cloudfront:getCloudFrontOriginAccessIdentityConfig", "cloudfront:getContinuousDeploymentPolicy", "cloudfront:getContinuousDeploymentPolicyConfig", "cloudfront:getDistribution", "cloudfront:getDistributionConfig", "cloudfront:getInvalidation", "cloudfront:getKeyGroup", "cloudfront:getKeyGroupConfig", "cloudfront:getMonitoringSubscription", "cloudfront:getOriginAccessControl", "cloudfront:getOriginAccessControlConfig", "cloudfront:getOriginRequestPolicy", "cloudfront:getOriginRequestPolicyConfig", "cloudfront:getPublicKey", "cloudfront:getPublicKeyConfig", "cloudfront:getRealtimeLogConfig", "cloudfront:getResponseHeadersPolicy", "cloudfront:getResponseHeadersPolicyConfig", "cloudfront:getStreamingDistribution", "cloudfront:getStreamingDistributionConfig", "cloudfront:listCachePolicies", "cloudfront:listCloudFrontOriginAccessIdentities", "cloudfront:listContinuousDeploymentPolicies", "cloudfront:listDistributions", "cloudfront:listDistributionsByCachePolicyId", "cloudfront:listDistributionsByKeyGroup", "cloudfront:listDistributionsByOriginRequestPolicyId", "cloudfront:listDistributionsByRealtimeLogConfig", "cloudfront:listDistributionsByResponseHeadersPolicyId", "cloudfront:listDistributionsByWebACLId", "cloudfront:listFunctions", "cloudfront:listInvalidations", "cloudfront:listKeyGroups", "cloudfront:listOriginAccessControls", "cloudfront:listOriginRequestPolicies", "cloudfront:listPublicKeys", "cloudfront:listRealtimeLogConfigs", "cloudfront:listResponseHeadersPolicies", "cloudfront:listStreamingDistributions", "cloudtrail:describeTrails", "cloudtrail:getEventSelectors", "cloudtrail:lookupEvents", "cloudwatch:describeAlarmHistory", "cloudwatch:describeAlarms", "cloudwatch:describeAlarmsForMetric", "cloudwatch:describeAnomalyDetectors", "cloudwatch:describeInsightRules", "cloudwatch:getDashboard", "cloudwatch:getInsightRuleReport", "cloudwatch:getMetricData", "cloudwatch:getMetricStatistics", "cloudwatch:getMetricStream", "cloudwatch:listDashboards", "cloudwatch:listManagedInsightRules", "cloudwatch:listMetricStreams", "cloudwatch:listMetrics", "codepipeline:getPipeline", "codepipeline:getPipelineState", "codepipeline:listActionTypes", "codepipeline:listPipelineExecutions", "codepipeline:listPipelines", "cognito-identity:describeIdentityPool", "cognito-identity:getIdentityPoolRoles", "cognito-identity:listIdentities", "cognito-identity:listIdentityPools", "cognito-idp:describeIdentityProvider", "cognito-idp:describeResourceServer", "cognito-idp:describeRiskConfiguration", "cognito-idp:describeUserImportJob", "cognito-idp:describeUserPool", "cognito-idp:describeUserPoolClient", "cognito-idp:describeUserPoolDomain", "cognito-idp:getGroup", "cognito-idp:getUICustomization", "cognito-idp:getUserPoolMfaConfig", "cognito-idp:listGroups", "cognito-idp:listIdentityProviders", "cognito-idp:listResourceServers", "cognito-idp:listUserImportJobs", "cognito-idp:listUserPoolClients", "cognito-idp:listUserPools", "cognito-sync:describeDataset", "cognito-sync:describeIdentityPoolUsage", "cognito-sync:describeIdentityUsage", "cognito-sync:getCognitoEvents", "cognito-sync:getIdentityPoolConfiguration", "cognito-sync:listDatasets", "cognito-sync:listIdentityPoolUsage", "connect:describeContact", "connect:describePhoneNumber", "connect:describeQuickConnect", "connect:describeUser", "connect:getCurrentMetricData", "connect:getMetricData", "connect:listContactEvaluations", "connect:listEvaluationFormVersions", "connect:listEvaluationForms", "connect:listPhoneNumbersV2", "connect:listQuickConnects", "connect:listRoutingProfiles", "connect:listSecurityProfiles", "connect:listUsers", "connect:listViewVersions", "connect:listViews", "directconnect:describeConnectionLoa", "directconnect:describeConnections", "directconnect:describeConnectionsOnInterconnect", "directconnect:describeCustomerMetadata", "directconnect:describeDirectConnectGatewayAssociationProposals", "directconnect:describeDirectConnectGatewayAssociations", "directconnect:describeDirectConnectGatewayAttachments", "directconnect:describeDirectConnectGateways", "directconnect:describeHostedConnections", "directconnect:describeInterconnectLoa", "directconnect:describeInterconnects", "directconnect:describeLags", "directconnect:describeLoa", "directconnect:describeLocations", "directconnect:describeRouterConfiguration", "directconnect:describeVirtualGateways", "directconnect:describeVirtualInterfaces", "dms:describeAccountAttributes", "dms:describeApplicableIndividualAssessments", "dms:describeConnections", "dms:describeEndpointSettings", "dms:describeEndpointTypes", "dms:describeEndpoints", "dms:describeEventCategories", "dms:describeEventSubscriptions", "dms:describeEvents", "dms:describeFleetAdvisorCollectors", "dms:describeFleetAdvisorDatabases", "dms:describeFleetAdvisorLsaAnalysis", "dms:describeFleetAdvisorSchemaObjectSummary", "dms:describeFleetAdvisorSchemas", "dms:describeOrderableReplicationInstances", "dms:describePendingMaintenanceActions", "dms:describeRefreshSchemasStatus", "dms:describeReplicationInstanceTaskLogs", "dms:describeReplicationInstances", "dms:describeReplicationSubnetGroups", "dms:describeReplicationTaskAssessmentResults", "dms:describeReplicationTaskAssessmentRuns", "dms:describeReplicationTaskIndividualAssessments", "dms:describeReplicationTasks", "dms:describeSchemas", "dms:describeTableStatistics", "ds:describeClientAuthenticationSettings", "ds:describeConditionalForwarders", "ds:describeDirectories", "ds:describeDomainControllers", "ds:describeEventTopics", "ds:describeLDAPSSettings", "ds:describeSharedDirectories", "ds:describeSnapshots", "ds:describeTrusts", "ds:getDirectoryLimits", "ds:getSnapshotLimits", "ds:listIpRoutes", "ds:listSchemaExtensions", "ds:listTagsForResource", "ec2:describeAccountAttributes", "ec2:describeAddressTransfers", "ec2:describeAddresses", "ec2:describeAddressesAttribute", "ec2:describeAggregateIdFormat", "ec2:describeAvailabilityZones", "ec2:describeBundleTasks", "ec2:describeByoipCidrs", "ec2:describeCapacityReservationFleets", "ec2:describeCapacityReservations", "ec2:describeCarrierGateways", "ec2:describeClassicLinkInstances", "ec2:describeClientVpnAuthorizationRules", "ec2:describeClientVpnConnections", "ec2:describeClientVpnEndpoints", "ec2:describeClientVpnRoutes", "ec2:describeClientVpnTargetNetworks", "ec2:describeCoipPools", "ec2:describeConversionTasks", "ec2:describeCustomerGateways", "ec2:describeDhcpOptions", "ec2:describeEgressOnlyInternetGateways", "ec2:describeExportImageTasks", "ec2:describeExportTasks", "ec2:describeFastLaunchImages", "ec2:describeFastSnapshotRestores", "ec2:describeFleetHistory", "ec2:describeFleetInstances", "ec2:describeFleets", "ec2:describeFlowLogs", "ec2:describeFpgaImageAttribute", "ec2:describeFpgaImages", "ec2:describeHostReservationOfferings", "ec2:describeHostReservations", "ec2:describeHosts", "ec2:describeIamInstanceProfileAssociations", "ec2:describeIdFormat", "ec2:describeIdentityIdFormat", "ec2:describeImageAttribute", "ec2:describeImages", "ec2:describeImportImageTasks", "ec2:describeImportSnapshotTasks", "ec2:describeInstanceAttribute", "ec2:describeInstanceCreditSpecifications", "ec2:describeInstanceEventNotificationAttributes", "ec2:describeInstanceEventWindows", "ec2:describeInstanceStatus", "ec2:describeInstanceTypeOfferings", "ec2:describeInstanceTypes", "ec2:describeInstances", "ec2:describeInternetGateways", "ec2:describeIpamPools", "ec2:describeIpamScopes", "ec2:describeIpams", "ec2:describeIpv6Pools", "ec2:describeKeyPairs", "ec2:describeLaunchTemplateVersions", "ec2:describeLaunchTemplates", "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:describeLocalGatewayRouteTableVpcAssociations", "ec2:describeLocalGatewayRouteTables", "ec2:describeLocalGatewayVirtualInterfaceGroups", "ec2:describeLocalGatewayVirtualInterfaces", "ec2:describeLocalGateways", "ec2:describeManagedPrefixLists", "ec2:describeMovingAddresses", "ec2:describeNatGateways", "ec2:describeNetworkAcls", "ec2:describeNetworkInterfaceAttribute", "ec2:describeNetworkInterfaces", "ec2:describePlacementGroups", "ec2:describePrefixLists", "ec2:describePrincipalIdFormat", "ec2:describePublicIpv4Pools", "ec2:describeRegions", "ec2:describeReservedInstances", "ec2:describeReservedInstancesListings", "ec2:describeReservedInstancesModifications", "ec2:describeReservedInstancesOfferings", "ec2:describeRouteTables", "ec2:describeScheduledInstanceAvailability", "ec2:describeScheduledInstances", "ec2:describeSecurityGroupReferences", "ec2:describeSecurityGroupRules", "ec2:describeSecurityGroups", "ec2:describeSnapshotAttribute", "ec2:describeSnapshotTierStatus", "ec2:describeSnapshots", "ec2:describeSpotDatafeedSubscription", "ec2:describeSpotFleetInstances", "ec2:describeSpotFleetRequestHistory", "ec2:describeSpotFleetRequests", "ec2:describeSpotInstanceRequests", "ec2:describeSpotPriceHistory", "ec2:describeStaleSecurityGroups", "ec2:describeStoreImageTasks", "ec2:describeSubnets", "ec2:describeTags", "ec2:describeTrafficMirrorFilters", "ec2:describeTrafficMirrorSessions", "ec2:describeTrafficMirrorTargets", "ec2:describeTransitGatewayAttachments", "ec2:describeTransitGatewayConnectPeers", "ec2:describeTransitGatewayMulticastDomains", "ec2:describeTransitGatewayPeeringAttachments", "ec2:describeTransitGatewayPolicyTables", "ec2:describeTransitGatewayRouteTableAnnouncements", "ec2:describeTransitGatewayRouteTables", "ec2:describeTransitGatewayVpcAttachments", "ec2:describeTransitGateways", "ec2:describeVerifiedAccessEndpoints", "ec2:describeVerifiedAccessGroups", "ec2:describeVerifiedAccessInstances", "ec2:describeVerifiedAccessTrustProviders", "ec2:describeVolumeAttribute", "ec2:describeVolumeStatus", "ec2:describeVolumes", "ec2:describeVolumesModifications", "ec2:describeVpcAttribute", "ec2:describeVpcClassicLink", "ec2:describeVpcClassicLinkDnsSupport", "ec2:describeVpcEndpointConnectionNotifications", "ec2:describeVpcEndpointConnections", "ec2:describeVpcEndpointServiceConfigurations", "ec2:describeVpcEndpointServicePermissions", "ec2:describeVpcEndpointServices", "ec2:describeVpcEndpoints", "ec2:describeVpcPeeringConnections", "ec2:describeVpcs", "ec2:describeVpnConnections", "ec2:describeVpnGateways", "ec2:getAssociatedIpv6PoolCidrs", "ec2:getCapacityReservationUsage", "ec2:getCoipPoolUsage", "ec2:getConsoleOutput", "ec2:getConsoleScreenshot", "ec2:getDefaultCreditSpecification", "ec2:getEbsDefaultKmsKeyId", "ec2:getEbsEncryptionByDefault", "ec2:getGroupsForCapacityReservation", "ec2:getHostReservationPurchasePreview", "ec2:getInstanceTypesFromInstanceRequirements", "ec2:getIpamAddressHistory", "ec2:getIpamPoolAllocations", "ec2:getIpamPoolCidrs", "ec2:getIpamResourceCidrs", "ec2:getLaunchTemplateData", "ec2:getManagedPrefixListAssociations", "ec2:getManagedPrefixListEntries", "ec2:getReservedInstancesExchangeQuote", "ec2:getSerialConsoleAccessStatus", "ec2:getSpotPlacementScores", "ec2:getSubnetCidrReservations", "ec2:getTransitGatewayMulticastDomainAssociations", "ec2:getTransitGatewayPrefixListReferences", "ec2:getVerifiedAccessEndpointPolicy", "ec2:getVerifiedAccessGroupPolicy", "ec2:listImagesInRecycleBin", "ec2:listSnapshotsInRecycleBin", "ec2:searchLocalGatewayRoutes", "ec2:searchTransitGatewayMulticastGroups", "ec2:searchTransitGatewayRoutes", "ecs:describeCapacityProviders", "ecs:describeClusters", "ecs:describeContainerInstances", "ecs:describeServices", "ecs:describeTaskDefinition", "ecs:describeTaskSets", "ecs:describeTasks", "ecs:getTaskProtection", "ecs:listAccountSettings", "ecs:listAttributes", "ecs:listClusters", "ecs:listContainerInstances", "ecs:listServices", "ecs:listServicesByNamespace", "ecs:listTagsForResource", "ecs:listTaskDefinitionFamilies", "ecs:listTaskDefinitions", "ecs:listTasks", "eks:describeAccessEntry", "eks:describeAddon", "eks:describeAddonConfiguration", "eks:describeAddonVersions", "eks:describeCluster", "eks:describeEksAnywhereSubscription", "eks:describeFargateProfile", "eks:describeIdentityProviderConfig", "eks:describeNodegroup", "eks:describePodIdentityAssociation", "eks:describeUpdate", "eks:listAccessEntries", "eks:listAccessPolicies", "eks:listAddons", "eks:listAssociatedAccessPolicies", "eks:listClusters", "eks:listEksAnywhereSubscriptions", "eks:listFargateProfiles", "eks:listIdentityProviderConfigs", "eks:listNodegroups", "eks:listPodIdentityAssociations", "eks:listUpdates", "elasticache:describeCacheClusters", "elasticache:describeCacheEngineVersions", "elasticache:describeCacheParameterGroups", "elasticache:describeCacheParameters", "elasticache:describeCacheSecurityGroups", "elasticache:describeCacheSubnetGroups", "elasticache:describeEngineDefaultParameters", "elasticache:describeEvents", "elasticache:describeGlobalReplicationGroups", "elasticache:describeReplicationGroups", "elasticache:describeReservedCacheNodes", "elasticache:describeReservedCacheNodesOfferings", "elasticache:describeServerlessCacheSnapshots", "elasticache:describeServerlessCaches", "elasticache:describeServiceUpdates", "elasticache:describeSnapshots", "elasticache:describeUpdateActions", "elasticache:describeUserGroups", "elasticache:describeUsers", "elasticache:listAllowedNodeTypeModifications", "elasticache:listTagsForResource", "elasticbeanstalk:checkDNSAvailability", "elasticbeanstalk:describeAccountAttributes", "elasticbeanstalk:describeApplicationVersions", "elasticbeanstalk:describeApplications", "elasticbeanstalk:describeConfigurationOptions", "elasticbeanstalk:describeEnvironmentHealth", "elasticbeanstalk:describeEnvironmentManagedActionHistory", "elasticbeanstalk:describeEnvironmentManagedActions", "elasticbeanstalk:describeEnvironmentResources", "elasticbeanstalk:describeEnvironments", "elasticbeanstalk:describeEvents", "elasticbeanstalk:describeInstancesHealth", "elasticbeanstalk:describePlatformVersion", "elasticbeanstalk:listAvailableSolutionStacks", "elasticbeanstalk:listPlatformBranches", "elasticbeanstalk:listPlatformVersions", "elasticbeanstalk:validateConfigurationSettings", "elasticfilesystem:describeAccessPoints", "elasticfilesystem:describeFileSystemPolicy", "elasticfilesystem:describeFileSystems", "elasticfilesystem:describeLifecycleConfiguration", "elasticfilesystem:describeMountTargetSecurityGroups", "elasticfilesystem:describeMountTargets", "elasticfilesystem:describeTags", "elasticfilesystem:listTagsForResource", "elasticloadbalancing:describeAccountLimits", "elasticloadbalancing:describeInstanceHealth", "elasticloadbalancing:describeListenerCertificates", "elasticloadbalancing:describeListeners", "elasticloadbalancing:describeLoadBalancerAttributes", "elasticloadbalancing:describeLoadBalancerPolicies", "elasticloadbalancing:describeLoadBalancerPolicyTypes", "elasticloadbalancing:describeLoadBalancers", "elasticloadbalancing:describeRules", "elasticloadbalancing:describeSSLPolicies", "elasticloadbalancing:describeTags", "elasticloadbalancing:describeTargetGroupAttributes", "elasticloadbalancing:describeTargetGroups", "elasticloadbalancing:describeTargetHealth", "elasticloadbalancing:describeTrustStoreAssociations", "elasticloadbalancing:describeTrustStoreRevocations", "elasticloadbalancing:describeTrustStores", "emr-containers:describeJobRun", "emr-containers:describeJobTemplate", "emr-containers:describeManagedEndpoint", "emr-containers:describeVirtualCluster", "emr-containers:listJobRuns", "emr-containers:listJobTemplates", "emr-containers:listManagedEndpoints", "emr-containers:listVirtualClusters", "emr-serverless:getApplication", "emr-serverless:getJobRun", "emr-serverless:listApplications", "es:describeDomain", "es:describeDomainAutoTunes", "es:describeDomainChangeProgress", "es:describeDomainConfig", "es:describeDomains", "es:describeDryRunProgress", "es:describeElasticsearchDomain", "es:describeElasticsearchDomainConfig", "es:describeElasticsearchDomains", "es:describeInboundConnections", "es:describeInstanceTypeLimits", "es:describeOutboundConnections", "es:describePackages", "es:describeReservedInstanceOfferings", "es:describeReservedInstances", "es:describeVpcEndpoints", "es:getCompatibleVersions", "es:getPackageVersionHistory", "es:getUpgradeHistory", "es:getUpgradeStatus", "es:listDomainNames", "es:listDomainsForPackage", "es:listInstanceTypeDetails", "es:listPackagesForDomain", "es:listScheduledActions", "es:listTags", "es:listVersions", "es:listVpcEndpointAccess", "es:listVpcEndpoints", "es:listVpcEndpointsForDomain", "events:describeApiDestination", "events:describeArchive", "events:describeConnection", "events:describeEndpoint", "events:describeEventBus", "events:describeEventSource", "events:describePartnerEventSource", "events:describeReplay", "events:describeRule", "events:listApiDestinations", "events:listArchives", "events:listConnections", "events:listEndpoints", "events:listEventBuses", "events:listEventSources", "events:listPartnerEventSourceAccounts", "events:listPartnerEventSources", "events:listReplays", "events:listRuleNamesByTarget", "events:listRules", "events:listTargetsByRule", "events:testEventPattern", "fsx:describeBackups", "fsx:describeDataRepositoryAssociations", "fsx:describeDataRepositoryTasks", "fsx:describeFileCaches", "fsx:describeFileSystems", "fsx:describeSnapshots", "fsx:describeStorageVirtualMachines", "fsx:describeVolumes", "fsx:listTagsForResource", "glue:batchGetBlueprints", "glue:batchGetCrawlers", "glue:batchGetDevEndpoints", "glue:batchGetJobs", "glue:batchGetPartition", "glue:batchGetTriggers", "glue:batchGetWorkflows", "glue:checkSchemaVersionValidity", "glue:getBlueprint", "glue:getBlueprintRun", "glue:getBlueprintRuns", "glue:getCatalogImportStatus", "glue:getClassifier", "glue:getClassifiers", "glue:getColumnStatisticsForPartition", "glue:getColumnStatisticsForTable", "glue:getCrawler", "glue:getCrawlerMetrics", "glue:getCrawlers", "glue:getCustomEntityType", "glue:getDataQualityResult", "glue:getDataQualityRuleRecommendationRun", "glue:getDataQualityRuleset", "glue:getDataQualityRulesetEvaluationRun", "glue:getDatabase", "glue:getDatabases", "glue:getDataflowGraph", "glue:getDevEndpoint", "glue:getDevEndpoints", "glue:getJob", "glue:getJobRun", "glue:getJobRuns", "glue:getJobs", "glue:getMLTaskRun", "glue:getMLTaskRuns", "glue:getMLTransform", "glue:getMLTransforms", "glue:getMapping", "glue:getPartition", "glue:getPartitionIndexes", "glue:getPartitions", "glue:getRegistry", "glue:getResourcePolicies", "glue:getResourcePolicy", "glue:getSchema", "glue:getSchemaByDefinition", "glue:getSchemaVersion", "glue:getSchemaVersionsDiff", "glue:getSession", "glue:getStatement", "glue:getTable", "glue:getTableVersions", "glue:getTables", "glue:getTrigger", "glue:getTriggers", "glue:getUserDefinedFunction", "glue:getUserDefinedFunctions", "glue:getWorkflow", "glue:getWorkflowRun", "glue:getWorkflowRuns", "glue:listCrawlers", "glue:listCrawls", "glue:listDataQualityResults", "glue:listDataQualityRuleRecommendationRuns", "glue:listDataQualityRulesetEvaluationRuns", "glue:listDataQualityRulesets", "glue:listDevEndpoints", "glue:listMLTransforms", "glue:listRegistries", "glue:listSchemaVersions", "glue:listSchemas", "glue:listSessions", "glue:listStatements", "glue:querySchemaVersionMetadata", "guardduty:getFindings", "guardduty:listDetectors", "guardduty:listFindings", "guardduty:listIPSets", "guardduty:listThreatIntelSets", "iam:getAccessKeyLastUsed", "iam:getAccountAuthorizationDetails", "iam:getAccountPasswordPolicy", "iam:getAccountSummary", "iam:getContextKeysForCustomPolicy", "iam:getContextKeysForPrincipalPolicy", "iam:getCredentialReport", "iam:getGroup", "iam:getGroupPolicy", "iam:getInstanceProfile", "iam:getLoginProfile", "iam:getOpenIDConnectProvider", "iam:getPolicy", "iam:getPolicyVersion", "iam:getRole", "iam:getRolePolicy", "iam:getSAMLProvider", "iam:getSSHPublicKey", "iam:getServerCertificate", "iam:getServiceLinkedRoleDeletionStatus", "iam:getUser", "iam:getUserPolicy", "iam:listAccessKeys", "iam:listAccountAliases", "iam:listAttachedGroupPolicies", "iam:listAttachedRolePolicies", "iam:listAttachedUserPolicies", "iam:listEntitiesForPolicy", "iam:listGroupPolicies", "iam:listGroups", "iam:listGroupsForUser", "iam:listInstanceProfiles", "iam:listInstanceProfilesForRole", "iam:listMFADevices", "iam:listOpenIDConnectProviders", "iam:listPolicies", "iam:listPolicyVersions", "iam:listRolePolicies", "iam:listRoles", "iam:listSAMLProviders", "iam:listSSHPublicKeys", "iam:listServerCertificates", "iam:listSigningCertificates", "iam:listUserPolicies", "iam:listUsers", "iam:listVirtualMFADevices", "kafka:describeCluster", "kafka:describeClusterOperation", "kafka:describeClusterOperationV2", "kafka:describeClusterV2", "kafka:describeConfiguration", "kafka:describeConfigurationRevision", "kafka:describeReplicator", "kafka:describeVpcConnection", "kafka:getBootstrapBrokers", "kafka:getClusterPolicy", "kafka:listClientVpcConnections", "kafka:listClusterOperations", "kafka:listClusterOperationsV2", "kafka:listClusters", "kafka:listClustersV2", "kafka:listConfigurationRevisions", "kafka:listConfigurations", "kafka:listNodes", "kafka:listReplicators", "kafka:listScramSecrets", "kafka:listVpcConnections", "kafkaconnect:describeConnector", "kafkaconnect:describeCustomPlugin", "kafkaconnect:describeWorkerConfiguration", "kafkaconnect:listConnectors", "kafkaconnect:listCustomPlugins", "kafkaconnect:listWorkerConfigurations", "lambda:getAccountSettings", "lambda:getAlias", "lambda:getCodeSigningConfig", "lambda:getEventSourceMapping", "lambda:getFunction", "lambda:getFunctionCodeSigningConfig", "lambda:getFunctionConcurrency", "lambda:getFunctionConfiguration", "lambda:getFunctionEventInvokeConfig", "lambda:getFunctionUrlConfig", "lambda:getLayerVersion", "lambda:getLayerVersionPolicy", "lambda:getPolicy", "lambda:getProvisionedConcurrencyConfig", "lambda:getRuntimeManagementConfig", "lambda:listAliases", "lambda:listCodeSigningConfigs", "lambda:listEventSourceMappings", "lambda:listFunctionEventInvokeConfigs", "lambda:listFunctionUrlConfigs", "lambda:listFunctions", "lambda:listFunctionsByCodeSigningConfig", "lambda:listLayerVersions", "lambda:listLayers", "lambda:listProvisionedConcurrencyConfigs", "lambda:listVersionsByFunction", "logs:describeExportTasks", "logs:describeLogGroups", "logs:describeLogStreams", "logs:describeMetricFilters", "logs:describeSubscriptionFilters", "medialive:listChannels", "medialive:listInputSecurityGroups", "medialive:listInputs", "mobiletargeting:getAdmChannel", "mobiletargeting:getApnsChannel", "mobiletargeting:getApnsSandboxChannel", "mobiletargeting:getApnsVoipChannel", "mobiletargeting:getApnsVoipSandboxChannel", "mobiletargeting:getApplicationSettings", "mobiletargeting:getApps", "mobiletargeting:getBaiduChannel", "mobiletargeting:getCampaign", "mobiletargeting:getCampaignActivities", "mobiletargeting:getCampaignVersions", "mobiletargeting:getCampaigns", "mobiletargeting:getEmailChannel", "mobiletargeting:getEventStream", "mobiletargeting:getExportJobs", "mobiletargeting:getGcmChannel", "mobiletargeting:getImportJobs", "mobiletargeting:getJourney", "mobiletargeting:getJourneyExecutionActivityMetrics", "mobiletargeting:getJourneyExecutionMetrics", "mobiletargeting:getJourneyRunExecutionActivityMetrics", "mobiletargeting:getJourneyRunExecutionMetrics", "mobiletargeting:getJourneyRuns", "mobiletargeting:getSegment", "mobiletargeting:getSegmentImportJobs", "mobiletargeting:getSegmentVersions", "mobiletargeting:getSegments", "mobiletargeting:getSmsChannel", "mobiletargeting:listJourneys", "pipes:listPipes", "polly:describeVoices", "polly:listLexicons", "quicksight:describeAccountCustomization", "quicksight:describeAccountSettings", "quicksight:describeAccountSubscription", "quicksight:describeAnalysis", "quicksight:describeAnalysisPermissions", "quicksight:describeDashboard", "quicksight:describeDashboardPermissions", "quicksight:describeDataSet", "quicksight:describeDataSetRefreshProperties", "quicksight:describeDataSource", "quicksight:describeFolder", "quicksight:describeFolderPermissions", "quicksight:describeFolderResolvedPermissions", "quicksight:describeGroup", "quicksight:describeGroupMembership", "quicksight:describeIAMPolicyAssignment", "quicksight:describeIngestion", "quicksight:describeIpRestriction", "quicksight:describeNamespace", "quicksight:describeRefreshSchedule", "quicksight:describeTemplate", "quicksight:describeTemplateAlias", "quicksight:describeTemplatePermissions", "quicksight:describeTheme", "quicksight:describeThemeAlias", "quicksight:describeThemePermissions", "quicksight:describeTopic", "quicksight:describeTopicRefresh", "quicksight:describeTopicRefreshSchedule", "quicksight:describeUser", "quicksight:describeVPCConnection", "quicksight:listAnalyses", "quicksight:listDashboardVersions", "quicksight:listDashboards", "quicksight:listDataSets", "quicksight:listDataSources", "quicksight:listFolderMembers", "quicksight:listFolders", "quicksight:listGroupMemberships", "quicksight:listGroups", "quicksight:listIAMPolicyAssignments", "quicksight:listIAMPolicyAssignmentsForUser", "quicksight:listIngestions", "quicksight:listNamespaces", "quicksight:listRefreshSchedules", "quicksight:listTemplateAliases", "quicksight:listTemplateVersions", "quicksight:listTemplates", "quicksight:listThemeAliases", "quicksight:listThemeVersions", "quicksight:listThemes", "quicksight:listTopicRefreshSchedules", "quicksight:listTopics", "quicksight:listUserGroups", "quicksight:listUsers", "quicksight:listVPCConnections", "quicksight:searchAnalyses", "quicksight:searchDashboards", "quicksight:searchDataSets", "quicksight:searchDataSources", "quicksight:searchFolders", "quicksight:searchGroups", "rds:describeAccountAttributes", "rds:describeBlueGreenDeployments", "rds:describeCertificates", "rds:describeDBClusterEndpoints", "rds:describeDBClusterParameterGroups", "rds:describeDBClusterParameters", "rds:describeDBClusterSnapshots", "rds:describeDBClusters", "rds:describeDBEngineVersions", "rds:describeDBInstanceAutomatedBackups", "rds:describeDBInstances", "rds:describeDBLogFiles", "rds:describeDBParameterGroups", "rds:describeDBParameters", "rds:describeDBSecurityGroups", "rds:describeDBSnapshotAttributes", "rds:describeDBSnapshots", "rds:describeDBSubnetGroups", "rds:describeEngineDefaultClusterParameters", "rds:describeEngineDefaultParameters", "rds:describeEventCategories", "rds:describeEventSubscriptions", "rds:describeEvents", "rds:describeExportTasks", "rds:describeGlobalClusters", "rds:describeIntegrations", "rds:describeOptionGroupOptions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describePendingMaintenanceActions", "rds:describeReservedDBInstances", "rds:describeReservedDBInstancesOfferings", "rds:describeSourceRegions", "rds:describeValidDBInstanceModifications", "rds:listTagsForResource", "redshift-data:describeStatement", "redshift-data:listStatements", "redshift-serverless:getEndpointAccess", "redshift-serverless:getNamespace", "redshift-serverless:getRecoveryPoint", "redshift-serverless:getSnapshot", "redshift-serverless:getTableRestoreStatus", "redshift-serverless:getUsageLimit", "redshift-serverless:getWorkgroup", "redshift-serverless:listEndpointAccess", "redshift-serverless:listNamespaces", "redshift-serverless:listRecoveryPoints", "redshift-serverless:listSnapshots", "redshift-serverless:listTableRestoreStatus", "redshift-serverless:listUsageLimits", "redshift-serverless:listWorkgroups", "redshift:describeClusterParameterGroups", "redshift:describeClusterParameters", "redshift:describeClusterSecurityGroups", "redshift:describeClusterSnapshots", "redshift:describeClusterSubnetGroups", "redshift:describeClusterVersions", "redshift:describeClusters", "redshift:describeDataShares", "redshift:describeDataSharesForConsumer", "redshift:describeDataSharesForProducer", "redshift:describeDefaultClusterParameters", "redshift:describeEventCategories", "redshift:describeEventSubscriptions", "redshift:describeEvents", "redshift:describeHsmClientCertificates", "redshift:describeHsmConfigurations", "redshift:describeLoggingStatus", "redshift:describeOrderableClusterOptions", "redshift:describeReservedNodeOfferings", "redshift:describeReservedNodes", "redshift:describeResize", "redshift:describeSnapshotCopyGrants", "redshift:describeStorage", "redshift:describeTableRestoreStatus", "redshift:describeTags", "route53-recovery-cluster:getRoutingControlState", "route53-recovery-cluster:listRoutingControls", "route53-recovery-control-config:describeControlPanel", "route53-recovery-control-config:describeRoutingControl", "route53-recovery-control-config:describeSafetyRule", "route53-recovery-control-config:listControlPanels", "route53-recovery-control-config:listRoutingControls", "route53-recovery-control-config:listSafetyRules", "route53-recovery-readiness:getCell", "route53-recovery-readiness:getCellReadinessSummary", "route53-recovery-readiness:getReadinessCheck", "route53-recovery-readiness:getReadinessCheckResourceStatus", "route53-recovery-readiness:getReadinessCheckStatus", "route53-recovery-readiness:getRecoveryGroup", "route53-recovery-readiness:getRecoveryGroupReadinessSummary", "route53-recovery-readiness:listCells", "route53-recovery-readiness:listReadinessChecks", "route53-recovery-readiness:listRecoveryGroups", "route53-recovery-readiness:listResourceSets", "route53:getAccountLimit", "route53:getChange", "route53:getCheckerIpRanges", "route53:getDNSSEC", "route53:getGeoLocation", "route53:getHealthCheck", "route53:getHealthCheckCount", "route53:getHealthCheckLastFailureReason", "route53:getHealthCheckStatus", "route53:getHostedZone", "route53:getHostedZoneCount", "route53:getHostedZoneLimit", "route53:getQueryLoggingConfig", "route53:getReusableDelegationSet", "route53:getTrafficPolicy", "route53:getTrafficPolicyInstance", "route53:getTrafficPolicyInstanceCount", "route53:listCidrBlocks", "route53:listCidrCollections", "route53:listCidrLocations", "route53:listGeoLocations", "route53:listHealthChecks", "route53:listHostedZones", "route53:listHostedZonesByName", "route53:listHostedZonesByVpc", "route53:listQueryLoggingConfigs", "route53:listResourceRecordSets", "route53:listReusableDelegationSets", "route53:listTrafficPolicies", "route53:listTrafficPolicyInstances", "route53:listTrafficPolicyInstancesByHostedZone", "route53:listTrafficPolicyInstancesByPolicy", "route53:listTrafficPolicyVersions", "route53:listVPCAssociationAuthorizations", "route53domains:checkDomainAvailability", "route53domains:getContactReachabilityStatus", "route53domains:getDomainDetail", "route53domains:getOperationDetail", "route53domains:listDomains", "route53domains:listOperations", "route53domains:listPrices", "route53domains:listTagsForDomain", "route53domains:viewBilling", "route53resolver:getFirewallConfig", "route53resolver:getFirewallDomainList", "route53resolver:getFirewallRuleGroup", "route53resolver:getFirewallRuleGroupAssociation", "route53resolver:getFirewallRuleGroupPolicy", "route53resolver:getOutpostResolver", "route53resolver:getResolverDnssecConfig", "route53resolver:getResolverQueryLogConfig", "route53resolver:getResolverQueryLogConfigAssociation", "route53resolver:getResolverQueryLogConfigPolicy", "route53resolver:getResolverRule", "route53resolver:getResolverRuleAssociation", "route53resolver:getResolverRulePolicy", "route53resolver:listFirewallConfigs", "route53resolver:listFirewallDomainLists", "route53resolver:listFirewallDomains", "route53resolver:listFirewallRuleGroupAssociations", "route53resolver:listFirewallRuleGroups", "route53resolver:listFirewallRules", "route53resolver:listOutpostResolvers", "route53resolver:listResolverConfigs", "route53resolver:listResolverDnssecConfigs", "route53resolver:listResolverEndpointIpAddresses", "route53resolver:listResolverEndpoints", "route53resolver:listResolverQueryLogConfigAssociations", "route53resolver:listResolverQueryLogConfigs", "route53resolver:listResolverRuleAssociations", "route53resolver:listResolverRules", "route53resolver:listTagsForResource", "s3:describeJob", "s3:describeMultiRegionAccessPointOperation", "s3:getAccelerateConfiguration", "s3:getAccessPoint", "s3:getAccessPointConfigurationForObjectLambda", "s3:getAccessPointForObjectLambda", "s3:getAccessPointPolicy", "s3:getAccessPointPolicyForObjectLambda", "s3:getAccessPointPolicyStatus", "s3:getAccessPointPolicyStatusForObjectLambda", "s3:getAccountPublicAccessBlock", "s3:getAnalyticsConfiguration", "s3:getBucketAcl", "s3:getBucketCORS", "s3:getBucketLocation", "s3:getBucketLogging", "s3:getBucketNotification", "s3:getBucketObjectLockConfiguration", "s3:getBucketOwnershipControls", "s3:getBucketPolicy", "s3:getBucketPolicyStatus", "s3:getBucketPublicAccessBlock", "s3:getBucketRequestPayment", "s3:getBucketVersioning", "s3:getBucketWebsite", "s3:getEncryptionConfiguration", "s3:getIntelligentTieringConfiguration", "s3:getInventoryConfiguration", "s3:getLifecycleConfiguration", "s3:getMetricsConfiguration", "s3:getMultiRegionAccessPoint", "s3:getMultiRegionAccessPointPolicy", "s3:getMultiRegionAccessPointPolicyStatus", "s3:getMultiRegionAccessPointRoutes", "s3:getObjectLegalHold", "s3:getObjectRetention", "s3:getReplicationConfiguration", "s3:getStorageLensConfiguration", "s3:listAccessPoints", "s3:listAccessPointsForObjectLambda", "s3:listAllMyBuckets", "s3:listBucket", "s3:listBucketMultipartUploads", "s3:listBucketVersions", "s3:listJobs", "s3:listMultiRegionAccessPoints", "s3:listMultipartUploadParts", "s3:listStorageLensConfigurations", "s3express:getBucketPolicy", "s3express:listAllMyDirectoryBuckets", "sagemaker:describeAction", "sagemaker:describeAlgorithm", "sagemaker:describeApp", "sagemaker:describeAppImageConfig", "sagemaker:describeArtifact", "sagemaker:describeAutoMLJob", "sagemaker:describeCluster", "sagemaker:describeClusterNode", "sagemaker:describeCodeRepository", "sagemaker:describeCompilationJob", "sagemaker:describeContext", "sagemaker:describeDataQualityJobDefinition", "sagemaker:describeDevice", "sagemaker:describeDeviceFleet", "sagemaker:describeDomain", "sagemaker:describeEdgeDeploymentPlan", "sagemaker:describeEdgePackagingJob", "sagemaker:describeEndpoint", "sagemaker:describeEndpointConfig", "sagemaker:describeExperiment", "sagemaker:describeFeatureGroup", "sagemaker:describeFeatureMetadata", "sagemaker:describeFlowDefinition", "sagemaker:describeHub", "sagemaker:describeHubContent", "sagemaker:describeHumanTaskUi", "sagemaker:describeHyperParameterTuningJob", "sagemaker:describeImage", "sagemaker:describeImageVersion", "sagemaker:describeInferenceComponent", "sagemaker:describeInferenceExperiment", "sagemaker:describeInferenceRecommendationsJob", "sagemaker:describeLabelingJob", "sagemaker:describeModel", "sagemaker:describeModelBiasJobDefinition", "sagemaker:describeModelCard", "sagemaker:describeModelCardExportJob", "sagemaker:describeModelExplainabilityJobDefinition", "sagemaker:describeModelPackage", "sagemaker:describeModelPackageGroup", "sagemaker:describeModelQualityJobDefinition", "sagemaker:describeMonitoringSchedule", "sagemaker:describeNotebookInstance", "sagemaker:describeNotebookInstanceLifecycleConfig", "sagemaker:describePipeline", "sagemaker:describePipelineDefinitionForExecution", "sagemaker:describePipelineExecution", "sagemaker:describeProcessingJob", "sagemaker:describeProject", "sagemaker:describeSpace", "sagemaker:describeStudioLifecycleConfig", "sagemaker:describeSubscribedWorkteam", "sagemaker:describeTrainingJob", "sagemaker:describeTransformJob", "sagemaker:describeTrial", "sagemaker:describeTrialComponent", "sagemaker:describeUserProfile", "sagemaker:describeWorkforce", "sagemaker:describeWorkteam", "sagemaker:getDeviceFleetReport", "sagemaker:getModelPackageGroupPolicy", "sagemaker:getSagemakerServicecatalogPortfolioStatus", "sagemaker:listActions", "sagemaker:listAlgorithms", "sagemaker:listAliases", "sagemaker:listAppImageConfigs", "sagemaker:listApps", "sagemaker:listArtifacts", "sagemaker:listAssociations", "sagemaker:listAutoMLJobs", "sagemaker:listCandidatesForAutoMLJob", "sagemaker:listClusterNodes", "sagemaker:listClusters", "sagemaker:listCodeRepositories", "sagemaker:listCompilationJobs", "sagemaker:listContexts", "sagemaker:listDataQualityJobDefinitions", "sagemaker:listDeviceFleets", "sagemaker:listDevices", "sagemaker:listDomains", "sagemaker:listEdgeDeploymentPlans", "sagemaker:listEdgePackagingJobs", "sagemaker:listEndpointConfigs", "sagemaker:listEndpoints", "sagemaker:listExperiments", "sagemaker:listFeatureGroups", "sagemaker:listFlowDefinitions", "sagemaker:listHubContentVersions", "sagemaker:listHubContents", "sagemaker:listHubs", "sagemaker:listHumanTaskUis", "sagemaker:listHyperParameterTuningJobs", "sagemaker:listImageVersions", "sagemaker:listImages", "sagemaker:listInferenceComponents", "sagemaker:listInferenceExperiments", "sagemaker:listInferenceRecommendationsJobSteps", "sagemaker:listInferenceRecommendationsJobs", "sagemaker:listLabelingJobs", "sagemaker:listLabelingJobsForWorkteam", "sagemaker:listLineageGroups", "sagemaker:listModelBiasJobDefinitions", "sagemaker:listModelCardExportJobs", "sagemaker:listModelCardVersions", "sagemaker:listModelCards", "sagemaker:listModelExplainabilityJobDefinitions", "sagemaker:listModelMetadata", "sagemaker:listModelPackageGroups", "sagemaker:listModelPackages", "sagemaker:listModelQualityJobDefinitions", "sagemaker:listModels", "sagemaker:listMonitoringAlertHistory", "sagemaker:listMonitoringAlerts", "sagemaker:listMonitoringExecutions", "sagemaker:listMonitoringSchedules", "sagemaker:listNotebookInstanceLifecycleConfigs", "sagemaker:listNotebookInstances", "sagemaker:listPipelineExecutionSteps", "sagemaker:listPipelineExecutions", "sagemaker:listPipelineParametersForExecution", "sagemaker:listPipelines", "sagemaker:listProcessingJobs", "sagemaker:listProjects", "sagemaker:listSpaces", "sagemaker:listStageDevices", "sagemaker:listStudioLifecycleConfigs", "sagemaker:listSubscribedWorkteams", "sagemaker:listTags", "sagemaker:listTrainingJobs", "sagemaker:listTrainingJobsForHyperParameterTuningJob", "sagemaker:listTransformJobs", "sagemaker:listTrialComponents", "sagemaker:listTrials", "sagemaker:listUserProfiles", "sagemaker:listWorkforces", "sagemaker:listWorkteams", "scheduler:listScheduleGroups", "scheduler:listSchedules", "servicequotas:listAWSDefaultServiceQuotas", "servicequotas:listServiceQuotas", "ses:describeActiveReceiptRuleSet", "ses:describeConfigurationSet", "ses:describeReceiptRule", "ses:describeReceiptRuleSet", "ses:getAccount", "ses:getAccountSendingEnabled", "ses:getBlacklistReports", "ses:getConfigurationSet", "ses:getConfigurationSetEventDestinations", "ses:getContactList", "ses:getDedicatedIp", "ses:getDedicatedIpPool", "ses:getDedicatedIps", "ses:getDeliverabilityDashboardOptions", "ses:getDeliverabilityTestReport", "ses:getDomainDeliverabilityCampaign", "ses:getDomainStatisticsReport", "ses:getEmailIdentity", "ses:getIdentityDkimAttributes", "ses:getIdentityMailFromDomainAttributes", "ses:getIdentityNotificationAttributes", "ses:getIdentityPolicies", "ses:getIdentityVerificationAttributes", "ses:getImportJob", "ses:getSendQuota", "ses:getSendStatistics", "ses:listConfigurationSets", "ses:listContactLists", "ses:listContacts", "ses:listCustomVerificationEmailTemplates", "ses:listDedicatedIpPools", "ses:listDeliverabilityTestReports", "ses:listDomainDeliverabilityCampaigns", "ses:listEmailIdentities", "ses:listEmailTemplates", "ses:listIdentities", "ses:listIdentityPolicies", "ses:listImportJobs", "ses:listReceiptFilters", "ses:listReceiptRuleSets", "ses:listRecommendations", "ses:listTagsForResource", "ses:listTemplates", "ses:listVerifiedEmailAddresses", "sns:checkIfPhoneNumberIsOptedOut", "sns:getDataProtectionPolicy", "sns:getEndpointAttributes", "sns:getPlatformApplicationAttributes", "sns:getSMSAttributes", "sns:getSMSSandboxAccountStatus", "sns:getSubscriptionAttributes", "sns:getTopicAttributes", "sns:listEndpointsByPlatformApplication", "sns:listOriginationNumbers", "sns:listPhoneNumbersOptedOut", "sns:listPlatformApplications", "sns:listSMSSandboxPhoneNumbers", "sns:listSubscriptions", "sns:listSubscriptionsByTopic", "sns:listTopics", "ssm-contacts:describeEngagement", "ssm-contacts:describePage", "ssm-contacts:getContact", "ssm-contacts:getContactChannel", "ssm-contacts:getContactPolicy", "ssm-contacts:getRotation", "ssm-contacts:getRotationOverride", "ssm-contacts:listContactChannels", "ssm-contacts:listContacts", "ssm-contacts:listEngagements", "ssm-contacts:listPageReceipts", "ssm-contacts:listPageResolutions", "ssm-contacts:listPagesByContact", "ssm-contacts:listPagesByEngagement", "ssm-contacts:listPreviewRotationShifts", "ssm-contacts:listRotationOverrides", "ssm-contacts:listRotationShifts", "ssm-contacts:listRotations", "ssm-incidents:getIncidentRecord", "ssm-incidents:getReplicationSet", "ssm-incidents:getResourcePolicies", "ssm-incidents:getResponsePlan", "ssm-incidents:getTimelineEvent", "ssm-incidents:listIncidentRecords", "ssm-incidents:listRelatedItems", "ssm-incidents:listReplicationSets", "ssm-incidents:listResponsePlans", "ssm-incidents:listTimelineEvents", "ssm-sap:getApplication", "ssm-sap:getComponent", "ssm-sap:getDatabase", "ssm-sap:getOperation", "ssm-sap:getResourcePermission", "ssm-sap:listApplications", "ssm-sap:listComponents", "ssm-sap:listDatabases", "ssm-sap:listOperations", "ssm:describeActivations", "ssm:describeAssociation", "ssm:describeAssociationExecutionTargets", "ssm:describeAssociationExecutions", "ssm:describeAutomationExecutions", "ssm:describeAutomationStepExecutions", "ssm:describeAvailablePatches", "ssm:describeDocument", "ssm:describeDocumentPermission", "ssm:describeEffectiveInstanceAssociations", "ssm:describeEffectivePatchesForPatchBaseline", "ssm:describeInstanceAssociationsStatus", "ssm:describeInstanceInformation", "ssm:describeInstancePatchStates", "ssm:describeInstancePatchStatesForPatchGroup", "ssm:describeInstancePatches", "ssm:describeInventoryDeletions", "ssm:describeMaintenanceWindowExecutionTaskInvocations", "ssm:describeMaintenanceWindowExecutionTasks", "ssm:describeMaintenanceWindowExecutions", "ssm:describeMaintenanceWindowSchedule", "ssm:describeMaintenanceWindowTargets", "ssm:describeMaintenanceWindowTasks", "ssm:describeMaintenanceWindows", "ssm:describeMaintenanceWindowsForTarget", "ssm:describeOpsItems", "ssm:describeParameters", "ssm:describePatchBaselines", "ssm:describePatchGroupState", "ssm:describePatchGroups", "ssm:describePatchProperties", "ssm:describeSessions", "ssm:getAutomationExecution", "ssm:getCalendarState", "ssm:getCommandInvocation", "ssm:getConnectionStatus", "ssm:getDefaultPatchBaseline", "ssm:getDeployablePatchSnapshotForInstance", "ssm:getInventorySchema", "ssm:getMaintenanceWindow", "ssm:getMaintenanceWindowExecution", "ssm:getMaintenanceWindowExecutionTask", "ssm:getMaintenanceWindowExecutionTaskInvocation", "ssm:getMaintenanceWindowTask", "ssm:getOpsItem", "ssm:getOpsMetadata", "ssm:getOpsSummary", "ssm:getPatchBaseline", "ssm:getPatchBaselineForPatchGroup", "ssm:getResourcePolicies", "ssm:getServiceSetting", "ssm:listAssociationVersions", "ssm:listAssociations", "ssm:listCommandInvocations", "ssm:listCommands", "ssm:listComplianceItems", "ssm:listComplianceSummaries", "ssm:listDocumentMetadataHistory", "ssm:listDocumentVersions", "ssm:listDocuments", "ssm:listOpsItemEvents", "ssm:listOpsItemRelatedItems", "ssm:listOpsMetadata", "ssm:listResourceComplianceSummaries", "ssm:listResourceDataSync", "ssm:listTagsForResource", "swf:describeActivityType", "swf:describeDomain", "swf:describeWorkflowExecution", "swf:describeWorkflowType", "swf:getWorkflowExecutionHistory", "swf:listActivityTypes", "swf:listClosedWorkflowExecutions", "swf:listDomains", "swf:listOpenWorkflowExecutions", "swf:listWorkflowTypes", "vpc-lattice:getAccessLogSubscription", "vpc-lattice:getAuthPolicy", "vpc-lattice:getListener", "vpc-lattice:getResourcePolicy", "vpc-lattice:getRule", "vpc-lattice:getService", "vpc-lattice:getServiceNetwork", "vpc-lattice:getServiceNetworkServiceAssociation", "vpc-lattice:getServiceNetworkVpcAssociation", "vpc-lattice:getTargetGroup", "vpc-lattice:listAccessLogSubscriptions", "vpc-lattice:listListeners", "vpc-lattice:listRules", "vpc-lattice:listServiceNetworkServiceAssociations", "vpc-lattice:listServiceNetworkVpcAssociations", "vpc-lattice:listServiceNetworks", "vpc-lattice:listServices", "vpc-lattice:listTargetGroups", "vpc-lattice:listTargets", "waf-regional:getByteMatchSet", "waf-regional:getChangeTokenStatus", "waf-regional:getGeoMatchSet", "waf-regional:getIPSet", "waf-regional:getLoggingConfiguration", "waf-regional:getRateBasedRule", "waf-regional:getRegexMatchSet", "waf-regional:getRegexPatternSet", "waf-regional:getRule", "waf-regional:getRuleGroup", "waf-regional:getSqlInjectionMatchSet", "waf-regional:getWebACL", "waf-regional:getWebACLForResource", "waf-regional:listActivatedRulesInRuleGroup", "waf-regional:listByteMatchSets", "waf-regional:listGeoMatchSets", "waf-regional:listIPSets", "waf-regional:listLoggingConfigurations", "waf-regional:listRateBasedRules", "waf-regional:listRegexMatchSets", "waf-regional:listRegexPatternSets", "waf-regional:listResourcesForWebACL", "waf-regional:listRuleGroups", "waf-regional:listRules", "waf-regional:listSqlInjectionMatchSets", "waf-regional:listWebACLs", "waf:getByteMatchSet", "waf:getChangeTokenStatus", "waf:getGeoMatchSet", "waf:getIPSet", "waf:getLoggingConfiguration", "waf:getRateBasedRule", "waf:getRegexMatchSet", "waf:getRegexPatternSet", "waf:getRule", "waf:getRuleGroup", "waf:getSampledRequests", "waf:getSizeConstraintSet", "waf:getSqlInjectionMatchSet", "waf:getWebACL", "waf:getXssMatchSet", "waf:listActivatedRulesInRuleGroup", "waf:listByteMatchSets", "waf:listGeoMatchSets", "waf:listIPSets", "waf:listLoggingConfigurations", "waf:listRateBasedRules", "waf:listRegexMatchSets", "waf:listRegexPatternSets", "waf:listRuleGroups", "waf:listRules", "waf:listSizeConstraintSets", "waf:listSqlInjectionMatchSets", "waf:listWebACLs", "waf:listXssMatchSets", "wafv2:checkCapacity", "wafv2:describeManagedRuleGroup", "wafv2:getIPSet", "wafv2:getLoggingConfiguration", "wafv2:getPermissionPolicy", "wafv2:getRateBasedStatementManagedKeys", "wafv2:getRegexPatternSet", "wafv2:getRuleGroup", "wafv2:getSampledRequests", "wafv2:getWebACL", "wafv2:getWebACLForResource", "wafv2:listAvailableManagedRuleGroups", "wafv2:listIPSets", "wafv2:listLoggingConfigurations", "wafv2:listRegexPatternSets", "wafv2:listResourcesForWebACL", "wafv2:listRuleGroups", "wafv2:listTagsForResource", "wafv2:listWebACLs", "workspaces-web:getBrowserSettings", "workspaces-web:getIdentityProvider", "workspaces-web:getNetworkSettings", "workspaces-web:getPortal", "workspaces-web:getPortalServiceProviderMetadata", "workspaces-web:getTrustStoreCertificate", "workspaces-web:getUserSettings", "workspaces-web:listBrowserSettings", "workspaces-web:listIdentityProviders", "workspaces-web:listNetworkSettings", "workspaces-web:listPortals", "workspaces-web:listTagsForResource", "workspaces-web:listTrustStoreCertificates", "workspaces-web:listTrustStores", "workspaces-web:listUserSettings", "workspaces:describeAccount", "workspaces:describeAccountModifications", "workspaces:describeApplicationAssociations", "workspaces:describeIpGroups", "workspaces:describeTags", "workspaces:describeWorkspaceAssociations", "workspaces:describeWorkspaceBundles", "workspaces:describeWorkspaceDirectories", "workspaces:describeWorkspaceImages", "workspaces:describeWorkspaces", "workspaces:describeWorkspacesConnectionStatus" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-22T20:06:06+00:00" }, "AWSPriceListServiceFullAccess":{ "CreateDate":"2017-11-22T00:36:27+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "pricing:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSPriceListServiceFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-02T13:34:19+00:00" }, "AWSPrivateCAAuditor":{ "CreateDate":"2023-02-14T18:33:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "acm-pca:CreateCertificateAuthorityAuditReport", "acm-pca:DescribeCertificateAuthority", "acm-pca:DescribeCertificateAuthorityAuditReport", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", "acm-pca:GetPolicy", "acm-pca:ListPermissions", "acm-pca:ListTags" ], "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:ListCertificateAuthorities" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-14T18:33:44+00:00" }, "AWSPrivateCAFullAccess":{ "CreateDate":"2023-02-14T18:20:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "acm-pca:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-14T18:20:59+00:00" }, "AWSPrivateCAPrivilegedUser":{ "CreateDate":"2023-02-14T18:26:02+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "acm-pca:IssueCertificate" ], "Condition":{ "ArnLike":{ "acm-pca:TemplateArn":[ "arn:aws:acm-pca:*:*:template/*CACertificate*/V*" ] } }, "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:IssueCertificate" ], "Condition":{ "ArnNotLike":{ "acm-pca:TemplateArn":[ "arn:aws:acm-pca:*:*:template/*CACertificate*/V*" ] } }, "Effect":"Deny", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:RevokeCertificate", "acm-pca:GetCertificate", "acm-pca:ListPermissions" ], "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:ListCertificateAuthorities" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-22T21:07:06+00:00" }, "AWSPrivateCAReadOnly":{ "CreateDate":"2023-02-14T18:30:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":[ "acm-pca:DescribeCertificateAuthority", "acm-pca:DescribeCertificateAuthorityAuditReport", "acm-pca:ListCertificateAuthorities", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", "acm-pca:GetPolicy", "acm-pca:ListPermissions", "acm-pca:ListTags" ], "Effect":"Allow", "Resource":"*" }, "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-14T18:30:50+00:00" }, "AWSPrivateCAUser":{ "CreateDate":"2023-02-14T18:16:08+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "acm-pca:IssueCertificate" ], "Condition":{ "ArnLike":{ "acm-pca:TemplateArn":[ "arn:aws:acm-pca:*:*:template/EndEntityCertificate/V*" ] } }, "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:IssueCertificate" ], "Condition":{ "ArnNotLike":{ "acm-pca:TemplateArn":[ "arn:aws:acm-pca:*:*:template/EndEntityCertificate/V*" ] } }, "Effect":"Deny", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:RevokeCertificate", "acm-pca:GetCertificate", "acm-pca:ListPermissions" ], "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Action":[ "acm-pca:ListCertificateAuthorities" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-22T21:22:07+00:00" }, "AWSPrivateMarketplaceAdminFullAccess":{ "CreateDate":"2018-11-27T16:32:32+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:AssociateProductsWithPrivateMarketplace", "aws-marketplace:DisassociateProductsFromPrivateMarketplace", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PrivateMarketplaceRequestPermissions" }, { "Action":[ "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:CancelChangeSet" ], "Effect":"Allow", "Resource":"*", "Sid":"PrivateMarketplaceCatalogAPIPermissions" }, { "Action":[ "aws-marketplace:TagResource", "aws-marketplace:UntagResource", "aws-marketplace:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*", "Sid":"PrivateMarketplaceCatalogTaggingPermissions" }, { "Action":[ "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:ListRoots", "organizations:ListParents", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", "Resource":"*", "Sid":"PrivateMarketplaceOrganizationPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-14T22:05:08+00:00" }, "AWSPrivateMarketplaceRequests":{ "CreateDate":"2019-10-28T21:44:03+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-28T21:44:03+00:00" }, "AWSPrivateNetworksServiceRolePolicy":{ "CreateDate":"2021-12-16T23:17:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/Private5G" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-12-16T23:17:46+00:00" }, "AWSProtonCodeBuildProvisioningBasicAccess":{ "CreateDate":"2022-11-09T21:04:16+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/codebuild/AWSProton-*" ] }, { "Action":"proton:NotifyResourceDeploymentStatusChange", "Effect":"Allow", "Resource":"arn:aws:proton:*:*:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-09T21:04:16+00:00" }, "AWSProtonCodeBuildProvisioningServiceRolePolicy":{ "CreateDate":"2022-11-09T21:32:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudformation:CreateStack", "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DeleteStack", "cloudformation:UpdateStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:ListStackResources" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/AWSProton-CodeBuild-*" ] }, { "Action":[ "codebuild:CreateProject", "codebuild:DeleteProject", "codebuild:UpdateProject", "codebuild:StartBuild", "codebuild:StopBuild", "codebuild:RetryBuild", "codebuild:BatchGetBuilds", "codebuild:BatchGetProjects" ], "Effect":"Allow", "Resource":"arn:aws:codebuild:*:*:project/AWSProton*" }, { "Action":"iam:PassRole", "Condition":{ "StringEqualsIfExists":{ "iam:PassedToService":"codebuild.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "servicequotas:GetServiceQuota" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-05-17T16:11:40+00:00" }, "AWSProtonDeveloperAccess":{ "CreateDate":"2021-02-17T19:02:08+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "codecommit:ListRepositories", "codepipeline:GetPipeline", "codepipeline:GetPipelineExecution", "codepipeline:GetPipelineState", "codepipeline:ListPipelineExecutions", "codepipeline:ListPipelines", "codestar-connections:ListConnections", "codestar-connections:UseConnection", "proton:CancelServiceInstanceDeployment", "proton:CancelServicePipelineDeployment", "proton:CreateService", "proton:DeleteService", "proton:GetAccountRoles", "proton:GetAccountSettings", "proton:GetEnvironment", "proton:GetEnvironmentAccountConnection", "proton:GetEnvironmentTemplate", "proton:GetEnvironmentTemplateMajorVersion", "proton:GetEnvironmentTemplateMinorVersion", "proton:GetEnvironmentTemplateVersion", "proton:GetRepository", "proton:GetRepositorySyncStatus", "proton:GetResourcesSummary", "proton:GetService", "proton:GetServiceInstance", "proton:GetServiceTemplate", "proton:GetServiceTemplateMajorVersion", "proton:GetServiceTemplateMinorVersion", "proton:GetServiceTemplateVersion", "proton:GetTemplateSyncConfig", "proton:GetTemplateSyncStatus", "proton:ListEnvironmentAccountConnections", "proton:ListEnvironmentOutputs", "proton:ListEnvironmentProvisionedResources", "proton:ListEnvironments", "proton:ListEnvironmentTemplateMajorVersions", "proton:ListEnvironmentTemplateMinorVersions", "proton:ListEnvironmentTemplates", "proton:ListEnvironmentTemplateVersions", "proton:ListRepositories", "proton:ListRepositorySyncDefinitions", "proton:ListServiceInstanceOutputs", "proton:ListServiceInstanceProvisionedResources", "proton:ListServiceInstances", "proton:ListServicePipelineOutputs", "proton:ListServicePipelineProvisionedResources", "proton:ListServices", "proton:ListServiceTemplateMajorVersions", "proton:ListServiceTemplateMinorVersions", "proton:ListServiceTemplates", "proton:ListServiceTemplateVersions", "proton:ListTagsForResource", "proton:UpdateService", "proton:UpdateServiceInstance", "proton:UpdateServicePipeline", "s3:ListAllMyBuckets", "s3:ListBucket" ], "Effect":"Allow", "Resource":"*", "Sid":"ProtonPermissions" }, { "Action":"codestar-connections:PassConnection", "Condition":{ "StringEquals":{ "codestar-connections:PassedToService":"proton.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"CodeStarConnectionsPermissions" }, { "Action":"codeconnections:PassConnection", "Condition":{ "StringEquals":{ "codeconnections:PassedToService":"proton.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"CodeConnectionsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-06T18:26:38+00:00" }, "AWSProtonFullAccess":{ "CreateDate":"2021-02-17T19:07:18+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "proton:*", "codestar-connections:ListConnections", "kms:ListAliases", "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*", "Sid":"ProtonPermissions" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "StringLike":{ "kms:ViaService":"proton.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateGrantPermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"proton.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"PassRolePermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"sync.proton.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/sync.proton.amazonaws.com/AWSServiceRoleForProtonSync", "Sid":"CreateServiceLinkedRolePermissions" }, { "Action":[ "codestar-connections:PassConnection" ], "Condition":{ "StringEquals":{ "codestar-connections:PassedToService":"proton.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"CodeStarConnectionsPermissions" }, { "Action":[ "codeconnections:PassConnection" ], "Condition":{ "StringEquals":{ "codeconnections:PassedToService":"proton.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"CodeConnectionsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-06T18:29:00+00:00" }, "AWSProtonReadOnlyAccess":{ "CreateDate":"2021-02-17T19:09:12+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "codepipeline:ListPipelineExecutions", "codepipeline:ListPipelines", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:GetPipelineExecution", "proton:GetAccountRoles", "proton:GetAccountSettings", "proton:GetEnvironment", "proton:GetEnvironmentAccountConnection", "proton:GetEnvironmentTemplate", "proton:GetEnvironmentTemplateMajorVersion", "proton:GetEnvironmentTemplateMinorVersion", "proton:GetEnvironmentTemplateVersion", "proton:GetRepository", "proton:GetRepositorySyncStatus", "proton:GetResourcesSummary", "proton:GetService", "proton:GetServiceInstance", "proton:GetServiceTemplate", "proton:GetServiceTemplateMajorVersion", "proton:GetServiceTemplateMinorVersion", "proton:GetServiceTemplateVersion", "proton:GetTemplateSyncConfig", "proton:GetTemplateSyncStatus", "proton:ListEnvironmentAccountConnections", "proton:ListEnvironmentOutputs", "proton:ListEnvironmentProvisionedResources", "proton:ListEnvironments", "proton:ListEnvironmentTemplateMajorVersions", "proton:ListEnvironmentTemplateMinorVersions", "proton:ListEnvironmentTemplates", "proton:ListEnvironmentTemplateVersions", "proton:ListRepositories", "proton:ListRepositorySyncDefinitions", "proton:ListServiceInstanceOutputs", "proton:ListServiceInstanceProvisionedResources", "proton:ListServiceInstances", "proton:ListServicePipelineOutputs", "proton:ListServicePipelineProvisionedResources", "proton:ListServices", "proton:ListServiceTemplateMajorVersions", "proton:ListServiceTemplateMinorVersions", "proton:ListServiceTemplates", "proton:ListServiceTemplateVersions", "proton:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-18T18:28:24+00:00" }, "AWSProtonServiceGitSyncServiceRolePolicy":{ "CreateDate":"2023-04-04T15:55:48+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "proton:GetService", "proton:UpdateService", "proton:UpdateServicePipeline", "proton:GetServiceInstance", "proton:CreateServiceInstance", "proton:UpdateServiceInstance", "proton:ListServiceInstances", "proton:GetComponent", "proton:CreateComponent", "proton:ListComponents", "proton:UpdateComponent", "proton:GetEnvironment", "proton:CreateEnvironment", "proton:ListEnvironments", "proton:UpdateEnvironment" ], "Effect":"Allow", "Resource":"*", "Sid":"ProtonServiceSync" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-04T15:55:48+00:00" }, "AWSProtonSyncServiceRolePolicy":{ "CreateDate":"2021-11-23T21:14:36+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "proton:UpdateServiceTemplateVersion", "proton:UpdateServiceTemplate", "proton:UpdateEnvironmentTemplateVersion", "proton:UpdateEnvironmentTemplate", "proton:GetServiceTemplateVersion", "proton:GetServiceTemplate", "proton:GetEnvironmentTemplateVersion", "proton:GetEnvironmentTemplate", "proton:DeleteServiceTemplateVersion", "proton:DeleteEnvironmentTemplateVersion", "proton:CreateServiceTemplateVersion", "proton:CreateServiceTemplate", "proton:CreateEnvironmentTemplateVersion", "proton:CreateEnvironmentTemplate", "proton:ListEnvironmentTemplateVersions", "proton:ListServiceTemplateVersions", "proton:CreateEnvironmentTemplateMajorVersion", "proton:CreateServiceTemplateMajorVersion" ], "Effect":"Allow", "Resource":"*", "Sid":"SyncToProton" }, { "Action":[ "codestar-connections:UseConnection", "codeconnections:UseConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"AccessGitRepos" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-05T01:49:07+00:00" }, "AWSPurchaseOrdersServiceRolePolicy":{ "CreateDate":"2020-05-06T18:15:47+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "account:GetAccountInformation", "account:GetContactInformation", "aws-portal:*Billing", "consolidatedbilling:GetAccountBillingRole", "invoicing:GetInvoicePDF", "invoicing:ListInvoiceUnits", "payments:GetPaymentInstrument", "payments:ListPaymentPreferences", "purchase-orders:AddPurchaseOrder", "purchase-orders:DeletePurchaseOrder", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ListTagsForResource", "purchase-orders:ModifyPurchaseOrders", "purchase-orders:TagResource", "purchase-orders:UntagResource", "purchase-orders:UpdatePurchaseOrder", "purchase-orders:UpdatePurchaseOrderStatus", "purchase-orders:ViewPurchaseOrders", "tax:ListTaxRegistrations" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T17:51:06+00:00" }, "AWSQuickSetupCFGCPacksPermissionsBoundary":{ "CreateDate":"2024-06-26T09:52:11+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-CFGCPacks*" ], "Sid":"ConfigurationRoleGetPermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-CFGCPacks*" ], "Sid":"ConfigurationRolePassToSSMPermissions" }, { "Action":[ "config:PutConformancePack" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:config:*:*:conformance-pack/AWS-QuickSetup-*" ], "Sid":"PutCPackPermissions" }, { "Action":[ "config:DescribeConformancePackStatus" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeCPacksPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"config-conforms.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" ], "Sid":"ConformancePacksSLRCreatePermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"SystemsManagerSLRCreatePermissions" }, { "Action":[ "iam:ListRoles", "config:DescribeConfigurationRecorders", "compute-optimizer:GetEnrollmentStatus", "support:DescribeTrustedAdvisorChecks" ], "Effect":"Allow", "Resource":"*", "Sid":"EnableExplorerReadOnlyPermissions" }, { "Action":[ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/ssm-patchmanager", "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/EC2", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ExplorerOnboarded", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/Association", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ComputeOptimizer", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ConfigCompliance", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/OpsData-TrustedAdvisor", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/SupportCenterCase" ], "Sid":"ServiceSettingsForExplorerUpdatePermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:52:11+00:00" }, "AWSQuickSetupDeploymentRolePolicy":{ "CreateDate":"2024-06-26T09:55:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStacks", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"CfnRead" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:UpdateStack", "cloudformation:DeleteStack", "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackResourceDrifts", "cloudformation:DetectStackDrift", "cloudformation:DetectStackResourceDrift" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/StackSet-AWS-QuickSetup-*" ], "Sid":"CfnManage" }, { "Action":[ "resource-groups:GetGroupQuery" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RGroupsGet" }, { "Action":[ "config:DescribeConformancePacks", "config:DescribeConformancePackStatus" ], "Effect":"Allow", "Resource":"*", "Sid":"CPacksRead" }, { "Action":[ "config:PutConformancePack", "config:DeleteConformancePack" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:config:*:*:conformance-pack/AWS-QuickSetup-*", "Sid":"OpsPacksManage" }, { "Action":[ "ssm:CreateDocument", "ssm:UpdateDocument", "ssm:UpdateDocumentDefaultVersion", "ssm:DeleteDocument", "ssm:AddTagsToResource", "ssm:RemoveTagsFromResource", "ssm:ListTagsForResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ssm:*:*:document/AWSOperationsPack-*", "arn:aws:ssm:*:*:document/AWSOperationsPackInstance-*" ], "Sid":"QSDocsManage" }, { "Action":[ "ssm:GetDocument" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ssm:*:*:document/AWSOperationsPack*", "arn:aws:ssm:*::document/AWSConformancePacks-*", "arn:aws:ssm:*::document/AWSEC2-UpdateLaunchAgent", "arn:aws:ssm:*::document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*::document/AWS-EnableExplorer", "arn:aws:ssm:*::document/AWS-GatherSoftwareInventory", "arn:aws:ssm:*::document/AWS-RunPatchBaselineAssociation", "arn:aws:ssm:*::document/AWS-UpdateSSMAgent" ], "Sid":"QSDocsRead" }, { "Action":[ "ssm:CreateAssociation", "ssm:UpdateAssociation", "ssm:DeleteAssociation", "ssm:DescribeAssociation" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ssm:*:*:document/AWSOperationsPack*", "arn:aws:ssm:*::document/AWSEC2-UpdateLaunchAgent", "arn:aws:ssm:*::document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*::document/AWS-EnableExplorer", "arn:aws:ssm:*::document/AWS-GatherSoftwareInventory", "arn:aws:ssm:*::document/AWS-RunPatchBaselineAssociation", "arn:aws:ssm:*::document/AWS-UpdateSSMAgent", "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:association/*" ], "Sid":"QSAssociationsManage" }, { "Action":[ "events:DescribeRule", "events:PutRule", "events:DeleteRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/*QuickSetup-*" ], "Sid":"EventRulesManage" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"config-conforms.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" ], "Sid":"CPacksSLRCreate" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"SSMSLRCreate" }, { "Action":[ "iam:CreateRole", "iam:GetRole", "iam:UpdateRole", "iam:DeleteRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoleTags", "iam:TagRole", "iam:UntagRole" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*", "arn:aws:iam::*:role/AWSOperationsPack-*" ], "Sid":"QSConfigRoleManage" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com", "events.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*", "arn:aws:iam::*:role/AWSOperationsPack-*" ], "Sid":"QSConfigRolePass" }, { "Action":[ "ssm:DescribeDocument" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DocDescribe" }, { "Action":[ "ssm:DeleteDocument" ], "Condition":{ "StringLike":{ "aws:ResourceTag/QuickSetupID":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"LegacyDocClean" }, { "Action":[ "iam:DeleteRole", "iam:DeleteRolePolicy" ], "Condition":{ "StringLike":{ "aws:ResourceTag/QuickSetupID":"*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*QuickSetup-*", "Sid":"LegacyIAMClean" }, { "Action":[ "iam:DeleteRolePolicy", "iam:PutRolePolicy", "iam:PutRolePermissionsBoundary" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] }, "StringEquals":{ "iam:PermissionsBoundary":[ "arn:aws:iam::aws:policy/AWSQuickSetupCFGCPacksPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupCFGRecordingPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupDevOpsGuruPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupDistributorPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupSchedulerPermissionsBoundary", "arn:aws:iam::aws:policy/AWSQuickSetupSSMHostMgmtPermissionsBoundary" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*", "arn:aws:iam::*:role/AWSOperationsPack-*" ], "Sid":"QSConfigRoleBounded" }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/AWSSystemsManagerEnableExplorerExecutionPolicy", "arn:aws:iam::aws:policy/AWSSystemsManagerEnableConfigRecordingExecutionPolicy" ] }, "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*", "arn:aws:iam::*:role/AWSOperationsPack-*" ], "Sid":"QSConfigRoleManagedPolicies" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:55:21+00:00" }, "AWSQuickSetupDevOpsGuruPermissionsBoundary":{ "CreateDate":"2024-06-26T09:44:42+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"CreateSystemsManagerSLRPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"devops-guru.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru" ], "Sid":"CreateDevOpsGuruSLRPermissions" }, { "Action":[ "cloudformation:ListStacks", "cloudformation:DescribeStacks" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudformationReadOnlyPermissions" }, { "Action":[ "devops-guru:AddNotificationChannel" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:DevOpsGuru-Default-Topic", "arn:aws:devops-guru:*:*:/channels" ], "Sid":"DevOpsGuruNotificationChannelPermissions" }, { "Action":[ "devops-guru:UpdateResourceCollection", "devops-guru:UpdateServiceIntegration" ], "Effect":"Allow", "Resource":"*", "Sid":"DevOpsGuruConfigurationPermissions" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSReadOnlyPermissions" }, { "Action":[ "sns:AddPermission", "sns:CreateTopic", "sns:GetTopicAttributes", "sns:Publish", "sns:SetTopicAttributes", "sns:RemovePermission" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:DevOpsGuru-Default-Topic", "Sid":"DevOpsGuruDefaultSNSTopicConfigurationPermissions" }, { "Action":[ "iam:ListRoles", "config:DescribeConfigurationRecorders", "compute-optimizer:GetEnrollmentStatus", "support:DescribeTrustedAdvisorChecks" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForEnablingExplorer" }, { "Action":[ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/ssm-patchmanager", "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/EC2", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ExplorerOnboarded", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/Association", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ComputeOptimizer", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ConfigCompliance", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/OpsData-TrustedAdvisor", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/SupportCenterCase" ], "Sid":"SSMExplorerServiceSettingsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:44:42+00:00" }, "AWSQuickSetupDistributorPermissionsBoundary":{ "CreateDate":"2024-06-26T09:50:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-RoleForDistributor-*" ], "Sid":"DistributorAutomationRoleGetPermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-RoleForDistributor-*" ], "Sid":"DistributorAutomationRolePassPermissions" }, { "Action":[ "iam:CreateRole", "iam:DeleteRole", "iam:UpdateRole", "iam:GetRole" ], "Condition":{ "ArnLike":{ "aws:PrincipalArn":"arn:aws:iam::*:role/AWS-QuickSetup-RoleForDistributor-*" }, "StringLike":{ "aws:PrincipalTag/QuickSetupManagerID":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceRoleManagePermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceRolePassToEC2Permissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceRolePassToSSMPermissions" }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils", "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" ] }, "ArnLike":{ "aws:PrincipalArn":"arn:aws:iam::*:role/AWS-QuickSetup-RoleForDistributor-*" }, "StringLike":{ "aws:PrincipalTag/QuickSetupManagerID":"*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"InstanceManagementPoliciesAttachPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"CreateSystemsManagerSLRPermissions" }, { "Action":[ "iam:AddRoleToInstanceProfile" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DefaultInstanceRoleAddPermissions" }, { "Action":[ "iam:GetInstanceProfile", "iam:GetRolePolicy", "iam:ListInstanceProfilesForRole", "iam:ListRoles" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"IAMReadOnlyPermissions" }, { "Action":[ "iam:CreateInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceProfileCreatePermissions" }, { "Action":[ "ec2:AssociateIamInstanceProfile" ], "Condition":{ "ArnLike":{ "ec2:NewInstanceProfile":"arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" }, "Null":{ "ec2:InstanceProfile":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"DefaultInstanceProfileAssociationPermissions" }, { "Action":[ "ec2:DisassociateIamInstanceProfile" ], "Condition":{ "ArnLike":{ "ec2:InstanceProfile":"arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" } }, "Effect":"Allow", "Resource":"*", "Sid":"DefaultInstanceProfileDisassociationPermissions" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWSQuickSetup-Distributor-*", "arn:aws:ssm:*:*:automation-definition/UpdateCloudWatchDocument-Distributor-*", "arn:aws:ssm:*:*:automation-definition/AWS-ConfigureAWSPackage*", "arn:aws:ssm:*:*:automation-definition/AWS-AttachIAMToInstance*" ], "Sid":"ConfigurationAutomationsStartPermissions" }, { "Action":[ "ssm:ListTagsForResource", "ssm:GetAutomationExecution", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForEnablingHostManagementBySSM" }, { "Action":[ "config:DescribeConfigurationRecorders", "compute-optimizer:GetEnrollmentStatus", "support:DescribeTrustedAdvisorChecks" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForEnablingExplorer" }, { "Action":[ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/ssm-patchmanager", "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/EC2", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ExplorerOnboarded", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/Association", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ComputeOptimizer", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ConfigCompliance", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/OpsData-TrustedAdvisor", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/SupportCenterCase" ], "Sid":"SSMExplorerServiceSettingsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:50:21+00:00" }, "AWSQuickSetupEnableAREXExecutionPolicy":{ "CreateDate":"2024-11-15T22:45:53+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "resource-explorer-2:GetDefaultView", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListViews" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadActions" }, { "Action":[ "resource-explorer-2:UpdateIndexType", "resource-explorer-2:AssociateDefaultView" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowUpdateExistingIndexAndAssociateDefaultView" }, { "Action":[ "resource-explorer-2:CreateView", "resource-explorer-2:CreateIndex", "resource-explorer-2:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"Type" }, "StringEquals":{ "aws:RequestTag/Type":"QuickSetup", "aws:ResourceTag/Type":"QuickSetup" } }, "Effect":"Allow", "Resource":[ "arn:aws:resource-explorer-2:*:*:view/all-resources/*", "arn:aws:resource-explorer-2:*:*:index/*" ], "Sid":"AllowCreateViewAndIndex" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "resource-explorer-2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer", "Sid":"AllowCreateServiceLinkedRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T22:45:53+00:00" }, "AWSQuickSetupEnableDHMCExecutionPolicy":{ "CreateDate":"2024-11-15T21:27:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:CreateRole", "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-QuickSetup-SSM-DefaultEC2MgmtRole-*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-QuickSetup-SSM-DefaultEC2MgmtRole-*" }, { "Action":[ "iam:AttachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":"arn:aws:iam::aws:policy/AmazonSSMManagedEC2InstanceDefaultPolicy" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-QuickSetup-SSM-DefaultEC2MgmtRole-*" }, { "Action":[ "ssm:GetServiceSetting", "ssm:UpdateServiceSetting" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:servicesetting/ssm/managed-instance/default-ec2-instance-management-role" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T21:27:47+00:00" }, "AWSQuickSetupManagedInstanceProfileExecutionPolicy":{ "CreateDate":"2024-11-15T21:51:23+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:GetInstanceProfile", "iam:ListInstanceProfilesForRole" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissions" }, { "Action":[ "iam:CreateRole", "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup", "Sid":"DefaultInstanceRoleManagePermissions" }, { "Action":[ "iam:CreateInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceProfileCreatePermissions" }, { "Action":"iam:AddRoleToInstanceProfile", "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceRoleAddPermissions" }, { "Action":[ "ec2:AssociateIamInstanceProfile" ], "Condition":{ "ArnLike":{ "ec2:NewInstanceProfile":"arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" }, "Null":{ "ec2:InstanceProfile":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"DefaultInstanceProfileAssociationPermissions" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup", "Sid":"DefaultInstanceRolePassToEC2Permissions" }, { "Action":"iam:AttachRolePolicy", "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation", "arn:aws:iam::aws:policy/AWSQuickSetupPatchPolicyBaselineAccess", "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"InstanceManagementPoliciesAttachAmazonSSMManagedInstanceCore" }, { "Action":[ "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"InstanceProfileAssociationEc2Permissions" }, { "Action":[ "ssm:StartAutomationExecution", "ssm:AddTagsToResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/InvokedBy":[ "AWSQuickSetupType-ManageInstanceProfile" ], "aws:ResourceTag/InvokedBy":[ "AWSQuickSetupType-ManageInstanceProfile" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-execution/*", "arn:aws:ssm:*:*:automation-definition/AWS-AttachIAMToInstance*" ], "Sid":"AutomationsStartWithTagPermissions" }, { "Action":"ssm:GetAutomationExecution", "Condition":{ "StringEquals":{ "aws:ResourceTag/InvokedBy":[ "AWSQuickSetupType-ManageInstanceProfile" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AutomationsGetPermissions" }, { "Action":"iam:GetRole", "Condition":{ "StringEquals":{ "iam:ResourceTag/QuickSetupDocument":[ "AWSQuickSetupType-SSM", "AWSQuickSetupType-SSMHostMgmt", "AWSQuickSetupType-PatchPolicy", "AWSQuickSetupType-Distributor" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*" ], "Sid":"GetQuickSetupAutomationAssumeRoles" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ], "iam:ResourceTag/QuickSetupDocument":[ "AWSQuickSetupType-SSM", "AWSQuickSetupType-SSMHostMgmt", "AWSQuickSetupType-PatchPolicy", "AWSQuickSetupType-Distributor" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*" ], "Sid":"PassQuickSetupAutomationAssumeRoles" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T21:51:23+00:00" }, "AWSQuickSetupPatchPolicyBaselineAccess":{ "CreateDate":"2024-06-26T09:38:00+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"s3:GetObject", "Condition":{ "StringEquals":{ "aws:PrincipalAccount":[ "${aws:ResourceAccount}" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::aws-quicksetup-patchpolicy-*", "Sid":"QuickSetupPatchingBaselineOverridesS3SameAccountReadOnlyAccess" }, { "Action":"s3:GetObject", "Condition":{ "StringEquals":{ "aws:PrincipalOrgID":[ "${aws:ResourceOrgID}" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::aws-quicksetup-patchpolicy-*", "Sid":"QuickSetupPatchingBaselineOverridesS3OrganizationReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:38:00+00:00" }, "AWSQuickSetupPatchPolicyDeploymentRolePolicy":{ "CreateDate":"2024-06-26T09:57:02+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStacks", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"CfnRead" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:UpdateStack", "cloudformation:DeleteStack", "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackResourceDrifts", "cloudformation:DetectStackDrift", "cloudformation:DetectStackResourceDrift" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/StackSet-AWS-QuickSetup-*" ], "Sid":"CfnManage" }, { "Action":[ "resource-groups:GetGroupQuery" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RGroupsGet" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"S3BucketsList" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:Put*", "s3:Get*", "s3:List*" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-quicksetup-patchpolicy-access-log-*" ], "Sid":"AccessLogsBucketManage" }, { "Action":[ "lambda:CreateFunction", "lambda:UpdateFunction*", "lambda:GetFunction", "lambda:ListTags", "lambda:TagResource", "lambda:DeleteFunction", "lambda:InvokeFunction", "lambda:UntagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] }, "StringEquals":{ "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:baseline-overrides-*", "arn:aws:lambda:*:*:function:delete-name-tags-*" ], "Sid":"LambdaManage" }, { "Action":[ "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"LogGroupsDescribe" }, { "Action":[ "logs:CreateLogGroup", "logs:TagResource", "logs:PutRetentionPolicy", "logs:DeleteLogGroup", "logs:ListTagsForResource", "logs:UntagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/lambda/baseline-overrides-*", "arn:aws:logs:*:*:log-group:/aws/lambda/delete-name-tags-*" ], "Sid":"LogGroupsManage" }, { "Action":[ "ssm:CreateDocument", "ssm:UpdateDocument", "ssm:DescribeDocument", "ssm:UpdateDocumentDefaultVersion", "ssm:DeleteDocument", "ssm:AddTagsToResource", "ssm:RemoveTagsFromResource", "ssm:ListTagsForResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ssm:*:*:document/QuickSetup-*" ], "Sid":"QSDocsManage" }, { "Action":[ "ssm:GetDocument" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ssm:*:*:document/QuickSetup-*", "arn:aws:ssm:*::document/AWS-EnableExplorer", "arn:aws:ssm:*::document/AWS-RunPatchBaseline" ], "Sid":"QSDocsGet" }, { "Action":[ "ssm:CreateAssociation", "ssm:UpdateAssociation", "ssm:DeleteAssociation", "ssm:DescribeAssociation" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ssm:*:*:document/QuickSetup-*", "arn:aws:ssm:*::document/AWS-EnableExplorer", "arn:aws:ssm:*::document/AWS-RunPatchBaseline", "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:association/*" ], "Sid":"QSAssociationsManage" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"SSMSLRCreate" }, { "Action":[ "iam:TagRole", "iam:UntagRole", "iam:GetRole", "iam:UpdateRole", "iam:DeleteRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoleTags" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*" ], "Sid":"ConfigRoleManage" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*" ], "Sid":"ConfigRolePassToSSM" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lambda.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*" ], "Sid":"ConfigRolePassToLambda" }, { "Action":[ "ssm:DescribeDocument" ], "Effect":"Allow", "Resource":"*", "Sid":"DocDescribe" }, { "Action":[ "ssm:DeleteDocument" ], "Condition":{ "StringLike":{ "aws:ResourceTag/QuickSetupID":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"LegacyDocClean" }, { "Action":[ "iam:DeleteRole", "iam:DeleteRolePolicy" ], "Condition":{ "StringLike":{ "aws:ResourceTag/QuickSetupID":"*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*QuickSetup-*", "Sid":"LegacyIAMClean" }, { "Action":[ "iam:CreateRole", "iam:AttachRolePolicy", "iam:DeleteRolePolicy", "iam:DetachRolePolicy", "iam:PutRolePolicy", "iam:PutRolePermissionsBoundary" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] }, "StringEquals":{ "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/AWSQuickSetupPatchPolicyPermissionsBoundary" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-*" ], "Sid":"ConfigRoleBoundedManage" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:57:02+00:00" }, "AWSQuickSetupPatchPolicyPermissionsBoundary":{ "CreateDate":"2024-06-26T09:46:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-AutomationRole-*" ], "Sid":"PatchingAutomationRoleGetPermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-AutomationRole-*" ], "Sid":"PatchingAutomationRolePassPermissions" }, { "Action":[ "iam:CreateRole", "iam:DeleteRole", "iam:UpdateRole", "iam:GetRole" ], "Condition":{ "ArnLike":{ "aws:PrincipalArn":"arn:aws:iam::*:role/AWS-QuickSetup-AutomationRole-*" }, "StringLike":{ "aws:PrincipalTag/QuickSetupManagerID":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceRolePermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceRolePassPermissions" }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AWSQuickSetupPatchPolicyBaselineAccess" ] }, "ArnLike":{ "aws:PrincipalArn":"arn:aws:iam::*:role/AWS-QuickSetup-AutomationRole-*" }, "StringLike":{ "aws:PrincipalTag/QuickSetupManagerID":"*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"PoliciesAttachPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"CreateSLRPermissions" }, { "Action":[ "iam:AddRoleToInstanceProfile" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"InstanceRoleAddPermissions" }, { "Action":[ "ssm:UpdateManagedInstanceRole" ], "Effect":"Allow", "Resource":"*", "Sid":"ManagedInstanceRoleUpdatePermissions" }, { "Action":[ "iam:GetInstanceProfile", "iam:GetRolePolicy", "iam:ListInstanceProfilesForRole", "iam:ListRoles" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"IAMReadOnlyPermissions" }, { "Action":[ "iam:CreateInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"InstanceProfileCreatePermissions" }, { "Action":[ "ec2:AssociateIamInstanceProfile" ], "Condition":{ "ArnLike":{ "ec2:NewInstanceProfile":"arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" }, "Null":{ "ec2:InstanceProfile":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"InstanceProfileAssociationPermissions" }, { "Action":[ "ec2:DisassociateIamInstanceProfile" ], "Condition":{ "ArnLike":{ "ec2:InstanceProfile":"arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" } }, "Effect":"Allow", "Resource":"*", "Sid":"InstanceProfileDisassociationPermissions" }, { "Action":[ "ssm:DescribeAssociationExecutions", "ssm:UpdateAssociation", "ssm:DescribeAssociation" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSQuickSetup-*", "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:association/*" ], "Sid":"SSMAssociationsPermissions" }, { "Action":[ "s3:CreateBucket", "s3:Put*", "s3:Get*", "s3:List*", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:DeleteBucket" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::aws-quicksetup-patchpolicy-*", "Sid":"BaselineS3Permissions" }, { "Action":[ "lambda:InvokeFunction" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:baseline-overrides-*", "arn:aws:lambda:*:*:function:delete-name-tags-*" ], "Sid":"PatchingFunctionsPermissions" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/lambda/baseline-overrides-*", "arn:aws:logs:*:*:log-group:/aws/lambda/delete-name-tags-*" ], "Sid":"LoggingPermissions" }, { "Action":[ "ssm:AddTagsToResource", "ssm:RemoveTagsFromResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":"QSConfigName-*" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:managed-instance/*", "Sid":"SSMTaggingPermissions" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":"QSConfigName-*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"EC2TaggingPermissions" }, { "Action":[ "iam:TagRole", "iam:UntagRole" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":"QSConfigId-*" } }, "Effect":"Allow", "Resource":"*", "Sid":"RoleTaggingPermissions" }, { "Action":[ "ssm:GetPatchBaseline", "ssm:GetInventory", "ssm:DescribeInstanceInformation", "ssm:DescribeAssociation", "ssm:GetAutomationExecution", "ssm:ListTagsForResource", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"PatchingReadOnlyPermissions" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWS-EnableExplorer*", "arn:aws:ssm:*:*:automation-definition/AWS-RunPatchBaseline*", "arn:aws:ssm:*:*:automation-definition/AWS-AttachIAMToInstance*", "arn:aws:ssm:*:*:automation-definition/QuickSetup-*", "arn:aws:ssm:*:*:automation-definition/AWSQuickSetup-*" ], "Sid":"PatchingAutomationsStartPermissions" }, { "Action":[ "iam:ListRoles", "config:DescribeConfigurationRecorders", "compute-optimizer:GetEnrollmentStatus", "support:DescribeTrustedAdvisorChecks" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForEnablingExplorer" }, { "Action":[ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/ssm-patchmanager", "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/EC2", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ExplorerOnboarded", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/Association", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ComputeOptimizer", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ConfigCompliance", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/OpsData-TrustedAdvisor", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/SupportCenterCase" ], "Sid":"ExplorerServiceSettingsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:46:54+00:00" }, "AWSQuickSetupSSMDeploymentRolePolicy":{ "CreateDate":"2024-11-15T22:53:20+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStacks", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "cloudformation:CreateStack", "cloudformation:UpdateStack", "cloudformation:DeleteStack", "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackResourceDrifts", "cloudformation:DetectStackDrift", "cloudformation:DetectStackResourceDrift", "cloudformation:DescribeStackEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/StackSet-AWS-QuickSetup-SSM-*" ] }, { "Action":[ "lambda:CreateFunction", "lambda:TagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] }, "ForAnyValue:StringLike":{ "aws:TagKeys":[ "QuickSetup*" ] }, "StringEquals":{ "aws:RequestTag/QuickSetupDocument":[ "AWSQuickSetupType-SSM" ], "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ], "aws:ResourceTag/QuickSetupDocument":[ "AWSQuickSetupType-SSM" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:aws-quicksetup-lifecycle*" ] }, { "Action":[ "lambda:InvokeFunction", "lambda:DeleteFunction", "lambda:UpdateFunction*" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] }, "StringEquals":{ "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ], "aws:ResourceTag/QuickSetupDocument":[ "AWSQuickSetupType-SSM" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:aws-quicksetup-lifecycle*" ] }, { "Action":[ "lambda:GetFunction" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cloudformation.amazonaws.com" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:aws-quicksetup-lifecycle*" }, { "Action":[ "ssm:CreateAssociation", "ssm:UpdateAssociation", "ssm:DeleteAssociation", "ssm:DescribeAssociation", "ssm:GetDocument", "ssm:DescribeDocument" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*::document/AWSQuickSetupType-EnableAREX", "arn:aws:ssm:*::document/AWSQuickSetupType-EnableDHMC", "arn:aws:ssm:*::document/AWSQuickSetupType-ManageInstanceProfile", "arn:aws:ssm:*::document/AWS-EnableExplorer", "arn:aws:ssm:*::document/AWS-GatherSoftwareInventory", "arn:aws:ssm:*::document/AWS-UpdateSSMAgent", "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:association/*" ] }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"SSMSLRCreate" }, { "Action":[ "iam:CreateRole", "iam:TagRole" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] }, "ForAnyValue:StringLike":{ "aws:TagKeys":[ "QuickSetup*" ] }, "StringEquals":{ "aws:RequestTag/QuickSetupDocument":[ "AWSQuickSetupType-SSM" ], "aws:ResourceTag/QuickSetupDocument":[ "AWSQuickSetupType-SSM" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-SSM-*", "arn:aws:iam::*:role/AWS-SSM-Remediation*", "arn:aws:iam::*:role/AWS-SSM-Diagnosis*" ] }, { "Action":[ "iam:GetRole", "iam:UpdateRole", "iam:DeleteRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoleTags" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-SSM-*", "arn:aws:iam::*:role/AWS-SSM-Remediation*", "arn:aws:iam::*:role/AWS-SSM-Diagnosis*" ] }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/AWSQuickSetupSSMLifecycleManagementExecutionPolicy" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-SSM-LifecycleManagement-*" ] }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":"arn:aws:iam::aws:policy/AWSQuickSetupSSMManageResourcesExecutionPolicy" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-QuickSetup-SSM-ManageResources-*" }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-AdministrationRolePolicy", "arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-ExecutionRolePolicy", "arn:aws:iam::aws:policy/AWS-SSM-RemediationAutomation-OperationalAccountAdministrationRolePolicy", "arn:aws:iam::aws:policy/AWS-SSM-Automation-DiagnosisBucketPolicy", "arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-AdministrationRolePolicy", "arn:aws:iam::aws:policy/AWS-SSM-DiagnosisAutomation-ExecutionRolePolicy" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-SSM-Remediation*", "arn:aws:iam::*:role/AWS-SSM-Diagnosis*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com", "iam:ResourceTag/QuickSetupDocument":"AWSQuickSetupType-SSM" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"lambda.amazonaws.com", "iam:ResourceTag/QuickSetupDocument":"AWSQuickSetupType-SSM" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-SSM-LifecycleManagement*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-20T12:43:56+00:00" }, "AWSQuickSetupSSMDeploymentS3BucketRolePolicy":{ "CreateDate":"2024-11-15T22:01:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:ListBucket", "s3:PutBucketPolicy", "s3:PutEncryptionConfiguration", "s3:PutBucketTagging", "s3:PutLifecycleConfiguration", "s3:PutBucketVersioning" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cloudformation.amazonaws.com" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T22:01:44+00:00" }, "AWSQuickSetupSSMHostMgmtPermissionsBoundary":{ "CreateDate":"2024-06-26T09:48:42+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-HostMgmtRole-*" ], "Sid":"HostManagementAutomationRoleGetPermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-HostMgmtRole-*" ], "Sid":"HostManagementAutomationRolePassPermissions" }, { "Action":[ "iam:CreateRole", "iam:DeleteRole", "iam:UpdateRole", "iam:GetRole" ], "Condition":{ "ArnLike":{ "aws:PrincipalArn":"arn:aws:iam::*:role/AWS-QuickSetup-HostMgmtRole-*" }, "StringLike":{ "aws:PrincipalTag/QuickSetupManagerID":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceRoleManagePermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceRolePassToEC2Permissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceRolePassToSSMPermissions" }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation" ] }, "ArnLike":{ "aws:PrincipalArn":"arn:aws:iam::*:role/AWS-QuickSetup-HostMgmtRole-*" }, "StringLike":{ "aws:PrincipalTag/QuickSetupManagerID":"*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"InstanceManagementPoliciesAttachPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"CreateSystemsManagerSLRPermissions" }, { "Action":[ "iam:AddRoleToInstanceProfile" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DefaultInstanceRoleAddPermissions" }, { "Action":[ "iam:GetInstanceProfile", "iam:GetRolePolicy", "iam:ListInstanceProfilesForRole", "iam:ListRoles" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"IAMReadOnlyPermissions" }, { "Action":[ "iam:CreateInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" ], "Sid":"DefaultInstanceProfileCreatePermissions" }, { "Action":[ "ec2:AssociateIamInstanceProfile" ], "Condition":{ "ArnLike":{ "ec2:NewInstanceProfile":"arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" }, "Null":{ "ec2:InstanceProfile":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"DefaultInstanceProfileAssociationPermissions" }, { "Action":[ "ec2:DisassociateIamInstanceProfile" ], "Condition":{ "ArnLike":{ "ec2:InstanceProfile":"arn:aws:iam::*:instance-profile/AmazonSSMRoleForInstancesQuickSetup" } }, "Effect":"Allow", "Resource":"*", "Sid":"DefaultInstanceProfileDisassociationPermissions" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWSQuickSetup-HostMgmt-*", "arn:aws:ssm:*:*:automation-definition/AWSQuickSetup-CreateAndAttachIAMToInstance-*", "arn:aws:ssm:*:*:automation-definition/AWSQuickSetup-UpdateExistingInstanceProfile-*", "arn:aws:ssm:*:*:automation-definition/AWSQuickSetup-InstallAndManageCloudWatchDocument-*", "arn:aws:ssm:*:*:automation-definition/UpdateCloudWatchDocument-*", "arn:aws:ssm:*:*:automation-definition/AWSEC2-UpdateLaunchAgent-*", "arn:aws:ssm:*:*:automation-definition/AWS-AttachIAMToInstance*", "arn:aws:ssm:*:*:automation-definition/AWS-GatherSoftwareInventory*", "arn:aws:ssm:*:*:automation-definition/AWS-RunPatchBaselineAssociation*", "arn:aws:ssm:*:*:automation-definition/AWS-UpdateSSMAgent*" ], "Sid":"ConfigurationAutomationsStartPermissions" }, { "Action":[ "ssm:ListTagsForResource", "ssm:GetAutomationExecution", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForEnablingHostManagementBySSM" }, { "Action":[ "config:DescribeConfigurationRecorders", "compute-optimizer:GetEnrollmentStatus", "support:DescribeTrustedAdvisorChecks" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForEnablingExplorer" }, { "Action":[ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/ssm-patchmanager", "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/EC2", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ExplorerOnboarded", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/Association", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ComputeOptimizer", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ConfigCompliance", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/OpsData-TrustedAdvisor", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/SupportCenterCase" ], "Sid":"SSMExplorerServiceSettingsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:48:42+00:00" }, "AWSQuickSetupSSMLifecycleManagementExecutionPolicy":{ "CreateDate":"2024-11-15T21:55:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:GetAutomationExecution" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/QuickSetupDocument":"AWSQuickSetupType-SSM" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ], "iam:ResourceTag/QuickSetupDocument":[ "AWSQuickSetupType-SSM" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-QuickSetup-SSM-ManageResources*" }, { "Action":[ "ssm:StartAutomationExecution", "ssm:AddTagsToResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/QuickSetupDocument":"AWSQuickSetupType-SSM", "aws:ResourceTag/QuickSetupDocument":"AWSQuickSetupType-SSM" } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWSQuickSetupType-SSM-ManageResources*", "arn:aws:ssm:*:*:automation-execution/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T21:55:57+00:00" }, "AWSQuickSetupSSMManageResourcesExecutionPolicy":{ "CreateDate":"2024-11-15T22:49:24+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:CreateRole", "iam:TagRole" ], "Condition":{ "StringEquals":{ "aws:RequestTag/QuickSetupDocument":"AWSQuickSetupType-SSM", "iam:ResourceTag/QuickSetupDocument":"AWSQuickSetupType-SSM" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-SSM-EnableExplorer*", "arn:aws:iam::*:role/AWS-QuickSetup-SSM-EnableDHMC*", "arn:aws:iam::*:role/AWS-QuickSetup-SSM-ManageInstanceProfile*", "arn:aws:iam::*:role/AWS-QuickSetup-SSM-EnableAREX*" ] }, { "Action":[ "iam:DeleteRole", "iam:GetRole", "iam:GetRolePolicy", "iam:UpdateRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-SSM-EnableExplorer*", "arn:aws:iam::*:role/AWS-QuickSetup-SSM-EnableDHMC*", "arn:aws:iam::*:role/AWS-QuickSetup-SSM-ManageInstanceProfile*", "arn:aws:iam::*:role/AWS-QuickSetup-SSM-EnableAREX*" ] }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/AWSSystemsManagerEnableExplorerExecutionPolicy" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-QuickSetup-SSM-EnableExplorer*" }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":"arn:aws:iam::aws:policy/AWSQuickSetupEnableDHMCExecutionPolicy" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-QuickSetup-SSM-EnableDHMC*" }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":"arn:aws:iam::aws:policy/AWSQuickSetupManagedInstanceProfileExecutionPolicy" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-QuickSetup-SSM-ManageInstanceProfile*" }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":"arn:aws:iam::aws:policy/AWSQuickSetupEnableAREXExecutionPolicy" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS-QuickSetup-SSM-EnableAREX*" }, { "Action":[ "s3:DeleteObject", "s3:ListBucketVersions", "s3:DeleteObjectVersion", "s3:GetObjectVersion", "s3:GetObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::do-not-delete-ssm-*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T22:49:24+00:00" }, "AWSQuickSetupSchedulerPermissionsBoundary":{ "CreateDate":"2024-06-26T09:53:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-Scheduler-*" ], "Sid":"ConfigurationAutomationRoleGetPermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWS-QuickSetup-Scheduler-*" ], "Sid":"ConfigurationAutomationRolePassPermissions" }, { "Action":[ "ssm:GetCalendarState" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSQuickSetup-ChangeCalendar-*" ], "Sid":"SystemsManagerCalendarReadOnlyPermissions" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeRegions", "ec2:DescribeTags", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2ReadOnlyPermissions" }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"EC2StartStopPermissions" }, { "Action":[ "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:automation-definition/AWSQuickSetup-StartStateManagerAssociations-*" ], "Sid":"AutomationStartPermissions" }, { "Action":[ "ssm:StartAssociationsOnce" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:association/*" ], "Sid":"AssociationsStartOncePermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"CreateSystemsManagerSLRPermissions" }, { "Action":[ "iam:ListRoles", "config:DescribeConfigurationRecorders", "compute-optimizer:GetEnrollmentStatus", "support:DescribeTrustedAdvisorChecks" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForEnablingExplorer" }, { "Action":[ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/ssm-patchmanager", "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/EC2", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ExplorerOnboarded", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/Association", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ComputeOptimizer", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ConfigCompliance", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/OpsData-TrustedAdvisor", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/SupportCenterCase" ], "Sid":"SSMExplorerServiceSettingsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:53:37+00:00" }, "AWSQuickSightAssetBundleExportPolicy":{ "CreateDate":"2024-03-27T21:31:03+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "quicksight:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:*/*", "Sid":"TagReadAccess" }, { "Action":[ "quicksight:DescribeDashboard", "quicksight:DescribeDashboardPermissions" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:dashboard/*", "Sid":"DashboardReadAccess" }, { "Action":[ "quicksight:DescribeAnalysis", "quicksight:DescribeAnalysisPermissions" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:analysis/*", "Sid":"AnalysisReadAccess" }, { "Action":[ "quicksight:DescribeDataSet", "quicksight:DescribeDataSetRefreshProperties", "quicksight:ListRefreshSchedules", "quicksight:DescribeDataSetPermissions" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:dataset/*", "Sid":"DataSetReadAccess" }, { "Action":[ "quicksight:DescribeDataSource", "quicksight:DescribeDataSourcePermissions" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:datasource/*", "Sid":"DataSourceReadAccess" }, { "Action":[ "quicksight:DescribeTheme", "quicksight:DescribeThemePermissions" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:theme/*", "Sid":"ThemeReadAccess" }, { "Action":[ "quicksight:DescribeVPCConnection", "quicksight:ListVPCConnections" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:vpcConnection/*", "Sid":"VPCConnectionReadAccess" }, { "Action":[ "quicksight:DescribeRefreshSchedule" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:dataset/*/refresh-schedule/*", "Sid":"RefreshScheduleReadAccess" }, { "Action":[ "quicksight:DescribeAssetBundleExportJob", "quicksight:ListAssetBundleExportJobs", "quicksight:StartAssetBundleExportJob" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:asset-bundle-export-job/*", "Sid":"AssetBundleExportOperations" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-27T21:31:03+00:00" }, "AWSQuickSightAssetBundleImportPolicy":{ "CreateDate":"2024-03-27T21:40:34+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "quicksight:ListTagsForResource", "quicksight:TagResource", "quicksight:UntagResource" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:*/*", "Sid":"TagWriteAccess" }, { "Action":[ "quicksight:CreateDashboard", "quicksight:DeleteDashboard", "quicksight:DescribeDashboard", "quicksight:UpdateDashboard", "quicksight:UpdateDashboardPublishedVersion", "quicksight:DescribeDashboardPermissions", "quicksight:UpdateDashboardPermissions", "quicksight:UpdateDashboardLinks" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:dashboard/*", "Sid":"DashboardWriteAccess" }, { "Action":[ "quicksight:CreateAnalysis", "quicksight:DeleteAnalysis", "quicksight:DescribeAnalysis", "quicksight:UpdateAnalysis", "quicksight:DescribeAnalysisPermissions", "quicksight:UpdateAnalysisPermissions" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:analysis/*", "Sid":"AnalysisWriteAccess" }, { "Action":[ "quicksight:CreateDataSet", "quicksight:DeleteDataSet", "quicksight:DescribeDataSet", "quicksight:PassDataSet", "quicksight:UpdateDataSet", "quicksight:DeleteDataSetRefreshProperties", "quicksight:DescribeDataSetRefreshProperties", "quicksight:PutDataSetRefreshProperties", "quicksight:UpdateDataSetPermissions", "quicksight:DescribeDataSetPermissions", "quicksight:ListRefreshSchedules" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:dataset/*", "Sid":"DataSetWriteAccess" }, { "Action":[ "quicksight:CreateDataSource", "quicksight:DescribeDataSource", "quicksight:DeleteDataSource", "quicksight:PassDataSource", "quicksight:UpdateDataSource", "quicksight:UpdateDataSourcePermissions", "quicksight:DescribeDataSourcePermissions" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:datasource/*", "Sid":"DataSourceWriteAccess" }, { "Action":[ "quicksight:CreateTheme", "quicksight:DeleteTheme", "quicksight:DescribeTheme", "quicksight:UpdateTheme", "quicksight:DescribeThemePermissions", "quicksight:UpdateThemePermissions" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:theme/*", "Sid":"ThemeWriteAccess" }, { "Action":[ "quicksight:CreateRefreshSchedule", "quicksight:DescribeRefreshSchedule", "quicksight:DeleteRefreshSchedule", "quicksight:UpdateRefreshSchedule" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:dataset/*/refresh-schedule/*", "Sid":"RefreshScheduleWriteAccess" }, { "Action":[ "quicksight:ListVPCConnections", "quicksight:CreateVPCConnection", "quicksight:DescribeVPCConnection", "quicksight:DeleteVPCConnection", "quicksight:UpdateVPCConnection" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:vpcConnection/*", "Sid":"VPCConnectionWriteAccess" }, { "Action":[ "quicksight:DescribeAssetBundleImportJob", "quicksight:ListAssetBundleImportJobs", "quicksight:StartAssetBundleImportJob" ], "Effect":"Allow", "Resource":"arn:aws:quicksight:*:*:asset-bundle-import-job/*", "Sid":"AssetBundleImportOperations" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-27T21:40:34+00:00" }, "AWSQuickSightDescribeRDS":{ "CreateDate":"2015-11-10T23:24:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "rds:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-11-10T23:24:50+00:00" }, "AWSQuickSightDescribeRedshift":{ "CreateDate":"2015-11-10T23:25:01+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "redshift:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-11-10T23:25:01+00:00" }, "AWSQuickSightElasticsearchPolicy":{ "CreateDate":"2020-09-09T17:27:19+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "es:ESHttpGet" ], "Effect":"Allow", "Resource":[ "arn:aws:es:*:*:domain/*/", "arn:aws:es:*:*:domain/*/_cluster/settings", "arn:aws:es:*:*:domain/*/_cat/indices" ] }, { "Action":"es:ListDomainNames", "Effect":"Allow", "Resource":"*" }, { "Action":[ "es:DescribeElasticsearchDomain", "es:DescribeDomain" ], "Effect":"Allow", "Resource":[ "arn:aws:es:*:*:domain/*" ] }, { "Action":[ "es:ESHttpPost", "es:ESHttpGet" ], "Effect":"Allow", "Resource":[ "arn:aws:es:*:*:domain/*/_opendistro/_sql", "arn:aws:es:*:*:domain/*/_plugin/_sql" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-07T23:25:55+00:00" }, "AWSQuickSightIoTAnalyticsAccess":{ "CreateDate":"2017-11-29T17:00:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iotanalytics:ListDatasets", "iotanalytics:DescribeDataset", "iotanalytics:GetDatasetContent" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-29T17:00:54+00:00" }, "AWSQuickSightListIAM":{ "CreateDate":"2015-11-10T23:25:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-11-10T23:25:07+00:00" }, "AWSQuickSightSageMakerPolicy":{ "CreateDate":"2020-01-17T17:18:13+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "sagemaker:DescribeTransformJob", "sagemaker:StopTransformJob", "sagemaker:CreateTransformJob" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*", "Sid":"SageMakerTransformJobAccess" }, { "Action":[ "sagemaker:ListModels", "sagemaker:DescribeModel" ], "Effect":"Allow", "Resource":"*", "Sid":"SageMakerModelReadAccess" }, { "Action":"s3:GetObject", "Effect":"Allow", "Resource":[ "arn:aws:s3:::quicksight-ml.*", "arn:aws:s3:::sagemaker*" ], "Sid":"S3ObjectReadAccess" }, { "Action":"s3:PutObject", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::sagemaker*", "Sid":"S3ObjectUpdateAccess" }, { "Action":"s3:ListBucket", "Effect":"Allow", "Resource":"arn:aws:s3:::sagemaker*", "Sid":"S3BucketReadAccess" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-30T17:57:43+00:00" }, "AWSQuickSightTimestreamPolicy":{ "CreateDate":"2020-09-30T21:47:03+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "timestream:Select", "timestream:CancelQuery", "timestream:ListTables", "timestream:ListDatabases", "timestream:ListMeasures", "timestream:DescribeTable", "timestream:DescribeDatabase", "timestream:SelectValues", "timestream:DescribeEndpoints" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-30T21:47:03+00:00" }, "AWSQuicksightAthenaAccess":{ "CreateDate":"2016-12-09T02:31:03+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "athena:BatchGetQueryExecution", "athena:CancelQueryExecution", "athena:GetCatalogs", "athena:GetExecutionEngine", "athena:GetExecutionEngines", "athena:GetNamespace", "athena:GetNamespaces", "athena:GetQueryExecution", "athena:GetQueryExecutions", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetTable", "athena:GetTables", "athena:ListQueryExecutions", "athena:RunQuery", "athena:StartQueryExecution", "athena:StopQueryExecution", "athena:ListWorkGroups", "athena:ListEngineVersions", "athena:GetWorkGroup", "athena:GetDataCatalog", "athena:GetDatabase", "athena:GetTableMetadata", "athena:ListDataCatalogs", "athena:ListDatabases", "athena:ListTableMetadata" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetCatalog", "glue:GetCatalogs", "glue:GetDatabase", "glue:GetDatabases", "glue:UpdateDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:GetTable", "glue:GetTables", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload", "s3:CreateBucket", "s3:PutObject", "s3:PutBucketPublicAccessBlock" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-athena-query-results-*" ] }, { "Action":[ "lakeformation:GetDataAccess" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-03T00:22:06+00:00" }, "AWSQuicksightOpenSearchPolicy":{ "CreateDate":"2021-09-07T23:26:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "es:ESHttpGet" ], "Effect":"Allow", "Resource":[ "arn:aws:es:*:*:domain/*/", "arn:aws:es:*:*:domain/*/_cluster/settings", "arn:aws:es:*:*:domain/*/_cat/indices" ] }, { "Action":"es:ListDomainNames", "Effect":"Allow", "Resource":"*" }, { "Action":[ "es:DescribeDomain" ], "Effect":"Allow", "Resource":[ "arn:aws:es:*:*:domain/*" ] }, { "Action":[ "es:ESHttpPost", "es:ESHttpGet" ], "Effect":"Allow", "Resource":[ "arn:aws:es:*:*:domain/*/_opendistro/_sql", "arn:aws:es:*:*:domain/*/_plugin/_sql" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-07T23:26:19+00:00" }, "AWSReachabilityAnalyzerServiceRolePolicy":{ "CreateDate":"2022-11-23T17:12:28+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGatewayAssociations", "directconnect:DescribeDirectConnectGatewayAttachments", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeVirtualGateways", "directconnect:DescribeVirtualInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeManagedPrefixLists", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayConnects", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGateways", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetManagedPrefixListEntries", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:SearchTransitGatewayRoutes", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListAccounts", "organizations:ListDelegatedAdministrators", "resource-groups:ListGroups", "resource-groups:ListGroupResources", "tag:GetResources", "tiros:CreateQuery", "tiros:ExtendQuery", "tiros:GetQueryAnswer", "tiros:GetQueryExplanation", "tiros:GetQueryExtensionAccounts" ], "Effect":"Allow", "Resource":"*", "Sid":"ReachabilityAnalyzerPermissions" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/vpclinks" ], "Sid":"ApigatewayPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-10T16:04:52+00:00" }, "AWSRefactoringToolkitFullAccess":{ "CreateDate":"2022-10-25T16:41:15+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "a2c:GetContainerizationJobDetails", "a2c:GetDeploymentJobDetails", "a2c:StartContainerizationJob", "a2c:StartDeploymentJob" ], "Effect":"Allow", "Resource":"*", "Sid":"App2ContainerAccess" }, { "Action":[ "cloudformation:CreateChangeSet", "cloudformation:CreateStack", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackEvents", "cloudformation:ExecuteChangeSet", "cloudformation:UpdateStack", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:*:cloudformation:*:*:stack/a2c-app-*", "arn:*:cloudformation:*:*:stack/a2c-build-*", "arn:*:cloudformation:*:*:stack/application-transformation-app-*" ], "Sid":"CloudformationExecutionAccess" }, { "Action":[ "codebuild:CreateProject", "codebuild:UpdateProject" ], "Condition":{ "Null":{ "aws:RequestTag/a2c-generated":"false" } }, "Effect":"Allow", "Resource":"arn:aws:codebuild:*:*:project/*", "Sid":"CodeBuildCreateAccess" }, { "Action":[ "codebuild:StartBuild" ], "Effect":"Allow", "Resource":"arn:aws:codebuild:*:*:project/*", "Sid":"CodeBuildExecutionAccess" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":"*", "Sid":"CreateSecurityGroupAccess" }, { "Action":[ "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:AuthorizeSecurityGroupIngress" ], "Condition":{ "Null":{ "aws:RequestTag/a2c-generated":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"Ec2CreateAccess" }, { "Action":[ "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:AuthorizeSecurityGroupIngress" ], "Condition":{ "Null":{ "aws:RequestTag/application-transformation":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"Ec2CreateAccessATS" }, { "Action":[ "ec2:AssociateRouteTable", "ec2:AttachInternetGateway", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteTags", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:RevokeSecurityGroupIngress", "ec2:CreateSubnet", "ec2:CreateRoute", "ec2:CreateRouteTable" ], "Condition":{ "Null":{ "aws:ResourceTag/a2c-generated":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"Ec2ModifyAccess" }, { "Action":[ "ec2:AssociateRouteTable", "ec2:AttachInternetGateway", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteTags", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:RevokeSecurityGroupIngress", "ec2:CreateSubnet", "ec2:CreateRoute", "ec2:CreateRouteTable" ], "Condition":{ "Null":{ "aws:ResourceTag/application-transformation":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"Ec2ModifyAccessATS" }, { "Action":[ "ecr:CreateRepository", "ecr:TagResource" ], "Condition":{ "Null":{ "aws:RequestTag/a2c-generated":"false" } }, "Effect":"Allow", "Resource":"arn:*:ecr:*:*:repository/*", "Sid":"EcrCreateAccess" }, { "Action":[ "ecr:CreateRepository", "ecr:TagResource" ], "Condition":{ "Null":{ "aws:RequestTag/application-transformation":"false" } }, "Effect":"Allow", "Resource":"arn:*:ecr:*:*:repository/*", "Sid":"EcrCreateAccessATS" }, { "Action":[ "ecr:GetLifecyclePolicy", "ecr:GetRepositoryPolicy", "ecr:ListImages", "ecr:ListTagsForResource", "ecr:TagResource", "ecr:UntagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/a2c-generated":"false" } }, "Effect":"Allow", "Resource":"arn:*:ecr:*:*:repository/*", "Sid":"EcrModifyAccess" }, { "Action":[ "ecr:GetLifecyclePolicy", "ecr:GetRepositoryPolicy", "ecr:ListImages", "ecr:ListTagsForResource", "ecr:TagResource", "ecr:UntagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/application-transformation":"false" } }, "Effect":"Allow", "Resource":"arn:*:ecr:*:*:repository/*", "Sid":"EcrModifyAccessATS" }, { "Action":[ "ecs:CreateCluster", "ecs:CreateService", "ecs:RegisterTaskDefinition", "ecs:TagResource" ], "Condition":{ "Null":{ "aws:RequestTag/a2c-generated":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"EcsCreateAccess" }, { "Action":[ "ecs:CreateCluster", "ecs:CreateService", "ecs:RegisterTaskDefinition", "ecs:TagResource" ], "Condition":{ "Null":{ "aws:RequestTag/application-transformation":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"EcsCreateAccessATS" }, { "Action":[ "ecs:UpdateService", "ecs:TagResource", "ecs:UntagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/a2c-generated":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"EcsModifyAccess" }, { "Action":[ "ecs:UpdateService", "ecs:TagResource", "ecs:UntagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/application-transformation":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"EcsModifyAccessATS" }, { "Action":[ "ecs:DescribeTaskDefinition" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"EcsReadTaskDefinitionAccess" }, { "Action":[ "ecs:ExecuteCommand" ], "Condition":{ "StringLike":{ "ecs:container-name":"a2c-sidecar" } }, "Effect":"Allow", "Resource":"*", "Sid":"EcsExecuteCommandInSidecar" }, { "Action":[ "ecs:ExecuteCommand" ], "Condition":{ "StringLike":{ "ecs:container-name":"application-transformation-sidecar" } }, "Effect":"Allow", "Resource":"*", "Sid":"EcsExecuteCommandInSidecarATS" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"ecs.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", "Sid":"CreateEcsServiceLinkedRoleAccess" }, { "Action":[ "logs:CreateLogGroup", "logs:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "a2c-generated" ] }, "Null":{ "aws:RequestTag/a2c-generated":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/codebuild/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" ], "Sid":"CloudwatchCreateAccess" }, { "Action":[ "logs:CreateLogGroup", "logs:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "application-transformation" ] }, "Null":{ "aws:RequestTag/application-transformation":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" ], "Sid":"CloudwatchCreateAccessATS" }, { "Action":[ "logs:GetLogEvents" ], "Condition":{ "Null":{ "aws:ResourceTag/a2c-generated":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/codebuild/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" ], "Sid":"CloudwatchGetAccess" }, { "Action":[ "logs:GetLogEvents" ], "Condition":{ "Null":{ "aws:ResourceTag/application-transformation":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" ], "Sid":"CloudwatchGetAccessATS" }, { "Action":[ "ssm:AddTagsToResource", "ssm:GetParameters", "ssm:PutParameter", "ssm:RemoveTagsFromResource" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/a2c-generated-check-ecs-slr-*", "Sid":"SsmParameterAccess" }, { "Action":[ "ssm:DescribeSessions", "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Effect":"Allow", "Resource":"*", "Sid":"SsmMessagesAccess" }, { "Action":[ "s3:DeleteObject", "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*/refactoringtoolkit*", "arn:aws:s3:::*/a2c-generated*", "arn:aws:s3:::*/application-transformation*" ], "Sid":"S3ObjectAccess" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringLike":{ "s3:prefix":[ "application-transformation", "refactoringtoolkit" ] } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"S3ListAccess" }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStacks", "clouddirectory:ListDirectories", "codebuild:BatchGetProjects", "codebuild:BatchGetBuilds", "ds:DescribeDirectories", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeRegions", "ecr:DescribeImages", "ecr:DescribeRepositories", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTasks", "ecs:ListTagsForResource", "ecs:ListTasks", "iam:ListRoles", "s3:GetBucketLocation", "s3:GetBucketVersioning", "s3:ListAllMyBuckets", "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyAccess" }, { "Action":"iam:GetRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", "Sid":"GetECSSLR" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws.portingassistant.dotnet.datastore", "arn:aws:s3:::aws.portingassistant.dotnet.datastore/*" ], "Sid":"PortingAssistantFullAccess" }, { "Action":[ "application-transformation:StartPortingCompatibilityAssessment", "application-transformation:GetPortingCompatibilityAssessment", "application-transformation:StartPortingRecommendationAssessment", "application-transformation:GetPortingRecommendationAssessment", "application-transformation:PutLogData", "application-transformation:PutMetricData", "application-transformation:StartContainerization", "application-transformation:GetContainerization", "application-transformation:StartDeployment", "application-transformation:GetDeployment" ], "Effect":"Allow", "Resource":"*", "Sid":"ApplicationTransformationAccess" }, { "Action":[ "kms:Decrypt", "kms:Encrypt", "kms:DescribeKey", "kms:GenerateDataKey" ], "Condition":{ "ForAnyValue:StringLike":{ "kms:ResourceAliases":"alias/application-transformation*" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*::*", "Sid":"KmsAccess" }, { "Action":[ "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer" ], "Condition":{ "Null":{ "ecr:ResourceTag/application-transformation":"false" } }, "Effect":"Allow", "Resource":"arn:*:ecr:*:*:repository/*", "Sid":"EcrPushAccess" }, { "Action":[ "ecr:GetAuthorizationToken" ], "Effect":"Allow", "Resource":"*", "Sid":"EcrAuthAccess" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":true }, "ForAnyValue:StringLike":{ "kms:ResourceAliases":"alias/application-transformation*" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*::*", "Sid":"KmsCreateGrantAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-25T18:43:14+00:00" }, "AWSRefactoringToolkitSidecarPolicy":{ "CreateDate":"2022-10-25T16:41:12+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ssmmessages:OpenControlChannel", "ssmmessages:CreateControlChannel", "ssmmessages:OpenDataChannel", "ssmmessages:CreateDataChannel" ], "Effect":"Allow", "Resource":"*", "Sid":"SsmMessagesAccess" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*/refactoringtoolkit*", "Sid":"S3GetObjectAccess" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringLike":{ "s3:prefix":"refactoringtoolkit*" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"S3ListBucketAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-29T22:15:51+00:00" }, "AWSRepostSpaceSupportOperationsPolicy":{ "CreateDate":"2023-11-26T21:52:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "support:AddAttachmentsToSet", "support:AddCommunicationToCase", "support:CreateCase", "support:DescribeCases", "support:DescribeCommunications", "support:ResolveCase" ], "Effect":"Allow", "Resource":"*", "Sid":"RepostSpaceSupportOperations" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-26T21:52:15+00:00" }, "AWSResilienceHubAsssessmentExecutionPolicy":{ "CreateDate":"2023-06-27T12:32:15+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "application-autoscaling:DescribeScalableTargets", "autoscaling:DescribeAutoScalingGroups", "backup:DescribeBackupVault", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:ListBackupPlans", "backup:ListBackupSelections", "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "cloudformation:ValidateTemplate", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "datasync:DescribeTask", "datasync:ListLocations", "datasync:ListTasks", "devops-guru:ListMonitoredResources", "dlm:GetLifecyclePolicies", "dlm:GetLifecyclePolicy", "docdb-elastic:GetCluster", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:ListTagsForResource", "drs:DescribeJobs", "drs:DescribeSourceServers", "drs:GetReplicationConfiguration", "ds:DescribeDirectories", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListGlobalTables", "dynamodb:ListTagsOfResource", "ec2:DescribeAvailabilityZones", "ec2:DescribeFastSnapshotRestores", "ec2:DescribeFleets", "ec2:DescribeHosts", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribePlacementGroups", "ec2:DescribeRegions", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DescribeVpcEndpoints", "ecr:DescribeRegistry", "ecs:DescribeCapacityProviders", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:ListContainerInstances", "ecs:ListServices", "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeNodegroup", "eks:ListFargateProfiles", "eks:ListNodegroups", "elasticache:DescribeCacheClusters", "elasticache:DescribeGlobalReplicationGroups", "elasticache:DescribeReplicationGroups", "elasticache:DescribeSnapshots", "elasticache:DescribeServerlessCaches", "elasticache:DescribeServerlessCacheSnapshots", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeReplicationConfigurations", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "fis:GetExperiment", "fis:GetExperimentTemplate", "fis:ListExperimentTemplates", "fis:ListExperiments", "fis:ListExperimentResolvedTargets", "fsx:DescribeFileSystems", "lambda:GetFunctionConcurrency", "lambda:GetFunctionConfiguration", "lambda:ListAliases", "lambda:ListEventSourceMappings", "lambda:ListFunctionEventInvokeConfigs", "lambda:ListVersionsByFunction", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBInstances", "rds:DescribeDBProxies", "rds:DescribeDBProxyTargets", "rds:DescribeDBSnapshots", "rds:DescribeGlobalClusters", "rds:ListTagsForResource", "resource-groups:GetGroup", "resource-groups:ListGroupResources", "route53-recovery-control-config:ListClusters", "route53-recovery-control-config:ListControlPanels", "route53-recovery-control-config:ListRoutingControls", "route53-recovery-readiness:GetReadinessCheckStatus", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:ListReadinessChecks", "route53:GetHealthCheck", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListResourceRecordSets", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverEndpointIpAddresses", "s3:ListBucket", "servicecatalog:GetApplication", "servicecatalog:ListAssociatedResources", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "ssm:DescribeAutomationExecutions", "states:DescribeStateMachine", "states:ListStateMachineVersions", "states:ListStateMachineAliases", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSResilienceHubFullResourceStatement" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/apis/*", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/usageplans" ], "Sid":"AWSResilienceHubApiGatewayStatement" }, { "Action":[ "s3:CreateBucket", "s3:PutObject", "s3:GetObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::aws-resilience-hub-artifacts-*", "Sid":"AWSResilienceHubS3ArtifactStatement" }, { "Action":[ "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicyStatus", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetMultiRegionAccessPointRoutes", "s3:GetReplicationConfiguration", "s3:ListAllMyBuckets", "s3:ListMultiRegionAccessPoints" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSResilienceHubS3AccessStatement" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"ResilienceHub" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSResilienceHubCloudWatchStatement" }, { "Action":[ "ssm:GetParametersByPath" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/ResilienceHub/*", "Sid":"AWSResilienceHubSSMStatement" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-16T14:40:07+00:00" }, "AWSResourceAccessManagerFullAccess":{ "CreateDate":"2019-06-04T17:28:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ram:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-04T17:28:22+00:00" }, "AWSResourceAccessManagerReadOnlyAccess":{ "CreateDate":"2019-12-09T20:58:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ram:Get*", "ram:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-09T20:58:37+00:00" }, "AWSResourceAccessManagerResourceShareParticipantAccess":{ "CreateDate":"2019-12-09T20:41:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ram:AcceptResourceShareInvitation", "ram:GetResourcePolicies", "ram:GetResourceShareInvitations", "ram:GetResourceShares", "ram:ListPendingInvitationResources", "ram:ListPrincipals", "ram:ListResources", "ram:RejectResourceShareInvitation" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-09T20:41:37+00:00" }, "AWSResourceAccessManagerServiceRolePolicy":{ "CreateDate":"2018-11-14T19:28:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListChildren", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListRoots" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:DeleteRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ram.amazonaws.com/*" ], "Sid":"AllowDeletionOfServiceLinkedRoleForResourceAccessManager" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-14T19:28:28+00:00" }, "AWSResourceExplorerFullAccess":{ "CreateDate":"2022-11-07T20:01:20+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "resource-explorer-2:*", "ec2:DescribeRegions", "ram:ListResources", "ram:GetResourceShares", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"ResourceExplorerConsoleFullAccess" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "resource-explorer-2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ResourceExplorerSLRAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-14T16:53:46+00:00" }, "AWSResourceExplorerOrganizationsAccess":{ "CreateDate":"2023-11-14T17:01:12+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "resource-explorer-2:*", "ec2:DescribeRegions", "ram:ListResources", "ram:GetResourceShares", "organizations:ListAccounts", "organizations:ListRoots", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAccountsForParent", "organizations:ListDelegatedAdministrators", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyAccess" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer", "Sid":"ResourceExplorerGetSLRAccess" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "resource-explorer-2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ResourceExplorerCreateSLRAccess" }, { "Action":[ "organizations:EnableAWSServiceAccess", "organizations:DisableAWSServiceAccess", "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "resource-explorer-2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"OrganizationsAdministratorAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-14T17:01:12+00:00" }, "AWSResourceExplorerReadOnlyAccess":{ "CreateDate":"2022-11-07T19:56:00+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "resource-explorer-2:Get*", "resource-explorer-2:List*", "resource-explorer-2:Search", "resource-explorer-2:BatchGetView", "ec2:DescribeRegions", "ram:ListResources", "ram:GetResourceShares", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"ResourceExplorerReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-14T16:43:41+00:00" }, "AWSResourceExplorerServiceRolePolicy":{ "CreateDate":"2022-10-25T20:35:29+00:00", "DefaultVersionId":"v13", "Document":{ "Statement":[ { "Action":[ "cloudtrail:CreateServiceLinkedChannel", "cloudtrail:GetServiceLinkedChannel" ], "Effect":"Allow", "Resource":"arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*", "Sid":"CloudTrailEventsAccess" }, { "Action":"apigateway:GET", "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/deployments", "arn:aws:apigateway:*::/vpclinks" ], "Sid":"ApiGatewayAccess" }, { "Action":[ "access-analyzer:ListAnalyzers", "acm-pca:ListCertificateAuthorities", "acm:ListCertificates", "airflow:ListEnvironments", "amplify:ListApps", "amplify:ListBackendEnvironments", "amplify:ListBranches", "amplify:ListDomainAssociations", "amplifyuibuilder:ListComponents", "amplifyuibuilder:ListThemes", "app-integrations:ListEventIntegrations", "appconfig:ListApplications", "appconfig:ListDeploymentStrategies", "appflow:ListFlows", "appmesh:ListMeshes", "appmesh:ListVirtualNodes", "appmesh:ListVirtualServices", "apprunner:ListServices", "apprunner:ListVpcConnectors", "appstream:DescribeAppBlocks", "appstream:DescribeApplications", "appstream:DescribeFleets", "appstream:DescribeImageBuilders", "appstream:DescribeStacks", "appsync:ListGraphqlApis", "aps:ListRuleGroupsNamespaces", "aps:ListWorkspaces", "athena:ListDataCatalogs", "athena:ListWorkGroups", "auditmanager:GetAccountStatus", "auditmanager:ListAssessments", "autoscaling:DescribeAutoScalingGroups", "backup:ListBackupPlans", "backup:ListBackupVaults", "backup:ListReportPlans", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", "batch:ListSchedulingPolicies", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", "cloud9:ListEnvironments", "cloudformation:ListResources", "cloudformation:ListStackSets", "cloudformation:ListStacks", "cloudfront:ListCachePolicies", "cloudfront:ListCloudFrontOriginAccessIdentities", "cloudfront:ListContinuousDeploymentPolicies", "cloudfront:ListDistributions", "cloudfront:ListFieldLevelEncryptionConfigs", "cloudfront:ListFieldLevelEncryptionProfiles", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "cloudfront:ListOriginRequestPolicies", "cloudfront:ListRealtimeLogConfigs", "cloudfront:ListResponseHeadersPolicies", "cloudtrail:ListChannels", "cloudtrail:ListEventDataStores", "cloudtrail:ListTrails", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeInsightRules", "cloudwatch:ListDashboards", "cloudwatch:ListMetricStreams", "codeartifact:ListDomains", "codeartifact:ListRepositories", "codebuild:ListProjects", "codecommit:ListRepositories", "codeconnections:ListConnections", "codedeploy:ListApplications", "codedeploy:ListDeploymentConfigs", "codeguru-profiler:ListProfilingGroups", "codeguru-reviewer:ListRepositoryAssociations", "codepipeline:ListPipelines", "codepipeline:ListWebhooks", "codestar-connections:ListConnections", "cognito-identity:ListIdentityPools", "cognito-idp:ListUserPools", "comprehend:ListDocumentClassifiers", "comprehend:ListEntityRecognizers", "connect:ListInstances", "connect:ListPhoneNumbersV2", "connect:ListQuickConnects", "connect:ListRules", "connect:ListTaskTemplates", "connect:ListUsers", "databrew:ListDatasets", "databrew:ListJobs", "databrew:ListProjects", "databrew:ListRecipes", "databrew:ListRulesets", "databrew:ListSchedules", "dataexchange:ListDataSets", "datapipeline:ListPipelines", "datasync:ListLocations", "datasync:ListTasks", "dax:DescribeClusters", "detective:ListGraphs", "devicefarm:ListProjects", "devicefarm:ListTestGridProjects", "dms:DescribeEndpoints", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", "dms:DescribeReplicationTasks", "ds:DescribeDirectories", "dynamodb:ListStreams", "dynamodb:ListTables", "ec2:DescribeAddresses", "ec2:DescribeCapacityReservationFleets", "ec2:DescribeCapacityReservations", "ec2:DescribeCarrierGateways", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeElasticGpus", "ec2:DescribeExportImageTasks", "ec2:DescribeExportTasks", "ec2:DescribeFleets", "ec2:DescribeFlowLogs", "ec2:DescribeFpgaImages", "ec2:DescribeHostReservations", "ec2:DescribeHosts", "ec2:DescribeImages", "ec2:DescribeImportImageTasks", "ec2:DescribeImportSnapshotTasks", "ec2:DescribeInstanceEventWindows", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeIpamPools", "ec2:DescribeIpamResourceDiscoveries", "ec2:DescribeIpamResourceDiscoveryAssociations", "ec2:DescribeIpamScopes", "ec2:DescribeIpams", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplates", "ec2:DescribeManagedPrefixLists", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInsightsAccessScopeAnalyses", "ec2:DescribeNetworkInsightsAccessScopes", "ec2:DescribeNetworkInsightsAnalyses", "ec2:DescribeNetworkInsightsPaths", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribePublicIpv4Pools", "ec2:DescribeReservedInstances", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSubnets", "ec2:DescribeTrafficMirrorFilters", "ec2:DescribeTrafficMirrorSessions", "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayConnectPeers", "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DescribeTransitGatewayPolicyTables", "ec2:DescribeTransitGatewayRouteTableAnnouncements", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGateways", "ec2:DescribeVerifiedAccessEndpoints", "ec2:DescribeVerifiedAccessGroups", "ec2:DescribeVerifiedAccessInstances", "ec2:DescribeVerifiedAccessTrustProviders", "ec2:DescribeVolumes", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetSubnetCidrReservations", "ecr-public:DescribeRepositories", "ecr:DescribeRepositories", "ecs:DescribeCapacityProviders", "ecs:DescribeServices", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListServices", "ecs:ListTaskDefinitions", "ecs:ListTasks", "eks:ListClusters", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheSecurityGroups", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeGlobalReplicationGroups", "elasticache:DescribeReplicationGroups", "elasticache:DescribeReservedCacheNodes", "elasticache:DescribeSnapshots", "elasticache:DescribeUserGroups", "elasticache:DescribeUsers", "elasticbeanstalk:DescribeApplicationVersions", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTargetGroups", "elasticmapreduce:ListClusters", "emr-containers:ListVirtualClusters", "emr-serverless:ListApplications", "es:ListDomainNames", "events:ListApiDestinations", "events:ListArchives", "events:ListConnections", "events:ListEndpoints", "events:ListEventBuses", "events:ListRules", "evidently:ListExperiments", "evidently:ListFeatures", "evidently:ListLaunches", "evidently:ListProjects", "finspace:ListEnvironments", "firehose:ListDeliveryStreams", "fis:ListExperimentTemplates", "forecast:ListDatasetGroups", "forecast:ListDatasetImportJobs", "forecast:ListDatasets", "forecast:ListForecastExportJobs", "forecast:ListForecasts", "forecast:ListPredictorBacktestExportJobs", "forecast:ListPredictors", "frauddetector:GetDetectors", "frauddetector:GetEntityTypes", "frauddetector:GetEventTypes", "frauddetector:GetExternalModels", "frauddetector:GetLabels", "frauddetector:GetModels", "frauddetector:GetOutcomes", "frauddetector:GetVariables", "fsx:DescribeFileSystems", "gamelift:DescribeGameSessionQueues", "gamelift:DescribeMatchmakingConfigurations", "gamelift:DescribeMatchmakingRuleSets", "gamelift:ListAliases", "gamelift:ListBuilds", "gamelift:ListLocations", "geo:ListMaps", "geo:ListPlaceIndexes", "geo:ListTrackers", "glacier:ListVaults", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", "glue:GetCrawlers", "glue:GetDatabases", "glue:GetJobs", "glue:GetTables", "glue:GetTriggers", "glue:ListMLTransforms", "grafana:ListWorkspaces", "greengrass:ListComponentVersions", "greengrass:ListComponents", "greengrass:ListConnectorDefinitions", "greengrass:ListCoreDefinitions", "greengrass:ListDeviceDefinitions", "greengrass:ListFunctionDefinitions", "greengrass:ListGroups", "greengrass:ListLoggerDefinitions", "greengrass:ListResourceDefinitions", "greengrass:ListSubscriptionDefinitions", "groundstation:ListConfigs", "groundstation:ListDataflowEndpointGroups", "groundstation:ListMissionProfiles", "guardduty:ListDetectors", "guardduty:ListFilters", "guardduty:ListIPSets", "guardduty:ListThreatIntelSets", "healthlake:ListFHIRDatastores", "iam:ListGroups", "iam:ListInstanceProfiles", "iam:ListOpenIDConnectProviders", "iam:ListPolicies", "iam:ListRoles", "iam:ListSAMLProviders", "iam:ListServerCertificates", "iam:ListUsers", "iam:ListVirtualMFADevices", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", "imagebuilder:ListContainerRecipes", "imagebuilder:ListDistributionConfigurations", "imagebuilder:ListImageBuildVersions", "imagebuilder:ListImagePipelines", "imagebuilder:ListImageRecipes", "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", "inspector:ListAssessmentTemplates", "iot:ListAuthorizers", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListJobTemplates", "iot:ListMitigationActions", "iot:ListPolicies", "iot:ListProvisioningTemplates", "iot:ListRoleAliases", "iot:ListSecurityProfiles", "iot:ListThings", "iot:ListTopicRuleDestinations", "iot:ListTopicRules", "iotanalytics:ListChannels", "iotanalytics:ListDatasets", "iotanalytics:ListDatastores", "iotanalytics:ListPipelines", "iotdeviceadvisor:ListSuiteDefinitions", "iotevents:ListAlarmModels", "iotevents:ListDetectorModels", "iotevents:ListInputs", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListVehicles", "iotsitewise:ListAssetModels", "iotsitewise:ListAssets", "iotsitewise:ListDashboards", "iotsitewise:ListGateways", "iotsitewise:ListPortals", "iotsitewise:ListProjects", "iottwinmaker:ListComponentTypes", "iottwinmaker:ListEntities", "iottwinmaker:ListScenes", "iottwinmaker:ListSyncJobs", "iottwinmaker:ListWorkspaces", "iotwireless:ListServiceProfiles", "ivs:ListChannels", "ivs:ListRecordingConfigurations", "ivs:ListStreamKeys", "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "kafka:ListClusters", "kafka:ListConfigurations", "kendra:ListIndices", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesisanalytics:ListApplications", "kinesisvideo:ListStreams", "kms:ListAliases", "kms:ListKeys", "lambda:ListAliases", "lambda:ListCodeSigningConfigs", "lambda:ListEventSourceMappings", "lambda:ListFunctions", "lambda:ListLayerVersions", "lambda:ListLayers", "lex:ListBotAliases", "lex:ListBots", "license-manager:ListDistributedGrants", "lightsail:GetBuckets", "lightsail:GetCertificates", "lightsail:GetContainerServices", "lightsail:GetDisks", "logs:DescribeDestinations", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "lookoutmetrics:ListAlerts", "lookoutmetrics:ListAnomalyDetectors", "lookoutvision:ListProjects", "m2:ListEnvironments", "macie2:ListAllowLists", "macie2:ListCustomDataIdentifiers", "macie2:ListFindingsFilters", "managedblockchain:ListAccessors", "mediapackage-vod:ListPackagingConfigurations", "mediapackage-vod:ListPackagingGroups", "mediapackage:ListChannels", "mediapackage:ListOriginEndpoints", "mediatailor:ListPlaybackConfigurations", "memorydb:DescribeACLs", "memorydb:DescribeClusters", "memorydb:DescribeParameterGroups", "memorydb:DescribeSubnetGroups", "memorydb:DescribeUsers", "mobiletargeting:GetApps", "mobiletargeting:GetCampaigns", "mobiletargeting:GetSegments", "mobiletargeting:ListTemplates", "mq:ListBrokers", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "networkmanager:DescribeGlobalNetworks", "networkmanager:GetDevices", "networkmanager:GetLinks", "networkmanager:ListAttachments", "networkmanager:ListCoreNetworks", "oam:ListSinks", "omics:ListReferenceStores", "omics:ListRunGroups", "omics:ListWorkflows", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListAccounts", "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListRoots", "outposts:ListSites", "panorama:ListPackages", "personalize:ListDatasetGroups", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "pipes:ListPipes", "proton:ListEnvironmentAccountConnections", "qldb:ListJournalKinesisStreamsForLedger", "qldb:ListLedgers", "quicksight:DescribeAccountSubscription", "quicksight:ListDataSets", "quicksight:ListDataSources", "quicksight:ListTemplates", "quicksight:ListThemes", "ram:GetResourceShares", "rds:DescribeBlueGreenDeployments", "rds:DescribeDBClusterEndpoints", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBProxies", "rds:DescribeDBProxyEndpoints", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEventSubscriptions", "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:DescribeReservedDBInstances", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeClusters", "redshift:DescribeEventSubscriptions", "redshift:DescribeSnapshotCopyGrants", "redshift:DescribeSnapshotSchedules", "redshift:DescribeUsageLimits", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListRoutes", "refactor-spaces:ListServices", "rekognition:DescribeProjects", "resiliencehub:ListApps", "resiliencehub:ListResiliencyPolicies", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListViews", "resource-groups:ListGroups", "robomaker:ListRobotApplications", "robomaker:ListSimulationApplications", "route53-recovery-control-config:ListClusters", "route53-recovery-control-config:ListControlPanels", "route53-recovery-control-config:ListSafetyRules", "route53-recovery-readiness:ListReadinessChecks", "route53-recovery-readiness:ListRecoveryGroups", "route53-recovery-readiness:ListResourceSets", "route53:ListHealthChecks", "route53:ListHostedZones", "route53domains:ListDomains", "route53resolver:ListFirewallDomainLists", "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverRules", "rum:ListAppMonitors", "s3:GetBucketLocation", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListMultiRegionAccessPoints", "s3:ListStorageLensConfigurations", "sagemaker:ListAppImageConfigs", "sagemaker:ListDomains", "sagemaker:ListEndpoints", "sagemaker:ListFeatureGroups", "sagemaker:ListImages", "sagemaker:ListModels", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelines", "scheduler:ListScheduleGroups", "scheduler:ListSchedules", "schemas:ListDiscoverers", "secretsmanager:ListSecrets", "servicecatalog:ListApplications", "servicecatalog:ListAttributeGroups", "servicediscovery:ListServices", "ses:ListConfigurationSets", "ses:ListContactLists", "ses:ListEmailIdentities", "signer:ListSigningProfiles", "sns:ListTopics", "sqs:ListQueues", "ssm-incidents:ListResponsePlans", "ssm:DescribeAutomationExecutions", "ssm:DescribeInstanceInformation", "ssm:DescribeMaintenanceWindowTargets", "ssm:DescribeMaintenanceWindowTasks", "ssm:DescribeMaintenanceWindows", "ssm:DescribeParameters", "ssm:DescribePatchBaselines", "ssm:ListAssociations", "ssm:ListDocuments", "ssm:ListInventoryEntries", "ssm:ListResourceDataSync", "states:ListActivities", "states:ListStateMachines", "storagegateway:ListGateways", "synthetics:ListGroups", "timestream:ListDatabases", "timestream:ListScheduledQueries", "transfer:ListAgreements", "transfer:ListCertificates", "transfer:ListConnectors", "transfer:ListProfiles", "transfer:ListServers", "transfer:ListWorkflows", "wisdom:ListAssistants", "wisdom:listAssistantAssociations", "wisdom:listKnowledgeBases", "workspaces:DescribeConnectionAliases", "workspaces:DescribeWorkspaces" ], "Effect":"Allow", "Resource":"*", "Sid":"ResourceInventoryAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-25T14:22:06+00:00" }, "AWSResourceGroupsReadOnlyAccess":{ "CreateDate":"2018-03-07T10:27:04+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "resource-groups:Get*", "resource-groups:List*", "resource-groups:Search*", "tag:Get*", "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:DescribeVpcs", "elasticache:DescribeCacheClusters", "elasticache:DescribeSnapshots", "elasticache:ListTagsForResource", "elasticbeanstalk:DescribeEnvironments", "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListClusters", "glacier:ListVaults", "glacier:DescribeVault", "glacier:ListTagsForVault", "kinesis:ListStreams", "kinesis:DescribeStream", "kinesis:ListTagsForStream", "opsworks:DescribeStacks", "opsworks:ListTags", "rds:DescribeDBInstances", "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "redshift:DescribeClusters", "redshift:DescribeTags", "route53domains:ListDomains", "route53:ListHealthChecks", "route53:GetHealthCheck", "route53:ListHostedZones", "route53:GetHostedZone", "route53:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:DescribeGatewayInformation", "storagegateway:ListTagsForResource", "s3:ListAllMyBuckets", "s3:GetBucketTagging", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTags", "ssm:ListDocuments" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-02-05T17:56:25+00:00" }, "AWSRoboMakerReadOnlyAccess":{ "CreateDate":"2018-11-26T05:30:50+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "robomaker:List*", "robomaker:BatchDescribe*", "robomaker:Describe*", "robomaker:Get*" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor0" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-28T23:10:18+00:00" }, "AWSRoboMakerServicePolicy":{ "CreateDate":"2018-11-26T06:30:08+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "greengrass:CreateDeployment", "greengrass:CreateGroupVersion", "greengrass:CreateFunctionDefinition", "greengrass:CreateFunctionDefinitionVersion", "greengrass:GetDeploymentStatus", "greengrass:GetGroup", "greengrass:GetGroupVersion", "greengrass:GetCoreDefinitionVersion", "greengrass:GetFunctionDefinitionVersion", "greengrass:GetAssociatedRole", "lambda:CreateFunction", "robomaker:CreateSimulationJob", "robomaker:CancelSimulationJob" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "robomaker:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:robomaker:*:*:simulation-job/*" }, { "Action":[ "lambda:UpdateFunctionCode", "lambda:GetFunction", "lambda:UpdateFunctionConfiguration", "lambda:DeleteFunction", "lambda:ListVersionsByFunction", "lambda:GetAlias", "lambda:UpdateAlias", "lambda:CreateAlias", "lambda:DeleteAlias" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:aws-robomaker-*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lambda.amazonaws.com", "robomaker.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-11T22:23:45+00:00" }, "AWSRoboMakerServiceRolePolicy":{ "CreateDate":"2018-11-26T05:33:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "greengrass:CreateDeployment", "greengrass:CreateGroupVersion", "greengrass:CreateFunctionDefinition", "greengrass:CreateFunctionDefinitionVersion", "greengrass:GetDeploymentStatus", "greengrass:GetGroup", "greengrass:GetGroupVersion", "greengrass:GetCoreDefinitionVersion", "greengrass:GetFunctionDefinitionVersion", "greengrass:GetAssociatedRole", "lambda:CreateFunction" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "lambda:UpdateFunctionCode", "lambda:GetFunction", "lambda:UpdateFunctionConfiguration" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:aws-robomaker-*" }, { "Action":"iam:PassRole", "Condition":{ "StringEqualsIfExists":{ "iam:PassedToService":"lambda.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-26T05:33:19+00:00" }, "AWSRoboMaker_FullAccess":{ "CreateDate":"2020-09-10T18:34:18+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"robomaker:*", "Effect":"Allow", "Resource":"*" }, { "Action":"s3:GetObject", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"robomaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ecr:BatchGetImage", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"robomaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ecr-public:DescribeImages", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"robomaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"robomaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-16T21:06:10+00:00" }, "AWSRolesAnywhereServicePolicy":{ "CreateDate":"2022-07-05T15:26:11+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/RolesAnywhere", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:DescribeCertificateAuthority" ], "Effect":"Allow", "Resource":"arn:aws:acm-pca:*:*:*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-05T15:26:11+00:00" }, "AWSS3OnOutpostsServiceRolePolicy":{ "CreateDate":"2023-10-03T20:32:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeCoipPools", "ec2:GetCoipPoolUsage", "ec2:DescribeAddresses", "ec2:DescribeLocalGatewayRouteTableVpcAssociations" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeVpcResources" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateNetworkInterface" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":"S3 On Outposts" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"CreateTagsForCreateNetworkInterface" }, { "Action":[ "ec2:AllocateAddress" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:ipv4pool-ec2/*" ], "Sid":"AllocateIpAddress" }, { "Action":[ "ec2:AllocateAddress" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":"S3 On Outposts" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:elastic-ip/*" ], "Sid":"CreateTagsForAllocateIpAddress" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:AssociateAddress" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/CreatedBy":"S3 On Outposts" } }, "Effect":"Allow", "Resource":"*", "Sid":"ReleaseVpcResources" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":[ "S3 On Outposts" ], "ec2:CreateAction":[ "CreateNetworkInterface", "AllocateAddress" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateTags" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-03T20:32:36+00:00" }, "AWSSSMForSAPServiceLinkedRolePolicy":{ "CreateDate":"2022-11-16T01:18:21+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeRouteTables", "ec2:DescribeInstanceTypes", "ec2:DescribeVolumes", "ec2:DescribeInstanceAttribute", "ec2:DescribeSnapshots", "ssm:GetCommandInvocation", "ssm:DescribeInstanceInformation" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeInstanceActions" }, { "Action":"ec2:DescribeInstanceStatus", "Effect":"Allow", "Resource":"*", "Sid":"DescribeInstanceStatus" }, { "Action":[ "events:DeleteRule", "events:PutTargets", "events:DescribeRule", "events:PutRule", "events:RemoveTargets" ], "Effect":"Allow", "Resource":[ "arn:*:events:*:*:rule/SSMSAPManagedRule*", "arn:*:events:*:*:event-bus/default" ], "Sid":"TargetRuleActions" }, { "Action":[ "ssm:DescribeDocument", "ssm:SendCommand" ], "Effect":"Allow", "Resource":[ "arn:*:ssm:*:*:document/AWSSystemsManagerSAP-*", "arn:*:ssm:*:*:document/AWSSSMSAP*", "arn:*:ssm:*:*:document/AWSSAP*" ], "Sid":"DocumentActions" }, { "Action":"ssm:SendCommand", "Condition":{ "StringEqualsIgnoreCase":{ "ssm:resourceTag/SSMForSAPManaged":"True" } }, "Effect":"Allow", "Resource":"arn:*:ec2:*:*:instance/*", "Sid":"CustomerSendCommand" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "Null":{ "aws:RequestTag/awsApplication":"false" }, "StringEqualsIgnoreCase":{ "ec2:ResourceTag/SSMForSAPManaged":"True" } }, "Effect":"Allow", "Resource":"arn:*:ec2:*:*:instance/*", "Sid":"InstanceTagActions" }, { "Action":"ec2:DescribeTags", "Effect":"Allow", "Resource":"*", "Sid":"DescribeTag" }, { "Action":"servicecatalog:GetApplication", "Effect":"Allow", "Resource":"arn:*:servicecatalog:*:*:*", "Sid":"GetApplication" }, { "Action":[ "servicecatalog:DeleteApplication", "servicecatalog:UpdateApplication" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/SSMForSAPCreated":"True" } }, "Effect":"Allow", "Resource":"arn:*:servicecatalog:*:*:*", "Sid":"UpdateOrDeleteApplication" }, { "Action":[ "servicecatalog:TagResource", "servicecatalog:CreateApplication" ], "Condition":{ "StringEquals":{ "aws:RequestTag/SSMForSAPCreated":"True" } }, "Effect":"Allow", "Resource":"arn:*:servicecatalog:*:*:*", "Sid":"CreateApplication" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"servicecatalog-appregistry.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry", "Sid":"CreateServiceLinkedRole" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/Usage", "AWS/SSMForSAP" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"PutMetricData" }, { "Action":"servicecatalog:CreateAttributeGroup", "Condition":{ "StringEquals":{ "aws:RequestTag/SSMForSAPCreated":"True" } }, "Effect":"Allow", "Resource":"arn:*:servicecatalog:*:*:/attribute-groups/*", "Sid":"CreateAttributeGroup" }, { "Action":"servicecatalog:GetAttributeGroup", "Effect":"Allow", "Resource":"arn:*:servicecatalog:*:*:/attribute-groups/*", "Sid":"GetAttributeGroup" }, { "Action":"servicecatalog:DeleteAttributeGroup", "Condition":{ "StringEquals":{ "aws:ResourceTag/SSMForSAPCreated":"True" } }, "Effect":"Allow", "Resource":"arn:*:servicecatalog:*:*:/attribute-groups/*", "Sid":"DeleteAttributeGroup" }, { "Action":[ "servicecatalog:AssociateAttributeGroup", "servicecatalog:DisassociateAttributeGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/SSMForSAPCreated":"True" } }, "Effect":"Allow", "Resource":"arn:*:servicecatalog:*:*:*", "Sid":"AttributeGroupActions" }, { "Action":"servicecatalog:ListAssociatedAttributeGroups", "Effect":"Allow", "Resource":"arn:*:servicecatalog:*:*:*", "Sid":"ListAssociatedAttributeGroups" }, { "Action":[ "resource-groups:CreateGroup", "resource-groups:Tag" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "SSMForSAPCreated" ] }, "StringEquals":{ "aws:ResourceTag/SSMForSAPCreated":"True" } }, "Effect":"Allow", "Resource":"arn:*:resource-groups:*:*:group/SystemsManagerForSAP-*", "Sid":"CreateGroup" }, { "Action":"resource-groups:GetGroup", "Effect":"Allow", "Resource":"arn:*:resource-groups:*:*:group/SystemsManagerForSAP-*", "Sid":"GetGroup" }, { "Action":"resource-groups:DeleteGroup", "Condition":{ "StringEquals":{ "aws:ResourceTag/SSMForSAPCreated":"True" } }, "Effect":"Allow", "Resource":"arn:*:resource-groups:*:*:group/SystemsManagerForSAP-*", "Sid":"DeleteGroup" }, { "Action":[ "resource-groups:CreateGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/EnableAWSServiceCatalogAppRegistry":"true" } }, "Effect":"Allow", "Resource":"arn:*:resource-groups:*:*:group/AWS_AppRegistry_AppTag_*", "Sid":"CreateAppTagResourceGroup" }, { "Action":[ "resource-groups:Tag" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/EnableAWSServiceCatalogAppRegistry":"true" } }, "Effect":"Allow", "Resource":"arn:*:resource-groups:*:*:group/AWS_AppRegistry_AppTag_*", "Sid":"TagAppTagResourceGroup" }, { "Action":[ "resource-groups:GetGroupConfiguration" ], "Effect":"Allow", "Resource":[ "arn:*:resource-groups:*:*:group/AWS_AppRegistry_AppTag_*" ], "Sid":"GetAppTagResourceGroupConfig" }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances" ], "Condition":{ "StringEqualsIgnoreCase":{ "ec2:resourceTag/SSMForSAPManaged":"True" } }, "Effect":"Allow", "Resource":"arn:*:ec2:*:*:instance/*", "Sid":"StartStopInstances" }, { "Action":[ "resource-groups:Tag", "resource-groups:CreateGroup" ], "Condition":{ "ArnLike":{ "aws:RequestTag/awsApplication":"arn:aws:resource-groups:*:*:group/*/*" }, "ForAllValues:StringEquals":{ "aws:TagKeys":[ "SSMForSAPCreated", "awsApplication" ] }, "StringEquals":{ "aws:RequestTag/SSMForSAPCreated":"True" } }, "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/SystemsManagerForSAP-*", "Sid":"SsmSapResourceGroup" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "SystemsManagerForSAP-*" ] }, "StringEquals":{ "aws:ResourceTag/SSMForSAPManaged":"True" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ManageSsmSapTagsOnEc2Instances" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "SystemsManagerForSAP-*" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ManageSsmSapTagsOnEbsVolumes" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ArnLike":{ "aws:RequestTag/awsApplication":"arn:aws:resource-groups:*:*:group/*/*" }, "ForAllValues:StringEquals":{ "aws:TagKeys":[ "awsApplication" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ManageAppTagsOnEbsVolumes" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-11T22:51:34+00:00" }, "AWSSSMOpsInsightsServiceRolePolicy":{ "CreateDate":"2021-06-16T20:12:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:CreateOpsItem", "ssm:AddTagsToResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowCreateOpsItem" }, { "Action":[ "ssm:UpdateOpsItem", "ssm:GetOpsItem" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/SsmOperationalInsight":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessOpsItem" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-06-16T20:12:52+00:00" }, "AWSSSODirectoryAdministrator":{ "CreateDate":"2018-10-31T23:54:00+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "sso-directory:*", "identitystore:*", "identitystore-auth:*", "sso:ListDirectoryAssociations" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSSSODirectoryAdministrator" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-20T20:34:07+00:00" }, "AWSSSODirectoryReadOnly":{ "CreateDate":"2018-10-31T23:49:32+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "sso-directory:Search*", "sso-directory:Describe*", "sso-directory:List*", "sso-directory:Get*", "identitystore:Describe*", "identitystore:List*", "identitystore-auth:ListSessions", "identitystore-auth:BatchGetSession" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSSSODirectoryReadOnly" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-16T18:17:48+00:00" }, "AWSSSOMasterAccountAdministrator":{ "CreateDate":"2018-06-27T20:36:51+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"sso.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", "Sid":"AWSSSOCreateSLR" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"sso.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", "Sid":"AWSSSOMasterAccountAdministrator" }, { "Action":[ "ds:DescribeTrusts", "ds:UnauthorizeApplication", "ds:DescribeDirectories", "ds:AuthorizeApplication", "iam:ListPolicies", "organizations:EnableAWSServiceAccess", "organizations:ListRoots", "organizations:ListAccounts", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAccountsForParent", "organizations:DescribeOrganization", "organizations:ListChildren", "organizations:DescribeAccount", "organizations:ListParents", "organizations:ListDelegatedAdministrators", "sso:*", "sso-directory:*", "identitystore:*", "identitystore-auth:*", "ds:CreateAlias", "access-analyzer:ValidatePolicy", "signin:CreateTrustedIdentityPropagationApplicationForConsole", "signin:ListTrustedIdentityPropagationApplicationsForConsole" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSSSOMemberAccountAdministrator" }, { "Action":[ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":"sso.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSSSOManageDelegatedAdministrator" }, { "Action":[ "identity-sync:DeleteSyncProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:identity-sync:*:*:profile/*" ], "Sid":"AllowDeleteSyncProfile" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-26T17:13:59+00:00" }, "AWSSSOMemberAccountAdministrator":{ "CreateDate":"2018-06-27T20:45:42+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "ds:DescribeDirectories", "ds:AuthorizeApplication", "ds:UnauthorizeApplication", "ds:DescribeTrusts", "iam:ListPolicies", "organizations:EnableAWSServiceAccess", "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListRoots", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListParents", "organizations:ListChildren", "organizations:ListOrganizationalUnitsForParent", "organizations:ListDelegatedAdministrators", "sso:*", "sso-directory:*", "identitystore:*", "identitystore-auth:*", "ds:CreateAlias", "access-analyzer:ValidatePolicy", "signin:CreateTrustedIdentityPropagationApplicationForConsole", "signin:ListTrustedIdentityPropagationApplicationsForConsole" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSSSOMemberAccountAdministrator" }, { "Action":[ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":"sso.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSSSOManageDelegatedAdministrator" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-26T00:31:10+00:00" }, "AWSSSOReadOnly":{ "CreateDate":"2018-06-27T20:24:34+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "ds:DescribeDirectories", "ds:DescribeTrusts", "iam:ListPolicies", "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListParents", "organizations:ListChildren", "organizations:ListAccounts", "organizations:ListRoots", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListDelegatedAdministrators", "sso:Describe*", "sso:Get*", "sso:List*", "sso:Search*", "sso-directory:DescribeDirectory", "access-analyzer:ValidatePolicy", "signin:ListTrustedIdentityPropagationApplicationsForConsole" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSSSOReadOnly" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-26T00:44:59+00:00" }, "AWSSSOServiceRolePolicy":{ "CreateDate":"2017-12-05T18:36:15+00:00", "DefaultVersionId":"v18", "Document":{ "Statement":[ { "Action":[ "iam:AttachRolePolicy", "iam:CreateRole", "iam:PutRolePolicy", "iam:UpdateRole", "iam:UpdateRoleDescription", "iam:UpdateAssumeRolePolicy", "iam:PutRolePermissionsBoundary", "iam:DeleteRolePermissionsBoundary" ], "Condition":{ "StringNotEquals":{ "aws:PrincipalOrgMasterAccountId":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" ], "Sid":"IAMRoleProvisioningActions" }, { "Action":[ "iam:GetRole", "iam:ListRoles" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"IAMRoleReadActions" }, { "Action":[ "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:DetachRolePolicy", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" ], "Sid":"IAMRoleCleanupActions" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus", "iam:DeleteRole", "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO" ], "Sid":"IAMSLRCleanupActions" }, { "Action":[ "iam:CreateSAMLProvider" ], "Condition":{ "StringNotEquals":{ "aws:PrincipalOrgMasterAccountId":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:saml-provider/AWSSSO_*" ], "Sid":"IAMSAMLProviderCreationAction" }, { "Action":[ "iam:UpdateSAMLProvider" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:saml-provider/AWSSSO_*" ], "Sid":"IAMSAMLProviderUpdateAction" }, { "Action":[ "iam:DeleteSAMLProvider", "iam:GetSAMLProvider" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:saml-provider/AWSSSO_*" ], "Sid":"IAMSAMLProviderCleanupActions" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListDelegatedAdministrators", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ds:UnauthorizeApplication" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowUnauthAppForDirectory" }, { "Action":[ "ds:DescribeDirectories", "ds:DescribeTrusts" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowDescribeForDirectory" }, { "Action":[ "identitystore:DescribeUser", "identitystore:DescribeGroup", "identitystore:ListGroups", "identitystore:ListUsers" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowDescribeAndListOperationsOnIdentitySource" }, { "Action":[ "identity-sync:DeleteSyncProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:identity-sync:*:*:profile/*" ], "Sid":"AllowDeleteSyncProfile" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-11T18:37:06+00:00" }, "AWSSavingsPlansFullAccess":{ "CreateDate":"2019-11-06T22:45:18+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"savingsplans:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-06T22:45:18+00:00" }, "AWSSavingsPlansReadOnlyAccess":{ "CreateDate":"2019-11-06T22:45:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "savingsplans:Describe*", "savingsplans:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-06T22:45:10+00:00" }, "AWSSecurityHubFullAccess":{ "CreateDate":"2018-11-27T23:54:34+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"securityhub:*", "Effect":"Allow", "Resource":"*", "Sid":"SecurityHubAllowAll" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"securityhub.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"SecurityHubServiceLinkedRole" }, { "Action":[ "guardduty:GetDetector", "guardduty:ListDetectors", "inspector2:BatchGetAccountStatus", "pricing:GetProducts" ], "Effect":"Allow", "Resource":"*", "Sid":"OtherServicePermission" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-23T18:35:45+00:00" }, "AWSSecurityHubOrganizationsAccess":{ "CreateDate":"2021-03-15T20:53:03+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:ListRoots", "organizations:ListDelegatedAdministrators", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAccountsForParent", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit" ], "Effect":"Allow", "Resource":"*", "Sid":"OrganizationPermissions" }, { "Action":"organizations:EnableAWSServiceAccess", "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":"securityhub.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"OrganizationPermissionsEnable" }, { "Action":[ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":"securityhub.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:organizations::*:account/o-*/*", "Sid":"OrganizationPermissionsDelegatedAdmin" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-16T21:13:44+00:00" }, "AWSSecurityHubReadOnlyAccess":{ "CreateDate":"2018-11-28T01:34:29+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "securityhub:Get*", "securityhub:List*", "securityhub:BatchGet*", "securityhub:Describe*" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSSecurityHubReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-22T23:45:59+00:00" }, "AWSSecurityHubServiceRolePolicy":{ "CreateDate":"2018-11-27T23:47:51+00:00", "DefaultVersionId":"v14", "Document":{ "Statement":[ { "Action":[ "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:GetEventSelectors", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "logs:DescribeMetricFilters", "sns:ListSubscriptionsByTopic", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeConfigRules", "config:DescribeConfigRuleEvaluationStatus", "config:BatchGetResourceConfig", "config:SelectResourceConfig", "iam:GenerateCredentialReport", "organizations:ListAccounts", "config:PutEvaluations", "tag:GetResources", "iam:GetCredentialReport", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListChildren", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganizationalUnit", "securityhub:BatchDisableStandards", "securityhub:BatchEnableStandards", "securityhub:BatchUpdateStandardsControlAssociations", "securityhub:BatchGetSecurityControls", "securityhub:BatchGetStandardsControlAssociations", "securityhub:CreateMembers", "securityhub:DeleteMembers", "securityhub:DescribeHub", "securityhub:DescribeOrganizationConfiguration", "securityhub:DescribeStandards", "securityhub:DescribeStandardsControls", "securityhub:DisassociateFromAdministratorAccount", "securityhub:DisassociateMembers", "securityhub:DisableSecurityHub", "securityhub:EnableSecurityHub", "securityhub:GetEnabledStandards", "securityhub:ListStandardsControlAssociations", "securityhub:ListSecurityControlDefinitions", "securityhub:UpdateOrganizationConfiguration", "securityhub:UpdateSecurityControl", "securityhub:UpdateSecurityHubConfiguration", "securityhub:UpdateStandardsControl" ], "Effect":"Allow", "Resource":"*", "Sid":"SecurityHubServiceRolePermissions" }, { "Action":[ "config:PutConfigRule", "config:DeleteConfigRule", "config:GetComplianceDetailsByConfigRule" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*", "Sid":"SecurityHubServiceRoleConfigPermissions" }, { "Action":[ "organizations:ListDelegatedAdministrators" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "securityhub.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"SecurityHubServiceRoleOrganizationsPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T03:46:47+00:00" }, "AWSSecurityIncidentResponseCaseFullAccess":{ "CreateDate":"2024-12-01T23:21:05+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "security-ir:GetCase", "security-ir:ListCases", "security-ir:GetCaseAttachmentDownloadUrl", "security-ir:ListComments", "security-ir:ListCaseEdits" ], "Effect":"Allow", "Resource":"*", "Sid":"SecurityIRCaseReadAccess" }, { "Action":[ "security-ir:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:security-ir:*:*:case/*", "Sid":"SecurityIRCaseTagReadAccess" }, { "Action":[ "security-ir:CreateCase", "security-ir:UpdateCase", "security-ir:CloseCase", "security-ir:UpdateCaseStatus", "security-ir:UpdateResolverType", "security-ir:GetCaseAttachmentUploadUrl", "security-ir:CreateCaseComment", "security-ir:UpdateCaseComment" ], "Condition":{ "Bool":{ "aws:MultiFactorAuthPresent":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"SecurityIRCaseWriteAccess" }, { "Action":[ "security-ir:TagResource", "security-ir:UntagResource" ], "Condition":{ "Bool":{ "aws:MultiFactorAuthPresent":"true" } }, "Effect":"Allow", "Resource":"arn:aws:security-ir:*:*:case/*", "Sid":"SecurityIRCaseTagWriteAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T23:21:05+00:00" }, "AWSSecurityIncidentResponseFullAccess":{ "CreateDate":"2024-12-01T23:21:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "security-ir:BatchGetMemberAccountDetails", "security-ir:GetMembership", "security-ir:ListMemberships", "security-ir:GetCase", "security-ir:ListCases", "security-ir:GetCaseAttachmentDownloadUrl", "security-ir:ListComments", "security-ir:ListCaseEdits", "security-ir:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"SecurityIRReadAccess" }, { "Action":[ "security-ir:CreateMembership", "security-ir:UpdateMembership", "security-ir:CancelMembership", "security-ir:CreateCase", "security-ir:UpdateCase", "security-ir:CloseCase", "security-ir:UpdateCaseStatus", "security-ir:UpdateResolverType", "security-ir:GetCaseAttachmentUploadUrl", "security-ir:CreateCaseComment", "security-ir:UpdateCaseComment", "security-ir:TagResource", "security-ir:UntagResource" ], "Condition":{ "Bool":{ "aws:MultiFactorAuthPresent":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"SecurityIRWriteAccess" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"security-ir.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/security-ir.amazonaws.com/AWSServiceRoleForSecurityIncidentResponse" ], "Sid":"AllowCreationOfServiceLinkedRoleForSecurityIncidentResponse" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"triage.security-ir.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/triage.security-ir.amazonaws.com/AWSServiceRoleForSecurityIncidentResponse_Triage" ], "Sid":"AllowCreationOfServiceLinkedRoleForSecurityIncidentResponseTriage" }, { "Action":[ "organizations:DescribeOrganization", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", "Resource":"*", "Sid":"OrganizationsPolicies" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T23:21:06+00:00" }, "AWSSecurityIncidentResponseReadOnlyAccess":{ "CreateDate":"2024-12-01T23:06:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "security-ir:BatchGetMemberAccountDetails", "security-ir:GetMembership", "security-ir:ListMemberships", "security-ir:GetCase", "security-ir:ListCases", "security-ir:GetCaseAttachmentDownloadUrl", "security-ir:ListComments", "security-ir:ListCaseEdits", "security-ir:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"SecurityIRReadAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T23:06:06+00:00" }, "AWSSecurityIncidentResponseServiceRolePolicy":{ "CreateDate":"2024-12-01T16:36:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:ListAccounts", "organizations:ListChildren" ], "Effect":"Allow", "Resource":"*", "Sid":"SecurityIncidentResponseOrganizationsPolicy" }, { "Action":[ "security-ir:TagResource", "security-ir:CreateCase" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "SecurityIncidentResponseManaged" ] }, "StringEquals":{ "aws:RequestTag/SecurityIncidentResponseManaged":"true", "aws:ResourceTag/SecurityIncidentResponseManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:security-ir:*:*:case/*", "Sid":"SecurityIncidentResponseCreateCasePolicyTagOnCreate" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T16:36:06+00:00" }, "AWSSecurityIncidentResponseTriageServiceRolePolicy":{ "CreateDate":"2024-12-01T16:36:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "events:DeleteRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"triage.security-ir.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "guardduty:ArchiveFindings", "guardduty:CreateFilter", "guardduty:DescribeMalwareScans", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetFindings", "guardduty:ListDetectors", "guardduty:StartMalwareScan", "guardduty:UpdateFindingsFeedback" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "securityhub:BatchUpdateFindings", "securityhub:DescribeHub", "securityhub:GetEnabledStandards", "securityhub:GetFindings", "securityhub:ListEnabledProductsForImport", "securityhub:UpdateFindings" ], "Effect":"Allow", "Resource":"arn:aws:securityhub:*:*:hub/default" }, { "Action":[ "security-ir:CreateCase", "security-ir:TagResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/SecurityIncidentResponseManaged":"true" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T16:36:07+00:00" }, "AWSServiceCatalogAdminFullAccess":{ "CreateDate":"2018-02-15T17:19:40+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:SetStackPolicy", "cloudformation:UpdateStack", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:ListChangeSets", "cloudformation:DeleteChangeSet", "cloudformation:ListStackResources", "cloudformation:TagResource", "cloudformation:CreateStackSet", "cloudformation:CreateStackInstances", "cloudformation:UpdateStackSet", "cloudformation:UpdateStackInstances", "cloudformation:DeleteStackSet", "cloudformation:DeleteStackInstances", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:ListStackSetOperations", "cloudformation:ListStackSetOperationResults" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/SC-*", "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", "arn:aws:cloudformation:*:*:changeSet/SC-*", "arn:aws:cloudformation:*:*:stackset/SC-*" ] }, { "Action":[ "cloudformation:CreateUploadBucket", "cloudformation:GetTemplateSummary", "cloudformation:ValidateTemplate", "iam:GetGroup", "iam:GetRole", "iam:GetUser", "iam:ListGroups", "iam:ListRoles", "iam:ListUsers", "servicecatalog:Get*", "servicecatalog:Scan*", "servicecatalog:Search*", "servicecatalog:List*", "servicecatalog:TagResource", "servicecatalog:UntagResource", "servicecatalog:SyncResource", "ssm:DescribeDocument", "ssm:GetAutomationExecution", "ssm:ListDocuments", "ssm:ListDocumentVersions", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "servicecatalog:Accept*", "servicecatalog:Associate*", "servicecatalog:Batch*", "servicecatalog:Copy*", "servicecatalog:Create*", "servicecatalog:Delete*", "servicecatalog:Describe*", "servicecatalog:Disable*", "servicecatalog:Disassociate*", "servicecatalog:Enable*", "servicecatalog:Execute*", "servicecatalog:Import*", "servicecatalog:Provision*", "servicecatalog:Put*", "servicecatalog:Reject*", "servicecatalog:Terminate*", "servicecatalog:Update*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"servicecatalog.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"orgsdatasync.servicecatalog.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/orgsdatasync.servicecatalog.amazonaws.com/AWSServiceRoleForServiceCatalogOrgsDataSync" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-13T18:43:01+00:00" }, "AWSServiceCatalogAdminReadOnlyAccess":{ "CreateDate":"2019-10-25T18:53:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:DescribeChangeSet", "cloudformation:ListChangeSets", "cloudformation:ListStackResources", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:ListStackSetOperations", "cloudformation:ListStackSetOperationResults" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/SC-*", "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", "arn:aws:cloudformation:*:*:changeSet/SC-*", "arn:aws:cloudformation:*:*:stackset/SC-*" ] }, { "Action":[ "cloudformation:GetTemplateSummary", "iam:GetGroup", "iam:GetRole", "iam:GetUser", "iam:ListGroups", "iam:ListRoles", "iam:ListUsers", "servicecatalog:Get*", "servicecatalog:List*", "servicecatalog:Describe*", "servicecatalog:ScanProvisionedProducts", "servicecatalog:Search*", "ssm:DescribeDocument", "ssm:GetAutomationExecution", "ssm:ListDocuments", "ssm:ListDocumentVersions", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-25T18:53:38+00:00" }, "AWSServiceCatalogAppRegistryFullAccess":{ "CreateDate":"2020-11-12T22:25:58+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "cloudformation:UpdateStack", "tag:GetResources" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"servicecatalog-appregistry.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AppRegistryUpdateStackAndResourceGroupTagging" }, { "Action":[ "resource-groups:CreateGroup", "resource-groups:DeleteGroup", "resource-groups:GetGroup", "resource-groups:GetTags", "resource-groups:Tag", "resource-groups:Untag", "resource-groups:GetGroupConfiguration", "resource-groups:AssociateResource", "resource-groups:DisassociateResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"servicecatalog-appregistry.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/AWS_*", "Sid":"AppRegistryResourceGroupsIntegration" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"servicecatalog-appregistry.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry*", "Sid":"AppRegistryServiceLinkedRole" }, { "Action":[ "cloudformation:DescribeStacks", "servicecatalog:CreateApplication", "servicecatalog:GetApplication", "servicecatalog:UpdateApplication", "servicecatalog:DeleteApplication", "servicecatalog:ListApplications", "servicecatalog:AssociateResource", "servicecatalog:DisassociateResource", "servicecatalog:GetAssociatedResource", "servicecatalog:ListAssociatedResources", "servicecatalog:AssociateAttributeGroup", "servicecatalog:DisassociateAttributeGroup", "servicecatalog:ListAssociatedAttributeGroups", "servicecatalog:CreateAttributeGroup", "servicecatalog:UpdateAttributeGroup", "servicecatalog:DeleteAttributeGroup", "servicecatalog:GetAttributeGroup", "servicecatalog:ListAttributeGroups", "servicecatalog:SyncResource", "servicecatalog:ListAttributeGroupsForApplication", "servicecatalog:GetConfiguration", "servicecatalog:PutConfiguration" ], "Effect":"Allow", "Resource":"*", "Sid":"AppRegistryOperations" }, { "Action":[ "servicecatalog:ListTagsForResource", "servicecatalog:UntagResource", "servicecatalog:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:servicecatalog:*:*:*", "Sid":"AppRegistryResourceTagging" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-07T21:50:00+00:00" }, "AWSServiceCatalogAppRegistryReadOnlyAccess":{ "CreateDate":"2020-11-12T22:34:32+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "servicecatalog:GetApplication", "servicecatalog:ListApplications", "servicecatalog:GetAssociatedResource", "servicecatalog:ListAssociatedResources", "servicecatalog:ListAssociatedAttributeGroups", "servicecatalog:GetAttributeGroup", "servicecatalog:ListAttributeGroups", "servicecatalog:ListTagsForResource", "servicecatalog:ListAttributeGroupsForApplication", "servicecatalog:GetConfiguration" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-17T18:16:39+00:00" }, "AWSServiceCatalogAppRegistryServiceRolePolicy":{ "CreateDate":"2021-05-18T22:18:55+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":"cloudformation:DescribeStacks", "Effect":"Allow", "Resource":"*" }, { "Action":[ "resource-groups:CreateGroup", "resource-groups:Tag" ], "Condition":{ "StringEquals":{ "aws:RequestTag/EnableAWSServiceCatalogAppRegistry":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "resource-groups:DeleteGroup", "resource-groups:UpdateGroup", "resource-groups:GetTags", "resource-groups:Tag", "resource-groups:Untag" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/EnableAWSServiceCatalogAppRegistry":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "resource-groups:GetGroup", "resource-groups:GetGroupConfiguration" ], "Effect":"Allow", "Resource":[ "arn:*:resource-groups:*:*:group/AWS_AppRegistry*", "arn:*:resource-groups:*:*:group/AWS_CloudFormation_Stack*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-26T16:05:52+00:00" }, "AWSServiceCatalogEndUserFullAccess":{ "CreateDate":"2018-02-15T17:22:32+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:SetStackPolicy", "cloudformation:ValidateTemplate", "cloudformation:UpdateStack", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:ListChangeSets", "cloudformation:DeleteChangeSet", "cloudformation:TagResource", "cloudformation:CreateStackSet", "cloudformation:CreateStackInstances", "cloudformation:UpdateStackSet", "cloudformation:UpdateStackInstances", "cloudformation:DeleteStackSet", "cloudformation:DeleteStackInstances", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:ListStackResources", "cloudformation:ListStackSetOperations", "cloudformation:ListStackSetOperationResults" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/SC-*", "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", "arn:aws:cloudformation:*:*:changeSet/SC-*", "arn:aws:cloudformation:*:*:stackset/SC-*" ] }, { "Action":[ "cloudformation:GetTemplateSummary", "servicecatalog:DescribeProduct", "servicecatalog:DescribeProductView", "servicecatalog:DescribeProvisioningParameters", "servicecatalog:ListLaunchPaths", "servicecatalog:ProvisionProduct", "servicecatalog:SearchProducts", "ssm:DescribeDocument", "ssm:GetAutomationExecution", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "servicecatalog:DescribeProvisionedProduct", "servicecatalog:DescribeRecord", "servicecatalog:ListRecordHistory", "servicecatalog:ListStackInstancesForProvisionedProduct", "servicecatalog:ScanProvisionedProducts", "servicecatalog:TerminateProvisionedProduct", "servicecatalog:UpdateProvisionedProduct", "servicecatalog:SearchProvisionedProducts", "servicecatalog:CreateProvisionedProductPlan", "servicecatalog:DescribeProvisionedProductPlan", "servicecatalog:ExecuteProvisionedProductPlan", "servicecatalog:DeleteProvisionedProductPlan", "servicecatalog:ListProvisionedProductPlans", "servicecatalog:ListServiceActionsForProvisioningArtifact", "servicecatalog:ExecuteProvisionedProductServiceAction", "servicecatalog:DescribeServiceActionExecutionParameters" ], "Condition":{ "StringEquals":{ "servicecatalog:userLevel":"self" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-07-10T20:30:52+00:00" }, "AWSServiceCatalogEndUserReadOnlyAccess":{ "CreateDate":"2019-10-25T18:49:34+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:DescribeChangeSet", "cloudformation:ListChangeSets", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:ListStackResources", "cloudformation:ListStackSetOperations", "cloudformation:ListStackSetOperationResults" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/SC-*", "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", "arn:aws:cloudformation:*:*:changeSet/SC-*", "arn:aws:cloudformation:*:*:stackset/SC-*" ] }, { "Action":[ "cloudformation:GetTemplateSummary", "servicecatalog:DescribeProduct", "servicecatalog:DescribeProductView", "servicecatalog:DescribeProvisioningParameters", "servicecatalog:ListLaunchPaths", "servicecatalog:SearchProducts", "ssm:DescribeDocument", "ssm:GetAutomationExecution", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "servicecatalog:DescribeProvisionedProduct", "servicecatalog:DescribeRecord", "servicecatalog:ListRecordHistory", "servicecatalog:ListStackInstancesForProvisionedProduct", "servicecatalog:ScanProvisionedProducts", "servicecatalog:SearchProvisionedProducts", "servicecatalog:DescribeProvisionedProductPlan", "servicecatalog:ListProvisionedProductPlans", "servicecatalog:ListServiceActionsForProvisioningArtifact", "servicecatalog:DescribeServiceActionExecutionParameters" ], "Condition":{ "StringEquals":{ "servicecatalog:userLevel":"self" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-25T18:49:34+00:00" }, "AWSServiceCatalogOrgsDataSyncServiceRolePolicy":{ "CreateDate":"2023-04-10T20:48:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListChildren", "organizations:ListParents", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"OrganizationsDataSyncToServiceCatalog" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-10T20:48:28+00:00" }, "AWSServiceCatalogSyncServiceRolePolicy":{ "CreateDate":"2022-11-15T21:20:15+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "servicecatalog:ListProvisioningArtifacts", "servicecatalog:DescribeProductAsAdmin", "servicecatalog:DeleteProvisioningArtifact", "servicecatalog:ListServiceActionsForProvisioningArtifact", "servicecatalog:DescribeProvisioningArtifact", "servicecatalog:CreateProvisioningArtifact", "servicecatalog:UpdateProvisioningArtifact" ], "Effect":"Allow", "Resource":"*", "Sid":"ArtifactSyncToServiceCatalog" }, { "Action":[ "codestar-connections:UseConnection", "codeconnections:UseConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*", "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"AccessArtifactRepositories" }, { "Action":[ "cloudformation:ValidateTemplate" ], "Effect":"Allow", "Resource":"*", "Sid":"ValidateTemplate" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-03T17:12:41+00:00" }, "AWSServiceRoleForAmazonEKSNodegroup":{ "CreateDate":"2019-11-07T01:34:26+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "ec2:RevokeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DescribeInstances", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/eks":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"SharedSecurityGroupRelatedPermissions" }, { "Action":[ "ec2:RevokeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DescribeInstances", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/eks:nodegroup-name":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"EKSCreatedSecurityGroupRelatedPermissions" }, { "Action":[ "ec2:DeleteLaunchTemplate", "ec2:CreateLaunchTemplateVersion" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/eks:nodegroup-name":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"LaunchTemplateRelatedPermissions" }, { "Action":[ "autoscaling:UpdateAutoScalingGroup", "autoscaling:DeleteAutoScalingGroup", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:CompleteLifecycleAction", "autoscaling:PutLifecycleHook", "autoscaling:PutNotificationConfiguration", "autoscaling:EnableMetricsCollection", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:ResumeProcesses", "autoscaling:SuspendProcesses" ], "Effect":"Allow", "Resource":"arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*", "Sid":"AutoscalingRelatedPermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAutoscalingToCreateSLR" }, { "Action":[ "autoscaling:CreateOrUpdateTags", "autoscaling:CreateAutoScalingGroup" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "eks", "eks:cluster-name", "eks:nodegroup-name" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowASGCreationByEKS" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPassRoleToAutoscaling" }, { "Action":"iam:PassRole", "Condition":{ "StringEqualsIfExists":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPassRoleToEC2" }, { "Action":[ "iam:GetRole", "ec2:CreateLaunchTemplate", "ec2:DescribeInstances", "iam:GetInstanceProfile", "ec2:DescribeLaunchTemplates", "autoscaling:DescribeAutoScalingGroups", "ec2:CreateSecurityGroup", "ec2:DescribeLaunchTemplateVersions", "ec2:RunInstances", "ec2:DescribeSecurityGroups", "ec2:GetConsoleOutput", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeCapacityReservations" ], "Effect":"Allow", "Resource":"*", "Sid":"PermissionsToManageResourcesForNodegroups" }, { "Action":[ "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:AddRoleToInstanceProfile" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:instance-profile/eks-*", "Sid":"PermissionsToCreateAndManageInstanceProfiles" }, { "Action":[ "ec2:DeleteTags" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "eks", "eks:cluster-name", "eks:nodegroup-name", "kubernetes.io/cluster/*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"PermissionsToDeleteEKSAndKubernetesTags" }, { "Action":[ "ec2:RebootInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/eks:nodegroup-name":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"PermissionsForManagedNodegroupsAutoRepair" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "eks", "eks:cluster-name", "eks:nodegroup-name", "kubernetes.io/cluster/*" ] } }, "Effect":"Allow", "Resource":[ "arn:*:ec2:*:*:security-group/*", "arn:*:ec2:*:*:launch-template/*" ], "Sid":"PermissionsToCreateEKSAndKubernetesTags" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "eks", "eks:cluster-name", "eks:nodegroup-name", "kubernetes.io/cluster/*" ] }, "StringEquals":{ "ec2:CreateAction":[ "RunInstances" ] } }, "Effect":"Allow", "Resource":[ "arn:*:ec2:*:*:instance/*", "arn:*:ec2:*:*:volume/*", "arn:*:ec2:*:*:network-interface/*" ], "Sid":"AllowTaggingEC2ResourcesOnlyDuringInstanceCreation" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-21T00:07:12+00:00" }, "AWSServiceRoleForAmazonQDeveloper":{ "CreateDate":"2024-04-25T07:40:41+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/Q" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"sid1" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-25T07:40:41+00:00" }, "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy":{ "CreateDate":"2020-10-01T09:49:01+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:CreateOpsItem" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-01T09:49:01+00:00" }, "AWSServiceRoleForCloudWatchMetrics_DbPerfInsightsServiceRolePolicy":{ "CreateDate":"2023-09-07T09:32:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "pi:GetResourceMetrics" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-07T09:32:32+00:00" }, "AWSServiceRoleForCodeGuru-Profiler":{ "CreateDate":"2020-06-26T22:04:26+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSNSPublishToSendNotifications" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-26T22:04:26+00:00" }, "AWSServiceRoleForCodeWhispererPolicy":{ "CreateDate":"2023-03-24T19:39:12+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "sso-directory:ListMembersInGroup" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"sid1" }, { "Action":[ "sso:ListProfileAssociations", "sso:ListProfiles", "sso:ListDirectoryAssociations", "sso:DescribeRegisteredRegions", "sso:GetProfile", "sso:GetManagedApplicationInstance", "sso:ListApplicationAssignments", "sso:DescribeInstance", "sso:DescribeApplication" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"sid2" }, { "Action":[ "codeguru-security:CreateUploadUrl" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"sid3" }, { "Action":[ "codeguru-security:CreateScan", "codeguru-security:GetScan", "codeguru-security:ListFindings", "codeguru-security:GetFindings" ], "Effect":"Allow", "Resource":[ "arn:aws:codeguru-security:*:*:scans/CodeWhisperer-*" ], "Sid":"sid4" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/CodeWhisperer" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"sid5" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-29T22:13:56+00:00" }, "AWSServiceRoleForEC2ScheduledInstances":{ "CreateDate":"2017-10-12T18:31:55+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws:ec2sri:scheduledInstanceId" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:ec2sri:scheduledInstanceId":"*" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-10-12T18:31:55+00:00" }, "AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy":{ "CreateDate":"2022-12-13T23:52:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAddresses", "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-13T23:52:45+00:00" }, "AWSServiceRoleForImageBuilder":{ "CreateDate":"2019-11-29T22:02:13+00:00", "DefaultVersionId":"v20", "Document":{ "Statement":[ { "Action":"ec2:RegisterImage", "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*" ] }, { "Action":"ec2:RegisterImage", "Condition":{ "StringEquals":{ "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::snapshot/*" ] }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:license-manager:*:*:license-configuration:*" ] }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":[ "EC2 Image Builder", "EC2 Fast Launch" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "vmie.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:StopInstances", "ec2:StartInstances", "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CopyImage", "ec2:CreateImage", "ec2:CreateLaunchTemplate", "ec2:DeregisterImage", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeInstanceTypes", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:ModifyImageAttribute", "ec2:DescribeImportImageTasks", "ec2:DescribeExportImageTasks", "ec2:DescribeSnapshots", "ec2:DescribeHosts" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:ModifySnapshotAttribute" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":[ "EC2 Image Builder", "EC2 Fast Launch" ], "ec2:CreateAction":[ "RunInstances", "CreateImage" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:export-image-task/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":[ "EC2 Image Builder", "EC2 Fast Launch" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:launch-template/*" ] }, { "Action":[ "license-manager:UpdateLicenseSpecificationsForResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm:ListCommands", "ssm:ListCommandInvocations", "ssm:AddTagsToResource", "ssm:DescribeInstanceInformation", "ssm:GetAutomationExecution", "ssm:StopAutomationExecution", "ssm:ListInventoryEntries", "ssm:SendAutomationSignal", "ssm:DescribeInstanceAssociationsStatus", "ssm:DescribeAssociationExecutions", "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWS-RunPowerShellScript", "arn:aws:ssm:*:*:document/AWS-RunShellScript", "arn:aws:ssm:*:*:document/AWSEC2-RunSysprep", "arn:aws:s3:::*" ] }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "StringEquals":{ "ssm:resourceTag/CreatedBy":[ "EC2 Image Builder" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":"ssm:StartAutomationExecution", "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:automation-definition/ImageBuilder*" }, { "Action":[ "ssm:CreateAssociation", "ssm:DeleteAssociation" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory", "arn:aws:ssm:*:*:association/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "kms:Encrypt", "kms:Decrypt", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "ForAllValues:StringEquals":{ "kms:EncryptionContextKeys":[ "aws:ebs:id" ] }, "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:DescribeKey" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"kms:CreateGrant", "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":true }, "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"sts:AssumeRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole" }, { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" }, { "Action":[ "ec2:CreateLaunchTemplateVersion", "ec2:DescribeLaunchTemplates", "ec2:ModifyLaunchTemplate", "ec2:DescribeLaunchTemplateVersions" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:ExportImage" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::image/*" }, { "Action":[ "ec2:ExportImage" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:export-image-task/*" }, { "Action":[ "ec2:CancelExportTask" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:export-image-task/*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "ssm.amazonaws.com", "ec2fastlaunch.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:EnableFastLaunch" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:launch-template/*" ] }, { "Action":[ "inspector2:ListCoverage", "inspector2:ListFindings" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ecr:CreateRepository" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ecr:TagResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/image-builder-*" }, { "Action":[ "ecr:BatchDeleteImage" ], "Condition":{ "StringEquals":{ "ecr:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/image-builder-*" }, { "Action":[ "events:DeleteRule", "events:DescribeRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/ImageBuilder-*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-26T23:52:06+00:00" }, "AWSServiceRoleForIoTSiteWise":{ "CreateDate":"2018-11-14T19:19:17+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "greengrass:GetAssociatedRole", "greengrass:GetCoreDefinition", "greengrass:GetCoreDefinitionVersion", "greengrass:GetGroup", "greengrass:GetGroupVersion" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSiteWiseReadGreenGrass" }, { "Action":[ "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/iotsitewise*", "Sid":"AllowSiteWiseAccessLogGroup" }, { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*", "Sid":"AllowSiteWiseAccessLog" }, { "Action":[ "iottwinmaker:GetWorkspace", "iottwinmaker:ExecuteQuery" ], "Condition":{ "ForAnyValue:StringEquals":{ "iottwinmaker:linkedServices":[ "IOTSITEWISE" ] } }, "Effect":"Allow", "Resource":"arn:aws:iottwinmaker:*:*:workspace/*", "Sid":"AllowSiteWiseAccessSiteWiseManagedWorkspaceInTwinMaker" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-13T18:27:50+00:00" }, "AWSServiceRoleForLogDeliveryPolicy":{ "CreateDate":"2019-10-04T17:31:19+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "firehose:PutRecord", "firehose:PutRecordBatch", "firehose:ListTagsForDeliveryStream" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/LogDeliveryEnabled":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"LogDeliveryToFirehose" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-16T21:37:06+00:00" }, "AWSServiceRoleForMonitronPolicy":{ "CreateDate":"2020-12-02T19:06:08+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "sso:GetManagedApplicationInstance", "sso:GetProfile", "sso:ListProfiles", "sso:ListProfileAssociations", "sso:AssociateProfile", "sso:ListDirectoryAssociations", "sso-directory:DescribeUsers", "sso-directory:SearchUsers", "sso:CreateApplicationAssignment", "sso:ListApplicationAssignments" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-02T10:06:59+00:00" }, "AWSServiceRoleForNeptuneGraphPolicy":{ "CreateDate":"2023-11-29T14:03:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/Neptune", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"GraphMetrics" }, { "Action":[ "logs:CreateLogGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/neptune/*" ], "Sid":"GraphLogGroup" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" ], "Sid":"GraphLogEvents" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-29T14:03:36+00:00" }, "AWSServiceRoleForPrivateMarketplaceAdminPolicy":{ "CreateDate":"2024-02-14T22:28:01+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:DescribeEntity" ], "Effect":"Allow", "Resource":[ "arn:aws:aws-marketplace:*:*:AWSMarketplace/Experience/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/Audience/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/ProcurementPolicy/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/BrandingSettings/*" ], "Sid":"PrivateMarketplaceCatalogDescribePermissions" }, { "Action":[ "aws-marketplace:DescribeChangeSet" ], "Effect":"Allow", "Resource":"*", "Sid":"PrivateMarketplaceCatalogDescribeChangeSetPermissions" }, { "Action":[ "aws-marketplace:ListEntities", "aws-marketplace:ListChangeSets" ], "Effect":"Allow", "Resource":"*", "Sid":"PrivateMarketplaceCatalogListPermissions" }, { "Action":[ "aws-marketplace:StartChangeSet" ], "Condition":{ "StringEquals":{ "catalog:ChangeType":[ "AssociateAudience", "DisassociateAudience" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:aws-marketplace:*:*:AWSMarketplace/Experience/*", "arn:aws:aws-marketplace:*:*:AWSMarketplace/ChangeSet/*" ], "Sid":"PrivateMarketplaceStartChangeSetPermissions" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListDelegatedAdministrators", "organizations:ListChildren" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"PrivateMarketplaceOrganizationPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-14T22:28:01+00:00" }, "AWSServiceRoleForProcurementInsightsPolicy":{ "CreateDate":"2024-10-03T14:26:03+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ProcurementInsightsPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-03T14:26:03+00:00" }, "AWSServiceRoleForSMS":{ "CreateDate":"2019-08-06T18:39:29+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "cloudformation:CreateChangeSet", "cloudformation:CreateStack" ], "Condition":{ "ForAllValues:StringEquals":{ "cloudformation:ResourceTypes":[ "AWS::EC2::Instance", "AWS::ApplicationInsights::Application", "AWS::ResourceGroups::Group" ] }, "Null":{ "cloudformation:ResourceTypes":"false" } }, "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" }, { "Action":[ "cloudformation:DeleteStack", "cloudformation:ExecuteChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" }, { "Action":[ "cloudformation:ValidateTemplate", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl", "s3:PutLifecycleConfiguration" ], "Effect":"Allow", "Resource":"arn:aws:s3:::sms-app-*" }, { "Action":[ "sms:CreateReplicationJob", "sms:DeleteReplicationJob", "sms:GetReplicationJobs", "sms:GetReplicationRuns", "sms:GetServers", "sms:ImportServerCatalog", "sms:StartOnDemandReplicationRun", "sms:UpdateReplicationJob" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":[ "arn:aws:ssm:*::document/AWS-RunRemoteScript", "arn:aws:s3:::sms-app-*" ] }, { "Action":"ssm:SendCommand", "Condition":{ "StringEquals":{ "ssm:resourceTag/UseForSMSApplicationValidation":[ "true" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":"CopySnapshot" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":"ec2:CopySnapshot", "Condition":{ "StringLike":{ "aws:RequestTag/SMSJobId":[ "sms-*" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:ModifySnapshotAttribute", "ec2:DeleteSnapshot" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/SMSJobId":[ "sms-*" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:CopyImage", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeSnapshotAttribute", "ec2:DeregisterImage", "ec2:ImportImage", "ec2:DescribeImportImageTasks", "ec2:GetEbsEncryptionByDefault" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole", "iam:GetInstanceProfile" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "ec2:ReplaceIamInstanceProfileAssociation" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEqualsIfExists":{ "iam:PassedToService":"cloudformation.amazonaws.com" }, "StringLike":{ "iam:AssociatedResourceArn":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ec2:ModifyInstanceAttribute", "ec2:StopInstances", "ec2:StartInstances", "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "applicationinsights:Describe*", "applicationinsights:List*", "cloudformation:ListStackResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "applicationinsights:CreateApplication", "applicationinsights:CreateComponent", "applicationinsights:UpdateApplication", "applicationinsights:DeleteApplication", "applicationinsights:UpdateComponentConfiguration", "applicationinsights:DeleteComponent" ], "Effect":"Allow", "Resource":"arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" }, { "Action":[ "resource-groups:CreateGroup", "resource-groups:GetGroup", "resource-groups:UpdateGroup", "resource-groups:DeleteGroup" ], "Condition":{ "StringLike":{ "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" } }, "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/sms-app-*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"application-insights.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-15T17:28:13+00:00" }, "AWSServiceRoleForUserSubscriptions":{ "CreateDate":"2024-04-25T16:14:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "identitystore:DescribeGroup", "identitystore:DescribeUser", "identitystore:IsMemberInGroups", "identitystore:ListGroupMemberships", "organizations:DescribeOrganization", "sso:DescribeApplication", "sso:DescribeInstance", "sso:ListInstances", "sso-directory:DescribeUser" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SubscriptionManagementPolicy" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-21T17:37:06+00:00" }, "AWSServiceRolePolicyForBackupReports":{ "CreateDate":"2021-08-19T21:16:45+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "backup:DescribeFramework", "backup:ListBackupJobs", "backup:ListRestoreJobs", "backup:ListCopyJobs" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:BatchGetResourceConfig", "config:SelectResourceConfig", "config:DescribeConfigurationAggregators", "config:SelectAggregateResourceConfig", "config:DescribeConfigRuleEvaluationStatus", "config:DescribeConfigRules", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "config:GetComplianceDetailsByConfigRule", "config:PutConfigRule", "config:DeleteConfigRule" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/backup.amazonaws.com*" }, { "Action":[ "config:DeleteConfigurationAggregator", "config:PutConfigurationAggregator" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:config-aggregator/aws-service-config-aggregator/backup.amazonaws.com*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-10T00:51:25+00:00" }, "AWSServiceRolePolicyForBackupRestoreTesting":{ "CreateDate":"2023-11-10T23:37:45+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "backup:DescribeRecoveryPoint", "backup:DescribeRestoreJob", "backup:DescribeProtectedResource", "backup:GetRecoveryPointRestoreMetadata", "backup:ListBackupVaults", "backup:ListProtectedResources", "backup:ListProtectedResourcesByBackupVault", "backup:ListRecoveryPointsByBackupVault", "backup:ListRecoveryPointsByResource", "backup:ListTags", "backup:StartRestoreJob" ], "Effect":"Allow", "Resource":"*", "Sid":"BackupActions" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"backup.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"IamPassRole" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeSnapshotTierStatus", "ec2:DescribeTags", "ec2:DescribeVolumes", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "fsx:DescribeFileSystems", "fsx:DescribeVolumes", "fsx:ListTagsForResource", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeDBClusterAutomatedBackups", "rds:ListTagsForResource", "redshift:DescribeClusters" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeActions" }, { "Action":[ "ec2:DeleteVolume", "ec2:TerminateInstances", "elasticfilesystem:DeleteFilesystem", "elasticfilesystem:DeleteMountTarget", "rds:DeleteDBCluster", "rds:DeleteDBInstance", "fsx:DeleteFileSystem", "fsx:DeleteVolume" ], "Condition":{ "Null":{ "aws:ResourceTag/awsbackup-restore-test":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"DeleteActions" }, { "Action":[ "dynamodb:DeleteTable", "dynamodb:DescribeTable" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/awsbackup-restore-test-*", "Sid":"DdbDeleteActions" }, { "Action":"redshift:DeleteCluster", "Effect":"Allow", "Resource":"arn:aws:redshift:*:*:cluster:awsbackup-restore-test-*", "Sid":"RedshiftDeleteActions" }, { "Action":[ "s3:DeleteBucket", "s3:GetLifecycleConfiguration", "s3:PutLifecycleConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::awsbackup-restore-test-*", "Sid":"S3DeleteActions" }, { "Action":"timestream:DeleteTable", "Effect":"Allow", "Resource":"arn:aws:timestream:*:*:database/*/table/awsbackup-restore-test-*", "Sid":"TimestreamDeleteActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-14T22:42:37+00:00" }, "AWSShieldDRTAccessPolicy":{ "CreateDate":"2018-06-05T22:29:39+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "cloudfront:List*", "route53:List*", "elasticloadbalancing:Describe*", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "cloudfront:GetDistribution*", "globalaccelerator:ListAccelerators", "globalaccelerator:DescribeAccelerator", "ec2:DescribeRegions", "ec2:DescribeAddresses" ], "Effect":"Allow", "Resource":"*", "Sid":"SRTAccessProtectedResources" }, { "Action":[ "shield:*", "waf:*", "wafv2:*", "waf-regional:*", "elasticloadbalancing:SetWebACL", "cloudfront:UpdateDistribution", "apigateway:SetWebACL" ], "Effect":"Allow", "Resource":"*", "Sid":"SRTManageProtections" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-15T17:28:15+00:00" }, "AWSShieldServiceRolePolicy":{ "CreateDate":"2021-11-17T19:17:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "wafv2:GetWebACL", "wafv2:UpdateWebACL", "wafv2:GetWebACLForResource", "wafv2:ListResourcesForWebACL", "cloudfront:ListDistributions", "cloudfront:GetDistribution" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSShield" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-17T19:17:46+00:00" }, "AWSSocialMessagingServiceRolePolicy":{ "CreateDate":"2024-10-10T19:28:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/SocialMessaging" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudwatchMetricPublishing" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-10T19:28:38+00:00" }, "AWSStepFunctionsConsoleFullAccess":{ "CreateDate":"2017-01-11T21:54:31+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"states:*", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:ListRoles", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/StatesExecutionRole*" }, { "Action":"lambda:ListFunctions", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-01-12T00:19:34+00:00" }, "AWSStepFunctionsFullAccess":{ "CreateDate":"2017-01-11T21:51:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"states:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-01-11T21:51:32+00:00" }, "AWSStepFunctionsReadOnlyAccess":{ "CreateDate":"2017-01-11T21:46:19+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "states:ListStateMachines", "states:ListActivities", "states:DescribeStateMachine", "states:DescribeStateMachineForExecution", "states:ListExecutions", "states:DescribeExecution", "states:GetExecutionHistory", "states:DescribeActivity", "states:ListTagsForResource", "states:DescribeMapRun", "states:ListMapRuns", "states:DescribeStateMachineAlias", "states:ListStateMachineAliases", "states:ListStateMachineVersions", "states:ValidateStateMachineDefinition" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-26T18:53:54+00:00" }, "AWSStorageGatewayFullAccess":{ "CreateDate":"2015-02-06T18:41:09+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "storagegateway:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeSnapshots", "ec2:DeleteSnapshot" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ssm:GetParameters", "Effect":"Allow", "Resource":"arn:aws:ssm:*::parameter/aws/service/storagegateway/*", "Sid":"fetchStorageGatewayParams" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-09-06T20:26:09+00:00" }, "AWSStorageGatewayReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:10+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "storagegateway:List*", "storagegateway:Describe*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ssm:GetParameters", "Effect":"Allow", "Resource":"arn:aws:ssm:*::parameter/aws/service/storagegateway/*", "Sid":"fetchStorageGatewayParams" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-09-06T20:24:17+00:00" }, "AWSStorageGatewayServiceRolePolicy":{ "CreateDate":"2021-02-17T19:03:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "fsx:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:fsx:*:*:backup/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-17T19:03:19+00:00" }, "AWSSupplyChainFederationAdminAccess":{ "CreateDate":"2023-03-01T18:54:25+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "scn:*" ], "Effect":"Allow", "Resource":[ "arn:aws:scn:*:*:instance/*" ], "Sid":"AWSSupplyChain" }, { "Action":[ "chime:BatchCreateChannelMembership", "chime:CreateAppInstanceUser", "chime:CreateChannel", "chime:CreateChannelMembership", "chime:CreateChannelModerator", "chime:Connect", "chime:DeleteChannelMembership", "chime:DeleteChannelModerator", "chime:DescribeChannelMembershipForAppInstanceUser", "chime:GetChannelMembershipPreferences", "chime:ListChannelMemberships", "chime:ListChannelMembershipsForAppInstanceUser", "chime:ListChannelMessages", "chime:ListChannelModerators", "chime:TagResource", "chime:PutChannelMembershipPreferences", "chime:SendChannelMessage", "chime:UpdateChannelReadMarker", "chime:UpdateAppInstanceUser" ], "Condition":{ "StringLike":{ "aws:ResourceTag/SCNInstanceId":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:chime:*:*:app-instance/*" ], "Sid":"ChimeAppInstance" }, { "Action":[ "chime:DescribeChannel" ], "Effect":"Allow", "Resource":[ "arn:aws:chime:*:*:app-instance/*" ], "Sid":"ChimeChannel" }, { "Action":[ "chime:GetMessagingSessionEndpoint" ], "Effect":"Allow", "Resource":"*", "Sid":"ChimeMessaging" }, { "Action":[ "sso:GetManagedApplicationInstance", "sso:ListDirectoryAssociations", "sso:AssociateProfile", "sso:DisassociateProfile", "sso:ListProfiles", "sso:GetProfile", "sso:ListProfileAssociations", "sso:ListApplicationAssignments", "sso:DescribeApplication", "sso:DescribeInstance", "sso:GetApplicationAssignmentConfiguration" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMIdentityCenter" }, { "Action":[ "appflow:CreateConnectorProfile", "appflow:UseConnectorProfile", "appflow:DeleteConnectorProfile", "appflow:UpdateConnectorProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:appflow:*:*:connectorprofile/scn-*" ], "Sid":"AppflowConnectorProfile" }, { "Action":[ "appflow:CreateFlow", "appflow:DeleteFlow", "appflow:DescribeFlow", "appflow:DescribeFlowExecutionRecords", "appflow:ListFlows", "appflow:StartFlow", "appflow:StopFlow", "appflow:UpdateFlow", "appflow:TagResource", "appflow:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:appflow:*:*:flow/scn-*" ], "Sid":"AppflowFlow" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3ListAllBuckets" }, { "Action":[ "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-supply-chain-data-*" ], "Sid":"S3ListSupplyChainBucket" }, { "Action":[ "s3:GetObject", "s3:PutObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-supply-chain-data-*" ], "Sid":"S3ReadWriteObject" }, { "Action":"secretsmanager:CreateSecret", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "appflow.amazonaws.com" ] }, "StringLike":{ "secretsmanager:Name":"appflow!*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:*", "Sid":"SecretsManagerCreateSecret" }, { "Action":[ "secretsmanager:PutResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "appflow.amazonaws.com" ] }, "StringEqualsIgnoreCase":{ "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"appflow" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:*", "Sid":"SecretsManagerPutResourcePolicy" }, { "Action":[ "kms:ListKeys", "kms:ListAliases" ], "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSListKeys" }, { "Action":[ "kms:DescribeKey", "kms:ListGrants" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/aws-supply-chain-access":"true" }, "StringLike":{ "kms:ViaService":"appflow.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSListGrants" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":"true" }, "StringEquals":{ "aws:ResourceTag/aws-supply-chain-access":"true" }, "StringLike":{ "kms:ViaService":"appflow.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSCreateGrant" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-11T21:36:24+00:00" }, "AWSSupportAccess":{ "CreateDate":"2015-02-06T18:41:11+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "support:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:11+00:00" }, "AWSSupportAppFullAccess":{ "CreateDate":"2022-08-22T16:53:41+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "servicequotas:GetRequestedServiceQuotaChange", "servicequotas:GetServiceQuota", "servicequotas:RequestServiceQuotaIncrease", "support:AddAttachmentsToSet", "support:AddCommunicationToCase", "support:CreateCase", "support:DescribeCases", "support:DescribeCommunications", "support:DescribeSeverityLevels", "support:InitiateChatForCase", "support:ResolveCase" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"servicequotas.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-22T16:53:41+00:00" }, "AWSSupportAppReadOnlyAccess":{ "CreateDate":"2022-08-22T17:01:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "support:DescribeCases", "support:DescribeCommunications" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-22T17:01:15+00:00" }, "AWSSupportPlansFullAccess":{ "CreateDate":"2022-09-27T18:19:30+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "supportplans:GetSupportPlan", "supportplans:GetSupportPlanUpdateStatus", "supportplans:ListSupportPlanModifiers", "supportplans:StartSupportPlanUpdate", "supportplans:CreateSupportPlanSchedule" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-09T21:15:14+00:00" }, "AWSSupportPlansReadOnlyAccess":{ "CreateDate":"2022-09-27T18:08:29+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "supportplans:GetSupportPlan", "supportplans:GetSupportPlanUpdateStatus", "supportplans:ListSupportPlanModifiers" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-09T21:21:02+00:00" }, "AWSSupportServiceRolePolicy":{ "CreateDate":"2018-04-19T18:04:44+00:00", "DefaultVersionId":"v39", "Document":{ "Statement":[ { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/account", "arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*", "arn:aws:apigateway:*::/apis/*/authorizers", "arn:aws:apigateway:*::/apis/*/authorizers/*", "arn:aws:apigateway:*::/apis/*/deployments", "arn:aws:apigateway:*::/apis/*/deployments/*", "arn:aws:apigateway:*::/apis/*/integrations", "arn:aws:apigateway:*::/apis/*/integrations/*", "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", "arn:aws:apigateway:*::/apis/*/models", "arn:aws:apigateway:*::/apis/*/models/*", "arn:aws:apigateway:*::/apis/*/routes", "arn:aws:apigateway:*::/apis/*/routes/*", "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*", "arn:aws:apigateway:*::/clientcertificates", "arn:aws:apigateway:*::/clientcertificates/*", "arn:aws:apigateway:*::/domainnames", "arn:aws:apigateway:*::/domainnames/*", "arn:aws:apigateway:*::/domainnames/*/apimappings", "arn:aws:apigateway:*::/domainnames/*/apimappings/*", "arn:aws:apigateway:*::/domainnames/*/basepathmappings", "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/restapis/*/authorizers", "arn:aws:apigateway:*::/restapis/*/authorizers/*", "arn:aws:apigateway:*::/restapis/*/deployments", "arn:aws:apigateway:*::/restapis/*/deployments/*", "arn:aws:apigateway:*::/restapis/*/models", "arn:aws:apigateway:*::/restapis/*/models/*", "arn:aws:apigateway:*::/restapis/*/models/*/default_template", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/resources/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/usageplans", "arn:aws:apigateway:*::/usageplans/*", "arn:aws:apigateway:*::/vpclinks", "arn:aws:apigateway:*::/vpclinks/*" ], "Sid":"AWSSupportAPIGatewayAccess" }, { "Action":[ "iam:DeleteRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" ], "Sid":"AWSSupportDeleteRoleAccess" }, { "Action":[ "access-analyzer:getAccessPreview", "access-analyzer:getAnalyzedResource", "access-analyzer:getAnalyzer", "access-analyzer:getArchiveRule", "access-analyzer:getFinding", "access-analyzer:getGeneratedPolicy", "access-analyzer:listAccessPreviewFindings", "access-analyzer:listAccessPreviews", "access-analyzer:listAnalyzedResources", "access-analyzer:listAnalyzers", "access-analyzer:listArchiveRules", "access-analyzer:listFindings", "access-analyzer:listPolicyGenerations", "account:getRegionOptStatus", "account:listRegions", "acm-pca:describeCertificateAuthority", "acm-pca:describeCertificateAuthorityAuditReport", "acm-pca:getCertificate", "acm-pca:getCertificateAuthorityCertificate", "acm-pca:getCertificateAuthorityCsr", "acm-pca:listCertificateAuthorities", "acm-pca:listTags", "acm:describeCertificate", "acm:getAccountConfiguration", "acm:getCertificate", "acm:listCertificates", "acm:listTagsForCertificate", "airflow:getEnvironment", "airflow:listEnvironments", "airflow:listTagsForResource", "amplify:getApp", "amplify:getBackendEnvironment", "amplify:getBranch", "amplify:getDomainAssociation", "amplify:getJob", "amplify:getWebhook", "amplify:listApps", "amplify:listBackendEnvironments", "amplify:listBranches", "amplify:listDomainAssociations", "amplify:listWebhooks", "amplifyuibuilder:exportComponents", "amplifyuibuilder:exportThemes", "aoss:batchGetCollection", "aoss:batchGetEffectiveLifecyclePolicy", "aoss:batchGetLifecyclePolicy", "aoss:batchGetVpcEndpoint", "aoss:getAccessPolicy", "aoss:getAccountSettings", "aoss:getPoliciesStats", "aoss:getSecurityConfig", "aoss:getSecurityPolicy", "aoss:listAccessPolicies", "aoss:listCollections", "aoss:listLifecyclePolicies", "aoss:listSecurityConfigs", "aoss:listSecurityPolicies", "aoss:listTagsForResource", "aoss:listVpcEndpoints", "appconfig:getApplication", "appconfig:getConfigurationProfile", "appconfig:getDeployment", "appconfig:getDeploymentStrategy", "appconfig:getEnvironment", "appconfig:getExtension", "appconfig:getExtensionAssociation", "appconfig:listApplications", "appconfig:listConfigurationProfiles", "appconfig:listDeployments", "appconfig:listDeploymentStrategies", "appconfig:listEnvironments", "appconfig:listExtensionAssociations", "appconfig:listHostedConfigurationVersions", "appconfig:listExtensions", "appflow:describeConnectorEntity", "appflow:describeConnectorProfiles", "appflow:describeConnectors", "appflow:describeFlow", "appflow:describeFlowExecutionRecords", "appflow:listConnectorEntities", "appflow:listFlows", "application-autoscaling:describeScalableTargets", "application-autoscaling:describeScalingActivities", "application-autoscaling:describeScalingPolicies", "application-autoscaling:describeScheduledActions", "applicationinsights:describeApplication", "applicationinsights:describeComponent", "applicationinsights:describeComponentConfiguration", "applicationinsights:describeComponentConfigurationRecommendation", "applicationinsights:describeLogPattern", "applicationinsights:describeObservation", "applicationinsights:describeProblem", "applicationinsights:describeProblemObservations", "applicationinsights:listApplications", "applicationinsights:listComponents", "applicationinsights:listConfigurationHistory", "applicationinsights:listLogPatterns", "applicationinsights:listLogPatternSets", "applicationinsights:listProblems", "appmesh:describeGatewayRoute", "appmesh:describeMesh", "appmesh:describeRoute", "appmesh:describeVirtualGateway", "appmesh:describeVirtualNode", "appmesh:describeVirtualRouter", "appmesh:describeVirtualService", "appmesh:listGatewayRoutes", "appmesh:listMeshes", "appmesh:listRoutes", "appmesh:listTagsForResource", "appmesh:listVirtualGateways", "appmesh:listVirtualNodes", "appmesh:listVirtualRouters", "appmesh:listVirtualServices", "apprunner:describeAutoScalingConfiguration", "apprunner:describeCustomDomains", "apprunner:describeOperation", "apprunner:describeService", "apprunner:listAutoScalingConfigurations", "apprunner:listConnections", "apprunner:listOperations", "apprunner:listServices", "application-signals:getServiceLevelObjective", "application-signals:getService", "application-signals:listServiceDependencies", "application-signals:listServiceDependents", "application-signals:listServiceLevelObjectives", "application-signals:listServiceOperations", "application-signals:listServices", "apprunner:listTagsForResource", "appstream:describeAppBlockBuilderAppBlockAssociations", "appstream:describeAppBlockBuilders", "appstream:describeAppBlocks", "appstream:describeApplicationFleetAssociations", "appstream:describeApplications", "appstream:describeDirectoryConfigs", "appstream:describeEntitlements", "appstream:describeFleets", "appstream:describeImageBuilders", "appstream:describeImagePermissions", "appstream:describeImages", "appstream:describeSessions", "appstream:describeStacks", "appstream:describeUsageReportSubscriptions", "appstream:describeUsers", "appstream:describeUserStackAssociations", "appstream:listAssociatedFleets", "appstream:listAssociatedStacks", "appstream:listEntitledApplications", "appstream:listTagsForResource", "appsync:getApiAssociation", "appsync:getApiCache", "appsync:getDomainName", "appsync:getFunction", "appsync:getGraphqlApi", "appsync:getIntrospectionSchema", "appsync:getResolver", "appsync:getSchemaCreationStatus", "appsync:getSourceApiAssociation", "appsync:getType", "appsync:listDataSources", "appsync:listDomainNames", "appsync:listFunctions", "appsync:listGraphqlApis", "appsync:listResolvers", "appsync:listResolversByFunction", "appsync:listSourceApiAssociations", "appsync:listTypes", "appsync:listTypesByAssociation", "aps:describeAlertManagerDefinition", "aps:describeRuleGroupsNamespace", "aps:describeScraper", "aps:describeWorkspace", "aps:listRuleGroupsNamespaces", "aps:listScrapers", "aps:listWorkspaces", "athena:batchGetNamedQuery", "athena:batchGetQueryExecution", "athena:getCalculationExecution", "athena:getCalculationExecutionStatus", "athena:getDataCatalog", "athena:getNamedQuery", "athena:getNotebookMetadata", "athena:getQueryExecution", "athena:getQueryRuntimeStatistics", "athena:getSession", "athena:getSessionStatus", "athena:getWorkGroup", "athena:listApplicationDPUSizes", "athena:listCalculationExecutions", "athena:listDataCatalogs", "athena:listEngineVersions", "athena:listExecutors", "athena:listNamedQueries", "athena:listNotebookMetadata", "athena:listNotebookSessions", "athena:listQueryExecutions", "athena:listSessions", "athena:listTagsForResource", "athena:listWorkGroups", "athena:getCapacityAssignmentConfiguration", "athena:getCapacityReservation", "athena:listCapacityReservations", "auditmanager:getAccountStatus", "auditmanager:getDelegations", "auditmanager:listAssessmentFrameworks", "auditmanager:listAssessmentReports", "auditmanager:listAssessments", "auditmanager:listControls", "auditmanager:listKeywordsForDataSource", "auditmanager:listNotifications", "autoscaling-plans:describeScalingPlanResources", "autoscaling-plans:describeScalingPlans", "autoscaling-plans:getScalingPlanResourceForecastData", "autoscaling:describeAccountLimits", "autoscaling:describeAdjustmentTypes", "autoscaling:describeAutoScalingGroups", "autoscaling:describeAutoScalingInstances", "autoscaling:describeAutoScalingNotificationTypes", "autoscaling:describeInstanceRefreshes", "autoscaling:describeLaunchConfigurations", "autoscaling:describeLifecycleHooks", "autoscaling:describeLifecycleHookTypes", "autoscaling:describeLoadBalancers", "autoscaling:describeLoadBalancerTargetGroups", "autoscaling:describeMetricCollectionTypes", "autoscaling:describeNotificationConfigurations", "autoscaling:describePolicies", "autoscaling:describeScalingActivities", "autoscaling:describeScalingProcessTypes", "autoscaling:describeScheduledActions", "autoscaling:describeTrafficSources", "autoscaling:describeTags", "autoscaling:describeTerminationPolicyTypes", "autoscaling:describeWarmPool", "backup:describeBackupJob", "backup:describeBackupVault", "backup:describeCopyJob", "backup:describeFramework", "backup:describeGlobalSettings", "backup:describeProtectedResource", "backup:describeRecoveryPoint", "backup:describeRegionSettings", "backup:describeReportJob", "backup:describeReportPlan", "backup:describeRestoreJob", "backup:getBackupPlan", "backup:getBackupPlanFromJSON", "backup:getBackupPlanFromTemplate", "backup:getBackupSelection", "backup:getBackupVaultAccessPolicy", "backup:getBackupVaultNotifications", "backup:getLegalHold", "backup:getRecoveryPointRestoreMetadata", "backup:getRestoreJobMetadata", "backup:getRestoreTestingInferredMetadata", "backup:getRestoreTestingPlan", "backup:getRestoreTestingSelection", "backup:getSupportedResourceTypes", "backup:listBackupJobs", "backup:listBackupPlans", "backup:listBackupPlanTemplates", "backup:listBackupPlanVersions", "backup:listBackupSelections", "backup:listBackupVaults", "backup:listCopyJobs", "backup:listFrameworks", "backup:listLegalHolds", "backup:listProtectedResources", "backup:listRecoveryPointsByBackupVault", "backup:listRecoveryPointsByLegalHold", "backup:listRecoveryPointsByResource", "backup:listReportJobs", "backup:listReportPlans", "backup:listRestoreJobs", "backup:listRestoreJobsByProtectedResource", "backup:listRestoreTestingPlans", "backup:listRestoreTestingSelections", "backup:listTags", "backup-gateway:getGateway", "backup-gateway:getHypervisor", "backup-gateway:getHypervisorPropertyMappings", "backup-gateway:getVirtualMachine", "backup-gateway:listGateways", "backup-gateway:listHypervisors", "backup-gateway:listVirtualMachines", "batch:describeComputeEnvironments", "batch:describeJobDefinitions", "batch:describeJobQueues", "batch:describeJobs", "batch:listJobs", "bedrock:getAgent", "bedrock:getAgentActionGroup", "bedrock:getAgentAlias", "bedrock:getAgentKnowledgeBase", "bedrock:getAgentVersion", "bedrock:getDataSource", "bedrock:getIngestionJob", "bedrock:getKnowledgeBase", "bedrock:getModelInvocationLoggingConfiguration", "bedrock:listAgentActionGroups", "bedrock:listAgentAliases", "bedrock:listAgentKnowledgeBases", "bedrock:listAgents", "bedrock:listAgentVersions", "bedrock:listCustomModels", "bedrock:listDataSources", "bedrock:listIngestionJobs", "bedrock:listKnowledgeBases", "bedrock:listProvisionedModelThroughputs", "bedrock:getEvaluationJob", "bedrock:getFoundationModel", "bedrock:getCustomModel", "bedrock:getGuardrail", "bedrock:getImportedModel", "bedrock:getInferenceProfile", "bedrock:getModelCopyJob", "bedrock:getModelCustomizationJob", "bedrock:getModelImportJob", "bedrock:getModelInvocationJob", "bedrock:getProvisionedModelThroughput", "bedrock:listEvaluationJobs", "bedrock:listFoundationModels", "bedrock:listGuardrails", "bedrock:listInferenceProfiles", "bedrock:listImportedModels", "bedrock:listModelCopyJobs", "bedrock:listModelCustomizationJobs", "bedrock:listModelImportJobs", "bedrock:listModelInvocationJobs", "bedrock:getFlow", "bedrock:getFlowAlias", "bedrock:getFlowVersion", "bedrock:getPrompt", "bedrock:listFlowAliases", "bedrock:listFlowVersions", "bedrock:listFlows", "bedrock:listPrompts", "braket:getDevice", "braket:getQuantumTask", "braket:searchDevices", "braket:searchQuantumTasks", "budgets:viewBudget", "ce:getCostAndUsage", "ce:getCostAndUsageWithResources", "ce:getCostForecast", "ce:getDimensionValues", "ce:getReservationCoverage", "ce:getReservationPurchaseRecommendation", "ce:getReservationUtilization", "ce:getRightsizingRecommendation", "ce:getSavingsPlansCoverage", "ce:getSavingsPlansPurchaseRecommendation", "ce:getSavingsPlansUtilization", "ce:getSavingsPlansUtilizationDetails", "ce:getTags", "chime:describeAppInstance", "chime:getAttendee", "chime:getGlobalSettings", "chime:getMediaCapturePipeline", "chime:getMediaPipeline", "chime:getMeeting", "chime:getProxySession", "chime:getSipMediaApplication", "chime:getSipRule", "chime:getVoiceConnector", "chime:getVoiceConnectorGroup", "chime:getVoiceConnectorLoggingConfiguration", "chime:listAppInstances", "chime:listAttendees", "chime:listChannelBans", "chime:listChannels", "chime:listChannelsModeratedByAppInstanceUser", "chime:listMediaCapturePipelines", "chime:listMediaPipelines", "chime:listMeetings", "chime:listSipMediaApplications", "chime:listSipRules", "chime:listVoiceConnectorGroups", "chime:listVoiceConnectors", "cleanrooms:batchGetCollaborationAnalysisTemplate", "cleanrooms:batchGetSchema", "cleanrooms:getAnalysisTemplate", "cleanrooms:getCollaboration", "cleanrooms:getCollaborationAnalysisTemplate", "cleanrooms:getConfiguredTable", "cleanrooms:getConfiguredTableAssociation", "cleanrooms:getMembership", "cleanrooms:getSchema", "cleanrooms:listAnalysisTemplates", "cleanrooms:listCollaborationAnalysisTemplates", "cleanrooms:listCollaborations", "cleanrooms:listConfiguredTableAssociations", "cleanrooms:listConfiguredTables", "cleanrooms:listMembers", "cleanrooms:listMemberships", "cleanrooms:listSchemas", "cloud9:describeEnvironmentMemberships", "cloud9:describeEnvironments", "cloud9:listEnvironments", "clouddirectory:getDirectory", "clouddirectory:listDirectories", "cloudformation:batchDescribeTypeConfigurations", "cloudformation:describeAccountLimits", "cloudformation:describeChangeSet", "cloudformation:describeChangeSetHooks", "cloudformation:describePublisher", "cloudformation:describeStackEvents", "cloudformation:describeStackInstance", "cloudformation:describeStackResource", "cloudformation:describeStackResources", "cloudformation:describeStacks", "cloudformation:describeStackSet", "cloudformation:describeStackSetOperation", "cloudformation:describeType", "cloudformation:describeTypeRegistration", "cloudformation:estimateTemplateCost", "cloudformation:getStackPolicy", "cloudformation:getTemplate", "cloudformation:getTemplateSummary", "cloudformation:listChangeSets", "cloudformation:listExports", "cloudformation:listImports", "cloudformation:listStackInstances", "cloudformation:listStackResources", "cloudformation:listStacks", "cloudformation:listStackSetOperationResults", "cloudformation:listStackSetOperations", "cloudformation:listStackSets", "cloudformation:listTypeRegistrations", "cloudformation:listTypes", "cloudformation:listTypeVersions", "cloudfront:describeFunction", "cloudfront:getCachePolicy", "cloudfront:getCachePolicyConfig", "cloudfront:getCloudFrontOriginAccessIdentity", "cloudfront:getCloudFrontOriginAccessIdentityConfig", "cloudfront:getContinuousDeploymentPolicy", "cloudfront:getContinuousDeploymentPolicyConfig", "cloudfront:getDistribution", "cloudfront:getDistributionConfig", "cloudfront:getInvalidation", "cloudfront:getKeyGroup", "cloudfront:getKeyGroupConfig", "cloudfront:getMonitoringSubscription", "cloudfront:getOriginAccessControl", "cloudfront:getOriginAccessControlConfig", "cloudfront:getOriginRequestPolicy", "cloudfront:getOriginRequestPolicyConfig", "cloudfront:getPublicKey", "cloudfront:getPublicKeyConfig", "cloudfront:getRealtimeLogConfig", "cloudfront:getResponseHeadersPolicy", "cloudfront:getResponseHeadersPolicyConfig", "cloudfront:getStreamingDistribution", "cloudfront:getStreamingDistributionConfig", "cloudfront:listCachePolicies", "cloudfront:listCloudFrontOriginAccessIdentities", "cloudfront:listContinuousDeploymentPolicies", "cloudfront:listDistributions", "cloudfront:listDistributionsByCachePolicyId", "cloudfront:listDistributionsByKeyGroup", "cloudfront:listDistributionsByOriginRequestPolicyId", "cloudfront:listDistributionsByRealtimeLogConfig", "cloudfront:listDistributionsByResponseHeadersPolicyId", "cloudfront:listDistributionsByWebACLId", "cloudfront:listFunctions", "cloudfront:listInvalidations", "cloudfront:listKeyGroups", "cloudfront:listOriginAccessControls", "cloudfront:listOriginRequestPolicies", "cloudfront:listPublicKeys", "cloudfront:listRealtimeLogConfigs", "cloudfront:listResponseHeadersPolicies", "cloudfront:listStreamingDistributions", "cloudhsm:describeBackups", "cloudhsm:describeClusters", "cloudsearch:describeAnalysisSchemes", "cloudsearch:describeAvailabilityOptions", "cloudsearch:describeDomains", "cloudsearch:describeExpressions", "cloudsearch:describeIndexFields", "cloudsearch:describeScalingParameters", "cloudsearch:describeServiceAccessPolicies", "cloudsearch:describeSuggesters", "cloudsearch:listDomainNames", "cloudtrail:describeTrails", "cloudtrail:getEventSelectors", "cloudtrail:getInsightSelectors", "cloudtrail:getTrail", "cloudtrail:getTrailStatus", "cloudtrail:listPublicKeys", "cloudtrail:listTags", "cloudtrail:listTrails", "cloudtrail:lookupEvents", "cloudwatch:describeAlarmHistory", "cloudwatch:describeAlarms", "cloudwatch:describeAlarmsForMetric", "cloudwatch:describeAnomalyDetectors", "cloudwatch:describeInsightRules", "cloudwatch:getDashboard", "cloudWatch:getMetricWidgetImage", "cloudwatch:getInsightRuleReport", "cloudwatch:getMetricData", "cloudwatch:getMetricStatistics", "cloudwatch:getMetricStream", "cloudwatch:listDashboards", "cloudwatch:listManagedInsightRules", "cloudwatch:listMetrics", "cloudwatch:listMetricStreams", "codeartifact:describeDomain", "codeartifact:describePackageVersion", "codeartifact:describeRepository", "codeartifact:getDomainPermissionsPolicy", "codeartifact:getRepositoryEndpoint", "codeartifact:getRepositoryPermissionsPolicy", "codeartifact:listDomains", "codeartifact:listPackages", "codeartifact:listPackageVersionAssets", "codeartifact:listPackageVersions", "codeartifact:listRepositories", "codeartifact:listRepositoriesInDomain", "codebuild:batchGetBuildBatches", "codebuild:batchGetBuilds", "codebuild:batchGetFleets", "codebuild:batchGetProjects", "codebuild:listBuildBatches", "codebuild:listBuildBatchesForProject", "codebuild:listBuilds", "codebuild:listBuildsForProject", "codebuild:listCuratedEnvironmentImages", "codebuild:listFleets", "codebuild:listProjects", "codebuild:listSourceCredentials", "codecommit:batchGetRepositories", "codecommit:getBranch", "codecommit:getRepository", "codecommit:getRepositoryTriggers", "codecommit:listBranches", "codecommit:listRepositories", "codeconnections:getConnection", "codeconnections:getHost", "codeconnections:getRepositoryLink", "codeconnections:getRepositorySyncStatus", "codeconnections:getResourceSyncStatus", "codeconnections:getSyncBlockerSummary", "codeconnections:getSyncConfiguration", "codeconnections:listConnections", "codeconnections:listHosts", "codeconnections:listRepositoryLinks", "codeconnections:listRepositorySyncDefinitions", "codeconnections:listSyncConfigurations", "codedeploy:batchGetApplicationRevisions", "codedeploy:batchGetApplications", "codedeploy:batchGetDeploymentGroups", "codedeploy:batchGetDeploymentInstances", "codedeploy:batchGetDeployments", "codedeploy:batchGetDeploymentTargets", "codedeploy:batchGetOnPremisesInstances", "codedeploy:getApplication", "codedeploy:getApplicationRevision", "codedeploy:getDeployment", "codedeploy:getDeploymentConfig", "codedeploy:getDeploymentGroup", "codedeploy:getDeploymentInstance", "codedeploy:getDeploymentTarget", "codedeploy:getOnPremisesInstance", "codedeploy:listApplicationRevisions", "codedeploy:listApplications", "codedeploy:listDeploymentConfigs", "codedeploy:listDeploymentGroups", "codedeploy:listDeploymentInstances", "codedeploy:listDeployments", "codedeploy:listDeploymentTargets", "codedeploy:listGitHubAccountTokenNames", "codedeploy:listOnPremisesInstances", "codepipeline:getJobDetails", "codepipeline:getPipeline", "codepipeline:getPipelineExecution", "codepipeline:getPipelineState", "codepipeline:listActionExecutions", "codepipeline:listActionTypes", "codepipeline:listPipelineExecutions", "codepipeline:listPipelines", "codepipeline:listWebhooks", "codestar:describeProject", "codestar:listProjects", "codestar:listResources", "codestar:listTeamMembers", "codestar:listUserProfiles", "codestar-connections:getConnection", "codestar-connections:getHost", "codestar-connections:listConnections", "codestar-connections:listHosts", "cognito-identity:describeIdentityPool", "cognito-identity:getIdentityPoolRoles", "cognito-identity:listIdentities", "cognito-identity:listIdentityPools", "cognito-idp:describeIdentityProvider", "cognito-idp:describeResourceServer", "cognito-idp:describeRiskConfiguration", "cognito-idp:describeUserImportJob", "cognito-idp:describeUserPool", "cognito-idp:describeUserPoolClient", "cognito-idp:describeUserPoolDomain", "cognito-idp:getGroup", "cognito-idp:getUICustomization", "cognito-idp:getUserPoolMfaConfig", "cognito-idp:listGroups", "cognito-idp:listIdentityProviders", "cognito-idp:listResourceServers", "cognito-idp:listUserImportJobs", "cognito-idp:listUserPoolClients", "cognito-idp:listUserPools", "cognito-sync:describeDataset", "cognito-sync:describeIdentityPoolUsage", "cognito-sync:describeIdentityUsage", "cognito-sync:getCognitoEvents", "cognito-sync:getIdentityPoolConfiguration", "cognito-sync:listDatasets", "cognito-sync:listIdentityPoolUsage", "comprehend:describeDocumentClassificationJob", "comprehend:describeDocumentClassifier", "comprehend:describeDominantLanguageDetectionJob", "comprehend:describeEndpoint", "comprehend:describeEntitiesDetectionJob", "comprehend:describeEntityRecognizer", "comprehend:describeEventsDetectionJob", "comprehend:describeFlywheel", "comprehend:describeFlywheelIteration", "comprehend:describeKeyPhrasesDetectionJob", "comprehend:describePiiEntitiesDetectionJob", "comprehend:describeSentimentDetectionJob", "comprehend:describeTargetedSentimentDetectionJob", "comprehend:describeTopicsDetectionJob", "comprehend:listDocumentClassificationJobs", "comprehend:listDocumentClassifiers", "comprehend:listDominantLanguageDetectionJobs", "comprehend:listEndpoints", "comprehend:listEntitiesDetectionJobs", "comprehend:listEntityRecognizers", "comprehend:listEventsDetectionJobs", "comprehend:listFlywheelIterationHistory", "comprehend:listFlywheels", "comprehend:listKeyPhrasesDetectionJobs", "comprehend:listPiiEntitiesDetectionJobs", "comprehend:listSentimentDetectionJobs", "comprehend:listTargetedSentimentDetectionJobs", "comprehend:listTopicsDetectionJobs", "compute-optimizer:getAutoScalingGroupRecommendations", "compute-optimizer:getEBSVolumeRecommendations", "compute-optimizer:getEC2InstanceRecommendations", "compute-optimizer:getEC2RecommendationProjectedMetrics", "compute-optimizer:getECSServiceRecommendations", "compute-optimizer:getECSServiceRecommendationProjectedMetrics", "compute-optimizer:getEnrollmentStatus", "compute-optimizer:getRecommendationSummaries", "config:batchGetAggregateResourceConfig", "config:batchGetResourceConfig", "config:describeAggregateComplianceByConfigRules", "config:describeAggregationAuthorizations", "config:describeComplianceByConfigRule", "config:describeComplianceByResource", "config:describeConfigRuleEvaluationStatus", "config:describeConfigRules", "config:describeConfigurationAggregators", "config:describeConfigurationAggregatorSourcesStatus", "config:describeConfigurationRecorders", "config:describeConfigurationRecorderStatus", "config:describeConformancePackCompliance", "config:describeConformancePacks", "config:describeConformancePackStatus", "config:describeDeliveryChannels", "config:describeDeliveryChannelStatus", "config:describeOrganizationConfigRules", "config:describeOrganizationConfigRuleStatuses", "config:describeOrganizationConformancePacks", "config:describeOrganizationConformancePackStatuses", "config:describePendingAggregationRequests", "config:describeRemediationConfigurations", "config:describeRemediationExceptions", "config:describeRemediationExecutionStatus", "config:describeRetentionConfigurations", "config:getAggregateComplianceDetailsByConfigRule", "config:getAggregateConfigRuleComplianceSummary", "config:getAggregateDiscoveredResourceCounts", "config:getAggregateResourceConfig", "config:getComplianceDetailsByConfigRule", "config:getComplianceDetailsByResource", "config:getComplianceSummaryByConfigRule", "config:getComplianceSummaryByResourceType", "config:getConformancePackComplianceDetails", "config:getConformancePackComplianceSummary", "config:getDiscoveredResourceCounts", "config:getOrganizationConfigRuleDetailedStatus", "config:getOrganizationConformancePackDetailedStatus", "config:getResourceConfigHistory", "config:listAggregateDiscoveredResources", "config:listDiscoveredResources", "config:listTagsForResource", "connect:describeContact", "connect:describePhoneNumber", "connect:describeQuickConnect", "connect:describeUser", "connect:getCurrentMetricData", "connect:getMetricData", "connect:listContactEvaluations", "connect:listEvaluationForms", "connect:listEvaluationFormVersions", "connect:listPhoneNumbersV2", "connect:listQuickConnects", "connect:listRoutingProfiles", "connect:listSecurityProfiles", "connect:listUsers", "connect:listViews", "connect:listViewVersions", "connect:describeQueue", "connect:listQueues", "connect:describeRoutingProfile", "connect:searchQueues", "connect:searchUsers", "connect:searchRoutingProfiles", "connect:listRoutingProfileQueues", "connect:describeUserHierarchyStructure", "connect:listQueueQuickConnects", "controltower:describeAccountFactoryConfig", "controltower:describeCoreService", "controltower:describeGuardrail", "controltower:describeGuardrailForTarget", "controltower:describeManagedAccount", "controltower:describeSingleSignOn", "controltower:getAvailableUpdates", "controltower:getHomeRegion", "controltower:getLandingZone", "controltower:getLandingZoneStatus", "controltower:listDirectoryGroups", "controltower:listEnabledControls", "controltower:listGuardrailsForTarget", "controltower:listGuardrailViolations", "controltower:listLandingZones", "controltower:listManagedAccounts", "controltower:listManagedAccountsForGuardrail", "controltower:listManagedAccountsForParent", "controltower:listManagedOrganizationalUnits", "controltower:listManagedOrganizationalUnitsForGuardrail", "cost-optimization-hub:getPreferences", "cost-optimization-hub:getRecommendation", "cost-optimization-hub:listEnrollmentStatuses", "cost-optimization-hub:listRecommendations", "cost-optimization-hub:listRecommendationSummaries", "databrew:describeDataset", "databrew:describeJob", "databrew:describeProject", "databrew:describeRecipe", "databrew:listDatasets", "databrew:listJobRuns", "databrew:listJobs", "databrew:listProjects", "databrew:listRecipes", "databrew:listRecipeVersions", "databrew:listTagsForResource", "datapipeline:describeObjects", "datapipeline:describePipelines", "datapipeline:getPipelineDefinition", "datapipeline:listPipelines", "datapipeline:queryObjects", "datasync:describeAgent", "datasync:describeLocationEfs", "datasync:describeLocationFsxLustre", "datasync:describeLocationFsxOpenZfs", "datasync:describeLocationFsxWindows", "datasync:describeLocationHdfs", "datasync:describeLocationNfs", "datasync:describeLocationObjectStorage", "datasync:describeLocationS3", "datasync:describeLocationSmb", "datasync:describeTask", "datasync:describeTaskExecution", "datasync:listAgents", "datasync:listLocations", "datasync:listTaskExecutions", "datasync:listTasks", "datazone:getAsset", "datazone:getAssetType", "datazone:getDataSource", "datazone:getDataSourceRun", "datazone:getDomain", "datazone:getEnvironment", "datazone:getEnvironmentBlueprint", "datazone:getEnvironmentBlueprintConfiguration", "datazone:getFormType", "datazone:getGlossary", "datazone:getGlossaryTerm", "datazone:getGroupProfile", "datazone:getListing", "datazone:getMetadataGenerationRun", "datazone:getProject", "datazone:getSubscription", "datazone:getSubscriptionGrant", "datazone:getSubscriptionRequestDetails", "datazone:getSubscriptionTarget", "datazone:getUserProfile", "datazone:listAssetRevisions", "datazone:listDataSourceRunActivities", "datazone:listDataSourceRuns", "datazone:listDataSources", "datazone:listDomains", "datazone:listEnvironmentBlueprintConfigurations", "datazone:listEnvironmentBlueprints", "datazone:listEnvironmentProfiles", "datazone:listEnvironments", "datazone:listMetadataGenerationRuns", "datazone:listProjectMemberships", "datazone:listProjects", "datazone:listSubscriptionGrants", "datazone:listSubscriptionRequests", "datazone:listSubscriptions", "datazone:listSubscriptionTargets", "datazone:searchGroupProfiles", "datazone:searchUserProfiles", "datazone:getEnvironmentProfile", "dax:describeClusters", "dax:describeDefaultParameters", "dax:describeEvents", "dax:describeParameterGroups", "dax:describeParameters", "dax:describeSubnetGroups", "deadline:listAvailableMeteredProducts", "deadline:listBudgets", "deadline:listFarmMembers", "deadline:listFarms", "deadline:listFleetMembers", "deadline:listFleets", "deadline:listJobMembers", "deadline:listJobs", "deadline:listLicenseEndpoints", "deadline:listMeteredProducts", "deadline:listMonitors", "deadline:listQueueEnvironments", "deadline:listQueueFleetAssociations", "deadline:listQueueMembers", "deadline:listQueues", "deadline:listStorageProfiles", "deadline:listWorkers", "detective:getMembers", "detective:listGraphs", "detective:listInvitations", "detective:listMembers", "devicefarm:getAccountSettings", "devicefarm:getDevice", "devicefarm:getDevicePool", "devicefarm:getDevicePoolCompatibility", "devicefarm:getJob", "devicefarm:getProject", "devicefarm:getRemoteAccessSession", "devicefarm:getRun", "devicefarm:getSuite", "devicefarm:getTest", "devicefarm:getTestGridProject", "devicefarm:getTestGridSession", "devicefarm:getUpload", "devicefarm:listArtifacts", "devicefarm:listDevicePools", "devicefarm:listDevices", "devicefarm:listJobs", "devicefarm:listProjects", "devicefarm:listRemoteAccessSessions", "devicefarm:listRuns", "devicefarm:listSamples", "devicefarm:listSuites", "devicefarm:listTestGridProjects", "devicefarm:listTestGridSessionActions", "devicefarm:listTestGridSessionArtifacts", "devicefarm:listTestGridSessions", "devicefarm:listTests", "devicefarm:listUniqueProblems", "devicefarm:listUploads", "directconnect:describeConnectionLoa", "directconnect:describeConnections", "directconnect:describeConnectionsOnInterconnect", "directconnect:describeCustomerMetadata", "directconnect:describeDirectConnectGatewayAssociationProposals", "directconnect:describeDirectConnectGatewayAssociations", "directconnect:describeDirectConnectGatewayAttachments", "directconnect:describeDirectConnectGateways", "directconnect:describeHostedConnections", "directconnect:describeInterconnectLoa", "directconnect:describeInterconnects", "directconnect:describeLags", "directconnect:describeLoa", "directconnect:describeLocations", "directconnect:describeRouterConfiguration", "directconnect:describeVirtualGateways", "directconnect:describeVirtualInterfaces", "dlm:getLifecyclePolicies", "dlm:getLifecyclePolicy", "dms:describeAccountAttributes", "dms:describeApplicableIndividualAssessments", "dms:describeConnections", "dms:describeEndpoints", "dms:describeEndpointSettings", "dms:describeEndpointTypes", "dms:describeEventCategories", "dms:describeEvents", "dms:describeEventSubscriptions", "dms:describeFleetAdvisorCollectors", "dms:describeFleetAdvisorDatabases", "dms:describeFleetAdvisorLsaAnalysis", "dms:describeFleetAdvisorSchemaObjectSummary", "dms:describeFleetAdvisorSchemas", "dms:describeOrderableReplicationInstances", "dms:describePendingMaintenanceActions", "dms:describeRefreshSchemasStatus", "dms:describeReplicationInstances", "dms:describeReplicationInstanceTaskLogs", "dms:describeReplicationSubnetGroups", "dms:describeReplicationTaskAssessmentResults", "dms:describeReplicationTaskAssessmentRuns", "dms:describeReplicationTaskIndividualAssessments", "dms:describeReplicationTasks", "dms:describeSchemas", "dms:describeTableStatistics", "docdb-elastic:getCluster", "docdb-elastic:getClusterSnapshot", "docdb-elastic:listClusters", "docdb-elastic:listClusterSnapshots", "drs:describeJobLogItems", "drs:describeJobs", "drs:describeLaunchConfigurationTemplates", "drs:describeRecoveryInstances", "drs:describeRecoverySnapshots", "drs:describeReplicationConfigurationTemplates", "drs:describeSourceNetworks", "drs:describeSourceServers", "drs:getLaunchConfiguration", "drs:getReplicationConfiguration", "drs:listExtensibleSourceServers", "drs:listLaunchActions", "drs:listStagingAccounts", "ds:describeClientAuthenticationSettings", "ds:describeConditionalForwarders", "ds:describeDirectories", "ds:describeDomainControllers", "ds:describeEventTopics", "ds:describeLDAPSSettings", "ds:describeSharedDirectories", "ds:describeSnapshots", "ds:describeTrusts", "ds:getDirectoryLimits", "ds:getSnapshotLimits", "ds:listIpRoutes", "ds:listSchemaExtensions", "ds:listTagsForResource", "dynamodb:describeBackup", "dynamodb:describeContinuousBackups", "dynamodb:describeContributorInsights", "dynamodb:describeExport", "dynamodb:describeGlobalTable", "dynamodb:describeImport", "dynamodb:describeKinesisStreamingDestination", "dynamodb:describeLimits", "dynamodb:describeStream", "dynamodb:describeTable", "dynamodb:describeTimeToLive", "dynamodb:getResourcePolicy", "dynamodb:listBackups", "dynamodb:listContributorInsights", "dynamodb:listExports", "dynamodb:listGlobalTables", "dynamodb:listImports", "dynamodb:listStreams", "dynamodb:listTables", "dynamodb:listTagsOfResource", "ec2:describeAccountAttributes", "ec2:describeAddresses", "ec2:describeAddressesAttribute", "ec2:describeAddressTransfers", "ec2:describeAggregateIdFormat", "ec2:describeAvailabilityZones", "ec2:describeBundleTasks", "ec2:describeByoipCidrs", "ec2:describeCapacityReservationFleets", "ec2:describeCapacityReservations", "ec2:describeCarrierGateways", "ec2:describeClassicLinkInstances", "ec2:describeClientVpnAuthorizationRules", "ec2:describeClientVpnConnections", "ec2:describeClientVpnEndpoints", "ec2:describeClientVpnRoutes", "ec2:describeClientVpnTargetNetworks", "ec2:describeCoipPools", "ec2:describeConversionTasks", "ec2:describeCustomerGateways", "ec2:describeDhcpOptions", "ec2:describeEgressOnlyInternetGateways", "ec2:describeExportImageTasks", "ec2:describeExportTasks", "ec2:describeFastLaunchImages", "ec2:describeFastSnapshotRestores", "ec2:describeFleetHistory", "ec2:describeFleetInstances", "ec2:describeFleets", "ec2:describeFlowLogs", "ec2:describeFpgaImageAttribute", "ec2:describeFpgaImages", "ec2:describeHostReservationOfferings", "ec2:describeHostReservations", "ec2:describeHosts", "ec2:describeIamInstanceProfileAssociations", "ec2:describeIdentityIdFormat", "ec2:describeIdFormat", "ec2:describeImageAttribute", "ec2:describeImages", "ec2:describeImportImageTasks", "ec2:describeImportSnapshotTasks", "ec2:describeInstanceAttribute", "ec2:describeInstanceCreditSpecifications", "ec2:describeInstanceEventNotificationAttributes", "ec2:describeInstanceEventWindows", "ec2:describeInstances", "ec2:describeInstanceStatus", "ec2:describeInstanceTypeOfferings", "ec2:describeInstanceTypes", "ec2:describeInternetGateways", "ec2:describeIpamPools", "ec2:describeIpamScopes", "ec2:describeIpv6Pools", "ec2:describeKeyPairs", "ec2:describeLaunchTemplates", "ec2:describeLaunchTemplateVersions", "ec2:describeLocalGatewayRouteTables", "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:describeLocalGatewayRouteTableVpcAssociations", "ec2:describeLocalGateways", "ec2:describeLocalGatewayVirtualInterfaceGroups", "ec2:describeLocalGatewayVirtualInterfaces", "ec2:describeManagedPrefixLists", "ec2:describeMovingAddresses", "ec2:describeNatGateways", "ec2:describeNetworkAcls", "ec2:describeNetworkInterfaceAttribute", "ec2:describeNetworkInterfaces", "ec2:describeNetworkInsightsPaths", "ec2:describePlacementGroups", "ec2:describePrefixLists", "ec2:describePrincipalIdFormat", "ec2:describePublicIpv4Pools", "ec2:describeRegions", "ec2:describeReservedInstances", "ec2:describeReservedInstancesListings", "ec2:describeReservedInstancesModifications", "ec2:describeReservedInstancesOfferings", "ec2:describeRouteTables", "ec2:describeScheduledInstanceAvailability", "ec2:describeScheduledInstances", "ec2:describeSecurityGroupReferences", "ec2:describeSecurityGroupRules", "ec2:describeSecurityGroups", "ec2:describeSnapshotAttribute", "ec2:describeSnapshots", "ec2:describeSnapshotTierStatus", "ec2:describeSpotDatafeedSubscription", "ec2:describeSpotFleetInstances", "ec2:describeSpotFleetRequestHistory", "ec2:describeSpotFleetRequests", "ec2:describeSpotInstanceRequests", "ec2:describeSpotPriceHistory", "ec2:describeStaleSecurityGroups", "ec2:describeStoreImageTasks", "ec2:describeSubnets", "ec2:describeTags", "ec2:describeTrafficMirrorFilters", "ec2:describeTrafficMirrorSessions", "ec2:describeTrafficMirrorTargets", "ec2:describeTransitGatewayAttachments", "ec2:describeTransitGatewayConnectPeers", "ec2:describeTransitGatewayMulticastDomains", "ec2:describeTransitGatewayPeeringAttachments", "ec2:describeTransitGatewayPolicyTables", "ec2:describeTransitGatewayRouteTableAnnouncements", "ec2:describeTransitGatewayRouteTables", "ec2:describeTransitGateways", "ec2:describeTransitGatewayVpcAttachments", "ec2:describeVerifiedAccessEndpoints", "ec2:describeVerifiedAccessGroups", "ec2:describeVerifiedAccessInstances", "ec2:describeVerifiedAccessTrustProviders", "ec2:describeVolumeAttribute", "ec2:describeVolumes", "ec2:describeVolumesModifications", "ec2:describeVolumeStatus", "ec2:describeVpcAttribute", "ec2:describeVpcClassicLink", "ec2:describeVpcClassicLinkDnsSupport", "ec2:describeVpcEndpointConnectionNotifications", "ec2:describeVpcEndpointConnections", "ec2:describeVpcEndpoints", "ec2:describeVpcEndpointServiceConfigurations", "ec2:describeVpcEndpointServicePermissions", "ec2:describeVpcEndpointServices", "ec2:describeVpcPeeringConnections", "ec2:describeVpcs", "ec2:describeVpnConnections", "ec2:describeVpnGateways", "ec2:getAssociatedIpv6PoolCidrs", "ec2:getCapacityReservationUsage", "ec2:getSubnetCidrReservations", "ec2:getCoipPoolUsage", "ec2:getConsoleOutput", "ec2:getConsoleScreenshot", "ec2:getDefaultCreditSpecification", "ec2:getEbsDefaultKmsKeyId", "ec2:getEbsEncryptionByDefault", "ec2:getGroupsForCapacityReservation", "ec2:getHostReservationPurchasePreview", "ec2:getInstanceTypesFromInstanceRequirements", "ec2:getIpamAddressHistory", "ec2:getIpamPoolAllocations", "ec2:getLaunchTemplateData", "ec2:getManagedPrefixListAssociations", "ec2:getManagedPrefixListEntries", "ec2:getReservedInstancesExchangeQuote", "ec2:getSerialConsoleAccessStatus", "ec2:getSpotPlacementScores", "ec2:getTransitGatewayMulticastDomainAssociations", "ec2:getTransitGatewayPrefixListReferences", "ec2:getVerifiedAccessEndpointPolicy", "ec2:getVerifiedAccessGroupPolicy", "ec2:listImagesInRecycleBin", "ec2:listSnapshotsInRecycleBin", "ec2:searchLocalGatewayRoutes", "ec2:searchTransitGatewayMulticastGroups", "ec2:searchTransitGatewayRoutes", "ec2:describeIpamByoasn", "ec2:describeIpamResourceDiscoveries", "ec2:describeIpamResourceDiscoveryAssociations", "ec2:describeIpams", "ec2:getIpamDiscoveredAccounts", "ec2:getIpamDiscoveredPublicAddresses", "ec2:getIpamDiscoveredResourceCidrs", "ec2:getIpamPoolCidrs", "ec2:getIpamResourceCidrs", "ec2:describeNetworkInsightsAccessScopes", "ec2:describeNetworkInsightsAnalyses", "ec2:describeTrafficMirrorFilterRules", "ecr-public:describeImages", "ecr-public:describeImageTags", "ecr-public:describeRegistries", "ecr-public:describeRepositories", "ecr-public:getRegistryCatalogData", "ecr-public:getRepositoryCatalogData", "ecr-public:getRepositoryPolicy", "ecr-public:listTagsForResource", "ecr:batchCheckLayerAvailability", "ecr:batchGetRepositoryScanningConfiguration", "ecr:describeImages", "ecr:describeImageReplicationStatus", "ecr:describeImageScanFindings", "ecr:describePullThroughCacheRules", "ecr:describeRegistry", "ecr:describeRepositories", "ecr:getLifecyclePolicy", "ecr:getLifecyclePolicyPreview", "ecr:getRegistryPolicy", "ecr:getRegistryScanningConfiguration", "ecr:getRepositoryPolicy", "ecr:listImages", "ecr:listTagsForResource", "ecs:describeCapacityProviders", "ecs:describeClusters", "ecs:describeContainerInstances", "ecs:describeServices", "ecs:describeTaskDefinition", "ecs:describeTasks", "ecs:describeTaskSets", "ecs:getTaskProtection", "ecs:listAccountSettings", "ecs:listAttributes", "ecs:listClusters", "ecs:listContainerInstances", "ecs:listServices", "ecs:listServicesByNamespace", "ecs:listTagsForResource", "ecs:listTaskDefinitionFamilies", "ecs:listTaskDefinitions", "ecs:listTasks", "eks:describeAccessEntry", "eks:describeAddon", "eks:describeAddonConfiguration", "eks:describeAddonVersions", "eks:describeCluster", "eks:describeEksAnywhereSubscription", "eks:describeFargateProfile", "eks:describeIdentityProviderConfig", "eks:describeNodegroup", "eks:describePodIdentityAssociation", "eks:listPodIdentityAssociations", "eks:describeUpdate", "eks:listAccessEntries", "eks:listAccessPolicies", "eks:listAddons", "eks:listAssociatedAccessPolicies", "eks:listClusters", "eks:listEksAnywhereSubscriptions", "eks:listFargateProfiles", "eks:listIdentityProviderConfigs", "eks:listNodegroups", "eks:listUpdates", "eks:describeInsight", "eks:listInsights", "elasticache:describeCacheClusters", "elasticache:describeCacheEngineVersions", "elasticache:describeCacheParameterGroups", "elasticache:describeCacheParameters", "elasticache:describeCacheSecurityGroups", "elasticache:describeCacheSubnetGroups", "elasticache:describeEngineDefaultParameters", "elasticache:describeEvents", "elasticache:describeGlobalReplicationGroups", "elasticache:describeReplicationGroups", "elasticache:describeReservedCacheNodes", "elasticache:describeReservedCacheNodesOfferings", "elasticache:describeServerlessCaches", "elasticache:describeServerlessCacheSnapshots", "elasticache:describeServiceUpdates", "elasticache:describeSnapshots", "elasticache:describeUpdateActions", "elasticache:describeUserGroups", "elasticache:describeUsers", "elasticache:listAllowedNodeTypeModifications", "elasticache:listTagsForResource", "elasticbeanstalk:checkDNSAvailability", "elasticbeanstalk:describeAccountAttributes", "elasticbeanstalk:describeApplicationVersions", "elasticbeanstalk:describeApplications", "elasticbeanstalk:describeConfigurationOptions", "elasticbeanstalk:describeEnvironmentHealth", "elasticbeanstalk:describeEnvironmentManagedActionHistory", "elasticbeanstalk:describeEnvironmentManagedActions", "elasticbeanstalk:describeEnvironmentResources", "elasticbeanstalk:describeEnvironments", "elasticbeanstalk:describeEvents", "elasticbeanstalk:describeInstancesHealth", "elasticbeanstalk:describePlatformVersion", "elasticbeanstalk:listAvailableSolutionStacks", "elasticbeanstalk:listPlatformBranches", "elasticbeanstalk:listPlatformVersions", "elasticbeanstalk:validateConfigurationSettings", "elasticfilesystem:describeAccessPoints", "elasticfilesystem:describeBackupPolicy", "elasticfilesystem:describeReplicationConfigurations", "elasticfilesystem:describeFileSystemPolicy", "elasticfilesystem:describeFileSystems", "elasticfilesystem:describeLifecycleConfiguration", "elasticfilesystem:describeMountTargets", "elasticfilesystem:describeMountTargetSecurityGroups", "elasticfilesystem:describeTags", "elasticfilesystem:listTagsForResource", "elasticloadbalancing:describeAccountLimits", "elasticloadbalancing:describeInstanceHealth", "elasticloadbalancing:describeListenerCertificates", "elasticloadbalancing:describeListeners", "elasticloadbalancing:describeLoadBalancerAttributes", "elasticloadbalancing:describeLoadBalancerPolicies", "elasticloadbalancing:describeLoadBalancerPolicyTypes", "elasticloadbalancing:describeLoadBalancers", "elasticloadbalancing:describeTrustStores", "elasticloadbalancing:describeTrustStoreAssociations", "elasticloadbalancing:describeTrustStoreRevocations", "elasticloadbalancing:describeRules", "elasticloadbalancing:describeSSLPolicies", "elasticloadbalancing:describeTags", "elasticloadbalancing:describeTargetGroupAttributes", "elasticloadbalancing:describeTargetGroups", "elasticloadbalancing:describeTargetHealth", "elasticmapreduce:describeCluster", "elasticmapreduce:describeNotebookExecution", "elasticmapreduce:describeReleaseLabel", "elasticmapreduce:describeSecurityConfiguration", "elasticmapreduce:describeStep", "elasticmapreduce:describeStudio", "elasticmapreduce:getAutoTerminationPolicy", "elasticmapreduce:getBlockPublicAccessConfiguration", "elasticmapreduce:getManagedScalingPolicy", "elasticmapreduce:getStudioSessionMapping", "elasticmapreduce:listBootstrapActions", "elasticmapreduce:listClusters", "elasticmapreduce:listInstanceFleets", "elasticmapreduce:listInstanceGroups", "elasticmapreduce:listInstances", "elasticmapreduce:listNotebookExecutions", "elasticmapreduce:listReleaseLabels", "elasticmapreduce:listSecurityConfigurations", "elasticmapreduce:listSteps", "elasticmapreduce:listStudios", "elasticmapreduce:listStudioSessionMappings", "elastictranscoder:listJobsByPipeline", "elastictranscoder:listJobsByStatus", "elastictranscoder:listPipelines", "elastictranscoder:listPresets", "elastictranscoder:readPipeline", "elastictranscoder:readPreset", "emr-containers:describeJobRun", "emr-containers:describeJobTemplate", "emr-containers:describeManagedEndpoint", "emr-containers:describeVirtualCluster", "emr-containers:listJobRuns", "emr-containers:listJobTemplates", "emr-containers:listManagedEndpoints", "emr-containers:listVirtualClusters", "emr-serverless:getApplication", "emr-serverless:getJobRun", "emr-serverless:listApplications", "es:describeDomain", "es:describeDomainAutoTunes", "es:describeDomainChangeProgress", "es:describeDomainConfig", "es:describeDomains", "es:describeDryRunProgress", "es:describeElasticsearchDomain", "es:describeElasticsearchDomainConfig", "es:describeElasticsearchDomains", "es:describeInboundConnections", "es:describeInstanceTypeLimits", "es:describeOutboundConnections", "es:describePackages", "es:describeReservedInstanceOfferings", "es:describeReservedInstances", "es:describeVpcEndpoints", "es:getCompatibleVersions", "es:getPackageVersionHistory", "es:getUpgradeHistory", "es:getUpgradeStatus", "es:listDomainNames", "es:listDomainsForPackage", "es:listInstanceTypeDetails", "es:listPackagesForDomain", "es:listScheduledActions", "es:listTags", "es:listVersions", "es:listVpcEndpointAccess", "es:listVpcEndpoints", "es:listVpcEndpointsForDomain", "evidently:getExperiment", "evidently:getFeature", "evidently:getLaunch", "evidently:getProject", "evidently:getSegment", "evidently:listExperiments", "evidently:listFeatures", "evidently:listLaunches", "evidently:listProjects", "evidently:listSegments", "evidently:listSegmentReferences", "events:describeApiDestination", "events:describeArchive", "events:describeConnection", "events:describeEndpoint", "events:describeEventBus", "events:describeEventSource", "events:describePartnerEventSource", "events:describeReplay", "events:describeRule", "events:listArchives", "events:listApiDestinations", "events:listConnections", "events:listEndpoints", "events:listEventBuses", "events:listEventSources", "events:listPartnerEventSourceAccounts", "events:listPartnerEventSources", "events:listReplays", "events:listRuleNamesByTarget", "events:listRules", "events:listTargetsByRule", "events:testEventPattern", "firehose:describeDeliveryStream", "firehose:listDeliveryStreams", "fms:getAdminAccount", "fms:getComplianceDetail", "fms:getNotificationChannel", "fms:getPolicy", "fms:getProtectionStatus", "fms:listComplianceStatus", "fms:listMemberAccounts", "fms:listPolicies", "forecast:describeDataset", "forecast:describeDatasetGroup", "forecast:describeDatasetImportJob", "forecast:describeForecast", "forecast:describeForecastExportJob", "forecast:describePredictor", "forecast:getAccuracyMetrics", "forecast:listDatasetGroups", "forecast:listDatasetImportJobs", "forecast:listDatasets", "forecast:listForecastExportJobs", "forecast:listForecasts", "forecast:listPredictors", "freetier:getFreeTierUsage", "fsx:describeBackups", "fsx:describeDataRepositoryAssociations", "fsx:describeDataRepositoryTasks", "fsx:describeFileCaches", "fsx:describeFileSystems", "fsx:describeSnapshots", "fsx:describeStorageVirtualMachines", "fsx:describeVolumes", "fsx:listTagsForResource", "gamelift:describeAlias", "gamelift:describeBuild", "gamelift:describeEC2InstanceLimits", "gamelift:describeFleetAttributes", "gamelift:describeFleetCapacity", "gamelift:describeFleetEvents", "gamelift:describeFleetLocationAttributes", "gamelift:describeFleetLocationCapacity", "gamelift:describeFleetLocationUtilization", "gamelift:describeFleetPortSettings", "gamelift:describeFleetUtilization", "gamelift:describeGameServer", "gamelift:describeGameServerGroup", "gamelift:describeGameSessionDetails", "gamelift:describeGameSessionPlacement", "gamelift:describeGameSessionQueues", "gamelift:describeGameSessions", "gamelift:describeInstances", "gamelift:describeMatchmaking", "gamelift:describeMatchmakingConfigurations", "gamelift:describeMatchmakingRuleSets", "gamelift:describePlayerSessions", "gamelift:describeRuntimeConfiguration", "gamelift:describeScalingPolicies", "gamelift:describeScript", "gamelift:listAliases", "gamelift:listBuilds", "gamelift:listFleets", "gamelift:listGameServerGroups", "gamelift:listGameServers", "gamelift:listScripts", "gamelift:resolveAlias", "glacier:describeJob", "glacier:describeVault", "glacier:getDataRetrievalPolicy", "glacier:getVaultAccessPolicy", "glacier:getVaultLock", "glacier:getVaultNotifications", "glacier:listJobs", "glacier:listTagsForVault", "glacier:listVaults", "globalaccelerator:describeAccelerator", "globalaccelerator:describeAcceleratorAttributes", "globalaccelerator:describeEndpointGroup", "globalaccelerator:describeListener", "globalaccelerator:listAccelerators", "globalaccelerator:listEndpointGroups", "globalaccelerator:listListeners", "glue:batchGetBlueprints", "glue:batchGetCrawlers", "glue:batchGetDevEndpoints", "glue:batchGetJobs", "glue:batchGetPartition", "glue:batchGetTriggers", "glue:batchGetWorkflows", "glue:checkSchemaVersionValidity", "glue:getBlueprint", "glue:getBlueprintRun", "glue:getBlueprintRuns", "glue:getCatalogImportStatus", "glue:getClassifier", "glue:getClassifiers", "glue:getColumnStatisticsForPartition", "glue:getColumnStatisticsForTable", "glue:getCrawler", "glue:getCrawlerMetrics", "glue:getCrawlers", "glue:getCustomEntityType", "glue:getDatabase", "glue:getDatabases", "glue:getDataflowGraph", "glue:getDataQualityResult", "glue:getDataQualityRuleRecommendationRun", "glue:getDataQualityRuleset", "glue:getDataQualityRulesetEvaluationRun", "glue:getDevEndpoint", "glue:getDevEndpoints", "glue:getJob", "glue:getJobRun", "glue:getJobRuns", "glue:getJobs", "glue:getMapping", "glue:getMLTaskRun", "glue:getMLTaskRuns", "glue:getMLTransform", "glue:getMLTransforms", "glue:getPartition", "glue:getPartitionIndexes", "glue:getPartitions", "glue:getRegistry", "glue:getResourcePolicies", "glue:getResourcePolicy", "glue:getSchema", "glue:getSchemaByDefinition", "glue:getSchemaVersion", "glue:getSchemaVersionsDiff", "glue:getSession", "glue:getStatement", "glue:getTable", "glue:getTables", "glue:getTableVersions", "glue:getTrigger", "glue:getTriggers", "glue:getUserDefinedFunction", "glue:getUserDefinedFunctions", "glue:getWorkflow", "glue:getWorkflowRun", "glue:getWorkflowRuns", "glue:listCrawlers", "glue:listCrawls", "glue:listDataQualityResults", "glue:listDataQualityRuleRecommendationRuns", "glue:listDataQualityRulesetEvaluationRuns", "glue:listDataQualityRulesets", "glue:listDevEndpoints", "glue:listMLTransforms", "glue:listRegistries", "glue:listSchemas", "glue:listSchemaVersions", "glue:listSessions", "glue:listStatements", "glue:querySchemaVersionMetadata", "glue:listTableOptimizerRuns", "glue:getTableOptimizer", "grafana:describeWorkspace", "grafana:describeWorkspaceAuthentication", "grafana:listPermissions", "grafana:listVersions", "grafana:listWorkspaces", "greengrass:getConnectivityInfo", "greengrass:getCoreDefinition", "greengrass:getCoreDefinitionVersion", "greengrass:getDeploymentStatus", "greengrass:getDeviceDefinition", "greengrass:getDeviceDefinitionVersion", "greengrass:getFunctionDefinition", "greengrass:getFunctionDefinitionVersion", "greengrass:getGroup", "greengrass:getGroupCertificateAuthority", "greengrass:getGroupVersion", "greengrass:getLoggerDefinition", "greengrass:getLoggerDefinitionVersion", "greengrass:getResourceDefinitionVersion", "greengrass:getServiceRoleForAccount", "greengrass:getSubscriptionDefinition", "greengrass:getSubscriptionDefinitionVersion", "greengrass:listCoreDefinitions", "greengrass:listCoreDefinitionVersions", "greengrass:listDeployments", "greengrass:listDeviceDefinitions", "greengrass:listDeviceDefinitionVersions", "greengrass:listFunctionDefinitions", "greengrass:listFunctionDefinitionVersions", "greengrass:listGroups", "greengrass:listGroupVersions", "greengrass:listLoggerDefinitions", "greengrass:listLoggerDefinitionVersions", "greengrass:listResourceDefinitions", "greengrass:listResourceDefinitionVersions", "greengrass:listSubscriptionDefinitions", "greengrass:listSubscriptionDefinitionVersions", "guardduty:getDetector", "guardduty:getFindings", "guardduty:getFindingsStatistics", "guardduty:getInvitationsCount", "guardduty:getIPSet", "guardduty:getMasterAccount", "guardduty:getMembers", "guardduty:getThreatIntelSet", "guardduty:listDetectors", "guardduty:listFindings", "guardduty:listInvitations", "guardduty:listIPSets", "guardduty:listMembers", "guardduty:listThreatIntelSets", "health:describeAffectedAccountsForOrganization", "health:describeAffectedEntities", "health:describeAffectedEntitiesForOrganization", "health:describeEntityAggregates", "health:describeEntityAggregatesForOrganization", "health:describeEventAggregates", "health:describeEventDetails", "health:describeEventDetailsForOrganization", "health:describeEvents", "health:describeEventsForOrganization", "health:describeEventTypes", "health:describeHealthServiceStatusForOrganization", "iam:getAccessKeyLastUsed", "iam:getAccountAuthorizationDetails", "iam:getAccountPasswordPolicy", "iam:getAccountSummary", "iam:getContextKeysForCustomPolicy", "iam:getContextKeysForPrincipalPolicy", "iam:getCredentialReport", "iam:getGroup", "iam:getGroupPolicy", "iam:getInstanceProfile", "iam:getLoginProfile", "iam:getOpenIDConnectProvider", "iam:getPolicy", "iam:getPolicyVersion", "iam:getRole", "iam:getRolePolicy", "iam:getSAMLProvider", "iam:getServerCertificate", "iam:getServiceLinkedRoleDeletionStatus", "iam:getSSHPublicKey", "iam:getUser", "iam:getUserPolicy", "iam:listAccessKeys", "iam:listAccountAliases", "iam:listAttachedGroupPolicies", "iam:listAttachedRolePolicies", "iam:listAttachedUserPolicies", "iam:listEntitiesForPolicy", "iam:listGroupPolicies", "iam:listGroups", "iam:listGroupsForUser", "iam:listInstanceProfiles", "iam:listInstanceProfilesForRole", "iam:listMFADevices", "iam:listOpenIDConnectProviders", "iam:listPolicies", "iam:listPolicyVersions", "iam:listRolePolicies", "iam:listRoles", "iam:listSAMLProviders", "iam:listServerCertificates", "iam:listSigningCertificates", "iam:listSSHPublicKeys", "iam:listUserPolicies", "iam:listUsers", "iam:listVirtualMFADevices", "iam:simulateCustomPolicy", "iam:simulatePrincipalPolicy", "imagebuilder:getComponent", "imagebuilder:getComponentPolicy", "imagebuilder:getContainerRecipe", "imagebuilder:getDistributionConfiguration", "imagebuilder:getImage", "imagebuilder:getImagePipeline", "imagebuilder:getImagePolicy", "imagebuilder:getImageRecipe", "imagebuilder:getImageRecipePolicy", "imagebuilder:getInfrastructureConfiguration", "imagebuilder:getLifecycleExecution", "imagebuilder:getLifecyclePolicy", "imagebuilder:getWorkflow", "imagebuilder:getWorkflowExecution", "imagebuilder:getWorkflowStepExecution", "imagebuilder:listComponentBuildVersions", "imagebuilder:listComponents", "imagebuilder:listContainerRecipes", "imagebuilder:listDistributionConfigurations", "imagebuilder:listImageBuildVersions", "imagebuilder:listImagePipelineImages", "imagebuilder:listImagePipelines", "imagebuilder:listImageRecipes", "imagebuilder:listImages", "imagebuilder:listImageScanFindingAggregations", "imagebuilder:listInfrastructureConfigurations", "imagebuilder:listLifecycleExecutions", "imagebuilder:listLifecycleExecutionResources", "imagebuilder:listLifecyclePolicies", "imagebuilder:listWorkflowBuildVersions", "imagebuilder:listWorkflowExecutions", "imagebuilder:listWorkflows", "imagebuilder:listWorkflowStepExecutions", "imagebuilder:listTagsForResource", "inspector:describeAssessmentRuns", "inspector:describeAssessmentTargets", "inspector:describeAssessmentTemplates", "inspector:describeCrossAccountAccessRole", "inspector:describeResourceGroups", "inspector:describeRulesPackages", "inspector:getTelemetryMetadata", "inspector:listAssessmentRunAgents", "inspector:listAssessmentRuns", "inspector:listAssessmentTargets", "inspector:listAssessmentTemplates", "inspector:listEventSubscriptions", "inspector:listRulesPackages", "inspector:listTagsForResource", "inspector2:batchGetAccountStatus", "inspector2:batchGetFreeTrialInfo", "inspector2:describeOrganizationConfiguration", "inspector2:getConfiguration", "inspector2:getEc2DeepInspectionConfiguration", "inspector2:getDelegatedAdminAccount", "inspector2:getMember", "inspector2:getSbomExport", "inspector2:listCisScanConfigurations", "inspector2:listCisScanResultsAggregatedByChecks", "inspector2:listCisScanResultsAggregatedByTargetResource", "inspector2:listCisScans", "inspector2:listCoverage", "inspector2:listDelegatedAdminAccounts", "inspector2:listFilters", "inspector2:listFindings", "inspector2:listMembers", "inspector2:listUsageTotals", "inspector-scan:scanSbom", "internetmonitor:getMonitor", "internetmonitor:listMonitors", "internetmonitor:getHealthEvent", "internetmonitor:listHealthEvents", "iot:describeAuthorizer", "iot:describeCACertificate", "iot:describeCertificate", "iot:describeDefaultAuthorizer", "iot:describeDomainConfiguration", "iot:describeEndpoint", "iot:describeIndex", "iot:describeJobExecution", "iot:describeThing", "iot:describeThingGroup", "iot:describeTunnel", "iot:getEffectivePolicies", "iot:getIndexingConfiguration", "iot:getLoggingOptions", "iot:getPolicy", "iot:getPolicyVersion", "iot:getTopicRule", "iot:getV2LoggingOptions", "iot:listAttachedPolicies", "iot:listAuthorizers", "iot:listCACertificates", "iot:listCertificates", "iot:listCertificatesByCA", "iot:listDomainConfigurations", "iot:listJobExecutionsForJob", "iot:listJobExecutionsForThing", "iot:listJobs", "iot:listOutgoingCertificates", "iot:listPackages", "iot:listPackageVersions", "iot:listPolicies", "iot:listPolicyPrincipals", "iot:listPolicyVersions", "iot:listPrincipalPolicies", "iot:listPrincipalThings", "iot:listRoleAliases", "iot:listTargetsForPolicy", "iot:listThingGroups", "iot:listThingGroupsForThing", "iot:listThingPrincipals", "iot:listThingRegistrationTasks", "iot:listThings", "iot:listThingsInThingGroup", "iot:listThingTypes", "iot:listTopicRules", "iot:listTunnels", "iot:listV2LoggingLevels", "iot:listNamedShadowsForThing", "iotevents:describeDetector", "iotevents:describeDetectorModel", "iotevents:describeInput", "iotevents:describeLoggingOptions", "iotevents:listDetectorModels", "iotevents:listDetectorModelVersions", "iotevents:listDetectors", "iotevents:listInputs", "iotfleetwise:getCampaign", "iotfleetwise:getDecoderManifest", "iotfleetwise:getFleet", "iotfleetwise:getModelManifest", "iotfleetwise:getSignalCatalog", "iotfleetwise:getVehicle", "iotfleetwise:getVehicleStatus", "iotfleetwise:listCampaigns", "iotfleetwise:listDecoderManifests", "iotfleetwise:listDecoderManifestNetworkInterfaces", "iotfleetwise:listDecoderManifestSignals", "iotfleetwise:listFleets", "iotfleetwise:listFleetsForVehicle", "iotfleetwise:listModelManifests", "iotfleetwise:listModelManifestNodes", "iotfleetwise:listSignalCatalogs", "iotfleetwise:listSignalCatalogNodes", "iotfleetwise:listVehicles", "iotsitewise:describeAccessPolicy", "iotsitewise:describeAsset", "iotsitewise:describeAssetModel", "iotsitewise:describeAssetProperty", "iotsitewise:describeDashboard", "iotsitewise:describeGateway", "iotsitewise:describeGatewayCapabilityConfiguration", "iotsitewise:describeLoggingOptions", "iotsitewise:describePortal", "iotsitewise:describeProject", "iotsitewise:listAccessPolicies", "iotsitewise:listAssetModels", "iotsitewise:listAssets", "iotsitewise:listAssociatedAssets", "iotsitewise:listDashboards", "iotsitewise:listGateways", "iotsitewise:listPortals", "iotsitewise:listProjectAssets", "iotsitewise:listProjects", "iottwinmaker:getComponentType", "iottwinmaker:getEntity", "iottwinmaker:getPricingPlan", "iottwinmaker:getScene", "iottwinmaker:getWorkspace", "iottwinmaker:listComponentTypes", "iottwinmaker:listEntities", "iottwinmaker:listScenes", "iottwinmaker:getSyncJob", "iottwinmaker:listSyncJobs", "iottwinmaker:listSyncResources", "iottwinmaker:listWorkspaces", "iotwireless:getDestination", "iotwireless:getDeviceProfile", "iotwireless:getPartnerAccount", "iotwireless:getServiceEndpoint", "iotwireless:getServiceProfile", "iotwireless:getWirelessDevice", "iotwireless:getWirelessDeviceStatistics", "iotwireless:getWirelessGateway", "iotwireless:getWirelessGatewayCertificate", "iotwireless:getWirelessGatewayFirmwareInformation", "iotwireless:getWirelessGatewayStatistics", "iotwireless:getWirelessGatewayTask", "iotwireless:getWirelessGatewayTaskDefinition", "iotwireless:listDestinations", "iotwireless:listDeviceProfiles", "iotwireless:listPartnerAccounts", "iotwireless:listServiceProfiles", "iotwireless:listTagsForResource", "iotwireless:listWirelessDevices", "iotwireless:listWirelessGateways", "iotwireless:listWirelessGatewayTaskDefinitions", "ivs:getChannel", "ivs:getRecordingConfiguration", "ivs:getStream", "ivs:getStreamSession", "ivs:listChannels", "ivs:listPlaybackKeyPairs", "ivs:listRecordingConfigurations", "ivs:listStreamKeys", "ivs:listStreams", "ivs:listStreamSessions", "kafka:describeCluster", "kafka:describeClusterOperation", "kafka:describeClusterOperationV2", "kafka:describeClusterV2", "kafka:describeConfiguration", "kafka:describeConfigurationRevision", "kafka:describeReplicator", "kafka:describeVpcConnection", "kafka:getBootstrapBrokers", "kafka:getClusterPolicy", "kafka:listConfigurations", "kafka:listConfigurationRevisions", "kafka:listClientVpcConnections", "kafka:listClusterOperations", "kafka:listClusterOperationsV2", "kafka:listClusters", "kafka:listClustersV2", "kafka:listNodes", "kafka:listReplicators", "kafka:listScramSecrets", "kafka:listVpcConnections", "kafkaconnect:describeConnector", "kafkaconnect:describeCustomPlugin", "kafkaconnect:describeWorkerConfiguration", "kafkaconnect:listConnectors", "kafkaconnect:listCustomPlugins", "kafkaconnect:listWorkerConfigurations", "kendra:describeDataSource", "kendra:describeFaq", "kendra:describeIndex", "kendra:listDataSources", "kendra:listFaqs", "kendra:listIndices", "kinesis:describeStream", "kinesis:describeStreamConsumer", "kinesis:describeStreamSummary", "kinesis:listShards", "kinesis:listStreams", "kinesis:listStreamConsumers", "kinesis:listTagsForStream", "kinesisanalytics:describeApplication", "kinesisanalytics:describeApplicationSnapshot", "kinesisanalytics:listApplications", "kinesisanalytics:listApplicationSnapshots", "kinesisanalytics:describeApplicationOperation", "kinesisanalytics:listApplicationOperations", "kinesisanalytics:listApplicationVersions", "kinesisvideo:describeImageGenerationConfiguration", "kinesisvideo:describeNotificationConfiguration", "kinesisvideo:describeSignalingChannel", "kinesisvideo:describeStream", "kinesisvideo:getDataEndpoint", "kinesisvideo:getIceServerConfig", "kinesisvideo:getSignalingChannelEndpoint", "kinesisvideo:listSignalingChannels", "kinesisvideo:listStreams", "kms:describeKey", "kms:getKeyPolicy", "kms:getKeyRotationStatus", "kms:listAliases", "kms:listGrants", "kms:listKeyPolicies", "kms:listKeys", "kms:listResourceTags", "kms:listRetirableGrants", "lambda:getAccountSettings", "lambda:getAlias", "lambda:getCodeSigningConfig", "lambda:getEventSourceMapping", "lambda:getFunction", "lambda:getFunctionCodeSigningConfig", "lambda:getFunctionConcurrency", "lambda:getFunctionConfiguration", "lambda:getFunctionEventInvokeConfig", "lambda:getFunctionUrlConfig", "lambda:getLayerVersion", "lambda:getLayerVersionPolicy", "lambda:getPolicy", "lambda:getProvisionedConcurrencyConfig", "lambda:getRuntimeManagementConfig", "lambda:listAliases", "lambda:listCodeSigningConfigs", "lambda:listEventSourceMappings", "lambda:listFunctionEventInvokeConfigs", "lambda:listFunctions", "lambda:listFunctionsByCodeSigningConfig", "lambda:listFunctionUrlConfigs", "lambda:listLayers", "lambda:listLayerVersions", "lambda:listProvisionedConcurrencyConfigs", "lambda:listTags", "lambda:listVersionsByFunction", "lambda:getFunctionRecursionConfig", "launchwizard:describeProvisionedApp", "launchwizard:describeProvisioningEvents", "launchwizard:listProvisionedApps", "launchwizard:listDeployments", "launchwizard:listDeploymentEvents", "lex:describeBot", "lex:describeBotAlias", "lex:describeBotLocale", "lex:describeBotRecommendation", "lex:describeBotVersion", "lex:describeCustomVocabularyMetadata", "lex:describeExport", "lex:describeImport", "lex:describeIntent", "lex:describeResourcePolicy", "lex:describeSlot", "lex:describeSlotType", "lex:getBot", "lex:getBotAlias", "lex:getBotAliases", "lex:getBotChannelAssociation", "lex:getBotChannelAssociations", "lex:getBots", "lex:getBotVersions", "lex:getBuiltinIntent", "lex:getBuiltinIntents", "lex:getBuiltinSlotTypes", "lex:getIntent", "lex:getIntents", "lex:getIntentVersions", "lex:getSlotType", "lex:getSlotTypes", "lex:getSlotTypeVersions", "lex:listBotAliases", "lex:listBotLocales", "lex:listBotRecommendations", "lex:listBots", "lex:listBotVersions", "lex:listExports", "lex:listImports", "lex:listIntents", "lex:listRecommendedIntents", "lex:listSlots", "lex:listSlotTypes", "license-manager:getLicenseConfiguration", "license-manager:getServiceSettings", "license-manager:listAssociationsForLicenseConfiguration", "license-manager:listFailuresForLicenseConfigurationOperations", "license-manager:listLicenseConfigurations", "license-manager:listLicenseSpecificationsForResource", "license-manager:listResourceInventory", "license-manager:listUsageForLicenseConfiguration", "lightsail:getActiveNames", "lightsail:getAlarms", "lightsail:getAutoSnapshots", "lightsail:getBlueprints", "lightsail:getBucketBundles", "lightsail:getBucketMetricData", "lightsail:getBuckets", "lightsail:getBundles", "lightsail:getCertificates", "lightsail:getContainerImages", "lightsail:getContainerServiceDeployments", "lightsail:getContainerServiceMetricData", "lightsail:getContainerServicePowers", "lightsail:getContainerServices", "lightsail:getDisk", "lightsail:getDisks", "lightsail:getDiskSnapshot", "lightsail:getDiskSnapshots", "lightsail:getDistributionBundles", "lightsail:getDistributionMetricData", "lightsail:getDistributions", "lightsail:getDomain", "lightsail:getDomains", "lightsail:getExportSnapshotRecords", "lightsail:getInstance", "lightsail:getInstanceMetricData", "lightsail:getInstancePortStates", "lightsail:getInstances", "lightsail:getInstanceSnapshot", "lightsail:getInstanceSnapshots", "lightsail:getInstanceState", "lightsail:getKeyPair", "lightsail:getKeyPairs", "lightsail:getLoadBalancer", "lightsail:getLoadBalancerMetricData", "lightsail:getLoadBalancers", "lightsail:getLoadBalancerTlsCertificates", "lightsail:getOperation", "lightsail:getOperations", "lightsail:getOperationsForResource", "lightsail:getRegions", "lightsail:getRelationalDatabase", "lightsail:getRelationalDatabaseMetricData", "lightsail:getRelationalDatabases", "lightsail:getRelationalDatabaseSnapshot", "lightsail:getRelationalDatabaseSnapshots", "lightsail:getStaticIp", "lightsail:getStaticIps", "lightsail:isVpcPeered", "logs:describeAccountPolicies", "logs:describeDeliveries", "logs:describeDeliveryDestinations", "logs:describeDeliverySources", "logs:describeDestinations", "logs:describeExportTasks", "logs:describeLogGroups", "logs:describeLogStreams", "logs:describeMetricFilters", "logs:describeQueries", "logs:describeQueryDefinitions", "logs:describeResourcePolicies", "logs:describeSubscriptionFilters", "logs:getDataProtectionPolicy", "logs:getDelivery", "logs:getDeliveryDestination", "logs:getDeliveryDestinationPolicy", "logs:getDeliverySource", "logs:getLogAnomalyDetector", "logs:getLogDelivery", "logs:getLogGroupFields", "logs:listAnomalies", "logs:listLogAnomalyDetectors", "logs:listLogDeliveries", "logs:testMetricFilter", "lookoutequipment:describeDataIngestionJob", "lookoutequipment:describeDataset", "lookoutequipment:describeInferenceScheduler", "lookoutequipment:describeModel", "lookoutequipment:listDataIngestionJobs", "lookoutequipment:listDatasets", "lookoutequipment:listInferenceExecutions", "lookoutequipment:listInferenceSchedulers", "lookoutequipment:listModels", "lookoutmetrics:describeAlert", "lookoutmetrics:describeAnomalyDetectionExecutions", "lookoutmetrics:describeAnomalyDetector", "lookoutmetrics:describeMetricSet", "lookoutmetrics:getAnomalyGroup", "lookoutmetrics:getDataQualityMetrics", "lookoutmetrics:getFeedback", "lookoutmetrics:getSampleData", "lookoutmetrics:listAlerts", "lookoutmetrics:listAnomalyDetectors", "lookoutmetrics:listAnomalyGroupSummaries", "lookoutmetrics:listAnomalyGroupTimeSeries", "lookoutmetrics:listMetricSets", "lookoutmetrics:listTagsForResource", "machinelearning:describeBatchPredictions", "machinelearning:describeDataSources", "machinelearning:describeEvaluations", "machinelearning:describeMLModels", "machinelearning:getBatchPrediction", "machinelearning:getDataSource", "machinelearning:getEvaluation", "machinelearning:getMLModel", "macie2:getClassificationExportConfiguration", "macie2:getCustomDataIdentifier", "macie2:getFindings", "macie2:getFindingStatistics", "macie2:listClassificationJobs", "macie2:listCustomDataIdentifiers", "macie2:listFindings", "managedblockchain:getMember", "managedblockchain:getNetwork", "managedblockchain:getNode", "managedblockchain:listMembers", "managedblockchain:listNetworks", "managedblockchain:listNodes", "mediaconnect:describeFlow", "mediaconnect:listEntitlements", "mediaconnect:listFlows", "mediaconvert:describeEndpoints", "mediaconvert:getJob", "mediaconvert:getJobTemplate", "mediaconvert:getPreset", "mediaconvert:getQueue", "mediaconvert:listJobs", "mediaconvert:listJobTemplates", "medialive:describeChannel", "medialive:describeInput", "medialive:describeInputDevice", "medialive:describeInputSecurityGroup", "medialive:describeMultiplex", "medialive:describeOffering", "medialive:describeReservation", "medialive:describeSchedule", "medialive:listChannels", "medialive:listInputDevices", "medialive:listInputs", "medialive:listInputSecurityGroups", "medialive:listMultiplexes", "medialive:listOfferings", "medialive:listReservations", "mediapackage:describeChannel", "mediapackage:describeOriginEndpoint", "mediapackage:listChannels", "mediapackage:listOriginEndpoints", "mediastore:describeContainer", "mediastore:getContainerPolicy", "mediastore:getCorsPolicy", "mediastore:listContainers", "mediatailor:getPlaybackConfiguration", "mediatailor:listPlaybackConfigurations", "medical-imaging:getDatastore", "medical-imaging:listDatastores", "mgn:describeJobLogItems", "mgn:describeJobs", "mgn:describeLaunchConfigurationTemplates", "mgn:describeReplicationConfigurationTemplates", "mgn:describeSourceServers", "mgn:describeVcenterClients", "mgn:getLaunchConfiguration", "mgn:getReplicationConfiguration", "mgn:listApplications", "mgn:listSourceServerActions", "mgn:listTemplateActions", "mgn:listWaves", "mobiletargeting:getAdmChannel", "mobiletargeting:getApnsChannel", "mobiletargeting:getApnsSandboxChannel", "mobiletargeting:getApnsVoipChannel", "mobiletargeting:getApnsVoipSandboxChannel", "mobiletargeting:getApp", "mobiletargeting:getApplicationSettings", "mobiletargeting:getApps", "mobiletargeting:getBaiduChannel", "mobiletargeting:getCampaign", "mobiletargeting:getCampaignActivities", "mobiletargeting:getCampaigns", "mobiletargeting:getCampaignVersion", "mobiletargeting:getCampaignVersions", "mobiletargeting:getEmailChannel", "mobiletargeting:getEndpoint", "mobiletargeting:getEventStream", "mobiletargeting:getExportJob", "mobiletargeting:getExportJobs", "mobiletargeting:getGcmChannel", "mobiletargeting:getImportJob", "mobiletargeting:getImportJobs", "mobiletargeting:getJourney", "mobiletargeting:getJourneyExecutionMetrics", "mobiletargeting:getJourneyExecutionActivityMetrics", "mobiletargeting:getJourneyRunExecutionActivityMetrics", "mobiletargeting:getJourneyRunExecutionMetrics", "mobiletargeting:getJourneyRuns", "mobiletargeting:getSegment", "mobiletargeting:getSegmentImportJobs", "mobiletargeting:getSegments", "mobiletargeting:getSegmentVersion", "mobiletargeting:getSegmentVersions", "mobiletargeting:getSmsChannel", "mobiletargeting:listJourneys", "mq:describeBroker", "mq:describeConfiguration", "mq:describeConfigurationRevision", "mq:describeUser", "mq:listBrokers", "mq:listConfigurationRevisions", "mq:listConfigurations", "mq:listUsers", "m2:getApplication", "m2:getApplicationVersion", "m2:getBatchJobExecution", "m2:getDataSetDetails", "m2:getDataSetImportTask", "m2:getDeployment", "m2:getEnvironment", "m2:listApplications", "m2:listApplicationVersions", "m2:listBatchJobDefinitions", "m2:listBatchJobExecutions", "m2:listDataSetImportHistory", "m2:listDataSets", "m2:listDeployments", "m2:listEngineVersions", "m2:listEnvironments", "network-firewall:describeFirewall", "network-firewall:describeFirewallPolicy", "network-firewall:describeLoggingConfiguration", "network-firewall:describeRuleGroup", "network-firewall:describeTlsInspectionConfiguration", "network-firewall:listFirewallPolicies", "network-firewall:listFirewalls", "network-firewall:listRuleGroups", "network-firewall:listTlsInspectionConfigurations", "networkmanager:describeGlobalNetworks", "networkmanager:getConnectAttachment", "networkmanager:getConnections", "networkmanager:getConnectPeer", "networkmanager:getConnectPeerAssociations", "networkmanager:getCoreNetwork", "networkmanager:getCoreNetworkChangeEvents", "networkmanager:getCoreNetworkChangeSet", "networkmanager:getCoreNetworkPolicy", "networkmanager:getCustomerGatewayAssociations", "networkmanager:getDevices", "networkmanager:getLinkAssociations", "networkmanager:getLinks", "networkmanager:getNetworkResourceCounts", "networkmanager:getNetworkResourceRelationships", "networkmanager:getNetworkResources", "networkmanager:getNetworkRoutes", "networkmanager:getNetworkTelemetry", "networkmanager:getResourcePolicy", "networkmanager:getRouteAnalysis", "networkmanager:getSites", "networkmanager:getSiteToSiteVpnAttachment", "networkmanager:getTransitGatewayConnectPeerAssociations", "networkmanager:getTransitGatewayPeering", "networkmanager:getTransitGatewayRegistrations", "networkmanager:getTransitGatewayRouteTableAttachment", "networkmanager:getVpcAttachment", "networkmanager:listAttachments", "networkmanager:listConnectPeers", "networkmanager:listCoreNetworkPolicyVersions", "networkmanager:listCoreNetworks", "networkmanager:listOrganizationServiceAccessStatus", "networkmanager:listPeerings", "networkmanager:listTagsForResource", "networkmonitor:getMonitor", "networkmonitor:getProbe", "networkmonitor:listMonitors", "notifications:getEventRule", "notifications:getNotificationConfiguration", "notifications:getNotificationEvent", "notifications:listChannels", "notifications:listEventRules", "notifications:listNotificationConfigurations", "notifications:listNotificationEvents", "notifications:listNotificationHubs", "notifications-contacts:getEmailContact", "notifications-contacts:listEmailContacts", "oam:getLink", "oam:getSink", "oam:getSinkPolicy", "oam:listAttachedLinks", "oam:listLinks", "oam:listSinks", "omics:getAnnotationImportJob", "omics:getAnnotationStore", "omics:getReadSetImportJob", "omics:getReadSetMetadata", "omics:getReference", "omics:getReferenceImportJob", "omics:getReferenceMetadata", "omics:getReferenceStore", "omics:getRun", "omics:getRunGroup", "omics:getSequenceStore", "omics:getVariantImportJob", "omics:getVariantStore", "omics:getWorkflow", "omics:listAnnotationImportJobs", "omics:listAnnotationStores", "omics:listMultipartReadSetUploads", "omics:listReadSetImportJobs", "omics:listReadSets", "omics:listReadSetUploadParts", "omics:listReferenceImportJobs", "omics:listReferenceStores", "omics:listReferences", "omics:listRunGroups", "omics:listRunTasks", "omics:listRuns", "omics:listSequenceStores", "omics:listVariantImportJobs", "omics:listVariantStores", "omics:listWorkflows", "opsworks-cm:describeAccountAttributes", "opsworks-cm:describeBackups", "opsworks-cm:describeEvents", "opsworks-cm:describeNodeAssociationStatus", "opsworks-cm:describeServers", "opsworks:describeAgentVersions", "opsworks:describeApps", "opsworks:describeCommands", "opsworks:describeDeployments", "opsworks:describeEcsClusters", "opsworks:describeElasticIps", "opsworks:describeElasticLoadBalancers", "opsworks:describeInstances", "opsworks:describeLayers", "opsworks:describeLoadBasedAutoScaling", "opsworks:describeMyUserProfile", "opsworks:describePermissions", "opsworks:describeRaidArrays", "opsworks:describeRdsDbInstances", "opsworks:describeServiceErrors", "opsworks:describeStackProvisioningParameters", "opsworks:describeStacks", "opsworks:describeStackSummary", "opsworks:describeTimeBasedAutoScaling", "opsworks:describeUserProfiles", "opsworks:describeVolumes", "opsworks:getHostnameSuggestion", "organizations:listAccounts", "organizations:listTagsForResource", "osis:getPipeline", "osis:getPipelineBlueprint", "osis:getPipelineChangeProgress", "osis:listPipelineBlueprints", "osis:listPipelines", "osis:validatePipeline", "outposts:getCatalogItem", "outposts:getConnection", "outposts:getOrder", "outposts:getOutpost", "outposts:getOutpostInstanceTypes", "outposts:getSite", "outposts:listAssets", "outposts:listCatalogItems", "outposts:listOrders", "outposts:listOutposts", "outposts:listSites", "personalize:describeAlgorithm", "personalize:describeBatchInferenceJob", "personalize:describeBatchSegmentJob", "personalize:describeCampaign", "personalize:describeDataset", "personalize:describeDatasetExportJob", "personalize:describeDatasetGroup", "personalize:describeDatasetImportJob", "personalize:describeEventTracker", "personalize:describeFeatureTransformation", "personalize:describeFilter", "personalize:describeRecipe", "personalize:describeRecommender", "personalize:describeSchema", "personalize:describeSolution", "personalize:describeSolutionVersion", "personalize:getPersonalizedRanking", "personalize:getRecommendations", "personalize:getSolutionMetrics", "personalize:listBatchInferenceJobs", "personalize:listBatchSegmentJobs", "personalize:listCampaigns", "personalize:listDatasetExportJobs", "personalize:listDatasetGroups", "personalize:listDatasetImportJobs", "personalize:listDatasets", "personalize:listEventTrackers", "personalize:listRecipes", "personalize:listRecommenders", "personalize:listSchemas", "personalize:listSolutions", "personalize:listSolutionVersions", "pipes:describePipe", "pipes:listPipes", "pipes:listTagsForResource", "polly:describeVoices", "polly:getLexicon", "polly:listLexicons", "pricing:describeServices", "pricing:getAttributeValues", "pricing:getProducts", "private-networks:getDeviceIdentifier", "private-networks:getNetwork", "private-networks:getNetworkResource", "private-networks:listDeviceIdentifiers", "private-networks:listNetworks", "private-networks:listNetworkResources", "qbusiness:getApplication", "qbusiness:getDataSource", "qbusiness:getIndex", "qbusiness:getRetriever", "qbusiness:getWebExperience", "qbusiness:listApplications", "qbusiness:listDataSources", "qbusiness:listDataSourceSyncJobs", "qbusiness:listIndices", "qbusiness:listRetrievers", "qbusiness:listWebExperiences", "quicksight:describeAccountCustomization", "quicksight:describeAccountSettings", "quicksight:describeAccountSubscription", "quicksight:describeAnalysis", "quicksight:describeAnalysisPermissions", "quicksight:describeDashboard", "quicksight:describeDashboardPermissions", "quicksight:describeDataSet", "quicksight:describeDataSetPermissions", "quicksight:describeDataSetRefreshProperties", "quicksight:describeDataSource", "quicksight:describeDataSourcePermissions", "quicksight:describeFolder", "quicksight:describeFolderPermissions", "quicksight:describeFolderResolvedPermissions", "quicksight:describeGroup", "quicksight:describeGroupMembership", "quicksight:describeIAMPolicyAssignment", "quicksight:describeIngestion", "quicksight:describeIpRestriction", "quicksight:describeNamespace", "quicksight:describeRefreshSchedule", "quicksight:describeTemplate", "quicksight:describeTemplateAlias", "quicksight:describeTemplatePermissions", "quicksight:describeTheme", "quicksight:describeThemeAlias", "quicksight:describeThemePermissions", "quicksight:describeTopic", "quicksight:describeTopicPermissions", "quicksight:describeTopicRefresh", "quicksight:describeTopicRefreshSchedule", "quicksight:describeUser", "quicksight:describeVPCConnection", "quicksight:listAnalyses", "quicksight:listDashboards", "quicksight:listDashboardVersions", "quicksight:listDataSets", "quicksight:listDataSources", "quicksight:listFolderMembers", "quicksight:listFolders", "quicksight:listGroupMemberships", "quicksight:listGroups", "quicksight:listIAMPolicyAssignments", "quicksight:listIAMPolicyAssignmentsForUser", "quicksight:listIngestions", "quicksight:listNamespaces", "quicksight:listRefreshSchedules", "quicksight:listTemplateAliases", "quicksight:listTemplates", "quicksight:listTemplateVersions", "quicksight:listThemeAliases", "quicksight:listThemes", "quicksight:listThemeVersions", "quicksight:listTopicRefreshSchedules", "quicksight:listTopics", "quicksight:listUserGroups", "quicksight:listUsers", "quicksight:listVPCConnections", "quicksight:searchAnalyses", "quicksight:searchDashboards", "quicksight:searchDataSets", "quicksight:searchDataSources", "quicksight:searchFolders", "quicksight:searchGroups", "ram:getPermission", "ram:getResourceShareAssociations", "ram:getResourceShareInvitations", "ram:getResourceShares", "ram:listPendingInvitationResources", "ram:listPrincipals", "ram:listResources", "ram:listResourceSharePermissions", "rbin:getRule", "rbin:listRules", "rds:describeAccountAttributes", "rds:describeBlueGreenDeployments", "rds:describeCertificates", "rds:describeDBClusterEndpoints", "rds:describeDBClusterParameterGroups", "rds:describeDBClusterParameters", "rds:describeDBClusters", "rds:describeDBClusterSnapshots", "rds:describeDBEngineVersions", "rds:describeDBInstanceAutomatedBackups", "rds:describeDBInstances", "rds:describeDBLogFiles", "rds:describeDBParameterGroups", "rds:describeDBParameters", "rds:describeDBSecurityGroups", "rds:describeDBSnapshotAttributes", "rds:describeDBSnapshots", "rds:describeDBSubnetGroups", "rds:describeEngineDefaultClusterParameters", "rds:describeEngineDefaultParameters", "rds:describeEventCategories", "rds:describeEvents", "rds:describeEventSubscriptions", "rds:describeExportTasks", "rds:describeGlobalClusters", "rds:describeIntegrations", "rds:describeOptionGroupOptions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describePendingMaintenanceActions", "rds:describeReservedDBInstances", "rds:describeReservedDBInstancesOfferings", "rds:describeSourceRegions", "rds:describeValidDBInstanceModifications", "rds:listTagsForResource", "redshift-data:describeStatement", "redshift-data:listStatements", "redshift:describeClusterParameterGroups", "redshift:describeClusterParameters", "redshift:describeClusters", "redshift:describeClusterSecurityGroups", "redshift:describeClusterSnapshots", "redshift:describeClusterSubnetGroups", "redshift:describeClusterVersions", "redshift:describeDataShares", "redshift:describeDataSharesForConsumer", "redshift:describeDataSharesForProducer", "redshift:describeDefaultClusterParameters", "redshift:describeEventCategories", "redshift:describeEvents", "redshift:describeEventSubscriptions", "redshift:describeHsmClientCertificates", "redshift:describeHsmConfigurations", "redshift:describeLoggingStatus", "redshift:describeOrderableClusterOptions", "redshift:describeReservedNodeOfferings", "redshift:describeReservedNodes", "redshift:describeResize", "redshift:describeSnapshotCopyGrants", "redshift:describeStorage", "redshift:describeTableRestoreStatus", "redshift:describeTags", "redshift-serverless:getEndpointAccess", "redshift-serverless:getNamespace", "redshift-serverless:getRecoveryPoint", "redshift-serverless:getSnapshot", "redshift-serverless:getTableRestoreStatus", "redshift-serverless:getUsageLimit", "redshift-serverless:getWorkgroup", "redshift-serverless:listEndpointAccess", "redshift-serverless:listNamespaces", "redshift-serverless:listRecoveryPoints", "redshift-serverless:listSnapshots", "redshift-serverless:listTableRestoreStatus", "redshift-serverless:listUsageLimits", "redshift-serverless:listWorkgroups", "rekognition:listCollections", "rekognition:listFaces", "resource-explorer-2:getAccountLevelServiceConfiguration", "resource-explorer-2:getIndex", "resource-explorer-2:getView", "resource-explorer-2:listIndexes", "resource-explorer-2:listViews", "resource-explorer-2:search", "resource-groups:getGroup", "resource-groups:getGroupQuery", "resource-groups:getTags", "resource-groups:listGroupResources", "resource-groups:listGroups", "resource-groups:searchResources", "robomaker:batchDescribeSimulationJob", "robomaker:describeDeploymentJob", "robomaker:describeFleet", "robomaker:describeRobot", "robomaker:describeRobotApplication", "robomaker:describeSimulationApplication", "robomaker:describeSimulationJob", "robomaker:listDeploymentJobs", "robomaker:listFleets", "robomaker:listRobotApplications", "robomaker:listRobots", "robomaker:listSimulationApplications", "robomaker:listSimulationJobs", "route53-recovery-cluster:getRoutingControlState", "route53-recovery-cluster:listRoutingControls", "route53-recovery-control-config:describeControlPanel", "route53-recovery-control-config:describeRoutingControl", "route53-recovery-control-config:describeSafetyRule", "route53-recovery-control-config:listControlPanels", "route53-recovery-control-config:listRoutingControls", "route53-recovery-control-config:listSafetyRules", "route53-recovery-readiness:getCell", "route53-recovery-readiness:getCellReadinessSummary", "route53-recovery-readiness:getReadinessCheck", "route53-recovery-readiness:getReadinessCheckResourceStatus", "route53-recovery-readiness:getReadinessCheckStatus", "route53-recovery-readiness:getRecoveryGroup", "route53-recovery-readiness:getRecoveryGroupReadinessSummary", "route53-recovery-readiness:listCells", "route53-recovery-readiness:listReadinessChecks", "route53-recovery-readiness:listRecoveryGroups", "route53-recovery-readiness:listResourceSets", "route53:getAccountLimit", "route53:getChange", "route53:getCheckerIpRanges", "route53:getDNSSEC", "route53:getGeoLocation", "route53:getHealthCheck", "route53:getHealthCheckCount", "route53:getHealthCheckLastFailureReason", "route53:getHealthCheckStatus", "route53:getHostedZone", "route53:getHostedZoneCount", "route53:getHostedZoneLimit", "route53:getQueryLoggingConfig", "route53:getReusableDelegationSet", "route53:getTrafficPolicy", "route53:getTrafficPolicyInstance", "route53:getTrafficPolicyInstanceCount", "route53:listCidrBlocks", "route53:listCidrCollections", "route53:listCidrLocations", "route53:listGeoLocations", "route53:listHealthChecks", "route53:listHostedZones", "route53:listHostedZonesByName", "route53:listHostedZonesByVpc", "route53:listQueryLoggingConfigs", "route53:listResourceRecordSets", "route53:listReusableDelegationSets", "route53:listTrafficPolicies", "route53:listTrafficPolicyInstances", "route53:listTrafficPolicyInstancesByHostedZone", "route53:listTrafficPolicyInstancesByPolicy", "route53:listTrafficPolicyVersions", "route53:listVPCAssociationAuthorizations", "route53domains:checkDomainAvailability", "route53domains:getContactReachabilityStatus", "route53domains:getDomainDetail", "route53domains:getOperationDetail", "route53domains:listDomains", "route53domains:listOperations", "route53domains:listPrices", "route53domains:listTagsForDomain", "route53domains:viewBilling", "route53profiles:getProfile", "route53profiles:listProfileAssociations", "route53profiles:listProfileResourceAssociations", "route53profiles:listProfiles", "route53profiles:listTagsForResource", "route53profiles:getProfileResourceAssociation", "route53profiles:getProfileAssociation", "route53resolver:getFirewallConfig", "route53resolver:getFirewallDomainList", "route53resolver:getFirewallRuleGroup", "route53resolver:getFirewallRuleGroupAssociation", "route53resolver:getFirewallRuleGroupPolicy", "route53resolver:getOutpostResolver", "route53resolver:getResolverDnssecConfig", "route53resolver:getResolverQueryLogConfig", "route53resolver:getResolverQueryLogConfigAssociation", "route53resolver:getResolverQueryLogConfigPolicy", "route53resolver:getResolverRule", "route53resolver:getResolverRuleAssociation", "route53resolver:getResolverRulePolicy", "route53resolver:listFirewallConfigs", "route53resolver:listFirewallDomainLists", "route53resolver:listFirewallDomains", "route53resolver:listFirewallRuleGroupAssociations", "route53resolver:listFirewallRuleGroups", "route53resolver:listFirewallRules", "route53resolver:listOutpostResolvers", "route53resolver:listResolverConfigs", "route53resolver:listResolverDnssecConfigs", "route53resolver:listResolverEndpointIpAddresses", "route53resolver:listResolverEndpoints", "route53resolver:listResolverQueryLogConfigAssociations", "route53resolver:listResolverQueryLogConfigs", "route53resolver:listResolverRuleAssociations", "route53resolver:listResolverRules", "route53resolver:listTagsForResource", "rum:batchGetRumMetricDefinitions", "rum:getAppMonitor", "rum:listAppMonitors", "rum:listRumMetricsDestinations", "s3:describeJob", "s3:describeMultiRegionAccessPointOperation", "s3:getAccelerateConfiguration", "s3:getAccessPoint", "s3:getAccessPointConfigurationForObjectLambda", "s3:getAccessPointForObjectLambda", "s3:getAccessPointPolicy", "s3:getAccessPointPolicyForObjectLambda", "s3:getAccessPointPolicyStatus", "s3:getAccessPointPolicyStatusForObjectLambda", "s3:getAccountPublicAccessBlock", "s3:getAnalyticsConfiguration", "s3:getBucketAcl", "s3:getBucketCORS", "s3:getBucketLocation", "s3:getBucketLogging", "s3:getBucketNotification", "s3:getBucketObjectLockConfiguration", "s3:getBucketOwnershipControls", "s3:getBucketPolicy", "s3:getBucketPolicyStatus", "s3:getBucketPublicAccessBlock", "s3:getBucketRequestPayment", "s3:getBucketVersioning", "s3:getBucketWebsite", "s3:getEncryptionConfiguration", "s3:getIntelligentTieringConfiguration", "s3:getInventoryConfiguration", "s3:getLifecycleConfiguration", "s3:getMetricsConfiguration", "s3:getMultiRegionAccessPoint", "s3:getMultiRegionAccessPointPolicy", "s3:getMultiRegionAccessPointPolicyStatus", "s3:getMultiRegionAccessPointRoutes", "s3:getObjectLegalHold", "s3:getObjectRetention", "s3:getReplicationConfiguration", "s3:getStorageLensConfiguration", "s3:listAccessPoints", "s3:listAccessPointsForObjectLambda", "s3:listAllMyBuckets", "s3:listBucket", "s3:listBucketMultipartUploads", "s3:listBucketVersions", "s3:listJobs", "s3:listMultipartUploadParts", "s3:listMultiRegionAccessPoints", "s3:listStorageLensConfigurations", "s3express:getBucketPolicy", "s3express:listAllMyDirectoryBuckets", "sagemaker:describeAction", "sagemaker:describeAlgorithm", "sagemaker:describeApp", "sagemaker:describeAppImageConfig", "sagemaker:describeArtifact", "sagemaker:describeAutoMLJob", "sagemaker:describeCluster", "sagemaker:describeClusterNode", "sagemaker:describeCodeRepository", "sagemaker:describeCompilationJob", "sagemaker:describeContext", "sagemaker:describeDataQualityJobDefinition", "sagemaker:describeDevice", "sagemaker:describeDeviceFleet", "sagemaker:describeDomain", "sagemaker:describeEdgeDeploymentPlan", "sagemaker:describeEdgePackagingJob", "sagemaker:describeEndpoint", "sagemaker:describeEndpointConfig", "sagemaker:describeExperiment", "sagemaker:describeFeatureGroup", "sagemaker:describeFeatureMetadata", "sagemaker:describeFlowDefinition", "sagemaker:describeHub", "sagemaker:describeHubContent", "sagemaker:describeHumanTaskUi", "sagemaker:describeHyperParameterTuningJob", "sagemaker:describeImage", "sagemaker:describeImageVersion", "sagemaker:describeInferenceComponent", "sagemaker:describeInferenceExperiment", "sagemaker:describeInferenceRecommendationsJob", "sagemaker:describeLabelingJob", "sagemaker:describeModel", "sagemaker:describeModelBiasJobDefinition", "sagemaker:describeModelCard", "sagemaker:describeModelCardExportJob", "sagemaker:describeModelExplainabilityJobDefinition", "sagemaker:describeModelPackage", "sagemaker:describeModelPackageGroup", "sagemaker:describeModelQualityJobDefinition", "sagemaker:describeMonitoringSchedule", "sagemaker:describeNotebookInstance", "sagemaker:describeNotebookInstanceLifecycleConfig", "sagemaker:describePipeline", "sagemaker:describePipelineDefinitionForExecution", "sagemaker:describePipelineExecution", "sagemaker:describeProcessingJob", "sagemaker:describeProject", "sagemaker:describeSpace", "sagemaker:describeStudioLifecycleConfig", "sagemaker:describeSubscribedWorkteam", "sagemaker:describeTrainingJob", "sagemaker:describeTransformJob", "sagemaker:describeTrial", "sagemaker:describeTrialComponent", "sagemaker:describeUserProfile", "sagemaker:describeWorkforce", "sagemaker:describeWorkteam", "sagemaker:getDeviceFleetReport", "sagemaker:getModelPackageGroupPolicy", "sagemaker:getSagemakerServicecatalogPortfolioStatus", "sagemaker:listActions", "sagemaker:listAlgorithms", "sagemaker:listAliases", "sagemaker:listAppImageConfigs", "sagemaker:listApps", "sagemaker:listArtifacts", "sagemaker:listAssociations", "sagemaker:listAutoMLJobs", "sagemaker:listCandidatesForAutoMLJob", "sagemaker:listClusterNodes", "sagemaker:listClusters", "sagemaker:listCodeRepositories", "sagemaker:listCompilationJobs", "sagemaker:listContexts", "sagemaker:listDataQualityJobDefinitions", "sagemaker:listDeviceFleets", "sagemaker:listDevices", "sagemaker:listDomains", "sagemaker:listEdgeDeploymentPlans", "sagemaker:listEdgePackagingJobs", "sagemaker:listEndpointConfigs", "sagemaker:listEndpoints", "sagemaker:listExperiments", "sagemaker:listFeatureGroups", "sagemaker:listFlowDefinitions", "sagemaker:listHubContents", "sagemaker:listHubContentVersions", "sagemaker:listHubs", "sagemaker:listHumanTaskUis", "sagemaker:listHyperParameterTuningJobs", "sagemaker:listImages", "sagemaker:listImageVersions", "sagemaker:listInferenceComponents", "sagemaker:listInferenceExperiments", "sagemaker:listInferenceRecommendationsJobs", "sagemaker:listInferenceRecommendationsJobSteps", "sagemaker:listLabelingJobs", "sagemaker:listLabelingJobsForWorkteam", "sagemaker:listLineageGroups", "sagemaker:listModelBiasJobDefinitions", "sagemaker:listModelCardExportJobs", "sagemaker:listModelCards", "sagemaker:listModelCardVersions", "sagemaker:listModelExplainabilityJobDefinitions", "sagemaker:listModelMetadata", "sagemaker:listModelPackageGroups", "sagemaker:listModelPackages", "sagemaker:listModelQualityJobDefinitions", "sagemaker:listModels", "sagemaker:listMonitoringAlertHistory", "sagemaker:listMonitoringAlerts", "sagemaker:listMonitoringExecutions", "sagemaker:listMonitoringSchedules", "sagemaker:listNotebookInstanceLifecycleConfigs", "sagemaker:listNotebookInstances", "sagemaker:listPipelineExecutions", "sagemaker:listPipelineExecutionSteps", "sagemaker:listPipelineParametersForExecution", "sagemaker:listPipelines", "sagemaker:listProcessingJobs", "sagemaker:listProjects", "sagemaker:listSpaces", "sagemaker:listStageDevices", "sagemaker:listStudioLifecycleConfigs", "sagemaker:listSubscribedWorkteams", "sagemaker:listTags", "sagemaker:listTrainingJobs", "sagemaker:listTrainingJobsForHyperParameterTuningJob", "sagemaker:listTransformJobs", "sagemaker:listTrialComponents", "sagemaker:listTrials", "sagemaker:listUserProfiles", "sagemaker:listWorkforces", "sagemaker:listWorkteams", "savingsplans:describeSavingsPlans", "scheduler:getSchedule", "scheduler:getScheduleGroup", "scheduler:listScheduleGroups", "scheduler:listSchedules", "schemas:describeCodeBinding", "schemas:describeDiscoverer", "schemas:describeRegistry", "schemas:describeSchema", "schemas:getCodeBindingSource", "schemas:getDiscoveredSchema", "schemas:getResourcePolicy", "schemas:listDiscoverers", "schemas:listRegistries", "schemas:listSchemas", "schemas:listSchemaVersions", "sdb:domainMetadata", "sdb:listDomains", "secretsmanager:describeSecret", "secretsmanager:getResourcePolicy", "secretsmanager:listSecrets", "secretsmanager:listSecretVersionIds", "securityhub:getEnabledStandards", "securityhub:getFindings", "securityhub:getInsightResults", "securityhub:getInsights", "securityhub:getMasterAccount", "securityhub:getMembers", "securityhub:listEnabledProductsForImport", "securityhub:listInvitations", "securityhub:listMembers", "securityhub:describeOrganizationConfiguration", "securityhub:batchGetConfigurationPolicyAssociations", "securityhub:getConfigurationPolicy", "securityhub:getConfigurationPolicyAssociation", "securityhub:listConfigurationPolicies", "securityhub:listConfigurationPolicyAssociations", "securityhub:getFindingAggregator", "securityhub:listFindingAggregators", "securitylake:getDataLakeExceptionSubscription", "securitylake:getDataLakeOrganizationConfiguration", "securitylake:getDataLakeSources", "securitylake:getSubscriber", "securitylake:listDataLakeExceptions", "securitylake:listDataLakes", "securitylake:listLogSources", "securitylake:listSubscribers", "serverlessrepo:getApplication", "serverlessrepo:getApplicationPolicy", "serverlessrepo:getCloudFormationTemplate", "serverlessrepo:listApplicationDependencies", "serverlessrepo:listApplications", "serverlessrepo:listApplicationVersions", "servicecatalog:describeConstraint", "servicecatalog:describePortfolio", "servicecatalog:describeProduct", "servicecatalog:describeProductAsAdmin", "servicecatalog:describeProductView", "servicecatalog:describeProvisioningArtifact", "servicecatalog:describeProvisioningParameters", "servicecatalog:describeRecord", "servicecatalog:listAcceptedPortfolioShares", "servicecatalog:listConstraintsForPortfolio", "servicecatalog:listLaunchPaths", "servicecatalog:listPortfolioAccess", "servicecatalog:listPortfolios", "servicecatalog:listPortfoliosForProduct", "servicecatalog:listPrincipalsForPortfolio", "servicecatalog:listProvisioningArtifacts", "servicecatalog:listRecordHistory", "servicecatalog:scanProvisionedProducts", "servicecatalog:searchProducts", "servicequotas:getAssociationForServiceQuotaTemplate", "servicequotas:getAWSDefaultServiceQuota", "servicequotas:getRequestedServiceQuotaChange", "servicequotas:getServiceQuota", "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", "servicequotas:listAWSDefaultServiceQuotas", "servicequotas:listRequestedServiceQuotaChangeHistory", "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", "servicequotas:listServiceQuotas", "servicequotas:listServices", "ses:describeActiveReceiptRuleSet", "ses:describeConfigurationSet", "ses:describeReceiptRule", "ses:describeReceiptRuleSet", "ses:getAccount", "ses:getAccountSendingEnabled", "ses:getBlacklistReports", "ses:getConfigurationSet", "ses:getConfigurationSetEventDestinations", "ses:getContactList", "ses:getDedicatedIp", "ses:getDedicatedIpPool", "ses:getDedicatedIps", "ses:getDeliverabilityDashboardOptions", "ses:getDeliverabilityTestReport", "ses:getDomainDeliverabilityCampaign", "ses:getDomainStatisticsReport", "ses:getEmailIdentity", "ses:getIdentityDkimAttributes", "ses:getIdentityMailFromDomainAttributes", "ses:getIdentityNotificationAttributes", "ses:getIdentityPolicies", "ses:getIdentityVerificationAttributes", "ses:getImportJob", "ses:getSendQuota", "ses:getSendStatistics", "ses:listConfigurationSets", "ses:listContactLists", "ses:listContacts", "ses:listCustomVerificationEmailTemplates", "ses:listDedicatedIpPools", "ses:listDeliverabilityTestReports", "ses:listDomainDeliverabilityCampaigns", "ses:listEmailIdentities", "ses:listEmailTemplates", "ses:listIdentities", "ses:listIdentityPolicies", "ses:listImportJobs", "ses:listReceiptFilters", "ses:listReceiptRuleSets", "ses:listRecommendations", "ses:listTagsForResource", "ses:listTemplates", "ses:listVerifiedEmailAddresses", "shield:describeAttack", "shield:describeProtection", "shield:describeSubscription", "shield:listAttacks", "shield:listProtections", "sms-voice:getConfigurationSetEventDestinations", "sms:getConnectors", "sms:getReplicationJobs", "sms:getReplicationRuns", "sms:getServers", "snowball:describeAddress", "snowball:describeAddresses", "snowball:describeJob", "snowball:getSnowballUsage", "snowball:listJobs", "snowball:listServiceVersions", "sns:checkIfPhoneNumberIsOptedOut", "sns:getDataProtectionPolicy", "sns:getEndpointAttributes", "sns:getPlatformApplicationAttributes", "sns:getSMSAttributes", "sns:getSMSSandboxAccountStatus", "sns:getSubscriptionAttributes", "sns:getTopicAttributes", "sns:listEndpointsByPlatformApplication", "sns:listOriginationNumbers", "sns:listPhoneNumbersOptedOut", "sns:listPlatformApplications", "sns:listSMSSandboxPhoneNumbers", "sns:listSubscriptions", "sns:listSubscriptionsByTopic", "sns:listTopics", "sqs:getQueueAttributes", "sqs:getQueueUrl", "sqs:listDeadLetterSourceQueues", "sqs:listQueues", "ssm-contacts:describeEngagement", "ssm-contacts:describePage", "ssm-contacts:getContact", "ssm-contacts:getContactChannel", "ssm-contacts:getContactPolicy", "ssm-contacts:getRotation", "ssm-contacts:getRotationOverride", "ssm-contacts:listContactChannels", "ssm-contacts:listContacts", "ssm-contacts:listEngagements", "ssm-contacts:listPageReceipts", "ssm-contacts:listPageResolutions", "ssm-contacts:listPagesByContact", "ssm-contacts:listPagesByEngagement", "ssm-contacts:listPreviewRotationShifts", "ssm-contacts:listRotationOverrides", "ssm-contacts:listRotations", "ssm-contacts:listRotationShifts", "ssm-incidents:getIncidentRecord", "ssm-incidents:getReplicationSet", "ssm-incidents:getResourcePolicies", "ssm-incidents:getResponsePlan", "ssm-incidents:getTimelineEvent", "ssm-incidents:listIncidentRecords", "ssm-incidents:listRelatedItems", "ssm-incidents:listReplicationSets", "ssm-incidents:listResponsePlans", "ssm-incidents:listTimelineEvents", "ssm-sap:getApplication", "ssm-sap:getComponent", "ssm-sap:getDatabase", "ssm-sap:getOperation", "ssm-sap:getResourcePermission", "ssm-sap:listApplications", "ssm-sap:listComponents", "ssm-sap:listDatabases", "ssm-sap:listOperations", "ssm:describeActivations", "ssm:describeAssociation", "ssm:describeAssociationExecutions", "ssm:describeAssociationExecutionTargets", "ssm:describeAutomationExecutions", "ssm:describeAutomationStepExecutions", "ssm:describeAvailablePatches", "ssm:describeDocument", "ssm:describeDocumentPermission", "ssm:describeEffectiveInstanceAssociations", "ssm:describeEffectivePatchesForPatchBaseline", "ssm:describeInstanceAssociationsStatus", "ssm:describeInstanceInformation", "ssm:describeInstancePatches", "ssm:describeInstancePatchStates", "ssm:describeInstancePatchStatesForPatchGroup", "ssm:describeInventoryDeletions", "ssm:describeMaintenanceWindowExecutions", "ssm:describeMaintenanceWindowExecutionTaskInvocations", "ssm:describeMaintenanceWindowExecutionTasks", "ssm:describeMaintenanceWindows", "ssm:describeMaintenanceWindowSchedule", "ssm:describeMaintenanceWindowsForTarget", "ssm:describeMaintenanceWindowTargets", "ssm:describeMaintenanceWindowTasks", "ssm:describeOpsItems", "ssm:describeParameters", "ssm:describePatchBaselines", "ssm:describePatchGroups", "ssm:describePatchGroupState", "ssm:describePatchProperties", "ssm:describeSessions", "ssm:getAutomationExecution", "ssm:getCalendarState", "ssm:getCommandInvocation", "ssm:getConnectionStatus", "ssm:getDefaultPatchBaseline", "ssm:getDeployablePatchSnapshotForInstance", "ssm:getInventorySchema", "ssm:getMaintenanceWindow", "ssm:getMaintenanceWindowExecution", "ssm:getMaintenanceWindowExecutionTask", "ssm:getMaintenanceWindowExecutionTaskInvocation", "ssm:getMaintenanceWindowTask", "ssm:getOpsItem", "ssm:getOpsMetadata", "ssm:getOpsSummary", "ssm:getPatchBaseline", "ssm:getPatchBaselineForPatchGroup", "ssm:getResourcePolicies", "ssm:getServiceSetting", "ssm:listAssociations", "ssm:listAssociationVersions", "ssm:listCommandInvocations", "ssm:listCommands", "ssm:listComplianceItems", "ssm:listComplianceSummaries", "ssm:listDocuments", "ssm:listDocumentMetadataHistory", "ssm:listDocumentVersions", "ssm:listOpsItemEvents", "ssm:listOpsItemRelatedItems", "ssm:listOpsMetadata", "ssm:listResourceComplianceSummaries", "ssm:listResourceDataSync", "ssm:listTagsForResource", "sso:describeApplicationAssignment", "sso:describeApplicationProvider", "sso:describeApplication", "sso:describeInstance", "sso:describeTrustedTokenIssuer", "sso:getApplicationAccessScope", "sso:getApplicationAssignmentConfiguration", "sso:getApplicationAuthenticationMethod", "sso:getApplicationGrant", "sso:getApplicationInstance", "sso:getApplicationTemplate", "sso:getManagedApplicationInstance", "sso:getSharedSsoConfiguration", "sso:listApplicationAccessScopes", "sso:listApplicationAssignments", "sso:listApplicationAuthenticationMethods", "sso:listApplicationGrants", "sso:listApplicationInstances", "sso:listApplicationProviders", "sso:listApplications", "sso:listApplicationTemplates", "sso:listDirectoryAssociations", "sso:listInstances", "sso:listProfileAssociations", "sso:listTrustedTokenIssuers", "states:describeActivity", "states:describeExecution", "states:describeMapRun", "states:describeStateMachine", "states:describeStateMachineAlias", "states:describeStateMachineForExecution", "states:getExecutionHistory", "states:listActivities", "states:listExecutions", "states:listMapRuns", "states:listStateMachineAliases", "states:listStateMachines", "states:listStateMachineVersions", "storagegateway:describeBandwidthRateLimit", "storagegateway:describeCache", "storagegateway:describeCachediSCSIVolumes", "storagegateway:describeFileSystemAssociations", "storagegateway:describeGatewayInformation", "storagegateway:describeMaintenanceStartTime", "storagegateway:describeNFSFileShares", "storagegateway:describeSMBFileShares", "storagegateway:describeSMBSettings", "storagegateway:describeSnapshotSchedule", "storagegateway:describeStorediSCSIVolumes", "storagegateway:describeTapeArchives", "storagegateway:describeTapeRecoveryPoints", "storagegateway:describeTapes", "storagegateway:describeUploadBuffer", "storagegateway:describeVTLDevices", "storagegateway:describeWorkingStorage", "storagegateway:listAutomaticTapeCreationPolicies", "storagegateway:listFileShares", "storagegateway:listFileSystemAssociations", "storagegateway:listGateways", "storagegateway:listLocalDisks", "storagegateway:listTagsForResource", "storagegateway:listTapes", "storagegateway:listVolumeInitiators", "storagegateway:listVolumeRecoveryPoints", "storagegateway:listVolumes", "swf:countClosedWorkflowExecutions", "swf:countOpenWorkflowExecutions", "swf:countPendingActivityTasks", "swf:countPendingDecisionTasks", "swf:describeActivityType", "swf:describeDomain", "swf:describeWorkflowExecution", "swf:describeWorkflowType", "swf:getWorkflowExecutionHistory", "swf:listActivityTypes", "swf:listClosedWorkflowExecutions", "swf:listDomains", "swf:listOpenWorkflowExecutions", "swf:listWorkflowTypes", "synthetics:describeCanaries", "synthetics:describeCanariesLastRun", "synthetics:describeRuntimeVersions", "synthetics:getCanary", "synthetics:getCanaryRuns", "synthetics:getGroup", "synthetics:listAssociatedGroups", "synthetics:listGroupResources", "synthetics:listGroups", "tiros:createQuery", "tiros:getQueryAnswer", "tiros:getQueryExplanation", "transcribe:describeLanguageModel", "transcribe:getCallAnalyticsCategory", "transcribe:getCallAnalyticsJob", "transcribe:getMedicalTranscriptionJob", "transcribe:getMedicalVocabulary", "transcribe:getTranscriptionJob", "transcribe:getVocabulary", "transcribe:getVocabularyFilter", "transcribe:listCallAnalyticsCategories", "transcribe:listCallAnalyticsJobs", "transcribe:listLanguageModels", "transcribe:listMedicalTranscriptionJobs", "transcribe:listMedicalVocabularies", "transcribe:listTranscriptionJobs", "transcribe:listVocabularies", "transcribe:listVocabularyFilters", "transfer:describeAccess", "transfer:describeAgreement", "transfer:describeConnector", "transfer:describeExecution", "transfer:describeProfile", "transfer:describeServer", "transfer:describeUser", "transfer:describeWorkflow", "transfer:listAccesses", "transfer:listAgreements", "transfer:listConnectors", "transfer:listExecutions", "transfer:listHostKeys", "transfer:listProfiles", "transfer:listServers", "transfer:listTagsForResource", "transfer:listUsers", "transfer:listWorkflows", "transfer:sendWorkflowStepState", "trustedadvisor:getOrganizationRecommendation", "trustedadvisor:getRecommendation", "trustedadvisor:listChecks", "trustedadvisor:listOrganizationRecommendationAccounts", "trustedadvisor:listOrganizationRecommendationResources", "trustedadvisor:listOrganizationRecommendations", "trustedadvisor:listRecommendationResources", "trustedadvisor:listRecommendations", "verifiedpermissions:getIdentitySource", "verifiedpermissions:getPolicy", "verifiedpermissions:getPolicyStore", "verifiedpermissions:getPolicyTemplate", "verifiedpermissions:getSchema", "verifiedpermissions:listIdentitySources", "verifiedpermissions:listPolicies", "verifiedpermissions:listPolicyStores", "verifiedpermissions:listPolicyTemplates", "vpc-lattice:getAccessLogSubscription", "vpc-lattice:getAuthPolicy", "vpc-lattice:getListener", "vpc-lattice:getResourcePolicy", "vpc-lattice:getRule", "vpc-lattice:getService", "vpc-lattice:getServiceNetwork", "vpc-lattice:getServiceNetworkServiceAssociation", "vpc-lattice:getServiceNetworkVpcAssociation", "vpc-lattice:getTargetGroup", "vpc-lattice:listAccessLogSubscriptions", "vpc-lattice:listListeners", "vpc-lattice:listRules", "vpc-lattice:listServiceNetworks", "vpc-lattice:listServiceNetworkServiceAssociations", "vpc-lattice:listServiceNetworkVpcAssociations", "vpc-lattice:listServices", "vpc-lattice:listTargetGroups", "vpc-lattice:listTargets", "waf-regional:getByteMatchSet", "waf-regional:getChangeTokenStatus", "waf-regional:getGeoMatchSet", "waf-regional:getIPSet", "waf-regional:getLoggingConfiguration", "waf-regional:getRateBasedRule", "waf-regional:getRegexMatchSet", "waf-regional:getRegexPatternSet", "waf-regional:getRule", "waf-regional:getRuleGroup", "waf-regional:getSqlInjectionMatchSet", "waf-regional:getWebACL", "waf-regional:getWebACLForResource", "waf-regional:listActivatedRulesInRuleGroup", "waf-regional:listByteMatchSets", "waf-regional:listGeoMatchSets", "waf-regional:listIPSets", "waf-regional:listLoggingConfigurations", "waf-regional:listRateBasedRules", "waf-regional:listRegexMatchSets", "waf-regional:listRegexPatternSets", "waf-regional:listResourcesForWebACL", "waf-regional:listRuleGroups", "waf-regional:listRules", "waf-regional:listSqlInjectionMatchSets", "waf-regional:listWebACLs", "waf:getByteMatchSet", "waf:getChangeTokenStatus", "waf:getGeoMatchSet", "waf:getIPSet", "waf:getLoggingConfiguration", "waf:getRateBasedRule", "waf:getRegexMatchSet", "waf:getRegexPatternSet", "waf:getRule", "waf:getRuleGroup", "waf:getSampledRequests", "waf:getSizeConstraintSet", "waf:getSqlInjectionMatchSet", "waf:getWebACL", "waf:getXssMatchSet", "waf:listActivatedRulesInRuleGroup", "waf:listByteMatchSets", "waf:listGeoMatchSets", "waf:listIPSets", "waf:listLoggingConfigurations", "waf:listRateBasedRules", "waf:listRegexMatchSets", "waf:listRegexPatternSets", "waf:listRuleGroups", "waf:listRules", "waf:listSizeConstraintSets", "waf:listSqlInjectionMatchSets", "waf:listWebACLs", "waf:listXssMatchSets", "wafv2:checkCapacity", "wafv2:describeManagedRuleGroup", "wafv2:getIPSet", "wafv2:getLoggingConfiguration", "wafv2:getPermissionPolicy", "wafv2:getRateBasedStatementManagedKeys", "wafv2:getRegexPatternSet", "wafv2:getRuleGroup", "wafv2:getSampledRequests", "wafv2:getWebACL", "wafv2:getWebACLForResource", "wafv2:listAvailableManagedRuleGroups", "wafv2:listIPSets", "wafv2:listLoggingConfigurations", "wafv2:listRegexPatternSets", "wafv2:listResourcesForWebACL", "wafv2:listRuleGroups", "wafv2:listTagsForResource", "wafv2:listWebACLs", "workdocs:checkAlias", "workdocs:describeAvailableDirectories", "workdocs:describeInstances", "workmail:describeGroup", "workmail:describeOrganization", "workmail:describeResource", "workmail:describeUser", "workmail:listAliases", "workmail:listGroupMembers", "workmail:listGroups", "workmail:listMailboxPermissions", "workmail:listOrganizations", "workmail:listResourceDelegates", "workmail:listResources", "workmail:listUsers", "workspaces-web:getBrowserSettings", "workspaces-web:getIdentityProvider", "workspaces-web:getNetworkSettings", "workspaces-web:getPortal", "workspaces-web:getPortalServiceProviderMetadata", "workspaces-web:getTrustStoreCertificate", "workspaces-web:getUserSettings", "workspaces-web:listBrowserSettings", "workspaces-web:listIdentityProviders", "workspaces-web:listNetworkSettings", "workspaces-web:listPortals", "workspaces-web:listTagsForResource", "workspaces-web:listTrustStoreCertificates", "workspaces-web:listTrustStores", "workspaces-web:listUserSettings", "workspaces:describeAccount", "workspaces:describeAccountModifications", "workspaces:describeApplicationAssociations", "workspaces:describeWorkspaceAssociations", "workspaces:describeWorkspacesPools", "workspaces:describeWorkspacesPoolSessions", "workspaces:describeIpGroups", "workspaces:describeTags", "workspaces:describeWorkspaceBundles", "workspaces:describeWorkspaceDirectories", "workspaces:describeWorkspaceImages", "workspaces:describeWorkspaces", "workspaces:describeWorkspacesConnectionStatus", "xray:getEncryptionConfig", "xray:getGroup", "xray:getGroups", "xray:getSamplingRules", "xray:listResourcePolicies", "xray:getInsightImpactGraph", "xray:getSamplingStatisticSummaries", "xray:getSamplingTargets", "xray:getServiceGraph", "xray:getTimeSeriesServiceStatistics", "xray:getTraceGraph" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSSupportActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-12T00:06:26+00:00" }, "AWSSystemsManagerAccountDiscoveryServicePolicy":{ "CreateDate":"2019-10-24T17:21:05+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:ListRoots", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListParents", "organizations:ListDelegatedServicesForAccount", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-17T20:25:02+00:00" }, "AWSSystemsManagerChangeManagementServicePolicy":{ "CreateDate":"2020-12-07T22:21:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:CreateAssociation", "ssm:DeleteAssociation", "ssm:CreateOpsItem", "ssm:GetOpsItem", "ssm:UpdateOpsItem", "ssm:StartAutomationExecution", "ssm:StopAutomationExecution", "ssm:GetAutomationExecution", "ssm:GetCalendarState", "ssm:GetDocument" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "sso:ListDirectoryAssociations" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "sso-directory:DescribeUsers", "sso-directory:IsMemberInGroup" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"iam:GetGroup", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-07T22:21:57+00:00" }, "AWSSystemsManagerEnableConfigRecordingExecutionPolicy":{ "CreateDate":"2024-06-26T09:40:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:CreateBucket", "s3:PutBucketPublicAccessBlock", "s3:ListBucket", "s3:PutBucketPolicy", "s3:PutEncryptionConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-quick-setup-config-recording-*" ], "Sid":"S3BucketCreatePermissions" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSTopicsListPermissions" }, { "Action":[ "sns:CreateTopic" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:ConfigRecording-Default-Topic", "Sid":"DefaultSNSTopicCreatePermissions" }, { "Action":[ "config:DescribeConfigurationRecorders", "config:DescribeDeliveryChannels", "config:PutConfigurationRecorder", "config:PutDeliveryChannel", "config:StartConfigurationRecorder" ], "Effect":"Allow", "Resource":"*", "Sid":"ConfigureAndStartConfigurationRecorderPermissions" }, { "Action":[ "iam:GetRole", "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig", "arn:aws:iam::*:role/AWSServiceRoleForConfig" ], "Sid":"GetAndPassConfigSLRPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"config.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig" ], "Sid":"CreateConfigSLRPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:40:20+00:00" }, "AWSSystemsManagerEnableExplorerExecutionPolicy":{ "CreateDate":"2024-06-26T09:42:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM" ], "Sid":"CreateSystemsManagerSLRPermissions" }, { "Action":[ "iam:ListRoles", "config:DescribeConfigurationRecorders", "compute-optimizer:GetEnrollmentStatus", "support:DescribeTrustedAdvisorChecks" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForEnablingExplorer" }, { "Action":[ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/ssm-patchmanager", "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/EC2", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ExplorerOnboarded", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/Association", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ComputeOptimizer", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/ConfigCompliance", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/OpsData-TrustedAdvisor", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/SupportCenterCase" ], "Sid":"SSMExplorerServiceSettingsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-26T09:42:47+00:00" }, "AWSSystemsManagerForSAPFullAccess":{ "CreateDate":"2022-11-17T02:11:09+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ssm-sap:*" ], "Effect":"Allow", "Resource":"arn:*:ssm-sap:*:*:*", "Sid":"AwsSsmForSapPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"ssm-sap.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/ssm-sap.amazonaws.com/AWSServiceRoleForAWSSSMForSAP" ], "Sid":"AwsSsmForSapServiceRoleCreationPermission" }, { "Action":[ "ec2:StartInstances", "ec2:StopInstances" ], "Condition":{ "StringEqualsIgnoreCase":{ "ec2:resourceTag/SSMForSAPManaged":"True" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"Ec2StartStopPermission" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-10T21:54:54+00:00" }, "AWSSystemsManagerForSAPReadOnlyAccess":{ "CreateDate":"2022-11-17T02:11:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm-sap:get*", "ssm-sap:list*" ], "Effect":"Allow", "Resource":"arn:*:ssm-sap:*:*:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-17T02:11:44+00:00" }, "AWSSystemsManagerOpsDataSyncServiceRolePolicy":{ "CreateDate":"2021-04-26T20:42:39+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ssm:GetOpsItem", "ssm:UpdateOpsItem" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/ExplorerSecurityHubOpsItem":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm:CreateOpsItem" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm:AddTagsToResource" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:opsitem/*" }, { "Action":[ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*" ] }, { "Action":[ "securityhub:GetFindings", "securityhub:BatchUpdateFindings" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "StringEquals":{ "securityhub:ASFFSyntaxPath/Workflow.Status":"SUPPRESSED" } }, "Effect":"Deny", "Resource":"*" }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "Null":{ "securityhub:ASFFSyntaxPath/Confidence":false } }, "Effect":"Deny", "Resource":"*" }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "Null":{ "securityhub:ASFFSyntaxPath/Criticality":false } }, "Effect":"Deny", "Resource":"*" }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "Null":{ "securityhub:ASFFSyntaxPath/Note.Text":false } }, "Effect":"Deny", "Resource":"*" }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "Null":{ "securityhub:ASFFSyntaxPath/Note.UpdatedBy":false } }, "Effect":"Deny", "Resource":"*" }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "Null":{ "securityhub:ASFFSyntaxPath/RelatedFindings":false } }, "Effect":"Deny", "Resource":"*" }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "Null":{ "securityhub:ASFFSyntaxPath/Types":false } }, "Effect":"Deny", "Resource":"*" }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "Null":{ "securityhub:ASFFSyntaxPath/UserDefinedFields.key":false } }, "Effect":"Deny", "Resource":"*" }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "Null":{ "securityhub:ASFFSyntaxPath/UserDefinedFields.value":false } }, "Effect":"Deny", "Resource":"*" }, { "Action":"securityhub:BatchUpdateFindings", "Condition":{ "Null":{ "securityhub:ASFFSyntaxPath/VerificationState":false } }, "Effect":"Deny", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-28T22:53:43+00:00" }, "AWSThinkboxAWSPortalAdminPolicy":{ "CreateDate":"2020-05-27T19:41:02+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "ec2:AttachInternetGateway", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AllocateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreatePlacementGroup", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:DescribeAvailabilityZones", "ec2:DescribeAddresses", "ec2:DescribeFleets", "ec2:DescribeFleetHistory", "ec2:DescribeFleetInstances", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeLaunchTemplates", "ec2:DescribeRouteTables", "ec2:DescribeNatGateways", "ec2:DescribeTags", "ec2:DescribeKeyPairs", "ec2:DescribePlacementGroups", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeRegions", "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:GetConsoleOutput", "ec2:ImportKeyPair", "ec2:ReleaseAddress", "ec2:RequestSpotFleet", "ec2:CancelSpotFleetRequests", "ec2:DisassociateAddress", "ec2:DeleteFleets", "ec2:DeleteLaunchTemplate", "ec2:DeleteVpc", "ec2:DeletePlacementGroup", "ec2:DeleteVpcEndpoints", "ec2:DeleteInternetGateway", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupIngress", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DisassociateRouteTable", "ec2:DeleteSubnet", "ec2:DeleteNatGateway", "ec2:DetachInternetGateway", "ec2:ModifyInstanceAttribute", "ec2:ModifyFleet", "ec2:ModifySpotFleetRequest", "ec2:ModifyVpcAttribute" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal1" }, { "Action":"ec2:RunInstances", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:placement-group/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::image/*" ], "Sid":"AWSThinkboxAWSPortal2" }, { "Action":"ec2:RunInstances", "Condition":{ "ArnLike":{ "ec2:InstanceProfile":"arn:aws:iam::*:instance-profile/AWSPortal*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"AWSThinkboxAWSPortal3" }, { "Action":"ec2:TerminateInstances", "Condition":{ "StringEquals":{ "ec2:ResourceTag/aws:cloudformation:logical-id":"ReverseForwarder" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal4" }, { "Action":"ec2:TerminateInstances", "Condition":{ "Null":{ "ec2:ResourceTag/aws:ec2spot:fleet-request-id":false } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal5" }, { "Action":"ec2:TerminateInstances", "Condition":{ "ArnLike":{ "ec2:PlacementGroup":"arn:aws:ec2:*:*:placement-group/*DeadlinePlacementGroup*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal6" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ArnLike":{ "ec2:PlacementGroup":"arn:aws:ec2:*:*:placement-group/*DeadlinePlacementGroup*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"AWSThinkboxAWSPortal7" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringLike":{ "ec2:CreateAction":"RunInstances" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal8" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:internet-gateway/*", "arn:aws:ec2:*:*:route-table/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:natgateway/*", "arn:aws:ec2:*:*:elastic-ip/*" ], "Sid":"AWSThinkboxAWSPortal9" }, { "Action":[ "iam:GetUser" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal10" }, { "Action":[ "iam:GetInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/AWSPortal*" ], "Sid":"AWSThinkboxAWSPortal11" }, { "Action":[ "iam:GetPolicy", "iam:ListEntitiesForPolicy", "iam:ListPolicyVersions" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:policy/AWSPortal*" ], "Sid":"AWSThinkboxAWSPortal12" }, { "Action":[ "iam:GetRole", "iam:GetRolePolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSPortal*", "arn:aws:iam::*:role/DeadlineSpot*" ], "Sid":"AWSThinkboxAWSPortal13" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2fleet.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com", "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSPortal*", "arn:aws:iam::*:role/DeadlineSpot*" ], "Sid":"AWSThinkboxAWSPortal14" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "ec2fleet.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/*", "Sid":"AWSThinkboxAWSPortal15" }, { "Action":[ "s3:CreateBucket", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketVersioning", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketVersioning", "s3:GetBucketAcl", "s3:GetObject", "s3:PutBucketLogging", "s3:PutBucketTagging", "s3:PutObject", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutEncryptionConfiguration", "s3:PutLifecycleConfiguration", "s3:DeleteBucket", "s3:DeleteObject", "s3:DeleteBucketPolicy", "s3:DeleteObjectVersion" ], "Effect":"Allow", "Resource":[ "arn:aws:s3::*:awsportal*", "arn:aws:s3::*:stack*", "arn:aws:s3::*:aws-portal-cache*", "arn:aws:s3::*:logs-for-aws-portal-cache*", "arn:aws:s3::*:logs-for-stack*" ], "Sid":"AWSThinkboxAWSPortal16" }, { "Action":[ "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:s3::*:logs-for-aws-portal-cache*" ], "Sid":"AWSThinkboxAWSPortal17" }, { "Action":[ "s3:PutBucketOwnershipControls" ], "Effect":"Allow", "Resource":[ "arn:aws:s3::*:logs-for-stack*" ], "Sid":"AWSThinkboxAWSPortal18" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal19" }, { "Action":[ "dynamodb:Scan" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*", "Sid":"AWSThinkboxAWSPortal20" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:DeleteStack", "cloudformation:DeleteChangeSet", "cloudformation:ListStackResources", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:UpdateTerminationProtection", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/stack*/*", "arn:aws:cloudformation:*:*:stack/Deadline*/*" ], "Sid":"AWSThinkboxAWSPortal21" }, { "Action":[ "cloudformation:EstimateTemplateCost", "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal22" }, { "Action":[ "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/thinkbox*", "Sid":"AWSThinkboxAWSPortal23" }, { "Action":[ "logs:DescribeLogGroups", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal24" }, { "Action":[ "kms:Encrypt", "kms:GenerateDataKey" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "s3.*.amazonaws.com", "secretsmanager.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSThinkboxAWSPortal25" }, { "Action":[ "secretsmanager:CreateSecret" ], "Condition":{ "StringLike":{ "secretsmanager:Name":[ "rcs-tls-pw*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSThinkboxAWSPortal26" }, { "Action":[ "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret", "secretsmanager:DescribeSecret", "secretsmanager:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:rcs-tls-pw*", "Sid":"AWSThinkboxAWSPortal27" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-12T19:22:36+00:00" }, "AWSThinkboxAWSPortalGatewayPolicy":{ "CreateDate":"2020-05-27T19:05:00+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/thinkbox*" ] }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-portal-cache*" ] }, { "Action":"dynamodb:Scan", "Effect":"Allow", "Resource":[ "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" ] }, { "Action":[ "s3:ListBucket", "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::stack*" ] }, { "Action":[ "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::stack*/gateway_certs/*" ] }, { "Action":[ "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw-stack*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-30T16:02:07+00:00" }, "AWSThinkboxAWSPortalWorkerPolicy":{ "CreateDate":"2020-05-27T19:15:05+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeTags" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/DeadlineRole":"DeadlineRenderNode" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-portal-cache*" ] }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::stack*/gateway_certs/*" ] }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/thinkbox*" ] }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "sqs:SendMessage", "sqs:GetQueueUrl" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:DeadlineAWS*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-07T23:27:47+00:00" }, "AWSThinkboxAssetServerPolicy":{ "CreateDate":"2020-05-27T19:18:53+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/thinkbox*" ] }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-portal-cache*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-27T19:18:53+00:00" }, "AWSThinkboxDeadlineResourceTrackerAccessPolicy":{ "CreateDate":"2020-05-27T19:25:05+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "dynamodb:ListStreams" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:PutItem", "dynamodb:Scan", "dynamodb:UpdateItem", "dynamodb:UpdateTable" ], "Effect":"Allow", "Resource":[ "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" ] }, { "Action":[ "ec2:CancelSpotFleetRequests", "ec2:DeleteFleets", "ec2:DescribeFleetInstances", "ec2:DescribeFleets", "ec2:DescribeInstances", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:RebootInstances", "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/DeadlineTrackedAWSResource":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "events:PutEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:event-bus/default" ] }, { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" ] }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/lambda/DeadlineResourceTracker*" ] }, { "Action":[ "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:ReceiveMessage" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:DeadlineAWSComputeNodeStateMessageQueue*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-27T19:25:05+00:00" }, "AWSThinkboxDeadlineResourceTrackerAdminPolicy":{ "CreateDate":"2020-05-27T19:29:09+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSThinkboxDeadlineResourceTracker1" }, { "Action":[ "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSThinkboxDeadlineResourceTracker2" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:UpdateStack", "cloudformation:DescribeStacks", "cloudformation:UpdateTerminationProtection", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/DeadlineResourceTracker*" ], "Sid":"AWSThinkboxDeadlineResourceTracker3" }, { "Action":[ "dynamodb:CreateTable", "dynamodb:DeleteTable", "dynamodb:DescribeTable", "dynamodb:ListTagsOfResource", "dynamodb:TagResource", "dynamodb:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" ], "Sid":"AWSThinkboxDeadlineResourceTracker4" }, { "Action":[ "dynamodb:BatchWriteItem", "dynamodb:Scan" ], "Effect":"Allow", "Resource":[ "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" ], "Sid":"AWSThinkboxDeadlineResourceTracker5" }, { "Action":[ "events:DeleteRule", "events:DescribeRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/DeadlineResourceTracker*" ], "Sid":"AWSThinkboxDeadlineResourceTracker6" }, { "Action":[ "iam:GetRole", "iam:ListAttachedRolePolicies" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/DeadlineResourceTracker*" ], "Sid":"AWSThinkboxDeadlineResourceTracker7" }, { "Action":[ "iam:GetUser" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSThinkboxDeadlineResourceTracker8" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "dynamodb.application-autoscaling.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/*" ], "Sid":"AWSThinkboxDeadlineResourceTracker9" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lambda.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/DeadlineResourceTrackerAccess*" ], "Sid":"AWSThinkboxDeadlineResourceTracker10" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "application-autoscaling.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable" ], "Sid":"AWSThinkboxDeadlineResourceTracker11" }, { "Action":[ "lambda:GetEventSourceMapping" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSThinkboxDeadlineResourceTracker12" }, { "Action":[ "lambda:CreateEventSourceMapping", "lambda:DeleteEventSourceMapping" ], "Condition":{ "ArnLike":{ "lambda:FunctionArn":[ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSThinkboxDeadlineResourceTracker13" }, { "Action":[ "lambda:AddPermission", "lambda:RemovePermission" ], "Condition":{ "StringLike":{ "lambda:Principal":"events.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" ], "Sid":"AWSThinkboxDeadlineResourceTracker14" }, { "Action":[ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:DeleteFunctionConcurrency", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:ListTags", "lambda:PutFunctionConcurrency", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" ], "Sid":"AWSThinkboxDeadlineResourceTracker15" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*/deadline_aws_resource_tracker-*.zip", "arn:aws:s3:::*/DeadlineAWSResourceTrackerTemplate-*.yaml" ], "Sid":"AWSThinkboxDeadlineResourceTracker16" }, { "Action":[ "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:GetQueueAttributes", "sqs:ListQueueTags", "sqs:TagQueue", "sqs:UntagQueue" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*", "arn:aws:sqs:*:*:DeadlineResourceTracker*" ], "Sid":"AWSThinkboxDeadlineResourceTracker17" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-12T19:29:09+00:00" }, "AWSThinkboxDeadlineSpotEventPluginAdminPolicy":{ "CreateDate":"2020-05-27T19:38:34+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CancelSpotFleetRequests", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:ModifySpotFleetRequest", "ec2:RequestSpotFleet" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"RunInstances" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:ec2spot:fleet-request-id":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/*" ] }, { "Action":[ "iam:GetInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/*" ] }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", "arn:aws:iam::*:role/DeadlineSpot*" ] }, { "Action":[ "iam:GetUser" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", "arn:aws:iam::*:role/DeadlineSpot*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-27T19:38:34+00:00" }, "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy":{ "CreateDate":"2020-05-27T19:35:00+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeTags" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/DeadlineTrackedAWSResource":"SpotEventPlugin" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/DeadlineResourceTracker":"SpotEventPlugin" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "sqs:GetQueueUrl", "sqs:SendMessage" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-07T23:31:31+00:00" }, "AWSTransferConsoleFullAccess":{ "CreateDate":"2020-12-14T19:33:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"transfer.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "acm:ListCertificates", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "health:DescribeEventAggregates", "iam:GetPolicyVersion", "iam:ListPolicies", "iam:ListRoles", "route53:ListHostedZones", "s3:ListAllMyBuckets", "transfer:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-14T19:33:25+00:00" }, "AWSTransferFullAccess":{ "CreateDate":"2020-12-14T19:37:23+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"transfer:*", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"transfer.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeVpcEndpoints", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAddresses" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-14T19:37:23+00:00" }, "AWSTransferLoggingAccess":{ "CreateDate":"2019-01-14T15:32:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-01-14T15:32:50+00:00" }, "AWSTransferReadOnlyAccess":{ "CreateDate":"2020-08-27T17:54:51+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "transfer:DescribeUser", "transfer:DescribeServer", "transfer:ListUsers", "transfer:ListServers", "transfer:TestIdentityProvider", "transfer:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-27T17:54:51+00:00" }, "AWSTrustedAdvisorPriorityFullAccess":{ "CreateDate":"2022-08-16T16:08:24+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "trustedadvisor:DescribeAccount*", "trustedadvisor:DescribeOrganization", "trustedadvisor:DescribeRisk*", "trustedadvisor:DownloadRisk", "trustedadvisor:UpdateRiskStatus", "trustedadvisor:DescribeNotificationConfigurations", "trustedadvisor:UpdateNotificationConfigurations", "trustedadvisor:DeleteNotificationConfigurationForDelegatedAdmin", "trustedadvisor:SetOrganizationAccess" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:ListDelegatedAdministrators", "organizations:EnableAWSServiceAccess", "organizations:DisableAWSServiceAccess" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "reporting.trustedadvisor.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"reporting.trustedadvisor.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/reporting.trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisorReporting" }, { "Action":[ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "reporting.trustedadvisor.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:organizations::*:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-16T16:08:24+00:00" }, "AWSTrustedAdvisorPriorityReadOnlyAccess":{ "CreateDate":"2022-08-16T16:35:12+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "trustedadvisor:DescribeAccount*", "trustedadvisor:DescribeOrganization", "trustedadvisor:DescribeRisk*", "trustedadvisor:DownloadRisk", "trustedadvisor:DescribeNotificationConfigurations" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:ListDelegatedAdministrators" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "reporting.trustedadvisor.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-16T16:35:12+00:00" }, "AWSTrustedAdvisorReportingServiceRolePolicy":{ "CreateDate":"2019-11-19T17:41:13+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListChildren", "organizations:ListParents", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-28T23:23:45+00:00" }, "AWSTrustedAdvisorServiceRolePolicy":{ "CreateDate":"2018-02-22T21:24:25+00:00", "DefaultVersionId":"v14", "Document":{ "Statement":[ { "Action":[ "access-analyzer:ListAnalyzers", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "ce:GetReservationPurchaseRecommendation", "ce:GetSavingsPlansPurchaseRecommendation", "cloudformation:DescribeAccountLimits", "cloudformation:DescribeStacks", "cloudformation:ListStacks", "cloudfront:ListDistributions", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:GetTrail", "cloudtrail:ListTrails", "cloudtrail:GetEventSelectors", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "dax:DescribeClusters", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", "ec2:DescribeAddresses", "ec2:DescribeReservedInstances", "ec2:DescribeInstances", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "ec2:DescribeImages", "ec2:DescribeNatGateways", "ec2:DescribeVolumes", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeRegions", "ec2:DescribeReservedInstancesOfferings", "ec2:DescribeRouteTables", "ec2:DescribeSnapshots", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DescribeLaunchTemplateVersions", "ec2:GetManagedPrefixListEntries", "ecs:DescribeTaskDefinition", "ecs:ListTaskDefinitions", "elasticloadbalancing:DescribeAccountLimits", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "iam:GenerateCredentialReport", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetServerCertificate", "iam:ListServerCertificates", "iam:ListSAMLProviders", "kinesis:DescribeLimits", "kafka:DescribeClusterV2", "kafka:ListClustersV2", "kafka:ListNodes", "network-firewall:ListFirewalls", "network-firewall:DescribeFirewall", "outposts:ListAssets", "outposts:GetOutpost", "outposts:ListOutposts", "rds:DescribeAccountAttributes", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultParameters", "rds:DescribeEvents", "rds:DescribeOptionGroupOptions", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribeReservedDBInstances", "rds:DescribeReservedDBInstancesOfferings", "rds:ListTagsForResource", "redshift:DescribeClusters", "redshift:DescribeReservedNodeOfferings", "redshift:DescribeReservedNodes", "route53:GetAccountLimit", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListResourceRecordSets", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverEndpointIpAddresses", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketVersioning", "s3:GetBucketPublicAccessBlock", "s3:GetLifecycleConfiguration", "s3:ListBucket", "s3:ListAllMyBuckets", "ses:GetSendQuota", "sqs:GetQueueAttributes", "sqs:ListQueues" ], "Effect":"Allow", "Resource":"*", "Sid":"TrustedAdvisorServiceRolePermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-30T16:52:06+00:00" }, "AWSUserNotificationsServiceLinkedRolePolicy":{ "CreateDate":"2023-04-19T13:28:34+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "events:DescribeRule", "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:ListTargetsByRule", "events:RemoveTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/AWSUserNotificationsManagedRule-*" ] }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/Notifications" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListParents" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowOrgsActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-14T23:37:06+00:00" }, "AWSVPCS2SVpnServiceRolePolicy":{ "CreateDate":"2019-08-06T14:13:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "acm:ExportCertificate", "acm:DescribeCertificate", "acm:ListCertificates", "acm-pca:DescribeCertificateAuthority" ], "Effect":"Allow", "Resource":"*", "Sid":"0" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-06T14:13:58+00:00" }, "AWSVPCTransitGatewayServiceRolePolicy":{ "CreateDate":"2018-11-26T16:21:17+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:AssignIpv6Addresses", "ec2:UnAssignIpv6Addresses" ], "Effect":"Allow", "Resource":"*", "Sid":"0" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-15T16:31:44+00:00" }, "AWSVPCVerifiedAccessServiceRolePolicy":{ "CreateDate":"2022-11-29T03:35:11+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/VerifiedAccessManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"VerifiedAccessRoleModifyTaggedNetworkInterfaceActions" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"VerifiedAccessRoleModifyNetworkInterfaceActions" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"VerifiedAccessRoleNetworkInterfaceActions" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:RequestTag/VerifiedAccessManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"VerifiedAccessRoleTaggedNetworkInterfaceActions" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"VerifiedAccessRoleTaggingActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-17T21:03:13+00:00" }, "AWSVendorInsightsAssessorFullAccess":{ "CreateDate":"2022-07-26T15:05:40+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "vendor-insights:GetProfileAccessTerms", "vendor-insights:ListEntitledSecurityProfiles", "vendor-insights:GetEntitledSecurityProfileSnapshot", "vendor-insights:ListEntitledSecurityProfileSnapshots" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:CreateAgreementRequest", "aws-marketplace:GetAgreementRequest", "aws-marketplace:AcceptAgreementRequest", "aws-marketplace:CancelAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:SearchAgreements", "aws-marketplace:CancelAgreement" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws-marketplace:AgreementType":"VendorInsightsAgreement" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Effect":"Allow", "Resource":"arn:aws:artifact:*::report/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-01T00:51:44+00:00" }, "AWSVendorInsightsAssessorReadOnly":{ "CreateDate":"2022-07-26T15:05:56+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "vendor-insights:ListEntitledSecurityProfiles", "vendor-insights:GetEntitledSecurityProfileSnapshot", "vendor-insights:ListEntitledSecurityProfileSnapshots" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Effect":"Allow", "Resource":"arn:aws:artifact:*::report/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-01T00:55:16+00:00" }, "AWSVendorInsightsVendorFullAccess":{ "CreateDate":"2022-07-26T15:05:27+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"aws-marketplace:DescribeEntity", "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:*/SaaSProduct/*" }, { "Action":"aws-marketplace:ListEntities", "Effect":"Allow", "Resource":"*" }, { "Action":[ "vendor-insights:CreateDataSource", "vendor-insights:UpdateDataSource", "vendor-insights:DeleteDataSource", "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:CreateSecurityProfile", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:AssociateDataSource", "vendor-insights:DisassociateDataSource", "vendor-insights:UpdateSecurityProfile", "vendor-insights:ActivateSecurityProfile", "vendor-insights:DeactivateSecurityProfile", "vendor-insights:UpdateSecurityProfileSnapshotCreationConfiguration", "vendor-insights:UpdateSecurityProfileSnapshotReleaseConfiguration", "vendor-insights:ListSecurityProfileSnapshots", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:TagResource", "vendor-insights:UntagResource", "vendor-insights:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:CancelAgreement", "aws-marketplace:SearchAgreements" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws-marketplace:AgreementType":"VendorInsightsAgreement" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Effect":"Allow", "Resource":"arn:aws:artifact:*::report/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-19T01:41:01+00:00" }, "AWSVendorInsightsVendorReadOnly":{ "CreateDate":"2022-07-26T15:05:34+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"aws-marketplace:DescribeEntity", "Effect":"Allow", "Resource":"arn:aws:aws-marketplace:*:*:*/SaaSProduct/*" }, { "Action":"aws-marketplace:ListEntities", "Effect":"Allow", "Resource":"*" }, { "Action":[ "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", "vendor-insights:ListSecurityProfileSnapshots", "vendor-insights:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListReports" ], "Effect":"Allow", "Resource":"arn:aws:artifact:*::report/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-01T00:54:38+00:00" }, "AWSVpcLatticeServiceRolePolicy":{ "CreateDate":"2022-11-30T20:47:10+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/VpcLattice" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*", "Sid":"VpcLatticeDescribeActions" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:RequestTag/VpcLatticeManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"VpcLatticeCreateNetworkInterfaceWithTag" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"VpcLatticeCreateNetworkInterfaceWithSubnetAndSecurityGroup" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"VpcLatticeTagNetworkInterfaceActions" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/VpcLatticeManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"VpcLatticeMutateNetworkInterfaceActions" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"VpcLatticeModifyNetworkInterfaceSecurityGroup" }, { "Action":[ "ec2:AssignIpv6Addresses", "ec2:UnassignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/VpcLatticeManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"VpcLatticeModifyNetworkInterfaceActionsIpAddressActions" }, { "Action":[ "route53:AssociateVPCWithHostedZone" ], "Effect":"Allow", "Resource":"*", "Sid":"VpcLatticeAssociateHostedZoneToVpc" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T14:06:06+00:00" }, "AWSWAFConsoleFullAccess":{ "CreateDate":"2020-04-06T18:38:38+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "apigateway:GET", "apigateway:SetWebACL", "cloudfront:ListDistributions", "cloudfront:ListDistributionsByWebACLId", "cloudfront:UpdateDistribution", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeRegions", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:SetWebACL", "appsync:ListGraphqlApis", "appsync:SetWebACL", "waf-regional:*", "waf:*", "wafv2:*", "s3:ListAllMyBuckets", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", "cognito-idp:ListUserPools", "cognito-idp:AssociateWebACL", "cognito-idp:DisassociateWebACL", "cognito-idp:ListResourcesForWebACL", "cognito-idp:GetWebACLForResource", "apprunner:AssociateWebAcl", "apprunner:DisassociateWebAcl", "apprunner:DescribeWebAclForService", "apprunner:ListServices", "apprunner:ListAssociatedServicesForWebAcl", "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", "ec2:GetVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowUseOfAWSWAF" }, { "Action":[ "logs:CreateLogDelivery", "logs:DeleteLogDelivery" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowLogDeliverySubscription" }, { "Action":[ "s3:PutBucketPolicy", "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-waf-logs-*" ], "Sid":"GrantLogDeliveryPermissionForS3Bucket" }, { "Action":[ "logs:PutResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "wafv2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"GrantLogDeliveryPermissionForCloudWatchLogGroup" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-05T20:56:03+00:00" }, "AWSWAFConsoleReadOnlyAccess":{ "CreateDate":"2020-04-06T18:43:24+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "apigateway:GET", "cloudfront:ListDistributions", "cloudfront:ListDistributionsByWebACLId", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeRegions", "elasticloadbalancing:DescribeLoadBalancers", "appsync:ListGraphqlApis", "waf-regional:Get*", "waf-regional:List*", "waf:Get*", "waf:List*", "wafv2:Describe*", "wafv2:Get*", "wafv2:List*", "wafv2:CheckCapacity", "cognito-idp:ListUserPools", "cognito-idp:ListResourcesForWebACL", "cognito-idp:GetWebACLForResource", "apprunner:DescribeWebAclForService", "apprunner:ListServices", "apprunner:ListAssociatedServicesForWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", "ec2:GetVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstances" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-05T20:56:51+00:00" }, "AWSWAFFullAccess":{ "CreateDate":"2015-10-06T20:44:00+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "waf:*", "waf-regional:*", "wafv2:*", "elasticloadbalancing:SetWebACL", "apigateway:SetWebACL", "appsync:SetWebACL", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", "cognito-idp:AssociateWebACL", "cognito-idp:DisassociateWebACL", "cognito-idp:ListResourcesForWebACL", "cognito-idp:GetWebACLForResource", "apprunner:AssociateWebAcl", "apprunner:DisassociateWebAcl", "apprunner:DescribeWebAclForService", "apprunner:ListServices", "apprunner:ListAssociatedServicesForWebAcl", "ec2:AssociateVerifiedAccessInstanceWebAcl", "ec2:DisassociateVerifiedAccessInstanceWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", "ec2:GetVerifiedAccessInstanceWebAcl" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowUseOfAWSWAF" }, { "Action":[ "logs:CreateLogDelivery", "logs:DeleteLogDelivery" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowLogDeliverySubscription" }, { "Action":[ "s3:PutBucketPolicy", "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-waf-logs-*" ], "Sid":"GrantLogDeliveryPermissionForS3Bucket" }, { "Action":[ "logs:PutResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "wafv2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"GrantLogDeliveryPermissionForCloudWatchLogGroup" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-05T20:55:25+00:00" }, "AWSWAFReadOnlyAccess":{ "CreateDate":"2015-10-06T20:43:45+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "waf:Get*", "waf:List*", "waf-regional:Get*", "waf-regional:List*", "wafv2:Get*", "wafv2:List*", "wafv2:Describe*", "wafv2:CheckCapacity", "cognito-idp:ListResourcesForWebACL", "cognito-idp:GetWebACLForResource", "apprunner:DescribeWebAclForService", "apprunner:ListServices", "apprunner:ListAssociatedServicesForWebAcl", "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", "ec2:GetVerifiedAccessInstanceWebAcl" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-05T20:55:48+00:00" }, "AWSWellArchitectedDiscoveryServiceRolePolicy":{ "CreateDate":"2023-04-26T18:36:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "trustedadvisor:DescribeChecks", "trustedadvisor:DescribeCheckItems" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "resource-groups:ListGroupResources", "tag:GetResources" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "servicecatalog:ListAssociatedResources", "servicecatalog:GetApplication", "servicecatalog:CreateAttributeGroup" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "servicecatalog:AssociateAttributeGroup", "servicecatalog:DisassociateAttributeGroup" ], "Effect":"Allow", "Resource":[ "arn:*:servicecatalog:*:*:/applications/*", "arn:*:servicecatalog:*:*:/attribute-groups/AWS_WellArchitected-*" ] }, { "Action":[ "servicecatalog:UpdateAttributeGroup", "servicecatalog:DeleteAttributeGroup" ], "Effect":"Allow", "Resource":[ "arn:*:servicecatalog:*:*:/attribute-groups/AWS_WellArchitected-*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-26T18:36:40+00:00" }, "AWSWellArchitectedOrganizationsServiceRolePolicy":{ "CreateDate":"2022-06-23T17:15:26+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListChildren", "organizations:ListParents", "organizations:ListRoots" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-25T18:03:31+00:00" }, "AWSWickrFullAccess":{ "CreateDate":"2022-11-27T20:36:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"wickr:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-27T20:36:44+00:00" }, "AWSXRayDaemonWriteAccess":{ "CreateDate":"2018-08-28T23:00:33+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSXRayDaemonWriteAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-13T21:58:30+00:00" }, "AWSXrayCrossAccountSharingConfiguration":{ "CreateDate":"2022-11-27T13:46:35+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "xray:Link", "oam:ListLinks" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "oam:DeleteLink", "oam:GetLink", "oam:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:oam:*:*:link/*" }, { "Action":[ "oam:CreateLink", "oam:UpdateLink" ], "Effect":"Allow", "Resource":[ "arn:aws:oam:*:*:link/*", "arn:aws:oam:*:*:sink/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-27T13:46:35+00:00" }, "AWSXrayFullAccess":{ "CreateDate":"2016-12-01T18:30:55+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "xray:*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSXrayFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-11T17:07:36+00:00" }, "AWSXrayReadOnlyAccess":{ "CreateDate":"2016-12-01T18:27:02+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries", "xray:BatchGetTraces", "xray:BatchGetTraceSummaryById", "xray:GetDistinctTraceGraphs", "xray:GetServiceGraph", "xray:GetTraceGraph", "xray:GetTraceSummaries", "xray:GetGroups", "xray:GetGroup", "xray:ListTagsForResource", "xray:ListResourcePolicies", "xray:GetTimeSeriesServiceStatistics", "xray:GetInsightSummaries", "xray:GetInsight", "xray:GetInsightEvents", "xray:GetInsightImpactGraph" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSXrayReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-14T00:35:02+00:00" }, "AWSXrayWriteOnlyAccess":{ "CreateDate":"2016-12-01T18:19:53+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-08-28T23:03:04+00:00" }, "AWSZonalAutoshiftPracticeRunSLRPolicy":{ "CreateDate":"2023-11-29T17:34:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarms", "health:DescribeEvents" ], "Effect":"Allow", "Resource":"*", "Sid":"MonitoringPermissions" }, { "Action":[ "arc-zonal-shift:CancelZonalShift", "arc-zonal-shift:GetManagedResource", "arc-zonal-shift:StartZonalShift", "arc-zonal-shift:UpdateZonalShift" ], "Effect":"Allow", "Resource":"*", "Sid":"ZonalShiftManagementPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-29T17:34:54+00:00" }, "AWS_ConfigRole":{ "CreateDate":"2020-09-15T20:30:30+00:00", "DefaultVersionId":"v35", "Document":{ "Statement":[ { "Action":[ "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "account:GetAlternateContact", "acm-pca:DescribeCertificateAuthority", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:ListCertificateAuthorities", "acm-pca:ListTags", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", "airflow:GetEnvironment", "airflow:ListEnvironments", "airflow:ListTagsForResource", "amplify:GetApp", "amplify:GetBranch", "amplify:ListApps", "amplify:ListBranches", "amplifyuibuilder:ExportThemes", "amplifyuibuilder:GetTheme", "amplifyuibuilder:ListThemes", "aoss:BatchGetCollection", "aoss:BatchGetLifecyclePolicy", "aoss:BatchGetVpcEndpoint", "aoss:GetAccessPolicy", "aoss:GetSecurityConfig", "aoss:GetSecurityPolicy", "aoss:ListAccessPolicies", "aoss:ListCollections", "aoss:ListLifecyclePolicies", "aoss:ListSecurityConfigs", "aoss:ListSecurityPolicies", "aoss:ListVpcEndpoints", "apigateway:GET", "app-integrations:GetApplication", "app-integrations:GetEventIntegration", "app-integrations:ListApplications", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "app-integrations:ListTagsForResource", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", "appconfig:GetExtension", "appconfig:GetExtensionAssociation", "appconfig:GetHostedConfigurationVersion", "appconfig:ListApplications", "appconfig:ListConfigurationProfiles", "appconfig:ListDeployments", "appconfig:ListDeploymentStrategies", "appconfig:ListEnvironments", "appconfig:ListExtensionAssociations", "appconfig:ListExtensions", "appconfig:ListHostedConfigurationVersions", "appconfig:ListTagsForResource", "appflow:DescribeConnectorProfiles", "appflow:DescribeFlow", "appflow:ListFlows", "appflow:ListTagsForResource", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "appmesh:DescribeGatewayRoute", "appmesh:DescribeMesh", "appmesh:DescribeRoute", "appmesh:DescribeVirtualGateway", "appmesh:DescribeVirtualNode", "appmesh:DescribeVirtualRouter", "appmesh:DescribeVirtualService", "appmesh:ListGatewayRoutes", "appmesh:ListMeshes", "appmesh:ListRoutes", "appmesh:ListTagsForResource", "appmesh:ListVirtualGateways", "appmesh:ListVirtualNodes", "appmesh:ListVirtualRouters", "appmesh:ListVirtualServices", "apprunner:DescribeService", "apprunner:DescribeVpcConnector", "apprunner:ListServices", "apprunner:ListTagsForResource", "apprunner:ListVpcConnectors", "appstream:DescribeAppBlockBuilders", "appstream:DescribeApplications", "appstream:DescribeDirectoryConfigs", "appstream:DescribeFleets", "appstream:DescribeStacks", "appstream:ListTagsForResource", "appsync:GetApiCache", "appsync:GetGraphqlApi", "appsync:ListGraphqlApis", "aps:DescribeAlertManagerDefinition", "aps:DescribeLoggingConfiguration", "APS:DescribeRuleGroupsNamespace", "APS:DescribeWorkspace", "aps:ListRuleGroupsNamespaces", "aps:ListTagsForResource", "APS:ListWorkspaces", "athena:GetDataCatalog", "athena:GetPreparedStatement", "athena:GetWorkGroup", "athena:ListDataCatalogs", "athena:ListPreparedStatements", "athena:ListTagsForResource", "athena:ListWorkGroups", "auditmanager:GetAccountStatus", "auditmanager:GetAssessment", "auditmanager:ListAssessments", "autoscaling-plans:DescribeScalingPlanResources", "autoscaling-plans:DescribeScalingPlans", "autoscaling-plans:GetScalingPlanResourceForecastData", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", "autoscaling:DescribeWarmPool", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup:DescribeBackupVault", "backup:DescribeFramework", "backup:DescribeProtectedResource", "backup:DescribeRecoveryPoint", "backup:DescribeReportPlan", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:GetRestoreTestingPlan", "backup:GetRestoreTestingSelection", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListFrameworks", "backup:ListRecoveryPointsByBackupVault", "backup:ListReportPlans", "backup:ListRestoreTestingPlans", "backup:ListRestoreTestingSelections", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "batch:ListTagsForResource", "billingconductor:ListAccountAssociations", "billingconductor:ListBillingGroups", "billingconductor:ListCustomLineItems", "billingconductor:ListPricingPlans", "billingconductor:ListPricingRules", "billingconductor:ListPricingRulesAssociatedToPricingPlan", "billingconductor:ListTagsForResource", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionsForBudget", "budgets:ViewBudget", "cassandra:Select", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListTrainingDatasets", "cloud9:DescribeEnvironmentMemberships", "cloud9:DescribeEnvironments", "cloud9:ListEnvironments", "cloud9:ListTagsForResource", "cloudformation:DescribeType", "cloudformation:GetResource", "cloudformation:ListResources", "cloudformation:ListStackResources", "cloudformation:ListStacks", "cloudformation:ListTypes", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:GetResponseHeadersPolicy", "cloudfront:ListDistributions", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "cloudfront:ListResponseHeadersPolicies", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudTrail:GetChannel", "cloudtrail:GetEventDataStore", "cloudtrail:GetEventSelectors", "cloudtrail:GetInsightSelectors", "cloudtrail:GetTrailStatus", "cloudTrail:ListChannels", "cloudtrail:ListEventDataStores", "cloudtrail:ListTags", "cloudtrail:ListTrails", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAnomalyDetectors", "cloudwatch:GetDashboard", "cloudwatch:GetMetricStream", "cloudwatch:ListDashboards", "cloudwatch:ListMetricStreams", "cloudwatch:ListTagsForResource", "codeartifact:DescribeRepository", "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:ListDomains", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codeartifact:ListRepositories", "codeartifact:ListTagsForResource", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codecommit:ListRepositories", "codecommit:ListTagsForResource", "codedeploy:GetDeploymentConfig", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "cognito-identity:DescribeIdentityPool", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:GetPrincipalTagAttributeMap", "cognito-identity:ListIdentityPools", "cognito-identity:ListTagsForResource", "cognito-idp:DescribeIdentityProvider", "cognito-idp:DescribeResourceServer", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:DescribeUserPoolDomain", "cognito-idp:GetGroup", "cognito-idp:GetUserPoolMfaConfig", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", "cognito-idp:ListResourceServers", "cognito-idp:ListTagsForResource", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", "comprehend:DescribeFlywheel", "comprehend:ListFlywheels", "comprehend:ListTagsForResource", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", "connect:DescribeEvaluationForm", "connect:DescribeInstance", "connect:DescribeInstanceStorageConfig", "connect:DescribePhoneNumber", "connect:DescribePrompt", "connect:DescribeQueue", "connect:DescribeQuickConnect", "connect:DescribeRoutingProfile", "connect:DescribeRule", "connect:DescribeSecurityProfile", "connect:DescribeUser", "connect:GetTaskTemplate", "connect:ListApprovedOrigins", "connect:ListEvaluationForms", "connect:ListInstanceAttributes", "connect:ListInstances", "connect:ListInstanceStorageConfigs", "connect:ListIntegrationAssociations", "connect:ListPhoneNumbers", "connect:ListPhoneNumbersV2", "connect:ListPrompts", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListQuickConnects", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListRules", "connect:ListSecurityKeys", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "connect:ListTagsForResource", "connect:ListTaskTemplates", "connect:ListUsers", "connect:SearchAvailablePhoneNumbers", "databrew:DescribeDataset", "databrew:DescribeJob", "databrew:DescribeProject", "databrew:DescribeRecipe", "databrew:DescribeRuleset", "databrew:DescribeSchedule", "databrew:ListDatasets", "databrew:ListJobs", "databrew:ListProjects", "databrew:ListRecipes", "databrew:ListRecipeVersions", "databrew:ListRulesets", "databrew:ListSchedules", "datasync:DescribeAgent", "datasync:DescribeLocationEfs", "datasync:DescribeLocationFsxLustre", "datasync:DescribeLocationFsxWindows", "datasync:DescribeLocationHdfs", "datasync:DescribeLocationNfs", "datasync:DescribeLocationObjectStorage", "datasync:DescribeLocationS3", "datasync:DescribeLocationSmb", "datasync:DescribeTask", "datasync:ListAgents", "datasync:ListLocations", "datasync:ListTagsForResource", "datasync:ListTasks", "datazone:GetDomain", "datazone:ListDomains", "dax:DescribeClusters", "dax:DescribeParameterGroups", "dax:DescribeParameters", "dax:DescribeSubnetGroups", "dax:ListTags", "detective:ListGraphs", "detective:ListTagsForResource", "devicefarm:GetInstanceProfile", "devicefarm:GetNetworkProfile", "devicefarm:GetProject", "devicefarm:GetTestGridProject", "devicefarm:ListInstanceProfiles", "devicefarm:ListNetworkProfiles", "devicefarm:ListProjects", "devicefarm:ListTagsForResource", "devicefarm:ListTestGridProjects", "devops-guru:GetResourceCollection", "devops-guru:ListNotificationChannels", "dms:DescribeCertificates", "dms:DescribeEndpoints", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", "dms:DescribeReplicationTaskAssessmentRuns", "dms:DescribeReplicationTasks", "dms:ListTagsForResource", "ds:DescribeDirectories", "ds:DescribeDomainControllers", "ds:DescribeEventTopics", "ds:ListLogSubscriptions", "ds:ListTagsForResource", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:DescribeClientVpnAuthorizationRules", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeDhcpOptions", "ec2:DescribeFleets", "ec2:DescribeNetworkAcls", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables", "ec2:DescribeSpotFleetRequests", "ec2:DescribeTags", "ec2:DescribeTrafficMirrorFilters", "ec2:DescribeTrafficMirrorSessions", "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumes", "ec2:DescribeVpcEndpoints", "ec2:GetAllowedImagesSettings", "ec2:GetEbsEncryptionByDefault", "ec2:GetInstanceTypesFromInstanceRequirements", "ec2:GetIpamPoolAllocations", "ec2:GetIpamPoolCidrs", "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", "ec2:GetSnapshotBlockPublicAccessState", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", "ecr:BatchGetRepositoryScanningConfiguration", "ecr:DescribePullThroughCacheRules", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", "ecs:DescribeCapacityProviders", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListServices", "ecs:ListTagsForResource", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "eks:DescribeAddon", "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeIdentityProviderConfig", "eks:DescribeNodegroup", "eks:ListAddons", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListIdentityProviderConfigs", "eks:ListNodegroups", "eks:ListTagsForResource", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheParameters", "elasticache:DescribeCacheSecurityGroups", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeGlobalReplicationGroups", "elasticache:DescribeReplicationGroups", "elasticache:DescribeSnapshots", "elasticache:DescribeUserGroups", "elasticache:DescribeUsers", "elasticache:ListTagsForResource", "elasticbeanstalk:DescribeConfigurationSettings", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeTags", "elasticloadbalancing:DescribeListenerCertificates", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:DescribeStudio", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetStudioSessionMapping", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ListStudios", "elasticmapreduce:ListStudioSessionMappings", "emr-containers:DescribeVirtualCluster", "emr-containers:ListVirtualClusters", "emr-serverless:GetApplication", "emr-serverless:ListApplications", "es:DescribeDomain", "es:DescribeDomains", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:GetCompatibleElasticsearchVersions", "es:GetCompatibleVersions", "es:ListDomainNames", "es:ListTags", "events:DescribeApiDestination", "events:DescribeArchive", "events:DescribeConnection", "events:DescribeEndpoint", "events:DescribeEventBus", "events:DescribeRule", "events:ListApiDestinations", "events:ListArchives", "events:ListConnections", "events:ListEndpoints", "events:ListEventBuses", "events:ListRules", "events:ListTagsForResource", "events:ListTargetsByRule", "evidently:GetLaunch", "evidently:GetProject", "evidently:GetSegment", "evidently:ListLaunches", "evidently:ListProjects", "evidently:ListSegments", "evidently:ListTagsForResource", "finspace:GetEnvironment", "finspace:ListEnvironments", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", "fis:GetExperimentTemplate", "fis:ListExperimentTemplates", "fms:GetNotificationChannel", "fms:GetPolicy", "fms:ListPolicies", "fms:ListTagsForResource", "forecast:DescribeDataset", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "forecast:ListDatasets", "forecast:ListTagsForResource", "frauddetector:GetDetectors", "frauddetector:GetDetectorVersion", "frauddetector:GetEntityTypes", "frauddetector:GetEventTypes", "frauddetector:GetExternalModels", "frauddetector:GetLabels", "frauddetector:GetModels", "frauddetector:GetOutcomes", "frauddetector:GetRules", "frauddetector:GetVariables", "frauddetector:ListTagsForResource", "fsx:DescribeBackups", "fsx:DescribeDataRepositoryAssociations", "fsx:DescribeFileSystems", "fsx:DescribeSnapshots", "fsx:DescribeStorageVirtualMachines", "fsx:DescribeVolumes", "fsx:ListTagsForResource", "gamelift:DescribeAlias", "gamelift:DescribeBuild", "gamelift:DescribeFleetAttributes", "gamelift:DescribeFleetCapacity", "gamelift:DescribeFleetLocationAttributes", "gamelift:DescribeFleetLocationCapacity", "gamelift:DescribeFleetPortSettings", "gamelift:DescribeGameServerGroup", "gamelift:DescribeGameSessionQueues", "gamelift:DescribeMatchmakingConfigurations", "gamelift:DescribeMatchmakingRuleSets", "gamelift:DescribeRuntimeConfiguration", "gamelift:DescribeScript", "gamelift:DescribeVpcPeeringAuthorizations", "gamelift:DescribeVpcPeeringConnections", "gamelift:ListAliases", "gamelift:ListBuilds", "gamelift:ListFleets", "gamelift:ListGameServerGroups", "gamelift:ListScripts", "gamelift:ListTagsForResource", "geo:DescribeGeofenceCollection", "geo:DescribeMap", "geo:DescribePlaceIndex", "geo:DescribeRouteCalculator", "geo:DescribeTracker", "geo:ListGeofenceCollections", "geo:ListMaps", "geo:ListPlaceIndexes", "geo:ListRouteCalculators", "geo:ListTrackerConsumers", "geo:ListTrackers", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", "globalaccelerator:ListTagsForResource", "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetWorkflows", "glue:GetClassifier", "glue:GetClassifiers", "glue:GetCrawler", "glue:GetCrawlers", "glue:GetDatabase", "glue:GetDatabases", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobs", "glue:GetMLTransform", "glue:GetMLTransforms", "glue:GetPartition", "glue:GetPartitions", "glue:GetRegistry", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTable", "glue:GetTags", "glue:GetTrigger", "glue:GetWorkflow", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListMLTransforms", "glue:ListRegistries", "glue:ListTriggers", "glue:ListWorkflows", "grafana:DescribeWorkspace", "grafana:DescribeWorkspaceAuthentication", "grafana:DescribeWorkspaceConfiguration", "grafana:ListWorkspaces", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetConfig", "groundstation:GetDataflowEndpointGroup", "groundstation:GetMissionProfile", "groundstation:ListConfigs", "groundstation:ListDataflowEndpointGroups", "groundstation:ListMissionProfiles", "groundstation:ListTagsForResource", "guardduty:DescribePublishingDestination", "guardduty:GetAdministratorAccount", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetFindings", "guardduty:GetIPSet", "guardduty:GetMasterAccount", "guardduty:GetMemberDetectors", "guardduty:GetMembers", "guardduty:GetThreatIntelSet", "guardduty:ListDetectors", "guardduty:ListFilters", "guardduty:ListFindings", "guardduty:ListIPSets", "guardduty:ListMembers", "guardduty:ListOrganizationAdminAccounts", "guardduty:ListPublishingDestinations", "guardduty:ListTagsForResource", "guardduty:ListThreatIntelSets", "healthlake:DescribeFHIRDatastore", "healthlake:ListFHIRDatastores", "healthlake:ListTagsForResource", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetInstanceProfile", "iam:GetOpenIDConnectProvider", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAccessKeys", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroups", "iam:ListGroupsForUser", "iam:ListInstanceProfiles", "iam:ListInstanceProfilesForRole", "iam:ListInstanceProfileTags", "iam:ListMFADevices", "iam:ListMFADeviceTags", "iam:ListOpenIDConnectProviders", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListSAMLProviders", "iam:ListServerCertificates", "iam:ListUserPolicies", "iam:ListUsers", "iam:ListVirtualMFADevices", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership", "identitystore:ListGroupMemberships", "identitystore:ListGroups", "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", "imagebuilder:GetImage", "imagebuilder:GetImagePipeline", "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:GetLifecyclePolicy", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", "imagebuilder:ListContainerRecipes", "imagebuilder:ListDistributionConfigurations", "imagebuilder:ListImageBuildVersions", "imagebuilder:ListImagePipelines", "imagebuilder:ListImageRecipes", "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", "imagebuilder:ListLifecyclePolicies", "inspector2:BatchGetAccountStatus", "inspector2:GetDelegatedAdminAccount", "inspector2:ListFilters", "inspector2:ListMembers", "iot:DescribeAccountAuditConfiguration", "iot:DescribeAuthorizer", "iot:DescribeBillingGroup", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:DescribeCustomMetric", "iot:DescribeDimension", "iot:DescribeDomainConfiguration", "iot:DescribeFleetMetric", "iot:DescribeJobTemplate", "iot:DescribeMitigationAction", "iot:DescribeProvisioningTemplate", "iot:DescribeRoleAlias", "iot:DescribeScheduledAudit", "iot:DescribeSecurityProfile", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:GetPolicy", "iot:GetTopicRule", "iot:GetTopicRuleDestination", "iot:ListAuthorizers", "iot:ListBillingGroups", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListCustomMetrics", "iot:ListDimensions", "iot:ListDomainConfigurations", "iot:ListFleetMetrics", "iot:ListJobTemplates", "iot:ListMitigationActions", "iot:ListPolicies", "iot:ListProvisioningTemplates", "iot:ListRoleAliases", "iot:ListScheduledAudits", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTagsForResource", "iot:ListTargetsForSecurityProfile", "iot:ListThingGroups", "iot:ListThingTypes", "iot:ListTopicRuleDestinations", "iot:ListTopicRules", "iot:ListV2LoggingLevels", "iot:ValidateSecurityProfileBehaviors", "iotanalytics:DescribeChannel", "iotanalytics:DescribeDataset", "iotanalytics:DescribeDatastore", "iotanalytics:DescribePipeline", "iotanalytics:ListChannels", "iotanalytics:ListDatasets", "iotanalytics:ListDatastores", "iotanalytics:ListPipelines", "iotanalytics:ListTagsForResource", "iotevents:DescribeAlarmModel", "iotevents:DescribeDetectorModel", "iotevents:DescribeInput", "iotevents:ListAlarmModels", "iotevents:ListDetectorModels", "iotevents:ListInputs", "iotevents:ListTagsForResource", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotsitewise:DescribeAccessPolicy", "iotsitewise:DescribeAsset", "iotsitewise:DescribeAssetModel", "iotsitewise:DescribeDashboard", "iotsitewise:DescribeGateway", "iotsitewise:DescribePortal", "iotsitewise:DescribeProject", "iotsitewise:ListAccessPolicies", "iotsitewise:ListAssetModels", "iotsitewise:ListAssets", "iotsitewise:ListDashboards", "iotsitewise:ListGateways", "iotsitewise:ListPortals", "iotsitewise:ListProjectAssets", "iotsitewise:ListProjects", "iotsitewise:ListTagsForResource", "iottwinmaker:GetComponentType", "iottwinmaker:GetEntity", "iottwinmaker:GetScene", "iottwinmaker:GetSyncJob", "iottwinmaker:GetWorkspace", "iottwinmaker:ListComponentTypes", "iottwinmaker:ListEntities", "iottwinmaker:ListScenes", "iottwinmaker:ListSyncJobs", "iottwinmaker:ListTagsForResource", "iottwinmaker:ListWorkspaces", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayTaskDefinition", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "iotwireless:ListServiceProfiles", "iotwireless:ListTagsForResource", "iotwireless:ListWirelessDevices", "iotwireless:ListWirelessGateways", "iotwireless:ListWirelessGatewayTaskDefinitions", "ivs:GetChannel", "ivs:GetEncoderConfiguration", "ivs:GetPlaybackKeyPair", "ivs:GetPlaybackRestrictionPolicy", "ivs:GetRecordingConfiguration", "ivs:GetStage", "ivs:GetStorageConfiguration", "ivs:GetStreamKey", "ivs:ListChannels", "ivs:ListEncoderConfigurations", "ivs:ListPlaybackKeyPairs", "ivs:ListPlaybackRestrictionPolicies", "ivs:ListRecordingConfigurations", "ivs:ListStages", "ivs:ListStorageConfigurations", "ivs:ListStreamKeys", "ivs:ListTagsForResource", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom", "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "kafka:DescribeCluster", "kafka:DescribeClusterV2", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:DescribeVpcConnection", "kafka:GetClusterPolicy", "kafka:ListClusters", "kafka:ListClustersV2", "kafka:ListConfigurations", "kafka:ListScramSecrets", "kafka:ListTagsForResource", "kafka:ListVpcConnections", "kafkaconnect:DescribeConnector", "kafkaconnect:ListConnectors", "kendra:DescribeIndex", "kendra:ListIndices", "kendra:ListTagsForResource", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:DescribeApplication", "kinesisanalytics:ListApplications", "kinesisanalytics:ListTagsForResource", "kinesisvideo:DescribeSignalingChannel", "kinesisvideo:DescribeStream", "kinesisvideo:ListSignalingChannels", "kinesisvideo:ListStreams", "kinesisvideo:ListTagsForResource", "kinesisvideo:ListTagsForStream", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListKeys", "kms:ListResourceTags", "lakeformation:DescribeResource", "lakeformation:GetDataLakeSettings", "lakeformation:ListPermissions", "lakeformation:ListResources", "lambda:GetAlias", "lambda:GetCodeSigningConfig", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetLayerVersion", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListCodeSigningConfigs", "lambda:ListFunctions", "lambda:ListLayers", "lambda:ListLayerVersions", "lambda:ListTags", "lambda:ListVersionsByFunction", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotVersion", "lex:DescribeResourcePolicy", "lex:ListBotAliases", "lex:ListBotLocales", "lex:ListBots", "lex:ListBotVersions", "lex:ListTagsForResource", "license-manager:GetGrant", "license-manager:GetLicense", "license-manager:ListDistributedGrants", "license-manager:ListLicenses", "license-manager:ListReceivedGrants", "lightsail:GetAlarms", "lightsail:GetBuckets", "lightsail:GetCertificates", "lightsail:GetContainerServices", "lightsail:GetDisk", "lightsail:GetDisks", "lightsail:GetDistributions", "lightsail:GetInstance", "lightsail:GetInstances", "lightsail:GetKeyPair", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancers", "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetRelationalDatabase", "lightsail:GetRelationalDatabaseParameters", "lightsail:GetRelationalDatabases", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "logs:DescribeDestinations", "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "logs:GetDataProtectionPolicy", "logs:GetLogAnomalyDetector", "logs:GetLogDelivery", "logs:ListLogAnomalyDetectors", "logs:ListLogDeliveries", "logs:ListTagsLogGroup", "lookoutequipment:DescribeInferenceScheduler", "lookoutequipment:ListTagsForResource", "lookoutmetrics:DescribeAlert", "lookoutmetrics:DescribeAnomalyDetector", "lookoutmetrics:ListAlerts", "lookoutmetrics:ListAnomalyDetectors", "lookoutmetrics:ListMetricSets", "lookoutmetrics:ListTagsForResource", "lookoutvision:DescribeProject", "lookoutvision:ListProjects", "m2:GetEnvironment", "m2:ListEnvironments", "m2:ListTagsForResource", "macie2:DescribeOrganizationConfiguration", "macie2:GetAutomatedDiscoveryConfiguration", "macie2:GetClassificationExportConfiguration", "macie2:GetCustomDataIdentifier", "macie2:GetFindingsPublicationConfiguration", "macie2:GetMacieSession", "macie2:ListCustomDataIdentifiers", "macie2:ListTagsForResource", "managedblockchain:GetMember", "managedblockchain:GetNetwork", "managedblockchain:GetNode", "managedblockchain:ListInvitations", "managedblockchain:ListMembers", "managedblockchain:ListNodes", "mediaconnect:DescribeBridge", "mediaconnect:DescribeFlow", "mediaconnect:DescribeGateway", "mediaconnect:ListBridges", "mediaconnect:ListFlows", "mediaconnect:ListGateways", "mediaconnect:ListTagsForResource", "mediapackage-vod:DescribePackagingConfiguration", "mediapackage-vod:DescribePackagingGroup", "mediapackage-vod:ListPackagingConfigurations", "mediapackage-vod:ListPackagingGroups", "mediapackage-vod:ListTagsForResource", "mediatailor:DescribeChannel", "mediatailor:DescribeLiveSource", "mediatailor:DescribeSourceLocation", "mediatailor:DescribeVodSource", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListChannels", "mediatailor:ListLiveSources", "mediatailor:ListPlaybackConfigurations", "mediatailor:ListSourceLocations", "mediatailor:ListVodSources", "memorydb:DescribeAcls", "memorydb:DescribeClusters", "memorydb:DescribeParameterGroups", "memorydb:DescribeParameters", "memorydb:DescribeSubnetGroups", "memorydb:DescribeUsers", "memorydb:ListTags", "mobiletargeting:GetApp", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetApps", "mobiletargeting:GetCampaign", "mobiletargeting:GetCampaigns", "mobiletargeting:GetEmailChannel", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:GetInAppTemplate", "mobiletargeting:GetSegment", "mobiletargeting:GetSegments", "mobiletargeting:ListTagsForResource", "mobiletargeting:ListTemplates", "mq:DescribeBroker", "mq:ListBrokers", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", "networkmanager:DescribeGlobalNetworks", "networkmanager:GetConnectPeer", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetDevices", "networkmanager:GetLinkAssociations", "networkmanager:GetLinks", "networkmanager:GetSites", "networkmanager:GetTransitGatewayRegistrations", "networkmanager:ListConnectPeers", "networkmanager:ListTagsForResource", "nimble:GetLaunchProfile", "nimble:GetLaunchProfileDetails", "nimble:GetStreamingImage", "nimble:GetStudio", "nimble:GetStudioComponent", "nimble:ListLaunchProfiles", "nimble:ListStreamingImages", "nimble:ListStudioComponents", "nimble:ListStudios", "oam:GetSink", "oam:GetSinkPolicy", "oam:ListSinks", "omics:GetAnnotationStore", "omics:GetRunGroup", "omics:GetSequenceStore", "omics:GetVariantStore", "omics:GetWorkflow", "omics:ListAnnotationStores", "omics:ListRunGroups", "omics:ListSequenceStores", "omics:ListTagsForResource", "omics:ListVariantStores", "omics:ListWorkflows", "opsworks:DescribeInstances", "opsworks:DescribeLayers", "opsworks:DescribeTimeBasedAutoScaling", "opsworks:DescribeVolumes", "opsworks:ListTags", "organizations:DescribeAccount", "organizations:DescribeEffectivePolicy", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:DescribeResourcePolicy", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListPolicies", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListTagsForResource", "organizations:ListTargetsForPolicy", "panorama:DescribeApplicationInstance", "panorama:DescribeApplicationInstanceDetails", "panorama:DescribePackage", "panorama:DescribePackageVersion", "panorama:ListApplicationInstances", "panorama:ListNodes", "panorama:ListPackages", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "profile:GetDomain", "profile:GetIntegration", "profile:GetProfileObjectType", "profile:ListDomains", "profile:ListIntegrations", "profile:ListProfileObjectTypes", "profile:ListTagsForResource", "quicksight:DescribeAccountSubscription", "quicksight:DescribeAnalysis", "quicksight:DescribeAnalysisPermissions", "quicksight:DescribeDashboard", "quicksight:DescribeDashboardPermissions", "quicksight:DescribeDataSet", "quicksight:DescribeDataSetPermissions", "quicksight:DescribeDataSetRefreshProperties", "quicksight:DescribeDataSource", "quicksight:DescribeDataSourcePermissions", "quicksight:DescribeTemplate", "quicksight:DescribeTemplatePermissions", "quicksight:DescribeTheme", "quicksight:DescribeThemePermissions", "quicksight:ListAnalyses", "quicksight:ListDashboards", "quicksight:ListDataSets", "quicksight:ListDataSources", "quicksight:ListTagsForResource", "quicksight:ListTemplates", "quicksight:ListThemes", "ram:GetPermission", "ram:GetResourceShareAssociations", "ram:GetResourceShares", "ram:ListPermissionAssociations", "ram:ListPermissions", "ram:ListPermissionVersions", "ram:ListResources", "ram:ListResourceSharePermissions", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBProxies", "rds:DescribeDBProxyEndpoints", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEventSubscriptions", "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:ListTagsForResource", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:ListNamespaces", "redshift-serverless:ListTagsForResource", "redshift-serverless:ListWorkgroups", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeEndpointAccess", "redshift:DescribeEndpointAuthorization", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", "redshift:DescribeScheduledActions", "redshift:DescribeTags", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "rekognition:DescribeProjects", "rekognition:DescribeStreamProcessor", "rekognition:ListStreamProcessors", "rekognition:ListTagsForResource", "resiliencehub:DescribeApp", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:DescribeResiliencyPolicy", "resiliencehub:ListApps", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListResiliencyPolicies", "resiliencehub:ListTagsForResource", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "resource-groups:GetGroup", "resource-groups:GetGroupConfiguration", "resource-groups:GetGroupQuery", "resource-groups:GetTags", "resource-groups:ListGroupResources", "resource-groups:ListGroups", "robomaker:DescribeRobotApplication", "robomaker:DescribeSimulationApplication", "robomaker:ListRobotApplications", "robomaker:ListSimulationApplications", "route53-recovery-control-config:DescribeCluster", "route53-recovery-control-config:DescribeControlPanel", "route53-recovery-control-config:DescribeRoutingControl", "route53-recovery-control-config:DescribeSafetyRule", "route53-recovery-control-config:ListClusters", "route53-recovery-control-config:ListControlPanels", "route53-recovery-control-config:ListRoutingControls", "route53-recovery-control-config:ListSafetyRules", "route53-recovery-control-config:ListTagsForResource", "route53-recovery-readiness:GetCell", "route53-recovery-readiness:GetReadinessCheck", "route53-recovery-readiness:GetRecoveryGroup", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:ListCells", "route53-recovery-readiness:ListReadinessChecks", "route53-recovery-readiness:ListRecoveryGroups", "route53-recovery-readiness:ListResourceSets", "route53:GetChange", "route53:GetDNSSEC", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListCidrBlocks", "route53:ListCidrCollections", "route53:ListCidrLocations", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", "route53resolver:GetFirewallDomainList", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetFirewallRuleGroupAssociation", "route53resolver:GetResolverDnssecConfig", "route53resolver:GetResolverEndpoint", "route53resolver:GetResolverQueryLogConfig", "route53resolver:GetResolverQueryLogConfigAssociation", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:ListFirewallDomainLists", "route53resolver:ListFirewallDomains", "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListFirewallRules", "route53resolver:ListResolverDnssecConfigs", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverQueryLogConfigAssociations", "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors", "rum:ListTagsForResource", "s3-outposts:GetAccessPoint", "s3-outposts:GetAccessPointPolicy", "s3-outposts:GetBucket", "s3-outposts:GetBucketPolicy", "s3-outposts:GetBucketTagging", "s3-outposts:GetLifecycleConfiguration", "s3-outposts:ListAccessPoints", "s3-outposts:ListEndpoints", "s3-outposts:ListRegionalBuckets", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointForObjectLambda", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatus", "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMultiRegionAccessPoint", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", "s3:GetStorageLensGroup", "s3:ListAccessPoints", "s3:ListAccessPointsForObjectLambda", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListMultiRegionAccessPoints", "s3:ListStorageLensConfigurations", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "s3express:GetBucketPolicy", "s3express:GetEncryptionConfiguration", "s3express:GetLifecycleConfiguration", "s3express:ListAllMyDirectoryBuckets", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeDomain", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeFeatureGroup", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceExperiment", "sagemaker:DescribeModel", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribePipeline", "sagemaker:DescribeProject", "sagemaker:DescribeWorkteam", "sagemaker:ListAppImageConfigs", "sagemaker:ListCodeRepositories", "sagemaker:ListDataQualityJobDefinitions", "sagemaker:ListDeviceFleets", "sagemaker:ListDomains", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListFeatureGroups", "sagemaker:ListImages", "sagemaker:ListImageVersions", "sagemaker:ListInferenceExperiments", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelExplainabilityJobDefinitions", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelines", "sagemaker:ListProjects", "sagemaker:ListTags", "sagemaker:ListWorkteams", "scheduler:GetSchedule", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListSchedules", "scheduler:ListTagsForResource", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", "schemas:GetResourcePolicy", "schemas:ListDiscoverers", "schemas:ListRegistries", "schemas:ListSchemas", "sdb:GetAttributes", "sdb:ListDomains", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", "serviceCatalog:DescribePortfolioShares", "servicediscovery:GetInstance", "servicediscovery:GetNamespace", "servicediscovery:GetService", "servicediscovery:ListInstances", "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:ListTagsForResource", "ses:DescribeReceiptRule", "ses:DescribeReceiptRuleSet", "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetContactList", "ses:GetDedicatedIpPool", "ses:GetDedicatedIps", "ses:GetEmailTemplate", "ses:GetTemplate", "ses:ListConfigurationSets", "ses:ListContactLists", "ses:ListDedicatedIpPools", "ses:ListEmailTemplates", "ses:ListReceiptFilters", "ses:ListReceiptRuleSets", "ses:ListTemplates", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", "signer:GetSigningProfile", "signer:ListProfilePermissions", "signer:ListSigningProfiles", "sns:GetDataProtectionPolicy", "sns:GetSMSSandboxAccountStatus", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", "ssm-sap:ListTagsForResource", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:GetServiceSetting", "ssm:ListDocuments", "ssm:ListTagsForResource", "sso:DescribeInstanceAccessControlAttributeConfiguration", "sso:DescribePermissionSet", "sso:GetInlinePolicyForPermissionSet", "sso:ListManagedPoliciesInPermissionSet", "sso:ListPermissionSets", "sso:ListTagsForResource", "states:DescribeActivity", "states:DescribeStateMachine", "states:ListActivities", "states:ListStateMachines", "states:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", "sts:GetCallerIdentity", "support:DescribeCases", "synthetics:DescribeCanaries", "synthetics:DescribeCanariesLastRun", "synthetics:DescribeRuntimeVersions", "synthetics:GetCanary", "synthetics:GetCanaryRuns", "synthetics:GetGroup", "synthetics:ListAssociatedGroups", "synthetics:ListGroupResources", "synthetics:ListGroups", "synthetics:ListTagsForResource", "tag:GetResources", "timestream:DescribeDatabase", "timestream:DescribeEndpoints", "timestream:DescribeTable", "timestream:ListDatabases", "timestream:ListTables", "timestream:ListTagsForResource", "transfer:DescribeAgreement", "transfer:DescribeCertificate", "transfer:DescribeConnector", "transfer:DescribeProfile", "transfer:DescribeServer", "transfer:DescribeUser", "transfer:DescribeWorkflow", "transfer:ListAgreements", "transfer:ListCertificates", "transfer:ListConnectors", "transfer:ListProfiles", "transfer:ListServers", "transfer:ListTagsForResource", "transfer:ListUsers", "transfer:ListWorkflows", "voiceid:DescribeDomain", "voiceid:ListTagsForResource", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", "vpc-lattice:ListTargets", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", "waf-regional:ListLoggingConfigurations", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration", "wafv2:GetRuleGroup", "wafv2:ListRuleGroups", "wafv2:ListTagsForResource", "workspaces:DescribeConnectionAliases", "workspaces:DescribeTags", "workspaces:DescribeWorkspaces" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSConfigRoleStatementID" }, { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*", "Sid":"ConfigLogStreamStatementID" }, { "Action":"logs:PutLogEvents", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*", "Sid":"ConfigLogEventsStatementID" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-27T15:37:07+00:00" }, "AWSrePostPrivateCloudWatchAccess":{ "CreateDate":"2023-11-15T16:37:33+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/rePostPrivate", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchPublishMetrics" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-15T16:37:33+00:00" }, "AccessAnalyzerServiceRolePolicy":{ "CreateDate":"2019-12-02T17:13:10+00:00", "DefaultVersionId":"v15", "Document":{ "Statement":[ { "Action":[ "dynamodb:GetResourcePolicy", "dynamodb:ListStreams", "dynamodb:ListTables", "ec2:DescribeAddresses", "ec2:DescribeByoipCidrs", "ec2:DescribeSnapshotAttribute", "ec2:DescribeSnapshots", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:GetSnapshotBlockPublicAccessState", "ecr:DescribeRepositories", "ecr:GetAccountSetting", "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "iam:GetRole", "iam:ListEntitiesForPolicy", "iam:ListRoles", "iam:ListUsers", "iam:ListRoleTags", "iam:ListUserTags", "iam:GetUser", "iam:GetGroup", "iam:GenerateServiceLastAccessedDetails", "iam:GetServiceLastAccessedDetails", "iam:ListAccessKeys", "iam:GetLoginProfile", "iam:GetAccessKeyLastUsed", "iam:ListRolePolicies", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListUserPolicies", "iam:GetUserPolicy", "iam:ListAttachedUserPolicies", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListGroupsForUser", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeys", "lambda:GetFunctionUrlConfig", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListLayers", "lambda:ListLayerVersions", "lambda:ListVersionsByFunction", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListRoots", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "s3:DescribeMultiRegionAccessPointOperation", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketPolicyStatus", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetMultiRegionAccessPoint", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListMultiRegionAccessPoints", "s3express:GetBucketPolicy", "s3express:ListAllMyDirectoryBuckets", "sns:GetTopicAttributes", "sns:ListTopics", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:ListSecrets", "sqs:GetQueueAttributes", "sqs:ListQueues" ], "Effect":"Allow", "Resource":"*", "Sid":"AccessAnalyzerServiceRolePolicy" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-10T16:51:09+00:00" }, "AdministratorAccess":{ "CreateDate":"2015-02-06T18:39:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:39:46+00:00" }, "AdministratorAccess-AWSElasticBeanstalk":{ "CreateDate":"2021-01-22T19:36:54+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "acm:Describe*", "acm:List*", "autoscaling:Describe*", "cloudformation:Describe*", "cloudformation:Estimate*", "cloudformation:Get*", "cloudformation:List*", "cloudformation:Validate*", "cloudtrail:LookupEvents", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "codecommit:Get*", "codecommit:UploadArchive", "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroup*", "ec2:CreateLaunchTemplate*", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteLaunchTemplate*", "ec2:DeleteSecurityGroup", "ec2:DeleteTags", "ec2:Describe*", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroup*", "ecs:CreateCluster", "ecs:DeRegisterTaskDefinition", "ecs:Describe*", "ecs:List*", "ecs:RegisterTaskDefinition", "elasticbeanstalk:*", "elasticloadbalancing:Describe*", "iam:GetRole", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListServerCertificates", "logs:Describe*", "rds:Describe*", "s3:ListAllMyBuckets", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sqs:ListQueues" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "autoscaling:*" ], "Effect":"Allow", "Resource":[ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" ] }, { "Action":[ "cloudformation:CancelUpdateStack", "cloudformation:ContinueUpdateRollback", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudformation:SignalResource", "cloudformation:TagResource", "cloudformation:UntagResource", "cloudformation:UpdateStack" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] }, { "Action":[ "cloudwatch:DeleteAlarms", "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:awseb-*", "arn:aws:cloudwatch:*:*:alarm:eb-*" ] }, { "Action":[ "codebuild:BatchGetBuilds", "codebuild:CreateProject", "codebuild:DeleteProject", "codebuild:StartBuild" ], "Effect":"Allow", "Resource":"arn:aws:codebuild:*:*:project/Elastic-Beanstalk-*" }, { "Action":[ "dynamodb:CreateTable", "dynamodb:DeleteTable", "dynamodb:DescribeTable", "dynamodb:TagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:dynamodb:*:*:table/awseb-e-*", "arn:aws:dynamodb:*:*:table/eb-*" ] }, { "Action":[ "ec2:RebootInstances", "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":[ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":"ec2:RunInstances", "Condition":{ "ArnLike":{ "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ecs:DeleteCluster" ], "Effect":"Allow", "Resource":"arn:aws:ecs:*:*:cluster/awseb-*" }, { "Action":[ "elasticloadbalancing:*Rule", "elasticloadbalancing:*Tags", "elasticloadbalancing:SetRulePriorities", "elasticloadbalancing:SetSecurityGroups" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*" ] }, { "Action":[ "elasticloadbalancing:*" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*", "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", "arn:aws:elasticloadbalancing:*:*:listener/eb-*", "arn:aws:elasticloadbalancing:*:*:listener/*/awseb-*/*/*", "arn:aws:elasticloadbalancing:*:*:listener/*/eb-*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/eb-*/*/*/*" ] }, { "Action":[ "iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:CreateRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-elasticbeanstalk*", "arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*" ] }, { "Action":[ "iam:AttachRolePolicy" ], "Condition":{ "ArnLike":{ "iam:PolicyArn":[ "arn:aws:iam::aws:policy/AWSElasticBeanstalk*", "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-elasticbeanstalk*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":[ "autoscaling.amazonaws.com", "elasticbeanstalk.amazonaws.com", "elasticloadbalancing.amazonaws.com", "managedupdates.elasticbeanstalk.amazonaws.com", "maintenance.elasticbeanstalk.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*", "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*", "arn:aws:iam::*:role/aws-service-role/managedupdates.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", "arn:aws:iam::*:role/aws-service-role/maintenance.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" ] }, { "Action":[ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" }, { "Action":[ "rds:*DBSubnetGroup", "rds:AuthorizeDBSecurityGroupIngress", "rds:CreateDBInstance", "rds:CreateDBSecurityGroup", "rds:DeleteDBInstance", "rds:DeleteDBSecurityGroup", "rds:ModifyDBInstance", "rds:RestoreDBInstanceFromDBSnapshot" ], "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:db:*", "arn:aws:rds:*:*:secgrp:awseb-e-*", "arn:aws:rds:*:*:secgrp:eb-*", "arn:aws:rds:*:*:snapshot:*", "arn:aws:rds:*:*:subgrp:awseb-e-*", "arn:aws:rds:*:*:subgrp:eb-*" ] }, { "Action":[ "s3:Delete*", "s3:Get*", "s3:Put*" ], "Effect":"Allow", "Resource":"arn:aws:s3:::elasticbeanstalk-*/*" }, { "Action":[ "s3:CreateBucket", "s3:GetBucket*", "s3:ListBucket", "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3:::elasticbeanstalk-*" }, { "Action":[ "sns:CreateTopic", "sns:DeleteTopic", "sns:GetTopicAttributes", "sns:Publish", "sns:SetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" }, { "Action":[ "sqs:*QueueAttributes", "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:SendMessage", "sqs:TagQueue" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:awseb-e-*", "arn:aws:sqs:*:*:eb-*" ] }, { "Action":[ "ecs:TagResource" ], "Condition":{ "StringEquals":{ "ecs:CreateAction":[ "CreateCluster", "RegisterTaskDefinition" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-11T14:36:06+00:00" }, "AdministratorAccess-Amplify":{ "CreateDate":"2020-12-01T19:03:08+00:00", "DefaultVersionId":"v12", "Document":{ "Statement":[ { "Action":[ "cloudformation:CreateChangeSet", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", "cloudformation:GetTemplate", "cloudformation:UpdateStack", "cloudformation:ListStacks", "cloudformation:ListStackResources", "cloudformation:DeleteStackSet", "cloudformation:DescribeStackSet", "cloudformation:UpdateStackSet", "cloudformation:TagResource", "cloudformation:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/amplify-*" ], "Sid":"CLICloudformationPolicy" }, { "Action":[ "iam:ListRoleTags", "iam:TagRole", "iam:AttachRolePolicy", "iam:CreatePolicy", "iam:DeletePolicy", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:DetachRolePolicy", "iam:PutRolePolicy", "iam:UntagRole", "iam:UpdateRole", "iam:GetRole", "iam:GetPolicy", "iam:GetRolePolicy", "iam:PassRole", "iam:ListPolicyVersions", "iam:CreatePolicyVersion", "iam:DeletePolicyVersion", "iam:CreateRole", "iam:ListRolePolicies", "iam:PutRolePermissionsBoundary", "iam:DeleteRolePermissionsBoundary", "appsync:CreateApiKey", "appsync:CreateDataSource", "appsync:CreateFunction", "appsync:CreateResolver", "appsync:CreateType", "appsync:DeleteApiKey", "appsync:DeleteDataSource", "appsync:DeleteFunction", "appsync:DeleteResolver", "appsync:DeleteType", "appsync:GetDataSource", "appsync:GetFunction", "appsync:GetIntrospectionSchema", "appsync:GetResolver", "appsync:GetSchemaCreationStatus", "appsync:GetType", "appsync:GraphQL", "appsync:ListApiKeys", "appsync:ListDataSources", "appsync:ListFunctions", "appsync:ListGraphqlApis", "appsync:ListResolvers", "appsync:ListResolversByFunction", "appsync:ListTypes", "appsync:StartSchemaCreation", "appsync:UntagResource", "appsync:UpdateApiKey", "appsync:UpdateDataSource", "appsync:UpdateFunction", "appsync:UpdateResolver", "appsync:UpdateType", "appsync:TagResource", "appsync:CreateGraphqlApi", "appsync:DeleteGraphqlApi", "appsync:GetGraphqlApi", "appsync:ListTagsForResource", "appsync:UpdateGraphqlApi", "apigateway:DELETE", "apigateway:GET", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT", "cognito-idp:CreateUserPool", "cognito-identity:CreateIdentityPool", "cognito-identity:DeleteIdentityPool", "cognito-identity:DescribeIdentity", "cognito-identity:DescribeIdentityPool", "cognito-identity:SetIdentityPoolRoles", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:UpdateIdentityPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteUserPool", "cognito-idp:DeleteUserPoolClient", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:ListTagsForResource", "cognito-idp:ListUserPoolClients", "cognito-idp:UpdateUserPoolClient", "cognito-idp:CreateGroup", "cognito-idp:DeleteGroup", "cognito-identity:TagResource", "cognito-idp:TagResource", "cognito-idp:UpdateUserPool", "cognito-idp:SetUserPoolMfaConfig", "lambda:AddPermission", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:InvokeAsync", "lambda:InvokeFunction", "lambda:RemovePermission", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:ListTags", "lambda:TagResource", "lambda:UntagResource", "lambda:AddLayerVersionPermission", "lambda:CreateEventSourceMapping", "lambda:DeleteEventSourceMapping", "lambda:DeleteLayerVersion", "lambda:GetEventSourceMapping", "lambda:GetLayerVersion", "lambda:ListEventSourceMappings", "lambda:ListLayerVersions", "lambda:PublishLayerVersion", "lambda:RemoveLayerVersionPermission", "lambda:UpdateEventSourceMapping", "dynamodb:CreateTable", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive", "dynamodb:ListStreams", "dynamodb:PutItem", "dynamodb:TagResource", "dynamodb:ListTagsOfResource", "dynamodb:UntagResource", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTimeToLive", "s3:CreateBucket", "s3:ListBucket", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketNotification", "s3:PutBucketPolicy", "s3:PutBucketWebsite", "s3:PutObjectAcl", "cloudfront:CreateCloudFrontOriginAccessIdentity", "cloudfront:CreateDistribution", "cloudfront:DeleteCloudFrontOriginAccessIdentity", "cloudfront:DeleteDistribution", "cloudfront:GetCloudFrontOriginAccessIdentity", "cloudfront:GetCloudFrontOriginAccessIdentityConfig", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:TagResource", "cloudfront:UntagResource", "cloudfront:UpdateCloudFrontOriginAccessIdentity", "cloudfront:UpdateDistribution", "events:DeleteRule", "events:DescribeRule", "events:ListRuleNamesByTarget", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "mobiletargeting:GetApp", "kinesis:AddTagsToStream", "kinesis:CreateStream", "kinesis:DeleteStream", "kinesis:DescribeStream", "kinesis:DescribeStreamSummary", "kinesis:ListTagsForStream", "kinesis:PutRecords", "es:AddTags", "es:CreateElasticsearchDomain", "es:DeleteElasticsearchDomain", "es:DescribeElasticsearchDomain", "es:UpdateElasticsearchDomainConfig", "s3:PutEncryptionConfiguration", "s3:PutBucketPublicAccessBlock" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CLIManageviaCFNPolicy" }, { "Action":[ "appsync:GetIntrospectionSchema", "appsync:GraphQL", "appsync:UpdateApiKey", "appsync:ListApiKeys", "amplify:*", "amplifybackend:*", "amplifyuibuilder:*", "sts:AssumeRole", "mobiletargeting:*", "cognito-idp:AdminAddUserToGroup", "cognito-idp:AdminCreateUser", "cognito-idp:CreateGroup", "cognito-idp:DeleteGroup", "cognito-idp:DeleteUser", "cognito-idp:ListUsers", "cognito-idp:AdminGetUser", "cognito-idp:ListUsersInGroup", "cognito-idp:AdminDisableUser", "cognito-idp:AdminRemoveUserFromGroup", "cognito-idp:AdminResetUserPassword", "cognito-idp:AdminListGroupsForUser", "cognito-idp:ListGroups", "cognito-idp:AdminListUserAuthEvents", "cognito-idp:AdminDeleteUser", "cognito-idp:AdminConfirmSignUp", "cognito-idp:AdminEnableUser", "cognito-idp:AdminUpdateUserAttributes", "cognito-idp:DescribeIdentityProvider", "cognito-idp:DescribeUserPool", "cognito-idp:DeleteUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:CreateUserPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:UpdateUserPool", "cognito-idp:AdminSetUserPassword", "cognito-idp:ListUserPools", "cognito-idp:ListUserPoolClients", "cognito-idp:ListIdentityProviders", "cognito-idp:GetUserPoolMfaConfig", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:SetIdentityPoolRoles", "cognito-identity:CreateIdentityPool", "cognito-identity:DeleteIdentityPool", "cognito-identity:ListIdentityPools", "cognito-identity:DescribeIdentityPool", "dynamodb:DescribeTable", "dynamodb:ListTables", "lambda:GetFunction", "lambda:CreateFunction", "lambda:AddPermission", "lambda:DeleteFunction", "lambda:DeleteLayerVersion", "lambda:InvokeFunction", "lambda:ListLayerVersions", "iam:PutRolePolicy", "iam:CreatePolicy", "iam:AttachRolePolicy", "iam:ListPolicyVersions", "iam:ListAttachedRolePolicies", "iam:CreateRole", "iam:PassRole", "iam:ListRolePolicies", "iam:DeleteRolePolicy", "iam:CreatePolicyVersion", "iam:DeletePolicyVersion", "iam:DeleteRole", "iam:DetachRolePolicy", "cloudformation:ListStacks", "cloudformation:DescribeStacks", "sns:CreateSMSSandboxPhoneNumber", "sns:GetSMSSandboxAccountStatus", "sns:VerifySMSSandboxPhoneNumber", "sns:DeleteSMSSandboxPhoneNumber", "sns:ListSMSSandboxPhoneNumbers", "sns:ListOriginationNumbers", "rekognition:DescribeCollection", "logs:DescribeLogStreams", "logs:GetLogEvents", "lex:GetBot", "lex:GetBuiltinIntent", "lex:GetBuiltinIntents", "lex:GetBuiltinSlotTypes", "cloudformation:GetTemplateSummary", "codecommit:GitPull", "cloudfront:GetCloudFrontOriginAccessIdentity", "cloudfront:GetCloudFrontOriginAccessIdentityConfig", "polly:DescribeVoices" ], "Effect":"Allow", "Resource":"*", "Sid":"CLISDKCalls" }, { "Action":[ "ssm:PutParameter", "ssm:DeleteParameter", "ssm:GetParametersByPath", "ssm:GetParameters", "ssm:GetParameter", "ssm:DeleteParameters" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/amplify/*", "Sid":"AmplifySSMCalls" }, { "Action":[ "geo:*" ], "Effect":"Allow", "Resource":"*", "Sid":"GeoPowerUser" }, { "Action":[ "ecr:DescribeRepositories" ], "Effect":"Allow", "Resource":"*", "Sid":"AmplifyEcrSDKCalls" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetBucketLocation", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketNotification", "s3:PutBucketPolicy", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutEncryptionConfiguration", "s3:PutLifecycleConfiguration", "s3:PutObject", "s3:PutObjectAcl" ], "Effect":"Allow", "Resource":"*", "Sid":"AmplifyStorageSDKCalls" }, { "Action":[ "cloudfront:CreateCloudFrontOriginAccessIdentity", "cloudfront:CreateDistribution", "cloudfront:CreateInvalidation", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:ListCloudFrontOriginAccessIdentities", "cloudfront:ListDistributions", "cloudfront:ListDistributionsByLambdaFunction", "cloudfront:ListDistributionsByWebACLId", "cloudfront:ListFieldLevelEncryptionConfigs", "cloudfront:ListFieldLevelEncryptionProfiles", "cloudfront:ListInvalidations", "cloudfront:ListPublicKeys", "cloudfront:ListStreamingDistributions", "cloudfront:UpdateDistribution", "cloudfront:TagResource", "cloudfront:UntagResource", "cloudfront:ListTagsForResource", "cloudfront:DeleteDistribution", "iam:AttachRolePolicy", "iam:CreateRole", "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:PutRolePolicy", "iam:PassRole", "lambda:CreateFunction", "lambda:EnableReplication", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:PublishVersion", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:ListTags", "lambda:TagResource", "lambda:UntagResource", "route53:ChangeResourceRecordSets", "route53:ListHostedZonesByName", "route53:ListResourceRecordSets", "s3:CreateBucket", "s3:GetAccelerateConfiguration", "s3:GetObject", "s3:ListBucket", "s3:PutAccelerateConfiguration", "s3:PutBucketPolicy", "s3:PutObject", "s3:PutBucketTagging", "s3:GetBucketTagging", "lambda:ListEventSourceMappings", "lambda:CreateEventSourceMapping", "iam:UpdateAssumeRolePolicy", "iam:DeleteRolePolicy", "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:GetQueueAttributes", "sqs:SetQueueAttributes", "amplify:GetApp", "amplify:GetBranch", "amplify:UpdateApp", "amplify:UpdateBranch" ], "Effect":"Allow", "Resource":"*", "Sid":"AmplifySSRCalls" }, { "Action":"logs:DescribeLogGroups", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:*", "Sid":"AmplifySSRViewLogGroups" }, { "Action":"logs:CreateLogGroup", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/amplify/*", "Sid":"AmplifySSRCreateLogGroup" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/amplify/*:log-stream:*", "Sid":"AmplifySSRPushLogs" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-04T20:35:31+00:00" }, "AlexaForBusinessDeviceSetup":{ "CreateDate":"2017-11-30T16:47:16+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "a4b:RegisterDevice", "a4b:CompleteRegistration", "a4b:SearchDevices", "a4b:SearchNetworkProfiles", "a4b:GetNetworkProfile", "a4b:PutDeviceSetupEvents" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*", "Sid":"A4bDeviceSetupAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-05-20T21:05:39+00:00" }, "AlexaForBusinessFullAccess":{ "CreateDate":"2017-11-30T16:47:09+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "a4b:*", "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":[ "*a4b.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/*a4b.amazonaws.com/AWSServiceRoleForAlexaForBusiness*" }, { "Action":[ "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:A4B*" }, { "Action":"secretsmanager:CreateSecret", "Condition":{ "StringLike":{ "secretsmanager:Name":"A4B*" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-07-01T21:01:55+00:00" }, "AlexaForBusinessGatewayExecution":{ "CreateDate":"2017-11-30T16:47:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "a4b:Send*", "a4b:Get*" ], "Effect":"Allow", "Resource":"arn:aws:a4b:*:*:gateway/*" }, { "Action":[ "sqs:ReceiveMessage", "sqs:DeleteMessage" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:dd-*", "arn:aws:sqs:*:*:sd-*" ] }, { "Action":[ "a4b:List*", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-30T16:47:19+00:00" }, "AlexaForBusinessLifesizeDelegatedAccessPolicy":{ "CreateDate":"2020-06-04T19:46:56+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "a4b:DisassociateDeviceFromRoom", "a4b:DeleteDevice", "a4b:UpdateDevice", "a4b:GetDevice" ], "Effect":"Allow", "Resource":[ "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL" ] }, { "Action":[ "a4b:RegisterAVSDevice" ], "Condition":{ "StringEquals":{ "a4b:amazonId":[ "A2IWO7UEGWV4TL" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "a4b:SearchDevices" ], "Condition":{ "ForAllValues:StringLike":{ "a4b:filters_deviceType":[ "*A2IWO7UEGWV4TL" ] }, "Null":{ "a4b:filters_deviceType":"false" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "a4b:AssociateDeviceWithRoom" ], "Effect":"Allow", "Resource":[ "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL", "arn:aws:a4b:us-east-1:*:room/*" ] }, { "Action":[ "a4b:GetRoom", "a4b:GetAddressBook", "a4b:SearchRooms", "a4b:CreateContact", "a4b:CreateRoom", "a4b:UpdateContact", "a4b:ListConferenceProviders", "a4b:DeleteRoom", "a4b:CreateAddressBook", "a4b:DisassociateContactFromAddressBook", "a4b:CreateConferenceProvider", "a4b:PutConferencePreference", "a4b:DeleteAddressBook", "a4b:AssociateContactWithAddressBook", "a4b:DeleteContact", "a4b:SearchProfiles", "a4b:UpdateProfile", "a4b:GetContact" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:DescribeKey" ], "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-12T20:31:59+00:00" }, "AlexaForBusinessNetworkProfileServicePolicy":{ "CreateDate":"2019-03-13T00:53:40+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "acm-pca:GetCertificate", "acm-pca:IssueCertificate", "acm-pca:RevokeCertificate" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/a4b":"enabled" } }, "Effect":"Allow", "Resource":"*", "Sid":"A4bPcaTagAccess" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*", "Sid":"A4bNetworkProfileAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-04-05T21:57:56+00:00" }, "AlexaForBusinessPolyDelegatedAccessPolicy":{ "CreateDate":"2019-10-16T19:48:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "a4b:DisassociateDeviceFromRoom", "a4b:DeleteDevice", "a4b:UpdateDevice", "a4b:GetDevice" ], "Effect":"Allow", "Resource":[ "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD" ] }, { "Action":[ "a4b:RegisterAVSDevice" ], "Condition":{ "StringEquals":{ "a4b:amazonId":[ "A238TWV36W3S92", "A1FUZ1SC53VJXD" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "a4b:SearchDevices" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "a4b:AssociateDeviceWithRoom" ], "Effect":"Allow", "Resource":[ "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD", "arn:aws:a4b:us-east-1:*:room/*" ] }, { "Action":[ "a4b:GetRoom", "a4b:SearchRooms", "a4b:CreateRoom", "a4b:GetProfile", "a4b:SearchSkillGroups", "a4b:DisassociateSkillGroupFromRoom", "a4b:AssociateSkillGroupWithRoom", "a4b:GetSkillGroup", "a4b:SearchProfiles", "a4b:GetAddressBook", "a4b:UpdateRoom" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-16T19:48:45+00:00" }, "AlexaForBusinessReadOnlyAccess":{ "CreateDate":"2017-11-30T16:47:12+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "a4b:Get*", "a4b:List*", "a4b:Search*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-20T00:25:33+00:00" }, "AmazonAPIGatewayAdministrator":{ "CreateDate":"2015-07-09T17:34:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "apigateway:*" ], "Effect":"Allow", "Resource":"arn:aws:apigateway:*::/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-07-09T17:34:45+00:00" }, "AmazonAPIGatewayInvokeFullAccess":{ "CreateDate":"2015-07-09T17:36:12+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "execute-api:Invoke", "execute-api:ManageConnections" ], "Effect":"Allow", "Resource":"arn:aws:execute-api:*:*:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-12-18T18:25:10+00:00" }, "AmazonAPIGatewayPushToCloudWatchLogs":{ "CreateDate":"2015-11-11T23:41:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:GetLogEvents", "logs:FilterLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-11-11T23:41:46+00:00" }, "AmazonAppFlowFullAccess":{ "CreateDate":"2020-06-02T23:30:14+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"appflow:*", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:ListRoles", "Effect":"Allow", "Resource":"*", "Sid":"ListRolesForRedshift" }, { "Action":[ "kms:ListKeys", "kms:DescribeKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"KMSListAccess" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":"true" }, "StringLike":{ "kms:ViaService":"appflow.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSGrantAccess" }, { "Action":[ "kms:ListGrants" ], "Condition":{ "StringLike":{ "kms:ViaService":"appflow.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSListGrantAccess" }, { "Action":[ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":"*", "Sid":"S3ReadAccess" }, { "Action":[ "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3:::appflow-*", "Sid":"S3PutBucketPolicyAccess" }, { "Action":"secretsmanager:CreateSecret", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "appflow.amazonaws.com" ] }, "StringLike":{ "secretsmanager:Name":"appflow!*" } }, "Effect":"Allow", "Resource":"*", "Sid":"SecretsManagerCreateSecretAccess" }, { "Action":[ "secretsmanager:PutResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "appflow.amazonaws.com" ] }, "StringEqualsIgnoreCase":{ "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"appflow" } }, "Effect":"Allow", "Resource":"*", "Sid":"SecretsManagerPutResourcePolicyAccess" }, { "Action":[ "lambda:ListFunctions" ], "Effect":"Allow", "Resource":"*", "Sid":"LambdaListFunctions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-02-28T23:11:23+00:00" }, "AmazonAppFlowReadOnlyAccess":{ "CreateDate":"2020-06-02T23:26:51+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "appflow:DescribeConnector", "appflow:DescribeConnectors", "appflow:DescribeConnectorProfiles", "appflow:DescribeFlows", "appflow:DescribeFlowExecution", "appflow:DescribeConnectorFields", "appflow:ListConnectors", "appflow:ListConnectorFields", "appflow:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-02-28T20:42:58+00:00" }, "AmazonAppStreamFullAccess":{ "CreateDate":"2015-02-06T18:40:09+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "appstream:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScheduledAction", "application-autoscaling:DeleteScheduledAction" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:ListRoles", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/ApplicationAutoScalingForAmazonAppStreamAccess" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"appstream.application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-28T17:24:35+00:00" }, "AmazonAppStreamPCAAccess":{ "CreateDate":"2022-10-24T17:05:03+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "acm-pca:IssueCertificate", "acm-pca:GetCertificate", "acm-pca:DescribeCertificateAuthority" ], "Condition":{ "StringLike":{ "aws:ResourceTag/euc-private-ca":"*" } }, "Effect":"Allow", "Resource":"arn:*:acm-pca:*:*:*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-24T17:05:03+00:00" }, "AmazonAppStreamReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:10+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "appstream:Get*", "appstream:List*", "appstream:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-12-07T21:00:06+00:00" }, "AmazonAppStreamServiceAccess":{ "CreateDate":"2016-11-19T04:17:37+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeAvailabilityZones", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcEndpoints", "s3:ListAllMyBuckets", "ds:DescribeDirectories" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:CreateBucket", "s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetObjectVersion", "s3:DeleteObjectVersion", "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:PutEncryptionConfiguration" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::appstream2-36fb080bb8-*", "arn:aws:s3:::appstream-app-settings-*", "arn:aws:s3:::appstream-logs-*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-26T16:33:54+00:00" }, "AmazonAthenaFullAccess":{ "CreateDate":"2016-11-30T16:46:01+00:00", "DefaultVersionId":"v13", "Document":{ "Statement":[ { "Action":[ "athena:*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"BaseAthenaPermissions" }, { "Action":[ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetCatalog", "glue:GetCatalogs", "glue:GetDatabase", "glue:GetDatabases", "glue:UpdateDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:GetTable", "glue:GetTables", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition", "glue:StartColumnStatisticsTaskRun", "glue:GetColumnStatisticsTaskRun", "glue:GetColumnStatisticsTaskRuns", "glue:GetCatalogImportStatus" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"BaseGluePermissions" }, { "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload", "s3:CreateBucket", "s3:PutObject", "s3:PutBucketPublicAccessBlock" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-athena-query-results-*" ], "Sid":"BaseQueryResultsPermissions" }, { "Action":[ "s3:GetObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::athena-examples*" ], "Sid":"BaseAthenaExamplesPermissions" }, { "Action":[ "s3:ListBucket", "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"BaseS3BucketPermissions" }, { "Action":[ "sns:ListTopics", "sns:GetTopicAttributes" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"BaseSNSPermissions" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms", "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"BaseCloudWatchPermissions" }, { "Action":[ "lakeformation:GetDataAccess" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"BaseLakeFormationPermissions" }, { "Action":[ "datazone:ListDomains", "datazone:ListProjects", "datazone:ListAccountEnvironments" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"BaseDataZonePermissions" }, { "Action":[ "pricing:GetProducts" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"BasePricingPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-03T00:37:06+00:00" }, "AmazonAugmentedAIFullAccess":{ "CreateDate":"2019-12-03T16:21:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sagemaker:*HumanLoop", "sagemaker:*HumanLoops", "sagemaker:*FlowDefinition", "sagemaker:*FlowDefinitions", "sagemaker:*HumanTaskUi", "sagemaker:*HumanTaskUis" ], "Condition":{ "StringEqualsIfExists":{ "sagemaker:WorkteamType":[ "private-crowd", "vendor-crowd" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "sagemaker.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T16:21:56+00:00" }, "AmazonAugmentedAIHumanLoopFullAccess":{ "CreateDate":"2019-12-03T16:20:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sagemaker:*HumanLoop", "sagemaker:*HumanLoops" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T16:20:47+00:00" }, "AmazonAugmentedAIIntegratedAPIAccess":{ "CreateDate":"2020-04-22T20:47:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sagemaker:*HumanLoop", "sagemaker:*HumanLoops", "sagemaker:*FlowDefinition", "sagemaker:*FlowDefinitions", "sagemaker:*HumanTaskUi", "sagemaker:*HumanTaskUis" ], "Condition":{ "StringEqualsIfExists":{ "sagemaker:WorkteamType":[ "private-crowd", "vendor-crowd" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "textract:AnalyzeDocument" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "rekognition:DetectModerationLabels" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "sagemaker.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-04-22T20:47:32+00:00" }, "AmazonAuroraDSQLConsoleFullAccess":{ "CreateDate":"2024-12-03T15:36:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "dsql:CreateCluster", "dsql:GetCluster", "dsql:UpdateCluster", "dsql:DeleteCluster", "dsql:ListClusters", "dsql:CreateMultiRegionClusters", "dsql:DeleteMultiRegionClusters", "dsql:TagResource", "dsql:UntagResource", "dsql:ListTagsForResource", "dsql:DbConnectAdmin", "dsql:DbConnect" ], "Effect":"Allow", "Resource":"*", "Sid":"DsqlAllPermissions" }, { "Action":[ "tag:GetTagKeys", "tag:GetTagValues", "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"DsqlConsolePermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"dsql.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateDsqlServiceLinkedRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-03T15:36:07+00:00" }, "AmazonAuroraDSQLFullAccess":{ "CreateDate":"2024-12-03T15:36:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "dsql:CreateCluster", "dsql:GetCluster", "dsql:UpdateCluster", "dsql:DeleteCluster", "dsql:ListClusters", "dsql:CreateMultiRegionClusters", "dsql:DeleteMultiRegionClusters", "dsql:TagResource", "dsql:UntagResource", "dsql:ListTagsForResource", "dsql:DbConnectAdmin", "dsql:DbConnect" ], "Effect":"Allow", "Resource":"*", "Sid":"DsqlAllPermissions" }, { "Action":[ "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"RelatedServicesPermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"dsql.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateDsqlServiceLinkedRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-03T15:36:07+00:00" }, "AmazonAuroraDSQLReadOnlyAccess":{ "CreateDate":"2024-12-03T15:21:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "dsql:GetCluster", "dsql:ListClusters", "dsql:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"DsqlReadOnlyPermissions" }, { "Action":[ "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"RelatedServicesPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-03T15:21:07+00:00" }, "AmazonBedrockFullAccess":{ "CreateDate":"2023-12-06T15:47:17+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "bedrock:*" ], "Effect":"Allow", "Resource":"*", "Sid":"BedrockAll" }, { "Action":[ "kms:DescribeKey" ], "Effect":"Allow", "Resource":"arn:*:kms:*:::*", "Sid":"DescribeKey" }, { "Action":[ "iam:ListRoles", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"APIsWithAllResourceAccess" }, { "Action":[ "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateModel", "sagemaker:DeleteEndpoint", "sagemaker:UpdateEndpoint" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"bedrock.amazonaws.com", "aws:ResourceTag/sagemaker-sdk:bedrock":"compatible" } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*" ], "Sid":"MarketplaceModelEndpointMutatingAPIs" }, { "Action":[ "sagemaker:AddTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "sagemaker-sdk:bedrock", "bedrock:marketplace-registration-status", "sagemaker-studio:hub-content-arn" ] }, "StringLike":{ "aws:RequestTag/bedrock:marketplace-registration-status":"registered", "aws:RequestTag/sagemaker-sdk:bedrock":"compatible", "aws:RequestTag/sagemaker-studio:hub-content-arn":"arn:aws:sagemaker:*:aws:hub-content/SageMakerPublicHub/Model/*" } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*" ], "Sid":"MarketplaceModelEndpointAddTagsOperations" }, { "Action":[ "sagemaker:DeleteTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "sagemaker-sdk:bedrock", "bedrock:marketplace-registration-status", "sagemaker-studio:hub-content-arn" ] }, "StringLike":{ "aws:ResourceTag/bedrock:marketplace-registration-status":"registered", "aws:ResourceTag/sagemaker-sdk:bedrock":"compatible", "aws:ResourceTag/sagemaker-studio:hub-content-arn":"arn:aws:sagemaker:*:aws:hub-content/SageMakerPublicHub/Model/*" } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*" ], "Sid":"MarketplaceModelEndpointDeleteTagsOperations" }, { "Action":[ "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:ListTags" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"bedrock.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*" ], "Sid":"MarketplaceModelEndpointNonMutatingAPIs" }, { "Action":[ "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointWithResponseStream" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"bedrock.amazonaws.com", "aws:ResourceTag/sagemaker-sdk:bedrock":"compatible" } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:endpoint/*" ], "Sid":"MarketplaceModelEndpointInvokingOperations" }, { "Action":[ "sagemaker:DescribeHubContent" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:aws:hub-content/SageMakerPublicHub/Model/*", "arn:aws:sagemaker:*:aws:hub/SageMakerPublicHub" ], "Sid":"DiscoveringMarketplaceModel" }, { "Action":[ "sagemaker:ListHubContents" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:aws:hub/SageMakerPublicHub", "Sid":"AllowMarketplaceModelsListing" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "sagemaker.amazonaws.com", "bedrock.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*SageMaker*ForBedrock*" ], "Sid":"PassRoleToSageMaker" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "bedrock.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*AmazonBedrock*", "Sid":"PassRoleToBedrock" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-04T19:51:07+00:00" }, "AmazonBedrockReadOnly":{ "CreateDate":"2023-12-06T15:48:19+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "bedrock:Get*", "bedrock:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonBedrockReadOnly" }, { "Action":[ "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeInferenceComponent", "sagemaker:ListEndpoints", "sagemaker:ListTags" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"bedrock.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*" ], "Sid":"MarketplaceModelEndpointNonMutatingAPIs" }, { "Action":[ "sagemaker:DescribeHubContent" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:aws:hub-content/SageMakerPublicHub/Model/*", "arn:aws:sagemaker:*:aws:hub/SageMakerPublicHub" ], "Sid":"DiscoveringMarketplaceModel" }, { "Action":[ "sagemaker:ListHubContents" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:aws:hub/SageMakerPublicHub", "Sid":"AllowMarketplaceModelsListing" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-04T19:36:07+00:00" }, "AmazonBedrockStudioPermissionsBoundary":{ "CreateDate":"2024-08-01T00:24:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:ListBucket", "s3:ListBucketVersions", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetObjectVersion", "s3:DeleteObjectVersion" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::br-studio-${aws:PrincipalAccount}-*", "Sid":"AccessS3Buckets" }, { "Action":"aoss:APIAccessAll", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AccessOpenSearchCollections" }, { "Action":[ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Effect":"Allow", "Resource":"arn:aws:bedrock:*::foundation-model/*", "Sid":"InvokeBedrockModels" }, { "Action":[ "bedrock:InvokeAgent", "bedrock:Retrieve", "bedrock:StartIngestionJob", "bedrock:GetIngestionJob", "bedrock:ListIngestionJobs", "bedrock:ApplyGuardrail", "bedrock:ListPrompts", "bedrock:GetPrompt", "bedrock:CreatePrompt", "bedrock:DeletePrompt", "bedrock:CreatePromptVersion", "bedrock:InvokeFlow", "bedrock:ListTagsForResource", "bedrock:TagResource", "bedrock:UntagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonBedrockManaged":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"AccessBedrockResources" }, { "Action":"bedrock:RetrieveAndGenerate", "Effect":"Allow", "Resource":"*", "Sid":"RetrieveAndGenerate" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonBedrockManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda/br-studio-*", "Sid":"WriteLogs" }, { "Action":"lambda:InvokeFunction", "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonBedrockManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:br-studio-*", "Sid":"InvokeLambdaFunctions" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonBedrockManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:br-studio/*", "Sid":"AccessSecretsManagerSecrets" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "Null":{ "kms:EncryptionContext:aws:bedrock:arn":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/EnableBedrock":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"UseKmsKeyWithBedrock" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/EnableBedrock":"true" }, "StringLike":{ "kms:ViaService":[ "s3.*.amazonaws.com", "secretsmanager.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"UseKmsKeyWithAwsServices" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-01T00:24:40+00:00" }, "AmazonBraketFullAccess":{ "CreateDate":"2020-08-06T20:12:37+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:PutObject", "s3:ListBucket", "s3:CreateBucket", "s3:PutBucketPublicAccessBlock", "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3:::amazon-braket-*" }, { "Action":[ "s3:ListAllMyBuckets", "servicequotas:GetServiceQuota", "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability" ], "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/amazon-braket*" }, { "Action":[ "ecr:GetAuthorizationToken" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:Describe*", "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:TestMetricFilter", "logs:FilterLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/braket*" }, { "Action":[ "iam:ListRoles", "iam:ListRolePolicies", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sagemaker:ListNotebookInstances" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateNotebookInstance", "sagemaker:DeleteNotebookInstance", "sagemaker:DescribeNotebookInstance", "sagemaker:StartNotebookInstance", "sagemaker:StopNotebookInstance", "sagemaker:UpdateNotebookInstance", "sagemaker:ListTags", "sagemaker:AddTags", "sagemaker:DeleteTags" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:notebook-instance/amazon-braket-*" }, { "Action":[ "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:UpdateNotebookInstanceLifecycleConfig" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/amazon-braket-*" }, { "Action":"braket:*", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"braket.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/braket.amazonaws.com/AWSServiceRoleForAmazonBraket*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "sagemaker.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AmazonBraketServiceSageMakerNotebookRole*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "braket.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AmazonBraketJobsExecutionRole*" }, { "Action":[ "logs:GetQueryResults" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:*" ] }, { "Action":[ "logs:PutLogEvents", "logs:CreateLogStream", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/braket*" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"/aws/braket" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-19T16:25:29+00:00" }, "AmazonBraketJobsExecutionPolicy":{ "CreateDate":"2021-11-26T19:34:41+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:PutObject", "s3:ListBucket", "s3:CreateBucket", "s3:PutBucketPublicAccessBlock", "s3:PutBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3:::amazon-braket-*" }, { "Action":[ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability" ], "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/amazon-braket*" }, { "Action":[ "ecr:GetAuthorizationToken" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "braket:CancelJob", "braket:CancelQuantumTask", "braket:CreateJob", "braket:CreateQuantumTask", "braket:GetDevice", "braket:GetJob", "braket:GetQuantumTask", "braket:SearchDevices", "braket:SearchJobs", "braket:SearchQuantumTasks", "braket:ListTagsForResource", "braket:TagResource", "braket:UntagResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "braket.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AmazonBraketJobsExecutionRole*" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" }, { "Action":[ "logs:GetQueryResults" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:*" ] }, { "Action":[ "logs:PutLogEvents", "logs:CreateLogStream", "logs:CreateLogGroup", "logs:GetLogEvents", "logs:DescribeLogStreams", "logs:StartQuery", "logs:StopQuery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/braket*" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"/aws/braket" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-28T05:34:55+00:00" }, "AmazonBraketServiceRolePolicy":{ "CreateDate":"2020-08-04T17:12:23+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:PutObject", "s3:GetObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":"arn:aws:s3:::amazon-braket-*" }, { "Action":[ "logs:PutLogEvents", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/braket:*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-06T20:10:42+00:00" }, "AmazonChimeFullAccess":{ "CreateDate":"2017-11-01T22:15:43+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "chime:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketVersioning", "s3:GetBucketWebsite" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", "logs:GetLogDelivery", "logs:ListLogDeliveries", "logs:DescribeResourcePolicies", "logs:PutResourcePolicy", "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sns:CreateTopic", "sns:GetTopicAttributes" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*" ] }, { "Action":[ "sqs:GetQueueAttributes", "sqs:CreateQueue" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*" ] }, { "Action":[ "kinesis:ListStreams" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesis:DescribeStream" ], "Effect":"Allow", "Resource":[ "arn:aws:kinesis:*:*:stream/chime-chat-*", "arn:aws:kinesis:*:*:stream/chime-messaging-*" ] }, { "Action":[ "s3:GetEncryptionConfiguration", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::chime-chat-*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-14T21:00:52+00:00" }, "AmazonChimeReadOnly":{ "CreateDate":"2017-11-01T22:04:17+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "chime:List*", "chime:Get*", "chime:Describe*", "chime:SearchAvailablePhoneNumbers" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-14T20:53:57+00:00" }, "AmazonChimeSDK":{ "CreateDate":"2020-02-04T21:53:37+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "chime:CreateMeeting", "chime:CreateMeetingWithAttendees", "chime:DeleteMeeting", "chime:GetMeeting", "chime:ListMeetings", "chime:CreateAttendee", "chime:BatchCreateAttendee", "chime:DeleteAttendee", "chime:GetAttendee", "chime:ListAttendees", "chime:ListAttendeeTags", "chime:ListMeetingTags", "chime:ListTagsForResource", "chime:TagAttendee", "chime:TagMeeting", "chime:TagResource", "chime:UntagAttendee", "chime:UntagMeeting", "chime:UntagResource", "chime:StartMeetingTranscription", "chime:StopMeetingTranscription", "chime:CreateMediaCapturePipeline", "chime:CreateMediaConcatenationPipeline", "chime:CreateMediaLiveConnectorPipeline", "chime:DeleteMediaCapturePipeline", "chime:DeleteMediaPipeline", "chime:GetMediaCapturePipeline", "chime:GetMediaPipeline", "chime:ListMediaCapturePipelines", "chime:ListMediaPipelines" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-01-10T18:05:12+00:00" }, "AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy":{ "CreateDate":"2022-04-04T22:02:05+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/ChimeSDK" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPutMetricsForChimeSDKNamespace" }, { "Action":[ "kinesisvideo:GetDataEndpoint", "kinesisvideo:PutMedia", "kinesisvideo:UpdateDataRetention", "kinesisvideo:DescribeStream", "kinesisvideo:CreateStream" ], "Effect":"Allow", "Resource":[ "arn:aws:kinesisvideo:*:*:stream/ChimeMediaPipelines-*" ], "Sid":"AllowKinesisVideoStreamsAccess" }, { "Action":[ "kinesisvideo:ListStreams" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowKinesisVideoStreamsListAccess" }, { "Action":[ "chime:GetMeeting", "chime:CreateAttendee", "chime:DeleteAttendee" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowChimeMeetingAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-08T19:14:31+00:00" }, "AmazonChimeSDKMessagingServiceRolePolicy":{ "CreateDate":"2023-03-03T01:43:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "kms:GenerateDataKey" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "kinesis.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesis:PutRecord", "kinesis:PutRecords", "kinesis:DescribeStream" ], "Effect":"Allow", "Resource":[ "arn:aws:kinesis:*:*:stream/chime-messaging-*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-03T01:43:49+00:00" }, "AmazonChimeServiceRolePolicy":{ "CreateDate":"2019-09-30T22:25:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"chime.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-30T22:25:06+00:00" }, "AmazonChimeTranscriptionServiceLinkedRolePolicy":{ "CreateDate":"2021-08-04T21:47:41+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "transcribe:StartStreamTranscription", "transcribe:StartMedicalStreamTranscription" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-04T21:47:41+00:00" }, "AmazonChimeUserManagement":{ "CreateDate":"2017-11-01T22:17:26+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "chime:ListAccounts", "chime:GetAccount", "chime:GetAccountSettings", "chime:UpdateAccountSettings", "chime:ListUsers", "chime:GetUser", "chime:GetUserByEmail", "chime:InviteUsers", "chime:InviteUsersFromProvider", "chime:SuspendUsers", "chime:ActivateUsers", "chime:UpdateUserLicenses", "chime:ResetPersonalPIN", "chime:LogoutUser", "chime:ListDomains", "chime:GetDomain", "chime:ListDirectories", "chime:ListGroups", "chime:SubmitSupportRequest", "chime:ListDelegates", "chime:ListAccountUsageReportData", "chime:GetMeetingDetail", "chime:ListMeetingEvents", "chime:ListMeetingsReportData", "chime:GetUserActivityReportData", "chime:UpdateUser", "chime:BatchUpdateUser", "chime:BatchSuspendUser", "chime:BatchUnsuspendUser", "chime:AssociatePhoneNumberWithUser", "chime:DisassociatePhoneNumberFromUser", "chime:GetPhoneNumber", "chime:ListPhoneNumbers", "chime:GetUserSettings", "chime:UpdateUserSettings", "chime:CreateUser", "chime:AssociateSigninDelegateGroupsWithAccount", "chime:DisassociateSigninDelegateGroupsFromAccount" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-02-18T19:26:10+00:00" }, "AmazonChimeVoiceConnectorServiceLinkedRolePolicy":{ "CreateDate":"2019-09-30T22:16:42+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "chime:GetVoiceConnector*" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "kinesisvideo:GetDataEndpoint", "kinesisvideo:PutMedia", "kinesisvideo:UpdateDataRetention", "kinesisvideo:DescribeStream", "kinesisvideo:CreateStream" ], "Effect":"Allow", "Resource":[ "arn:aws:kinesisvideo:*:*:stream/ChimeVoiceConnector-*" ] }, { "Action":[ "kinesisvideo:ListStreams" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "SNS:Publish" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*" ] }, { "Action":[ "sqs:SendMessage" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*" ] }, { "Action":[ "polly:SynthesizeSpeech" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "chime:CreateMediaInsightsPipeline", "chime:GetMediaInsightsPipelineConfiguration" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-14T21:49:14+00:00" }, "AmazonCloudDirectoryFullAccess":{ "CreateDate":"2017-02-25T00:41:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "clouddirectory:*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-02-25T00:41:39+00:00" }, "AmazonCloudDirectoryReadOnlyAccess":{ "CreateDate":"2017-02-28T23:42:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "clouddirectory:List*", "clouddirectory:Get*", "clouddirectory:LookupPolicy", "clouddirectory:BatchRead" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-02-28T23:42:06+00:00" }, "AmazonCloudWatchEvidentlyFullAccess":{ "CreateDate":"2021-11-29T15:10:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "evidently:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/CloudWatchRUMEvidentlyRole-*" ] }, { "Action":[ "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:DescribeAlarms", "cloudwatch:TagResource", "cloudwatch:UnTagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:*" ] }, { "Action":[ "cloudtrail:LookupEvents" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:Evidently-Alarm-*" ] }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "sns:CreateTopic", "sns:Subscribe", "sns:ListSubscriptionsByTopic" ], "Effect":"Allow", "Resource":[ "arn:*:sns:*:*:Evidently-*" ] }, { "Action":[ "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-29T15:10:14+00:00" }, "AmazonCloudWatchEvidentlyReadOnlyAccess":{ "CreateDate":"2021-11-29T15:08:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "evidently:GetExperiment", "evidently:GetFeature", "evidently:GetLaunch", "evidently:GetProject", "evidently:ListExperiments", "evidently:ListFeatures", "evidently:ListLaunches", "evidently:ListProjects" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-29T15:08:38+00:00" }, "AmazonCloudWatchEvidentlyServiceRolePolicy":{ "CreateDate":"2022-09-13T17:25:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"appconfig:StartDeployment", "Condition":{ "StringEquals":{ "aws:RequestTag/DeployedBy":"Evidently" } }, "Effect":"Allow", "Resource":[ "arn:aws:appconfig:*:*:application/*", "arn:aws:appconfig:*:*:deploymentstrategy/*" ] }, { "Action":"appconfig:StartDeployment", "Condition":{ "StringNotEquals":{ "aws:ResourceTag/Owner":"Evidently" } }, "Effect":"Deny", "Resource":"arn:aws:appconfig:*:*:application/*/configurationprofile/*" }, { "Action":"appconfig:TagResource", "Condition":{ "StringEquals":{ "aws:RequestTag/DeployedBy":"Evidently" } }, "Effect":"Allow", "Resource":"arn:aws:appconfig:*:*:application/*/environment/*/deployment/*" }, { "Action":"appconfig:StopDeployment", "Effect":"Allow", "Resource":"arn:aws:appconfig:*:*:application/*" }, { "Action":"appconfig:StopDeployment", "Condition":{ "StringNotEquals":{ "aws:ResourceTag/DeployedBy":"Evidently" } }, "Effect":"Deny", "Resource":"arn:aws:appconfig:*:*:application/*/environment/*/deployment/*" }, { "Action":"appconfig:ListDeployments", "Effect":"Allow", "Resource":"arn:aws:appconfig:*:*:application/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-09-13T17:25:36+00:00" }, "AmazonCloudWatchRUMFullAccess":{ "CreateDate":"2021-11-29T15:46:12+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "rum:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetRole", "iam:CreateServiceLinkedRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/rum.amazonaws.com/AWSServiceRoleForRealUserMonitoring" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "cognito-identity.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/RUM-Monitor*" ] }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:*" }, { "Action":[ "cognito-identity:CreateIdentityPool", "cognito-identity:ListIdentityPools", "cognito-identity:DescribeIdentityPool", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:SetIdentityPoolRoles" ], "Effect":"Allow", "Resource":"arn:aws:cognito-identity:*:*:identitypool/*" }, { "Action":[ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy", "logs:CreateLogStream" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:*RUMService*" }, { "Action":[ "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "logs:DescribeResourcePolicies" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group::log-stream:*" }, { "Action":[ "synthetics:describeCanaries", "synthetics:describeCanariesLastRun" ], "Effect":"Allow", "Resource":"arn:aws:synthetics:*:*:canary:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-29T15:46:12+00:00" }, "AmazonCloudWatchRUMReadOnlyAccess":{ "CreateDate":"2021-11-29T15:43:47+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors", "rum:ListRumMetricsDestinations", "rum:BatchGetRumMetricDefinitions" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-28T18:12:58+00:00" }, "AmazonCloudWatchRUMServiceRolePolicy":{ "CreateDate":"2021-11-17T23:17:23+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "xray:PutTraceSegments" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringLike":{ "cloudwatch:namespace":[ "RUM/CustomMetrics/*", "AWS/RUM" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-22T20:35:15+00:00" }, "AmazonCodeCatalystFullAccess":{ "CreateDate":"2023-04-20T16:50:16+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codecatalyst:*", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeCatalystResourceAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "codecatalyst.amazonaws.com", "codecatalyst-runner.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeCatalystAssociateIAMRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-20T16:50:16+00:00" }, "AmazonCodeCatalystReadOnlyAccess":{ "CreateDate":"2023-04-20T16:49:12+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codecatalyst:Get*", "codecatalyst:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-20T16:49:12+00:00" }, "AmazonCodeCatalystSupportAccess":{ "CreateDate":"2023-04-20T12:34:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "support:DescribeAttachment", "support:DescribeCaseAttributes", "support:DescribeCases", "support:DescribeCommunications", "support:DescribeIssueTypes", "support:DescribeServices", "support:DescribeSeverityLevels", "support:DescribeSupportLevel", "support:SearchForCases", "support:AddAttachmentsToSet", "support:AddCommunicationToCase", "support:CreateCase", "support:InitiateCallForCase", "support:InitiateChatForCase", "support:PutCaseAttributes", "support:RateCaseCommunication", "support:ResolveCase" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-20T12:34:44+00:00" }, "AmazonCodeGuruProfilerAgentAccess":{ "CreateDate":"2021-02-05T22:11:56+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "codeguru-profiler:ConfigureAgent", "codeguru-profiler:CreateProfilingGroup", "codeguru-profiler:PostAgentProfile" ], "Effect":"Allow", "Resource":"arn:aws:codeguru-profiler:*:*:profilingGroup/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-05-05T18:11:03+00:00" }, "AmazonCodeGuruProfilerFullAccess":{ "CreateDate":"2019-12-03T10:13:27+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "codeguru-profiler:*", "iam:ListRoles", "iam:ListUsers", "sns:ListTopics", "codeguru:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"codeguru-profiler.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*AWSServiceRoleForCodeGuruProfiler*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-07-15T03:23:08+00:00" }, "AmazonCodeGuruProfilerReadOnlyAccess":{ "CreateDate":"2019-12-03T10:30:15+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "codeguru:Get*", "codeguru-profiler:BatchGet*", "codeguru-profiler:Describe*", "codeguru-profiler:Get*", "codeguru-profiler:List*", "iam:ListRoles", "iam:ListUsers" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-27T23:52:52+00:00" }, "AmazonCodeGuruReviewerFullAccess":{ "CreateDate":"2019-12-03T08:33:47+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "codeguru-reviewer:*", "codeguru:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonCodeGuruReviewerFullAccess" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"codeguru-reviewer.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Sid":"AmazonCodeGuruReviewerSLRCreation" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Sid":"AmazonCodeGuruReviewerSLRDeletion" }, { "Action":[ "codecommit:ListRepositories" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeCommitAccess" }, { "Action":[ "codecommit:TagResource", "codecommit:UntagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"codeguru-reviewer" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeCommitTagManagement" }, { "Action":[ "codestar-connections:TagResource", "codestar-connections:UntagResource", "codestar-connections:ListTagsForResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"codeguru-reviewer" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeConnectTagManagement" }, { "Action":[ "codestar-connections:UseConnection", "codestar-connections:ListConnections", "codestar-connections:PassConnection" ], "Condition":{ "ForAllValues:StringEquals":{ "codestar-connections:ProviderAction":[ "ListRepositories", "ListOwners" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeConnectManagedRules" }, { "Action":[ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"codeguru-reviewer.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchEventsManagedRules" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-29T04:16:08+00:00" }, "AmazonCodeGuruReviewerReadOnlyAccess":{ "CreateDate":"2019-12-03T08:48:24+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "codeguru:Get*", "codeguru-reviewer:List*", "codeguru-reviewer:Describe*", "codeguru-reviewer:Get*" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonCodeGuruReviewerReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-29T04:15:32+00:00" }, "AmazonCodeGuruReviewerServiceRolePolicy":{ "CreateDate":"2019-12-03T05:31:12+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "codecommit:GetRepository", "codecommit:GetBranch", "codecommit:DescribePullRequestEvents", "codecommit:GetCommentsForPullRequest", "codecommit:GetDifferences", "codecommit:GetPullRequest", "codecommit:ListPullRequests", "codecommit:PostCommentForPullRequest", "codecommit:GitPull", "codecommit:UntagResource" ], "Condition":{ "StringLike":{ "aws:ResourceTag/codeguru-reviewer":"enabled" } }, "Effect":"Allow", "Resource":"*", "Sid":"AccessCodeGuruReviewerEnabledRepositories" }, { "Action":[ "codestar-connections:UseConnection" ], "Condition":{ "ForAllValues:StringEquals":{ "codestar-connections:ProviderAction":[ "ListBranches", "GetBranch", "ListRepositories", "ListOwners", "ListPullRequests", "GetPullRequest", "ListPullRequestComments", "ListPullRequestCommits", "ListCommitFiles", "ListBranchCommits", "CreatePullRequestDiffComment", "GitPull" ] }, "Null":{ "aws:ResourceTag/codeguru-reviewer":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AccessCodeGuruReviewerEnabledConnections" }, { "Action":[ "events:DeleteRule", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"codeguru-reviewer.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchEventsResourceCleanup" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::codeguru-reviewer-*", "arn:aws:s3:::codeguru-reviewer-*/*" ], "Sid":"AllowGuruS3GetObject" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-27T15:09:46+00:00" }, "AmazonCodeGuruSecurityFullAccess":{ "CreateDate":"2023-05-09T21:03:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codeguru-security:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonCodeGuruSecurityFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-05-09T21:03:38+00:00" }, "AmazonCodeGuruSecurityScanAccess":{ "CreateDate":"2023-05-09T20:54:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "codeguru-security:CreateScan", "codeguru-security:CreateUploadUrl", "codeguru-security:GetScan", "codeguru-security:GetFindings" ], "Effect":"Allow", "Resource":"arn:aws:codeguru-security:*:*:scans/*", "Sid":"AmazonCodeGuruSecurityScanAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-05-09T20:54:32+00:00" }, "AmazonCognitoDeveloperAuthenticatedIdentities":{ "CreateDate":"2015-03-24T17:22:23+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cognito-identity:GetOpenIdTokenForDeveloperIdentity", "cognito-identity:LookupDeveloperIdentity", "cognito-identity:MergeDeveloperIdentities", "cognito-identity:UnlinkDeveloperIdentity" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-03-24T17:22:23+00:00" }, "AmazonCognitoIdpEmailServiceRolePolicy":{ "CreateDate":"2019-03-21T21:32:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ses:SendEmail", "ses:SendRawEmail" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ses:List*" ], "Effect":"Deny", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-03-21T21:32:25+00:00" }, "AmazonCognitoIdpServiceRolePolicy":{ "CreateDate":"2020-06-26T22:30:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cognito-idp:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-26T22:30:20+00:00" }, "AmazonCognitoPowerUser":{ "CreateDate":"2015-03-24T17:14:56+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "cognito-identity:*", "cognito-idp:*", "cognito-sync:*", "iam:ListRoles", "iam:ListOpenIdConnectProviders", "iam:GetRole", "iam:ListSAMLProviders", "iam:GetSAMLProvider", "kinesis:ListStreams", "lambda:GetPolicy", "lambda:ListFunctions", "sns:GetSMSSandboxAccountStatus", "sns:ListPlatformApplications", "ses:ListIdentities", "ses:GetIdentityVerificationAttributes", "mobiletargeting:GetApps", "acm:ListCertificates", "sms-voice:DescribeAccountAttributes" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "cognito-idp.amazonaws.com", "email.cognito-idp.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp*", "arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-27T18:37:05+00:00" }, "AmazonCognitoReadOnly":{ "CreateDate":"2015-03-24T17:06:46+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "cognito-identity:Describe*", "cognito-identity:Get*", "cognito-identity:List*", "cognito-idp:Describe*", "cognito-idp:AdminGet*", "cognito-idp:AdminList*", "cognito-idp:List*", "cognito-idp:Get*", "cognito-sync:Describe*", "cognito-sync:Get*", "cognito-sync:List*", "iam:ListOpenIdConnectProviders", "iam:ListRoles", "sns:ListPlatformApplications" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-01T19:21:04+00:00" }, "AmazonCognitoUnAuthedIdentitiesSessionPolicy":{ "CreateDate":"2023-07-19T23:04:05+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "rum:PutRumEvents", "sagemaker:InvokeEndpoint", "polly:*", "comprehend:*", "translate:*", "transcribe:*", "rekognition:*", "mobiletargeting:*", "firehose:*", "personalize:*", "geo:GetMap*", "geo:SearchPlaceIndex*", "geo:GetPlace", "geo:CalculateRoute*", "geo:*Geofence", "geo:*Geofences", "geo:*DevicePosition*", "kms:Encrypt", "kms:Decrypt", "kms:ReEncryptTo", "kms:ReEncryptFrom", "kms:GenerateDataKey", "kms:GenerateDataKeyPair", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:GenerateDataKeyWithoutPlaintext" ], "Effect":"Allow", "Resource":"*", "Sid":"CognitoUnAuthedIdentitiesSessionPolicy" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-01T18:12:44+00:00" }, "AmazonCognitoUnauthenticatedIdentities":{ "CreateDate":"2023-02-01T22:36:27+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"rum:PutRumEvents", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-01T22:36:27+00:00" }, "AmazonConnectCampaignsServiceLinkedRolePolicy":{ "CreateDate":"2021-09-23T20:54:26+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "connect-campaigns:ListCampaigns" ], "Effect":"Allow", "Resource":"*", "Sid":"ConnectCampaignAccess" }, { "Action":[ "connect:BatchPutContact", "connect:StopContact", "connect:DescribeContactFlow", "connect:SendOutboundEmail" ], "Effect":"Allow", "Resource":"arn:aws:connect:*:*:instance/*", "Sid":"ConnectAccess" }, { "Action":[ "events:ListRules" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*", "Sid":"EventBridgeListRuleAccess" }, { "Action":[ "events:DeleteRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "events:ManagedBy":"connect-campaigns.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/ConnectCampaignsRule*", "Sid":"EventBridgeManagedResourceAccess" }, { "Action":[ "events:ListTargetsByRule" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/ConnectCampaignsRule*", "Sid":"EventBridgeListTargetsByRuleAccess" }, { "Action":[ "wisdom:GetMessageTemplate", "wisdom:RenderMessageTemplate" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonConnectCampaignsEnabled":"True" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowWisdomForConnectCampaignsEnabledTaggedResources" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-03T20:20:01+00:00" }, "AmazonConnectReadOnlyAccess":{ "CreateDate":"2018-10-17T21:00:44+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "connect:Get*", "connect:Describe*", "connect:List*", "ds:DescribeDirectories" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowConnectReadOnly" }, { "Action":"connect:AdminGetEmergencyAccessToken", "Effect":"Deny", "Resource":"*", "Sid":"DenyConnectEmergencyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-19T15:15:33+00:00" }, "AmazonConnectServiceLinkedRolePolicy":{ "CreateDate":"2018-09-07T00:21:43+00:00", "DefaultVersionId":"v24", "Document":{ "Statement":[ { "Action":[ "connect:*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowConnectActions" }, { "Action":[ "iam:DeleteRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*", "Sid":"AllowDeleteSLR" }, { "Action":[ "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:DeleteObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::amazon-connect-*/*" ], "Sid":"AllowS3ObjectForConnectBucket" }, { "Action":[ "s3:GetBucketLocation", "s3:GetBucketAcl" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::amazon-connect-*" ], "Sid":"AllowGetBucketMetadataForConnectBucket" }, { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/connect/*:*" ], "Sid":"AllowConnectLogGroupAccess" }, { "Action":[ "lex:ListBots", "lex:ListBotAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowListLexBotAccess" }, { "Action":[ "profile:SearchProfiles", "profile:CreateProfile", "profile:UpdateProfile", "profile:AddProfileKey", "profile:ListProfileObjectTypes", "profile:ListCalculatedAttributeDefinitions", "profile:ListCalculatedAttributesForProfile", "profile:GetDomain", "profile:ListIntegrations", "profile:GetIntegration", "profile:PutIntegration", "profile:DeleteIntegration", "profile:ListEventTriggers", "profile:ListSegmentDefinitions", "profile:ListProfileAttributeValues", "profile:CreateSegmentEstimate", "profile:GetSegmentEstimate", "profile:BatchGetProfile", "profile:BatchGetCalculatedAttributeForProfile", "profile:GetSegmentMembership" ], "Effect":"Allow", "Resource":"arn:aws:profile:*:*:domains/amazon-connect-*", "Sid":"AllowCustomerProfilesForConnectDomain" }, { "Action":[ "profile:CreateEventTrigger", "profile:GetEventTrigger", "profile:UpdateEventTrigger", "profile:DeleteEventTrigger" ], "Effect":"Allow", "Resource":[ "arn:aws:profile:*:*:domains/amazon-connect-*/event-triggers/*" ], "Sid":"AllowCustomerProfilesEventTriggerForConnectDomain" }, { "Action":[ "profile:ListProfileObjects", "profile:GetProfileObjectType", "profile:ListObjectTypeAttributes" ], "Effect":"Allow", "Resource":[ "arn:aws:profile:*:*:domains/amazon-connect-*/object-types/*" ], "Sid":"AllowReadPermissionForCustomerProfileObjects" }, { "Action":[ "profile:ListAccountIntegrations" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowListIntegrationForCustomerProfile" }, { "Action":[ "profile:ListProfileObjectTypeTemplates", "profile:GetProfileObjectTypeTemplate" ], "Effect":"Allow", "Resource":"arn:aws:profile:*:*:/templates*", "Sid":"AllowReadForCustomerProfileObjectTemplates" }, { "Action":[ "wisdom:CreateContent", "wisdom:DeleteContent", "wisdom:CreateKnowledgeBase", "wisdom:GetAssistant", "wisdom:GetKnowledgeBase", "wisdom:GetContent", "wisdom:GetRecommendations", "wisdom:GetSession", "wisdom:NotifyRecommendationsReceived", "wisdom:QueryAssistant", "wisdom:StartContentUpload", "wisdom:UpdateContent", "wisdom:UntagResource", "wisdom:TagResource", "wisdom:CreateSession", "wisdom:CreateQuickResponse", "wisdom:GetQuickResponse", "wisdom:SearchQuickResponses", "wisdom:StartImportJob", "wisdom:GetImportJob", "wisdom:ListImportJobs", "wisdom:ListQuickResponses", "wisdom:UpdateQuickResponse", "wisdom:DeleteQuickResponse", "wisdom:PutFeedback", "wisdom:ListContentAssociations", "wisdom:CreateMessageTemplate", "wisdom:UpdateMessageTemplate", "wisdom:UpdateMessageTemplateMetadata", "wisdom:GetMessageTemplate", "wisdom:DeleteMessageTemplate", "wisdom:ListMessageTemplates", "wisdom:SearchMessageTemplates", "wisdom:ActivateMessageTemplate", "wisdom:DeactivateMessageTemplate", "wisdom:CreateMessageTemplateVersion", "wisdom:ListMessageTemplateVersions", "wisdom:CreateMessageTemplateAttachment", "wisdom:DeleteMessageTemplateAttachment", "wisdom:RenderMessageTemplate", "wisdom:CreateAIAgent", "wisdom:CreateAIAgentVersion", "wisdom:DeleteAIAgent", "wisdom:DeleteAIAgentVersion", "wisdom:UpdateAIAgent", "wisdom:UpdateAssistantAIAgent", "wisdom:RemoveAssistantAIAgent", "wisdom:GetAIAgent", "wisdom:ListAIAgents", "wisdom:ListAIAgentVersions", "wisdom:CreateAIPrompt", "wisdom:CreateAIPromptVersion", "wisdom:DeleteAIPrompt", "wisdom:DeleteAIPromptVersion", "wisdom:UpdateAIPrompt", "wisdom:GetAIPrompt", "wisdom:ListAIPrompts", "wisdom:ListAIPromptVersions", "wisdom:CreateAIGuardrail", "wisdom:CreateAIGuardrailVersion", "wisdom:DeleteAIGuardrail", "wisdom:DeleteAIGuardrailVersion", "wisdom:UpdateAIGuardrail", "wisdom:GetAIGuardrail", "wisdom:ListAIGuardrails", "wisdom:ListAIGuardrailVersions", "wisdom:CreateAssistant", "wisdom:ListTagsForResource", "wisdom:SendMessage", "wisdom:GetNextMessage", "wisdom:ListMessages" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonConnectEnabled":"True" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowWisdomForConnectEnabledTaggedResources" }, { "Action":[ "wisdom:ListAssistants", "wisdom:ListKnowledgeBases" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowListOperationForWisdom" }, { "Action":[ "profile:GetCalculatedAttributeForProfile", "profile:CreateCalculatedAttributeDefinition", "profile:DeleteCalculatedAttributeDefinition", "profile:GetCalculatedAttributeDefinition", "profile:UpdateCalculatedAttributeDefinition" ], "Effect":"Allow", "Resource":[ "arn:aws:profile:*:*:domains/amazon-connect-*/calculated-attributes/*" ], "Sid":"AllowCustomerProfilesCalculatedAttributesForConnectDomain" }, { "Action":[ "profile:CreateSegmentDefinition", "profile:GetSegmentDefinition", "profile:DeleteSegmentDefinition", "profile:CreateSegmentSnapshot", "profile:GetSegmentSnapshot" ], "Effect":"Allow", "Resource":[ "arn:aws:profile:*:*:domains/amazon-connect-*/segment-definitions/*" ], "Sid":"AllowCustomerProfilesSegmentationForConnectDomain" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/Connect" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPutMetricsForConnectNamespace" }, { "Action":[ "sms-voice:SendTextMessage", "sms-voice:DescribePhoneNumbers" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sms-voice:*:*:phone-number/*", "Sid":"AllowSMSVoiceOperationsForConnect" }, { "Action":[ "cognito-idp:DescribeUserPool", "cognito-idp:ListUserPoolClients" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonConnectEnabled":"True" } }, "Effect":"Allow", "Resource":"arn:aws:cognito-idp:*:*:userpool/*", "Sid":"AllowCognitoForConnectEnabledTaggedResources" }, { "Action":[ "profile:PutProfileObject" ], "Effect":"Allow", "Resource":[ "arn:aws:profile:*:*:domains/amazon-connect-*/object-types/*" ], "Sid":"AllowWritePermissionForCustomerProfileObjects" }, { "Action":[ "chime:GetVoiceConnector" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonConnectEnabled":"True" } }, "Effect":"Allow", "Resource":"arn:aws:chime:*:*:vc/*", "Sid":"AllowChimeSDKVoiceConnectorGetOperationForConnect" }, { "Action":[ "chime:ListVoiceConnectors" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:chime:*:*:vc/*", "Sid":"AllowChimeSDKVoiceConnectorListOperationForConnect" }, { "Action":[ "ses:DescribeReceiptRule", "ses:UpdateReceiptRule" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SESPermissionsForManagingReceiptRules" }, { "Action":[ "ses:DeleteEmailIdentity" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:ses:*:*:identity/*.email.connect.aws*", "Sid":"SESPermissionForManagingConnectProvidedSESIdentity" }, { "Action":[ "ses:SendRawEmail" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:ses:*:*:configuration-set/configuration-set-for-connect-DO-NOT-DELETE", "Sid":"SESConfigurationSetPermissionsForSendingEmail" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":"ses.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonConnectEmailSESAccessRole" ], "Sid":"PassRoleToSESForReceiptRuleManagement" }, { "Action":[ "social-messaging:SendWhatsAppMessage", "social-messaging:PostWhatsAppMessageMedia", "social-messaging:GetWhatsAppMessageMedia", "social-messaging:GetLinkedWhatsAppBusinessAccountPhoneNumber" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonConnectEnabled":"True" } }, "Effect":"Allow", "Resource":"arn:aws:social-messaging:*:*:phone-number-id/*", "Sid":"AllowSocialMessagingOperations" }, { "Action":"mobiletargeting:SendMessages", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:mobiletargeting:*:*:apps/*", "Sid":"AllowMobileTargetingOperationsForConnect" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-12T20:22:06+00:00" }, "AmazonConnectSynchronizationServiceRolePolicy":{ "CreateDate":"2023-10-27T22:38:25+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "connect:Create*", "connect:Update*", "connect:Delete*", "connect:Describe*", "connect:List*", "connect:Search*", "connect:Associate*", "connect:Disassociate*", "connect:Get*", "connect:BatchGet*", "connect:TagResource", "connect:UntagResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowConnectActions" }, { "Action":[ "connect:Start*", "connect:Stop*", "connect:Resume*", "connect:Suspend*", "connect:*Contact", "connect:SearchContacts", "connect:*ContactAttributes*", "connect:*RealtimeContact*", "connect:*AnalyticsData*", "connect:*MetricData*", "connect:*UserData*", "connect:*ContactEvaluation", "connect:*AttachedFile*", "connect:UpdateContactSchedule", "connect:UpdateContactRoutingData", "connect:ListContactReferences", "connect:CreateParticipant", "connect:CreatePersistentContactAssociation", "connect:CreateInstance", "connect:DeleteInstance", "connect:ListInstances", "connect:ReplicateInstance", "connect:GetFederationToken", "connect:ClaimPhoneNumber", "connect:ImportPhoneNumber", "connect:ReleasePhoneNumber", "connect:SearchAvailablePhoneNumbers", "connect:CreateTrafficDistributionGroup", "connect:DeleteTrafficDistributionGroup", "connect:GetTrafficDistribution", "connect:UpdateTrafficDistribution" ], "Effect":"Deny", "Resource":"*", "Sid":"DisallowedConnectActions" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/Connect" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPutMetricsForConnectNamespace" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-12T22:22:17+00:00" }, "AmazonConnectVoiceIDFullAccess":{ "CreateDate":"2021-09-26T19:04:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"voiceid:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-26T19:04:10+00:00" }, "AmazonConnect_FullAccess":{ "CreateDate":"2020-11-20T19:54:21+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "connect:*", "ds:CreateAlias", "ds:AuthorizeApplication", "ds:CreateIdentityPoolDirectory", "ds:DeleteDirectory", "ds:DescribeDirectories", "ds:UnauthorizeApplication", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "kinesis:DescribeStream", "kinesis:ListStreams", "kms:DescribeKey", "kms:ListAliases", "lex:GetBots", "lex:ListBots", "lex:ListBotAliases", "logs:CreateLogGroup", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "lambda:ListFunctions", "ds:CheckAlias", "profile:ListAccountIntegrations", "profile:GetDomain", "profile:ListDomains", "profile:GetProfileObjectType", "profile:ListProfileObjectTypeTemplates" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "profile:AddProfileKey", "profile:CreateDomain", "profile:CreateProfile", "profile:DeleteDomain", "profile:DeleteIntegration", "profile:DeleteProfile", "profile:DeleteProfileKey", "profile:DeleteProfileObject", "profile:DeleteProfileObjectType", "profile:GetIntegration", "profile:GetMatches", "profile:GetProfileObjectType", "profile:ListIntegrations", "profile:ListProfileObjects", "profile:ListProfileObjectTypes", "profile:ListTagsForResource", "profile:MergeProfiles", "profile:PutIntegration", "profile:PutProfileObject", "profile:PutProfileObjectType", "profile:SearchProfiles", "profile:TagResource", "profile:UntagResource", "profile:UpdateDomain", "profile:UpdateProfile" ], "Effect":"Allow", "Resource":"arn:aws:profile:*:*:domains/amazon-connect-*" }, { "Action":[ "s3:CreateBucket", "s3:GetBucketAcl" ], "Effect":"Allow", "Resource":"arn:aws:s3:::amazon-connect-*" }, { "Action":[ "servicequotas:GetServiceQuota" ], "Effect":"Allow", "Resource":"arn:aws:servicequotas:*:*:connect/*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"connect.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:DeleteServiceLinkedRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"profile.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/profile.amazonaws.com/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-07T14:49:25+00:00" }, "AmazonDMSCloudWatchLogsRole":{ "CreateDate":"2016-01-07T23:44:53+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowDescribeOnAllLogGroups" }, { "Action":[ "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:dms-tasks-*", "arn:aws:logs:*:*:log-group:dms-serverless-replication-*" ], "Sid":"AllowDescribeOfAllLogStreamsOnDmsTasksLogGroup" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:dms-tasks-*", "arn:aws:logs:*:*:log-group:dms-serverless-replication-*:log-stream:" ], "Sid":"AllowCreationOfDmsLogGroups" }, { "Action":[ "logs:CreateLogStream" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*", "arn:aws:logs:*:*:log-group:dms-serverless-replication-*:log-stream:dms-serverless-*" ], "Sid":"AllowCreationOfDmsLogStream" }, { "Action":[ "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*", "arn:aws:logs:*:*:log-group:dms-serverless-replication-*:log-stream:dms-serverless-*" ], "Sid":"AllowUploadOfLogEventsToDmsLogStream" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-05-23T21:32:57+00:00" }, "AmazonDMSRedshiftS3Role":{ "CreateDate":"2016-04-20T17:05:56+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "s3:CreateBucket", "s3:ListBucket", "s3:DeleteBucket", "s3:GetBucketLocation", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetObjectVersion", "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:GetBucketAcl", "s3:PutBucketVersioning", "s3:GetBucketVersioning", "s3:PutLifecycleConfiguration", "s3:GetLifecycleConfiguration", "s3:DeleteBucketPolicy" ], "Effect":"Allow", "Resource":"arn:aws:s3:::dms-*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-07-08T18:19:14+00:00" }, "AmazonDMSVPCManagementRole":{ "CreateDate":"2015-11-18T16:33:19+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeAvailabilityZones", "ec2:DescribeDhcpOptions", "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":"*", "Sid":"Statement1" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-25T15:19:01+00:00" }, "AmazonDRSVPCManagement":{ "CreateDate":"2015-09-02T00:09:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:ModifyNetworkInterfaceAttribute", "ec2:RevokeSecurityGroupIngress" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-09-02T00:09:20+00:00" }, "AmazonDataZoneBedrockModelConsumptionPolicy":{ "CreateDate":"2024-11-12T22:15:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"true" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneDomain":"${datazone:domainId}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:application-inference-profile/*", "Sid":"InvokeDomainInferenceProfiles" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-12T22:15:08+00:00" }, "AmazonDataZoneBedrockModelManagementPolicy":{ "CreateDate":"2024-11-12T22:14:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "bedrock:CreateInferenceProfile", "bedrock:TagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneProject" ] }, "Null":{ "aws:RequestTag/AmazonDataZoneProject":"false", "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"ManageApplicationInferenceProfile" }, { "Action":[ "bedrock:DeleteInferenceProfile" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"DeleteApplicationInferenceProfile" }, { "Action":[ "bedrock:CreateInferenceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*" ], "Sid":"CreateApplicationInferenceProfileUsingFoundationModels" }, { "Action":[ "bedrock:CreateInferenceProfile" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:inference-profile/*" ], "Sid":"CreateApplicationInferenceProfileUsingBedrockModels" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-12T22:14:20+00:00" }, "AmazonDataZoneDomainExecutionRolePolicy":{ "CreateDate":"2023-09-27T21:55:08+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "datazone:AcceptPredictions", "datazone:AcceptSubscriptionRequest", "datazone:AddEntityOwner", "datazone:AddPolicyGrant", "datazone:CancelMetadataGenerationRun", "datazone:CancelSubscription", "datazone:CreateAsset", "datazone:CreateAssetFilter", "datazone:CreateAssetRevision", "datazone:CreateAssetType", "datazone:CreateDataProduct", "datazone:CreateDataProductRevision", "datazone:CreateDataSource", "datazone:CreateDomainUnit", "datazone:CreateEnvironment", "datazone:CreateEnvironmentBlueprint", "datazone:CreateEnvironmentProfile", "datazone:CreateFormType", "datazone:CreateGlossary", "datazone:CreateGlossaryTerm", "datazone:CreateListingChangeSet", "datazone:CreateProject", "datazone:CreateProjectMembership", "datazone:CreateRule", "datazone:CreateSubscriptionGrant", "datazone:CreateSubscriptionRequest", "datazone:DeleteAsset", "datazone:DeleteAssetFilter", "datazone:DeleteAssetType", "datazone:DeleteDataProduct", "datazone:DeleteDataSource", "datazone:DeleteDomainUnit", "datazone:DeleteEnvironment", "datazone:DeleteEnvironmentBlueprint", "datazone:DeleteEnvironmentProfile", "datazone:DeleteFormType", "datazone:DeleteGlossary", "datazone:DeleteGlossaryTerm", "datazone:DeleteListing", "datazone:DeleteProject", "datazone:DeleteProjectMembership", "datazone:DeleteRule", "datazone:DeleteSubscriptionGrant", "datazone:DeleteSubscriptionRequest", "datazone:DeleteSubscriptionTarget", "datazone:DeleteTimeSeriesDataPoints", "datazone:GetAsset", "datazone:GetAssetFilter", "datazone:GetAssetType", "datazone:GetDataProduct", "datazone:GetDataSource", "datazone:GetDataSourceRun", "datazone:GetDomain", "datazone:GetDomainUnit", "datazone:GetEnvironment", "datazone:GetEnvironmentAction", "datazone:GetEnvironmentActionLink", "datazone:GetEnvironmentBlueprint", "datazone:GetEnvironmentBlueprintConfiguration", "datazone:GetEnvironmentCredentials", "datazone:GetEnvironmentProfile", "datazone:GetFormType", "datazone:GetGlossary", "datazone:GetGlossaryTerm", "datazone:GetGroupProfile", "datazone:GetLineageNode", "datazone:GetListing", "datazone:GetMetadataGenerationRun", "datazone:GetProject", "datazone:GetRule", "datazone:GetSubscription", "datazone:GetSubscriptionEligibility", "datazone:GetSubscriptionGrant", "datazone:GetSubscriptionRequestDetails", "datazone:GetSubscriptionTarget", "datazone:GetTimeSeriesDataPoint", "datazone:GetUserProfile", "datazone:ListAccountEnvironments", "datazone:ListAssetFilters", "datazone:ListAssetRevisions", "datazone:ListDataProductRevisions", "datazone:ListDataSourceRunActivities", "datazone:ListDataSourceRuns", "datazone:ListDataSources", "datazone:ListDomainUnitsForParent", "datazone:ListEntityOwners", "datazone:ListEnvironmentActions", "datazone:ListEnvironmentBlueprintConfigurationSummaries", "datazone:ListEnvironmentBlueprintConfigurations", "datazone:ListEnvironmentBlueprints", "datazone:ListEnvironmentProfiles", "datazone:ListEnvironments", "datazone:ListGroupsForUser", "datazone:ListLineageNodeHistory", "datazone:ListMetadataGenerationRuns", "datazone:ListNotifications", "datazone:ListPolicyGrants", "datazone:ListProjectMemberships", "datazone:ListProjects", "datazone:ListRules", "datazone:ListSubscriptionGrants", "datazone:ListSubscriptionRequests", "datazone:ListSubscriptionTargets", "datazone:ListSubscriptions", "datazone:ListTimeSeriesDataPoints", "datazone:ListWarehouseMetadata", "datazone:RejectPredictions", "datazone:RejectSubscriptionRequest", "datazone:RemoveEntityOwner", "datazone:RemovePolicyGrant", "datazone:RevokeSubscription", "datazone:Search", "datazone:SearchGroupProfiles", "datazone:SearchListings", "datazone:SearchRules", "datazone:SearchTypes", "datazone:SearchUserProfiles", "datazone:StartDataSourceRun", "datazone:StartMetadataGenerationRun", "datazone:UpdateAssetFilter", "datazone:UpdateDataSource", "datazone:UpdateDomainUnit", "datazone:UpdateEnvironment", "datazone:UpdateEnvironmentBlueprint", "datazone:UpdateEnvironmentDeploymentStatus", "datazone:UpdateEnvironmentProfile", "datazone:UpdateGlossary", "datazone:UpdateGlossaryTerm", "datazone:UpdateProject", "datazone:UpdateRule", "datazone:UpdateSubscriptionGrantStatus", "datazone:UpdateSubscriptionRequest" ], "Effect":"Allow", "Resource":"*", "Sid":"DomainExecutionRoleStatement" }, { "Action":"ram:GetResourceShareAssociations", "Effect":"Allow", "Resource":"*", "Sid":"RAMResourceShareStatement" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-03T14:06:07+00:00" }, "AmazonDataZoneEnvironmentRolePermissionsBoundary":{ "CreateDate":"2023-09-11T23:38:22+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws-glue-service-resource" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"CreateGlueConnection" }, { "Action":[ "glue:*DataQuality*", "glue:BatchCreatePartition", "glue:BatchDeleteConnection", "glue:BatchDeletePartition", "glue:BatchDeleteTable", "glue:BatchDeleteTableVersion", "glue:BatchGetJobs", "glue:BatchGetWorkflows", "glue:BatchStopJobRun", "glue:BatchUpdatePartition", "glue:CreateBlueprint", "glue:CreateConnection", "glue:CreateCrawler", "glue:CreateDatabase", "glue:CreateJob", "glue:CreatePartition", "glue:CreatePartitionIndex", "glue:CreateTable", "glue:CreateWorkflow", "glue:DeleteBlueprint", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeleteConnection", "glue:DeleteCrawler", "glue:DeleteJob", "glue:DeletePartition", "glue:DeletePartitionIndex", "glue:DeleteTable", "glue:DeleteTableVersion", "glue:DeleteWorkflow", "glue:GetColumnStatisticsForPartition", "glue:GetColumnStatisticsForTable", "glue:GetConnection", "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetPartition", "glue:GetPartitions", "glue:ListSchemas", "glue:ListJobs", "glue:NotifyEvent", "glue:PutWorkflowRunProperties", "glue:ResetJobBookmark", "glue:ResumeWorkflowRun", "glue:SearchTables", "glue:StartBlueprintRun", "glue:StartCrawler", "glue:StartCrawlerSchedule", "glue:StartJobRun", "glue:StartWorkflowRun", "glue:StopCrawler", "glue:StopCrawlerSchedule", "glue:StopWorkflowRun", "glue:UpdateBlueprint", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:UpdateConnection", "glue:UpdateCrawler", "glue:UpdateCrawlerSchedule", "glue:UpdateDatabase", "glue:UpdateJob", "glue:UpdatePartition", "glue:UpdateTable", "glue:UpdateWorkflow" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"GlueOperations" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"glue.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*" ], "Sid":"PassRole" }, { "Action":[ "kms:DescribeKey", "kms:Decrypt", "kms:ListKeys" ], "Condition":{ "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SameAccountKmsOperations" }, { "Action":[ "kms:DescribeKey", "kms:Decrypt", "kms:ListKeys", "kms:Encrypt", "kms:GenerateDataKey", "kms:Verify", "kms:Sign" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"KmsOperationsWithResourceTag" }, { "Action":[ "datazone:*", "sqlworkbench:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AnalyticsOperations" }, { "Action":[ "athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:CreateNamedQuery", "athena:CreateNotebook", "athena:CreatePreparedStatement", "athena:CreatePresignedNotebookUrl", "athena:DeleteNamedQuery", "athena:DeleteNotebook", "athena:DeletePreparedStatement", "athena:ExportNotebook", "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetNamedQuery", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetQueryRuntimeStatistics", "athena:GetTableMetadata", "athena:GetWorkGroup", "athena:ImportNotebook", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListEngineVersions", "athena:ListNamedQueries", "athena:ListPreparedStatements", "athena:ListQueryExecutions", "athena:ListTableMetadata", "athena:ListTagsForResource", "athena:ListWorkGroups", "athena:StartCalculationExecution", "athena:StartQueryExecution", "athena:StartSession", "athena:StopCalculationExecution", "athena:StopQueryExecution", "athena:TerminateSession", "athena:UpdateNamedQuery", "athena:UpdateNotebook", "athena:UpdateNotebookMetadata", "athena:UpdatePreparedStatement", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:Describe*", "glue:BatchCreatePartition", "glue:BatchDeletePartition", "glue:BatchDeleteTable", "glue:BatchDeleteTableVersion", "glue:BatchGetJobs", "glue:BatchGetPartition", "glue:BatchGetWorkflows", "glue:BatchUpdatePartition", "glue:CreateBlueprint", "glue:CreateConnection", "glue:CreateCrawler", "glue:CreateDatabase", "glue:CreateJob", "glue:CreatePartition", "glue:CreatePartitionIndex", "glue:CreateTable", "glue:CreateWorkflow", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeletePartition", "glue:DeletePartitionIndex", "glue:DeleteTable", "glue:DeleteTableVersion", "glue:GetColumnStatisticsForPartition", "glue:GetColumnStatisticsForTable", "glue:GetConnection", "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetPartition", "glue:GetPartitions", "glue:ListSchemas", "glue:ListJobs", "glue:NotifyEvent", "glue:SearchTables", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:UpdateDatabase", "glue:UpdatePartition", "glue:UpdateTable", "iam:GetRole", "iam:GetRolePolicy", "iam:ListGroups", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListUsers", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DescribeMetricFilters", "logs:DescribeQueries", "logs:DescribeQueryDefinitions", "logs:DescribeMetricFilters", "logs:StartQuery", "logs:StopQuery", "logs:GetLogEvents", "logs:GetLogGroupFields", "logs:GetQueryResults", "logs:GetLogRecord", "logs:PutLogEvents", "logs:CreateLogStream", "logs:FilterLogEvents", "lakeformation:GetDataAccess", "lakeformation:GetDataLakeSettings", "lakeformation:GetResourceLFTags", "lakeformation:ListPermissions", "redshift-data:ListTables", "redshift-data:DescribeTable", "redshift-data:ListSchemas", "redshift-data:ListDatabases", "redshift-data:ExecuteStatement", "redshift-data:GetStatementResult", "redshift-data:DescribeStatement", "redshift:CreateClusterUser", "redshift:DescribeClusters", "redshift:DescribeDataShares", "redshift:GetClusterCredentials", "redshift:GetClusterCredentialsWithIAM", "redshift:JoinGroup", "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:GetCredentials", "secretsmanager:ListSecrets", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"QueryOperations" }, { "Action":[ "athena:GetQueryResultsStream" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"QueryOperationsWithResourceTag" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneDomain", "AmazonDataZoneProject" ] }, "Null":{ "aws:TagKeys":"false" }, "StringLike":{ "aws:ResourceTag/AmazonDataZoneDomain":"*", "aws:ResourceTag/AmazonDataZoneProject":"*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Sid":"SecretsManagerOperationsWithTagKeys" }, { "Action":[ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObject", "s3:PutObject", "s3:PutObjectRetention", "s3:ReplicateObject", "s3:RestoreObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*/datazone/*" ], "Sid":"DataZoneS3Buckets" }, { "Action":[ "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"*", "Sid":"DataZoneS3BucketLocation" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringLike":{ "s3:prefix":[ "*/datazone/*", "datazone/*" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ListDataZoneS3Bucket" }, { "Effect":"Deny", "NotAction":[ "datazone:*", "sqlworkbench:*", "athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:CreateNamedQuery", "athena:CreateNotebook", "athena:CreatePreparedStatement", "athena:CreatePresignedNotebookUrl", "athena:DeleteNamedQuery", "athena:DeleteNotebook", "athena:DeletePreparedStatement", "athena:ExportNotebook", "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetNamedQuery", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetQueryRuntimeStatistics", "athena:GetTableMetadata", "athena:GetWorkGroup", "athena:ImportNotebook", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListEngineVersions", "athena:ListNamedQueries", "athena:ListPreparedStatements", "athena:ListQueryExecutions", "athena:ListTableMetadata", "athena:ListTagsForResource", "athena:ListWorkGroups", "athena:StartCalculationExecution", "athena:StartQueryExecution", "athena:StartSession", "athena:StopCalculationExecution", "athena:StopQueryExecution", "athena:TerminateSession", "athena:UpdateNamedQuery", "athena:UpdateNotebook", "athena:UpdateNotebookMetadata", "athena:UpdatePreparedStatement", "ec2:CreateNetworkInterface", "ec2:CreateTags", "ec2:DeleteNetworkInterface", "ec2:DeleteTags", "ec2:Describe*", "glue:*DataQuality*", "glue:BatchCreatePartition", "glue:BatchDeleteConnection", "glue:BatchDeletePartition", "glue:BatchDeleteTable", "glue:BatchDeleteTableVersion", "glue:BatchGetJobs", "glue:BatchGetPartition", "glue:BatchGetWorkflows", "glue:BatchStopJobRun", "glue:BatchUpdatePartition", "glue:CreateBlueprint", "glue:CreateConnection", "glue:CreateCrawler", "glue:CreateDatabase", "glue:CreateJob", "glue:CreatePartition", "glue:CreatePartitionIndex", "glue:CreateTable", "glue:CreateWorkflow", "glue:DeleteBlueprint", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeleteConnection", "glue:DeleteCrawler", "glue:DeleteJob", "glue:DeletePartition", "glue:DeletePartitionIndex", "glue:DeleteTable", "glue:DeleteTableVersion", "glue:DeleteWorkflow", "glue:GetColumnStatisticsForPartition", "glue:GetColumnStatisticsForTable", "glue:GetConnection", "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetPartition", "glue:GetPartitions", "glue:ListSchemas", "glue:ListJobs", "glue:NotifyEvent", "glue:PutWorkflowRunProperties", "glue:ResetJobBookmark", "glue:ResumeWorkflowRun", "glue:SearchTables", "glue:StartBlueprintRun", "glue:StartCrawler", "glue:StartCrawlerSchedule", "glue:StartJobRun", "glue:StartWorkflowRun", "glue:StopCrawler", "glue:StopCrawlerSchedule", "glue:StopWorkflowRun", "glue:UpdateBlueprint", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:UpdateConnection", "glue:UpdateCrawler", "glue:UpdateCrawlerSchedule", "glue:UpdateDatabase", "glue:UpdateJob", "glue:UpdatePartition", "glue:UpdateTable", "glue:UpdateWorkflow", "iam:GetRole", "iam:GetRolePolicy", "iam:List*", "iam:PassRole", "kms:DescribeKey", "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:ListKeys", "kms:Verify", "kms:Sign", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DescribeMetricFilters", "logs:DescribeQueries", "logs:DescribeQueryDefinitions", "logs:StartQuery", "logs:StopQuery", "logs:GetLogEvents", "logs:GetLogGroupFields", "logs:GetQueryResults", "logs:GetLogRecord", "logs:PutLogEvents", "logs:CreateLogStream", "logs:FilterLogEvents", "lakeformation:GetDataAccess", "lakeformation:GetDataLakeSettings", "lakeformation:GetResourceLFTags", "lakeformation:ListPermissions", "redshift-data:ListTables", "redshift-data:DescribeTable", "redshift-data:ListSchemas", "redshift-data:ListDatabases", "redshift-data:ExecuteStatement", "redshift-data:GetStatementResult", "redshift-data:DescribeStatement", "redshift:CreateClusterUser", "redshift:DescribeClusters", "redshift:DescribeDataShares", "redshift:GetClusterCredentials", "redshift:GetClusterCredentialsWithIAM", "redshift:JoinGroup", "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:GetCredentials", "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObject", "s3:GetBucketLocation", "s3:ListBucket", "s3:PutObject", "s3:PutObjectRetention", "s3:ReplicateObject", "s3:RestoreObject", "secretsmanager:CreateSecret", "secretsmanager:ListSecrets", "secretsmanager:TagResource", "tag:GetResources" ], "Resource":[ "*" ], "Sid":"NotDeniedOperations" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-17T23:29:08+00:00" }, "AmazonDataZoneFullAccess":{ "CreateDate":"2023-09-22T20:06:52+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "datazone:*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmazonDataZoneStatement" }, { "Action":[ "kms:DescribeKey", "kms:ListAliases", "iam:ListRoles", "sso:DescribeRegisteredRegions", "s3:ListAllMyBuckets", "redshift:DescribeClusters", "redshift-serverless:ListWorkgroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "secretsmanager:ListSecrets", "iam:ListUsers", "glue:GetDatabases", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "codewhisperer:ListProfiles", "bedrock:ListInferenceProfiles", "bedrock:ListFoundationModels", "bedrock:ListTagsForResource", "aoss:ListSecurityPolicies" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ReadOnlyStatement" }, { "Action":[ "s3:ListBucket", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"BucketReadOnlyStatement" }, { "Action":[ "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::amazon-datazone*", "arn:aws:s3:::amazon-sagemaker*" ], "Sid":"CreateBucketStatement" }, { "Action":[ "s3:PutBucketCORS", "s3:PutBucketPolicy", "s3:PutBucketVersioning" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::amazon-sagemaker*" ], "Sid":"ConfigureBucketStatement" }, { "Action":[ "ram:CreateResourceShare" ], "Condition":{ "StringEqualsIfExists":{ "ram:RequestedResourceType":"datazone:Domain" } }, "Effect":"Allow", "Resource":"*", "Sid":"RamCreateResourceStatement" }, { "Action":[ "ram:DeleteResourceShare", "ram:AssociateResourceShare", "ram:DisassociateResourceShare", "ram:RejectResourceShareInvitation" ], "Condition":{ "StringLike":{ "ram:ResourceShareName":[ "DataZone*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"RamResourceStatement" }, { "Action":[ "ram:GetResourceShares", "ram:GetResourceShareInvitations", "ram:GetResourceShareAssociations", "ram:ListResourceSharePermissions" ], "Effect":"Allow", "Resource":"*", "Sid":"RamResourceReadOnlyStatement" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:passedToService":"datazone.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonSageMaker*" ], "Sid":"IAMPassRoleStatement" }, { "Action":"iam:GetPolicy", "Effect":"Allow", "Resource":[ "arn:aws:iam::*:policy/service-role/AmazonDataZoneRedshiftAccessPolicy*" ], "Sid":"IAMGetPolicyStatement" }, { "Action":[ "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneDomain", "AmazonDataZoneProject" ] }, "StringLike":{ "aws:RequestTag/AmazonDataZoneDomain":"dzd_*", "aws:ResourceTag/AmazonDataZoneDomain":"dzd_*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Sid":"DataZoneTagOnCreateDomainProjectTags" }, { "Action":[ "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneDomain" ] }, "StringLike":{ "aws:RequestTag/AmazonDataZoneDomain":"dzd_*", "aws:ResourceTag/AmazonDataZoneDomain":"dzd_*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Sid":"DataZoneTagOnCreate" }, { "Action":[ "secretsmanager:CreateSecret" ], "Condition":{ "StringLike":{ "aws:RequestTag/AmazonDataZoneDomain":"dzd_*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Sid":"CreateSecretStatement" }, { "Action":[ "codeconnections:GetConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"ConnectionStatement" }, { "Action":[ "codeconnections:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "for-use-with-all-datazone-projects" ] }, "StringEquals":{ "aws:RequestTag/for-use-with-all-datazone-projects":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"TagCodeConnectionsStatement" }, { "Action":[ "codeconnections:UntagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"for-use-with-all-datazone-projects" } }, "Effect":"Allow", "Resource":[ "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"UntagCodeConnectionsStatement" }, { "Action":[ "ssm:GetParameter", "ssm:GetParametersByPath", "ssm:PutParameter", "ssm:DeleteParameter" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:parameter/amazon/datazone/q*", "arn:aws:ssm:*:*:parameter/amazon/datazone/genAI*", "arn:aws:ssm:*:*:parameter/amazon/datazone/profiles*" ], "Sid":"SSMParameterStatement" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "Null":{ "aws:ResourceTag/EnableKeyForAmazonDataZone":"false" }, "StringEquals":{ "aws:ResourceTag/EnableKeyForAmazonDataZone":"true" }, "StringLike":{ "kms:ViaService":"ssm.*.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"UseKMSKeyPermissionsStatement" }, { "Action":[ "aoss:GetSecurityPolicy", "aoss:CreateSecurityPolicy" ], "Condition":{ "StringLike":{ "aoss:collection":"genai-studio-*" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"SecurityPolicyStatement" }, { "Action":[ "bedrock:GetFoundationModel", "bedrock:GetFoundationModelAvailability" ], "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*" ], "Sid":"GetFoundationModelStatement" }, { "Action":[ "bedrock:GetInferenceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:inference-profile/*", "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"GetInferenceProfileStatement" }, { "Action":[ "bedrock:CreateInferenceProfile" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonDataZoneDomain":"false", "aws:RequestTag/AmazonDataZoneProject":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"ApplicationInferenceProfileStatement" }, { "Action":[ "bedrock:TagResource" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonDataZoneDomain":"false", "aws:RequestTag/AmazonDataZoneProject":"true", "aws:ResourceTag/AmazonDataZoneDomain":"false", "aws:ResourceTag/AmazonDataZoneProject":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"TagApplicationInferenceProfileStatement" }, { "Action":[ "bedrock:DeleteInferenceProfile" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneDomain":"false", "aws:ResourceTag/AmazonDataZoneProject":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"DeleteApplicationInferenceProfileStatement" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-21T20:36:06+00:00" }, "AmazonDataZoneFullUserAccess":{ "CreateDate":"2023-09-22T21:06:41+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "datazone:AcceptPredictions", "datazone:AcceptSubscriptionRequest", "datazone:AddEntityOwner", "datazone:AddPolicyGrant", "datazone:CancelMetadataGenerationRun", "datazone:CancelSubscription", "datazone:CreateAsset", "datazone:CreateAssetFilter", "datazone:CreateAssetRevision", "datazone:CreateAssetType", "datazone:CreateDataProduct", "datazone:CreateDataProductRevision", "datazone:CreateDataSource", "datazone:CreateDomainUnit", "datazone:CreateEnvironment", "datazone:CreateEnvironmentBlueprint", "datazone:CreateEnvironmentProfile", "datazone:CreateFormType", "datazone:CreateGlossary", "datazone:CreateGlossaryTerm", "datazone:CreateListingChangeSet", "datazone:CreateProject", "datazone:CreateProjectMembership", "datazone:CreateRule", "datazone:CreateSubscriptionGrant", "datazone:CreateSubscriptionRequest", "datazone:DeleteAsset", "datazone:DeleteAssetFilter", "datazone:DeleteAssetType", "datazone:DeleteDataProduct", "datazone:DeleteDataSource", "datazone:DeleteDomainUnit", "datazone:DeleteEnvironment", "datazone:DeleteEnvironmentBlueprint", "datazone:DeleteEnvironmentProfile", "datazone:DeleteFormType", "datazone:DeleteGlossary", "datazone:DeleteGlossaryTerm", "datazone:DeleteListing", "datazone:DeleteProject", "datazone:DeleteProjectMembership", "datazone:DeleteRule", "datazone:DeleteSubscriptionGrant", "datazone:DeleteSubscriptionRequest", "datazone:DeleteSubscriptionTarget", "datazone:DeleteTimeSeriesDataPoints", "datazone:GetAsset", "datazone:GetAssetFilter", "datazone:GetAssetType", "datazone:GetDataProduct", "datazone:GetDataSource", "datazone:GetDataSourceRun", "datazone:GetDomain", "datazone:GetDomainUnit", "datazone:GetEnvironment", "datazone:GetEnvironmentActionLink", "datazone:GetEnvironmentBlueprint", "datazone:GetEnvironmentCredentials", "datazone:GetEnvironmentProfile", "datazone:GetFormType", "datazone:GetGlossary", "datazone:GetGlossaryTerm", "datazone:GetGroupProfile", "datazone:GetIamPortalLoginUrl", "datazone:GetLineageNode", "datazone:GetListing", "datazone:GetMetadataGenerationRun", "datazone:GetProject", "datazone:GetRule", "datazone:GetSubscription", "datazone:GetSubscriptionEligibility", "datazone:GetSubscriptionGrant", "datazone:GetSubscriptionRequestDetails", "datazone:GetSubscriptionTarget", "datazone:GetTimeSeriesDataPoint", "datazone:GetUserProfile", "datazone:ListAccountEnvironments", "datazone:ListAssetFilters", "datazone:ListAssetRevisions", "datazone:ListDataProductRevisions", "datazone:ListDataSourceRunActivities", "datazone:ListDataSourceRuns", "datazone:ListDataSources", "datazone:ListDomainUnitsForParent", "datazone:ListEntityOwners", "datazone:ListEnvironmentBlueprintConfigurations", "datazone:ListEnvironmentBlueprints", "datazone:ListEnvironmentProfiles", "datazone:ListEnvironments", "datazone:ListGroupsForUser", "datazone:ListLineageNodeHistory", "datazone:ListMetadataGenerationRuns", "datazone:ListNotifications", "datazone:ListPolicyGrants", "datazone:ListProjectMemberships", "datazone:ListProjects", "datazone:ListRules", "datazone:ListSubscriptionGrants", "datazone:ListSubscriptionRequests", "datazone:ListSubscriptionTargets", "datazone:ListSubscriptions", "datazone:ListTimeSeriesDataPoints", "datazone:ListWarehouseMetadata", "datazone:PostTimeSeriesDataPoints", "datazone:RejectPredictions", "datazone:RejectSubscriptionRequest", "datazone:RemoveEntityOwner", "datazone:RemovePolicyGrant", "datazone:RevokeSubscription", "datazone:Search", "datazone:SearchGroupProfiles", "datazone:SearchListings", "datazone:SearchRules", "datazone:SearchTypes", "datazone:SearchUserProfiles", "datazone:StartDataSourceRun", "datazone:StartMetadataGenerationRun", "datazone:UpdateAssetFilter", "datazone:UpdateDataSource", "datazone:UpdateDomainUnit", "datazone:UpdateEnvironment", "datazone:UpdateEnvironmentBlueprint", "datazone:UpdateEnvironmentDeploymentStatus", "datazone:UpdateEnvironmentProfile", "datazone:UpdateGlossary", "datazone:UpdateGlossaryTerm", "datazone:UpdateProject", "datazone:UpdateRule", "datazone:UpdateSubscriptionGrantStatus", "datazone:UpdateSubscriptionRequest" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonDataZoneUserOperations" }, { "Action":"ram:GetResourceShareAssociations", "Effect":"Allow", "Resource":"*", "Sid":"RAMResourceShareOperations" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-19T21:38:59+00:00" }, "AmazonDataZoneGlueManageAccessRolePolicy":{ "CreateDate":"2023-09-22T20:21:53+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "glue:TagResource", "glue:UntagResource" ], "Condition":{ "ForAnyValue:StringLikeIfExists":{ "aws:TagKeys":"DataZoneDiscoverable_*" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"GlueTagDatabase" }, { "Action":[ "glue:ListDataQualityResults", "glue:GetDataQualityResult" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:dataQualityRuleset/*", "Sid":"GlueDataQuality" }, { "Action":"glue:ListCrawls", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:crawler/*", "Sid":"GlueCrawler" }, { "Action":[ "glue:CreateTable", "glue:DeleteTable", "glue:GetDatabases", "glue:GetTables", "glue:SearchTables", "glue:CreateCatalog", "glue:CreateDatabase", "glue:DeleteCatalog", "glue:DeleteDatabase" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:userDefinedFunction/*" ], "Sid":"GlueTableDatabaseCatalog" }, { "Action":[ "glue:GetTags", "glue:GetCatalog" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*" ], "Sid":"GlueGetTags" }, { "Action":[ "lakeformation:BatchGrantPermissions", "lakeformation:BatchRevokePermissions", "lakeformation:CreateDataCellsFilter", "lakeformation:CreateLakeFormationOptIn", "lakeformation:DeleteDataCellsFilter", "lakeformation:DeleteLakeFormationOptIn", "lakeformation:GrantPermissions", "lakeformation:GetDataCellsFilter", "lakeformation:GetResourceLFTags", "lakeformation:ListDataCellsFilter", "lakeformation:ListLakeFormationOptIns", "lakeformation:ListPermissions", "lakeformation:RegisterResource", "lakeformation:RevokePermissions", "lakeformation:UpdateDataCellsFilter", "glue:GetDatabase", "glue:GetTable", "organizations:DescribeOrganization", "ram:GetResourceShareInvitations", "ram:ListResources" ], "Effect":"Allow", "Resource":"*", "Sid":"LakeformationResourceSharing" }, { "Action":[ "lakeformation:GetDataAccess" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "glue.amazonaws.com", "lakeformation.amazonaws.com" ] }, "Null":{ "lakeformation:GlueARN":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"LakeformationResourceFederatedSharing" }, { "Action":[ "glue:DeleteResourcePolicy", "glue:PutResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "ram.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:table/*" ], "Sid":"CrossAccountRAMResourceSharing" }, { "Action":[ "ram:CreateResourceShare" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "lakeformation.amazonaws.com" ] }, "StringEqualsIfExists":{ "ram:RequestedResourceType":[ "glue:Table", "glue:Database", "glue:Catalog" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountLakeFormationResourceSharing" }, { "Action":[ "ram:AcceptResourceShareInvitation" ], "Effect":"Allow", "Resource":"arn:aws:ram:*:*:resource-share-invitation/*", "Sid":"CrossAccountRAMResourceShareInvitation" }, { "Action":[ "ram:AssociateResourceShare", "ram:DeleteResourceShare", "ram:DisassociateResourceShare", "ram:ListResourceSharePermissions", "ram:UpdateResourceShare" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "lakeformation.amazonaws.com" ] }, "StringLike":{ "ram:ResourceShareName":[ "LakeFormation*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountRAMResourceSharingViaLakeFormation" }, { "Action":"ram:GetResourceShares", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "lakeformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"GetResourceSharesViaLakeFormation" }, { "Action":"ram:AssociateResourceSharePermission", "Condition":{ "ArnLike":{ "ram:PermissionArn":"arn:aws:ram::aws:permission/AWSRAMLFEnabled*" }, "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "lakeformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountRAMResourceSharingViaLakeFormationHybrid" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/datazone:projectId":"proj-all" } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSDecrypt" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonDataZone*", "arn:aws:iam::*:role/AmazonSageMakerManageAccess*", "arn:aws:iam::*:role/service-role/AmazonSageMakerManageAccess*" ], "Sid":"GetRoleForDataZone" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lakeformation.amazonaws.com", "glue.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonDataZone*", "arn:aws:iam::*:role/AmazonSageMakerManageAccess*", "arn:aws:iam::*:role/service-role/AmazonSageMakerManageAccess*" ], "Sid":"PassRoleForDataLocationRegistration" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*", "Sid":"CreateCatalogEC2" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:PutBucketPolicy", "s3:PutEncryptionConfiguration", "s3:PutLifecycleConfiguration", "s3:PutBucketVersioning", "s3:PutBucketTagging" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::redshift-staging-bucket*", "Sid":"CreateCatalogS3" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-07T00:22:06+00:00" }, "AmazonDataZoneRedshiftGlueProvisioningPolicy":{ "CreateDate":"2023-09-22T20:19:54+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "iam:CreateRole", "iam:DetachRolePolicy", "iam:DeleteRolePolicy", "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ], "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/AmazonDataZoneEnvironmentRolePermissionsBoundary" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/datazone*", "Sid":"AmazonDataZonePermissionsToCreateEnvironmentRole" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ], "iam:PassedToService":[ "glue.amazonaws.com", "lakeformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*" ], "Sid":"IamPassRolePermissions" }, { "Action":[ "iam:DeleteRole", "iam:GetRole" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/datazone*", "Sid":"AmazonDataZonePermissionsToManageCreatedEnvironmentRole" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:TagResource" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":"AmazonDataZoneEnvironment" }, "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/DataZone*" ], "Sid":"AmazonDataZoneCFStackCreationForEnvironments" }, { "Action":[ "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/DataZone*" ], "Sid":"AmazonDataZoneCFStackManagementForEnvironments" }, { "Action":[ "lakeformation:GetDataLakeSettings", "lakeformation:PutDataLakeSettings", "lakeformation:RevokePermissions", "lakeformation:ListPermissions", "glue:CreateDatabase", "glue:GetDatabase", "athena:GetWorkGroup", "logs:DescribeLogGroups", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift:DescribeClusters", "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonDataZoneEnvironmentParameterValidation" }, { "Action":[ "lakeformation:RegisterResource", "lakeformation:DeregisterResource", "lakeformation:GrantPermissions", "lakeformation:ListResources" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonDataZoneEnvironmentLakeFormationPermissions" }, { "Action":[ "glue:DeleteDatabase" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonDataZoneEnvironmentGlueDeletePermissions" }, { "Action":[ "athena:DeleteWorkGroup" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonDataZoneEnvironmentAthenaDeletePermissions" }, { "Action":[ "athena:CreateWorkGroup", "athena:TagResource", "iam:TagRole", "iam:TagPolicy", "logs:TagLogGroup" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":"AmazonDataZoneEnvironment" }, "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" }, "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonDataZoneEnvironmentAthenaResourceCreation" }, { "Action":[ "logs:CreateLogGroup", "logs:DeleteLogGroup" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":"AmazonDataZoneEnvironment" }, "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" }, "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:datazone-*", "Sid":"AmazonDataZoneEnvironmentLogGroupCreation" }, { "Action":[ "logs:PutRetentionPolicy" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:datazone-*", "Sid":"AmazonDataZoneEnvironmentLogGroupManagement" }, { "Action":[ "iam:DeletePolicy", "iam:CreatePolicy", "iam:GetPolicy", "iam:ListPolicyVersions", "iam:DeletePolicyVersion" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:policy/datazone*" ], "Sid":"AmazonDataZoneEnvironmentIAMPolicyManagement" }, { "Action":[ "s3:ListAllMyBuckets", "s3:ListBucket" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"AmazonDataZoneEnvironmentS3ValidationPermissions" }, { "Action":[ "kms:GenerateDataKey", "kms:Decrypt" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonDataZoneEnvironmentKMSDecryptPermissions" }, { "Action":[ "glue:TagResource" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":"AmazonDataZoneEnvironment" }, "Null":{ "aws:RequestTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"PermissionsToTagAmazonDataZoneEnvironmentGlueResources" }, { "Action":"s3:GetObject", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"PermissionsToGetAmazonDataZoneEnvironmentBlueprintTemplates" }, { "Action":[ "redshift-data:ListSchemas", "redshift-data:ExecuteStatement" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:workgroup/*", "arn:aws:redshift:*:*:cluster:*" ], "Sid":"RedshiftDataPermissions" }, { "Action":[ "redshift-data:DescribeStatement" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeStatementPermissions" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringLike":{ "secretsmanager:ResourceTag/AmazonDataZoneDomain":"dzd*" } }, "Effect":"Allow", "Resource":"*", "Sid":"GetSecretValuePermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-23T18:29:09+00:00" }, "AmazonDataZoneRedshiftManageAccessRolePolicy":{ "CreateDate":"2023-09-22T20:15:14+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "redshift-data:BatchExecuteStatement", "redshift-data:DescribeTable", "redshift-data:ExecuteStatement", "redshift-data:ListTables", "redshift-data:ListSchemas", "redshift-data:ListDatabases" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:workgroup/*", "arn:aws:redshift:*:*:cluster:*" ], "Sid":"redshiftDataScopeDownPermissions" }, { "Action":"secretsmanager:ListSecrets", "Effect":"Allow", "Resource":"*", "Sid":"listSecretsPermission" }, { "Action":"redshift-serverless:GetWorkgroup", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Sid":"getWorkgroupPermission" }, { "Action":[ "redshift-serverless:CreateWorkgroup", "redshift-serverless:DeleteWorkgroup" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "glue.amazonaws.com", "lakeformation.amazonaws.com" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Sid":"createAndDeleteWorkgroupPermissions" }, { "Action":"redshift-serverless:GetNamespace", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*" ], "Sid":"getNamespacePermission" }, { "Action":[ "redshift-serverless:CreateNamespace", "redshift-serverless:DeleteNamespace" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "glue.amazonaws.com", "lakeformation.amazonaws.com" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*" ], "Sid":"createAndDeleteNamespacePermissions" }, { "Action":[ "redshift-data:DescribeStatement", "redshift-data:GetStatementResult", "redshift:DescribeClusters" ], "Effect":"Allow", "Resource":"*", "Sid":"redshiftDataPermissions" }, { "Action":[ "redshift:AuthorizeDataShare", "redshift:DescribeDataShares" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:datashare:*/datazone*" ], "Sid":"dataSharesPermissions" }, { "Action":"redshift:AssociateDataShareConsumer", "Effect":"Allow", "Resource":"arn:aws:redshift:*:*:datashare:*/datazone*", "Sid":"associateDataShareConsumerPermission" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-07T00:07:06+00:00" }, "AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary":{ "CreateDate":"2024-04-23T23:01:14+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "sagemaker:*", "sagemaker-geospatial:*" ], "Effect":"Allow", "NotResource":[ "arn:aws:sagemaker:*:*:domain/*", "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:app/*", "arn:aws:sagemaker:*:*:space/*", "arn:aws:sagemaker:*:*:flow-definition/*" ], "Sid":"AllowAllNonAdminSageMakerActions" }, { "Action":[ "sagemaker:CreateUserProfile", "sagemaker:DescribeUserProfile", "sagemaker:UpdateUserProfile", "sagemaker:CreatePresignedDomainUrl" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:*/*", "Sid":"AllowSageMakerProfileManagement" }, { "Action":[ "lakeformation:GetDataAccess" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowLakeFormation" }, { "Action":[ "sagemaker:AddTags" ], "Condition":{ "StringEquals":{ "sagemaker:TaggingAction":[ "CreateApp", "CreateSpace", "CreateUserProfile" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:app/*", "arn:aws:sagemaker:*:*:space/*", "arn:aws:sagemaker:*:*:user-profile/*" ], "Sid":"AllowAddTagsForDomainResources" }, { "Action":[ "sagemaker:CreatePresignedDomainUrl", "sagemaker:DescribeApp", "sagemaker:DescribeDomain", "sagemaker:DescribeSpace", "sagemaker:DescribeUserProfile", "sagemaker:ListApps", "sagemaker:ListDomains", "sagemaker:ListSpaces", "sagemaker:ListUserProfiles" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowStudioActions" }, { "Action":[ "sagemaker:CreateApp", "sagemaker:DeleteApp" ], "Condition":{ "Null":{ "sagemaker:OwnerUserProfileArn":"true" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:app/*/*/*/*", "Sid":"AllowAppActionsForUserProfile" }, { "Action":[ "sagemaker:CreateApp", "sagemaker:DeleteApp" ], "Condition":{ "StringEquals":{ "sagemaker:SpaceSharingType":[ "Shared" ] } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*", "Sid":"AllowAppActionsForSharedSpaces" }, { "Action":[ "sagemaker:CreateSpace", "sagemaker:DeleteSpace", "sagemaker:UpdateSpace" ], "Condition":{ "Null":{ "sagemaker:OwnerUserProfileArn":"true" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*", "Sid":"AllowMutatingActionsOnSharedSpacesWithoutOwner" }, { "Action":[ "sagemaker:CreateSpace", "sagemaker:DeleteSpace", "sagemaker:UpdateSpace" ], "Condition":{ "ArnLike":{ "sagemaker:OwnerUserProfileArn":"arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}" }, "StringEquals":{ "sagemaker:SpaceSharingType":[ "Private", "Shared" ] } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*", "Sid":"RestrictMutatingActionsOnSpacesToOwnerUserProfile" }, { "Action":[ "sagemaker:CreateApp", "sagemaker:DeleteApp" ], "Condition":{ "ArnLike":{ "sagemaker:OwnerUserProfileArn":"arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}" }, "StringEquals":{ "sagemaker:SpaceSharingType":[ "Private" ] } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*", "Sid":"RestrictMutatingActionsOnPrivateSpaceAppsToOwnerUserProfile" }, { "Action":"sagemaker:*", "Condition":{ "StringEqualsIfExists":{ "sagemaker:WorkteamType":[ "private-crowd", "vendor-crowd" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:flow-definition/*" ], "Sid":"AllowFlowDefinitionActions" }, { "Action":[ "sqlworkbench:*", "datazone:*", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScalingPolicy", "application-autoscaling:PutScheduledAction", "application-autoscaling:RegisterScalableTarget", "aws-marketplace:ViewSubscriptions", "cloudformation:GetTemplateSummary", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "cloudwatch:PutMetricData", "codecommit:BatchGetRepositories", "codecommit:CreateRepository", "codecommit:GetRepository", "codecommit:List*", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcs", "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:Describe*", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer", "ecr:StartImageScan", "elastic-inference:Connect", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "fsx:DescribeFileSystems", "groundtruthlabeling:*", "iam:GetRole", "iam:ListRoles", "kms:DescribeKey", "kms:ListAliases", "lambda:ListFunctions", "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:UpdateLogDelivery", "redshift-data:BatchExecuteStatement", "redshift-data:CancelStatement", "redshift-data:DescribeStatement", "redshift-data:DescribeTable", "redshift-data:ExecuteStatement", "redshift-data:GetStatementResult", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-serverless:GetCredentials", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups", "secretsmanager:ListSecrets", "servicecatalog:Describe*", "servicecatalog:List*", "servicecatalog:ScanProvisionedProducts", "servicecatalog:SearchProducts", "servicecatalog:SearchProvisionedProducts", "sns:ListTopics", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAWSServiceActions" }, { "Action":"ram:AcceptResourceShareInvitation", "Condition":{ "StringLike":{ "ram:ResourceShareName":"dzd_*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowRAMInvitation" }, { "Action":[ "ecr:SetRepositoryPolicy", "ecr:CompleteLayerUpload", "ecr:CreateRepository", "ecr:BatchDeleteImage", "ecr:UploadLayerPart", "ecr:DeleteRepositoryPolicy", "ecr:InitiateLayerUpload", "ecr:DeleteRepository", "ecr:PutImage", "ecr:TagResource", "ecr:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:ecr:*:*:repository/sagemaker*", "arn:aws:ecr:*:*:repository/datazone*" ], "Sid":"AllowECRActions" }, { "Action":[ "codecommit:GitPull", "codecommit:GitPush" ], "Effect":"Allow", "Resource":[ "arn:aws:codecommit:*:*:*sagemaker*", "arn:aws:codecommit:*:*:*SageMaker*", "arn:aws:codecommit:*:*:*Sagemaker*" ], "Sid":"AllowCodeCommitActions" }, { "Action":[ "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Effect":"Allow", "Resource":[ "arn:aws:codebuild:*:*:project/sagemaker*", "arn:aws:codebuild:*:*:build/*" ], "Sid":"AllowCodeBuildActions" }, { "Action":[ "states:DescribeExecution", "states:GetExecutionHistory", "states:StartExecution", "states:StopExecution", "states:UpdateStateMachine" ], "Effect":"Allow", "Resource":[ "arn:aws:states:*:*:statemachine:*sagemaker*", "arn:aws:states:*:*:execution:*sagemaker*:*" ], "Sid":"AllowStepFunctionsActions" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:CreateSecret", "secretsmanager:PutResourcePolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" ], "Sid":"AllowSecretManagerActions" }, { "Action":[ "servicecatalog:ProvisionProduct" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowServiceCatalogProvisionProduct" }, { "Action":[ "servicecatalog:TerminateProvisionedProduct", "servicecatalog:UpdateProvisionedProduct" ], "Condition":{ "StringEquals":{ "servicecatalog:userLevel":"self" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowServiceCatalogTerminateUpdateProvisionProduct" }, { "Action":[ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObject", "s3:PutObject", "s3:PutObjectRetention", "s3:ReplicateObject", "s3:RestoreObject", "s3:GetBucketAcl", "s3:PutObjectAcl" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::SageMaker-DataZone*", "arn:aws:s3:::DataZone-SageMaker*", "arn:aws:s3:::Sagemaker-DataZone*", "arn:aws:s3:::DataZone-Sagemaker*", "arn:aws:s3:::sagemaker-datazone*", "arn:aws:s3:::datazone-sagemaker*", "arn:aws:s3:::amazon-datazone*" ], "Sid":"AllowS3ObjectActions" }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*" ], "Sid":"AllowS3GetObjectWithSageMakerExistingObjectTag" }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEquals":{ "s3:ExistingObjectTag/servicecatalog:provisioning":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*" ], "Sid":"AllowS3GetObjectWithServiceCatalogProvisioningExistingObjectTag" }, { "Action":[ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketCors", "s3:PutBucketCors" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::SageMaker-DataZone*", "arn:aws:s3:::DataZone-SageMaker*", "arn:aws:s3:::Sagemaker-DataZone*", "arn:aws:s3:::DataZone-Sagemaker*", "arn:aws:s3:::sagemaker-datazone*", "arn:aws:s3:::datazone-sagemaker*", "arn:aws:s3:::amazon-datazone*" ], "Sid":"AllowS3BucketActions" }, { "Action":"s3:GetObject", "Effect":"Allow", "Resource":[ "arn:aws:s3:::jumpstart-cache-prod-us-west-2/*", "arn:aws:s3:::jumpstart-cache-prod-us-east-1/*", "arn:aws:s3:::jumpstart-cache-prod-us-east-2/*", "arn:aws:s3:::jumpstart-cache-prod-eu-west-1/*", "arn:aws:s3:::jumpstart-cache-prod-eu-central-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-south-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-2/*", "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-2/*" ], "Sid":"ReadSageMakerJumpstartArtifacts" }, { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:*SageMaker*", "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*Sagemaker*", "arn:aws:lambda:*:*:function:*LabelingFunction*" ], "Sid":"AllowLambdaInvokeFunction" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"sagemaker.application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", "Sid":"AllowCreateServiceLinkedRoleForSageMakerApplicationAutoscaling" }, { "Action":[ "sns:Subscribe", "sns:CreateTopic", "sns:Publish" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sagemaker*" ], "Sid":"AllowSNSActions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "glue.amazonaws.com", "bedrock.amazonaws.com", "states.amazonaws.com", "lakeformation.amazonaws.com", "events.amazonaws.com", "sagemaker.amazonaws.com", "forecast.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/sm-provisioning/datazone_usr_sagemaker_execution_role_*" ], "Sid":"AllowPassRoleForSageMakerRoles" }, { "Action":[ "kms:DescribeKey", "kms:Decrypt", "kms:ListKeys" ], "Condition":{ "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountKmsOperations" }, { "Action":[ "kms:DescribeKey", "kms:Decrypt", "kms:ListKeys", "kms:Encrypt", "kms:GenerateDataKey", "kms:RetireGrant" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"KmsOperationsWithResourceTag" }, { "Action":[ "athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:CreateNamedQuery", "athena:CreateNotebook", "athena:CreatePreparedStatement", "athena:CreatePresignedNotebookUrl", "athena:DeleteNamedQuery", "athena:DeleteNotebook", "athena:DeletePreparedStatement", "athena:ExportNotebook", "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetNamedQuery", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetQueryRuntimeStatistics", "athena:GetTableMetadata", "athena:GetWorkGroup", "athena:ImportNotebook", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListEngineVersions", "athena:ListNamedQueries", "athena:ListPreparedStatements", "athena:ListQueryExecutions", "athena:ListTableMetadata", "athena:ListTagsForResource", "athena:ListWorkGroups", "athena:StartCalculationExecution", "athena:StartQueryExecution", "athena:StartSession", "athena:StopCalculationExecution", "athena:StopQueryExecution", "athena:TerminateSession", "athena:UpdateNamedQuery", "athena:UpdateNotebook", "athena:UpdateNotebookMetadata", "athena:UpdatePreparedStatement" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowAthenaActions" }, { "Action":[ "glue:CreateDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/default" ], "Sid":"AllowGlueCreateDatabase" }, { "Action":[ "redshift:GetClusterCredentials" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", "arn:aws:redshift:*:*:dbname:*" ], "Sid":"AllowRedshiftGetClusterCredentials" }, { "Action":[ "sagemaker:ListTags" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:domain/*" ], "Sid":"AllowListTags" }, { "Action":[ "cloudformation:ListStackResources" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/SC-*", "Sid":"AllowCloudformationListStackResources" }, { "Action":[ "glue:GetColumnStatisticsForPartition", "glue:GetColumnStatisticsForTable", "glue:ListJobs", "glue:CreateSession", "glue:RunStatement", "glue:BatchCreatePartition", "glue:CreatePartitionIndex", "glue:CreateTable", "glue:BatchGetWorkflows", "glue:BatchUpdatePartition", "glue:BatchDeletePartition", "glue:GetPartition", "glue:GetPartitions", "glue:UpdateTable", "glue:DeleteTableVersion", "glue:DeleteTable", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeletePartitionIndex", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:BatchDeleteTableVersion", "glue:BatchDeleteTable", "glue:CreatePartition", "glue:DeletePartition", "glue:UpdatePartition", "glue:CreateBlueprint", "glue:CreateJob", "glue:CreateConnection", "glue:CreateCrawler", "glue:CreateDataQualityRuleset", "glue:CreateWorkflow", "glue:GetDatabases", "glue:GetTables", "glue:GetTable", "glue:SearchTables", "glue:NotifyEvent", "glue:ListSchemas", "glue:BatchGetJobs", "glue:GetConnection", "glue:GetDatabase" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowGlueActions" }, { "Action":[ "glue:SearchTables", "glue:NotifyEvent", "glue:StartBlueprintRun", "glue:PutWorkflowRunProperties", "glue:StopCrawler", "glue:DeleteJob", "glue:DeleteWorkflow", "glue:UpdateCrawler", "glue:DeleteBlueprint", "glue:UpdateWorkflow", "glue:StartCrawler", "glue:ResetJobBookmark", "glue:UpdateJob", "glue:StartWorkflowRun", "glue:StopCrawlerSchedule", "glue:ResumeWorkflowRun", "glue:ListSchemas", "glue:DeleteCrawler", "glue:UpdateBlueprint", "glue:BatchStopJobRun", "glue:StopWorkflowRun", "glue:BatchGetJobs", "glue:BatchGetWorkflows", "glue:UpdateCrawlerSchedule", "glue:DeleteConnection", "glue:UpdateConnection", "glue:GetConnection", "glue:GetDatabase", "glue:GetTable", "glue:GetPartition", "glue:GetPartitions", "glue:BatchDeleteConnection", "glue:StartCrawlerSchedule", "glue:StartJobRun", "glue:CreateWorkflow", "glue:*DataQuality*" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowGlueActionsWithEnvironmentTag" }, { "Action":[ "glue:BatchGet*", "glue:Get*", "glue:SearchTables", "glue:List*", "glue:RunStatement" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/default", "arn:aws:glue:*:*:connection/dz-sm-*", "arn:aws:glue:*:*:session/*" ], "Sid":"AllowGlueDefaultAccess" }, { "Action":[ "redshift:GetClusterCredentialsWithIAM", "redshift:DescribeClusters" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:cluster:*", "arn:aws:redshift:*:*:dbname:*" ], "Sid":"AllowRedshiftClusterActions" }, { "Action":[ "redshift:CreateClusterUser" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:dbuser:*" ], "Sid":"AllowCreateClusterUser" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneDomain", "AmazonDataZoneProject" ] }, "Null":{ "aws:RequestTag/AmazonDataZoneDomain":"false", "aws:RequestTag/AmazonDataZoneProject":"false", "aws:ResourceTag/AmazonDataZoneDomain":"false", "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringLike":{ "aws:RequestTag/AmazonDataZoneDomain":"dzd_*", "aws:ResourceTag/AmazonDataZoneDomain":"dzd_*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Sid":"AllowCreateSecretActions" }, { "Action":[ "forecast:CreateExplainabilityExport", "forecast:CreateExplainability", "forecast:CreateForecastEndpoint", "forecast:CreateAutoPredictor", "forecast:CreateDatasetImportJob", "forecast:CreateDatasetGroup", "forecast:CreateDataset", "forecast:CreateForecast", "forecast:CreateForecastExportJob", "forecast:CreatePredictorBacktestExportJob", "forecast:CreatePredictor", "forecast:DescribeExplainabilityExport", "forecast:DescribeExplainability", "forecast:DescribeAutoPredictor", "forecast:DescribeForecastEndpoint", "forecast:DescribeDatasetImportJob", "forecast:DescribeDataset", "forecast:DescribeForecast", "forecast:DescribeForecastExportJob", "forecast:DescribePredictorBacktestExportJob", "forecast:GetAccuracyMetrics", "forecast:InvokeForecastEndpoint", "forecast:GetRecentForecastContext", "forecast:DescribePredictor", "forecast:TagResource", "forecast:DeleteResourceTree" ], "Effect":"Allow", "Resource":[ "arn:aws:forecast:*:*:*Canvas*" ], "Sid":"ForecastOperations" }, { "Action":"rds:DescribeDBInstances", "Effect":"Allow", "Resource":"*", "Sid":"RDSOperation" }, { "Action":[ "events:PutRule" ], "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-data-prep-job":"true" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*", "Sid":"AllowEventBridgeRule" }, { "Action":[ "events:DescribeRule", "events:PutTargets" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/sagemaker:is-canvas-data-prep-job":"true" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*", "Sid":"EventBridgeOperations" }, { "Action":[ "events:TagResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-data-prep-job":"true", "aws:ResourceTag/sagemaker:is-canvas-data-prep-job":"true" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*", "Sid":"EventBridgeTagBasedOperations" }, { "Action":"events:ListTagsForResource", "Effect":"Allow", "Resource":"*", "Sid":"EventBridgeListTagOperation" }, { "Action":[ "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListClusters" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowEMR" }, { "Action":[ "sso:CreateApplicationAssignment", "sso:AssociateProfile" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSSOAction" }, { "Effect":"Deny", "NotAction":[ "sagemaker:*", "sagemaker-geospatial:*", "sqlworkbench:*", "datazone:*", "forecast:*", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScalingPolicy", "application-autoscaling:PutScheduledAction", "application-autoscaling:RegisterScalableTarget", "athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:CreateNamedQuery", "athena:CreateNotebook", "athena:CreatePreparedStatement", "athena:CreatePresignedNotebookUrl", "athena:DeleteNamedQuery", "athena:DeleteNotebook", "athena:DeletePreparedStatement", "athena:ExportNotebook", "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetNamedQuery", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetQueryRuntimeStatistics", "athena:GetTableMetadata", "athena:GetWorkGroup", "athena:ImportNotebook", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListEngineVersions", "athena:ListNamedQueries", "athena:ListPreparedStatements", "athena:ListQueryExecutions", "athena:ListTableMetadata", "athena:ListTagsForResource", "athena:ListWorkGroups", "athena:StartCalculationExecution", "athena:StartQueryExecution", "athena:StartSession", "athena:StopCalculationExecution", "athena:StopQueryExecution", "athena:TerminateSession", "athena:UpdateNamedQuery", "athena:UpdateNotebook", "athena:UpdateNotebookMetadata", "athena:UpdatePreparedStatement", "aws-marketplace:ViewSubscriptions", "cloudformation:GetTemplateSummary", "cloudformation:ListStackResources", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "cloudwatch:PutMetricData", "codebuild:BatchGetBuilds", "codebuild:StartBuild", "codecommit:BatchGetRepositories", "codecommit:CreateRepository", "codecommit:GetRepository", "codecommit:List*", "codecommit:GitPull", "codecommit:GitPush", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcs", "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:CreateRepository", "ecr:Describe*", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer", "ecr:SetRepositoryPolicy", "ecr:CompleteLayerUpload", "ecr:BatchDeleteImage", "ecr:UploadLayerPart", "ecr:DeleteRepositoryPolicy", "ecr:InitiateLayerUpload", "ecr:DeleteRepository", "ecr:PutImage", "ecr:StartImageScan", "ecr:TagResource", "ecr:UntagResource", "elastic-inference:Connect", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListClusters", "events:PutRule", "events:DescribeRule", "events:PutTargets", "events:TagResource", "events:ListTagsForResource", "fsx:DescribeFileSystems", "glue:SearchTables", "glue:NotifyEvent", "glue:StartBlueprintRun", "glue:PutWorkflowRunProperties", "glue:StopCrawler", "glue:DeleteJob", "glue:DeleteWorkflow", "glue:UpdateCrawler", "glue:DeleteBlueprint", "glue:UpdateWorkflow", "glue:StartCrawler", "glue:ResetJobBookmark", "glue:UpdateJob", "glue:StartWorkflowRun", "glue:StopCrawlerSchedule", "glue:ResumeWorkflowRun", "glue:DeleteCrawler", "glue:UpdateBlueprint", "glue:BatchStopJobRun", "glue:StopWorkflowRun", "glue:BatchGet*", "glue:UpdateCrawlerSchedule", "glue:DeleteConnection", "glue:UpdateConnection", "glue:Get*", "glue:BatchDeleteConnection", "glue:StartCrawlerSchedule", "glue:StartJobRun", "glue:CreateWorkflow", "glue:*DataQuality*", "glue:List*", "glue:CreateSession", "glue:RunStatement", "glue:BatchCreatePartition", "glue:CreateDatabase", "glue:CreatePartitionIndex", "glue:CreateTable", "glue:BatchUpdatePartition", "glue:BatchDeletePartition", "glue:UpdateTable", "glue:DeleteTableVersion", "glue:DeleteTable", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeletePartitionIndex", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:BatchDeleteTableVersion", "glue:BatchDeleteTable", "glue:CreatePartition", "glue:DeletePartition", "glue:UpdatePartition", "glue:CreateBlueprint", "glue:CreateJob", "glue:CreateConnection", "glue:CreateCrawler", "groundtruthlabeling:*", "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:ListRoles", "iam:PassRole", "kms:DescribeKey", "kms:ListAliases", "kms:Decrypt", "kms:ListKeys", "kms:Encrypt", "kms:GenerateDataKey", "kms:RetireGrant", "lakeformation:GetDataAccess", "lambda:ListFunctions", "lambda:InvokeFunction", "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:Describe*", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:UpdateLogDelivery", "ram:AcceptResourceShareInvitation", "rds:DescribeDBInstances", "redshift:CreateClusterUser", "redshift:GetClusterCredentials", "redshift:GetClusterCredentialsWithIAM", "redshift:DescribeClusters", "redshift-data:BatchExecuteStatement", "redshift-data:CancelStatement", "redshift-data:DescribeStatement", "redshift-data:DescribeTable", "redshift-data:ExecuteStatement", "redshift-data:GetStatementResult", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:GetCredentials", "s3:GetBucketAcl", "s3:PutObjectAcl", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:AbortMultipartUpload", "s3:CreateBucket", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketCors", "s3:PutBucketCors", "s3:DeleteObjectVersion", "s3:PutObjectRetention", "s3:ReplicateObject", "s3:RestoreObject", "secretsmanager:ListSecrets", "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:CreateSecret", "secretsmanager:PutResourcePolicy", "secretsmanager:TagResource", "servicecatalog:Describe*", "servicecatalog:List*", "servicecatalog:ScanProvisionedProducts", "servicecatalog:SearchProducts", "servicecatalog:SearchProvisionedProducts", "servicecatalog:ProvisionProduct", "servicecatalog:TerminateProvisionedProduct", "servicecatalog:UpdateProvisionedProduct", "sns:ListTopics", "sns:Subscribe", "sns:CreateTopic", "sns:Publish", "states:DescribeExecution", "states:GetExecutionHistory", "states:StartExecution", "states:StopExecution", "states:UpdateStateMachine", "tag:GetResources", "sso:CreateApplicationAssignment", "sso:AssociateProfile" ], "Resource":"*", "Sid":"DenyNotAction" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-21T23:06:06+00:00" }, "AmazonDataZoneSageMakerManageAccessRolePolicy":{ "CreateDate":"2024-04-23T23:34:52+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "sagemaker:DescribeFeatureGroup", "sagemaker:ListModelPackages", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeAlgorithm", "sagemaker:ListTags", "sagemaker:DescribeDomain", "sagemaker:GetModelPackageGroupPolicy", "sagemaker:Search" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerReadPermission" }, { "Action":[ "sagemaker:AddTags", "sagemaker:DeleteTags" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "sagemaker:shared-with:*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerTaggingPermission" }, { "Action":[ "sagemaker:PutModelPackageGroupPolicy", "sagemaker:DeleteModelPackageGroupPolicy" ], "Effect":"Allow", "Resource":[ "arn:*:sagemaker:*:*:model-package-group/*" ], "Sid":"AmazonSageMakerModelPackageGroupPolicyPermission" }, { "Action":[ "ram:GetResourceShares", "ram:GetResourceShareInvitations", "ram:GetResourceShareAssociations" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerRAMPermission" }, { "Action":[ "sagemaker:PutResourcePolicy", "sagemaker:GetResourcePolicy", "sagemaker:DeleteResourcePolicy" ], "Effect":"Allow", "Resource":[ "arn:*:sagemaker:*:*:feature-group/*" ], "Sid":"AmazonSageMakerRAMResourcePolicyPermission" }, { "Action":[ "ram:TagResource" ], "Condition":{ "Null":{ "aws:RequestTag/AwsDataZoneDomainId":"false" } }, "Effect":"Allow", "Resource":"arn:*:ram:*:*:resource-share/*", "Sid":"AmazonSageMakerRAMTagResourceSharePermission" }, { "Action":[ "ram:DeleteResourceShare" ], "Condition":{ "Null":{ "aws:ResourceTag/AwsDataZoneDomainId":"false" } }, "Effect":"Allow", "Resource":"arn:*:ram:*:*:resource-share/*", "Sid":"AmazonSageMakerRAMDeleteResourceSharePermission" }, { "Action":[ "ram:CreateResourceShare" ], "Condition":{ "Null":{ "aws:RequestTag/AwsDataZoneDomainId":"false" }, "StringLikeIfExists":{ "ram:RequestedResourceType":[ "sagemaker:*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerRAMCreateResourceSharePermission" }, { "Action":[ "s3:DeleteBucketPolicy", "s3:PutBucketPolicy", "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-datazone*", "arn:aws:s3:::SageMaker-DataZone*", "arn:aws:s3:::datazone-sagemaker*", "arn:aws:s3:::DataZone-SageMaker*", "arn:aws:s3:::amazon-datazone*", "arn:aws:s3:::amazon-sagemaker*" ], "Sid":"AmazonSageMakerS3BucketPolicyPermission" }, { "Action":[ "s3:GetObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-datazone*", "arn:aws:s3:::SageMaker-DataZone*", "arn:aws:s3:::datazone-sagemaker*", "arn:aws:s3:::DataZone-SageMaker*", "arn:aws:s3:::amazon-datazone*", "arn:aws:s3:::amazon-sagemaker*" ], "Sid":"AmazonSageMakerS3Permission" }, { "Action":[ "ecr:GetRepositoryPolicy", "ecr:SetRepositoryPolicy", "ecr:DeleteRepositoryPolicy" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerECRPermission" }, { "Action":[ "kms:DescribeKey" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneEnvironment" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerKMSReadPermission" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "ForAllValues:StringEquals":{ "kms:GrantOperations":[ "Decrypt" ] }, "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneEnvironment" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerKMSGrantPermission" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-21T20:21:06+00:00" }, "AmazonDataZoneSageMakerProvisioningRolePolicy":{ "CreateDate":"2024-04-23T23:32:28+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "sagemaker:CreateDomain" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneEnvironment" ] }, "Null":{ "aws:RequestTag/AmazonDataZoneEnvironment":"false", "aws:ResourceTag/AmazonDataZoneEnvironment":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"CreateSageMakerStudio" }, { "Action":[ "sagemaker:DeleteDomain" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "AmazonDataZoneEnvironment" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeleteSageMakerStudio" }, { "Action":[ "sagemaker:DescribeDomain" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonDataZoneEnvironmentSageMakerDescribePermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ], "iam:PassedToService":[ "glue.amazonaws.com", "lakeformation.amazonaws.com", "sagemaker.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/sm-provisioning/datazone_usr*" ], "Sid":"IamPassRolePermissions" }, { "Action":[ "iam:CreateRole", "iam:DetachRolePolicy", "iam:DeleteRolePolicy", "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ], "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/AmazonDataZoneSageMakerEnvironmentRolePermissionsBoundary" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/sm-provisioning/datazone_usr*" ], "Sid":"AmazonDataZonePermissionsToCreateEnvironmentRole" }, { "Action":[ "iam:GetRole", "iam:GetRolePolicy", "iam:DeleteRole" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/sm-provisioning/datazone_usr*" ], "Sid":"AmazonDataZonePermissionsToManageEnvironmentRole" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/sagemaker.amazonaws.com/AWSServiceRoleForAmazonSageMakerNotebooks" ], "Sid":"AmazonDataZonePermissionsToCreateSageMakerServiceRole" }, { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "sagemaker:ListDomains" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonDataZoneEnvironmentParameterValidation" }, { "Action":[ "kms:DescribeKey" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneEnvironment":"false" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"AmazonDataZoneEnvironmentKMSKeyValidation" }, { "Action":[ "glue:CreateConnection", "glue:DeleteConnection", "glue:GetConnection" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:connection/dz-sm-athena-glue-connection-*", "arn:aws:glue:*:*:connection/dz-sm-redshift-cluster-connection-*", "arn:aws:glue:*:*:connection/dz-sm-redshift-serverless-connection-*", "arn:aws:glue:*:*:catalog" ], "Sid":"AmazonDataZoneEnvironmentGluePermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-09T20:52:06+00:00" }, "AmazonDetectiveFullAccess":{ "CreateDate":"2020-04-30T17:57:15+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "detective:*", "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "guardduty:ArchiveFindings" ], "Effect":"Allow", "Resource":"arn:aws:guardduty:*:*:detector/*" }, { "Action":[ "guardduty:GetFindings", "guardduty:ListDetectors" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "securityHub:GetFindings" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-05-17T19:39:57+00:00" }, "AmazonDetectiveInvestigatorAccess":{ "CreateDate":"2023-01-17T15:24:26+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "detective:BatchGetGraphMemberDatasources", "detective:BatchGetMembershipDatasources", "detective:DescribeOrganizationConfiguration", "detective:GetFreeTrialEligibility", "detective:GetGraphIngestState", "detective:GetMembers", "detective:GetPricingInformation", "detective:GetUsageInformation", "detective:ListDatasourcePackages", "detective:ListGraphs", "detective:ListHighDegreeEntities", "detective:ListInvitations", "detective:ListMembers", "detective:ListOrganizationAdminAccount", "detective:ListTagsForResource", "detective:SearchGraph", "detective:StartInvestigation", "detective:GetInvestigation", "detective:ListInvestigations", "detective:UpdateInvestigationState", "detective:ListIndicators", "detective:InvokeAssistant" ], "Effect":"Allow", "Resource":"*", "Sid":"DetectivePermissions" }, { "Action":[ "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":"*", "Sid":"OrganizationsPermissions" }, { "Action":[ "guardduty:ArchiveFindings", "guardduty:GetFindings", "guardduty:ListDetectors" ], "Effect":"Allow", "Resource":"*", "Sid":"GuardDutyPermissions" }, { "Action":[ "securityHub:GetFindings" ], "Effect":"Allow", "Resource":"*", "Sid":"SecurityHubPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T03:13:25+00:00" }, "AmazonDetectiveMemberAccess":{ "CreateDate":"2023-01-17T15:16:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "detective:AcceptInvitation", "detective:BatchGetMembershipDatasources", "detective:DisassociateMembership", "detective:GetFreeTrialEligibility", "detective:GetPricingInformation", "detective:GetUsageInformation", "detective:ListInvitations", "detective:RejectInvitation" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-01-17T15:16:14+00:00" }, "AmazonDetectiveOrganizationsAccess":{ "CreateDate":"2023-03-02T15:20:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "detective:DisableOrganizationAdminAccount", "detective:EnableOrganizationAdminAccount", "detective:ListOrganizationAdminAccount" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"detective.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:EnableAWSServiceAccess", "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "detective.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:ListDelegatedAdministrators" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "detective.amazonaws.com", "guardduty.amazonaws.com", "macie.amazonaws.com", "securityhub.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-02T15:20:50+00:00" }, "AmazonDetectiveServiceLinkedRolePolicy":{ "CreateDate":"2021-11-18T19:47:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeAccount", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-18T19:47:32+00:00" }, "AmazonDevOpsGuruConsoleFullAccess":{ "CreateDate":"2021-12-17T18:43:09+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "devops-guru:*" ], "Effect":"Allow", "Resource":"*", "Sid":"DevOpsGuruFullAccess" }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudFormationListStacksAccess" }, { "Action":[ "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchGetMetricDataAccess" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*", "Sid":"SnsListTopicsAccess" }, { "Action":[ "sns:CreateTopic", "sns:GetTopicAttributes", "sns:SetTopicAttributes", "sns:Publish" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:DevOps-Guru-*", "Sid":"SnsTopicOperations" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"devops-guru.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", "Sid":"DevOpsGuruSlrCreation" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", "Sid":"DevOpsGuruSlrDeletion" }, { "Action":[ "rds:DescribeDBInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"RDSDescribeDBInstancesAccess" }, { "Action":[ "pi:GetResourceMetrics", "pi:DescribeDimensionKeys" ], "Effect":"Allow", "Resource":"*", "Sid":"PerformanceInsightsMetricsDataAccess" }, { "Action":[ "logs:FilterLogEvents" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/DevOps-Guru-Analysis":"true" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:*", "Sid":"CloudWatchLogsFilterLogEventsAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-25T18:18:53+00:00" }, "AmazonDevOpsGuruFullAccess":{ "CreateDate":"2020-12-01T16:38:12+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "devops-guru:*" ], "Effect":"Allow", "Resource":"*", "Sid":"DevOpsGuruFullAccess" }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudFormationListStacksAccess" }, { "Action":[ "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchGetMetricDataAccess" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*", "Sid":"SnsListTopicsAccess" }, { "Action":[ "sns:CreateTopic", "sns:GetTopicAttributes", "sns:SetTopicAttributes", "sns:Publish" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:DevOps-Guru-*", "Sid":"SnsTopicOperations" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"devops-guru.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", "Sid":"DevOpsGuruSlrCreation" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", "Sid":"DevOpsGuruSlrDeletion" }, { "Action":[ "rds:DescribeDBInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"RDSDescribeDBInstancesAccess" }, { "Action":[ "logs:FilterLogEvents" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/DevOps-Guru-Analysis":"true" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:*", "Sid":"CloudWatchLogsFilterLogEventsAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-25T18:23:41+00:00" }, "AmazonDevOpsGuruOrganizationsAccess":{ "CreateDate":"2021-11-15T23:50:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "devops-guru:DescribeOrganizationHealth", "devops-guru:DescribeOrganizationResourceCollectionHealth", "devops-guru:DescribeOrganizationOverview", "devops-guru:ListOrganizationInsights", "devops-guru:SearchOrganizationInsights" ], "Effect":"Allow", "Resource":"*", "Sid":"DevOpsGuruOrganizationsAccess" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListAccounts", "organizations:ListChildren", "organizations:ListOrganizationalUnitsForParent", "organizations:ListRoots" ], "Effect":"Allow", "Resource":"arn:aws:organizations::*:", "Sid":"OrganizationsDataAccess" }, { "Action":[ "organizations:DeregisterDelegatedAdministrator", "organizations:RegisterDelegatedAdministrator", "organizations:ListDelegatedAdministrators", "organizations:EnableAWSServiceAccess", "organizations:DisableAWSServiceAccess" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "devops-guru.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"OrganizationsAdminDataAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-15T23:50:52+00:00" }, "AmazonDevOpsGuruReadOnlyAccess":{ "CreateDate":"2020-12-01T16:34:40+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "devops-guru:DescribeAccountHealth", "devops-guru:DescribeAccountOverview", "devops-guru:DescribeAnomaly", "devops-guru:DescribeEventSourcesConfig", "devops-guru:DescribeFeedback", "devops-guru:DescribeInsight", "devops-guru:DescribeResourceCollectionHealth", "devops-guru:DescribeServiceIntegration", "devops-guru:GetCostEstimation", "devops-guru:GetResourceCollection", "devops-guru:ListAnomaliesForInsight", "devops-guru:ListEvents", "devops-guru:ListInsights", "devops-guru:ListAnomalousLogGroups", "devops-guru:ListMonitoredResources", "devops-guru:ListNotificationChannels", "devops-guru:ListRecommendations", "devops-guru:SearchInsights", "devops-guru:StartCostEstimation" ], "Effect":"Allow", "Resource":"*", "Sid":"DevOpsGuruReadOnlyAccess" }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudFormationListStacksAccess" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru" }, { "Action":[ "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchGetMetricDataAccess" }, { "Action":[ "rds:DescribeDBInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"RDSDescribeDBInstancesAccess" }, { "Action":[ "logs:FilterLogEvents" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/DevOps-Guru-Analysis":"true" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:*", "Sid":"CloudWatchLogsFilterLogEventsAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-25T18:11:21+00:00" }, "AmazonDevOpsGuruServiceRolePolicy":{ "CreateDate":"2020-12-01T10:24:42+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "autoscaling:DescribeAutoScalingGroups", "cloudtrail:LookupEvents", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:DescribeAnomalyDetectors", "cloudwatch:DescribeAlarms", "cloudwatch:ListDashboards", "cloudwatch:GetDashboard", "cloudformation:GetTemplate", "cloudformation:ListStacks", "cloudformation:ListStackResources", "cloudformation:DescribeStacks", "cloudformation:ListImports", "codedeploy:BatchGetDeployments", "codedeploy:GetDeploymentGroup", "codedeploy:ListDeployments", "config:DescribeConfigurationRecorderStatus", "config:GetResourceConfigHistory", "events:ListRuleNamesByTarget", "xray:GetServiceGraph", "organizations:ListRoots", "organizations:ListChildren", "organizations:ListDelegatedAdministrators", "pi:GetResourceMetrics", "tag:GetResources", "lambda:GetFunction", "lambda:GetFunctionConcurrency", "lambda:GetAccountSettings", "lambda:ListProvisionedConcurrencyConfigs", "lambda:ListAliases", "lambda:ListEventSourceMappings", "lambda:GetPolicy", "ec2:DescribeSubnets", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "sqs:GetQueueAttributes", "kinesis:DescribeStream", "kinesis:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:DescribeLimits", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeStream", "dynamodb:ListStreams", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "rds:DescribeOptionGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeAccountAttributes", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "s3:GetBucketNotification", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetBucketTagging", "s3:GetBucketWebsite", "s3:GetIntelligentTieringConfiguration", "s3:GetLifecycleConfiguration", "s3:GetReplicationConfiguration", "s3:ListAllMyBuckets", "s3:ListStorageLensConfigurations", "servicequotas:GetServiceQuota", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListServiceQuotas" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "events:PutTargets", "events:PutRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/DevOps-Guru-managed-*", "Sid":"AllowPutTargetsOnASpecificRule" }, { "Action":[ "ssm:CreateOpsItem" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowCreateOpsItem" }, { "Action":[ "ssm:AddTagsToResource" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:opsitem/*", "Sid":"AllowAddTagsToOpsItem" }, { "Action":[ "ssm:GetOpsItem", "ssm:UpdateOpsItem" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessOpsItem" }, { "Action":"events:PutRule", "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*", "Sid":"AllowCreateManagedRule" }, { "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*", "Sid":"AllowAccessManagedRule" }, { "Action":[ "events:DeleteRule", "events:EnableRule", "events:DisableRule", "events:PutTargets", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"devops-guru.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*", "Sid":"AllowOtherOperationsOnManagedRule" }, { "Action":[ "logs:FilterLogEvents" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/DevOps-Guru-Analysis":"true" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:*", "Sid":"AllowTagBasedFilterLogEvents" }, { "Action":"apigateway:GET", "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis/??????????", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration" ], "Sid":"AllowAPIGatewayGetIntegrations" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-01-10T14:36:48+00:00" }, "AmazonDocDB-ElasticServiceRolePolicy":{ "CreateDate":"2022-11-30T14:17:05+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/DocDB-Elastic" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-30T14:17:05+00:00" }, "AmazonDocDBConsoleFullAccess":{ "CreateDate":"2019-01-09T20:37:28+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "docdb-elastic:CreateCluster", "docdb-elastic:UpdateCluster", "docdb-elastic:GetCluster", "docdb-elastic:DeleteCluster", "docdb-elastic:ListClusters", "docdb-elastic:CreateClusterSnapshot", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:DeleteClusterSnapshot", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:RestoreClusterFromSnapshot", "docdb-elastic:TagResource", "docdb-elastic:UntagResource", "docdb-elastic:ListTagsForResource", "docdb-elastic:CopyClusterSnapshot", "docdb-elastic:StartCluster", "docdb-elastic:StopCluster", "docdb-elastic:GetPendingMaintenanceAction", "docdb-elastic:ListPendingMaintenanceActions", "docdb-elastic:ApplyPendingMaintenanceAction", "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBCluster", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:CreateGlobalCluster", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DeleteGlobalCluster", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:ModifyGlobalCluster", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveFromGlobalCluster", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DocdbSids" }, { "Action":[ "iam:GetRole", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "kms:DescribeKey", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DependencySids" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"rds.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Sid":"DocdbSLRSid" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"docdb-elastic.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/docdb-elastic.amazonaws.com/AWSServiceRoleForDocDB-Elastic", "Sid":"DocdbElasticSLRSid" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-11T18:22:07+00:00" }, "AmazonDocDBElasticFullAccess":{ "CreateDate":"2023-06-05T13:51:04+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "docdb-elastic:CreateCluster", "docdb-elastic:UpdateCluster", "docdb-elastic:GetCluster", "docdb-elastic:DeleteCluster", "docdb-elastic:ListClusters", "docdb-elastic:CreateClusterSnapshot", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:DeleteClusterSnapshot", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:RestoreClusterFromSnapshot", "docdb-elastic:TagResource", "docdb-elastic:UntagResource", "docdb-elastic:ListTagsForResource", "docdb-elastic:CopyClusterSnapshot", "docdb-elastic:StartCluster", "docdb-elastic:StopCluster", "docdb-elastic:GetPendingMaintenanceAction", "docdb-elastic:ListPendingMaintenanceActions", "docdb-elastic:ApplyPendingMaintenanceAction" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DocdbElasticSid" }, { "Action":[ "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints", "ec2:ModifyVpcEndpoint", "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeAvailabilityZones", "secretsmanager:ListSecrets" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"docdb-elastic.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"EC2Sid" }, { "Action":[ "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKey" ], "Condition":{ "StringLike":{ "aws:ResourceTag/DocDBElasticFullAccess":"*", "kms:ViaService":[ "docdb-elastic.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSSid" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":true }, "StringLike":{ "aws:ResourceTag/DocDBElasticFullAccess":"*", "kms:ViaService":[ "docdb-elastic.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"KMSGrantSid" }, { "Action":[ "secretsmanager:ListSecretVersionIds", "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:GetResourcePolicy" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"docdb-elastic.amazonaws.com" }, "StringLike":{ "secretsmanager:ResourceTag/DocDBElasticFullAccess":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"SecretManagerSid" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"CloudwatchSid" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"docdb-elastic.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/docdb-elastic.amazonaws.com/AWSServiceRoleForDocDB-Elastic", "Sid":"SLRSid" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-11T18:22:06+00:00" }, "AmazonDocDBElasticReadOnlyAccess":{ "CreateDate":"2023-06-08T14:37:37+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "docdb-elastic:ListClusters", "docdb-elastic:GetCluster", "docdb-elastic:ListClusterSnapshots", "docdb-elastic:GetClusterSnapshot", "docdb-elastic:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-21T16:57:09+00:00" }, "AmazonDocDBFullAccess":{ "CreateDate":"2019-01-09T20:21:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBCluster", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"rds.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-01-09T20:21:44+00:00" }, "AmazonDocDBReadOnlyAccess":{ "CreateDate":"2019-01-09T20:30:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSubnetGroups", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:ListKeys", "kms:ListRetirableGrants", "kms:ListAliases", "kms:ListKeyPolicies" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-01-09T20:30:28+00:00" }, "AmazonDynamoDBFullAccess":{ "CreateDate":"2015-02-06T18:40:11+00:00", "DefaultVersionId":"v15", "Document":{ "Statement":[ { "Action":[ "dynamodb:*", "dax:*", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "cloudwatch:GetMetricData", "datapipeline:ActivatePipeline", "datapipeline:CreatePipeline", "datapipeline:DeletePipeline", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:PutPipelineDefinition", "datapipeline:QueryObjects", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "iam:GetRole", "iam:ListRoles", "kms:DescribeKey", "kms:ListAliases", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Subscribe", "sns:Unsubscribe", "sns:SetTopicAttributes", "lambda:CreateFunction", "lambda:ListFunctions", "lambda:ListEventSourceMappings", "lambda:CreateEventSourceMapping", "lambda:DeleteEventSourceMapping", "lambda:GetFunctionConfiguration", "lambda:DeleteFunction", "resource-groups:ListGroups", "resource-groups:ListGroupResources", "resource-groups:GetGroup", "resource-groups:GetGroupQuery", "resource-groups:DeleteGroup", "resource-groups:CreateGroup", "tag:GetResources", "kinesis:ListStreams", "kinesis:DescribeStream", "kinesis:DescribeStreamSummary" ], "Effect":"Allow", "Resource":"*" }, { "Action":"cloudwatch:GetInsightRuleReport", "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "application-autoscaling.amazonaws.com", "application-autoscaling.amazonaws.com.cn", "dax.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "replication.dynamodb.amazonaws.com", "dax.amazonaws.com", "dynamodb.application-autoscaling.amazonaws.com", "contributorinsights.dynamodb.amazonaws.com", "kinesisreplication.dynamodb.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-29T17:38:30+00:00" }, "AmazonDynamoDBFullAccesswithDataPipeline":{ "CreateDate":"2015-02-06T18:40:14+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "dynamodb:*", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Subscribe", "sns:Unsubscribe", "sns:SetTopicAttributes" ], "Effect":"Allow", "Resource":"*", "Sid":"DDBConsole" }, { "Action":[ "lambda:*", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"DDBConsoleTriggers" }, { "Action":[ "datapipeline:*", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"DDBConsoleImportExport" }, { "Action":[ "iam:GetRolePolicy", "iam:PassRole" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"IAMEDPRoles" }, { "Action":[ "ec2:CreateTags", "ec2:DescribeInstances", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "elasticmapreduce:*", "datapipeline:*" ], "Effect":"Allow", "Resource":"*", "Sid":"EMR" }, { "Action":[ "s3:DeleteObject", "s3:Get*", "s3:List*", "s3:Put*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"S3" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-11-12T02:17:42+00:00" }, "AmazonDynamoDBReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:12+00:00", "DefaultVersionId":"v15", "Document":{ "Statement":[ { "Action":[ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:GetMetricData", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:QueryObjects", "dynamodb:BatchGetItem", "dynamodb:Describe*", "dynamodb:List*", "dynamodb:GetAbacStatus", "dynamodb:GetItem", "dynamodb:GetResourcePolicy", "dynamodb:Query", "dynamodb:Scan", "dynamodb:PartiQLSelect", "dax:Describe*", "dax:List*", "dax:GetItem", "dax:BatchGetItem", "dax:Query", "dax:Scan", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "iam:GetRole", "iam:ListRoles", "kms:DescribeKey", "kms:ListAliases", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "lambda:ListFunctions", "lambda:ListEventSourceMappings", "lambda:GetFunctionConfiguration", "resource-groups:ListGroups", "resource-groups:ListGroupResources", "resource-groups:GetGroup", "resource-groups:GetGroupQuery", "tag:GetResources", "kinesis:ListStreams", "kinesis:DescribeStream", "kinesis:DescribeStreamSummary" ], "Effect":"Allow", "Resource":"*", "Sid":"GeneralReadOnlyAccess" }, { "Action":"cloudwatch:GetInsightRuleReport", "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*", "Sid":"CCIAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-18T17:38:15+00:00" }, "AmazonEBSCSIDriverPolicy":{ "CreateDate":"2022-04-04T17:24:29+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateSnapshot", "ec2:ModifyVolume" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:AttachVolume", "ec2:DetachVolume" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "ec2:CreateVolume", "ec2:EnableFastSnapshotRestores" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateVolume", "CreateSnapshot" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*" ] }, { "Action":[ "ec2:DeleteTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*" ] }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "StringLike":{ "aws:RequestTag/ebs.csi.aws.com/cluster":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "StringLike":{ "aws:RequestTag/CSIVolumeName":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:DeleteVolume" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/ebs.csi.aws.com/cluster":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:DeleteVolume" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/CSIVolumeName":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:DeleteVolume" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/kubernetes.io/created-for/pvc/name":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "StringLike":{ "aws:RequestTag/CSIVolumeSnapshotName":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "StringLike":{ "aws:RequestTag/ebs.csi.aws.com/cluster":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/CSIVolumeSnapshotName":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/ebs.csi.aws.com/cluster":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-13T17:07:06+00:00" }, "AmazonEC2ContainerRegistryFullAccess":{ "CreateDate":"2015-12-21T17:06:48+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ecr:*", "cloudtrail:LookupEvents" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "replication.ecr.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-05T00:04:19+00:00" }, "AmazonEC2ContainerRegistryPowerUser":{ "CreateDate":"2015-12-21T17:05:33+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:DescribeImages", "ecr:BatchGetImage", "ecr:GetLifecyclePolicy", "ecr:GetLifecyclePolicyPreview", "ecr:ListTagsForResource", "ecr:DescribeImageScanFindings", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:PutImage" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-10T20:48:08+00:00" }, "AmazonEC2ContainerRegistryPullOnly":{ "CreateDate":"2024-10-04T16:58:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", "ecr:BatchImportUpstreamImage" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-04T16:58:49+00:00" }, "AmazonEC2ContainerRegistryReadOnly":{ "CreateDate":"2015-12-21T17:04:15+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:DescribeImages", "ecr:BatchGetImage", "ecr:GetLifecyclePolicy", "ecr:GetLifecyclePolicyPreview", "ecr:ListTagsForResource", "ecr:DescribeImageScanFindings" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-10T20:56:32+00:00" }, "AmazonEC2ContainerServiceAutoscaleRole":{ "CreateDate":"2016-05-12T23:25:44+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ecs:DescribeServices", "ecs:UpdateService" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-02-05T19:15:15+00:00" }, "AmazonEC2ContainerServiceEventsRole":{ "CreateDate":"2017-05-30T16:51:35+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ecs:RunTask" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"ecs-tasks.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"ecs:TagResource", "Condition":{ "StringEquals":{ "ecs:CreateAction":[ "RunTask" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-06T22:25:12+00:00" }, "AmazonEC2ContainerServiceRole":{ "CreateDate":"2015-04-09T16:14:19+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-08-11T13:08:01+00:00" }, "AmazonEC2ContainerServiceforEC2Role":{ "CreateDate":"2015-03-19T18:45:18+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeTags", "ecs:CreateCluster", "ecs:DeregisterContainerInstance", "ecs:DiscoverPollEndpoint", "ecs:Poll", "ecs:RegisterContainerInstance", "ecs:StartTelemetrySession", "ecs:UpdateContainerInstancesState", "ecs:Submit*", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ecs:TagResource", "Condition":{ "StringEquals":{ "ecs:CreateAction":[ "CreateCluster", "RegisterContainerInstance" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-06T22:19:04+00:00" }, "AmazonEC2FullAccess":{ "CreateDate":"2015-02-06T18:40:15+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":"ec2:*", "Effect":"Allow", "Resource":"*" }, { "Action":"elasticloadbalancing:*", "Effect":"Allow", "Resource":"*" }, { "Action":"cloudwatch:*", "Effect":"Allow", "Resource":"*" }, { "Action":"autoscaling:*", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "autoscaling.amazonaws.com", "ec2scheduled.amazonaws.com", "elasticloadbalancing.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com", "transitgateway.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-27T02:16:56+00:00" }, "AmazonEC2ReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:17+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:Describe*", "ec2:GetSecurityGroupsForVpc" ], "Effect":"Allow", "Resource":"*" }, { "Action":"elasticloadbalancing:Describe*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:Describe*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"autoscaling:Describe*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-27T10:07:06+00:00" }, "AmazonEC2RolePolicyForLaunchWizard":{ "CreateDate":"2019-11-13T08:05:53+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "ec2:AttachVolume", "ec2:RebootInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/LaunchWizardResourceGroupID":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "ec2:ReplaceRoute" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/LaunchWizardApplicationType":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:route-table/*" }, { "Action":[ "ec2:DescribeAddresses", "ec2:AssociateAddress", "ec2:DescribeInstances", "ec2:DescribeImages", "ec2:DescribeRegions", "ec2:DescribeVolumes", "ec2:DescribeRouteTables", "ec2:ModifyInstanceAttribute", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricData", "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateTags", "ec2:CreateVolume" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "LaunchWizardResourceGroupID", "LaunchWizardApplicationType" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectTagging", "s3:GetBucketLocation", "logs:PutLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:*", "arn:aws:s3:::launchwizard*", "arn:aws:s3:::aws-sap-data-provider/config.properties" ] }, { "Action":"logs:Create*", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:*" }, { "Action":[ "ec2:Describe*", "cloudformation:DescribeStackResources", "cloudformation:SignalResource", "cloudformation:DescribeStackResource", "cloudformation:DescribeStacks" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"LaunchWizardResourceGroupID" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "dynamodb:BatchGetItem", "dynamodb:PutItem", "sqs:ReceiveMessage", "sqs:SendMessage", "dynamodb:Scan", "s3:ListBucket", "dynamodb:Query", "dynamodb:UpdateItem", "dynamodb:DeleteTable", "dynamodb:CreateTable", "s3:GetObject", "dynamodb:DescribeTable", "s3:GetBucketLocation", "dynamodb:UpdateTable" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::launchwizard*", "arn:aws:dynamodb:*:*:table/LaunchWizard*", "arn:aws:sqs:*:*:LaunchWizard*" ] }, { "Action":"ssm:SendCommand", "Condition":{ "StringLike":{ "ssm:resourceTag/LaunchWizardApplicationType":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ssm:SendCommand", "ssm:GetDocument" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSSAP-InstallBackint", "arn:aws:ssm:*:*:document/AWSSAP-InstallBackintForAWSBackup" ] }, { "Action":[ "fsx:DescribeFileSystems", "fsx:ListTagsForResource", "fsx:DescribeStorageVirtualMachines" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":"LaunchWizard*" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-25T22:40:50+00:00" }, "AmazonEC2RoleforAWSCodeDeploy":{ "CreateDate":"2015-05-19T18:10:14+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-03-20T17:14:10+00:00" }, "AmazonEC2RoleforAWSCodeDeployLimited":{ "CreateDate":"2020-08-24T17:55:18+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*/CodeDeploy/*" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Condition":{ "StringEquals":{ "s3:ExistingObjectTag/UseWithCodeDeploy":"true" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-01-20T21:37:31+00:00" }, "AmazonEC2RoleforDataPipelineRole":{ "CreateDate":"2015-02-06T18:41:25+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "cloudwatch:*", "datapipeline:*", "dynamodb:*", "ec2:Describe*", "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:Describe*", "elasticmapreduce:ListInstance*", "elasticmapreduce:ModifyInstanceGroups", "rds:Describe*", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "s3:*", "sdb:*", "sns:*", "sqs:*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-02-22T17:24:05+00:00" }, "AmazonEC2RoleforSSM":{ "CreateDate":"2015-05-29T17:48:35+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "ssm:DescribeAssociation", "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetDocument", "ssm:DescribeDocument", "ssm:GetManifest", "ssm:GetParameters", "ssm:ListAssociations", "ssm:ListInstanceAssociations", "ssm:PutInventory", "ssm:PutComplianceItems", "ssm:PutConfigurePackageResult", "ssm:UpdateAssociationStatus", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateInstanceInformation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:PutMetricData" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeInstanceStatus" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ds:CreateComputer", "ds:DescribeDirectories" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetBucketLocation", "s3:PutObject", "s3:GetObject", "s3:GetEncryptionConfiguration", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts", "s3:ListBucket", "s3:ListBucketMultipartUploads" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-01-24T19:20:51+00:00" }, "AmazonEC2SpotFleetAutoscaleRole":{ "CreateDate":"2016-08-19T18:27:22+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSpotFleetRequests", "ec2:ModifySpotFleetRequest" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"ec2.application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-02-18T19:17:03+00:00" }, "AmazonEC2SpotFleetTaggingRole":{ "CreateDate":"2017-06-29T18:19:29+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:RequestSpotInstances", "ec2:TerminateInstances", "ec2:DescribeInstanceStatus", "ec2:CreateTags", "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" ] }, { "Action":[ "elasticloadbalancing:RegisterTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:*/*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-04-23T19:30:49+00:00" }, "AmazonECSComputeServiceRolePolicy":{ "CreateDate":"2025-03-24T17:37:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeNetworkInterfaces", "ec2:DescribeFleets" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForInstanceManagement" }, { "Action":[ "ec2:DescribeInstanceEventWindows" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForInstanceEventWindows" }, { "Action":[ "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyPermissionsForLaunchTemplates" }, { "Action":[ "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions" ], "Condition":{ "StringEquals":{ "ec2:ManagedResourceOperator":"ecs.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"DeleteManagedLaunchTemplate" }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "ec2:ManagedResourceOperator":"ecs.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"TerminateManagedInstances" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-28T20:07:06+00:00" }, "AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity":{ "CreateDate":"2024-01-19T20:08:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"secretsmanager:CreateSecret", "Condition":{ "ArnLike":{ "aws:RequestTag/AmazonECSCreated":[ "arn:aws:ecs:*:*:service/*/*", "arn:aws:ecs:*:*:task-set/*/*" ] }, "StringEquals":{ "aws:RequestTag/AmazonECSManaged":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:ecs-sc!*", "Sid":"CreateSecret" }, { "Action":"secretsmanager:TagResource", "Condition":{ "ArnLike":{ "aws:RequestTag/AmazonECSCreated":[ "arn:aws:ecs:*:*:service/*/*", "arn:aws:ecs:*:*:task-set/*/*" ] }, "StringEquals":{ "aws:RequestTag/AmazonECSManaged":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:ecs-sc!*", "Sid":"TagOnCreateSecret" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:UpdateSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:RotateSecret", "secretsmanager:UpdateSecretVersionStage" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"ecs-sc" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:ecs-sc!*", "Sid":"RotateTLSCertificateSecret" }, { "Action":[ "acm-pca:GetCertificate", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:DescribeCertificateAuthority" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonECSManaged":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManagePrivateCertificateAuthority" }, { "Action":[ "acm-pca:IssueCertificate" ], "Condition":{ "StringEquals":{ "acm-pca:TemplateArn":"arn:aws:acm-pca:::template/EndEntityCertificate/V1", "aws:ResourceTag/AmazonECSManaged":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManagePrivateCertificateAuthorityForIssuingEndEntityCertificate" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-19T20:08:36+00:00" }, "AmazonECSInfrastructureRolePolicyForVolumes":{ "CreateDate":"2024-01-10T22:56:41+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"ec2:CreateVolume", "Condition":{ "ArnLike":{ "aws:RequestTag/AmazonECSCreated":"arn:aws:ecs:*:*:task/*" }, "StringEquals":{ "aws:RequestTag/AmazonECSManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"CreateEBSManagedVolume" }, { "Action":"ec2:CreateVolume", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"CreateEBSManagedVolumeFromSnapshot" }, { "Action":"ec2:CreateTags", "Condition":{ "ArnLike":{ "aws:RequestTag/AmazonECSCreated":"arn:aws:ecs:*:*:task/*" }, "StringEquals":{ "aws:RequestTag/AmazonECSManaged":"true", "ec2:CreateAction":"CreateVolume" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"TagOnCreateVolume" }, { "Action":[ "ec2:DescribeVolumes", "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeVolumesForLifecycle" }, { "Action":[ "ec2:AttachVolume", "ec2:DetachVolume" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonECSManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"ManageEBSVolumeLifecycle" }, { "Action":[ "ec2:AttachVolume", "ec2:DetachVolume" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ManageVolumeAttachmentsForEC2" }, { "Action":"ec2:DeleteVolume", "Condition":{ "ArnLike":{ "aws:ResourceTag/AmazonECSCreated":"arn:aws:ecs:*:*:task/*" }, "StringEquals":{ "aws:ResourceTag/AmazonECSManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"DeleteEBSManagedVolume" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-10T18:56:53+00:00" }, "AmazonECSInfrastructureRolePolicyForVpcLattice":{ "CreateDate":"2024-11-15T20:02:55+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "vpc-lattice:RegisterTargets", "vpc-lattice:DeregisterTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:vpc-lattice:*:*:targetgroup/*" ], "Sid":"ManagedVpcLatticeTargetRegistration" }, { "Action":"vpc-lattice:GetTargetGroup", "Effect":"Allow", "Resource":[ "arn:aws:vpc-lattice:*:*:targetgroup/*" ], "Sid":"DescribeVpcLatticeTargetGroup" }, { "Action":"vpc-lattice:ListTargets", "Effect":"Allow", "Resource":[ "arn:aws:vpc-lattice:*:*:targetgroup/*" ], "Sid":"ListVpcLatticeTargets" }, { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DescribeEc2Resources" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T20:02:55+00:00" }, "AmazonECSServiceRolePolicy":{ "CreateDate":"2017-10-14T01:18:58+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:Describe*", "ec2:DetachNetworkInterface", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:DeleteHealthCheck", "route53:Get*", "route53:List*", "route53:UpdateHealthCheck", "servicediscovery:DeregisterInstance", "servicediscovery:Get*", "servicediscovery:List*", "servicediscovery:RegisterInstance", "servicediscovery:UpdateInstanceCustomHealthStatus" ], "Effect":"Allow", "Resource":"*", "Sid":"ECSTaskManagement" }, { "Action":[ "autoscaling:Describe*" ], "Effect":"Allow", "Resource":"*", "Sid":"AutoScaling" }, { "Action":[ "autoscaling:DeletePolicy", "autoscaling:PutScalingPolicy", "autoscaling:SetInstanceProtection", "autoscaling:UpdateAutoScalingGroup", "autoscaling:PutLifecycleHook", "autoscaling:DeleteLifecycleHook", "autoscaling:CompleteLifecycleAction", "autoscaling:RecordLifecycleActionHeartbeat" ], "Condition":{ "Null":{ "autoscaling:ResourceTag/AmazonECSManaged":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AutoScalingManagement" }, { "Action":[ "autoscaling-plans:CreateScalingPlan", "autoscaling-plans:DeleteScalingPlan", "autoscaling-plans:DescribeScalingPlans", "autoscaling-plans:DescribeScalingPlanResources" ], "Effect":"Allow", "Resource":"*", "Sid":"AutoScalingPlanManagement" }, { "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/ecs-managed-*", "Sid":"EventBridge" }, { "Action":[ "events:PutRule", "events:PutTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"ecs.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"EventBridgeRuleManagement" }, { "Action":[ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:*", "Sid":"CWAlarmManagement" }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"ECSTagging" }, { "Action":[ "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/ecs/*", "Sid":"CWLogGroupManagement" }, { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*", "Sid":"CWLogStreamManagement" }, { "Action":[ "ssm:DescribeSessions" ], "Effect":"Allow", "Resource":"*", "Sid":"ExecuteCommandSessionManagement" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", "Resource":[ "arn:aws:ecs:*:*:task/*", "arn:aws:ssm:*:*:document/AmazonECS-ExecuteInteractiveCommand" ], "Sid":"ExecuteCommand" }, { "Action":[ "servicediscovery:CreateHttpNamespace", "servicediscovery:CreateService" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonECSManaged" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudMapResourceCreation" }, { "Action":"servicediscovery:TagResource", "Condition":{ "StringLike":{ "aws:RequestTag/AmazonECSManaged":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudMapResourceTagging" }, { "Action":[ "servicediscovery:DeleteService" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonECSManaged":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudMapResourceDeletion" }, { "Action":[ "servicediscovery:DiscoverInstances", "servicediscovery:DiscoverInstancesRevision" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudMapResourceDiscovery" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-04T19:32:25+00:00" }, "AmazonECSTaskExecutionRolePolicy":{ "CreateDate":"2017-11-16T18:48:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-16T18:48:22+00:00" }, "AmazonECS_FullAccess":{ "CreateDate":"2017-11-07T21:36:54+00:00", "DefaultVersionId":"v21", "Document":{ "Statement":[ { "Action":[ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "appmesh:DescribeVirtualGateway", "appmesh:DescribeVirtualNode", "appmesh:ListMeshes", "appmesh:ListVirtualGateways", "appmesh:ListVirtualNodes", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:Describe*", "autoscaling:UpdateAutoScalingGroup", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStack*", "cloudformation:UpdateStack", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "codedeploy:BatchGetApplicationRevisions", "codedeploy:BatchGetApplications", "codedeploy:BatchGetDeploymentGroups", "codedeploy:BatchGetDeployments", "codedeploy:ContinueDeployment", "codedeploy:CreateApplication", "codedeploy:CreateDeployment", "codedeploy:CreateDeploymentGroup", "codedeploy:GetApplication", "codedeploy:GetApplicationRevision", "codedeploy:GetDeployment", "codedeploy:GetDeploymentConfig", "codedeploy:GetDeploymentGroup", "codedeploy:GetDeploymentTarget", "codedeploy:ListApplicationRevisions", "codedeploy:ListApplications", "codedeploy:ListDeploymentConfigs", "codedeploy:ListDeploymentGroups", "codedeploy:ListDeployments", "codedeploy:ListDeploymentTargets", "codedeploy:RegisterApplicationRevision", "codedeploy:StopDeployment", "ec2:AssociateRouteTable", "ec2:AttachInternetGateway", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelSpotFleetRequests", "ec2:CreateInternetGateway", "ec2:CreateLaunchTemplate", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:DeleteLaunchTemplate", "ec2:DeleteSubnet", "ec2:DeleteVpc", "ec2:Describe*", "ec2:DetachInternetGateway", "ec2:DisassociateRouteTable", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:RequestSpotFleet", "ec2:RunInstances", "ecs:*", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateRule", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteRule", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTargetGroups", "events:DeleteRule", "events:DescribeRule", "events:ListRuleNamesByTarget", "events:ListTargetsByRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "fsx:DescribeFileSystems", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRoles", "lambda:ListFunctions", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:FilterLogEvents", "route53:CreateHostedZone", "route53:DeleteHostedZone", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListHostedZonesByName", "servicediscovery:CreatePrivateDnsNamespace", "servicediscovery:CreateService", "servicediscovery:DeleteService", "servicediscovery:GetNamespace", "servicediscovery:GetOperation", "servicediscovery:GetService", "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:UpdateService", "sns:ListTopics" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ECSIntegrationsManagementPolicy" }, { "Action":[ "ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/aws/service/ecs*", "Sid":"SSMPolicy" }, { "Action":[ "ec2:DeleteInternetGateway", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-name":"EC2ContainerService-*" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ManagedCloudformationResourcesCleanupPolicy" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"ecs-tasks.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"TasksPassRolePolicy" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ecs.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/ecsInfrastructureRole" ], "Sid":"InfrastructurePassRolePolicy" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/ecsInstanceRole*" ], "Sid":"InstancePassRolePolicy" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":[ "application-autoscaling.amazonaws.com", "application-autoscaling.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/ecsAutoscaleRole*" ], "Sid":"AutoScalingPassRolePolicy" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":[ "ecs.amazonaws.com", "autoscaling.amazonaws.com", "ecs.application-autoscaling.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ServiceLinkedRoleCreationPolicy" }, { "Action":[ "elasticloadbalancing:AddTags" ], "Condition":{ "StringEquals":{ "elasticloadbalancing:CreateAction":[ "CreateTargetGroup", "CreateRule", "CreateListener", "CreateLoadBalancer" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ELBTaggingPolicy" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-13T19:39:37+00:00" }, "AmazonEFSCSIDriverPolicy":{ "CreateDate":"2023-07-25T20:10:04+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowDescribe" }, { "Action":[ "elasticfilesystem:CreateAccessPoint" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"efs.csi.aws.com/cluster" }, "Null":{ "aws:RequestTag/efs.csi.aws.com/cluster":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowCreateAccessPoint" }, { "Action":[ "elasticfilesystem:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"efs.csi.aws.com/cluster" }, "Null":{ "aws:RequestTag/efs.csi.aws.com/cluster":"false" }, "StringEquals":{ "elasticfilesystem:CreateAction":"CreateAccessPoint" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowTagNewAccessPoints" }, { "Action":"elasticfilesystem:DeleteAccessPoint", "Condition":{ "Null":{ "aws:ResourceTag/efs.csi.aws.com/cluster":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowDeleteAccessPoint" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-07-25T20:10:04+00:00" }, "AmazonEKSBlockStoragePolicy":{ "CreateDate":"2024-10-30T20:18:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:AttachVolume", "ec2:DetachVolume", "ec2:ModifyVolume", "ec2:EnableFastSnapshotRestores" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateVolume", "CreateSnapshot" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "eks:eks-cluster-name", "CSIVolumeName", "ebs.csi.eks.amazonaws.com/cluster", "kubernetes.io/cluster/*", "kubernetes.io/created-for/*", "Name", "KubernetesCluster" ] }, "StringEquals":{ "aws:RequestTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:CreateVolume" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, { "Action":[ "ec2:CreateSnapshot" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "eks:eks-cluster-name", "CSIVolumeSnapshotName", "ebs.csi.eks.amazonaws.com/cluster", "kubernetes.io/cluster/*", "Name" ] }, "StringEquals":{ "aws:RequestTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-30T20:18:13+00:00" }, "AmazonEKSClusterPolicy":{ "CreateDate":"2018-05-27T21:06:14+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "autoscaling:DescribeAutoScalingGroups", "autoscaling:UpdateAutoScalingGroup", "ec2:AttachVolume", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateRoute", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteRoute", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DescribeInstances", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DetachVolume", "ec2:ModifyInstanceAttribute", "ec2:ModifyVolume", "ec2:RevokeSecurityGroupIngress", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeInstanceTopology", "elasticloadbalancing:AddTags", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:AttachLoadBalancerToSubnets", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:CreateLoadBalancerPolicy", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteLoadBalancerListeners", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DetachLoadBalancerFromSubnets", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:ModifyLoadBalancerAttributes", "elasticloadbalancing:ModifyTargetGroup", "elasticloadbalancing:ModifyTargetGroupAttributes", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-01T17:39:00+00:00" }, "AmazonEKSComputePolicy":{ "CreateDate":"2024-11-01T21:46:52+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:CreateFleet", "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*" ] }, { "Action":[ "ec2:CreateFleet", "ec2:RunInstances" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*" }, { "Action":[ "ec2:CreateFleet", "ec2:RunInstances", "ec2:CreateLaunchTemplate" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "eks:eks-cluster-name", "eks:kubernetes-node-class-name", "eks:kubernetes-node-pool-name", "kubernetes.io/cluster/*" ] }, "StringEquals":{ "aws:RequestTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" }, "StringLike":{ "aws:RequestTag/eks:kubernetes-node-class-name":"*", "aws:RequestTag/eks:kubernetes-node-pool-name":"*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateFleet", "RunInstances", "CreateLaunchTemplate" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:AddRoleToInstanceProfile", "Effect":"Allow", "Resource":"arn:aws:iam::*:instance-profile/eks*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-07T21:21:18+00:00" }, "AmazonEKSConnectorServiceRolePolicy":{ "CreateDate":"2021-09-04T20:31:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:CreateActivation", "ssm:DescribeInstanceInformation", "ssm:DeleteActivation" ], "Effect":"Allow", "Resource":"*", "Sid":"AccessSSMService" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", "Resource":[ "arn:aws:eks:*:*:cluster/*", "arn:aws:ssm:*::document/AmazonEKS-ExecuteNonInteractiveCommand" ], "Sid":"ConnectorAgentStartSession" }, { "Action":[ "ssm:DeregisterManagedInstance" ], "Effect":"Allow", "Resource":[ "arn:aws:eks:*:*:cluster/*" ], "Sid":"ConnectorAgentDeregister" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"PassAnyRoleToSsm" }, { "Action":"events:PutRule", "Condition":{ "StringEquals":{ "events:ManagedBy":"eks-connector.amazonaws.com", "events:source":"aws.ssm" } }, "Effect":"Allow", "Resource":"*", "Sid":"PutManagedEventRule" }, { "Action":"events:PutTargets", "Condition":{ "StringEquals":{ "events:ManagedBy":"eks-connector.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"PutManagedEventTarget" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-04T20:31:08+00:00" }, "AmazonEKSFargatePodExecutionRolePolicy":{ "CreateDate":"2019-11-22T04:34:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-22T04:34:29+00:00" }, "AmazonEKSForFargateServiceRolePolicy":{ "CreateDate":"2019-11-22T04:36:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-22T04:36:25+00:00" }, "AmazonEKSLoadBalancingPolicy":{ "CreateDate":"2024-10-30T20:18:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateRule", "ec2:CreateSecurityGroup" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "eks:eks-cluster-name", "ingress.eks.amazonaws.com/stack", "ingress.eks.amazonaws.com/resource", "service.eks.amazonaws.com/stack", "service.eks.amazonaws.com/resource" ] }, "StringEquals":{ "aws:RequestTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*" }, { "Action":[ "elasticloadbalancing:RegisterTargets" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress" ], "Condition":{ "StringEquals":{ "aws:RequestTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group-rule/*" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupIngress" ], "Condition":{ "StringLike":{ "aws:ResourceTag/Name":"eks-cluster-sg*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupIngress" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*" }, { "Action":[ "elasticloadbalancing:AddTags" ], "Condition":{ "StringEquals":{ "elasticloadbalancing:CreateAction":[ "CreateLoadBalancer", "CreateTargetGroup", "CreateListener", "CreateRule" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateSecurityGroup", "AuthorizeSecurityGroupIngress" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "elasticloadbalancing:ModifyLoadBalancerAttributes", "elasticloadbalancing:SetIpAddressType", "elasticloadbalancing:SetSecurityGroups", "elasticloadbalancing:SetSubnets", "elasticloadbalancing:ModifyTargetGroup", "elasticloadbalancing:ModifyTargetGroupAttributes", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:ModifyListenerAttributes", "elasticloadbalancing:RemoveListenerCertificates", "elasticloadbalancing:ModifyRule" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "wafv2:AssociateWebACL", "wafv2:DisassociateWebACL" ], "Effect":"Allow", "Resource":[ "arn:aws:wafv2:*:*:*/webacl/*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" ] }, { "Action":[ "shield:CreateProtection" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "eks:eks-cluster-name", "ingress.eks.amazonaws.com/stack", "ingress.eks.amazonaws.com/resource", "service.eks.amazonaws.com/stack", "service.eks.amazonaws.com/resource" ] }, "StringEquals":{ "aws:RequestTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "shield:DeleteProtection" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "shield:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "eks:eks-cluster-name", "ingress.eks.amazonaws.com/stack", "ingress.eks.amazonaws.com/resource", "service.eks.amazonaws.com/stack", "service.eks.amazonaws.com/resource" ] }, "StringEquals":{ "aws:RequestTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"arn:aws:shield::*:protection/*" }, { "Action":[ "cognito-idp:DescribeUserPoolClient", "acm:ListCertificates", "acm:DescribeCertificate", "wafv2:GetWebACL", "wafv2:GetWebACLForResource", "elasticloadbalancing:SetWebAcl", "elasticloadbalancing:DescribeTargetGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcClassicLink", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DescribeClassicLinkInstances", "ec2:DescribeRouteTables", "ec2:DescribeCoipPools", "ec2:GetCoipPoolUsage", "ec2:GetSecurityGroupsForVpc", "ec2:DescribeVpcPeeringConnections" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-09T22:37:06+00:00" }, "AmazonEKSLocalOutpostClusterPolicy":{ "CreateDate":"2022-08-24T21:56:47+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeRouteTables", "ec2:DescribeTags", "ec2:DescribeNetworkInterfaces", "ec2:DescribeInstanceTypes", "ec2:DescribeAvailabilityZones", "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply", "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel", "ssm:DescribeInstanceProperties", "ssm:DescribeDocumentParameters", "ssm:ListInstanceAssociations", "ssm:RegisterManagedInstance", "ssm:UpdateInstanceInformation", "ssm:UpdateInstanceAssociationStatus", "ssm:PutComplianceItems", "ssm:PutInventory", "ecr-public:GetAuthorizationToken", "ecr:GetAuthorizationToken" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Effect":"Allow", "Resource":[ "arn:aws:ecr:*:*:repository/eks/*", "arn:aws:ecr:*:*:repository/bottlerocket-admin", "arn:aws:ecr:*:*:repository/bottlerocket-control-eks", "arn:aws:ecr:*:*:repository/diagnostics-collector-eks", "arn:aws:ecr:*:*:repository/kubelet-config-updater" ] }, { "Action":[ "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecret" ], "Effect":"Allow", "Resource":"arn:*:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*" }, { "Action":[ "logs:PutLogEvents", "logs:CreateLogStream", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-24T17:59:05+00:00" }, "AmazonEKSLocalOutpostServiceRolePolicy":{ "CreateDate":"2022-08-23T21:53:02+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeRouteTables", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcAttribute", "ec2:DescribePlacementGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringLike":{ "aws:RequestTag/eks-local:controlplane-name":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*" ] }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Condition":{ "StringLike":{ "aws:ResourceTag/eks-local:controlplane-name":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*" ] }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringLike":{ "aws:RequestTag/eks-local:controlplane-name":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*" }, { "Action":"ec2:RunInstances", "Condition":{ "StringLike":{ "aws:RequestTag/eks-local:controlplane-name":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":"ec2:RunInstances", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:placement-group/*" ] }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupIngress", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:TerminateInstances", "ec2:GetConsoleOutput" ], "Condition":{ "StringLike":{ "aws:ResourceTag/eks-local:controlplane-name":"*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "kubernetes.io/cluster/*", "eks*" ] }, "StringEquals":{ "ec2:CreateAction":[ "CreateNetworkInterface", "CreateSecurityGroup", "RunInstances" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":[ "secretsmanager:TagResource" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "kubernetes.io/cluster/*", "eks*" ] } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" }, { "Action":[ "secretsmanager:CreateSecret" ], "Condition":{ "StringLike":{ "aws:RequestTag/eks-local:controlplane-name":"*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" }, { "Action":"secretsmanager:DeleteSecret", "Condition":{ "StringLike":{ "aws:ResourceTag/eks-local:controlplane-name":"*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" }, { "Action":"secretsmanager:DescribeSecret", "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:GetInstanceProfile", "iam:DeleteInstanceProfile", "iam:RemoveRoleFromInstanceProfile" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:instance-profile/eks-local-*" }, { "Action":[ "ssm:StartSession" ], "Condition":{ "StringLike":{ "ssm:resourceTag/eks-local:controlplane-name":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*::document/AmazonEKS-ControlPlaneInstanceProxy" }, { "Action":[ "ssm:ResumeSession", "ssm:TerminateSession" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "outposts:GetOutpost" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-24T16:24:51+00:00" }, "AmazonEKSNetworkingPolicy":{ "CreateDate":"2024-10-28T22:34:33+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"ec2:CreateNetworkInterface", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "eks:eks-cluster-name", "eks:kubernetes-cni-node-name" ] }, "StringEquals":{ "aws:RequestTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" }, "StringLike":{ "aws:RequestTag/eks:kubernetes-cni-node-name":"*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateNetworkInterface", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*" ] }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:AttachNetworkInterface", "ec2:DetachNetworkInterface", "ec2:UnassignPrivateIpAddresses", "ec2:UnassignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssignIpv6Addresses" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/eks:eks-cluster-name":"${aws:PrincipalTag/eks:eks-cluster-name}" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-28T22:34:33+00:00" }, "AmazonEKSServicePolicy":{ "CreateDate":"2018-05-27T21:08:21+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DetachNetworkInterface", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "iam:ListAttachedRolePolicies", "eks:UpdateClusterVersion", "ec2:GetSecurityGroupsForVpc" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringLike":{ "aws:RequestTag/Name":"eks-cluster-*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ] }, { "Action":"route53:AssociateVPCWithHostedZone", "Effect":"Allow", "Resource":"*" }, { "Action":"logs:CreateLogGroup", "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*" }, { "Action":"logs:PutLogEvents", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"eks.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-14T21:12:40+00:00" }, "AmazonEKSServiceRolePolicy":{ "CreateDate":"2020-02-21T20:10:47+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DetachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterfacePermission" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", "ec2:DescribeInstances", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeInstanceTypes", "ec2:DescribeInternetGateways", "ec2:DescribeLaunchTemplates", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:GetCoipPoolUsage", "ec2:GetSecurityGroupsForVpc", "eks:DescribeCluster", "elasticloadbalancing:DescribeListenerAttributes", "elasticloadbalancing:DescribeListenerCertificates", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeSSLPolicies", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeTrustStores", "iam:ListAttachedRolePolicies", "pricing:GetProducts", "shield:GetSubscriptionState", "tag:GetResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupIngress" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/Name":"eks-cluster-sg*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "kubernetes.io/cluster/*" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "StringLike":{ "aws:RequestTag/Name":"eks-cluster-*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*" ] }, { "Action":"route53:AssociateVPCWithHostedZone", "Effect":"Allow", "Resource":"arn:aws:route53:::hostedzone/*" }, { "Action":"logs:CreateLogGroup", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*" }, { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*" }, { "Action":"logs:PutLogEvents", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringLike":{ "cloudwatch:namespace":"AWS/EKS" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "eks:CreateAccessEntry", "eks:DeleteAccessEntry" ], "Condition":{ "ArnLike":{ "eks:principalArn":"arn:aws:iam::*:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS" }, "StringEquals":{ "eks:accessEntryType":"STANDARD" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "eks:ListAssociatedAccessPolicies" ], "Effect":"Allow", "Resource":"arn:aws:eks:*:*:access-entry/*/role/${aws:PrincipalAccount}/AWSServiceRoleForAmazonEKS/*" }, { "Action":[ "eks:AssociateAccessPolicy", "eks:DisassociateAccessPolicy" ], "Condition":{ "StringEquals":{ "eks:policyArn":[ "arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputePolicy", "arn:aws:eks::aws:cluster-access-policy/AmazonEKSComputeClusterPolicy", "arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingPolicy", "arn:aws:eks::aws:cluster-access-policy/AmazonEKSNetworkingClusterPolicy", "arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingPolicy", "arn:aws:eks::aws:cluster-access-policy/AmazonEKSLoadBalancingClusterPolicy", "arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStoragePolicy", "arn:aws:eks::aws:cluster-access-policy/AmazonEKSBlockStorageClusterPolicy", "arn:aws:eks::aws:cluster-access-policy/AmazonEKSHybridPolicy" ] } }, "Effect":"Allow", "Resource":"arn:aws:eks:*:*:access-entry/*/role/${aws:PrincipalAccount}/AWSServiceRoleForAmazonEKS/*" }, { "Action":[ "ec2:DeleteNetworkInterface" ], "Condition":{ "StringLike":{ "aws:ResourceTag/eks:eks-cluster-name":"*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"eks:DescribeAccessEntry", "Condition":{ "StringEquals":{ "eks:accessEntryType":"EC2" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"events:PutRule", "Condition":{ "ForAllValues:StringEquals":{ "events:source":[ "aws.ec2", "aws.health" ] }, "StringEquals":{ "events:ManagedBy":[ "eks.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/EKS*" }, { "Action":"events:PutTargets", "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/EKS*" }, { "Action":[ "iam:GetInstanceProfile", "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:RemoveRoleFromInstanceProfile" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:instance-profile/eks*" }, { "Action":[ "ec2:DeleteLaunchTemplate", "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "aws:ResourceTag/eks:eks-cluster-name":"*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DeleteLaunchTemplate", "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "ec2:ManagedResourceOperator":[ "eks.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DeleteVolume" ], "Condition":{ "StringLike":{ "aws:ResourceTag/eks:eks-cluster-name":"*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "StringLike":{ "aws:ResourceTag/eks:eks-cluster-name":"*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteRule", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteTargetGroup", "ec2:DeleteSecurityGroup", "shield:DescribeProtection" ], "Condition":{ "StringLike":{ "aws:ResourceTag/eks:eks-cluster-name":"*" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-26T21:37:06+00:00" }, "AmazonEKSVPCResourceController":{ "CreateDate":"2020-08-12T00:55:34+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"ec2:CreateNetworkInterfacePermission", "Condition":{ "ForAnyValue:StringEquals":{ "ec2:ResourceTag/eks:eni:owner":"eks-vpc-resource-controller" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateNetworkInterface", "ec2:DetachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:AttachNetworkInterface", "ec2:UnassignPrivateIpAddresses", "ec2:AssignPrivateIpAddresses" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-12T00:55:34+00:00" }, "AmazonEKSWorkerNodeMinimalPolicy":{ "CreateDate":"2024-10-02T20:03:51+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "eks-auth:AssumeRoleForPodIdentity" ], "Effect":"Allow", "Resource":"*", "Sid":"WorkerNodePermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-02T20:03:51+00:00" }, "AmazonEKSWorkerNodePolicy":{ "CreateDate":"2018-05-27T21:09:01+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", "eks:DescribeCluster", "eks-auth:AssumeRoleForPodIdentity" ], "Effect":"Allow", "Resource":"*", "Sid":"WorkerNodePermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T00:06:13+00:00" }, "AmazonEKS_CNI_Policy":{ "CreateDate":"2018-05-27T21:07:42+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeNetworkInterfaces", "ec2:DescribeInstanceTypes", "ec2:DescribeSubnets", "ec2:DetachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:UnassignPrivateIpAddresses" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonEKSCNIPolicy" }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"AmazonEKSCNIPolicyENITag" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-04T20:20:55+00:00" }, "AmazonEMRCleanupPolicy":{ "CreateDate":"2017-09-26T23:54:19+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeLaunchTemplates", "ec2:DescribeSpotInstanceRequests", "ec2:DeleteLaunchTemplate", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances", "ec2:CancelSpotInstanceRequests", "ec2:DeleteNetworkInterface", "ec2:DescribeInstanceAttribute", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:DetachVolume", "ec2:DeleteVolume", "ec2:DescribePlacementGroups", "ec2:DeletePlacementGroup" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-29T21:11:54+00:00" }, "AmazonEMRContainersServiceRolePolicy":{ "CreateDate":"2020-12-09T00:38:19+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "eks:DescribeCluster", "eks:ListNodeGroups", "eks:DescribeNodeGroup", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "eks:ListPodIdentityAssociations", "eks:DescribePodIdentityAssociation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "acm:ImportCertificate", "acm:AddTagsToCertificate" ], "Condition":{ "StringEquals":{ "aws:RequestTag/emr-container:endpoint:managed-certificate":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "acm:DeleteCertificate" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/emr-container:endpoint:managed-certificate":"true" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-06T21:07:07+00:00" }, "AmazonEMRFullAccessPolicy_v2":{ "CreateDate":"2021-03-12T01:50:29+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "elasticmapreduce:RunJobFlow" ], "Condition":{ "StringEquals":{ "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"RunJobFlowExplicitlyWithEMRManagedTag" }, { "Action":[ "elasticmapreduce:AddInstanceFleet", "elasticmapreduce:AddInstanceGroups", "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:AddTags", "elasticmapreduce:CancelSteps", "elasticmapreduce:CreateEditor", "elasticmapreduce:CreatePersistentAppUI", "elasticmapreduce:CreateSecurityConfiguration", "elasticmapreduce:DeleteEditor", "elasticmapreduce:DeleteSecurityConfiguration", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeEditor", "elasticmapreduce:DescribeJobFlows", "elasticmapreduce:DescribePersistentAppUI", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:DescribeReleaseLabel", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetAutoTerminationPolicy", "elasticmapreduce:GetPersistentAppUIPresignedURL", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListEditors", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ListSupportedInstanceTypes", "elasticmapreduce:ModifyCluster", "elasticmapreduce:ModifyInstanceFleet", "elasticmapreduce:ModifyInstanceGroups", "elasticmapreduce:OpenEditorInConsole", "elasticmapreduce:PutAutoScalingPolicy", "elasticmapreduce:PutBlockPublicAccessConfiguration", "elasticmapreduce:PutManagedScalingPolicy", "elasticmapreduce:RemoveAutoScalingPolicy", "elasticmapreduce:RemoveManagedScalingPolicy", "elasticmapreduce:RemoveTags", "elasticmapreduce:SetTerminationProtection", "elasticmapreduce:StartEditor", "elasticmapreduce:StopEditor", "elasticmapreduce:TerminateJobFlows", "elasticmapreduce:ViewEventsFromAllClustersInConsole" ], "Effect":"Allow", "Resource":"*", "Sid":"ElasticMapReduceActions" }, { "Action":[ "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*", "Sid":"ViewMetricsInEMRConsole" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"elasticmapreduce.amazonaws.com*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/EMR_DefaultRole_V2", "Sid":"PassRoleForElasticMapReduce" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"ec2.amazonaws.com*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/EMR_EC2_DefaultRole", "Sid":"PassRoleForEC2" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"application-autoscaling.amazonaws.com*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole", "Sid":"PassRoleForAutoScaling" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "elasticmapreduce.amazonaws.com", "elasticmapreduce.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/elasticmapreduce.amazonaws.com*/AWSServiceRoleForEMRCleanup*", "Sid":"ElasticMapReduceServiceLinkedRole" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeKeyPairs", "ec2:DescribeNatGateways", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "s3:ListAllMyBuckets", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"ConsoleUIActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-27T22:07:07+00:00" }, "AmazonEMRReadOnlyAccessPolicy_v2":{ "CreateDate":"2021-03-12T01:39:16+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeEditor", "elasticmapreduce:DescribeJobFlows", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:DescribeReleaseLabel", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetAutoTerminationPolicy", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListEditors", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ListSupportedInstanceTypes", "elasticmapreduce:ViewEventsFromAllClustersInConsole" ], "Effect":"Allow", "Resource":"*", "Sid":"ElasticMapReduceActions" }, { "Action":[ "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*", "Sid":"ViewMetricsInEMRConsole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-02T19:15:33+00:00" }, "AmazonEMRServerlessServiceRolePolicy":{ "CreateDate":"2022-05-20T23:15:42+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2PolicyStatement" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/EMRServerless", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"CloudWatchPolicyStatement" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-25T18:21:43+00:00" }, "AmazonEMRServicePolicy_v2":{ "CreateDate":"2021-03-12T01:11:08+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:RunInstances", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateInTaggedNetwork" }, { "Action":[ "ec2:CreateFleet", "ec2:RunInstances", "ec2:CreateLaunchTemplateVersion" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"CreateWithEMRTaggedLaunchTemplate" }, { "Action":"ec2:CreateLaunchTemplate", "Condition":{ "StringEquals":{ "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*", "Sid":"CreateEMRTaggedLaunchTemplate" }, { "Action":[ "ec2:RunInstances", "ec2:CreateFleet" ], "Condition":{ "StringEquals":{ "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"CreateEMRTaggedInstancesAndVolumes" }, { "Action":[ "ec2:RunInstances", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::image/ami-*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:capacity-reservation/*", "arn:aws:ec2:*:*:placement-group/EMR_*", "arn:aws:ec2:*:*:fleet/*", "arn:aws:ec2:*:*:dedicated-host/*", "arn:aws:resource-groups:*:*:group/*" ], "Sid":"ResourcesToLaunchEC2" }, { "Action":[ "ec2:CreateLaunchTemplateVersion", "ec2:DeleteLaunchTemplate", "ec2:DeleteNetworkInterface", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageEMRTaggedResources" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ], "Sid":"ManageTagsOnEMRTaggedResources" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"CreateNetworkInterfaceNeededForPrivateSubnet" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "RunInstances", "CreateFleet", "CreateLaunchTemplate", "CreateNetworkInterface" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:launch-template/*" ], "Sid":"TagOnCreateTaggedEMRResources" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:placement-group/EMR_*" ], "Sid":"TagPlacementGroups" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeCapacityReservations", "ec2:DescribeDhcpOptions", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplates", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVolumeStatus", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*", "Sid":"ListActionsForEC2Resources" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateDefaultSecurityGroupWithEMRTags" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*" ], "Sid":"CreateDefaultSecurityGroupInVPCWithEMRTags" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true", "ec2:CreateAction":"CreateSecurityGroup" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"TagOnCreateDefaultSecurityGroupWithEMRTags" }, { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageSecurityGroups" }, { "Action":[ "ec2:CreatePlacementGroup" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:placement-group/EMR_*", "Sid":"CreateEMRPlacementGroups" }, { "Action":[ "ec2:DeletePlacementGroup" ], "Effect":"Allow", "Resource":"*", "Sid":"DeletePlacementGroups" }, { "Action":[ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget" ], "Effect":"Allow", "Resource":"*", "Sid":"AutoScaling" }, { "Action":[ "resource-groups:ListGroupResources" ], "Effect":"Allow", "Resource":"*", "Sid":"ResourceGroupsForCapacityReservations" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:*_EMR_Auto_Scaling", "Sid":"AutoScalingCloudWatch" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"application-autoscaling.amazonaws.com*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole", "Sid":"PassRoleForAutoScaling" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"ec2.amazonaws.com*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/EMR_EC2_DefaultRole", "Sid":"PassRoleForEC2" }, { "Action":[ "ec2:ModifyVpcEndpoint", "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:vpc/*" ], "Sid":"CreateAndModifyEmrServiceVPCEndpoint" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEquals":{ "aws:RequestTag/Name":"emr-service-vpce", "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"CreateEmrServiceVPCEndpoint" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/Name":"emr-service-vpce", "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true", "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"TagEmrServiceVPCEndpoint" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-03T20:37:06+00:00" }, "AmazonESCognitoAccess":{ "CreateDate":"2018-02-28T22:29:18+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cognito-idp:DescribeUserPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteUserPoolClient", "cognito-idp:UpdateUserPoolClient", "cognito-idp:DescribeUserPoolClient", "cognito-idp:AdminInitiateAuth", "cognito-idp:AdminUserGlobalSignOut", "cognito-idp:ListUserPoolClients", "cognito-identity:DescribeIdentityPool", "cognito-identity:UpdateIdentityPool", "cognito-identity:SetIdentityPoolRoles", "cognito-identity:GetIdentityPoolRoles" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":[ "cognito-identity.amazonaws.com", "cognito-identity-us-gov.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-12-20T14:04:44+00:00" }, "AmazonESFullAccess":{ "CreateDate":"2015-10-01T19:14:00+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "es:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-10-01T19:14:00+00:00" }, "AmazonESReadOnlyAccess":{ "CreateDate":"2015-10-01T19:18:24+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "es:Describe*", "es:List*", "es:Get*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-10-03T03:32:56+00:00" }, "AmazonElastiCacheFullAccess":{ "CreateDate":"2015-02-06T18:40:20+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"elasticache:*", "Effect":"Allow", "Resource":"*", "Sid":"ElastiCacheManagementActions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"elasticache.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache", "Sid":"CreateServiceLinkedRole" }, { "Action":"ec2:CreateVpcEndpoint", "Condition":{ "StringLike":{ "ec2:VpceServiceName":"com.amazonaws.elasticache.serverless.*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"CreateVPCEndpoints" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Effect":"Allow", "NotResource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"AllowAccessToElastiCacheTaggedVpcEndpoints" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/AmazonElastiCacheManaged":"true", "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"TagVPCEndpointsOnCreation" }, { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessToEc2" }, { "Action":[ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessToKMS" }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessToCloudWatch" }, { "Action":[ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScalingActivities" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessToAutoScaling" }, { "Action":[ "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeLogGroups" }, { "Action":[ "firehose:ListDeliveryStreams" ], "Effect":"Allow", "Resource":"*", "Sid":"ListLogDeliveryStreams" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeS3Buckets" }, { "Action":[ "outposts:ListOutposts" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessToOutposts" }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessToSNS" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-28T03:49:56+00:00" }, "AmazonElastiCacheReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elasticache:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:21+00:00" }, "AmazonElasticContainerRegistryPublicFullAccess":{ "CreateDate":"2020-12-01T17:25:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecr-public:*", "sts:GetServiceBearerToken" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T17:25:52+00:00" }, "AmazonElasticContainerRegistryPublicPowerUser":{ "CreateDate":"2020-12-01T16:16:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecr-public:GetAuthorizationToken", "sts:GetServiceBearerToken", "ecr-public:BatchCheckLayerAvailability", "ecr-public:GetRepositoryPolicy", "ecr-public:DescribeRepositories", "ecr-public:DescribeRegistries", "ecr-public:DescribeImages", "ecr-public:DescribeImageTags", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRegistryCatalogData", "ecr-public:InitiateLayerUpload", "ecr-public:UploadLayerPart", "ecr-public:CompleteLayerUpload", "ecr-public:PutImage" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T16:16:54+00:00" }, "AmazonElasticContainerRegistryPublicReadOnly":{ "CreateDate":"2020-12-01T17:27:04+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecr-public:GetAuthorizationToken", "sts:GetServiceBearerToken", "ecr-public:BatchCheckLayerAvailability", "ecr-public:GetRepositoryPolicy", "ecr-public:DescribeRepositories", "ecr-public:DescribeRegistries", "ecr-public:DescribeImages", "ecr-public:DescribeImageTags", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRegistryCatalogData" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T17:27:04+00:00" }, "AmazonElasticFileSystemClientFullAccess":{ "CreateDate":"2020-01-13T16:27:00+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientRootAccess", "elasticfilesystem:ClientWrite", "elasticfilesystem:DescribeMountTargets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-01-13T16:27:00+00:00" }, "AmazonElasticFileSystemClientReadOnlyAccess":{ "CreateDate":"2020-01-13T16:24:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elasticfilesystem:ClientMount", "elasticfilesystem:DescribeMountTargets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-01-13T16:24:36+00:00" }, "AmazonElasticFileSystemClientReadWriteAccess":{ "CreateDate":"2020-01-13T16:21:55+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite", "elasticfilesystem:DescribeMountTargets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-01-13T16:21:55+00:00" }, "AmazonElasticFileSystemFullAccess":{ "CreateDate":"2015-05-27T16:22:28+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricData", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "elasticfilesystem:CreateFileSystem", "elasticfilesystem:CreateMountTarget", "elasticfilesystem:CreateTags", "elasticfilesystem:CreateAccessPoint", "elasticfilesystem:CreateReplicationConfiguration", "elasticfilesystem:DeleteFileSystem", "elasticfilesystem:DeleteMountTarget", "elasticfilesystem:DeleteTags", "elasticfilesystem:DeleteAccessPoint", "elasticfilesystem:DeleteFileSystemPolicy", "elasticfilesystem:DeleteReplicationConfiguration", "elasticfilesystem:DescribeAccountPreferences", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeTags", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeReplicationConfigurations", "elasticfilesystem:ModifyMountTargetSecurityGroups", "elasticfilesystem:PutAccountPreferences", "elasticfilesystem:PutBackupPolicy", "elasticfilesystem:PutLifecycleConfiguration", "elasticfilesystem:PutFileSystemPolicy", "elasticfilesystem:UpdateFileSystem", "elasticfilesystem:UpdateFileSystemProtection", "elasticfilesystem:TagResource", "elasticfilesystem:UntagResource", "elasticfilesystem:ListTagsForResource", "elasticfilesystem:Backup", "elasticfilesystem:Restore", "elasticfilesystem:ReplicationRead", "elasticfilesystem:ReplicationWrite", "kms:DescribeKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"ElasticFileSystemFullAccess" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "elasticfilesystem.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateServiceLinkedRoleForEFS" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"elasticfilesystem.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassRoleAccessForEFS" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-07T19:34:20+00:00" }, "AmazonElasticFileSystemReadOnlyAccess":{ "CreateDate":"2015-05-27T16:25:25+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricData", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "elasticfilesystem:DescribeAccountPreferences", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeTags", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeReplicationConfigurations", "elasticfilesystem:ListTagsForResource", "elasticfilesystem:ReplicationRead", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"ElasticFileSystemReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-07T19:39:56+00:00" }, "AmazonElasticFileSystemServiceRolePolicy":{ "CreateDate":"2019-11-05T16:52:41+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "backup-storage:MountCapsule", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaceAttribute", "ec2:ModifyNetworkInterfaceAttribute", "tag:GetResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:DescribeKey" ], "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*" }, { "Action":[ "backup:CreateBackupVault", "backup:PutBackupVaultAccessPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:backup:*:*:backup-vault:aws/efs/automatic-backup-vault" ] }, { "Action":[ "backup:CreateBackupPlan", "backup:CreateBackupSelection" ], "Effect":"Allow", "Resource":[ "arn:aws:backup:*:*:backup-plan:*" ] }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "backup.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":"backup.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup" ] }, { "Action":[ "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:CreateReplicationConfiguration", "elasticfilesystem:DescribeReplicationConfigurations", "elasticfilesystem:DeleteReplicationConfiguration", "elasticfilesystem:ReplicationRead", "elasticfilesystem:ReplicationWrite" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-07T19:19:50+00:00" }, "AmazonElasticFileSystemsUtils":{ "CreateDate":"2020-09-29T15:16:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:DescribeAssociation", "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetDocument", "ssm:DescribeDocument", "ssm:GetManifest", "ssm:GetParameter", "ssm:GetParameters", "ssm:ListAssociations", "ssm:ListInstanceAssociations", "ssm:PutInventory", "ssm:PutComplianceItems", "ssm:PutConfigurePackageResult", "ssm:UpdateAssociationStatus", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateInstanceInformation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "elasticfilesystem:DescribeMountTargets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-29T15:16:47+00:00" }, "AmazonElasticMapReduceEditorsRole":{ "CreateDate":"2018-11-16T21:55:25+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupEgress", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticmapreduce:ListInstances", "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListSteps" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws:elasticmapreduce:editor-id", "aws:elasticmapreduce:job-flow-id" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-09T22:39:29+00:00" }, "AmazonElasticMapReduceFullAccess":{ "CreateDate":"2015-02-06T18:40:22+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "cloudwatch:*", "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:CancelSpotInstanceRequests", "ec2:CreateRoute", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteRoute", "ec2:DeleteTags", "ec2:DeleteSecurityGroup", "ec2:DescribeAvailabilityZones", "ec2:DescribeAccountAttributes", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DescribeRouteTables", "ec2:DescribeNetworkAcls", "ec2:CreateVpcEndpoint", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RevokeSecurityGroupEgress", "ec2:RunInstances", "ec2:TerminateInstances", "elasticmapreduce:*", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListRoles", "iam:PassRole", "kms:List*", "s3:*", "sdb:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":[ "elasticmapreduce.amazonaws.com", "elasticmapreduce.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-11T15:19:30+00:00" }, "AmazonElasticMapReducePlacementGroupPolicy":{ "CreateDate":"2020-09-29T00:37:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DeletePlacementGroup", "ec2:DescribePlacementGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreatePlacementGroup" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:placement-group/EMR_*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-29T00:37:08+00:00" }, "AmazonElasticMapReduceReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:23+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "elasticmapreduce:Describe*", "elasticmapreduce:List*", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:ViewEventsFromAllClustersInConsole", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", "sdb:Select", "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-07-29T23:14:09+00:00" }, "AmazonElasticMapReduceRole":{ "CreateDate":"2015-02-06T18:41:20+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelSpotInstanceRequests", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteLaunchTemplate", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DeleteTags", "ec2:DescribeAvailabilityZones", "ec2:DescribeAccountAttributes", "ec2:DescribeDhcpOptions", "ec2:DescribeImages", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplates", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcs", "ec2:DetachNetworkInterface", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RevokeSecurityGroupEgress", "ec2:RunInstances", "ec2:TerminateInstances", "ec2:DeleteVolume", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:DetachVolume", "iam:GetRole", "iam:GetRolePolicy", "iam:ListInstanceProfiles", "iam:ListRolePolicies", "iam:PassRole", "s3:CreateBucket", "s3:Get*", "s3:List*", "sdb:BatchPutAttributes", "sdb:Select", "sqs:CreateQueue", "sqs:Delete*", "sqs:GetQueue*", "sqs:PurgeQueue", "sqs:ReceiveMessage", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:PutScalingPolicy", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:Describe*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"spot.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-24T22:24:20+00:00" }, "AmazonElasticMapReduceforAutoScalingRole":{ "CreateDate":"2016-11-18T01:09:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarms", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ModifyInstanceGroups" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-11-18T01:09:10+00:00" }, "AmazonElasticMapReduceforEC2Role":{ "CreateDate":"2015-02-06T18:41:21+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "cloudwatch:*", "dynamodb:*", "ec2:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSteps", "kinesis:CreateStream", "kinesis:DeleteStream", "kinesis:DescribeStream", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:MergeShards", "kinesis:PutRecord", "kinesis:SplitShard", "rds:Describe*", "s3:*", "sdb:*", "sns:*", "sqs:*", "glue:CreateDatabase", "glue:UpdateDatabase", "glue:DeleteDatabase", "glue:GetDatabase", "glue:GetDatabases", "glue:CreateTable", "glue:UpdateTable", "glue:DeleteTable", "glue:GetTable", "glue:GetTables", "glue:GetTableVersions", "glue:CreatePartition", "glue:BatchCreatePartition", "glue:UpdatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition", "glue:CreateUserDefinedFunction", "glue:UpdateUserDefinedFunction", "glue:DeleteUserDefinedFunction", "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-08-11T23:57:30+00:00" }, "AmazonElasticTranscoderRole":{ "CreateDate":"2015-02-06T18:41:26+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:ListBucket", "s3:Get*", "s3:PutObject", "s3:PutObjectAcl", "s3:*MultipartUpload*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"1" }, { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"2" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-13T22:48:22+00:00" }, "AmazonElasticTranscoder_FullAccess":{ "CreateDate":"2018-04-27T18:59:35+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "elastictranscoder:*", "s3:ListAllMyBuckets", "s3:ListBucket", "iam:ListRoles", "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "elastictranscoder.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-10T22:51:51+00:00" }, "AmazonElasticTranscoder_JobsSubmitter":{ "CreateDate":"2018-06-07T21:12:16+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "elastictranscoder:Read*", "elastictranscoder:List*", "elastictranscoder:*Job", "elastictranscoder:*Preset", "s3:ListAllMyBuckets", "s3:ListBucket", "iam:ListRoles", "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-10T22:49:34+00:00" }, "AmazonElasticTranscoder_ReadOnlyAccess":{ "CreateDate":"2018-06-07T21:09:56+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "elastictranscoder:Read*", "elastictranscoder:List*", "s3:ListAllMyBuckets", "s3:ListBucket", "iam:ListRoles", "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-10T22:48:32+00:00" }, "AmazonElasticsearchServiceRolePolicy":{ "CreateDate":"2017-07-07T00:15:31+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:RemoveListenerCertificates" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973134" }, { "Action":[ "acm:DescribeCertificate" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973135" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/ES" } }, "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973136" }, { "Action":[ "ec2:CreateVpcEndpoint", "ec2:ModifyVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*" ], "Sid":"Stmt1480452973198" }, { "Action":"ec2:CreateVpcEndpoint", "Condition":{ "StringEquals":{ "aws:RequestTag/OpenSearchManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"Stmt1480452973199" }, { "Action":[ "ec2:ModifyVpcEndpoint", "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/OpenSearchManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"Stmt1480452973200" }, { "Action":[ "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973201" }, { "Action":[ "ec2:AssignIpv6Addresses" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"Stmt1480452973149" }, { "Action":[ "ec2:UnAssignIpv6Addresses" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"Stmt1480452973150" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"Stmt1480452973202" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-23T06:58:31+00:00" }, "AmazonEventBridgeApiDestinationsServiceRolePolicy":{ "CreateDate":"2021-02-11T20:52:05+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:UpdateSecret", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:events!connection/*" }, { "Action":[ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/EventBridgeApiDestinations":"true" }, "StringLike":{ "kms:EncryptionContext:SecretARN":[ "arn:aws:secretsmanager:*:*:secret:events!connection/*" ], "kms:ViaService":"secretsmanager.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-28T20:07:07+00:00" }, "AmazonEventBridgeFullAccess":{ "CreateDate":"2019-07-11T14:08:55+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "events:*", "schemas:*", "scheduler:*", "pipes:*" ], "Effect":"Allow", "Resource":"*", "Sid":"EventBridgeActions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"apidestinations.events.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/apidestinations.events.amazonaws.com/AWSServiceRoleForAmazonEventBridgeApiDestinations", "Sid":"IAMCreateServiceLinkedRoleForApiDestinations" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"schemas.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas", "Sid":"IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:UpdateSecret", "secretsmanager:DeleteSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:events!*", "Sid":"SecretsManagerAccessForApiDestinations" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"events.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassRoleAccessForEventBridge" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"scheduler.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassRoleAccessForScheduler" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"pipes.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassRoleAccessForPipes" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-22T01:37:06+00:00" }, "AmazonEventBridgePipesFullAccess":{ "CreateDate":"2022-12-01T17:03:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"pipes:*", "Effect":"Allow", "Resource":"*", "Sid":"EventBridgePipesActions" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"pipes.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassRoleAccessForPipes" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-01T17:03:20+00:00" }, "AmazonEventBridgePipesOperatorAccess":{ "CreateDate":"2022-12-01T17:04:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "pipes:DescribePipe", "pipes:ListPipes", "pipes:ListTagsForResource", "pipes:StartPipe", "pipes:StopPipe" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-01T17:04:32+00:00" }, "AmazonEventBridgePipesReadOnlyAccess":{ "CreateDate":"2022-12-01T17:04:03+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "pipes:DescribePipe", "pipes:ListPipes", "pipes:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-01T17:04:03+00:00" }, "AmazonEventBridgeReadOnlyAccess":{ "CreateDate":"2019-07-11T13:59:07+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "events:DescribeRule", "events:DescribeEventBus", "events:DescribeEventSource", "events:ListEventBuses", "events:ListEventSources", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule", "events:TestEventPattern", "events:DescribeArchive", "events:ListArchives", "events:DescribeReplay", "events:ListReplays", "events:DescribeConnection", "events:ListConnections", "events:DescribeApiDestination", "events:ListApiDestinations", "events:DescribeEndpoint", "events:ListEndpoints", "schemas:DescribeCodeBinding", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", "schemas:ExportSchema", "schemas:GetCodeBindingSource", "schemas:GetDiscoveredSchema", "schemas:GetResourcePolicy", "schemas:ListDiscoverers", "schemas:ListRegistries", "schemas:ListSchemas", "schemas:ListSchemaVersions", "schemas:ListTagsForResource", "schemas:SearchSchemas", "scheduler:GetSchedule", "scheduler:GetScheduleGroup", "scheduler:ListSchedules", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "pipes:DescribePipe", "pipes:ListPipes", "pipes:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-01T17:02:48+00:00" }, "AmazonEventBridgeSchedulerFullAccess":{ "CreateDate":"2022-11-10T18:37:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"scheduler:*", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"scheduler.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-10T18:37:25+00:00" }, "AmazonEventBridgeSchedulerReadOnlyAccess":{ "CreateDate":"2022-11-10T18:50:12+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "scheduler:ListSchedules", "scheduler:ListScheduleGroups", "scheduler:GetSchedule", "scheduler:GetScheduleGroup", "scheduler:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-10T18:50:12+00:00" }, "AmazonEventBridgeSchemasFullAccess":{ "CreateDate":"2019-11-28T23:12:53+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "schemas:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonEventBridgeSchemasFullAccess" }, { "Action":[ "events:PutRule", "events:PutTargets", "events:EnableRule", "events:DisableRule", "events:DeleteRule", "events:RemoveTargets", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*Schemas*", "Sid":"AmazonEventBridgeManageRule" }, { "Action":"iam:CreateServiceLinkedRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas", "Sid":"IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-28T23:12:53+00:00" }, "AmazonEventBridgeSchemasReadOnlyAccess":{ "CreateDate":"2019-11-28T23:05:57+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "schemas:ListDiscoverers", "schemas:DescribeDiscoverer", "schemas:ListRegistries", "schemas:DescribeRegistry", "schemas:SearchSchemas", "schemas:ListSchemas", "schemas:ListSchemaVersions", "schemas:DescribeSchema", "schemas:GetDiscoveredSchema", "schemas:DescribeCodeBinding", "schemas:GetCodeBindingSource", "schemas:ListTagsForResource", "schemas:GetResourcePolicy" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonEventBridgeSchemasReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-01T00:50:53+00:00" }, "AmazonEventBridgeSchemasServiceRolePolicy":{ "CreateDate":"2019-11-27T01:10:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "events:PutRule", "events:PutTargets", "events:EnableRule", "events:DisableRule", "events:DeleteRule", "events:RemoveTargets", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/*Schemas-*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-27T01:10:40+00:00" }, "AmazonFISServiceRolePolicy":{ "CreateDate":"2020-12-21T21:18:19+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "events:PutRule", "events:DeleteRule", "events:PutTargets", "events:RemoveTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"fis.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"EventBridge" }, { "Action":[ "events:DescribeRule" ], "Effect":"Allow", "Resource":"*", "Sid":"EventBridgeDescribe" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"Tagging" }, { "Action":[ "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmHistory" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatch" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeSubnets", "iam:GetUser", "iam:GetRole", "iam:ListUsers", "iam:ListRoles", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "ecs:DescribeClusters", "ecs:DescribeTasks", "ecs:ListTasks", "eks:DescribeNodegroup", "eks:DescribeCluster" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeUserResources" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-25T09:05:23+00:00" }, "AmazonFSxConsoleFullAccess":{ "CreateDate":"2018-11-28T16:36:05+00:00", "DefaultVersionId":"v12", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "ds:DescribeDirectories", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:GetSecurityGroupsForVpc", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "firehose:ListDeliveryStreams", "kms:ListAliases", "logs:DescribeLogGroups", "s3:ListBucket" ], "Effect":"Allow", "Resource":"*", "Sid":"ListResourcesAssociatedWithFSxFileSystem" }, { "Action":[ "fsx:AssociateFileGateway", "fsx:AssociateFileSystemAliases", "fsx:CancelDataRepositoryTask", "fsx:CopyBackup", "fsx:CopySnapshotAndUpdateVolume", "fsx:CreateBackup", "fsx:CreateDataRepositoryAssociation", "fsx:CreateDataRepositoryTask", "fsx:CreateFileCache", "fsx:CreateFileSystem", "fsx:CreateFileSystemFromBackup", "fsx:CreateSnapshot", "fsx:CreateStorageVirtualMachine", "fsx:CreateVolume", "fsx:CreateVolumeFromBackup", "fsx:DeleteBackup", "fsx:DeleteDataRepositoryAssociation", "fsx:DeleteFileCache", "fsx:DeleteFileSystem", "fsx:DeleteSnapshot", "fsx:DeleteStorageVirtualMachine", "fsx:DeleteVolume", "fsx:DescribeAssociatedFileGateways", "fsx:DescribeBackups", "fsx:DescribeDataRepositoryAssociations", "fsx:DescribeDataRepositoryTasks", "fsx:DescribeFileCaches", "fsx:DescribeFileSystemAliases", "fsx:DescribeFileSystems", "fsx:DescribeSharedVpcConfiguration", "fsx:DescribeSnapshots", "fsx:DescribeStorageVirtualMachines", "fsx:DescribeVolumes", "fsx:DisassociateFileGateway", "fsx:DisassociateFileSystemAliases", "fsx:ListTagsForResource", "fsx:ManageBackupPrincipalAssociations", "fsx:ReleaseFileSystemNfsV3Locks", "fsx:RestoreVolumeFromSnapshot", "fsx:TagResource", "fsx:UntagResource", "fsx:UpdateDataRepositoryAssociation", "fsx:UpdateFileCache", "fsx:UpdateFileSystem", "fsx:UpdateSharedVpcConfiguration", "fsx:UpdateSnapshot", "fsx:UpdateStorageVirtualMachine", "fsx:UpdateVolume" ], "Effect":"Allow", "Resource":"*", "Sid":"FullAccessToFSx" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "fsx.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateFSxSLR" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "s3.data-source.lustre.fsx.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateSLRForLustreS3Integration" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "fsx.amazonaws.com" ] }, "StringEquals":{ "aws:RequestTag/AmazonFSx":"ManagedByAmazonFSx" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:route-table/*" ], "Sid":"CreateTags" }, { "Action":[ "fsx:PutResourcePolicy", "fsx:GetResourcePolicy", "fsx:DeleteResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "ram.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageCrossAccountDataReplication" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-07T19:22:06+00:00" }, "AmazonFSxConsoleReadOnlyAccess":{ "CreateDate":"2018-11-28T16:35:24+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "ds:DescribeDirectories", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:GetSecurityGroupsForVpc", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "firehose:ListDeliveryStreams", "fsx:Describe*", "fsx:ListTagsForResource", "kms:DescribeKey", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"FSxReadOnlyPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-25T15:07:07+00:00" }, "AmazonFSxFullAccess":{ "CreateDate":"2018-11-28T16:34:43+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "ds:DescribeDirectories" ], "Effect":"Allow", "Resource":"*", "Sid":"ViewAWSDSDirectories" }, { "Action":[ "fsx:AssociateFileGateway", "fsx:AssociateFileSystemAliases", "fsx:CancelDataRepositoryTask", "fsx:CopyBackup", "fsx:CopySnapshotAndUpdateVolume", "fsx:CreateBackup", "fsx:CreateDataRepositoryAssociation", "fsx:CreateDataRepositoryTask", "fsx:CreateFileCache", "fsx:CreateFileSystem", "fsx:CreateFileSystemFromBackup", "fsx:CreateSnapshot", "fsx:CreateStorageVirtualMachine", "fsx:CreateVolume", "fsx:CreateVolumeFromBackup", "fsx:DeleteBackup", "fsx:DeleteDataRepositoryAssociation", "fsx:DeleteFileCache", "fsx:DeleteFileSystem", "fsx:DeleteSnapshot", "fsx:DeleteStorageVirtualMachine", "fsx:DeleteVolume", "fsx:DescribeAssociatedFileGateways", "fsx:DescribeBackups", "fsx:DescribeDataRepositoryAssociations", "fsx:DescribeDataRepositoryTasks", "fsx:DescribeFileCaches", "fsx:DescribeFileSystemAliases", "fsx:DescribeFileSystems", "fsx:DescribeSharedVpcConfiguration", "fsx:DescribeSnapshots", "fsx:DescribeStorageVirtualMachines", "fsx:DescribeVolumes", "fsx:DisassociateFileGateway", "fsx:DisassociateFileSystemAliases", "fsx:ListTagsForResource", "fsx:ManageBackupPrincipalAssociations", "fsx:ReleaseFileSystemNfsV3Locks", "fsx:RestoreVolumeFromSnapshot", "fsx:TagResource", "fsx:UntagResource", "fsx:UpdateDataRepositoryAssociation", "fsx:UpdateFileCache", "fsx:UpdateFileSystem", "fsx:UpdateSharedVpcConfiguration", "fsx:UpdateSnapshot", "fsx:UpdateStorageVirtualMachine", "fsx:UpdateVolume" ], "Effect":"Allow", "Resource":"*", "Sid":"FullAccessToFSx" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "fsx.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateSLRForFSx" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "s3.data-source.lustre.fsx.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateSLRForLustreS3Integration" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/fsx/*" ], "Sid":"CreateLogsForFSxWindowsAuditLogs" }, { "Action":[ "firehose:PutRecord" ], "Effect":"Allow", "Resource":[ "arn:aws:firehose:*:*:deliverystream/aws-fsx-*" ], "Sid":"WriteToAmazonKinesisDataFirehose" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "fsx.amazonaws.com" ] }, "StringEquals":{ "aws:RequestTag/AmazonFSx":"ManagedByAmazonFSx" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:route-table/*" ], "Sid":"CreateTags" }, { "Action":[ "ec2:DescribeSecurityGroups", "ec2:GetSecurityGroupsForVpc", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeRouteTables" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "fsx.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DescribeEC2VpcResources" }, { "Action":[ "fsx:PutResourcePolicy", "fsx:GetResourcePolicy", "fsx:DeleteResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "ram.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageCrossAccountDataReplication" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-10T20:16:00+00:00" }, "AmazonFSxReadOnlyAccess":{ "CreateDate":"2018-11-28T16:33:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "fsx:Describe*", "fsx:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-28T16:33:32+00:00" }, "AmazonFSxServiceRolePolicy":{ "CreateDate":"2018-11-28T10:38:37+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "ds:AuthorizeApplication", "ds:GetAuthorizedApplicationDetails", "ds:UnauthorizeApplication", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeAddresses", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DisassociateAddress", "ec2:GetSecurityGroupsForVpc", "route53:AssociateVPCWithHostedZone" ], "Effect":"Allow", "Resource":"*", "Sid":"CreateFileSystem" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/FSx" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"PutMetrics" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"AmazonFSx.FileSystemId" }, "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"TagResourceNetworkInterface" }, { "Action":[ "ec2:AssignPrivateIpAddresses", "ec2:ModifyNetworkInterfaceAttribute", "ec2:UnassignPrivateIpAddresses" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonFSx.FileSystemId":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"ManageNetworkInterface" }, { "Action":[ "ec2:CreateRoute", "ec2:ReplaceRoute", "ec2:DeleteRoute" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonFSx":"ManagedByAmazonFSx" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:route-table/*" ], "Sid":"ManageRouteTable" }, { "Action":[ "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/fsx/*", "Sid":"PutCloudWatchLogs" }, { "Action":[ "firehose:DescribeDeliveryStream", "firehose:PutRecord", "firehose:PutRecordBatch" ], "Effect":"Allow", "Resource":"arn:aws:firehose:*:*:deliverystream/aws-fsx-*", "Sid":"ManageAuditLogs" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-10T20:53:47+00:00" }, "AmazonForecastFullAccess":{ "CreateDate":"2019-01-18T01:52:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "forecast:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"forecast.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-01-18T01:52:29+00:00" }, "AmazonFraudDetectorFullAccessPolicy":{ "CreateDate":"2019-12-03T22:46:26+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "frauddetector:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sagemaker:ListEndpoints", "sagemaker:DescribeEndpoint" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"frauddetector.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T22:46:26+00:00" }, "AmazonFreeRTOSFullAccess":{ "CreateDate":"2017-11-29T15:32:51+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "freertos:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-29T15:32:51+00:00" }, "AmazonFreeRTOSOTAUpdate":{ "CreateDate":"2018-08-27T22:43:07+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "s3:GetObjectVersion", "s3:PutObject", "s3:GetObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::afr-ota*" }, { "Action":[ "signer:StartSigningJob", "signer:DescribeSigningJob", "signer:GetSigningProfile", "signer:PutSigningProfile" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListBucketVersions", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iot:DeleteJob", "iot:DescribeJob" ], "Effect":"Allow", "Resource":"arn:aws:iot:*:*:job/AFR_OTA*" }, { "Action":[ "iot:DeleteStream" ], "Effect":"Allow", "Resource":"arn:aws:iot:*:*:stream/AFR_OTA*" }, { "Action":[ "iot:CreateStream", "iot:CreateJob" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-18T17:47:30+00:00" }, "AmazonGlacierFullAccess":{ "CreateDate":"2015-02-06T18:40:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"glacier:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:28+00:00" }, "AmazonGlacierReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:27+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "glacier:DescribeJob", "glacier:DescribeVault", "glacier:GetDataRetrievalPolicy", "glacier:GetJobOutput", "glacier:GetVaultAccessPolicy", "glacier:GetVaultLock", "glacier:GetVaultNotifications", "glacier:ListJobs", "glacier:ListMultipartUploads", "glacier:ListParts", "glacier:ListTagsForVault", "glacier:ListVaults" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-05-05T18:46:10+00:00" }, "AmazonGrafanaAthenaAccess":{ "CreateDate":"2021-11-22T17:11:11+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetTableMetadata", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListTableMetadata", "athena:ListWorkGroups" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetWorkGroup", "athena:StartQueryExecution", "athena:StopQueryExecution" ], "Condition":{ "Null":{ "aws:ResourceTag/GrafanaDataSource":"false" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "glue:GetDatabase", "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload", "s3:CreateBucket", "s3:PutObject", "s3:PutBucketPublicAccessBlock" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::grafana-athena-query-results-*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-22T17:11:11+00:00" }, "AmazonGrafanaCloudWatchAccess":{ "CreateDate":"2023-03-24T22:41:53+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:GetMetricData", "cloudwatch:GetInsightRuleReport" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:DescribeLogGroups", "logs:GetLogGroupFields", "logs:StartQuery", "logs:StopQuery", "logs:GetQueryResults", "logs:GetLogEvents" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeRegions" ], "Effect":"Allow", "Resource":"*" }, { "Action":"tag:GetResources", "Effect":"Allow", "Resource":"*" }, { "Action":[ "oam:ListSinks", "oam:ListAttachedLinks" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-24T22:41:53+00:00" }, "AmazonGrafanaRedshiftAccess":{ "CreateDate":"2021-11-26T23:15:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "redshift:DescribeClusters", "redshift-data:GetStatementResult", "redshift-data:DescribeStatement", "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "redshift-data:DescribeTable", "redshift-data:ExecuteStatement", "redshift-data:ListTables", "redshift-data:ListSchemas" ], "Condition":{ "Null":{ "aws:ResourceTag/GrafanaDataSource":"false" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"redshift:GetClusterCredentials", "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:dbname:*/*", "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" ] }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "Null":{ "secretsmanager:ResourceTag/RedshiftQueryOwner":"false" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-26T23:15:15+00:00" }, "AmazonGrafanaServiceLinkedRolePolicy":{ "CreateDate":"2022-11-08T23:10:33+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateNetworkInterface", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonGrafanaManaged" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateTags", "Condition":{ "Null":{ "aws:RequestTag/AmazonGrafanaManaged":"false" }, "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":"ec2:DeleteNetworkInterface", "Condition":{ "Null":{ "ec2:ResourceTag/AmazonGrafanaManaged":"false" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-08T23:10:33+00:00" }, "AmazonGuardDutyFullAccess":{ "CreateDate":"2017-11-28T22:31:30+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":"guardduty:*", "Effect":"Allow", "Resource":"*", "Sid":"AmazonGuardDutyFullAccessSid1" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":[ "guardduty.amazonaws.com", "malware-protection.guardduty.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateServiceLinkedRoleSid1" }, { "Action":[ "organizations:EnableAWSServiceAccess", "organizations:RegisterDelegatedAdministrator", "organizations:ListDelegatedAdministrators", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":"*", "Sid":"ActionsForOrganizationsSid1" }, { "Action":"iam:GetRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*AWSServiceRoleForAmazonGuardDutyMalwareProtection", "Sid":"IamGetRoleSid1" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"malware-protection-plan.guardduty.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"AllowPassRoleToMalwareProtectionPlan" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-10T22:50:31+00:00" }, "AmazonGuardDutyMalwareProtectionServiceRolePolicy":{ "CreateDate":"2022-07-19T19:06:53+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeSnapshots", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListTasks", "ecs:DescribeTasks", "eks:DescribeCluster" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeAndListPermissions" }, { "Action":"ec2:CreateSnapshot", "Condition":{ "Null":{ "aws:ResourceTag/GuardDutyExcluded":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"CreateSnapshotVolumeConditionalStatement" }, { "Action":"ec2:CreateSnapshot", "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":"GuardDutyScanId" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"CreateSnapshotConditionalStatement" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateSnapshot" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:*/*", "Sid":"CreateTagsPermission" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "GuardDutyExcluded", "GuardDutyFindingDetected" ] }, "StringLike":{ "ec2:ResourceTag/GuardDutyScanId":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"AddTagsToSnapshotPermission" }, { "Action":[ "ec2:DeleteSnapshot", "ec2:ModifySnapshotAttribute" ], "Condition":{ "Null":{ "aws:ResourceTag/GuardDutyExcluded":"true" }, "StringLike":{ "ec2:ResourceTag/GuardDutyScanId":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"DeleteAndShareSnapshotPermission" }, { "Action":[ "ec2:ModifySnapshotAttribute" ], "Condition":{ "StringEquals":{ "ec2:Add/group":"all" } }, "Effect":"Deny", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"PreventPublicAccessToSnapshotPermission" }, { "Action":"kms:CreateGrant", "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":"true" }, "ForAllValues:StringEquals":{ "kms:GrantOperations":[ "Decrypt", "CreateGrant", "GenerateDataKeyWithoutPlaintext", "ReEncryptFrom", "ReEncryptTo", "RetireGrant", "DescribeKey" ] }, "Null":{ "aws:ResourceTag/GuardDutyExcluded":"true" }, "StringLike":{ "kms:EncryptionContext:aws:ebs:id":"snap-*" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"CreateGrantPermission" }, { "Action":[ "kms:ReEncryptTo", "kms:ReEncryptFrom" ], "Condition":{ "Null":{ "aws:ResourceTag/GuardDutyExcluded":"true" }, "StringLike":{ "kms:ViaService":"ec2.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"ShareSnapshotKMSPermission" }, { "Action":"kms:DescribeKey", "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"DescribeKeyPermission" }, { "Action":[ "logs:DescribeLogGroups", "logs:CreateLogGroup", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/guardduty/*", "Sid":"GuardDutyLogGroupPermission" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/guardduty/*:log-stream:*", "Sid":"GuardDutyLogStreamPermission" }, { "Action":[ "ebs:GetSnapshotBlock", "ebs:ListSnapshotBlocks" ], "Condition":{ "Null":{ "aws:ResourceTag/GuardDutyExcluded":"true" }, "StringLike":{ "aws:ResourceTag/GuardDutyScanId":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"EBSDirectAPIPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-25T22:24:00+00:00" }, "AmazonGuardDutyReadOnlyAccess":{ "CreateDate":"2017-11-28T22:29:40+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "guardduty:Describe*", "guardduty:Get*", "guardduty:List*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:ListDelegatedAdministrators", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-16T23:07:06+00:00" }, "AmazonGuardDutyServiceRolePolicy":{ "CreateDate":"2017-11-28T20:12:59+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeImages", "ec2:DescribeVpcEndpoints", "ec2:DescribeSubnets", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeTransitGatewayAttachments", "organizations:ListAccounts", "organizations:DescribeAccount", "organizations:DescribeOrganization", "s3:GetBucketPublicAccessBlock", "s3:GetEncryptionConfiguration", "s3:GetBucketTagging", "s3:GetAccountPublicAccessBlock", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "lambda:GetFunctionConfiguration", "lambda:ListTags", "eks:ListClusters", "eks:DescribeCluster", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "ecs:ListClusters", "ecs:DescribeClusters" ], "Effect":"Allow", "Resource":"*", "Sid":"GuardDutyGetDescribeListPolicy" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"malware-protection.guardduty.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"GuardDutyCreateSLRPolicy" }, { "Action":"ec2:CreateVpcEndpoint", "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":"GuardDutyManaged" }, "StringLike":{ "ec2:VpceServiceName":[ "com.amazonaws.*.guardduty-data", "com.amazonaws.*.guardduty-data-fips" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"GuardDutyCreateVpcEndpointPolicy" }, { "Action":[ "ec2:ModifyVpcEndpoint", "ec2:DeleteVpcEndpoints" ], "Condition":{ "Null":{ "aws:ResourceTag/GuardDutyManaged":false } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"GuardDutyModifyDeleteVpcEndpointPolicy" }, { "Action":[ "ec2:CreateVpcEndpoint", "ec2:ModifyVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*" ], "Sid":"GuardDutyCreateModifyVpcEndpointNetworkPolicy" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":"GuardDutyManaged" }, "StringEquals":{ "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"GuardDutyCreateTagsDuringVpcEndpointCreationPolicy" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup" ], "Condition":{ "Null":{ "aws:ResourceTag/GuardDutyManaged":false } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"GuardDutySecurityGroupManagementPolicy" }, { "Action":"ec2:CreateSecurityGroup", "Condition":{ "StringLike":{ "aws:RequestTag/GuardDutyManaged":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"GuardDutyCreateSecurityGroupPolicy" }, { "Action":"ec2:CreateSecurityGroup", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/*", "Sid":"GuardDutyCreateSecurityGroupForVpcPolicy" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":"GuardDutyManaged" }, "StringEquals":{ "ec2:CreateAction":"CreateSecurityGroup" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"GuardDutyCreateTagsDuringSecurityGroupCreationPolicy" }, { "Action":"eks:CreateAddon", "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":"GuardDutyManaged" } }, "Effect":"Allow", "Resource":"arn:aws:eks:*:*:cluster/*", "Sid":"GuardDutyCreateEksAddonPolicy" }, { "Action":[ "eks:DeleteAddon", "eks:UpdateAddon", "eks:DescribeAddon" ], "Effect":"Allow", "Resource":"arn:aws:eks:*:*:addon/*/aws-guardduty-agent/*", "Sid":"GuardDutyEksAddonManagementPolicy" }, { "Action":"eks:TagResource", "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":"GuardDutyManaged" } }, "Effect":"Allow", "Resource":"arn:aws:eks:*:*:cluster/*", "Sid":"GuardDutyEksClusterTagResourcePolicy" }, { "Action":"ecs:PutAccountSettingDefault", "Condition":{ "StringEquals":{ "ecs:account-setting":[ "guardDutyActivate" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"GuardDutyEcsPutAccountSettingsDefaultPolicy" }, { "Action":[ "ssm:DescribeAssociation", "ssm:DeleteAssociation", "ssm:UpdateAssociation", "ssm:CreateAssociation", "ssm:StartAssociationsOnce" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/GuardDutyManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:association/*", "Sid":"SsmCreateDescribeUpdateDeleteStartAssociationPermission" }, { "Action":[ "ssm:AddTagsToResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "GuardDutyManaged" ] }, "StringEquals":{ "aws:ResourceTag/GuardDutyManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:association/*", "Sid":"SsmAddTagsToResourcePermission" }, { "Action":[ "ssm:CreateAssociation", "ssm:UpdateAssociation" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:document/AmazonGuardDuty-ConfigureRuntimeMonitoringSsmPlugin", "Sid":"SsmCreateUpdateAssociationInstanceDocumentPermission" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:document/AmazonGuardDuty-ConfigureRuntimeMonitoringSsmPlugin" ], "Sid":"SsmSendCommandPermission" }, { "Action":"ssm:GetCommandInvocation", "Effect":"Allow", "Resource":"*", "Sid":"SsmGetCommandStatus" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-12T20:01:11+00:00" }, "AmazonHealthLakeFullAccess":{ "CreateDate":"2021-02-17T01:07:05+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "healthlake:*", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"healthlake.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-17T01:07:05+00:00" }, "AmazonHealthLakeReadOnlyAccess":{ "CreateDate":"2021-02-17T02:43:31+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "healthlake:ListFHIRDatastores", "healthlake:DescribeFHIRDatastore", "healthlake:DescribeFHIRImportJob", "healthlake:DescribeFHIRExportJob", "healthlake:GetCapabilities", "healthlake:ReadResource", "healthlake:SearchWithGet", "healthlake:SearchWithPost" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-17T02:43:31+00:00" }, "AmazonHoneycodeFullAccess":{ "CreateDate":"2020-06-24T20:28:11+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "honeycode:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-24T20:28:11+00:00" }, "AmazonHoneycodeReadOnlyAccess":{ "CreateDate":"2020-06-24T20:28:16+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "honeycode:List*", "honeycode:Get*", "honeycode:Describe*", "honeycode:Query*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T17:27:53+00:00" }, "AmazonHoneycodeServiceRolePolicy":{ "CreateDate":"2020-11-18T18:03:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sso:GetManagedApplicationInstance" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-18T18:03:08+00:00" }, "AmazonHoneycodeTeamAssociationFullAccess":{ "CreateDate":"2020-06-24T20:28:27+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "honeycode:ListTeamAssociations", "honeycode:ApproveTeamAssociation", "honeycode:RejectTeamAssociation" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-24T20:28:27+00:00" }, "AmazonHoneycodeTeamAssociationReadOnlyAccess":{ "CreateDate":"2020-06-24T20:27:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "honeycode:ListTeamAssociations" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-24T20:27:46+00:00" }, "AmazonHoneycodeWorkbookFullAccess":{ "CreateDate":"2020-06-24T20:28:46+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "honeycode:GetScreenData", "honeycode:InvokeScreenAutomation", "honeycode:BatchCreateTableRows", "honeycode:BatchDeleteTableRows", "honeycode:BatchUpdateTableRows", "honeycode:BatchUpsertTableRows", "honeycode:DescribeTableDataImportJob", "honeycode:ListTableColumns", "honeycode:ListTableRows", "honeycode:ListTables", "honeycode:QueryTableRows", "honeycode:StartTableDataImportJob" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T17:30:06+00:00" }, "AmazonHoneycodeWorkbookReadOnlyAccess":{ "CreateDate":"2020-06-24T20:28:07+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "honeycode:GetScreenData", "honeycode:DescribeTableDataImportJob", "honeycode:ListTableColumns", "honeycode:ListTableRows", "honeycode:ListTables", "honeycode:QueryTableRows" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T17:32:49+00:00" }, "AmazonInspector2AgentlessServiceRolePolicy":{ "CreateDate":"2023-11-20T15:18:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*", "Sid":"InstanceIdentification" }, { "Action":[ "ebs:ListSnapshotBlocks", "ebs:GetSnapshotBlock" ], "Condition":{ "StringLike":{ "aws:ResourceTag/InspectorScan":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"GetSnapshotData" }, { "Action":"ec2:CreateSnapshots", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"CreateSnapshotsAnyInstanceOrVolume" }, { "Action":"ec2:CreateSnapshots", "Condition":{ "StringEquals":{ "ec2:ResourceTag/InspectorEc2Exclusion":"true" } }, "Effect":"Deny", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"DenyCreateSnapshotsOnExcludedInstances" }, { "Action":"ec2:CreateSnapshots", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"InspectorScan" }, "Null":{ "aws:TagKeys":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"CreateSnapshotsOnAnySnapshotOnlyWithTag" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"InspectorScan" }, "Null":{ "aws:TagKeys":"false" }, "StringLike":{ "ec2:CreateAction":"CreateSnapshots" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"CreateOnlyInspectorScanTagOnlyUsingCreateSnapshots" }, { "Action":"ec2:DeleteSnapshot", "Condition":{ "StringLike":{ "ec2:ResourceTag/InspectorScan":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*", "Sid":"DeleteOnlySnapshotsTaggedForScanning" }, { "Action":"kms:Decrypt", "Condition":{ "StringEquals":{ "aws:ResourceTag/InspectorEc2Exclusion":"true" } }, "Effect":"Deny", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"DenyKmsDecryptForExcludedKeys" }, { "Action":"kms:Decrypt", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:EncryptionContext:aws:ebs:id":"vol-*", "kms:ViaService":"ec2.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"DecryptSnapshotBlocksVolContext" }, { "Action":"kms:Decrypt", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:EncryptionContext:aws:ebs:id":"snap-*", "kms:ViaService":"ec2.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"DecryptSnapshotBlocksSnapContext" }, { "Action":"kms:DescribeKey", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"ec2.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"DescribeKeysForEbsOperations" }, { "Action":"kms:ListResourceTags", "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"ListKeyResourceTags" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-20T15:18:32+00:00" }, "AmazonInspector2FullAccess":{ "CreateDate":"2021-11-29T19:10:15+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":"inspector2:*", "Effect":"Allow", "Resource":"*", "Sid":"AllowFullAccessToInspectorApis" }, { "Action":[ "codeguru-security:BatchGetFindings", "codeguru-security:GetAccountConfiguration" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessToCodeGuruApis" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "agentless.inspector2.amazonaws.com", "inspector2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessToCreateSlr" }, { "Action":[ "organizations:EnableAWSServiceAccess", "organizations:RegisterDelegatedAdministrator", "organizations:ListDelegatedAdministrators", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessToOrganizationApis" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-25T13:21:03+00:00" }, "AmazonInspector2ManagedCisPolicy":{ "CreateDate":"2024-01-24T16:31:43+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "inspector2:StartCisSession", "inspector2:StopCisSession", "inspector2:SendCisSessionTelemetry", "inspector2:SendCisSessionHealth" ], "Effect":"Allow", "Resource":"*", "Sid":"PermissionsForCISScans" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-24T16:31:43+00:00" }, "AmazonInspector2ReadOnlyAccess":{ "CreateDate":"2022-01-21T14:45:14+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "organizations:ListDelegatedAdministrators", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:DescribeOrganization", "inspector2:BatchGet*", "inspector2:List*", "inspector2:Describe*", "inspector2:Get*", "inspector2:Search*", "codeguru-security:BatchGetFindings", "codeguru-security:GetAccountConfiguration" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-22T20:56:53+00:00" }, "AmazonInspector2ServiceRolePolicy":{ "CreateDate":"2021-11-16T20:27:48+00:00", "DefaultVersionId":"v15", "Document":{ "Statement":[ { "Action":[ "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGatewayAssociations", "directconnect:DescribeDirectConnectGatewayAttachments", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeVirtualGateways", "directconnect:DescribeVirtualInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeManagedPrefixLists", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayConnects", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGateways", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetManagedPrefixListEntries", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:SearchTransitGatewayRoutes", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetHealth", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups", "tiros:CreateQuery", "tiros:GetQueryAnswer" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"TirosPolicy" }, { "Action":[ "ecr:BatchGetImage", "ecr:BatchGetRepositoryScanningConfiguration", "ecr:DescribeImages", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer", "ecr:GetRegistryScanningConfiguration", "ecr:ListImages", "ecr:PutRegistryScanningConfiguration", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "ssm:DescribeAssociation", "ssm:DescribeAssociationExecutions", "ssm:DescribeInstanceInformation", "ssm:ListAssociations", "ssm:ListResourceDataSync" ], "Effect":"Allow", "Resource":"*", "Sid":"PackageVulnerabilityScanning" }, { "Action":[ "lambda:ListFunctions", "lambda:GetFunction", "lambda:GetLayerVersion", "lambda:ListTags", "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"LambdaPackageVulnerabilityScanning" }, { "Action":[ "ssm:CreateAssociation", "ssm:StartAssociationsOnce", "ssm:DeleteAssociation", "ssm:UpdateAssociation" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:document/AmazonInspector2-*", "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory", "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:association/*" ], "Sid":"GatherInventory" }, { "Action":[ "ssm:CreateResourceDataSync", "ssm:DeleteResourceDataSync" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:resource-data-sync/InspectorResourceDataSync-do-not-delete" ], "Sid":"DataSyncCleanup" }, { "Action":[ "events:PutRule", "events:DeleteRule", "events:DescribeRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/DO-NOT-DELETE-AmazonInspector*ManagedRule" ], "Sid":"ManagedRules" }, { "Action":[ "codeguru-security:CreateScan", "codeguru-security:GetAccountConfiguration", "codeguru-security:GetFindings", "codeguru-security:GetScan", "codeguru-security:ListFindings", "codeguru-security:BatchGetFindings", "codeguru-security:DeleteScansByCategory" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"LambdaCodeVulnerabilityScanning" }, { "Action":[ "iam:GetRole", "iam:GetRolePolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListAttachedRolePolicies", "iam:ListPolicies", "iam:ListPolicyVersions", "iam:ListRolePolicies", "lambda:ListVersionsByFunction" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "codeguru-security.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"CodeGuruCodeVulnerabilityScanning" }, { "Action":[ "ssm:PutParameter", "ssm:GetParameters", "ssm:DeleteParameter" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:parameter/inspector-aws/service/inspector-linux-application-paths" ], "Sid":"Ec2DeepInspection" }, { "Action":[ "cloudtrail:CreateServiceLinkedChannel", "cloudtrail:DeleteServiceLinkedChannel" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudtrail:*:*:channel/aws-service-channel/inspector2/*" ], "Sid":"AllowManagementOfServiceLinkedChannel" }, { "Action":[ "cloudtrail:ListServiceLinkedChannels" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowListServiceLinkedChannels" }, { "Action":[ "ssm:SendCommand", "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AmazonInspector2-InvokeInspectorSsmPluginCIS" ], "Sid":"AllowToRunInvokeCisSpecificDocuments" }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"AllowToRunCisCommandsToSpecificResources" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/Inspector2" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowToPutCloudwatchMetricData" }, { "Action":[ "ecs:ListClusters", "ecs:ListTasks", "eks:ListClusters" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowListAccessToECSAndEKS" }, { "Action":[ "ecs:DescribeTasks" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:ecs:*:*:task/*", "Sid":"AllowAccessToECSTasks" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-28T20:07:06+00:00" }, "AmazonInspectorFullAccess":{ "CreateDate":"2015-10-07T17:08:04+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "inspector:*", "ec2:DescribeInstances", "ec2:DescribeTags", "sns:ListTopics", "events:DescribeRule", "events:ListRuleNamesByTarget" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "inspector.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"inspector.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-21T14:53:31+00:00" }, "AmazonInspectorReadOnlyAccess":{ "CreateDate":"2015-10-07T17:08:01+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "inspector:Describe*", "inspector:Get*", "inspector:List*", "inspector:Preview*", "ec2:DescribeInstances", "ec2:DescribeTags", "sns:ListTopics", "events:DescribeRule", "events:ListRuleNamesByTarget" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-01T15:17:54+00:00" }, "AmazonInspectorServiceRolePolicy":{ "CreateDate":"2017-11-21T15:48:27+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeDirectConnectGatewayAssociations", "directconnect:DescribeDirectConnectGatewayAttachments", "directconnect:DescribeVirtualGateways", "directconnect:DescribeVirtualInterfaces", "directconnect:DescribeTags", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeInternetGateways", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DescribeManagedPrefixLists", "ec2:GetManagedPrefixListEntries", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:SearchTransitGatewayRoutes", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:GetTransitGatewayRouteTablePropagations", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-11T17:12:02+00:00" }, "AmazonKendraFullAccess":{ "CreateDate":"2019-12-03T16:15:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"kendra.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:ListKeys", "kms:ListAliases", "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:DescribeSecret" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonKendra-*" }, { "Action":"kendra:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T16:15:37+00:00" }, "AmazonKendraReadOnlyAccess":{ "CreateDate":"2019-12-03T16:13:45+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "kendra:Describe*", "kendra:List*", "kendra:Query", "kendra:GetQuerySuggestions" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-05-27T17:01:20+00:00" }, "AmazonKeyspacesFullAccess":{ "CreateDate":"2020-04-23T17:06:37+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "cassandra:*" ], "Effect":"Allow", "Resource":"*", "Sid":"CassandraFullAccess" }, { "Action":[ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScheduledAction", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "kms:DescribeKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"ApplicationAutoscalingFullAccess" }, { "Action":[ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudwatchAlarmsFullAccess" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"cassandra.application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable", "Sid":"ApplicationAutoscalingServiceLinkedRole" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"replication.cassandra.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/replication.cassandra.amazonaws.com/AWSServiceRoleForKeyspacesReplication", "Sid":"KeyspacesReplicationServiceLinkedRole" }, { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"Ec2VpcReadAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-03T19:12:30+00:00" }, "AmazonKeyspacesReadOnlyAccess":{ "CreateDate":"2020-04-23T17:07:14+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "cassandra:Select" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "kms:DescribeKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-07T14:54:05+00:00" }, "AmazonKeyspacesReadOnlyAccess_v2":{ "CreateDate":"2023-09-12T17:01:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cassandra:Select" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "kms:DescribeKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-12T17:01:45+00:00" }, "AmazonKinesisAnalyticsFullAccess":{ "CreateDate":"2016-09-21T19:01:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"kinesisanalytics:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesis:CreateStream", "kinesis:DeleteStream", "kinesis:DescribeStream", "kinesis:ListStreams", "kinesis:PutRecord", "kinesis:PutRecords" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*" }, { "Action":"logs:GetLogEvents", "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:ListPolicyVersions", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/kinesis-analytics*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-09-21T19:01:14+00:00" }, "AmazonKinesisAnalyticsReadOnly":{ "CreateDate":"2016-09-21T18:16:43+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "kinesisanalytics:Describe*", "kinesisanalytics:Get*", "kinesisanalytics:List*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesis:DescribeStream", "kinesis:ListStreams" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*" }, { "Action":"logs:GetLogEvents", "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:ListPolicyVersions", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-09-21T18:16:43+00:00" }, "AmazonKinesisFirehoseFullAccess":{ "CreateDate":"2015-10-07T18:45:26+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "firehose:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-10-07T18:45:26+00:00" }, "AmazonKinesisFirehoseReadOnlyAccess":{ "CreateDate":"2015-10-07T18:43:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "firehose:Describe*", "firehose:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-10-07T18:43:39+00:00" }, "AmazonKinesisFullAccess":{ "CreateDate":"2015-02-06T18:40:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"kinesis:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:29+00:00" }, "AmazonKinesisReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:30+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "kinesis:Get*", "kinesis:List*", "kinesis:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:30+00:00" }, "AmazonKinesisVideoStreamsFullAccess":{ "CreateDate":"2017-12-01T23:27:18+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"kinesisvideo:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-01T23:27:18+00:00" }, "AmazonKinesisVideoStreamsReadOnlyAccess":{ "CreateDate":"2017-12-01T23:14:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "kinesisvideo:Describe*", "kinesisvideo:Get*", "kinesisvideo:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-01T23:14:32+00:00" }, "AmazonLaunchWizardFullAccessV2":{ "CreateDate":"2023-09-01T17:14:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"applicationinsights:*", "Effect":"Allow", "Resource":"*", "Sid":"AppInsightsActions0" }, { "Action":"resource-groups:List*", "Effect":"Allow", "Resource":"*", "Sid":"ResourceGroupActions0" }, { "Action":[ "route53:ChangeResourceRecordSets", "route53:GetChange", "route53:ListResourceRecordSets", "route53:ListHostedZones", "route53:ListHostedZonesByName" ], "Effect":"Allow", "Resource":"*", "Sid":"Route53Actions0" }, { "Action":[ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"*", "Sid":"S3Actions0" }, { "Action":[ "kms:ListKeys", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"KmsActions0" }, { "Action":[ "cloudwatch:List*", "cloudwatch:Get*", "cloudwatch:Describe*" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchActions0" }, { "Action":[ "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateVpc", "ec2:CreateKeyPair", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSubnet" ], "Effect":"Allow", "Resource":"*", "Sid":"Ec2Actions0" }, { "Action":[ "ec2:AllocateAddress", "ec2:AllocateHosts", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateNetworkInterface", "ec2:CreateVolume", "ec2:CreateVpcEndpoint", "ec2:CreateTags", "ec2:DeleteTags", "ec2:RunInstances", "ec2:StartInstances", "ec2:ModifyInstanceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVolumeAttribute", "ec2:ModifyVpcAttribute", "ec2:AssociateDhcpOptions", "ec2:AssociateSubnetCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVolume", "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteKeyPair", "ec2:DeleteNatGateway", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DeleteVpc", "ec2:DetachInternetGateway", "ec2:DetachVolume", "ec2:DeleteSnapshot", "ec2:AssociateRouteTable", "ec2:AssociateVpcCidrBlock", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSubnet", "ec2:DetachNetworkInterface", "ec2:DisassociateAddress", "ec2:DisassociateVpcCidrBlock", "ec2:GetLaunchTemplateData", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyVolume", "ec2:AuthorizeSecurityGroupEgress", "ec2:GetConsoleOutput", "ec2:GetPasswordData", "ec2:ReleaseAddress", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:DisassociateIamInstanceProfile", "ec2:DisassociateRouteTable", "ec2:DisassociateSubnetCidrBlock", "ec2:ModifyInstancePlacement", "ec2:DeletePlacementGroup", "ec2:CreatePlacementGroup", "elasticfilesystem:DeleteFileSystem", "elasticfilesystem:DeleteMountTarget", "ds:AddIpRoutes", "ds:CreateComputer", "ds:CreateMicrosoftAD", "ds:DeleteDirectory", "servicecatalog:AssociateProductWithPortfolio", "cloudformation:GetTemplateSummary", "sts:GetCallerIdentity" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"launchwizard.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"Ec2Actions1" }, { "Action":[ "cloudformation:DescribeStack*", "cloudformation:Get*", "cloudformation:ListStacks", "cloudformation:SignalResource", "cloudformation:DeleteStack" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/LaunchWizard*/*", "arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*" ], "Sid":"CloudFormationActions0" }, { "Action":[ "ec2:StopInstances", "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"Ec2Actions2" }, { "Action":[ "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:AddRoleToInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", "arn:aws:iam::*:instance-profile/LaunchWizard*" ], "Sid":"IamActions0" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEqualsIfExists":{ "iam:PassedToService":[ "lambda.amazonaws.com", "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard", "arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard", "arn:aws:iam::*:instance-profile/LaunchWizard*" ], "Sid":"IamActions1" }, { "Action":[ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:UpdateAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "resource-groups:CreateGroup", "resource-groups:DeleteGroup", "sns:ListSubscriptionsByTopic", "sns:Publish", "ssm:DeleteDocument", "ssm:DeleteParameter*", "ssm:DescribeDocument*", "ssm:GetDocument", "ssm:PutParameter" ], "Effect":"Allow", "Resource":[ "arn:aws:resource-groups:*:*:group/LaunchWizard*", "arn:aws:sns:*:*:*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*", "arn:aws:ssm:*:*:parameter/LaunchWizard*", "arn:aws:ssm:*:*:document/LaunchWizard*" ], "Sid":"AutoScalingActions0" }, { "Action":[ "ssm:GetDocument", "ssm:SendCommand" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*::document/AWS-RunShellScript" ], "Sid":"SsmActions0" }, { "Action":[ "ssm:SendCommand" ], "Condition":{ "StringLike":{ "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"SsmActions1" }, { "Action":[ "ssm:AddTagsToResource", "ssm:DescribeDocument", "ssm:GetDocument", "ssm:ListTagsForResource", "ssm:RemoveTagsFromResource" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:parameter/LaunchWizard*", "arn:aws:ssm:*:*:document/LaunchWizard*" ], "Sid":"SsmActions2" }, { "Action":[ "autoscaling:Describe*", "cloudformation:DescribeAccountLimits", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:List*", "cloudformation:ValidateTemplate", "ds:Describe*", "ds:ListAuthorizedApplications", "ec2:Describe*", "ec2:Get*", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUser", "iam:GetPolicyVersion", "iam:GetPolicy", "iam:List*", "resource-groups:Get*", "resource-groups:List*", "servicequotas:GetServiceQuota", "servicequotas:ListServiceQuotas", "sns:ListSubscriptions", "sns:ListTopics", "ssm:CreateDocument", "ssm:DescribeAutomation*", "ssm:DescribeInstanceInformation", "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetCommandInvocation", "ssm:GetParameter*", "ssm:GetConnectionStatus", "ssm:ListCommand*", "ssm:ListDocument*", "ssm:ListInstanceAssociations", "ssm:SendAutomationSignal", "tag:Get*" ], "Effect":"Allow", "Resource":"*", "Sid":"SsmActions3" }, { "Action":[ "ssm:StartAutomationExecution", "ssm:StopAutomationExecution" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"launchwizard.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:automation-definition/LaunchWizard-*:*", "Sid":"SsmActions4" }, { "Action":[ "cloudformation:List*", "cloudformation:Describe*" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/LaunchWizard*/", "Sid":"CloudFormationActions1" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "autoscaling.amazonaws.com", "application-insights.amazonaws.com", "events.amazonaws.com", "autoscaling.amazonaws.com.cn", "events.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"IamActions2" }, { "Action":"launchwizard:*", "Effect":"Allow", "Resource":"*", "Sid":"LaunchWizardActions0" }, { "Action":[ "sqs:TagQueue", "sqs:GetQueueUrl", "sqs:AddPermission", "sqs:ListQueues", "sqs:DeleteQueue", "sqs:GetQueueAttributes", "sqs:ListQueueTags", "sqs:CreateQueue", "sqs:SetQueueAttributes" ], "Effect":"Allow", "Resource":"arn:aws:sqs:*:*:LaunchWizard*", "Sid":"SqsActions0" }, { "Action":[ "cloudwatch:PutMetricAlarm", "iam:GetInstanceProfile", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:LaunchWizard*", "arn:aws:iam::*:instance-profile/LaunchWizard*" ], "Sid":"CloudWatchActions1" }, { "Action":[ "cloudformation:CreateStack", "route53:ListHostedZones", "ec2:CreateSecurityGroup", "ec2:AuthorizeSecurityGroupIngress", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:CreateFileSystem", "elasticfilesystem:CreateMountTarget", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"EfsActions0" }, { "Action":[ "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::launchwizard*", "arn:aws:s3:::launchwizard*/*", "arn:aws:s3:::aws-sap-data-provider/config.properties" ], "Sid":"S3Actions1" }, { "Action":"cloudformation:TagResource", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":"LaunchWizard*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudFormationActions2" }, { "Action":[ "s3:CreateBucket", "s3:PutBucketVersioning", "s3:DeleteBucket", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:LaunchWizard*", "arn:aws:s3:::launchwizard*" ], "Sid":"LambdaActions0" }, { "Action":[ "dynamodb:CreateTable", "dynamodb:DescribeTable", "dynamodb:DeleteTable" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/LaunchWizard*", "Sid":"DynamodbActions0" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:TagResource", "secretsmanager:UntagResource", "secretsmanager:PutResourcePolicy", "secretsmanager:DeleteResourcePolicy", "secretsmanager:ListSecretVersionIds", "secretsmanager:GetSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:LaunchWizard*", "Sid":"SecretsManagerActions0" }, { "Action":[ "secretsmanager:GetRandomPassword", "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*", "Sid":"SecretsManagerActions1" }, { "Action":[ "ssm:CreateOpsMetadata" ], "Effect":"Allow", "Resource":"*", "Sid":"SsmActions5" }, { "Action":"ssm:DeleteOpsMetadata", "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*", "Sid":"SsmActions6" }, { "Action":[ "sns:CreateTopic", "sns:DeleteTopic", "sns:Subscribe", "sns:Unsubscribe" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:LaunchWizard*", "Sid":"SnsActions0" }, { "Action":[ "fsx:UntagResource", "fsx:TagResource", "fsx:DeleteFileSystem", "fsx:ListTagsForResource" ], "Condition":{ "StringLike":{ "aws:ResourceTag/Name":"LaunchWizard*" } }, "Effect":"Allow", "Resource":"*", "Sid":"FsxActions0" }, { "Action":[ "fsx:CreateFileSystem" ], "Condition":{ "StringLike":{ "aws:RequestTag/Name":[ "LaunchWizard*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"FsxActions1" }, { "Action":[ "fsx:DescribeFileSystems" ], "Effect":"Allow", "Resource":"*", "Sid":"FsxActions2" }, { "Action":[ "servicecatalog:CreatePortfolio", "servicecatalog:DescribePortfolio", "servicecatalog:CreateConstraint", "servicecatalog:CreateProduct", "servicecatalog:AssociatePrincipalWithPortfolio", "servicecatalog:CreateProvisioningArtifact", "servicecatalog:TagResource", "servicecatalog:UntagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"launchwizard.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:servicecatalog:*:*:*/*", "arn:aws:catalog:*:*:*/*" ], "Sid":"ServiceCatalogActions0" }, { "Action":[ "ssm:CreateAssociation", "ssm:DeleteAssociation" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"launchwizard.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*:*:association/*" ], "Sid":"SsmActions7" }, { "Action":[ "elasticfilesystem:UntagResource", "elasticfilesystem:TagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"launchwizard.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", "Sid":"EfsActions1" }, { "Action":[ "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DescribeLogStreams", "logs:UntagResource", "logs:TagResource", "logs:CreateLogGroup", "logs:DeleteLogStream", "logs:PutLogEvents", "logs:GetLogEvents", "logs:GetLogDelivery", "logs:GetLogGroupFields", "logs:GetLogRecord", "logs:ListLogDeliveries" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"launchwizard.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:LaunchWizard*", "arn:aws:logs:*:*:log-group:LaunchWizard*:log-stream:*" ], "Sid":"LogsActions0" }, { "Action":"logs:DescribeLogGroups", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"launchwizard.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"LogsActions1" }, { "Action":[ "fsx:CreateStorageVirtualMachine", "fsx:CreateVolume" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "launchwizard.amazonaws.com" ] }, "StringLike":{ "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"FsxActions3" }, { "Action":[ "fsx:DescribeStorageVirtualMachines", "fsx:DescribeVolumes" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "launchwizard.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"FsxActions4" }, { "Action":[ "fsx:DeleteStorageVirtualMachine", "fsx:DeleteVolume" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "launchwizard.amazonaws.com" ] }, "StringLike":{ "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" } }, "Effect":"Allow", "Resource":[ "arn:aws:fsx:*:*:storage-virtual-machine/*/*", "arn:aws:fsx:*:*:backup/*", "arn:aws:fsx:*:*:volume/*/*" ], "Sid":"FsxActions5" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-01T17:14:56+00:00" }, "AmazonLexChannelsAccess":{ "CreateDate":"2021-01-13T20:12:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lex:ListBots" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-13T20:12:46+00:00" }, "AmazonLexFullAccess":{ "CreateDate":"2017-04-11T23:20:36+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "kms:DescribeKey", "kms:ListAliases", "lambda:GetPolicy", "lambda:ListFunctions", "lex:*", "polly:DescribeVoices", "polly:SynthesizeSpeech", "kendra:ListIndices", "iam:ListRoles", "s3:ListAllMyBuckets", "logs:DescribeLogGroups", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmazonLexFullAccessStatement1" }, { "Action":[ "lambda:AddPermission", "lambda:RemovePermission" ], "Condition":{ "StringEquals":{ "lambda:Principal":"lex.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:AmazonLex*", "Sid":"AmazonLexFullAccessStatement2" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*", "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Sid":"AmazonLexFullAccessStatement3" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"lex.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Sid":"AmazonLexFullAccessStatement4" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"channels.lex.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" ], "Sid":"AmazonLexFullAccessStatement5" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"lexv2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Sid":"AmazonLexFullAccessStatement6" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"channels.lexv2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Sid":"AmazonLexFullAccessStatement7" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"replication.lexv2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Sid":"AmazonLexFullAccessStatement8" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*", "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Sid":"AmazonLexFullAccessStatement9" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lex.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Sid":"AmazonLexFullAccessStatement10" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lexv2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Sid":"AmazonLexFullAccessStatement11" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "channels.lexv2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Sid":"AmazonLexFullAccessStatement12" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lexv2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/replication.lexv2.amazonaws.com/AWSServiceRoleForLexV2Replication*" ], "Sid":"AmazonLexFullAccessStatement13" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-16T20:06:39+00:00" }, "AmazonLexReadOnly":{ "CreateDate":"2017-04-11T23:13:33+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "lex:GetBot", "lex:GetBotAlias", "lex:GetBotAliases", "lex:GetBots", "lex:GetBotChannelAssociation", "lex:GetBotChannelAssociations", "lex:GetBotVersions", "lex:GetBuiltinIntent", "lex:GetBuiltinIntents", "lex:GetBuiltinSlotTypes", "lex:GetIntent", "lex:GetIntents", "lex:GetIntentVersions", "lex:GetSlotType", "lex:GetSlotTypes", "lex:GetSlotTypeVersions", "lex:GetUtterancesView", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotChannel", "lex:DescribeBotLocale", "lex:DescribeBotRecommendation", "lex:DescribeBotReplica", "lex:DescribeBotVersion", "lex:DescribeExport", "lex:DescribeImport", "lex:DescribeIntent", "lex:DescribeResourcePolicy", "lex:DescribeSlot", "lex:DescribeSlotType", "lex:ListBots", "lex:ListBotLocales", "lex:ListBotAliases", "lex:ListBotAliasReplicas", "lex:ListBotChannels", "lex:ListBotRecommendations", "lex:ListBotReplicas", "lex:ListBotVersions", "lex:ListBotVersionReplicas", "lex:ListBuiltInIntents", "lex:ListBuiltInSlotTypes", "lex:ListExports", "lex:ListImports", "lex:ListIntents", "lex:ListRecommendedIntents", "lex:ListSlots", "lex:ListSlotTypes", "lex:ListTagsForResource", "lex:SearchAssociatedTranscripts", "lex:ListCustomVocabularyItems" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonLexReadOnlyStatement1" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-13T16:58:13+00:00" }, "AmazonLexReplicationPolicy":{ "CreateDate":"2024-01-31T23:29:42+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "lex:BuildBotLocale", "lex:ListBotLocales", "lex:CreateBotAlias", "lex:UpdateBotAlias", "lex:DeleteBotAlias", "lex:DescribeBotAlias", "lex:CreateBotVersion", "lex:DeleteBotVersion", "lex:DescribeBotVersion", "lex:CreateExport", "lex:DescribeBot", "lex:UpdateExport", "lex:DescribeExport", "lex:DescribeBotLocale", "lex:DescribeIntent", "lex:ListIntents", "lex:DescribeSlotType", "lex:ListSlotTypes", "lex:DescribeSlot", "lex:ListSlots", "lex:DescribeCustomVocabulary", "lex:StartImport", "lex:DescribeImport", "lex:CreateBot", "lex:UpdateBot", "lex:DeleteBot", "lex:CreateBotLocale", "lex:UpdateBotLocale", "lex:DeleteBotLocale", "lex:CreateIntent", "lex:UpdateIntent", "lex:DeleteIntent", "lex:CreateSlotType", "lex:UpdateSlotType", "lex:DeleteSlotType", "lex:CreateSlot", "lex:UpdateSlot", "lex:DeleteSlot", "lex:CreateCustomVocabulary", "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "lex:DeleteBotChannel", "lex:DeleteResourcePolicy" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:lex:*:*:bot/*", "arn:aws:lex:*:*:bot-alias/*" ], "Sid":"ReplicationServicePolicyStatement1" }, { "Action":[ "lex:CreateUploadUrl", "lex:ListBots" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"ReplicationServicePolicyStatement2" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"lexv2.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"ReplicationServicePolicyStatement3" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-08T17:11:32+00:00" }, "AmazonLexRunBotsOnly":{ "CreateDate":"2017-04-11T23:06:24+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "lex:PostContent", "lex:PostText", "lex:PutSession", "lex:GetSession", "lex:DeleteSession", "lex:RecognizeText", "lex:RecognizeUtterance", "lex:StartConversation" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-18T00:15:48+00:00" }, "AmazonLexV2BotPolicy":{ "CreateDate":"2021-01-13T20:10:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "polly:SynthesizeSpeech" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-13T20:10:29+00:00" }, "AmazonLookoutEquipmentFullAccess":{ "CreateDate":"2021-04-08T15:52:08+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "lookoutequipment:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lookoutequipment.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "StringLike":{ "kms:ViaService":"lookoutequipment.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:DescribeKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-24T21:00:13+00:00" }, "AmazonLookoutEquipmentReadOnlyAccess":{ "CreateDate":"2021-05-05T16:47:55+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "lookoutequipment:Describe*", "lookoutequipment:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-10T22:04:33+00:00" }, "AmazonLookoutMetricsFullAccess":{ "CreateDate":"2021-05-07T00:43:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lookoutmetrics:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"lookoutmetrics.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*LookoutMetrics*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-05-07T00:43:38+00:00" }, "AmazonLookoutMetricsReadOnlyAccess":{ "CreateDate":"2021-05-07T00:43:34+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "lookoutmetrics:DescribeMetricSet", "lookoutmetrics:ListMetricSets", "lookoutmetrics:DescribeAnomalyDetector", "lookoutmetrics:ListAnomalyDetectors", "lookoutmetrics:DescribeAnomalyDetectionExecutions", "lookoutmetrics:DescribeAlert", "lookoutmetrics:ListAlerts", "lookoutmetrics:ListTagsForResource", "lookoutmetrics:ListAnomalyGroupSummaries", "lookoutmetrics:ListAnomalyGroupTimeSeries", "lookoutmetrics:ListAnomalyGroupRelatedMetrics", "lookoutmetrics:GetAnomalyGroup", "lookoutmetrics:GetDataQualityMetrics", "lookoutmetrics:GetSampleData", "lookoutmetrics:GetFeedback" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-01-04T18:19:27+00:00" }, "AmazonLookoutVisionConsoleFullAccess":{ "CreateDate":"2021-05-11T19:37:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lookoutvision:*" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionFullAccess" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionConsoleS3BucketSearchAccess" }, { "Action":[ "s3:CreateBucket", "s3:PutBucketVersioning", "s3:PutLifecycleConfiguration", "s3:PutEncryptionConfiguration", "s3:PutBucketPublicAccessBlock" ], "Effect":"Allow", "Resource":"arn:aws:s3:::lookoutvision-*", "Sid":"LookoutVisionConsoleS3BucketFirstUseSetupAccess" }, { "Action":[ "s3:ListBucket", "s3:GetBucketLocation", "s3:GetBucketVersioning" ], "Effect":"Allow", "Resource":"arn:aws:s3:::lookoutvision-*", "Sid":"LookoutVisionConsoleS3BucketAccess" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Effect":"Allow", "Resource":"arn:aws:s3:::lookoutvision-*/*", "Sid":"LookoutVisionConsoleS3ObjectAccess" }, { "Action":[ "groundtruthlabeling:RunGenerateManifestByCrawlingJob", "groundtruthlabeling:AssociatePatchToManifestJob", "groundtruthlabeling:DescribeConsoleJob" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionConsoleDatasetLabelingToolsAccess" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionConsoleDashboardAccess" }, { "Action":[ "tag:GetTagKeys", "tag:GetTagValues" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionConsoleTagSelectorAccess" }, { "Action":[ "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionConsoleKmsKeySelectorAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-05-11T19:37:17+00:00" }, "AmazonLookoutVisionConsoleReadOnlyAccess":{ "CreateDate":"2021-05-11T19:32:02+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "lookoutvision:DescribeDataset", "lookoutvision:DescribeModel", "lookoutvision:DescribeProject", "lookoutvision:DescribeTrialDetection", "lookoutvision:DescribeModelPackagingJob", "lookoutvision:ListDatasetEntries", "lookoutvision:ListModels", "lookoutvision:ListProjects", "lookoutvision:ListTagsForResource", "lookoutvision:ListTrialDetections", "lookoutvision:ListModelPackagingJobs" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionReadOnlyAccess" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionConsoleS3BucketSearchAccess" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Effect":"Allow", "Resource":"arn:aws:s3:::lookoutvision-*/*", "Sid":"LookoutVisionConsoleS3ObjectReadAccess" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionConsoleDashboardAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-12-09T02:46:29+00:00" }, "AmazonLookoutVisionFullAccess":{ "CreateDate":"2021-05-11T19:24:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lookoutvision:*" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-05-11T19:24:54+00:00" }, "AmazonLookoutVisionReadOnlyAccess":{ "CreateDate":"2021-05-11T19:11:07+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "lookoutvision:DescribeDataset", "lookoutvision:DescribeModel", "lookoutvision:DescribeProject", "lookoutvision:DescribeModelPackagingJob", "lookoutvision:ListDatasetEntries", "lookoutvision:ListModels", "lookoutvision:ListProjects", "lookoutvision:ListTagsForResource", "lookoutvision:ListModelPackagingJobs" ], "Effect":"Allow", "Resource":"*", "Sid":"LookoutVisionReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-12-09T03:01:51+00:00" }, "AmazonMCSFullAccess":{ "CreateDate":"2019-12-03T13:45:25+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:PutScheduledAction", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DescribeScheduledActions" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cassandra:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"cassandra.application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-04-17T19:19:29+00:00" }, "AmazonMCSReadOnlyAccess":{ "CreateDate":"2019-12-03T13:46:21+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cassandra:Select" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-04-17T19:21:34+00:00" }, "AmazonMQApiFullAccess":{ "CreateDate":"2018-12-18T20:31:31+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mq:*", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DetachNetworkInterface", "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" ] }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"mq.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-04T16:45:35+00:00" }, "AmazonMQApiReadOnlyAccess":{ "CreateDate":"2018-12-18T20:31:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mq:Describe*", "mq:List*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-12-18T20:31:13+00:00" }, "AmazonMQFullAccess":{ "CreateDate":"2017-11-28T15:28:29+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "mq:*", "cloudformation:CreateStack", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DetachNetworkInterface", "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:CreateSecurityGroup", "ec2:AuthorizeSecurityGroupIngress" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" ] }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"mq.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-04T16:34:09+00:00" }, "AmazonMQReadOnlyAccess":{ "CreateDate":"2017-11-28T15:30:32+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mq:Describe*", "mq:List*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-28T19:02:03+00:00" }, "AmazonMQServiceRolePolicy":{ "CreateDate":"2020-11-04T16:07:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEquals":{ "aws:RequestTag/AMQManaged":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" }, { "Action":[ "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/AMQManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" }, { "Action":[ "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-04T16:07:17+00:00" }, "AmazonMSKConnectReadOnlyAccess":{ "CreateDate":"2021-09-20T10:18:43+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "kafkaconnect:ListConnectors", "kafkaconnect:ListCustomPlugins", "kafkaconnect:ListWorkerConfigurations" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kafkaconnect:DescribeConnector" ], "Effect":"Allow", "Resource":[ "arn:aws:kafkaconnect:*:*:connector/*" ] }, { "Action":[ "kafkaconnect:DescribeCustomPlugin" ], "Effect":"Allow", "Resource":[ "arn:aws:kafkaconnect:*:*:custom-plugin/*" ] }, { "Action":[ "kafkaconnect:DescribeWorkerConfiguration" ], "Effect":"Allow", "Resource":[ "arn:aws:kafkaconnect:*:*:worker-configuration/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-10-18T09:16:26+00:00" }, "AmazonMSKFullAccess":{ "CreateDate":"2019-01-14T22:07:52+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "kafka:*", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "ec2:DescribeRouteTables", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcAttribute", "kms:DescribeKey", "kms:CreateGrant", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", "S3:GetBucketPolicy", "firehose:TagDeliveryStream" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:*:ec2:*:*:vpc/*", "arn:*:ec2:*:*:subnet/*", "arn:*:ec2:*:*:security-group/*" ] }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEquals":{ "aws:RequestTag/AWSMSKManaged":"true" }, "StringLike":{ "aws:RequestTag/ClusterArn":"*" } }, "Effect":"Allow", "Resource":[ "arn:*:ec2:*:*:vpc-endpoint/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:*:ec2:*:*:vpc-endpoint/*" }, { "Action":[ "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/AWSMSKManaged":"true" }, "StringLike":{ "ec2:ResourceTag/ClusterArn":"*" } }, "Effect":"Allow", "Resource":"arn:*:ec2:*:*:vpc-endpoint/*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"kafka.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"kafka.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"delivery.logs.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-18T11:33:13+00:00" }, "AmazonMSKReadOnlyAccess":{ "CreateDate":"2019-01-14T22:28:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "kafka:Describe*", "kafka:List*", "kafka:Get*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-01-14T22:28:45+00:00" }, "AmazonMWAAServiceRolePolicy":{ "CreateDate":"2020-11-24T14:13:41+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:airflow-*:*" }, { "Action":[ "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DetachNetworkInterface" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateVpcEndpoint", "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":"AmazonMWAAManaged" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" }, { "Action":[ "ec2:ModifyVpcEndpoint", "ec2:DeleteVpcEndpoints" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonMWAAManaged":false } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" }, { "Action":[ "ec2:CreateVpcEndpoint", "ec2:ModifyVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*" ] }, { "Action":"ec2:CreateTags", "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":"AmazonMWAAManaged" }, "StringEquals":{ "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/MWAA" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-17T00:56:25+00:00" }, "AmazonMachineLearningBatchPredictionsAccess":{ "CreateDate":"2015-04-09T17:12:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "machinelearning:CreateBatchPrediction", "machinelearning:DeleteBatchPrediction", "machinelearning:DescribeBatchPredictions", "machinelearning:GetBatchPrediction", "machinelearning:UpdateBatchPrediction" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-04-09T17:12:19+00:00" }, "AmazonMachineLearningCreateOnlyAccess":{ "CreateDate":"2015-04-09T17:18:09+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "machinelearning:Add*", "machinelearning:Create*", "machinelearning:Delete*", "machinelearning:Describe*", "machinelearning:Get*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-06-29T20:55:03+00:00" }, "AmazonMachineLearningFullAccess":{ "CreateDate":"2015-04-09T17:25:41+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "machinelearning:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-04-09T17:25:41+00:00" }, "AmazonMachineLearningManageRealTimeEndpointOnlyAccess":{ "CreateDate":"2015-04-09T17:32:41+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "machinelearning:CreateRealtimeEndpoint", "machinelearning:DeleteRealtimeEndpoint" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-04-09T17:32:41+00:00" }, "AmazonMachineLearningReadOnlyAccess":{ "CreateDate":"2015-04-09T17:40:02+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "machinelearning:Describe*", "machinelearning:Get*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-04-09T17:40:02+00:00" }, "AmazonMachineLearningRealTimePredictionOnlyAccess":{ "CreateDate":"2015-04-09T17:44:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "machinelearning:Predict" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-04-09T17:44:06+00:00" }, "AmazonMachineLearningRoleforRedshiftDataSourceV3":{ "CreateDate":"2020-06-24T18:00:09+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupIngress", "redshift:AuthorizeClusterSecurityGroupIngress", "redshift:CreateClusterSecurityGroup", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:ModifyCluster", "redshift:RevokeClusterSecurityGroupIngress" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:PutBucketPolicy", "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::amazon-machine-learning*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-24T18:00:09+00:00" }, "AmazonMacieFullAccess":{ "CreateDate":"2017-08-14T14:54:30+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "macie2:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"macie.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/macie.amazonaws.com/AWSServiceRoleForAmazonMacie" }, { "Action":"pricing:GetProducts", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-01T00:41:53+00:00" }, "AmazonMacieHandshakeRole":{ "CreateDate":"2018-06-28T15:46:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "ForAnyValue:StringEquals":{ "iam:AWSServiceName":"macie.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-06-28T15:46:10+00:00" }, "AmazonMacieReadOnlyAccess":{ "CreateDate":"2023-06-15T21:50:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "macie2:Describe*", "macie2:Get*", "macie2:List*", "macie2:BatchGetCustomDataIdentifiers", "macie2:SearchResources" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-15T21:50:06+00:00" }, "AmazonMacieServiceRole":{ "CreateDate":"2017-08-14T14:53:26+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:Get*", "s3:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-08-14T14:53:26+00:00" }, "AmazonMacieServiceRolePolicy":{ "CreateDate":"2018-06-19T22:17:38+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "iam:ListAccountAliases", "organizations:DescribeAccount", "organizations:ListAccounts", "s3:GetAccountPublicAccessBlock", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetReplicationConfiguration", "s3:ListBucket", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectTagging" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/macie/*" ] }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/macie/*:log-stream:*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-05-19T19:16:56+00:00" }, "AmazonManagedBlockchainConsoleFullAccess":{ "CreateDate":"2019-04-29T21:23:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "managedblockchain:*", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:CreateVpcEndpoint", "kms:ListAliases", "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-04-29T21:23:25+00:00" }, "AmazonManagedBlockchainFullAccess":{ "CreateDate":"2019-04-29T21:39:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "managedblockchain:*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-04-29T21:39:29+00:00" }, "AmazonManagedBlockchainReadOnlyAccess":{ "CreateDate":"2019-04-30T18:17:31+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "managedblockchain:Get*", "managedblockchain:List*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-04-30T18:17:31+00:00" }, "AmazonManagedBlockchainServiceRolePolicy":{ "CreateDate":"2020-01-17T19:51:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/managedblockchain/*" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*:log-stream:*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-01-17T19:51:28+00:00" }, "AmazonMechanicalTurkFullAccess":{ "CreateDate":"2015-12-11T19:08:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mechanicalturk:*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-12-11T19:08:19+00:00" }, "AmazonMechanicalTurkReadOnly":{ "CreateDate":"2015-12-11T19:08:28+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "mechanicalturk:Get*", "mechanicalturk:List*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-25T21:06:26+00:00" }, "AmazonMemoryDBFullAccess":{ "CreateDate":"2021-10-08T19:24:16+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"memorydb:*", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"memorydb.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/memorydb.amazonaws.com/AWSServiceRoleForMemoryDB" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-10-08T19:24:16+00:00" }, "AmazonMemoryDBReadOnlyAccess":{ "CreateDate":"2021-10-08T19:27:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "memorydb:Describe*", "memorydb:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-10-08T19:27:28+00:00" }, "AmazonMobileAnalyticsFinancialReportAccess":{ "CreateDate":"2015-02-06T18:40:35+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mobileanalytics:GetReports", "mobileanalytics:GetFinancialReports" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:35+00:00" }, "AmazonMobileAnalyticsFullAccess":{ "CreateDate":"2015-02-06T18:40:34+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"mobileanalytics:*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:34+00:00" }, "AmazonMobileAnalyticsNon-financialReportAccess":{ "CreateDate":"2015-02-06T18:40:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"mobileanalytics:GetReports", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:36+00:00" }, "AmazonMobileAnalyticsWriteOnlyAccess":{ "CreateDate":"2015-02-06T18:40:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"mobileanalytics:PutEvents", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:37+00:00" }, "AmazonMonitronFullAccess":{ "CreateDate":"2020-12-02T22:40:28+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"monitron.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "monitron:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:ListKeys", "kms:DescribeKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*" }, { "Action":"kms:CreateGrant", "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":true }, "StringLike":{ "kms:ViaService":[ "monitron.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "ds:DescribeDirectories", "ds:DescribeTrusts" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSSSOPermissions" }, { "Action":[ "kinesis:DescribeStream", "kinesis:ListStreams" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/monitron/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-06-08T16:27:42+00:00" }, "AmazonNimbleStudio-LaunchProfileWorker":{ "CreateDate":"2021-04-28T04:47:02+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "fsx:DescribeFileSystems", "ds:DescribeDirectories" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"nimble.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"GetLaunchProfileInitializationDependencies" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-28T04:47:02+00:00" }, "AmazonNimbleStudio-StudioAdmin":{ "CreateDate":"2021-04-28T04:47:36+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "nimble:CreateStreamingSession", "nimble:GetStreamingSession", "nimble:StartStreamingSession", "nimble:StopStreamingSession", "nimble:CreateStreamingSessionStream", "nimble:GetStreamingSessionStream", "nimble:DeleteStreamingSession", "nimble:ListStreamingSessionBackups", "nimble:GetStreamingSessionBackup", "nimble:ListEulas", "nimble:ListEulaAcceptances", "nimble:GetEula", "nimble:AcceptEulas", "nimble:ListStudioMembers", "nimble:GetStudioMember", "nimble:ListStreamingSessions", "nimble:GetStreamingImage", "nimble:ListStreamingImages", "nimble:GetLaunchProfileInitialization", "nimble:GetLaunchProfileDetails", "nimble:GetFeatureMap", "nimble:PutStudioLogEvents", "nimble:ListLaunchProfiles", "nimble:GetLaunchProfile", "nimble:GetLaunchProfileMember", "nimble:ListLaunchProfileMembers", "nimble:PutLaunchProfileMembers", "nimble:UpdateLaunchProfileMember", "nimble:DeleteLaunchProfileMember" ], "Effect":"Allow", "Resource":"*", "Sid":"StudioAdminFullAccess" }, { "Action":[ "sso-directory:DescribeUsers", "sso-directory:SearchUsers", "identitystore:DescribeUser", "identitystore:ListUsers" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ds:CreateComputer", "ds:DescribeDirectories", "ec2:DescribeSubnets", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeSecurityGroups", "fsx:DescribeFileSystems" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"nimble.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-22T17:40:41+00:00" }, "AmazonNimbleStudio-StudioUser":{ "CreateDate":"2021-04-28T04:48:11+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "ds:CreateComputer", "ec2:DescribeSubnets", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterface", "ec2:DescribeSecurityGroups", "fsx:DescribeFileSystems", "ds:DescribeDirectories" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"nimble.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "sso-directory:DescribeUsers", "sso-directory:SearchUsers", "identitystore:DescribeUser", "identitystore:ListUsers" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "nimble:ListLaunchProfiles" ], "Condition":{ "StringEquals":{ "nimble:requesterPrincipalId":"${nimble:principalId}" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "nimble:ListStudioMembers", "nimble:GetStudioMember", "nimble:ListEulas", "nimble:ListEulaAcceptances", "nimble:GetFeatureMap", "nimble:PutStudioLogEvents" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "nimble:DeleteStreamingSession", "nimble:GetStreamingSession", "nimble:StartStreamingSession", "nimble:StopStreamingSession", "nimble:CreateStreamingSessionStream", "nimble:GetStreamingSessionStream", "nimble:ListStreamingSessions", "nimble:ListStreamingSessionBackups", "nimble:GetStreamingSessionBackup" ], "Condition":{ "StringEquals":{ "nimble:ownedBy":"${nimble:requesterPrincipalId}" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-22T17:45:14+00:00" }, "AmazonODBServiceRolePolicy":{ "CreateDate":"2024-11-13T18:21:41+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/ODB" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatch" }, { "Action":[ "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-13T18:21:41+00:00" }, "AmazonOmicsFullAccess":{ "CreateDate":"2023-02-24T00:59:33+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "omics:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ram:AcceptResourceShareInvitation", "ram:GetResourceShareInvitations" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"omics.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"omics.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-24T00:59:33+00:00" }, "AmazonOmicsReadOnlyAccess":{ "CreateDate":"2022-11-29T04:17:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "omics:Get*", "omics:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-29T04:17:07+00:00" }, "AmazonOneEnterpriseFullAccess":{ "CreateDate":"2023-11-28T04:58:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "one:*" ], "Effect":"Allow", "Resource":"*", "Sid":"FullAccessStatementID" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-28T04:58:21+00:00" }, "AmazonOneEnterpriseInstallerAccess":{ "CreateDate":"2023-11-28T05:00:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "one:CreateDeviceActivationQrCode", "one:GetDeviceInstance", "one:GetSite", "one:GetSiteAddress", "one:ListDeviceInstances", "one:ListSites" ], "Effect":"Allow", "Resource":"*", "Sid":"InstallerAccessStatementID" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-28T05:00:39+00:00" }, "AmazonOneEnterpriseReadOnlyAccess":{ "CreateDate":"2023-11-28T04:59:23+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "one:Get*", "one:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyAccessStatementID" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-28T04:59:23+00:00" }, "AmazonOpenSearchDashboardsServiceRolePolicy":{ "CreateDate":"2023-12-22T19:38:16+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/AOSD" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonOpenSearchDashboardsServiceRoleAllowedActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-22T19:38:16+00:00" }, "AmazonOpenSearchDirectQueryGlueCreateAccess":{ "CreateDate":"2024-05-06T12:24:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "glue:CreateDatabase", "glue:CreatePartition", "glue:CreateTable", "glue:BatchCreatePartition" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonOpenSearchDirectQueryGlueCreateAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-06T12:24:38+00:00" }, "AmazonOpenSearchIngestionFullAccess":{ "CreateDate":"2023-04-26T18:11:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "osis:CreatePipeline", "osis:UpdatePipeline", "osis:DeletePipeline", "osis:StartPipeline", "osis:StopPipeline", "osis:ListPipelines", "osis:GetPipeline", "osis:GetPipelineChangeProgress", "osis:ValidatePipeline", "osis:GetPipelineBlueprint", "osis:ListPipelineBlueprints", "osis:TagResource", "osis:UntagResource", "osis:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"osis.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/osis.amazonaws.com/AWSServiceRoleForAmazonOpenSearchIngestionService" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-26T18:11:38+00:00" }, "AmazonOpenSearchIngestionReadOnlyAccess":{ "CreateDate":"2023-04-26T18:09:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "osis:GetPipeline", "osis:GetPipelineChangeProgress", "osis:GetPipelineBlueprint", "osis:ListPipelineBlueprints", "osis:ListPipelines", "osis:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-26T18:09:52+00:00" }, "AmazonOpenSearchIngestionServiceRolePolicy":{ "CreateDate":"2022-11-18T16:49:50+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*" ] }, { "Action":"ec2:CreateVpcEndpoint", "Condition":{ "StringEquals":{ "aws:RequestTag/OSISManaged":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ] }, { "Action":[ "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/OSISManaged":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/OSIS" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-18T16:49:50+00:00" }, "AmazonOpenSearchServerlessServiceRolePolicy":{ "CreateDate":"2022-11-24T19:50:12+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/AOSS" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAOSSCloudwatchMetrics" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-25T21:19:30+00:00" }, "AmazonOpenSearchServiceCognitoAccess":{ "CreateDate":"2021-09-02T06:31:49+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cognito-idp:DescribeUserPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteUserPoolClient", "cognito-idp:UpdateUserPoolClient", "cognito-idp:DescribeUserPoolClient", "cognito-idp:AdminInitiateAuth", "cognito-idp:AdminUserGlobalSignOut", "cognito-idp:ListUserPoolClients", "cognito-identity:DescribeIdentityPool", "cognito-identity:UpdateIdentityPool", "cognito-identity:GetIdentityPoolRoles" ], "Effect":"Allow", "Resource":[ "arn:aws:cognito-identity:*:*:identitypool/*", "arn:aws:cognito-idp:*:*:userpool/*" ] }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":[ "cognito-identity.amazonaws.com", "cognito-identity-us-gov.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" }, { "Action":"cognito-identity:SetIdentityPoolRoles", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-12-20T14:04:18+00:00" }, "AmazonOpenSearchServiceFullAccess":{ "CreateDate":"2021-09-08T05:33:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "es:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-08T05:33:47+00:00" }, "AmazonOpenSearchServiceReadOnlyAccess":{ "CreateDate":"2021-09-08T05:38:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "es:Describe*", "es:List*", "es:Get*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-08T05:38:13+00:00" }, "AmazonOpenSearchServiceRolePolicy":{ "CreateDate":"2021-08-26T09:27:09+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"Stmt1480452973134" }, { "Action":[ "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973145" }, { "Action":[ "ec2:DeleteNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"Stmt1480452973144" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"Stmt1480452973165" }, { "Action":[ "ec2:AssignIpv6Addresses" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"Stmt1480452973149" }, { "Action":[ "ec2:UnAssignIpv6Addresses" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"Stmt1480452973150" }, { "Action":[ "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973154" }, { "Action":[ "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973164" }, { "Action":[ "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973174" }, { "Action":[ "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:RemoveListenerCertificates" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:listener/*" ], "Sid":"Stmt1480452973184" }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"Stmt1480452973194" }, { "Action":[ "ec2:DescribeTags" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973195" }, { "Action":[ "acm:DescribeCertificate" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973196" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/ES", "AWS/OpenSearch" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973197" }, { "Action":[ "ec2:CreateVpcEndpoint", "ec2:ModifyVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*" ], "Sid":"Stmt1480452973198" }, { "Action":"ec2:CreateVpcEndpoint", "Condition":{ "StringEquals":{ "aws:RequestTag/OpenSearchManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"Stmt1480452973199" }, { "Action":[ "ec2:ModifyVpcEndpoint", "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/OpenSearchManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"Stmt1480452973200" }, { "Action":[ "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973201" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"Stmt1480452973202" }, { "Action":"sso:PutApplicationAccessScope", "Condition":{ "StringEquals":{ "aws:ResourceOrgID":"${aws:PrincipalOrgID}" } }, "Effect":"Allow", "Resource":"arn:aws:sso::*:application/*/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-27T22:52:06+00:00" }, "AmazonPersonalizeFullAccess":{ "CreateDate":"2018-12-04T22:24:33+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "personalize:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:PutMetricData", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*Personalize*", "arn:aws:s3:::*personalize*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"personalize.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-05-30T23:46:59+00:00" }, "AmazonPollyFullAccess":{ "CreateDate":"2016-11-30T18:59:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "polly:*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-11-30T18:59:06+00:00" }, "AmazonPollyReadOnlyAccess":{ "CreateDate":"2016-11-30T18:59:24+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "polly:DescribeVoices", "polly:GetLexicon", "polly:GetSpeechSynthesisTask", "polly:ListLexicons", "polly:ListSpeechSynthesisTasks", "polly:SynthesizeSpeech" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-07-17T16:41:07+00:00" }, "AmazonPrometheusConsoleFullAccess":{ "CreateDate":"2020-12-15T18:11:10+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "tag:GetTagValues", "tag:GetTagKeys" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "aps:CreateWorkspace", "aps:DescribeWorkspace", "aps:UpdateWorkspaceAlias", "aps:DeleteWorkspace", "aps:ListWorkspaces", "aps:DescribeAlertManagerDefinition", "aps:DescribeRuleGroupsNamespace", "aps:CreateAlertManagerDefinition", "aps:CreateRuleGroupsNamespace", "aps:DeleteAlertManagerDefinition", "aps:DeleteRuleGroupsNamespace", "aps:ListRuleGroupsNamespaces", "aps:PutAlertManagerDefinition", "aps:PutRuleGroupsNamespace", "aps:TagResource", "aps:UntagResource", "aps:CreateLoggingConfiguration", "aps:UpdateLoggingConfiguration", "aps:DeleteLoggingConfiguration", "aps:DescribeLoggingConfiguration" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-10-24T22:25:39+00:00" }, "AmazonPrometheusFullAccess":{ "CreateDate":"2020-12-15T18:10:46+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "aps:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AllPrometheusActions" }, { "Action":[ "eks:DescribeCluster", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "aps.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DescribeCluster" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"scraper.aps.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/scraper.aps.amazonaws.com/AWSServiceRoleForAmazonPrometheusScraper*", "Sid":"CreateServiceLinkedRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-26T20:16:13+00:00" }, "AmazonPrometheusQueryAccess":{ "CreateDate":"2020-12-19T01:02:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aps:GetLabels", "aps:GetMetricMetadata", "aps:GetSeries", "aps:QueryMetrics" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-19T01:02:58+00:00" }, "AmazonPrometheusRemoteWriteAccess":{ "CreateDate":"2020-12-19T01:04:32+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "aps:RemoteWrite" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-19T01:04:32+00:00" }, "AmazonPrometheusScraperServiceRolePolicy":{ "CreateDate":"2023-11-26T14:19:52+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iam:DeleteRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/scraper.aps.amazonaws.com/AWSServiceRoleForAmazonPrometheusScraper*", "Sid":"DeleteSLR" }, { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"NetworkDiscovery" }, { "Action":"ec2:CreateNetworkInterface", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AMPAgentlessScraper" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"ENIManagement" }, { "Action":"ec2:CreateTags", "Condition":{ "Null":{ "aws:RequestTag/AMPAgentlessScraper":"false" }, "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"TagManagement" }, { "Action":[ "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute" ], "Condition":{ "Null":{ "ec2:ResourceTag/AMPAgentlessScraper":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"ENIUpdating" }, { "Action":"eks:DescribeCluster", "Effect":"Allow", "Resource":"arn:aws:eks:*:*:cluster/*", "Sid":"EKSAccess" }, { "Action":"eks:DeleteAccessEntry", "Condition":{ "ArnLike":{ "eks:principalArn":"arn:aws:iam::*:role/aws-service-role/scraper.aps.amazonaws.com/AWSServiceRoleForAmazonPrometheusScraper*" }, "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:eks:*:*:access-entry/*/role/*", "Sid":"DeleteEKSAccessEntry" }, { "Action":"aps:RemoteWrite", "Condition":{ "StringEquals":{ "aws:PrincipalAccount":"${aws:ResourceAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:aps:*:*:workspace/*", "Sid":"APSWriting" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-26T20:25:54+00:00" }, "AmazonQDeveloperAccess":{ "CreateDate":"2024-07-09T08:35:15+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "q:StartConversation", "q:SendMessage", "q:GetConversation", "q:ListConversations", "q:PassRequest", "q:StartTroubleshootingAnalysis", "q:StartTroubleshootingResolutionExplanation", "q:GetTroubleshootingResults", "q:UpdateTroubleshootingCommandResult", "q:GetIdentityMetaData", "q:GenerateCodeFromCommands", "q:UsePlugin" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAmazonQDeveloperAccess" }, { "Action":[ "cloudformation:GetResource", "cloudformation:ListResources" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowCloudControlReadAccess" }, { "Action":[ "sts:SetContext" ], "Effect":"Allow", "Resource":"arn:aws:sts::*:self", "Sid":"AllowSetTrustedIdentity" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-13T21:30:27+00:00" }, "AmazonQFullAccess":{ "CreateDate":"2023-11-28T16:00:24+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "q:StartConversation", "q:SendMessage", "q:GetConversation", "q:ListConversations", "q:PassRequest", "q:StartTroubleshootingAnalysis", "q:GetTroubleshootingResults", "q:StartTroubleshootingResolutionExplanation", "q:UpdateTroubleshootingCommandResult", "q:GetIdentityMetadata", "q:CreateAssignment", "q:DeleteAssignment", "q:GenerateCodeFromCommands", "q:CreatePlugin", "q:DeletePlugin", "q:GetPlugin", "q:UsePlugin", "q:ListPlugins", "q:ListPluginProviders", "q:ListTagsForResource", "q:UntagResource", "q:TagResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAmazonQFullAccess" }, { "Action":[ "cloudformation:GetResource", "cloudformation:ListResources" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowCloudControlReadAccess" }, { "Action":[ "sts:SetContext" ], "Effect":"Allow", "Resource":"arn:aws:sts::*:self", "Sid":"AllowSetTrustedIdentity" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "q.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"AllowPassRoleToAmazonQ" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-13T21:51:39+00:00" }, "AmazonQLDBConsoleFullAccess":{ "CreateDate":"2019-09-05T18:24:20+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "qldb:CreateLedger", "qldb:UpdateLedger", "qldb:UpdateLedgerPermissionsMode", "qldb:DeleteLedger", "qldb:ListLedgers", "qldb:DescribeLedger", "qldb:ExportJournalToS3", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:DescribeJournalS3Export", "qldb:CancelJournalKinesisStream", "qldb:DescribeJournalKinesisStream", "qldb:ListJournalKinesisStreamsForLedger", "qldb:StreamJournalToKinesis", "qldb:GetBlock", "qldb:GetDigest", "qldb:GetRevision", "qldb:TagResource", "qldb:UntagResource", "qldb:ListTagsForResource", "qldb:SendCommand", "qldb:ExecuteStatement", "qldb:ShowCatalog", "qldb:InsertSampleData", "qldb:PartiQLCreateTable", "qldb:PartiQLCreateIndex", "qldb:PartiQLDropTable", "qldb:PartiQLDropIndex", "qldb:PartiQLUndropTable", "qldb:PartiQLDelete", "qldb:PartiQLInsert", "qldb:PartiQLUpdate", "qldb:PartiQLSelect", "qldb:PartiQLHistoryFunction", "qldb:PartiQLRedact" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "dbqms:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesis:ListStreams", "kinesis:DescribeStream" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"qldb.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-04T17:01:10+00:00" }, "AmazonQLDBFullAccess":{ "CreateDate":"2019-09-05T18:23:32+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "qldb:CreateLedger", "qldb:UpdateLedger", "qldb:UpdateLedgerPermissionsMode", "qldb:DeleteLedger", "qldb:ListLedgers", "qldb:DescribeLedger", "qldb:ExportJournalToS3", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:DescribeJournalS3Export", "qldb:CancelJournalKinesisStream", "qldb:DescribeJournalKinesisStream", "qldb:ListJournalKinesisStreamsForLedger", "qldb:StreamJournalToKinesis", "qldb:GetDigest", "qldb:GetRevision", "qldb:GetBlock", "qldb:TagResource", "qldb:UntagResource", "qldb:ListTagsForResource", "qldb:SendCommand", "qldb:PartiQLCreateTable", "qldb:PartiQLCreateIndex", "qldb:PartiQLDropTable", "qldb:PartiQLDropIndex", "qldb:PartiQLUndropTable", "qldb:PartiQLDelete", "qldb:PartiQLInsert", "qldb:PartiQLUpdate", "qldb:PartiQLSelect", "qldb:PartiQLHistoryFunction", "qldb:PartiQLRedact" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"qldb.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-04T17:01:27+00:00" }, "AmazonQLDBReadOnly":{ "CreateDate":"2019-09-05T18:19:24+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "qldb:ListLedgers", "qldb:DescribeLedger", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:DescribeJournalS3Export", "qldb:DescribeJournalKinesisStream", "qldb:ListJournalKinesisStreamsForLedger", "qldb:GetBlock", "qldb:GetDigest", "qldb:GetRevision", "qldb:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-07-02T02:17:25+00:00" }, "AmazonRDSBetaServiceRolePolicy":{ "CreateDate":"2018-05-02T19:41:04+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateCoipPoolPermission", "ec2:CreateLocalGatewayRouteTablePermission", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteCoipPoolPermission", "ec2:DeleteLocalGatewayRouteTablePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTablePermissions", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DisassociateAddress", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyVpcEndpoint", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupIngress", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/rds/*" ] }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" ] }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/DocDB", "AWS/Neptune", "AWS/RDS", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:GetRandomPassword" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:DeleteSecret", "secretsmanager:DescribeSecret", "secretsmanager:PutSecretValue", "secretsmanager:RotateSecret", "secretsmanager:UpdateSecret", "secretsmanager:UpdateSecretVersionStage", "secretsmanager:ListSecretVersionIds" ], "Condition":{ "StringLike":{ "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds-beta-us-east-1" } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:rds-beta-us-east-1!*" ] }, { "Action":"secretsmanager:TagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws:rds:primaryDBInstanceArn", "aws:rds:primaryDBClusterArn" ] }, "StringLike":{ "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds-beta-us-east-1" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:rds-beta-us-east-1!*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-07T00:54:21+00:00" }, "AmazonRDSCustomInstanceProfileRolePolicy":{ "CreateDate":"2024-02-27T17:42:02+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ssm:UpdateInstanceInformation" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ssmAgentPermission1" }, { "Action":[ "ssm:GetManifest", "ssm:PutConfigurePackageResult" ], "Effect":"Allow", "Resource":"*", "Sid":"ssmAgentPermission2" }, { "Action":[ "ssm:GetDocument", "ssm:DescribeDocument" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:document/*", "Sid":"ssmAgentPermission3" }, { "Action":[ "ssmmessages:CreateControlChannel", "ssmmessages:OpenControlChannel" ], "Effect":"Allow", "Resource":"*", "Sid":"ssmAgentPermission4" }, { "Action":[ "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply" ], "Effect":"Allow", "Resource":"*", "Sid":"ssmAgentPermission5" }, { "Action":[ "ec2:CreateSnapshot", "ec2:CreateSnapshots" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ], "Sid":"createEc2SnapshotPermission1" }, { "Action":[ "ec2:CreateSnapshot", "ec2:CreateSnapshots" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::snapshot/*" ], "Sid":"createEc2SnapshotPermission2" }, { "Action":"ec2:CreateSnapshots", "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"createEc2SnapshotPermission3" }, { "Action":"ec2:CreateTags", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ], "ec2:CreateAction":[ "CreateSnapshot", "CreateSnapshots" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"createTagForEc2SnapshotPermission" }, { "Action":[ "s3:putObject", "s3:getObject", "s3:getObjectVersion", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::do-not-delete-rds-custom-*/*" ], "Sid":"rdsCustomS3ObjectPermission" }, { "Action":[ "s3:ListBucketVersions", "s3:ListBucketMultipartUploads" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::do-not-delete-rds-custom-*" ], "Sid":"rdsCustomS3BucketPermission" }, { "Action":[ "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "arn:aws:secretsmanager:*:*:secret:rds-custom!*" ], "Sid":"readSecretsFromCpPermission" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:TagResource" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":"custom-oracle-rac" } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*" ], "Sid":"createSecretsOnDpPermission" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "rdscustom/rds-custom-sqlserver-agent", "RDSCustomForOracle/Agent" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"publishCwMetricsPermission" }, { "Action":"events:PutEvents", "Effect":"Allow", "Resource":"arn:aws:events:*:*:event-bus/default", "Sid":"putEventsToEventBusPermission" }, { "Action":[ "logs:PutRetentionPolicy", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:CreateLogStream", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:rds-custom-instance-*", "Sid":"cwlUploadPermission" }, { "Action":[ "sqs:SendMessage", "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueUrl" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":"custom-sqlserver" } }, "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:do-not-delete-rds-custom-*" ], "Sid":"sendMessageToSqsQueuePermission" }, { "Action":[ "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":"custom-oracle-rac" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"managePrivateIpOnEniPermission" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:SecretARN":[ "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "arn:aws:secretsmanager:*:*:secret:rds-custom!*" ] }, "StringLike":{ "kms:ViaService":"secretsmanager.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"kmsPermissionWithSecret" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":"arn:aws:s3:::do-not-delete-rds-custom-*" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"kmsPermissionWithS3" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-20T16:22:05+00:00" }, "AmazonRDSCustomPreviewServiceRolePolicy":{ "CreateDate":"2021-10-08T21:44:15+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeInstanceAttribute", "ec2:DescribeRegions", "ec2:DescribeSnapshots", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVolumes", "ec2:DescribeInstanceStatus", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeImages", "ec2:DescribeVpcs", "ec2:RegisterImage", "ec2:DeregisterImage", "ec2:DescribeTags", "ec2:DescribeSecurityGroups", "ec2:DescribeVolumesModifications", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:SearchTransitGatewayMulticastGroups", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ecc1" }, { "Action":[ "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "ec2:ReplaceIamInstanceProfileAssociation", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:RebootInstances" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ecc2" }, { "Action":[ "ec2:AllocateAddress" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ecc1scoping" }, { "Action":[ "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:ReleaseAddress" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ecc1scoping2" }, { "Action":[ "ec2:AssignPrivateIpAddresses" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"ecc1scoping3" }, { "Action":"ec2:RunInstances", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"eccRunInstances1" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", "arn:aws:ec2:*:*:placement-group/*" ], "Sid":"eccRunInstances2" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle-rac", "custom-oracle" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::snapshot/*" ], "Sid":"eccRunInstances3" }, { "Action":"ec2:RunInstances", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle-rac" ] }, "StringNotEquals":{ "ec2:MetadataHttpTokens":"required" } }, "Effect":"Deny", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"RequireImdsV2" }, { "Action":[ "ec2:RunInstances", "ec2:DeleteKeyPair" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", "arn:aws:ec2:*:*:key-pair/preview-rds-custom!*" ], "Sid":"eccRunInstances3keyPair1" }, { "Action":[ "ec2:CreateKeyPair" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", "arn:aws:ec2:*:*:key-pair/preview-rds-custom!*" ], "Sid":"eccKeyPair2" }, { "Action":"ec2:CreateNetworkInterface", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"eccNetworkInterface1" }, { "Action":"ec2:CreateNetworkInterface", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"eccNetworkInterface2" }, { "Action":"ec2:DeleteNetworkInterface", "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"eccNetworkInterface3" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"eccCreateTag1" }, { "Action":"ec2:CreateTags", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ], "ec2:CreateAction":[ "CreateKeyPair", "RunInstances", "CreateNetworkInterface", "CreateVolume", "CreateSnapshots", "CopySnapshot", "AllocateAddress" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"eccCreateTag2" }, { "Action":[ "ec2:DetachVolume", "ec2:AttachVolume" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"eccVolume1" }, { "Action":"ec2:CreateVolume", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"eccVolume2" }, { "Action":[ "ec2:ModifyVolumeAttribute", "ec2:DeleteVolume", "ec2:ModifyVolume" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"eccVolume3" }, { "Action":[ "ec2:CreateVolume", "ec2:DeleteSnapshot" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"eccVolume4snapshot1" }, { "Action":[ "ec2:CopySnapshot", "ec2:CreateSnapshots" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"eccSnapshot2" }, { "Action":"ec2:CreateSnapshots", "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"eccSnapshot3" }, { "Action":[ "iam:ListInstanceProfiles", "iam:GetInstanceProfile", "iam:GetRole", "iam:ListRolePolicies", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:GetPolicy", "iam:GetPolicyVersion" ], "Effect":"Allow", "Resource":"*", "Sid":"iam1" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSRDSCustom*", "Sid":"iam2" }, { "Action":[ "cloudtrail:GetTrailStatus" ], "Effect":"Allow", "Resource":"arn:aws:cloudtrail:*:*:trail/do-not-delete-rds-custom-*", "Sid":"cloudtrail1" }, { "Action":[ "cloudwatch:EnableAlarmActions", "cloudwatch:DeleteAlarms" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Sid":"cw1" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:TagResource" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Sid":"cw2" }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:*", "Sid":"cw3" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:document/*", "Sid":"ssm1" }, { "Action":"ssm:SendCommand", "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ssm2" }, { "Action":[ "ssm:GetCommandInvocation", "ssm:GetConnectionStatus", "ssm:DescribeInstanceInformation" ], "Effect":"Allow", "Resource":"*", "Sid":"ssm3" }, { "Action":[ "ssm:PutParameter", "ssm:AddTagsToResource" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", "Sid":"ssm4" }, { "Action":[ "ssm:DeleteParameter" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", "Sid":"ssm5" }, { "Action":[ "events:PutRule", "events:TagResource" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb1" }, { "Action":[ "events:PutTargets", "events:DescribeRule", "events:EnableRule", "events:ListTargetsByRule", "events:DeleteRule", "events:RemoveTargets", "events:DisableRule" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb2" }, { "Action":[ "events:PutRule" ], "Condition":{ "StringLike":{ "events:ManagedBy":[ "custom.rds-preview.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb3" }, { "Action":[ "events:PutTargets", "events:EnableRule", "events:DeleteRule", "events:RemoveTargets", "events:DisableRule" ], "Condition":{ "StringLike":{ "events:ManagedBy":[ "custom.rds-preview.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb4" }, { "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb5" }, { "Action":[ "secretsmanager:TagResource", "secretsmanager:CreateSecret" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "arn:aws:secretsmanager:*:*:secret:preview-rds-custom!*" ], "Sid":"secretmanager1" }, { "Action":[ "secretsmanager:TagResource", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:PutSecretValue", "secretsmanager:RestoreSecret" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "arn:aws:secretsmanager:*:*:secret:preview-rds-custom!*" ], "Sid":"secretmanager2" }, { "Action":[ "secretsmanager:ListSecrets" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"secretmanager3" }, { "Action":[ "servicequotas:GetServiceQuota" ], "Effect":"Allow", "Resource":"*", "Sid":"servicequota1" }, { "Action":[ "sqs:CreateQueue", "sqs:TagQueue" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle" ] } }, "Effect":"Allow", "Resource":"arn:aws:sqs:*:*:do-not-delete-rds-custom-*", "Sid":"sqs1" }, { "Action":[ "sqs:GetQueueAttributes", "sqs:SendMessage", "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:DeleteQueue" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle" ] } }, "Effect":"Allow", "Resource":"arn:aws:sqs:*:*:do-not-delete-rds-custom-*", "Sid":"sqs2" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-25T22:22:06+00:00" }, "AmazonRDSCustomServiceRolePolicy":{ "CreateDate":"2021-10-08T21:39:12+00:00", "DefaultVersionId":"v12", "Document":{ "Statement":[ { "Action":[ "rds:CrossRegionCommunication" ], "Effect":"Allow", "Resource":"*", "Sid":"rdscrc" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeInstanceAttribute", "ec2:DescribeRegions", "ec2:DescribeSnapshots", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVolumes", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypes", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeImages", "ec2:DescribeVpcs", "ec2:RegisterImage", "ec2:DeregisterImage", "ec2:DescribeTags", "ec2:DescribeSecurityGroups", "ec2:DescribeVolumesModifications", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:SearchTransitGatewayMulticastGroups", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ecc1" }, { "Action":[ "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "ec2:ReplaceIamInstanceProfileAssociation", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:RebootInstances" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ecc2" }, { "Action":[ "ec2:AllocateAddress" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ecc1scoping" }, { "Action":[ "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:ReleaseAddress" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ecc1scoping2" }, { "Action":[ "ec2:AssignPrivateIpAddresses" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"ecc1scoping3" }, { "Action":"ec2:RunInstances", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"eccRunInstances1" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", "arn:aws:ec2:*:*:placement-group/*" ], "Sid":"eccRunInstances2" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle-rac", "custom-oracle" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::snapshot/*" ], "Sid":"eccRunInstances3" }, { "Action":[ "ec2:ModifyInstanceAttribute" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-sqlserver" ], "ec2:Attribute":"InstanceType" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"eccModifyInstanceAttribute1" }, { "Action":"ec2:RunInstances", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle-rac" ] }, "StringNotEquals":{ "ec2:MetadataHttpTokens":"required" } }, "Effect":"Deny", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"RequireImdsV2" }, { "Action":[ "ec2:RunInstances", "ec2:DeleteKeyPair" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", "arn:aws:ec2:*:*:key-pair/rds-custom!*" ], "Sid":"eccRunInstances3keyPair1" }, { "Action":[ "ec2:CreateKeyPair" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", "arn:aws:ec2:*:*:key-pair/rds-custom!*" ], "Sid":"eccKeyPair2" }, { "Action":"ec2:CreateNetworkInterface", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"eccNetworkInterface1" }, { "Action":"ec2:CreateNetworkInterface", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"eccNetworkInterface2" }, { "Action":"ec2:DeleteNetworkInterface", "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"eccNetworkInterface3" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"eccCreateTag1" }, { "Action":"ec2:CreateTags", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ], "ec2:CreateAction":[ "CreateKeyPair", "RunInstances", "CreateNetworkInterface", "CreateVolume", "CreateSnapshot", "CreateSnapshots", "CopySnapshot", "AllocateAddress", "CopyImage" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"eccCreateTag2" }, { "Action":[ "ec2:DetachVolume", "ec2:AttachVolume" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"eccVolume1" }, { "Action":"ec2:CreateVolume", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"eccVolume2" }, { "Action":[ "ec2:ModifyVolumeAttribute", "ec2:DeleteVolume", "ec2:ModifyVolume" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"eccVolume3" }, { "Action":[ "ec2:CreateVolume", "ec2:DeleteSnapshot" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"eccVolume4snapshot1" }, { "Action":[ "ec2:CopySnapshot", "ec2:CreateSnapshot", "ec2:CreateSnapshots" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"eccSnapshot2" }, { "Action":"ec2:CreateSnapshots", "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"eccSnapshot3" }, { "Action":"ec2:CreateSnapshot", "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-sqlserver" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ], "Sid":"eccSnapshot4" }, { "Action":[ "ec2:CopyImage" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" ], "Sid":"eccAmi1" }, { "Action":[ "iam:ListInstanceProfiles", "iam:GetInstanceProfile", "iam:GetRole", "iam:ListRolePolicies", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:GetPolicy", "iam:GetPolicyVersion" ], "Effect":"Allow", "Resource":"*", "Sid":"iam1" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AWSRDSCustom*", "arn:aws:iam::*:role/service-role/AWSRDSCustom*" ], "Sid":"iam2" }, { "Action":[ "cloudtrail:GetTrailStatus" ], "Effect":"Allow", "Resource":"arn:aws:cloudtrail:*:*:trail/do-not-delete-rds-custom-*", "Sid":"cloudtrail1" }, { "Action":[ "cloudwatch:EnableAlarmActions", "cloudwatch:DeleteAlarms" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Sid":"cw1" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:TagResource" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Sid":"cw2" }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:*", "Sid":"cw3" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:document/*", "Sid":"ssm1" }, { "Action":"ssm:SendCommand", "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ssm2" }, { "Action":[ "ssm:GetCommandInvocation", "ssm:GetConnectionStatus", "ssm:DescribeInstanceInformation" ], "Effect":"Allow", "Resource":"*", "Sid":"ssm3" }, { "Action":[ "ssm:PutParameter", "ssm:AddTagsToResource" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", "Sid":"ssm4" }, { "Action":[ "ssm:DeleteParameter" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", "Sid":"ssm5" }, { "Action":[ "events:PutRule", "events:TagResource" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb1" }, { "Action":[ "events:PutTargets", "events:DescribeRule", "events:EnableRule", "events:ListTargetsByRule", "events:DeleteRule", "events:RemoveTargets", "events:DisableRule" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb2" }, { "Action":[ "events:PutRule" ], "Condition":{ "StringLike":{ "events:ManagedBy":[ "custom.rds.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb3" }, { "Action":[ "events:PutTargets", "events:EnableRule", "events:DeleteRule", "events:RemoveTargets", "events:DisableRule" ], "Condition":{ "StringLike":{ "events:ManagedBy":[ "custom.rds.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb4" }, { "Action":[ "events:DescribeRule", "events:ListTargetsByRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb5" }, { "Action":[ "secretsmanager:TagResource", "secretsmanager:CreateSecret" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "arn:aws:secretsmanager:*:*:secret:rds-custom!*" ], "Sid":"secretmanager1" }, { "Action":[ "secretsmanager:TagResource", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:PutSecretValue", "secretsmanager:RestoreSecret" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", "custom-sqlserver", "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "arn:aws:secretsmanager:*:*:secret:rds-custom!*" ], "Sid":"secretmanager2" }, { "Action":[ "secretsmanager:ListSecrets" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"secretmanager3" }, { "Action":[ "sqs:CreateQueue", "sqs:TagQueue" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-sqlserver", "custom-oracle" ] } }, "Effect":"Allow", "Resource":"arn:aws:sqs:*:*:do-not-delete-rds-custom-*", "Sid":"sqs1" }, { "Action":[ "sqs:GetQueueAttributes", "sqs:SendMessage", "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:DeleteQueue" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-sqlserver", "custom-oracle" ] } }, "Effect":"Allow", "Resource":"arn:aws:sqs:*:*:do-not-delete-rds-custom-*", "Sid":"sqs2" }, { "Action":[ "servicequotas:GetServiceQuota" ], "Effect":"Allow", "Resource":"*", "Sid":"servicequota1" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-25T23:22:06+00:00" }, "AmazonRDSDataFullAccess":{ "CreateDate":"2018-11-20T21:29:36+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "secretsmanager:GetSecretValue", "secretsmanager:PutResourcePolicy", "secretsmanager:PutSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:DescribeSecret", "secretsmanager:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:rds-db-credentials/*", "Sid":"SecretsManagerDbCredentialsAccess" }, { "Action":[ "dbqms:CreateFavoriteQuery", "dbqms:DescribeFavoriteQueries", "dbqms:UpdateFavoriteQuery", "dbqms:DeleteFavoriteQueries", "dbqms:GetQueryString", "dbqms:CreateQueryHistory", "dbqms:DescribeQueryHistory", "dbqms:UpdateQueryHistory", "dbqms:DeleteQueryHistory", "rds-data:ExecuteSql", "rds-data:ExecuteStatement", "rds-data:BatchExecuteStatement", "rds-data:BeginTransaction", "rds-data:CommitTransaction", "rds-data:RollbackTransaction", "secretsmanager:CreateSecret", "secretsmanager:ListSecrets", "secretsmanager:GetRandomPassword", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"RDSDataServiceAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-20T21:58:46+00:00" }, "AmazonRDSDirectoryServiceAccess":{ "CreateDate":"2016-02-26T02:02:05+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ds:DescribeDirectories", "ds:AuthorizeApplication", "ds:UnauthorizeApplication", "ds:GetAuthorizedApplicationDetails" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-05-15T16:51:50+00:00" }, "AmazonRDSEnhancedMonitoringRole":{ "CreateDate":"2015-11-11T19:58:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:RDS*" ], "Sid":"EnableCreationAndManagementOfRDSCloudwatchLogGroups" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:RDS*:log-stream:*" ], "Sid":"EnableCreationAndManagementOfRDSCloudwatchLogStreams" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-11-11T19:58:29+00:00" }, "AmazonRDSFullAccess":{ "CreateDate":"2015-02-06T18:40:52+00:00", "DefaultVersionId":"v14", "Document":{ "Statement":[ { "Action":[ "rds:*", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:ListMetrics", "cloudwatch:GetMetricData", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTablePermissions", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:GetCoipPoolUsage", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish", "logs:DescribeLogStreams", "logs:GetLogEvents", "outposts:GetOutpostInstanceTypes", "devops-guru:GetResourceCollection" ], "Effect":"Allow", "Resource":"*" }, { "Action":"pi:*", "Effect":"Allow", "Resource":[ "arn:aws:pi:*:*:metrics/rds/*", "arn:aws:pi:*:*:perf-reports/rds/*" ] }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":[ "rds.amazonaws.com", "rds.application-autoscaling.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "devops-guru:SearchInsights", "devops-guru:ListAnomaliesForInsight" ], "Condition":{ "ForAllValues:StringEquals":{ "devops-guru:ServiceNames":[ "RDS" ] }, "Null":{ "devops-guru:ServiceNames":"false" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-17T23:00:17+00:00" }, "AmazonRDSPerformanceInsightsFullAccess":{ "CreateDate":"2023-08-15T23:41:34+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "pi:DescribeDimensionKeys", "pi:GetDimensionKeyDetails", "pi:GetResourceMetadata", "pi:GetResourceMetrics", "pi:ListAvailableResourceDimensions", "pi:ListAvailableResourceMetrics" ], "Effect":"Allow", "Resource":"arn:aws:pi:*:*:metrics/rds/*", "Sid":"AmazonRDSPerformanceInsightsReadAccess" }, { "Action":[ "pi:CreatePerformanceAnalysisReport", "pi:GetPerformanceAnalysisReport", "pi:ListPerformanceAnalysisReports", "pi:DeletePerformanceAnalysisReport" ], "Effect":"Allow", "Resource":"arn:aws:pi:*:*:perf-reports/rds/*/*", "Sid":"AmazonRDSPerformanceInsightsAnalisysReportFullAccess" }, { "Action":[ "pi:TagResource", "pi:UntagResource", "pi:ListTagsForResource" ], "Effect":"Allow", "Resource":"arn:aws:pi:*:*:*/rds/*", "Sid":"AmazonRDSPerformanceInsightsTaggingFullAccess" }, { "Action":[ "rds:DescribeDBInstances", "rds:DescribeDBClusters" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonRDSDescribeInstanceAccess" }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonCloudWatchReadAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-23T21:14:27+00:00" }, "AmazonRDSPerformanceInsightsReadOnly":{ "CreateDate":"2022-04-05T00:02:08+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"rds:DescribeDBInstances", "Effect":"Allow", "Resource":"*", "Sid":"AmazonRDSDescribeDBInstances" }, { "Action":"rds:DescribeDBClusters", "Effect":"Allow", "Resource":"*", "Sid":"AmazonRDSDescribeDBClusters" }, { "Action":"pi:DescribeDimensionKeys", "Effect":"Allow", "Resource":"arn:aws:pi:*:*:metrics/rds/*", "Sid":"AmazonRDSPerformanceInsightsDescribeDimensionKeys" }, { "Action":"pi:GetDimensionKeyDetails", "Effect":"Allow", "Resource":"arn:aws:pi:*:*:metrics/rds/*", "Sid":"AmazonRDSPerformanceInsightsGetDimensionKeyDetails" }, { "Action":"pi:GetResourceMetadata", "Effect":"Allow", "Resource":"arn:aws:pi:*:*:metrics/rds/*", "Sid":"AmazonRDSPerformanceInsightsGetResourceMetadata" }, { "Action":"pi:GetResourceMetrics", "Effect":"Allow", "Resource":"arn:aws:pi:*:*:metrics/rds/*", "Sid":"AmazonRDSPerformanceInsightsGetResourceMetrics" }, { "Action":"pi:ListAvailableResourceDimensions", "Effect":"Allow", "Resource":"arn:aws:pi:*:*:metrics/rds/*", "Sid":"AmazonRDSPerformanceInsightsListAvailableResourceDimensions" }, { "Action":"pi:ListAvailableResourceMetrics", "Effect":"Allow", "Resource":"arn:aws:pi:*:*:metrics/rds/*", "Sid":"AmazonRDSPerformanceInsightsListAvailableResourceMetrics" }, { "Action":"pi:GetPerformanceAnalysisReport", "Effect":"Allow", "Resource":"arn:aws:pi:*:*:perf-reports/rds/*/*", "Sid":"AmazonRDSPerformanceInsightsGetPerformanceAnalysisReport" }, { "Action":"pi:ListPerformanceAnalysisReports", "Effect":"Allow", "Resource":"arn:aws:pi:*:*:perf-reports/rds/*/*", "Sid":"AmazonRDSPerformanceInsightsListPerformanceAnalysisReports" }, { "Action":"pi:ListTagsForResource", "Effect":"Allow", "Resource":"arn:aws:pi:*:*:*/rds/*", "Sid":"AmazonRDSPerformanceInsightsListTagsForResource" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-23T21:17:06+00:00" }, "AmazonRDSPreviewServiceRolePolicy":{ "CreateDate":"2018-05-31T18:02:00+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "rds:CrossRegionCommunication" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateCoipPoolPermission", "ec2:CreateLocalGatewayRouteTablePermission", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteCoipPoolPermission", "ec2:DeleteLocalGatewayRouteTablePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTablePermissions", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DisassociateAddress", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupIngress" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/rds/*" ] }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" ] }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/DocDB-Preview", "AWS/Neptune-Preview", "AWS/RDS-Preview", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:GetRandomPassword" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:DeleteSecret", "secretsmanager:DescribeSecret", "secretsmanager:PutSecretValue", "secretsmanager:RotateSecret", "secretsmanager:UpdateSecret", "secretsmanager:UpdateSecretVersionStage", "secretsmanager:ListSecretVersionIds" ], "Condition":{ "StringLike":{ "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds-preview-us-east-2" } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:rds-preview-us-east-2!*" ] }, { "Action":"secretsmanager:TagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws:rds:primaryDBInstanceArn", "aws:rds:primaryDBClusterArn" ] }, "StringLike":{ "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds-preview-us-east-2" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:rds-preview-us-east-2!*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-07T01:02:38+00:00" }, "AmazonRDSReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:53+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "rds:Describe*", "rds:ListTagsForResource", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:GetMetricData", "logs:DescribeLogStreams", "logs:GetLogEvents", "devops-guru:GetResourceCollection" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "devops-guru:SearchInsights", "devops-guru:ListAnomaliesForInsight" ], "Condition":{ "ForAllValues:StringEquals":{ "devops-guru:ServiceNames":[ "RDS" ] }, "Null":{ "devops-guru:ServiceNames":"false" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-14T12:32:09+00:00" }, "AmazonRDSServiceRolePolicy":{ "CreateDate":"2018-01-08T18:17:46+00:00", "DefaultVersionId":"v14", "Document":{ "Statement":[ { "Action":[ "rds:CrossRegionCommunication" ], "Effect":"Allow", "Resource":"*", "Sid":"CrossRegionCommunication" }, { "Action":[ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateCoipPoolPermission", "ec2:CreateLocalGatewayRouteTablePermission", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteCoipPoolPermission", "ec2:DeleteLocalGatewayRouteTablePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTablePermissions", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DisassociateAddress", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyVpcEndpoint", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupIngress", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Effect":"Allow", "Resource":"*", "Sid":"Ec2" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/rds/*", "arn:aws:logs:*:*:log-group:/aws/docdb/*", "arn:aws:logs:*:*:log-group:/aws/neptune/*" ], "Sid":"CloudWatchLogs" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" ], "Sid":"CloudWatchStreams" }, { "Action":[ "kinesis:CreateStream", "kinesis:PutRecord", "kinesis:PutRecords", "kinesis:DescribeStream", "kinesis:SplitShard", "kinesis:MergeShards", "kinesis:DeleteStream", "kinesis:UpdateShardCount" ], "Effect":"Allow", "Resource":[ "arn:aws:kinesis:*:*:stream/aws-rds-das-*" ], "Sid":"Kinesis" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/DocDB", "AWS/Neptune", "AWS/RDS", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatch" }, { "Action":[ "secretsmanager:GetRandomPassword" ], "Effect":"Allow", "Resource":"*", "Sid":"SecretsManagerPassword" }, { "Action":[ "secretsmanager:DeleteSecret", "secretsmanager:DescribeSecret", "secretsmanager:PutSecretValue", "secretsmanager:RotateSecret", "secretsmanager:UpdateSecret", "secretsmanager:UpdateSecretVersionStage", "secretsmanager:ListSecretVersionIds" ], "Condition":{ "StringLike":{ "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds" } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:rds!*" ], "Sid":"SecretsManagerSecret" }, { "Action":"secretsmanager:TagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws:rds:primaryDBInstanceArn", "aws:rds:primaryDBClusterArn" ] }, "StringLike":{ "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:rds!*", "Sid":"SecretsManagerTags" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-01T22:42:05+00:00" }, "AmazonRedshiftAllCommandsFullAccess":{ "CreateDate":"2021-11-04T00:48:08+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "sagemaker:CreateTrainingJob", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCompilationJob", "sagemaker:CreateEndpoint", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeTransformJob", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopTrainingJob", "sagemaker:DescribeEndpoint", "sagemaker:InvokeEndpoint", "sagemaker:StopProcessingJob", "sagemaker:CreateModel", "sagemaker:CreateProcessingJob" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:model/*redshift*", "arn:aws:sagemaker:*:*:training-job/*redshift*", "arn:aws:sagemaker:*:*:automl-job/*redshift*", "arn:aws:sagemaker:*:*:compilation-job/*redshift*", "arn:aws:sagemaker:*:*:processing-job/*redshift*", "arn:aws:sagemaker:*:*:transform-job/*redshift*", "arn:aws:sagemaker:*:*:endpoint/*redshift*" ] }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/sagemaker/Endpoints/*redshift*", "arn:aws:logs:*:*:log-group:/aws/sagemaker/ProcessingJobs/*redshift*", "arn:aws:logs:*:*:log-group:/aws/sagemaker/TrainingJobs/*redshift*", "arn:aws:logs:*:*:log-group:/aws/sagemaker/TransformJobs/*redshift*" ] }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "SageMaker", "/aws/sagemaker/Endpoints", "/aws/sagemaker/ProcessingJobs", "/aws/sagemaker/TrainingJobs", "/aws/sagemaker/TransformJobs" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject", "s3:GetBucketAcl", "s3:GetBucketCors", "s3:GetEncryptionConfiguration", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:ListMultipartUploadParts", "s3:ListBucketMultipartUploads", "s3:PutObject", "s3:PutBucketAcl", "s3:PutBucketCors", "s3:DeleteObject", "s3:AbortMultipartUpload", "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::redshift-downloads", "arn:aws:s3:::redshift-downloads/*", "arn:aws:s3:::*redshift*", "arn:aws:s3:::*redshift*/*" ] }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/Redshift":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "dynamodb:Scan", "dynamodb:DescribeTable", "dynamodb:Getitem" ], "Effect":"Allow", "Resource":[ "arn:aws:dynamodb:*:*:table/*redshift*", "arn:aws:dynamodb:*:*:table/*redshift*/index/*" ] }, { "Action":[ "elasticmapreduce:ListInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticmapreduce:*:*:cluster/*redshift*" ] }, { "Action":[ "elasticmapreduce:ListInstances" ], "Condition":{ "StringEqualsIgnoreCase":{ "elasticmapreduce:ResourceTag/Redshift":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:*redshift*" }, { "Action":[ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetDatabase", "glue:GetDatabases", "glue:UpdateDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:GetTable", "glue:GetTables", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/*redshift*/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*redshift*" ] }, { "Action":[ "secretsmanager:GetResourcePolicy", "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds" ], "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:*redshift*" ] }, { "Action":[ "secretsmanager:GetRandomPassword", "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "redshift.amazonaws.com", "glue.amazonaws.com", "sagemaker.amazonaws.com", "athena.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-25T02:27:31+00:00" }, "AmazonRedshiftDataFullAccess":{ "CreateDate":"2020-09-09T19:23:55+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "redshift-data:BatchExecuteStatement", "redshift-data:ExecuteStatement", "redshift-data:CancelStatement", "redshift-data:ListStatements", "redshift-data:GetStatementResult", "redshift-data:DescribeStatement", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-data:DescribeTable" ], "Effect":"Allow", "Resource":"*", "Sid":"DataAPIPermissions" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringLike":{ "secretsmanager:ResourceTag/RedshiftDataFullAccess":"*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:*", "Sid":"SecretsManagerPermissions" }, { "Action":"redshift:GetClusterCredentials", "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:dbname:*/*", "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" ], "Sid":"GetCredentialsForAPIUser" }, { "Action":"redshift:GetClusterCredentialsWithIAM", "Effect":"Allow", "Resource":"arn:aws:redshift:*:*:dbname:*/*", "Sid":"GetCredentialsWithFederatedIAMCredentials" }, { "Action":"redshift-serverless:GetCredentials", "Condition":{ "StringLike":{ "aws:ResourceTag/RedshiftDataFullAccess":"*" } }, "Effect":"Allow", "Resource":"arn:aws:redshift-serverless:*:*:workgroup/*", "Sid":"GetCredentialsForServerless" }, { "Action":"redshift:CreateClusterUser", "Effect":"Deny", "Resource":[ "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" ], "Sid":"DenyCreateAPIUser" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"redshift-data.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/redshift-data.amazonaws.com/AWSServiceRoleForRedshift", "Sid":"ServiceLinkedRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-07T18:18:32+00:00" }, "AmazonRedshiftFullAccess":{ "CreateDate":"2015-02-06T18:40:50+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "redshift:*", "redshift-serverless:*", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "sns:CreateTopic", "sns:Get*", "sns:List*", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "cloudwatch:PutMetricAlarm", "cloudwatch:EnableAlarmActions", "cloudwatch:DisableAlarmActions", "tag:GetResources", "tag:UntagResources", "tag:GetTagValues", "tag:GetTagKeys", "tag:TagResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"redshift.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift" }, { "Action":[ "redshift-data:ExecuteStatement", "redshift-data:CancelStatement", "redshift-data:ListStatements", "redshift-data:GetStatementResult", "redshift-data:DescribeStatement", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-data:DescribeTable" ], "Effect":"Allow", "Resource":"*", "Sid":"DataAPIPermissions" }, { "Action":[ "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*", "Sid":"SecretsManagerListPermissions" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:TagResource" ], "Condition":{ "StringLike":{ "secretsmanager:ResourceTag/RedshiftDataFullAccess":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"SecretsManagerCreateGetPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-07T23:31:13+00:00" }, "AmazonRedshiftQueryEditor":{ "CreateDate":"2018-10-04T22:50:32+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "redshift:GetClusterCredentials", "redshift:ListSchemas", "redshift:ListTables", "redshift:ListDatabases", "redshift:ExecuteQuery", "redshift:FetchResults", "redshift:CancelQuery", "redshift:DescribeClusters", "redshift:DescribeQuery", "redshift:DescribeTable", "redshift:ViewQueriesFromConsole", "redshift:DescribeSavedQueries", "redshift:CreateSavedQuery", "redshift:DeleteSavedQueries", "redshift:ModifySavedQuery" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "redshift-data:ExecuteStatement", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-data:DescribeTable" ], "Effect":"Allow", "Resource":"*", "Sid":"DataAPIPermissions" }, { "Action":[ "redshift-data:GetStatementResult", "redshift-data:CancelStatement", "redshift-data:DescribeStatement", "redshift-data:ListStatements" ], "Condition":{ "StringEquals":{ "redshift-data:statement-owner-iam-userid":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DataAPIIAMSessionPermissionsRestriction" }, { "Action":[ "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*", "Sid":"SecretsManagerListPermissions" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:TagResource" ], "Condition":{ "StringEquals":{ "secretsmanager:ResourceTag/RedshiftQueryOwner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:*", "Sid":"SecretsManagerCreateGetPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-16T19:33:45+00:00" }, "AmazonRedshiftQueryEditorV2FullAccess":{ "CreateDate":"2021-09-24T14:06:02+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "redshift:DescribeClusters", "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftPermissions" }, { "Action":[ "kms:DescribeKey", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"KeyManagementServicePermissions" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:sqlworkbench!*", "Sid":"SecretsManagerPermissions" }, { "Action":[ "tag:GetResources" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"sqlworkbench.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"ResourceGroupsTaggingPermissions" }, { "Action":"sqlworkbench:*", "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2Permissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-21T17:20:52+00:00" }, "AmazonRedshiftQueryEditorV2NoSharing":{ "CreateDate":"2021-09-24T14:18:42+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "redshift:DescribeClusters", "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftPermissions" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:TagResource" ], "Condition":{ "StringEquals":{ "secretsmanager:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:sqlworkbench!*", "Sid":"SecretsManagerPermissions" }, { "Action":[ "tag:GetResources" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"sqlworkbench.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"ResourceGroupsTaggingPermissions" }, { "Action":[ "sqlworkbench:CreateFolder", "sqlworkbench:PutTab", "sqlworkbench:BatchDeleteFolder", "sqlworkbench:DeleteTab", "sqlworkbench:GenerateSession", "sqlworkbench:GetAccountInfo", "sqlworkbench:GetAccountSettings", "sqlworkbench:GetUserInfo", "sqlworkbench:GetUserWorkspaceSettings", "sqlworkbench:PutUserWorkspaceSettings", "sqlworkbench:ListConnections", "sqlworkbench:ListFiles", "sqlworkbench:ListTabs", "sqlworkbench:UpdateFolder", "sqlworkbench:ListRedshiftClusters", "sqlworkbench:DriverExecute", "sqlworkbench:ListTaggedResources", "sqlworkbench:ListQueryExecutionHistory", "sqlworkbench:GetQueryExecutionHistory", "sqlworkbench:ListNotebooks", "sqlworkbench:GetSchemaInference", "sqlworkbench:GetAutocompletionMetadata", "sqlworkbench:GetAutocompletionResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2NonResourceLevelPermissions" }, { "Action":[ "sqlworkbench:CreateConnection", "sqlworkbench:CreateSavedQuery", "sqlworkbench:CreateChart", "sqlworkbench:CreateNotebook", "sqlworkbench:DuplicateNotebook", "sqlworkbench:CreateNotebookFromVersion", "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2CreateOwnedResourcePermissions" }, { "Action":[ "sqlworkbench:DeleteChart", "sqlworkbench:DeleteConnection", "sqlworkbench:DeleteSavedQuery", "sqlworkbench:GetChart", "sqlworkbench:GetConnection", "sqlworkbench:GetSavedQuery", "sqlworkbench:ListSavedQueryVersions", "sqlworkbench:UpdateChart", "sqlworkbench:UpdateConnection", "sqlworkbench:UpdateSavedQuery", "sqlworkbench:AssociateConnectionWithTab", "sqlworkbench:AssociateQueryWithTab", "sqlworkbench:AssociateConnectionWithChart", "sqlworkbench:AssociateNotebookWithTab", "sqlworkbench:UpdateFileFolder", "sqlworkbench:ListTagsForResource", "sqlworkbench:GetNotebook", "sqlworkbench:UpdateNotebook", "sqlworkbench:DeleteNotebook", "sqlworkbench:DuplicateNotebook", "sqlworkbench:CreateNotebookCell", "sqlworkbench:DeleteNotebookCell", "sqlworkbench:UpdateNotebookCellContent", "sqlworkbench:UpdateNotebookCellLayout", "sqlworkbench:BatchGetNotebookCell", "sqlworkbench:ListNotebookVersions", "sqlworkbench:CreateNotebookVersion", "sqlworkbench:GetNotebookVersion", "sqlworkbench:DeleteNotebookVersion", "sqlworkbench:RestoreNotebookVersion", "sqlworkbench:CreateNotebookFromVersion", "sqlworkbench:ExportNotebook", "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2OwnerSpecificPermissions" }, { "Action":"sqlworkbench:TagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"sqlworkbench-resource-owner" }, "StringEquals":{ "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}", "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2TagOnlyUserIdPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-21T17:25:07+00:00" }, "AmazonRedshiftQueryEditorV2ReadSharing":{ "CreateDate":"2021-09-24T14:22:21+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "redshift:DescribeClusters", "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftPermissions" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:TagResource" ], "Condition":{ "StringEquals":{ "secretsmanager:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:sqlworkbench!*", "Sid":"SecretsManagerPermissions" }, { "Action":[ "tag:GetResources" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"sqlworkbench.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"ResourceGroupsTaggingPermissions" }, { "Action":[ "sqlworkbench:CreateFolder", "sqlworkbench:PutTab", "sqlworkbench:BatchDeleteFolder", "sqlworkbench:DeleteTab", "sqlworkbench:GenerateSession", "sqlworkbench:GetAccountInfo", "sqlworkbench:GetAccountSettings", "sqlworkbench:GetUserInfo", "sqlworkbench:GetUserWorkspaceSettings", "sqlworkbench:PutUserWorkspaceSettings", "sqlworkbench:ListConnections", "sqlworkbench:ListFiles", "sqlworkbench:ListTabs", "sqlworkbench:UpdateFolder", "sqlworkbench:ListRedshiftClusters", "sqlworkbench:DriverExecute", "sqlworkbench:ListTaggedResources", "sqlworkbench:ListQueryExecutionHistory", "sqlworkbench:GetQueryExecutionHistory", "sqlworkbench:ListNotebooks", "sqlworkbench:GetSchemaInference", "sqlworkbench:GetAutocompletionMetadata", "sqlworkbench:GetAutocompletionResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2NonResourceLevelPermissions" }, { "Action":[ "sqlworkbench:CreateConnection", "sqlworkbench:CreateSavedQuery", "sqlworkbench:CreateChart", "sqlworkbench:CreateNotebook", "sqlworkbench:DuplicateNotebook", "sqlworkbench:CreateNotebookFromVersion", "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2CreateOwnedResourcePermissions" }, { "Action":[ "sqlworkbench:DeleteChart", "sqlworkbench:DeleteConnection", "sqlworkbench:DeleteSavedQuery", "sqlworkbench:GetChart", "sqlworkbench:GetConnection", "sqlworkbench:GetSavedQuery", "sqlworkbench:ListSavedQueryVersions", "sqlworkbench:UpdateChart", "sqlworkbench:UpdateConnection", "sqlworkbench:UpdateSavedQuery", "sqlworkbench:AssociateConnectionWithTab", "sqlworkbench:AssociateQueryWithTab", "sqlworkbench:AssociateConnectionWithChart", "sqlworkbench:AssociateNotebookWithTab", "sqlworkbench:UpdateFileFolder", "sqlworkbench:ListTagsForResource", "sqlworkbench:GetNotebook", "sqlworkbench:UpdateNotebook", "sqlworkbench:DeleteNotebook", "sqlworkbench:DuplicateNotebook", "sqlworkbench:CreateNotebookCell", "sqlworkbench:DeleteNotebookCell", "sqlworkbench:UpdateNotebookCellContent", "sqlworkbench:UpdateNotebookCellLayout", "sqlworkbench:BatchGetNotebookCell", "sqlworkbench:ListNotebookVersions", "sqlworkbench:CreateNotebookVersion", "sqlworkbench:GetNotebookVersion", "sqlworkbench:DeleteNotebookVersion", "sqlworkbench:RestoreNotebookVersion", "sqlworkbench:CreateNotebookFromVersion", "sqlworkbench:ExportNotebook", "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2OwnerSpecificPermissions" }, { "Action":"sqlworkbench:TagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"sqlworkbench-resource-owner" }, "StringEquals":{ "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}", "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2TagOnlyUserIdPermissions" }, { "Action":[ "sqlworkbench:GetChart", "sqlworkbench:GetConnection", "sqlworkbench:GetSavedQuery", "sqlworkbench:ListSavedQueryVersions", "sqlworkbench:ListTagsForResource", "sqlworkbench:AssociateQueryWithTab", "sqlworkbench:AssociateNotebookWithTab", "sqlworkbench:GetNotebook", "sqlworkbench:DuplicateNotebook", "sqlworkbench:BatchGetNotebookCell", "sqlworkbench:ListNotebookVersions", "sqlworkbench:GetNotebookVersion", "sqlworkbench:CreateNotebookFromVersion", "sqlworkbench:ExportNotebook" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/sqlworkbench-team":"${aws:PrincipalTag/sqlworkbench-team}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2TeamReadAccessPermissions" }, { "Action":"sqlworkbench:TagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"sqlworkbench-team" }, "StringEquals":{ "aws:RequestTag/sqlworkbench-team":"${aws:PrincipalTag/sqlworkbench-team}", "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2TagOnlyTeamPermissions" }, { "Action":"sqlworkbench:UntagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"sqlworkbench-team" }, "StringEquals":{ "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2UntagOnlyTeamPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-21T17:27:40+00:00" }, "AmazonRedshiftQueryEditorV2ReadWriteSharing":{ "CreateDate":"2021-09-24T14:25:37+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "redshift:DescribeClusters", "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftPermissions" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:TagResource" ], "Condition":{ "StringEquals":{ "secretsmanager:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:sqlworkbench!*", "Sid":"SecretsManagerPermissions" }, { "Action":[ "tag:GetResources" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"sqlworkbench.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"ResourceGroupsTaggingPermissions" }, { "Action":[ "sqlworkbench:CreateFolder", "sqlworkbench:PutTab", "sqlworkbench:BatchDeleteFolder", "sqlworkbench:DeleteTab", "sqlworkbench:GenerateSession", "sqlworkbench:GetAccountInfo", "sqlworkbench:GetAccountSettings", "sqlworkbench:GetUserInfo", "sqlworkbench:GetUserWorkspaceSettings", "sqlworkbench:PutUserWorkspaceSettings", "sqlworkbench:ListConnections", "sqlworkbench:ListFiles", "sqlworkbench:ListTabs", "sqlworkbench:UpdateFolder", "sqlworkbench:ListRedshiftClusters", "sqlworkbench:DriverExecute", "sqlworkbench:ListTaggedResources", "sqlworkbench:ListQueryExecutionHistory", "sqlworkbench:GetQueryExecutionHistory", "sqlworkbench:ListNotebooks", "sqlworkbench:GetSchemaInference", "sqlworkbench:GetAutocompletionMetadata", "sqlworkbench:GetAutocompletionResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2NonResourceLevelPermissions" }, { "Action":[ "sqlworkbench:CreateConnection", "sqlworkbench:CreateSavedQuery", "sqlworkbench:CreateChart", "sqlworkbench:CreateNotebook", "sqlworkbench:DuplicateNotebook", "sqlworkbench:CreateNotebookFromVersion", "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2CreateOwnedResourcePermissions" }, { "Action":[ "sqlworkbench:DeleteChart", "sqlworkbench:DeleteConnection", "sqlworkbench:DeleteSavedQuery", "sqlworkbench:GetChart", "sqlworkbench:GetConnection", "sqlworkbench:GetSavedQuery", "sqlworkbench:ListSavedQueryVersions", "sqlworkbench:UpdateChart", "sqlworkbench:UpdateConnection", "sqlworkbench:UpdateSavedQuery", "sqlworkbench:AssociateConnectionWithTab", "sqlworkbench:AssociateQueryWithTab", "sqlworkbench:AssociateConnectionWithChart", "sqlworkbench:AssociateNotebookWithTab", "sqlworkbench:UpdateFileFolder", "sqlworkbench:ListTagsForResource", "sqlworkbench:GetNotebook", "sqlworkbench:UpdateNotebook", "sqlworkbench:DeleteNotebook", "sqlworkbench:DuplicateNotebook", "sqlworkbench:CreateNotebookCell", "sqlworkbench:DeleteNotebookCell", "sqlworkbench:UpdateNotebookCellContent", "sqlworkbench:UpdateNotebookCellLayout", "sqlworkbench:BatchGetNotebookCell", "sqlworkbench:ListNotebookVersions", "sqlworkbench:CreateNotebookVersion", "sqlworkbench:GetNotebookVersion", "sqlworkbench:DeleteNotebookVersion", "sqlworkbench:RestoreNotebookVersion", "sqlworkbench:CreateNotebookFromVersion", "sqlworkbench:ExportNotebook", "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2OwnerSpecificPermissions" }, { "Action":"sqlworkbench:TagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"sqlworkbench-resource-owner" }, "StringEquals":{ "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}", "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2TagOnlyUserIdPermissions" }, { "Action":[ "sqlworkbench:GetChart", "sqlworkbench:GetConnection", "sqlworkbench:GetSavedQuery", "sqlworkbench:ListSavedQueryVersions", "sqlworkbench:ListTagsForResource", "sqlworkbench:UpdateChart", "sqlworkbench:UpdateConnection", "sqlworkbench:UpdateSavedQuery", "sqlworkbench:AssociateConnectionWithTab", "sqlworkbench:AssociateQueryWithTab", "sqlworkbench:AssociateConnectionWithChart", "sqlworkbench:AssociateNotebookWithTab", "sqlworkbench:GetNotebook", "sqlworkbench:DuplicateNotebook", "sqlworkbench:BatchGetNotebookCell", "sqlworkbench:ListNotebookVersions", "sqlworkbench:GetNotebookVersion", "sqlworkbench:CreateNotebookFromVersion", "sqlworkbench:ExportNotebook" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/sqlworkbench-team":"${aws:PrincipalTag/sqlworkbench-team}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2TeamReadWriteAccessPermissions" }, { "Action":"sqlworkbench:TagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"sqlworkbench-team" }, "StringEquals":{ "aws:RequestTag/sqlworkbench-team":"${aws:PrincipalTag/sqlworkbench-team}", "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2TagOnlyTeamPermissions" }, { "Action":"sqlworkbench:UntagResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"sqlworkbench-team" }, "StringEquals":{ "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftQueryEditorV2UntagOnlyTeamPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-21T17:30:28+00:00" }, "AmazonRedshiftReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:51+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "redshift:Describe*", "redshift:ListRecommendations", "redshift:ViewQueriesInConsole", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "sns:Get*", "sns:List*", "cloudwatch:Describe*", "cloudwatch:List*", "cloudwatch:Get*" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonRedshiftReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-08T00:24:13+00:00" }, "AmazonRedshiftServiceLinkedRolePolicy":{ "CreateDate":"2017-09-18T19:19:45+00:00", "DefaultVersionId":"v15", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAddresses", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:CreateVpcEndpoint", "ec2:DeleteVpcEndpoints", "ec2:DescribeVpcEndpoints", "ec2:ModifyVpcEndpoint" ], "Effect":"Allow", "Resource":"*", "Sid":"Ec2VpcPermissions" }, { "Action":[ "ec2:AllocateAddress" ], "Condition":{ "StringEquals":{ "aws:RequestTag/Redshift":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:elastic-ip/*" ], "Sid":"PublicAccessCreateEip" }, { "Action":[ "ec2:ReleaseAddress" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/Redshift":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:elastic-ip/*" ], "Sid":"PublicAccessReleaseEip" }, { "Action":[ "logs:CreateLogGroup", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/redshift/*" ], "Sid":"EnableCreationAndManagementOfRedshiftCloudwatchLogGroups" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/redshift/*:log-stream:*" ], "Sid":"EnableCreationAndManagementOfRedshiftCloudwatchLogStreams" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/Redshift":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateSecurityGroupWithTags" }, { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:ModifySecurityGroupRules", "ec2:DeleteSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/Redshift":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"SecurityGroupPermissions" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*" ], "Sid":"CreateSecurityGroup" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateVpc", "CreateSecurityGroup", "CreateSubnet", "CreateInternetGateway", "CreateRouteTable", "AllocateAddress" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:internet-gateway/*", "arn:aws:ec2:*:*:elastic-ip/*" ], "Sid":"CreateTagsOnResources" }, { "Action":[ "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroupRules", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkAcls", "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":"*", "Sid":"VPCPermissions" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/Redshift-Serverless", "AWS/Redshift" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatch" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:PutSecretValue", "secretsmanager:UpdateSecret", "secretsmanager:UpdateSecretVersionStage", "secretsmanager:RotateSecret" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"redshift" } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:redshift!*" ], "Sid":"SecretManager" }, { "Action":[ "secretsmanager:GetRandomPassword" ], "Effect":"Allow", "Resource":"*", "Sid":"SecretsManagerRandomPassword" }, { "Action":[ "ec2:AssignIpv6Addresses", "ec2:UnassignIpv6Addresses" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"IPV6Permissions" }, { "Action":[ "servicequotas:GetServiceQuota" ], "Effect":"Allow", "Resource":[ "arn:aws:servicequotas:*:*:ec2/L-0263D0A3", "arn:aws:servicequotas:*:*:vpc/L-29B6F2EB" ], "Sid":"ServiceQuotasToCheckCustomerLimits" }, { "Action":[ "glue:GetCatalog", "glue:GetCatalogs" ], "Condition":{ "Bool":{ "glue:EnabledForRedshiftAutoDiscovery":"true" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*" ], "Sid":"DiscoverRedshiftCatalogs" }, { "Action":[ "lakeformation:GetDataAccess" ], "Condition":{ "Bool":{ "lakeformation:EnabledOnlyForMetaDataAccess":"true" }, "ForAnyValue:StringEquals":{ "aws:CalledVia":"glue.amazonaws.com" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"LakeFormationGetMetadataAccessForFederatedCatalogs" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-19T17:22:07+00:00" }, "AmazonRekognitionCustomLabelsFullAccess":{ "CreateDate":"2020-01-08T19:18:34+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectTagging", "s3:GetObjectVersion", "s3:PutObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*custom-labels*" }, { "Action":[ "rekognition:CreateProject", "rekognition:CreateProjectVersion", "rekognition:StartProjectVersion", "rekognition:StopProjectVersion", "rekognition:DescribeProjects", "rekognition:DescribeProjectVersions", "rekognition:DetectCustomLabels", "rekognition:DeleteProject", "rekognition:DeleteProjectVersion", "rekognition:TagResource", "rekognition:UntagResource", "rekognition:ListTagsForResource", "rekognition:CreateDataset", "rekognition:ListDatasetEntries", "rekognition:ListDatasetLabels", "rekognition:DescribeDataset", "rekognition:UpdateDatasetEntries", "rekognition:DistributeDatasetEntries", "rekognition:DeleteDataset", "rekognition:CopyProjectVersion", "rekognition:PutProjectPolicy", "rekognition:ListProjectPolicies", "rekognition:DeleteProjectPolicy" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-16T20:20:43+00:00" }, "AmazonRekognitionFullAccess":{ "CreateDate":"2016-11-30T14:40:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "rekognition:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-11-30T14:40:44+00:00" }, "AmazonRekognitionReadOnlyAccess":{ "CreateDate":"2016-11-30T14:58:06+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "rekognition:CompareFaces", "rekognition:DetectFaces", "rekognition:DetectLabels", "rekognition:ListCollections", "rekognition:ListFaces", "rekognition:SearchFaces", "rekognition:SearchFacesByImage", "rekognition:DetectText", "rekognition:GetCelebrityInfo", "rekognition:RecognizeCelebrities", "rekognition:DetectModerationLabels", "rekognition:GetLabelDetection", "rekognition:GetFaceDetection", "rekognition:GetContentModeration", "rekognition:GetPersonTracking", "rekognition:GetCelebrityRecognition", "rekognition:GetFaceSearch", "rekognition:GetTextDetection", "rekognition:GetSegmentDetection", "rekognition:DescribeStreamProcessor", "rekognition:ListStreamProcessors", "rekognition:DescribeProjects", "rekognition:DescribeProjectVersions", "rekognition:DetectCustomLabels", "rekognition:DetectProtectiveEquipment", "rekognition:ListTagsForResource", "rekognition:ListDatasetEntries", "rekognition:ListDatasetLabels", "rekognition:DescribeDataset", "rekognition:ListProjectPolicies", "rekognition:ListUsers", "rekognition:SearchUsers", "rekognition:SearchUsersByImage", "rekognition:GetMediaAnalysisJob", "rekognition:ListMediaAnalysisJobs" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonRekognitionReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-08T18:30:22+00:00" }, "AmazonRekognitionServiceRole":{ "CreateDate":"2017-11-29T16:52:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:AmazonRekognition*" }, { "Action":[ "kinesis:PutRecord", "kinesis:PutRecords" ], "Effect":"Allow", "Resource":"arn:aws:kinesis:*:*:stream/AmazonRekognition*" }, { "Action":[ "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetMedia" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-29T16:52:13+00:00" }, "AmazonRoute53AutoNamingFullAccess":{ "CreateDate":"2018-01-18T18:40:41+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "route53:GetHostedZone", "route53:ListHostedZonesByName", "route53:CreateHostedZone", "route53:DeleteHostedZone", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:GetHealthCheck", "route53:DeleteHealthCheck", "route53:UpdateHealthCheck", "ec2:DescribeVpcs", "ec2:DescribeRegions", "servicediscovery:*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-01-18T18:40:41+00:00" }, "AmazonRoute53AutoNamingReadOnlyAccess":{ "CreateDate":"2018-01-18T03:02:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "servicediscovery:Get*", "servicediscovery:List*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-01-18T03:02:59+00:00" }, "AmazonRoute53AutoNamingRegistrantAccess":{ "CreateDate":"2018-03-12T22:33:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "route53:GetHostedZone", "route53:ListHostedZonesByName", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:GetHealthCheck", "route53:DeleteHealthCheck", "route53:UpdateHealthCheck", "servicediscovery:Get*", "servicediscovery:List*", "servicediscovery:RegisterInstance", "servicediscovery:DeregisterInstance" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-03-12T22:33:20+00:00" }, "AmazonRoute53DomainsFullAccess":{ "CreateDate":"2015-02-06T18:40:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "route53:CreateHostedZone", "route53domains:*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:56+00:00" }, "AmazonRoute53DomainsReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "route53domains:Get*", "route53domains:List*" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:57+00:00" }, "AmazonRoute53FullAccess":{ "CreateDate":"2015-02-06T18:40:54+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "route53:*", "route53domains:*", "cloudfront:ListDistributions", "elasticloadbalancing:DescribeLoadBalancers", "elasticbeanstalk:DescribeEnvironments", "s3:ListBucket", "s3:GetBucketLocation", "s3:GetBucketWebsite", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeRegions", "sns:ListTopics", "sns:ListSubscriptionsByTopic", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*" }, { "Action":"apigateway:GET", "Effect":"Allow", "Resource":"arn:aws:apigateway:*::/domainnames" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-12-20T21:42:00+00:00" }, "AmazonRoute53ProfilesFullAccess":{ "CreateDate":"2024-04-30T18:30:29+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "route53profiles:AssociateProfile", "route53profiles:AssociateResourceToProfile", "route53profiles:CreateProfile", "route53profiles:DeleteProfile", "route53profiles:DisassociateProfile", "route53profiles:DisassociateResourceFromProfile", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:GetProfilePolicy", "route53profiles:GetProfileResourceAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfileResourceAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "route53profiles:PutProfilePolicy", "route53profiles:TagResource", "route53profiles:UntagResource", "route53profiles:UpdateProfileResourceAssociation", "route53resolver:GetFirewallConfig", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetResolverConfig", "route53resolver:GetResolverDnssecConfig", "route53resolver:GetResolverQueryLogConfig", "route53resolver:GetResolverRule", "ec2:DescribeVpcs", "route53:GetHostedZone" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmazonRoute53ProfilesFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-27T19:18:18+00:00" }, "AmazonRoute53ProfilesReadOnlyAccess":{ "CreateDate":"2024-04-30T18:29:25+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:GetProfilePolicy", "route53profiles:GetProfileResourceAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfileResourceAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "route53resolver:GetFirewallConfig", "route53resolver:GetResolverConfig", "route53resolver:GetResolverDnssecConfig", "route53resolver:GetResolverQueryLogConfig" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmazonRoute53ProfilesReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-27T18:59:57+00:00" }, "AmazonRoute53ReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:55+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "route53:Get*", "route53:List*", "route53:TestDNSAnswer" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-11-15T21:15:16+00:00" }, "AmazonRoute53RecoveryClusterFullAccess":{ "CreateDate":"2021-08-18T18:37:00+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "route53-recovery-cluster:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-18T18:37:00+00:00" }, "AmazonRoute53RecoveryClusterReadOnlyAccess":{ "CreateDate":"2021-08-18T17:36:01+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "route53-recovery-cluster:GetRoutingControlState", "route53-recovery-cluster:ListRoutingControls" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-01T17:37:55+00:00" }, "AmazonRoute53RecoveryControlConfigFullAccess":{ "CreateDate":"2021-08-18T17:48:35+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "route53-recovery-control-config:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-18T17:48:35+00:00" }, "AmazonRoute53RecoveryControlConfigReadOnlyAccess":{ "CreateDate":"2021-08-18T18:01:12+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "route53-recovery-control-config:DescribeCluster", "route53-recovery-control-config:DescribeControlPanel", "route53-recovery-control-config:DescribeRoutingControl", "route53-recovery-control-config:DescribeRoutingControlByName", "route53-recovery-control-config:DescribeSafetyRule", "route53-recovery-control-config:GetResourcePolicy", "route53-recovery-control-config:ListAssociatedRoute53HealthChecks", "route53-recovery-control-config:ListClusters", "route53-recovery-control-config:ListControlPanels", "route53-recovery-control-config:ListRoutingControls", "route53-recovery-control-config:ListSafetyRules", "route53-recovery-control-config:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-18T17:15:33+00:00" }, "AmazonRoute53RecoveryReadinessFullAccess":{ "CreateDate":"2021-08-18T16:45:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "route53-recovery-readiness:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-18T16:45:07+00:00" }, "AmazonRoute53RecoveryReadinessReadOnlyAccess":{ "CreateDate":"2021-08-18T18:11:33+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "route53-recovery-readiness:GetCell", "route53-recovery-readiness:GetReadinessCheck", "route53-recovery-readiness:GetReadinessCheckResourceStatus", "route53-recovery-readiness:GetReadinessCheckStatus", "route53-recovery-readiness:GetRecoveryGroup", "route53-recovery-readiness:GetRecoveryGroupReadinessSummary", "route53-recovery-readiness:GetResourceSet", "route53-recovery-readiness:ListCells", "route53-recovery-readiness:ListCrossAccountAuthorizations", "route53-recovery-readiness:ListReadinessChecks", "route53-recovery-readiness:ListRecoveryGroups", "route53-recovery-readiness:ListResourceSets", "route53-recovery-readiness:ListRules", "route53-recovery-readiness:ListTagsForResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "route53-recovery-readiness:GetArchitectureRecommendations", "route53-recovery-readiness:GetCellReadinessSummary" ], "Effect":"Allow", "Resource":"arn:aws:route53-recovery-readiness::*:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-09T20:14:51+00:00" }, "AmazonRoute53ResolverFullAccess":{ "CreateDate":"2019-05-30T18:10:50+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "route53resolver:*", "ec2:DescribeSubnets", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmazonRoute53ResolverFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-05T20:06:08+00:00" }, "AmazonRoute53ResolverReadOnlyAccess":{ "CreateDate":"2019-05-30T18:11:31+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "route53resolver:Get*", "route53resolver:List*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmazonRoute53ResolverReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-05T18:54:11+00:00" }, "AmazonS3FullAccess":{ "CreateDate":"2015-02-06T18:40:58+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:*", "s3-object-lambda:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-27T20:16:37+00:00" }, "AmazonS3ObjectLambdaExecutionRolePolicy":{ "CreateDate":"2021-08-18T10:07:41+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "s3-object-lambda:WriteGetObjectResponse" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-18T10:07:41+00:00" }, "AmazonS3OutpostsFullAccess":{ "CreateDate":"2020-10-02T17:26:30+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"s3-outposts:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "datasync:ListTasks", "datasync:ListLocations", "datasync:DescribeTask", "datasync:DescribeLocation*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "outposts:ListOutposts", "outposts:GetOutpost" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-02T17:26:30+00:00" }, "AmazonS3OutpostsReadOnlyAccess":{ "CreateDate":"2020-10-02T18:55:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3-outposts:Get*", "s3-outposts:List*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "datasync:ListTasks", "datasync:ListLocations", "datasync:DescribeTask", "datasync:DescribeLocation*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "outposts:ListOutposts", "outposts:GetOutpost" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-02T18:55:58+00:00" }, "AmazonS3ReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:59+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "s3:Get*", "s3:List*", "s3:Describe*", "s3-object-lambda:Get*", "s3-object-lambda:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-10T21:31:39+00:00" }, "AmazonS3TablesFullAccess":{ "CreateDate":"2024-12-03T15:21:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3tables:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-03T15:21:07+00:00" }, "AmazonS3TablesReadOnlyAccess":{ "CreateDate":"2024-12-03T15:21:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3tables:Get*", "s3tables:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-03T15:21:06+00:00" }, "AmazonSESFullAccess":{ "CreateDate":"2015-02-06T18:41:02+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ses:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:02+00:00" }, "AmazonSESReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:03+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ses:Get*", "ses:List*", "ses:BatchGetMetricData" ], "Effect":"Allow", "Resource":"*", "Sid":"SESReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-14T12:03:02+00:00" }, "AmazonSESServiceRolePolicy":{ "CreateDate":"2024-05-21T16:02:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringLike":{ "cloudwatch:namespace":[ "AWS/SES", "AWS/SES/MailManager", "AWS/SES/Addons" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPutMetricDataToSESCloudWatchNamespaces" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-21T16:02:20+00:00" }, "AmazonSNSFullAccess":{ "CreateDate":"2015-02-06T18:41:05+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"sns:*", "Effect":"Allow", "Resource":"*", "Sid":"SNSFullAccess" }, { "Action":[ "sms-voice:DescribeVerifiedDestinationNumbers", "sms-voice:CreateVerifiedDestinationNumber", "sms-voice:SendDestinationNumberVerificationCode", "sms-voice:SendTextMessage", "sms-voice:DeleteVerifiedDestinationNumber", "sms-voice:VerifyDestinationNumber", "sms-voice:DescribeAccountAttributes", "sms-voice:DescribeSpendLimits", "sms-voice:DescribePhoneNumbers", "sms-voice:SetTextMessageSpendLimitOverride", "sms-voice:DescribeOptedOutNumbers", "sms-voice:DeleteOptedOutNumber" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"sns.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"SMSAccessViaSNS" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-24T22:32:05+00:00" }, "AmazonSNSReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "sns:GetTopicAttributes", "sns:List*", "sns:CheckIfPhoneNumberIsOptedOut", "sns:GetEndpointAttributes", "sns:GetDataProtectionPolicy", "sns:GetPlatformApplicationAttributes", "sns:GetSMSAttributes", "sns:GetSMSSandboxAccountStatus", "sns:GetSubscriptionAttributes" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSReadOnlyAccess" }, { "Action":[ "sms-voice:DescribeVerifiedDestinationNumbers", "sms-voice:DescribeAccountAttributes", "sms-voice:DescribeSpendLimits", "sms-voice:DescribePhoneNumbers", "sms-voice:DescribeOptedOutNumbers" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"sns.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"SMSAccessViaSNS" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-24T22:13:12+00:00" }, "AmazonSNSRole":{ "CreateDate":"2015-02-06T18:41:30+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:PutMetricFilter", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:30+00:00" }, "AmazonSQSFullAccess":{ "CreateDate":"2015-02-06T18:41:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sqs:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:07+00:00" }, "AmazonSQSReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:08+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListDeadLetterSourceQueues", "sqs:ListQueues", "sqs:ListMessageMoveTasks", "sqs:ListQueueTags" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSQSReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-24T18:16:44+00:00" }, "AmazonSSMAutomationApproverAccess":{ "CreateDate":"2017-08-07T23:07:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:DescribeAutomationExecutions", "ssm:GetAutomationExecution", "ssm:SendAutomationSignal" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-08-07T23:07:28+00:00" }, "AmazonSSMAutomationRole":{ "CreateDate":"2016-12-05T22:09:55+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:Automation*" ] }, { "Action":[ "ec2:CreateImage", "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeImages", "ec2:DeleteSnapshot", "ec2:StartInstances", "ec2:RunInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:DescribeInstanceStatus", "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags", "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:UpdateStack", "cloudformation:DeleteStack" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ssm:*" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:Automation*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-07-24T23:29:12+00:00" }, "AmazonSSMDirectoryServiceAccess":{ "CreateDate":"2019-03-15T17:44:38+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ds:CreateComputer", "ds:DescribeDirectories" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-03-15T17:44:38+00:00" }, "AmazonSSMFullAccess":{ "CreateDate":"2015-05-29T17:39:47+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData", "ds:CreateComputer", "ds:DescribeDirectories", "ec2:DescribeInstanceStatus", "logs:*", "ssm:*", "ec2messages:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*" }, { "Action":[ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-20T20:08:56+00:00" }, "AmazonSSMMaintenanceWindowRole":{ "CreateDate":"2016-12-01T15:57:54+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ssm:GetAutomationExecution", "ssm:GetParameters", "ssm:ListCommands", "ssm:SendCommand", "ssm:StartAutomationExecution" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:SSM*", "arn:aws:lambda:*:*:function:*:SSM*" ] }, { "Action":[ "states:DescribeExecution", "states:StartExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:states:*:*:stateMachine:SSM*", "arn:aws:states:*:*:execution:SSM*" ] }, { "Action":[ "resource-groups:ListGroups", "resource-groups:ListGroupResources" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-07-27T00:16:05+00:00" }, "AmazonSSMManagedEC2InstanceDefaultPolicy":{ "CreateDate":"2022-08-30T20:54:27+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ssm:DescribeAssociation", "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetDocument", "ssm:DescribeDocument", "ssm:GetManifest", "ssm:ListAssociations", "ssm:ListInstanceAssociations", "ssm:PutInventory", "ssm:PutComplianceItems", "ssm:PutConfigurePackageResult", "ssm:UpdateAssociationStatus", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateInstanceInformation" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSSMAgentPermissions" }, { "Action":[ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSSMChannelMessaging" }, { "Action":[ "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSSMLegacyMessaging" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-16T18:14:07+00:00" }, "AmazonSSMManagedInstanceCore":{ "CreateDate":"2019-03-15T17:22:12+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ssm:DescribeAssociation", "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetDocument", "ssm:DescribeDocument", "ssm:GetManifest", "ssm:GetParameter", "ssm:GetParameters", "ssm:ListAssociations", "ssm:ListInstanceAssociations", "ssm:PutInventory", "ssm:PutComplianceItems", "ssm:PutConfigurePackageResult", "ssm:UpdateAssociationStatus", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateInstanceInformation" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-05-23T16:54:21+00:00" }, "AmazonSSMPatchAssociation":{ "CreateDate":"2020-05-13T16:00:42+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"ssm:DescribeEffectivePatchesForPatchBaseline", "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:patchbaseline/*" }, { "Action":"ssm:GetPatchBaseline", "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:patchbaseline/*" }, { "Action":"tag:GetResources", "Effect":"Allow", "Resource":"*" }, { "Action":"ssm:DescribePatchBaselines", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-13T16:00:42+00:00" }, "AmazonSSMReadOnlyAccess":{ "CreateDate":"2015-05-29T17:44:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:Describe*", "ssm:Get*", "ssm:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-05-29T17:44:19+00:00" }, "AmazonSSMServiceRolePolicy":{ "CreateDate":"2017-11-13T19:20:08+00:00", "DefaultVersionId":"v15", "Document":{ "Statement":[ { "Action":[ "ssm:CancelCommand", "ssm:GetCommandInvocation", "ssm:ListCommandInvocations", "ssm:ListCommands", "ssm:SendCommand", "ssm:GetAutomationExecution", "ssm:GetParameters", "ssm:StartAutomationExecution", "ssm:StopAutomationExecution", "ssm:ListTagsForResource", "ssm:GetCalendarState" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*" ] }, { "Action":[ "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:SSM*", "arn:aws:lambda:*:*:function:*:SSM*" ] }, { "Action":[ "states:DescribeExecution", "states:StartExecution" ], "Effect":"Allow", "Resource":[ "arn:aws:states:*:*:stateMachine:SSM*", "arn:aws:states:*:*:execution:SSM*" ] }, { "Action":[ "resource-groups:ListGroups", "resource-groups:ListGroupResources", "resource-groups:GetGroupQuery" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStackResources" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "config:SelectResourceConfig" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "compute-optimizer:GetEC2InstanceRecommendations", "compute-optimizer:GetEnrollmentStatus" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "support:DescribeTrustedAdvisorChecks", "support:DescribeTrustedAdvisorCheckSummaries", "support:DescribeTrustedAdvisorCheckResult", "support:DescribeCases" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "config:DescribeComplianceByConfigRule", "config:DescribeComplianceByResource", "config:DescribeRemediationConfigurations", "config:DescribeConfigurationRecorders" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"cloudwatch:DescribeAlarms", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ssm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"organizations:DescribeOrganization", "Effect":"Allow", "Resource":"*" }, { "Action":"cloudformation:ListStackSets", "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudformation:ListStackInstances", "cloudformation:DescribeStackSetOperation", "cloudformation:DeleteStackSet" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*" }, { "Action":"cloudformation:DeleteStackInstances", "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*", "arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-SSM*:*", "arn:aws:cloudformation:*:*:type/resource/*" ] }, { "Action":[ "events:PutRule", "events:PutTargets" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "events:RemoveTargets", "events:DeleteRule" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/SSMExplorerManagedRule" ] }, { "Action":"events:DescribeRule", "Effect":"Allow", "Resource":"*" }, { "Action":"securityhub:DescribeHub", "Effect":"Allow", "Resource":"*" }, { "Action":"resource-explorer-2:CreateManagedView", "Effect":"Allow", "Resource":"arn:aws:resource-explorer-2:*:*:managed-view/AWSManagedViewForSSM*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T14:08:27+00:00" }, "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy":{ "CreateDate":"2020-11-27T18:48:07+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "apigateway:GET", "apigateway:POST", "apigateway:PUT", "apigateway:PATCH", "apigateway:DELETE" ], "Condition":{ "StringLike":{ "aws:ResourceTag/sagemaker:launch-source":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerServiceCatalogAPIGatewayPermission" }, { "Action":[ "apigateway:POST" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "sagemaker:launch-source" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerServiceCatalogAPIGatewayPostPermission" }, { "Action":[ "apigateway:PATCH" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/account" ], "Sid":"AmazonSageMakerServiceCatalogAPIGatewayPatchPermission" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:UpdateStack", "cloudformation:DeleteStack" ], "Condition":{ "ArnLikeIfExists":{ "cloudformation:RoleArn":[ "arn:aws:sts::*:assumed-role/AmazonSageMakerServiceCatalog*" ] } }, "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/SC-*", "Sid":"AmazonSageMakerServiceCatalogCFnMutatePermission" }, { "Action":[ "cloudformation:TagResource", "cloudformation:UntagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/sagemaker:project-name":"false" } }, "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/SC-*", "Sid":"AmazonSageMakerServiceCatalogCFnTagPermission" }, { "Action":[ "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/SC-*", "Sid":"AmazonSageMakerServiceCatalogCFnReadPermission" }, { "Action":[ "cloudformation:GetTemplateSummary", "cloudformation:ValidateTemplate" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerServiceCatalogCFnTemplatePermission" }, { "Action":[ "codebuild:CreateProject", "codebuild:DeleteProject", "codebuild:UpdateProject" ], "Effect":"Allow", "Resource":[ "arn:aws:codebuild:*:*:project/sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogCodeBuildPermission" }, { "Action":[ "codecommit:CreateCommit", "codecommit:CreateRepository", "codecommit:DeleteRepository", "codecommit:GetRepository", "codecommit:TagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:codecommit:*:*:sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogCodeCommitPermission" }, { "Action":[ "codecommit:ListRepositories" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerServiceCatalogCodeCommitListPermission" }, { "Action":[ "codepipeline:CreatePipeline", "codepipeline:DeletePipeline", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:StartPipelineExecution", "codepipeline:TagResource", "codepipeline:UpdatePipeline" ], "Effect":"Allow", "Resource":[ "arn:aws:codepipeline:*:*:sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogCodePipelinePermission" }, { "Action":[ "cognito-idp:CreateUserPool", "cognito-idp:TagResource" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:TagKeys":[ "sagemaker:launch-source" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerServiceCatalogCIAMUserPermission" }, { "Action":[ "cognito-idp:CreateGroup", "cognito-idp:CreateUserPoolDomain", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteGroup", "cognito-idp:DeleteUserPool", "cognito-idp:DeleteUserPoolClient", "cognito-idp:DeleteUserPoolDomain", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:UpdateUserPool", "cognito-idp:UpdateUserPoolClient" ], "Condition":{ "StringLike":{ "aws:ResourceTag/sagemaker:launch-source":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerServiceCatalogCIAMPermission" }, { "Action":[ "ecr:CreateRepository", "ecr:DeleteRepository", "ecr:TagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:ecr:*:*:repository/sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogECRPermission" }, { "Action":[ "events:DescribeRule", "events:DeleteRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogEventBridgePermission" }, { "Action":[ "firehose:CreateDeliveryStream", "firehose:DeleteDeliveryStream", "firehose:DescribeDeliveryStream", "firehose:StartDeliveryStreamEncryption", "firehose:StopDeliveryStreamEncryption", "firehose:UpdateDestination" ], "Effect":"Allow", "Resource":"arn:aws:firehose:*:*:deliverystream/sagemaker-*", "Sid":"AmazonSageMakerServiceCatalogFirehosePermission" }, { "Action":[ "glue:CreateDatabase", "glue:DeleteDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/sagemaker-*", "arn:aws:glue:*:*:table/sagemaker-*", "arn:aws:glue:*:*:userDefinedFunction/sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogGluePermission" }, { "Action":[ "glue:CreateClassifier", "glue:DeleteClassifier", "glue:DeleteCrawler", "glue:DeleteJob", "glue:DeleteTrigger", "glue:DeleteWorkflow", "glue:StopCrawler" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmazonSageMakerServiceCatalogGlueClassiferPermission" }, { "Action":[ "glue:CreateWorkflow" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:workflow/sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogGlueWorkflowPermission" }, { "Action":[ "glue:CreateJob" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:job/sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogGlueJobPermission" }, { "Action":[ "glue:CreateCrawler", "glue:GetCrawler" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:crawler/sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogGlueCrawlerPermission" }, { "Action":[ "glue:CreateTrigger", "glue:GetTrigger" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:trigger/sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogGlueTriggerPermission" }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalog*" ], "Sid":"AmazonSageMakerServiceCatalogPassRolePermission" }, { "Action":[ "lambda:AddPermission", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:InvokeFunction", "lambda:RemovePermission" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogLambdaPermission" }, { "Action":"lambda:TagResource", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "sagemaker:*" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogLambdaTagPermission" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DeleteLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/apigateway/AccessLogs/*", "arn:aws:logs:*:*:log-group::log-stream:*" ], "Sid":"AmazonSageMakerServiceCatalogLogGroupPermission" }, { "Action":"s3:GetObject", "Condition":{ "StringEquals":{ "s3:ExistingObjectTag/servicecatalog:provisioning":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerServiceCatalogS3ReadPermission" }, { "Action":"s3:GetObject", "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogS3ReadSagemakerResourcePermission" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:GetBucketPolicy", "s3:PutBucketAcl", "s3:PutBucketNotification", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketLogging", "s3:PutEncryptionConfiguration", "s3:PutBucketCORS", "s3:PutBucketTagging", "s3:PutObjectTagging" ], "Effect":"Allow", "Resource":"arn:aws:s3:::sagemaker-*", "Sid":"AmazonSageMakerServiceCatalogS3MutatePermission" }, { "Action":[ "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateModel", "sagemaker:CreateWorkteam", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteModel", "sagemaker:DeleteWorkteam", "sagemaker:DescribeModel", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeEndpoint", "sagemaker:DescribeWorkteam", "sagemaker:CreateCodeRepository", "sagemaker:DescribeCodeRepository", "sagemaker:UpdateCodeRepository", "sagemaker:DeleteCodeRepository" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:*" ], "Sid":"AmazonSageMakerServiceCatalogSageMakerPermission" }, { "Action":[ "sagemaker:AddTags" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "sagemaker:*" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*", "arn:aws:sagemaker:*:*:pipeline/*", "arn:aws:sagemaker:*:*:project/*", "arn:aws:sagemaker:*:*:model-package/*" ], "Sid":"AmazonSageMakerServiceCatalogSageMakerTagPermission" }, { "Action":[ "sagemaker:CreateImage", "sagemaker:DeleteImage", "sagemaker:DescribeImage", "sagemaker:UpdateImage", "sagemaker:ListTags" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:image/*" ], "Sid":"AmazonSageMakerServiceCatalogSageMakerImagePermission" }, { "Action":[ "states:CreateStateMachine", "states:DeleteStateMachine", "states:UpdateStateMachine" ], "Effect":"Allow", "Resource":[ "arn:aws:states:*:*:stateMachine:sagemaker-*" ], "Sid":"AmazonSageMakerServiceCatalogStepFunctionPermission" }, { "Action":"codestar-connections:PassConnection", "Condition":{ "StringEquals":{ "codestar-connections:PassedToService":"codepipeline.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:codestar-connections:*:*:connection/*", "Sid":"AmazonSageMakerServiceCatalogCodeStarPermission" }, { "Action":"codeconnections:PassConnection", "Condition":{ "StringEquals":{ "codeconnections:PassedToService":"codepipeline.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:codeconnections:*:*:connection/*", "Sid":"AmazonSageMakerServiceCatalogCodeConnectionPermission" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-01T07:33:43+00:00" }, "AmazonSageMakerCanvasAIServicesAccess":{ "CreateDate":"2023-03-23T22:36:43+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "textract:AnalyzeDocument", "textract:AnalyzeExpense", "textract:AnalyzeID", "textract:StartDocumentAnalysis", "textract:StartExpenseAnalysis", "textract:GetDocumentAnalysis", "textract:GetExpenseAnalysis" ], "Effect":"Allow", "Resource":"*", "Sid":"Textract" }, { "Action":[ "rekognition:DetectLabels", "rekognition:DetectText" ], "Effect":"Allow", "Resource":"*", "Sid":"Rekognition" }, { "Action":[ "comprehend:BatchDetectDominantLanguage", "comprehend:BatchDetectEntities", "comprehend:BatchDetectSentiment", "comprehend:DetectPiiEntities", "comprehend:DetectEntities", "comprehend:DetectSentiment", "comprehend:DetectDominantLanguage" ], "Effect":"Allow", "Resource":"*", "Sid":"Comprehend" }, { "Action":[ "bedrock:InvokeModel", "bedrock:ListFoundationModels", "bedrock:InvokeModelWithResponseStream" ], "Effect":"Allow", "Resource":"*", "Sid":"Bedrock" }, { "Action":[ "bedrock:CreateModelCustomizationJob", "bedrock:CreateProvisionedModelThroughput", "bedrock:TagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "SageMaker", "Canvas" ] }, "StringEquals":{ "aws:RequestTag/Canvas":"true", "aws:RequestTag/SageMaker":"true", "aws:ResourceTag/Canvas":"true", "aws:ResourceTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:model-customization-job/*", "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*:*:provisioned-model/*" ], "Sid":"CreateBedrockResourcesPermission" }, { "Action":[ "bedrock:GetModelCustomizationJob", "bedrock:GetCustomModel", "bedrock:GetProvisionedModelThroughput", "bedrock:StopModelCustomizationJob", "bedrock:DeleteProvisionedModelThroughput" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/Canvas":"true", "aws:ResourceTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:model-customization-job/*", "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*:*:provisioned-model/*" ], "Sid":"GetStopAndDeleteBedrockResourcesPermission" }, { "Action":[ "bedrock:CreateModelCustomizationJob" ], "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*" ], "Sid":"FoundationModelPermission" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"bedrock.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*" ], "Sid":"BedrockFineTuningPassRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-29T14:47:09+00:00" }, "AmazonSageMakerCanvasBedrockAccess":{ "CreateDate":"2024-02-02T18:37:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-*/Canvas", "arn:aws:s3:::sagemaker-*/Canvas/*" ], "Sid":"S3CanvasAccess" }, { "Action":[ "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-*" ], "Sid":"S3BucketAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-02T18:37:25+00:00" }, "AmazonSageMakerCanvasDataPrepFullAccess":{ "CreateDate":"2023-10-27T22:56:13+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":"sagemaker:ListFeatureGroups", "Effect":"Allow", "Resource":"*", "Sid":"SageMakerListFeatureGroupOperation" }, { "Action":[ "sagemaker:CreateFeatureGroup", "sagemaker:DescribeFeatureGroup" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:feature-group/*", "Sid":"SageMakerFeatureGroupOperations" }, { "Action":[ "sagemaker:CreateProcessingJob", "sagemaker:DescribeProcessingJob", "sagemaker:AddTags" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:processing-job/*canvas-data-prep*", "Sid":"SageMakerProcessingJobOperations" }, { "Action":"sagemaker:ListProcessingJobs", "Effect":"Allow", "Resource":"*", "Sid":"SageMakerProcessingJobListOperation" }, { "Action":[ "sagemaker:DescribePipeline", "sagemaker:CreatePipeline", "sagemaker:UpdatePipeline", "sagemaker:DeletePipeline", "sagemaker:StartPipelineExecution", "sagemaker:ListPipelineExecutionSteps", "sagemaker:DescribePipelineExecution" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:pipeline/*canvas-data-prep*", "Sid":"SageMakerPipelineOperations" }, { "Action":"kms:ListAliases", "Effect":"Allow", "Resource":"*", "Sid":"KMSListOperations" }, { "Action":"kms:DescribeKey", "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"KMSOperations" }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetBucketCors", "s3:GetBucketLocation", "s3:AbortMultipartUpload" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ], "Sid":"S3Operations" }, { "Action":"s3:GetObject", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"S3GetObjectOperation" }, { "Action":[ "s3:ListBucket", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3ListOperations" }, { "Action":"iam:ListRoles", "Effect":"Allow", "Resource":"*", "Sid":"IAMListOperations" }, { "Action":"iam:GetRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMGetOperations" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "sagemaker.amazonaws.com", "events.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassOperation" }, { "Action":[ "events:PutRule" ], "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-data-prep-job":"true" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*", "Sid":"EventBridgePutOperation" }, { "Action":[ "events:DescribeRule", "events:PutTargets" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/sagemaker:is-canvas-data-prep-job":"true" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*", "Sid":"EventBridgeOperations" }, { "Action":[ "events:TagResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-data-prep-job":"true", "aws:ResourceTag/sagemaker:is-canvas-data-prep-job":"true" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/*", "Sid":"EventBridgeTagBasedOperations" }, { "Action":"events:ListTagsForResource", "Effect":"Allow", "Resource":"*", "Sid":"EventBridgeListTagOperation" }, { "Action":[ "glue:GetDatabases", "glue:GetTable", "glue:GetTables", "glue:SearchTables" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ], "Sid":"GlueOperations" }, { "Action":[ "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListInstanceGroups" ], "Effect":"Allow", "Resource":"arn:aws:elasticmapreduce:*:*:cluster/*", "Sid":"EMROperations" }, { "Action":"elasticmapreduce:ListClusters", "Effect":"Allow", "Resource":"*", "Sid":"EMRListOperation" }, { "Action":"athena:ListDataCatalogs", "Effect":"Allow", "Resource":"*", "Sid":"AthenaListDataCatalogOperation" }, { "Action":[ "athena:GetQueryExecution", "athena:GetQueryResults", "athena:StartQueryExecution", "athena:StopQueryExecution" ], "Effect":"Allow", "Resource":"arn:aws:athena:*:*:workgroup/*", "Sid":"AthenaQueryExecutionOperations" }, { "Action":[ "athena:ListDatabases", "athena:ListTableMetadata" ], "Effect":"Allow", "Resource":"arn:aws:athena:*:*:datacatalog/*", "Sid":"AthenaDataCatalogOperations" }, { "Action":[ "redshift-data:DescribeStatement", "redshift-data:CancelStatement", "redshift-data:GetStatementResult" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftOperations" }, { "Action":[ "redshift-data:ExecuteStatement", "redshift-data:ListSchemas", "redshift-data:ListTables" ], "Effect":"Allow", "Resource":"arn:aws:redshift:*:*:cluster:*", "Sid":"RedshiftArnBasedOperations" }, { "Action":"redshift:GetClusterCredentials", "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", "arn:aws:redshift:*:*:dbname:*" ], "Sid":"RedshiftGetCredentialsOperation" }, { "Action":"secretsmanager:CreateSecret", "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*", "Sid":"SecretsManagerARNBasedOperation" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*", "Sid":"SecretManagerTagBasedOperation" }, { "Action":"rds:DescribeDBInstances", "Effect":"Allow", "Resource":"*", "Sid":"RDSOperation" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/sagemaker/studio:*", "Sid":"LoggingOperation" }, { "Action":"emr-serverless:CreateApplication", "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-resource":"True", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/*", "Sid":"EMRServerlessCreateApplicationOperation" }, { "Action":"emr-serverless:ListApplications", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/*", "Sid":"EMRServerlessListApplicationOperation" }, { "Action":[ "emr-serverless:UpdateApplication", "emr-serverless:GetApplication" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/sagemaker:is-canvas-resource":"True" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/applications/*", "Sid":"EMRServerlessApplicationOperations" }, { "Action":"emr-serverless:StartJobRun", "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-resource":"True", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/applications/*", "Sid":"EMRServerlessStartJobRunOperation" }, { "Action":"emr-serverless:ListJobRuns", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/sagemaker:is-canvas-resource":"True" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/applications/*", "Sid":"EMRServerlessListJobRunOperation" }, { "Action":[ "emr-serverless:GetJobRun", "emr-serverless:CancelJobRun" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/sagemaker:is-canvas-resource":"True" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/applications/*/jobruns/*", "Sid":"EMRServerlessJobRunOperations" }, { "Action":"emr-serverless:TagResource", "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-resource":"True", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/*", "Sid":"EMRServerlessTagResourceOperation" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":"emr-serverless.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSageMakerCanvasEMRSExecutionAccess-*", "arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*" ], "Sid":"IAMPassOperationForEMRServerless" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-16T18:11:13+00:00" }, "AmazonSageMakerCanvasDirectDeployAccess":{ "CreateDate":"2023-10-06T18:11:53+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:DeleteEndpoint", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:InvokeEndpoint", "sagemaker:UpdateEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:Canvas*", "arn:aws:sagemaker:*:*:canvas*" ], "Sid":"SageMakerEndpointPerms" }, { "Action":"cloudwatch:GetMetricData", "Effect":"Allow", "Resource":"*", "Sid":"ReadCWInvocationMetrics" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-06T18:11:53+00:00" }, "AmazonSageMakerCanvasEMRServerlessExecutionRolePolicy":{ "CreateDate":"2024-07-27T00:35:42+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetBucketCors", "s3:GetBucketLocation", "s3:AbortMultipartUpload" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*sagemaker*" ], "Sid":"S3Operations" }, { "Action":"s3:GetObject", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"S3GetObjectOperation" }, { "Action":[ "s3:ListBucket", "s3:ListAllMyBuckets" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"S3ListOperations" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-27T00:35:42+00:00" }, "AmazonSageMakerCanvasForecastAccess":{ "CreateDate":"2022-08-24T20:04:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-*/Canvas*", "arn:aws:s3:::sagemaker-*/canvas*" ] }, { "Action":[ "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-24T20:04:20+00:00" }, "AmazonSageMakerCanvasFullAccess":{ "CreateDate":"2022-09-09T00:44:25+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "sagemaker:DescribeDomain", "sagemaker:DescribeUserProfile", "sagemaker:ListTags", "sagemaker:ListModelPackages", "sagemaker:ListModelPackageGroups", "sagemaker:ListEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"SageMakerUserDetailsAndPackageOperations" }, { "Action":[ "sagemaker:CreateModelPackageGroup", "sagemaker:CreateModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeModelPackage" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:model-package/*", "arn:aws:sagemaker:*:*:model-package-group/*" ], "Sid":"SageMakerPackageGroupOperations" }, { "Action":[ "sagemaker:CreateCompilationJob", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateModel", "sagemaker:CreateProcessingJob", "sagemaker:CreateAutoMLJob", "sagemaker:CreateAutoMLJobV2", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:DeleteEndpoint", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeAutoMLJobV2", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:StopAutoMLJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:AddTags", "sagemaker:DeleteApp" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:*Canvas*", "arn:aws:sagemaker:*:*:*canvas*", "arn:aws:sagemaker:*:*:*model-compilation-*" ], "Sid":"SageMakerTrainingOperations" }, { "Action":[ "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteModel", "sagemaker:InvokeEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:InvokeEndpointAsync" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:*Canvas*", "arn:aws:sagemaker:*:*:*canvas*" ], "Sid":"SageMakerHostingOperations" }, { "Action":[ "ec2:CreateVpcEndpoint", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2VPCOperation" }, { "Action":[ "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", "ecr:GetAuthorizationToken" ], "Effect":"Allow", "Resource":"*", "Sid":"ECROperations" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMGetOperations" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"sagemaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassOperation" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/sagemaker/*", "Sid":"LoggingOperation" }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:CreateBucket", "s3:GetBucketCors", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ], "Sid":"S3Operations" }, { "Action":"s3:GetObject", "Effect":"Allow", "Resource":[ "arn:aws:s3:::jumpstart-cache-prod-us-west-2/*", "arn:aws:s3:::jumpstart-cache-prod-us-east-1/*", "arn:aws:s3:::jumpstart-cache-prod-us-east-2/*", "arn:aws:s3:::jumpstart-cache-prod-eu-west-1/*", "arn:aws:s3:::jumpstart-cache-prod-eu-central-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-south-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-2/*", "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-1/*", "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-2/*" ], "Sid":"ReadSageMakerJumpstartArtifacts" }, { "Action":[ "s3:ListBucket", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3ListOperations" }, { "Action":"glue:SearchTables", "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/*/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:catalog" ], "Sid":"GlueOperations" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:CreateSecret", "secretsmanager:PutResourcePolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" ], "Sid":"SecretsManagerARNBasedOperation" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "secretsmanager:ResourceTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"SecretManagerTagBasedOperation" }, { "Action":[ "redshift-data:ExecuteStatement", "redshift-data:DescribeStatement", "redshift-data:CancelStatement", "redshift-data:GetStatementResult", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-data:DescribeTable" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftOperations" }, { "Action":[ "redshift:GetClusterCredentials" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", "arn:aws:redshift:*:*:dbname:*" ], "Sid":"RedshiftGetCredentialsOperation" }, { "Action":[ "forecast:CreateExplainabilityExport", "forecast:CreateExplainability", "forecast:CreateForecastEndpoint", "forecast:CreateAutoPredictor", "forecast:CreateDatasetImportJob", "forecast:CreateDatasetGroup", "forecast:CreateDataset", "forecast:CreateForecast", "forecast:CreateForecastExportJob", "forecast:CreatePredictorBacktestExportJob", "forecast:CreatePredictor", "forecast:DescribeExplainabilityExport", "forecast:DescribeExplainability", "forecast:DescribeAutoPredictor", "forecast:DescribeForecastEndpoint", "forecast:DescribeDatasetImportJob", "forecast:DescribeDataset", "forecast:DescribeForecast", "forecast:DescribeForecastExportJob", "forecast:DescribePredictorBacktestExportJob", "forecast:GetAccuracyMetrics", "forecast:InvokeForecastEndpoint", "forecast:GetRecentForecastContext", "forecast:DescribePredictor", "forecast:TagResource", "forecast:DeleteResourceTree" ], "Effect":"Allow", "Resource":[ "arn:aws:forecast:*:*:*Canvas*" ], "Sid":"ForecastOperations" }, { "Action":"rds:DescribeDBInstances", "Effect":"Allow", "Resource":"*", "Sid":"RDSOperation" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"forecast.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassOperationForForecast" }, { "Action":[ "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget" ], "Condition":{ "StringEquals":{ "application-autoscaling:scalable-dimension":"sagemaker:variant:DesiredInstanceCount", "application-autoscaling:service-namespace":"sagemaker" } }, "Effect":"Allow", "Resource":"arn:aws:application-autoscaling:*:*:scalable-target/*", "Sid":"AutoscalingOperations" }, { "Action":[ "cloudwatch:DescribeAlarms", "sagemaker:DescribeEndpointConfig" ], "Effect":"Allow", "Resource":"*", "Sid":"AsyncEndpointOperations" }, { "Action":[ "application-autoscaling:DescribeScalingActivities" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DescribeScalingOperations" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" ], "Sid":"SageMakerCloudWatchUpdate" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"sagemaker.application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", "Sid":"AutoscalingSageMakerEndpointOperation" }, { "Action":[ "athena:ListTableMetadata", "athena:ListDataCatalogs", "athena:ListDatabases" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AthenaOperation" }, { "Action":[ "glue:GetDatabases", "glue:GetPartitions", "glue:GetTables" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ], "Sid":"GlueOperation" }, { "Action":[ "quicksight:ListNamespaces" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"QuicksightOperation" }, { "Action":[ "kms:DescribeKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/Source":"SageMakerCanvas" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowUseOfKeyInAccount" }, { "Action":"emr-serverless:CreateApplication", "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-resource":"True", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/*", "Sid":"EMRServerlessCreateApplicationOperation" }, { "Action":"emr-serverless:ListApplications", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/*", "Sid":"EMRServerlessListApplicationOperation" }, { "Action":[ "emr-serverless:UpdateApplication", "emr-serverless:StopApplication", "emr-serverless:GetApplication", "emr-serverless:StartApplication" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/sagemaker:is-canvas-resource":"True" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/applications/*", "Sid":"EMRServerlessApplicationOperations" }, { "Action":"emr-serverless:StartJobRun", "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-resource":"True", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/applications/*", "Sid":"EMRServerlessStartJobRunOperation" }, { "Action":"emr-serverless:ListJobRuns", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/sagemaker:is-canvas-resource":"True" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/applications/*", "Sid":"EMRServerlessListJobRunOperation" }, { "Action":[ "emr-serverless:GetJobRun", "emr-serverless:CancelJobRun" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/sagemaker:is-canvas-resource":"True" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/applications/*/jobruns/*", "Sid":"EMRServerlessJobRunOperations" }, { "Action":"emr-serverless:TagResource", "Condition":{ "StringEquals":{ "aws:RequestTag/sagemaker:is-canvas-resource":"True", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/*", "Sid":"EMRServerlessTagResourceOperation" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":"emr-serverless.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSageMakerCanvasEMRSExecutionAccess-*", "arn:aws:iam::*:role/AmazonSageMakerCanvasEMRSExecutionAccess-*" ], "Sid":"IAMPassOperationForEMRServerless" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-16T04:35:23+00:00" }, "AmazonSageMakerCanvasSMDataScienceAssistantAccess":{ "CreateDate":"2024-12-04T14:06:07+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "sagemaker-data-science-assistant:SendConversation" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerDataScienceAssistantAccess" }, { "Action":[ "q:SendMessage", "q:StartConversation" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonQDeveloperAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-13T22:52:07+00:00" }, "AmazonSageMakerClusterInstanceRolePolicy":{ "CreateDate":"2023-11-29T15:11:26+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:PutLogEvents", "logs:CreateLogStream", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*:log-stream:*" ], "Sid":"CloudwatchLogStreamPublishPermissions" }, { "Action":[ "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*" ], "Sid":"CloudwatchLogGroupCreationPermissions" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"/aws/sagemaker/Clusters" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"CloudwatchPutMetricDataAccess" }, { "Action":[ "s3:ListBucket", "s3:GetObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-*" ], "Sid":"DataRetrievalFromS3BucketPermissions" }, { "Action":[ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMConnectivityPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-29T15:11:26+00:00" }, "AmazonSageMakerCoreServiceRolePolicy":{ "CreateDate":"2020-12-21T21:40:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateNetworkInterfacePermission" ], "Condition":{ "StringEquals":{ "ec2:AuthorizedService":"sagemaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-21T21:40:47+00:00" }, "AmazonSageMakerEdgeDeviceFleetPolicy":{ "CreateDate":"2020-12-08T16:17:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:PutObject", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ], "Sid":"DeviceS3Access" }, { "Action":[ "sagemaker:SendHeartbeat", "sagemaker:GetDeviceRegistration" ], "Effect":"Allow", "Resource":"*", "Sid":"SageMakerEdgeApis" }, { "Action":[ "iot:CreateRoleAlias", "iot:DescribeRoleAlias", "iot:UpdateRoleAlias", "iot:ListTagsForResource", "iot:TagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:iot:*:*:rolealias/SageMakerEdge*" ], "Sid":"CreateIoTRoleAlias" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*SageMaker*", "arn:aws:iam::*:role/*Sagemaker*", "arn:aws:iam::*:role/*sagemaker*" ], "Sid":"CreateIoTRoleAliasIamPermissionsGetRole" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEqualsIfExists":{ "iam:PassedToService":[ "iot.amazonaws.com", "credentials.iot.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*SageMaker*", "arn:aws:iam::*:role/*Sagemaker*", "arn:aws:iam::*:role/*sagemaker*" ], "Sid":"CreateIoTRoleAliasIamPermissionsPassRole" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-08T16:17:22+00:00" }, "AmazonSageMakerFeatureStoreAccess":{ "CreateDate":"2020-12-01T16:24:05+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "s3:PutObject", "s3:GetBucketAcl", "s3:PutObjectAcl" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*/metadata/*", "arn:aws:s3:::*Sagemaker*/metadata/*", "arn:aws:s3:::*sagemaker*/metadata/*" ] }, { "Action":[ "glue:GetTable", "glue:UpdateTable" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/sagemaker_featurestore", "arn:aws:glue:*:*:table/sagemaker_featurestore/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-05T14:19:58+00:00" }, "AmazonSageMakerFullAccess":{ "CreateDate":"2017-11-29T13:07:59+00:00", "DefaultVersionId":"v27", "Document":{ "Statement":[ { "Action":[ "sagemaker:*", "sagemaker-geospatial:*" ], "Effect":"Allow", "NotResource":[ "arn:aws:sagemaker:*:*:domain/*", "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:app/*", "arn:aws:sagemaker:*:*:space/*", "arn:aws:sagemaker:*:*:partner-app/*", "arn:aws:sagemaker:*:*:flow-definition/*", "arn:aws:sagemaker:*:*:training-plan/*", "arn:aws:sagemaker:*:*:reserved-capacity/*" ], "Sid":"AllowAllNonAdminSageMakerActions" }, { "Action":[ "sagemaker:AddTags" ], "Condition":{ "StringEquals":{ "sagemaker:TaggingAction":"CreateSpace" } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:space/*" ], "Sid":"AllowAddTagsForSpace" }, { "Action":[ "sagemaker:AddTags" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:app/*" ], "Sid":"AllowAddTagsForApp" }, { "Action":[ "sagemaker:CreateTrainingJob", "sagemaker:CreateCluster", "sagemaker:UpdateCluster", "sagemaker:DescribeTrainingPlan" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:training-plan/*", "arn:aws:sagemaker:*:*:reserved-capacity/*" ], "Sid":"AllowUseOfTrainingPlanResources" }, { "Action":[ "sagemaker:CreatePresignedDomainUrl", "sagemaker:DescribeDomain", "sagemaker:ListDomains", "sagemaker:DescribeUserProfile", "sagemaker:ListUserProfiles", "sagemaker:DescribeSpace", "sagemaker:ListSpaces", "sagemaker:DescribeApp", "sagemaker:ListApps" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowStudioActions" }, { "Action":[ "sagemaker:CreateApp", "sagemaker:DeleteApp" ], "Condition":{ "Null":{ "sagemaker:OwnerUserProfileArn":"true" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:app/*/*/*/*", "Sid":"AllowAppActionsForUserProfile" }, { "Action":[ "sagemaker:CreateApp", "sagemaker:DeleteApp" ], "Condition":{ "StringEquals":{ "sagemaker:SpaceSharingType":[ "Shared" ] } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*", "Sid":"AllowAppActionsForSharedSpaces" }, { "Action":[ "sagemaker:CreateSpace", "sagemaker:UpdateSpace", "sagemaker:DeleteSpace" ], "Condition":{ "Null":{ "sagemaker:OwnerUserProfileArn":"true" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*", "Sid":"AllowMutatingActionsOnSharedSpacesWithoutOwner" }, { "Action":[ "sagemaker:CreateSpace", "sagemaker:UpdateSpace", "sagemaker:DeleteSpace" ], "Condition":{ "ArnLike":{ "sagemaker:OwnerUserProfileArn":"arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}" }, "StringEquals":{ "sagemaker:SpaceSharingType":[ "Private", "Shared" ] } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*", "Sid":"RestrictMutatingActionsOnSpacesToOwnerUserProfile" }, { "Action":[ "sagemaker:CreateApp", "sagemaker:DeleteApp" ], "Condition":{ "ArnLike":{ "sagemaker:OwnerUserProfileArn":"arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}" }, "StringEquals":{ "sagemaker:SpaceSharingType":[ "Private" ] } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*", "Sid":"RestrictMutatingActionsOnPrivateSpaceAppsToOwnerUserProfile" }, { "Action":"sagemaker:*", "Condition":{ "StringEqualsIfExists":{ "sagemaker:WorkteamType":[ "private-crowd", "vendor-crowd" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:flow-definition/*" ], "Sid":"AllowFlowDefinitionActions" }, { "Action":[ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScalingPolicy", "application-autoscaling:PutScheduledAction", "application-autoscaling:RegisterScalableTarget", "aws-marketplace:ViewSubscriptions", "cloudformation:GetTemplateSummary", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "cloudwatch:PutMetricData", "codecommit:BatchGetRepositories", "codecommit:CreateRepository", "codecommit:GetRepository", "codecommit:List*", "cognito-idp:AdminAddUserToGroup", "cognito-idp:AdminCreateUser", "cognito-idp:AdminDeleteUser", "cognito-idp:AdminDisableUser", "cognito-idp:AdminEnableUser", "cognito-idp:AdminRemoveUserFromGroup", "cognito-idp:CreateGroup", "cognito-idp:CreateUserPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:CreateUserPoolDomain", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:List*", "cognito-idp:UpdateUserPool", "cognito-idp:UpdateUserPoolClient", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreateVpcEndpoint", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:CreateRepository", "ecr:Describe*", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer", "ecr:StartImageScan", "elastic-inference:Connect", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "fsx:DescribeFileSystems", "glue:CreateJob", "glue:DeleteJob", "glue:GetJob*", "glue:GetTable*", "glue:GetWorkflowRun", "glue:ResetJobBookmark", "glue:StartJobRun", "glue:StartWorkflowRun", "glue:UpdateJob", "groundtruthlabeling:*", "iam:ListRoles", "kms:DescribeKey", "kms:ListAliases", "lambda:ListFunctions", "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:Describe*", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery", "robomaker:CreateSimulationApplication", "robomaker:DescribeSimulationApplication", "robomaker:DeleteSimulationApplication", "robomaker:CreateSimulationJob", "robomaker:DescribeSimulationJob", "robomaker:CancelSimulationJob", "secretsmanager:ListSecrets", "servicecatalog:Describe*", "servicecatalog:List*", "servicecatalog:ScanProvisionedProducts", "servicecatalog:SearchProducts", "servicecatalog:SearchProvisionedProducts", "sns:ListTopics", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAWSServiceActions" }, { "Action":[ "ecr:SetRepositoryPolicy", "ecr:CompleteLayerUpload", "ecr:BatchDeleteImage", "ecr:UploadLayerPart", "ecr:DeleteRepositoryPolicy", "ecr:InitiateLayerUpload", "ecr:DeleteRepository", "ecr:PutImage" ], "Effect":"Allow", "Resource":[ "arn:aws:ecr:*:*:repository/*sagemaker*" ], "Sid":"AllowECRActions" }, { "Action":[ "codecommit:GitPull", "codecommit:GitPush" ], "Effect":"Allow", "Resource":[ "arn:aws:codecommit:*:*:*sagemaker*", "arn:aws:codecommit:*:*:*SageMaker*", "arn:aws:codecommit:*:*:*Sagemaker*" ], "Sid":"AllowCodeCommitActions" }, { "Action":[ "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Effect":"Allow", "Resource":[ "arn:aws:codebuild:*:*:project/sagemaker*", "arn:aws:codebuild:*:*:build/*" ], "Sid":"AllowCodeBuildActions" }, { "Action":[ "states:DescribeExecution", "states:GetExecutionHistory", "states:StartExecution", "states:StopExecution", "states:UpdateStateMachine" ], "Effect":"Allow", "Resource":[ "arn:aws:states:*:*:statemachine:*sagemaker*", "arn:aws:states:*:*:execution:*sagemaker*:*" ], "Sid":"AllowStepFunctionsActions" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:CreateSecret" ], "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" ], "Sid":"AllowSecretManagerActions" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "secretsmanager:ResourceTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlySecretManagerActions" }, { "Action":[ "servicecatalog:ProvisionProduct" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowServiceCatalogProvisionProduct" }, { "Action":[ "servicecatalog:TerminateProvisionedProduct", "servicecatalog:UpdateProvisionedProduct" ], "Condition":{ "StringEquals":{ "servicecatalog:userLevel":"self" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowServiceCatalogTerminateUpdateProvisionProduct" }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:AbortMultipartUpload" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*", "arn:aws:s3:::*aws-glue*" ], "Sid":"AllowS3ObjectActions" }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*" ], "Sid":"AllowS3GetObjectWithSageMakerExistingObjectTag" }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEquals":{ "s3:ExistingObjectTag/servicecatalog:provisioning":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*" ], "Sid":"AllowS3GetObjectWithServiceCatalogProvisioningExistingObjectTag" }, { "Action":[ "s3:CreateBucket", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketCors", "s3:PutBucketCors" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowS3BucketActions" }, { "Action":[ "s3:GetBucketAcl", "s3:PutObjectAcl" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ], "Sid":"AllowS3BucketACL" }, { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:*SageMaker*", "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*Sagemaker*", "arn:aws:lambda:*:*:function:*LabelingFunction*" ], "Sid":"AllowLambdaInvokeFunction" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"sagemaker.application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", "Sid":"AllowCreateServiceLinkedRoleForSageMakerApplicationAutoscaling" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"robomaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowCreateServiceLinkedRoleForRobomaker" }, { "Action":[ "sns:Subscribe", "sns:CreateTopic", "sns:Publish" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sagemaker*" ], "Sid":"AllowSNSActions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "glue.amazonaws.com", "robomaker.amazonaws.com", "states.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*AmazonSageMaker*", "Sid":"AllowPassRoleForSageMakerRoles" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"sagemaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"AllowPassRoleToSageMaker" }, { "Action":[ "athena:ListDataCatalogs", "athena:ListDatabases", "athena:ListTableMetadata", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:StartQueryExecution", "athena:StopQueryExecution" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowAthenaActions" }, { "Action":[ "glue:CreateTable" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", "arn:aws:glue:*:*:table/sagemaker_featurestore/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ], "Sid":"AllowGlueCreateTable" }, { "Action":[ "glue:UpdateTable" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/sagemaker_featurestore/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/sagemaker_featurestore" ], "Sid":"AllowGlueUpdateTable" }, { "Action":[ "glue:DeleteTable" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ], "Sid":"AllowGlueDeleteTable" }, { "Action":[ "glue:GetDatabases", "glue:GetTable", "glue:GetTables" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ], "Sid":"AllowGlueGetTablesAndDatabases" }, { "Action":[ "glue:CreateDatabase", "glue:GetDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/sagemaker_featurestore", "arn:aws:glue:*:*:database/sagemaker_processing", "arn:aws:glue:*:*:database/default", "arn:aws:glue:*:*:database/sagemaker_data_wrangler" ], "Sid":"AllowGlueGetAndCreateDatabase" }, { "Action":[ "redshift-data:ExecuteStatement", "redshift-data:DescribeStatement", "redshift-data:CancelStatement", "redshift-data:GetStatementResult", "redshift-data:ListSchemas", "redshift-data:ListTables" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowRedshiftDataActions" }, { "Action":[ "redshift:GetClusterCredentials" ], "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", "arn:aws:redshift:*:*:dbname:*" ], "Sid":"AllowRedshiftGetClusterCredentials" }, { "Action":[ "sagemaker:ListTags" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:user-profile/*" ], "Sid":"AllowListTagsForUserProfile" }, { "Action":[ "cloudformation:ListStackResources" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/SC-*", "Sid":"AllowCloudformationListStackResources" }, { "Action":[ "s3express:CreateSession" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3express:*:*:bucket/*SageMaker*", "arn:aws:s3express:*:*:bucket/*Sagemaker*", "arn:aws:s3express:*:*:bucket/*sagemaker*", "arn:aws:s3express:*:*:bucket/*aws-glue*" ], "Sid":"AllowS3ExpressObjectActions" }, { "Action":[ "s3express:CreateBucket" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3express:*:*:bucket/*SageMaker*", "arn:aws:s3express:*:*:bucket/*Sagemaker*", "arn:aws:s3express:*:*:bucket/*sagemaker*" ], "Sid":"AllowS3ExpressCreateBucketActions" }, { "Action":[ "s3express:ListAllMyDirectoryBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowS3ExpressListBucketActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-04T13:21:06+00:00" }, "AmazonSageMakerGeospatialExecutionRole":{ "CreateDate":"2022-11-30T10:08:36+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:AbortMultipartUpload", "s3:PutObject", "s3:GetObject", "s3:ListBucketMultipartUploads" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Action":"sagemaker-geospatial:GetEarthObservationJob", "Effect":"Allow", "Resource":"arn:aws:sagemaker-geospatial:*:*:earth-observation-job/*" }, { "Action":"sagemaker-geospatial:GetRasterDataCollection", "Effect":"Allow", "Resource":"arn:aws:sagemaker-geospatial:*:*:raster-data-collection/*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-05-10T20:28:02+00:00" }, "AmazonSageMakerGeospatialFullAccess":{ "CreateDate":"2022-11-30T10:06:48+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"sagemaker-geospatial:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "sagemaker-geospatial.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-30T10:06:48+00:00" }, "AmazonSageMakerGroundTruthExecution":{ "CreateDate":"2020-07-09T19:30:20+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:*GtRecipe*", "arn:aws:lambda:*:*:function:*LabelingFunction*", "arn:aws:lambda:*:*:function:*SageMaker*", "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*Sagemaker*" ], "Sid":"CustomLabelingJobs" }, { "Action":[ "s3:AbortMultipartUpload", "s3:GetObject", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*GroundTruth*", "arn:aws:s3:::*Groundtruth*", "arn:aws:s3:::*groundtruth*", "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEqualsIgnoreCase":{ "s3:ExistingObjectTag/SageMaker":"true" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetBucketLocation", "s3:ListBucket" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatch" }, { "Action":[ "sqs:CreateQueue", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:SetQueueAttributes" ], "Effect":"Allow", "Resource":"arn:aws:sqs:*:*:*GroundTruth*", "Sid":"StreamingQueue" }, { "Action":"sns:Subscribe", "Condition":{ "StringEquals":{ "sns:Protocol":"sqs" }, "StringLike":{ "sns:Endpoint":"arn:aws:sqs:*:*:*GroundTruth*" } }, "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:*GroundTruth*", "arn:aws:sns:*:*:*Groundtruth*", "arn:aws:sns:*:*:*groundTruth*", "arn:aws:sns:*:*:*groundtruth*", "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sageMaker*", "arn:aws:sns:*:*:*sagemaker*" ], "Sid":"StreamingTopicSubscribe" }, { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":[ "arn:aws:sns:*:*:*GroundTruth*", "arn:aws:sns:*:*:*Groundtruth*", "arn:aws:sns:*:*:*groundTruth*", "arn:aws:sns:*:*:*groundtruth*", "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sageMaker*", "arn:aws:sns:*:*:*sagemaker*" ], "Sid":"StreamingTopic" }, { "Action":[ "sns:Unsubscribe" ], "Effect":"Allow", "Resource":"*", "Sid":"StreamingTopicUnsubscribe" }, { "Action":[ "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringLikeIfExists":{ "ec2:VpceServiceName":[ "*sagemaker-task-resources*", "aws.sagemaker*labeling*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"WorkforceVPC" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-29T20:49:54+00:00" }, "AmazonSageMakerHyperPodServiceRolePolicy":{ "CreateDate":"2024-09-06T17:04:30+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"eks:DescribeCluster", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"EKSClusterDescribePermissions" }, { "Action":[ "logs:CreateLogGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*", "Sid":"CloudWatchLogGroupPermissions" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*:log-stream:*", "Sid":"CloudWatchLogStreamPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-06T17:04:30+00:00" }, "AmazonSageMakerMechanicalTurkAccess":{ "CreateDate":"2019-12-03T16:19:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sagemaker:*FlowDefinition", "sagemaker:*FlowDefinitions" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T16:19:36+00:00" }, "AmazonSageMakerModelGovernanceUseAccess":{ "CreateDate":"2022-11-30T08:58:19+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "sagemaker:ListMonitoringAlerts", "sagemaker:ListMonitoringExecutions", "sagemaker:UpdateMonitoringAlert", "sagemaker:StartMonitoringSchedule", "sagemaker:StopMonitoringSchedule", "sagemaker:ListMonitoringAlertHistory", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:CreateModelCard", "sagemaker:DescribeModelCard", "sagemaker:UpdateModelCard", "sagemaker:DeleteModelCard", "sagemaker:ListModelCards", "sagemaker:ListModelCardVersions", "sagemaker:CreateModelCardExportJob", "sagemaker:DescribeModelCardExportJob", "sagemaker:ListModelCardExportJobs" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSMMonitoringModelCards" }, { "Action":[ "sagemaker:ListTrainingJobs", "sagemaker:DescribeTrainingJob", "sagemaker:ListModels", "sagemaker:DescribeModel", "sagemaker:Search", "sagemaker:AddTags", "sagemaker:DeleteTags", "sagemaker:ListTags" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSMTrainingModelsSearchTags" }, { "Action":[ "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowKMSActions" }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:CreateBucket", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ], "Sid":"AllowS3Actions" }, { "Action":[ "s3:ListBucket", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowS3ListActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-04T21:48:12+00:00" }, "AmazonSageMakerModelRegistryFullAccess":{ "CreateDate":"2023-04-13T05:20:48+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "sagemaker:DescribeAction", "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineExecution", "sagemaker:ListAssociations", "sagemaker:ListArtifacts", "sagemaker:ListModelMetadata", "sagemaker:ListModelPackages", "sagemaker:Search", "sagemaker:GetSearchSuggestions" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerModelRegistrySageMakerReadPermission" }, { "Action":[ "sagemaker:AddTags", "sagemaker:CreateModel", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateInferenceRecommendationsJob", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeleteTags", "sagemaker:UpdateModelPackage" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerModelRegistrySageMakerWritePermission" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ], "Sid":"AmazonSageMakerModelRegistryS3GetPermission" }, { "Action":[ "s3:ListBucket", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerModelRegistryS3ListPermission" }, { "Action":[ "ecr:BatchGetImage", "ecr:DescribeImages" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerModelRegistryECRReadPermission" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"sagemaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"AmazonSageMakerModelRegistryIAMPassRolePermission" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerModelRegistryTagReadPermission" }, { "Action":[ "resource-groups:GetGroupQuery" ], "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/*", "Sid":"AmazonSageMakerModelRegistryResourceGroupGetPermission" }, { "Action":[ "resource-groups:ListGroupResources" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerModelRegistryResourceGroupListPermission" }, { "Action":[ "resource-groups:CreateGroup", "resource-groups:Tag" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":"sagemaker:collection" } }, "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/*", "Sid":"AmazonSageMakerModelRegistryResourceGroupWritePermission" }, { "Action":"resource-groups:DeleteGroup", "Condition":{ "StringEquals":{ "aws:ResourceTag/sagemaker:collection":"true" } }, "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/*", "Sid":"AmazonSageMakerModelRegistryResourceGroupDeletePermission" }, { "Action":[ "kms:CreateGrant", "kms:DescribeKey", "kms:GenerateDataKey", "kms:Decrypt" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/sagemaker":"true" }, "StringLike":{ "kms:ViaService":"sagemaker.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"AmazonSageMakerModelRegistryResourceKMSPermission" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-06T18:48:51+00:00" }, "AmazonSageMakerNotebooksServiceRolePolicy":{ "CreateDate":"2019-10-18T20:27:37+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "fsx:DescribeFileSystems" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowFSxDescribe" }, { "Action":[ "sagemaker:DeleteApp" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:app/*", "Sid":"AllowSageMakerDeleteApp" }, { "Action":"elasticfilesystem:CreateAccessPoint", "Condition":{ "StringLike":{ "aws:RequestTag/ManagedByAmazonSageMakerResource":"*", "aws:ResourceTag/ManagedByAmazonSageMakerResource":"*" } }, "Effect":"Allow", "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", "Sid":"AllowEFSAccessPointCreation" }, { "Action":[ "elasticfilesystem:DeleteAccessPoint" ], "Condition":{ "StringLike":{ "aws:ResourceTag/ManagedByAmazonSageMakerResource":"*" } }, "Effect":"Allow", "Resource":"arn:aws:elasticfilesystem:*:*:access-point/*", "Sid":"AllowEFSAccessPointDeletion" }, { "Action":"elasticfilesystem:CreateFileSystem", "Condition":{ "StringLike":{ "aws:RequestTag/ManagedByAmazonSageMakerResource":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowEFSCreation" }, { "Action":[ "elasticfilesystem:CreateMountTarget", "elasticfilesystem:DeleteFileSystem", "elasticfilesystem:DeleteMountTarget" ], "Condition":{ "StringLike":{ "aws:ResourceTag/ManagedByAmazonSageMakerResource":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowEFSMountWithDeletion" }, { "Action":[ "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowEFSDescribe" }, { "Action":"elasticfilesystem:TagResource", "Condition":{ "StringLike":{ "aws:ResourceTag/ManagedByAmazonSageMakerResource":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:elasticfilesystem:*:*:access-point/*", "arn:aws:elasticfilesystem:*:*:file-system/*" ], "Sid":"AllowEFSTagging" }, { "Action":"ec2:CreateTags", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"AllowEC2Tagging" }, { "Action":[ "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowEC2Operations" }, { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/ManagedByAmazonSageMakerResource":"*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowEC2AuthZ" }, { "Action":[ "sso:CreateManagedApplicationInstance", "sso:DeleteManagedApplicationInstance", "sso:GetManagedApplicationInstance" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowIdcOperations" }, { "Action":[ "sagemaker:CreateUserProfile", "sagemaker:DescribeUserProfile" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSagemakerProfileCreation" }, { "Action":[ "sagemaker:CreateSpace", "sagemaker:DescribeSpace", "sagemaker:DeleteSpace", "sagemaker:ListTags" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:space/*/CanvasManagedSpace-*", "Sid":"AllowSagemakerSpaceOperationsForCanvasManagedSpaces" }, { "Action":[ "sagemaker:AddTags" ], "Condition":{ "StringEquals":{ "sagemaker:TaggingAction":"CreateSpace" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:space/*/CanvasManagedSpace-*", "Sid":"AllowSagemakerAddTagsForAppManagedSpaces" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-14T20:33:45+00:00" }, "AmazonSageMakerPartnerAppsFullAccess":{ "CreateDate":"2025-01-17T18:37:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"sagemaker:ListPartnerApps", "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerPartnerListAppsPermission" }, { "Action":[ "sagemaker:CreatePartnerAppPresignedUrl", "sagemaker:DescribePartnerApp", "sagemaker:CallPartnerAppApi" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:partner-app/*", "Sid":"AmazonSageMakerPartnerAppsPermission" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-17T18:37:06+00:00" }, "AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy":{ "CreateDate":"2023-08-01T15:06:24+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"lambda:InvokeFunction", "Condition":{ "Null":{ "aws:ResourceTag/sagemaker:partner":"false", "aws:ResourceTag/sagemaker:project-name":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:sagemaker-*" }, { "Action":"sagemaker:InvokeEndpoint", "Condition":{ "Null":{ "aws:ResourceTag/sagemaker:partner":"false", "aws:ResourceTag/sagemaker:project-name":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:endpoint/*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-01T15:06:24+00:00" }, "AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy":{ "CreateDate":"2023-08-01T15:06:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"lambda.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsLambdaRole" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"apigateway.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsApiGatewayRole" ] }, { "Action":[ "lambda:DeleteFunction", "lambda:UpdateFunctionCode", "lambda:ListTags", "lambda:InvokeFunction" ], "Condition":{ "Null":{ "aws:ResourceTag/sagemaker:partner":"false", "aws:ResourceTag/sagemaker:project-name":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:sagemaker-*" ] }, { "Action":[ "lambda:CreateFunction", "lambda:TagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "sagemaker:project-name", "sagemaker:partner" ] }, "Null":{ "aws:ResourceTag/sagemaker:partner":"false", "aws:ResourceTag/sagemaker:project-name":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:sagemaker-*" ] }, { "Action":[ "lambda:PublishLayerVersion", "lambda:GetLayerVersion", "lambda:DeleteLayerVersion", "lambda:GetFunction" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:layer:sagemaker-*", "arn:aws:lambda:*:*:function:sagemaker-*" ] }, { "Action":[ "apigateway:GET", "apigateway:DELETE", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT" ], "Condition":{ "Null":{ "aws:ResourceTag/sagemaker:partner":"false", "aws:ResourceTag/sagemaker:project-name":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/restapis" ] }, { "Action":[ "apigateway:POST", "apigateway:PUT" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "sagemaker:project-name", "sagemaker:partner" ] }, "Null":{ "aws:ResourceTag/sagemaker:partner":"false", "aws:ResourceTag/sagemaker:project-name":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/tags/*" ] }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-*/lambda-auth-code/layer.zip" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-01T15:06:46+00:00" }, "AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy":{ "CreateDate":"2023-08-01T15:05:51+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"secretsmanager:GetSecretValue", "Condition":{ "Null":{ "aws:ResourceTag/sagemaker:partner":false }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-01T15:05:51+00:00" }, "AmazonSageMakerPipelinesIntegrations":{ "CreateDate":"2021-07-30T16:35:10+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:InvokeFunction", "lambda:UpdateFunctionCode" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*sageMaker*", "arn:aws:lambda:*:*:function:*SageMaker*" ] }, { "Action":[ "sqs:CreateQueue", "sqs:SendMessage" ], "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:*sagemaker*", "arn:aws:sqs:*:*:*sageMaker*", "arn:aws:sqs:*:*:*SageMaker*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lambda.amazonaws.com", "elasticmapreduce.amazonaws.com", "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" }, { "Action":[ "events:DescribeRule", "events:PutRule", "events:PutTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/SageMakerPipelineExecutionEMRStepStatusUpdateRule", "arn:aws:events:*:*:rule/SageMakerPipelineExecutionEMRClusterStatusUpdateRule" ] }, { "Action":[ "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:CancelSteps", "elasticmapreduce:DescribeStep", "elasticmapreduce:RunJobFlow", "elasticmapreduce:DescribeCluster", "elasticmapreduce:TerminateJobFlows", "elasticmapreduce:ListSteps" ], "Effect":"Allow", "Resource":[ "arn:aws:elasticmapreduce:*:*:cluster/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-17T21:28:19+00:00" }, "AmazonSageMakerReadOnly":{ "CreateDate":"2017-11-29T13:07:09+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "sagemaker:Describe*", "sagemaker:List*", "sagemaker:BatchGetMetrics", "sagemaker:GetDeviceRegistration", "sagemaker:GetDeviceFleetReport", "sagemaker:GetSearchSuggestions", "sagemaker:BatchGetRecord", "sagemaker:GetRecord", "sagemaker:Search", "sagemaker:QueryLineage", "sagemaker:GetLineageGroupPolicy", "sagemaker:BatchDescribeModelPackage", "sagemaker:GetModelPackageGroupPolicy" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "aws-marketplace:ViewSubscriptions", "cloudwatch:DescribeAlarms", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", "cognito-idp:ListUsers", "cognito-idp:ListUsersInGroup", "ecr:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-12-01T16:29:20+00:00" }, "AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy":{ "CreateDate":"2022-03-25T04:25:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DescribeResourcePolicies", "logs:DescribeDestinations", "logs:DescribeExportTasks", "logs:DescribeMetricFilters", "logs:DescribeQueries", "logs:DescribeQueryDefinitions", "logs:DescribeSubscriptionFilters", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/apigateway/*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-03-25T04:25:36+00:00" }, "AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy":{ "CreateDate":"2022-03-25T04:26:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sagemaker:AddAssociation", "sagemaker:AddTags", "sagemaker:AssociateTrialComponent", "sagemaker:BatchDescribeModelPackage", "sagemaker:BatchGetMetrics", "sagemaker:BatchGetRecord", "sagemaker:BatchPutMetrics", "sagemaker:CreateAction", "sagemaker:CreateAlgorithm", "sagemaker:CreateApp", "sagemaker:CreateAppImageConfig", "sagemaker:CreateArtifact", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCodeRepository", "sagemaker:CreateCompilationJob", "sagemaker:CreateContext", "sagemaker:CreateDataQualityJobDefinition", "sagemaker:CreateDeviceFleet", "sagemaker:CreateDomain", "sagemaker:CreateEdgePackagingJob", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateExperiment", "sagemaker:CreateFeatureGroup", "sagemaker:CreateFlowDefinition", "sagemaker:CreateHumanTaskUi", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateImage", "sagemaker:CreateImageVersion", "sagemaker:CreateInferenceRecommendationsJob", "sagemaker:CreateLabelingJob", "sagemaker:CreateLineageGroupPolicy", "sagemaker:CreateModel", "sagemaker:CreateModelBiasJobDefinition", "sagemaker:CreateModelExplainabilityJobDefinition", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreateModelQualityJobDefinition", "sagemaker:CreateMonitoringSchedule", "sagemaker:CreateNotebookInstance", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:CreatePipeline", "sagemaker:CreatePresignedDomainUrl", "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateProcessingJob", "sagemaker:CreateProject", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateTrial", "sagemaker:CreateTrialComponent", "sagemaker:CreateUserProfile", "sagemaker:CreateWorkforce", "sagemaker:CreateWorkteam", "sagemaker:DeleteAction", "sagemaker:DeleteAlgorithm", "sagemaker:DeleteApp", "sagemaker:DeleteAppImageConfig", "sagemaker:DeleteArtifact", "sagemaker:DeleteAssociation", "sagemaker:DeleteCodeRepository", "sagemaker:DeleteContext", "sagemaker:DeleteDataQualityJobDefinition", "sagemaker:DeleteDeviceFleet", "sagemaker:DeleteDomain", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteExperiment", "sagemaker:DeleteFeatureGroup", "sagemaker:DeleteFlowDefinition", "sagemaker:DeleteHumanLoop", "sagemaker:DeleteHumanTaskUi", "sagemaker:DeleteImage", "sagemaker:DeleteImageVersion", "sagemaker:DeleteLineageGroupPolicy", "sagemaker:DeleteModel", "sagemaker:DeleteModelBiasJobDefinition", "sagemaker:DeleteModelExplainabilityJobDefinition", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeleteModelPackageGroupPolicy", "sagemaker:DeleteModelQualityJobDefinition", "sagemaker:DeleteMonitoringSchedule", "sagemaker:DeleteNotebookInstance", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:DeletePipeline", "sagemaker:DeleteProject", "sagemaker:DeleteRecord", "sagemaker:DeleteTags", "sagemaker:DeleteTrial", "sagemaker:DeleteTrialComponent", "sagemaker:DeleteUserProfile", "sagemaker:DeleteWorkforce", "sagemaker:DeleteWorkteam", "sagemaker:DeregisterDevices", "sagemaker:DescribeAction", "sagemaker:DescribeAlgorithm", "sagemaker:DescribeApp", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeArtifact", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeContext", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DescribeDevice", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeDomain", "sagemaker:DescribeEdgePackagingJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeExperiment", "sagemaker:DescribeFeatureGroup", "sagemaker:DescribeFlowDefinition", "sagemaker:DescribeHumanLoop", "sagemaker:DescribeHumanTaskUi", "sagemaker:DescribeHyperParameterTuningJob", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeLabelingJob", "sagemaker:DescribeLineageGroup", "sagemaker:DescribeModel", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineDefinitionForExecution", "sagemaker:DescribePipelineExecution", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeProject", "sagemaker:DescribeSubscribedWorkteam", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:DescribeTrial", "sagemaker:DescribeTrialComponent", "sagemaker:DescribeUserProfile", "sagemaker:DescribeWorkforce", "sagemaker:DescribeWorkteam", "sagemaker:DisableSagemakerServicecatalogPortfolio", "sagemaker:DisassociateTrialComponent", "sagemaker:EnableSagemakerServicecatalogPortfolio", "sagemaker:GetDeviceFleetReport", "sagemaker:GetDeviceRegistration", "sagemaker:GetLineageGroupPolicy", "sagemaker:GetModelPackageGroupPolicy", "sagemaker:GetRecord", "sagemaker:GetSagemakerServicecatalogPortfolioStatus", "sagemaker:GetSearchSuggestions", "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointAsync", "sagemaker:ListActions", "sagemaker:ListAlgorithms", "sagemaker:ListAppImageConfigs", "sagemaker:ListApps", "sagemaker:ListArtifacts", "sagemaker:ListAssociations", "sagemaker:ListAutoMLJobs", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:ListCodeRepositories", "sagemaker:ListCompilationJobs", "sagemaker:ListContexts", "sagemaker:ListDataQualityJobDefinitions", "sagemaker:ListDeviceFleets", "sagemaker:ListDevices", "sagemaker:ListDomains", "sagemaker:ListEdgePackagingJobs", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListExperiments", "sagemaker:ListFeatureGroups", "sagemaker:ListFlowDefinitions", "sagemaker:ListHumanLoops", "sagemaker:ListHumanTaskUis", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListImageVersions", "sagemaker:ListImages", "sagemaker:ListInferenceRecommendationsJobs", "sagemaker:ListLabelingJobs", "sagemaker:ListLabelingJobsForWorkteam", "sagemaker:ListLineageGroups", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelExplainabilityJobDefinitions", "sagemaker:ListModelMetadata", "sagemaker:ListModelPackageGroups", "sagemaker:ListModelPackages", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringExecutions", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelineExecutionSteps", "sagemaker:ListPipelineExecutions", "sagemaker:ListPipelineParametersForExecution", "sagemaker:ListPipelines", "sagemaker:ListProcessingJobs", "sagemaker:ListProjects", "sagemaker:ListSubscribedWorkteams", "sagemaker:ListTags", "sagemaker:ListTrainingJobs", "sagemaker:ListTrainingJobsForHyperParameterTuningJob", "sagemaker:ListTransformJobs", "sagemaker:ListTrialComponents", "sagemaker:ListTrials", "sagemaker:ListUserProfiles", "sagemaker:ListWorkforces", "sagemaker:ListWorkteams", "sagemaker:PutLineageGroupPolicy", "sagemaker:PutModelPackageGroupPolicy", "sagemaker:PutRecord", "sagemaker:QueryLineage", "sagemaker:RegisterDevices", "sagemaker:RenderUiTemplate", "sagemaker:Search", "sagemaker:SendHeartbeat", "sagemaker:SendPipelineExecutionStepFailure", "sagemaker:SendPipelineExecutionStepSuccess", "sagemaker:StartHumanLoop", "sagemaker:StartMonitoringSchedule", "sagemaker:StartNotebookInstance", "sagemaker:StartPipelineExecution", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopEdgePackagingJob", "sagemaker:StopHumanLoop", "sagemaker:StopHyperParameterTuningJob", "sagemaker:StopInferenceRecommendationsJob", "sagemaker:StopLabelingJob", "sagemaker:StopMonitoringSchedule", "sagemaker:StopNotebookInstance", "sagemaker:StopPipelineExecution", "sagemaker:StopProcessingJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:UpdateAction", "sagemaker:UpdateAppImageConfig", "sagemaker:UpdateArtifact", "sagemaker:UpdateCodeRepository", "sagemaker:UpdateContext", "sagemaker:UpdateDeviceFleet", "sagemaker:UpdateDevices", "sagemaker:UpdateDomain", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateExperiment", "sagemaker:UpdateImage", "sagemaker:UpdateModelPackage", "sagemaker:UpdateMonitoringSchedule", "sagemaker:UpdateNotebookInstance", "sagemaker:UpdateNotebookInstanceLifecycleConfig", "sagemaker:UpdatePipeline", "sagemaker:UpdatePipelineExecution", "sagemaker:UpdateProject", "sagemaker:UpdateTrainingJob", "sagemaker:UpdateTrial", "sagemaker:UpdateTrialComponent", "sagemaker:UpdateUserProfile", "sagemaker:UpdateWorkforce", "sagemaker:UpdateWorkteam" ], "Effect":"Allow", "NotResource":[ "arn:aws:sagemaker:*:*:domain/*", "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:app/*", "arn:aws:sagemaker:*:*:flow-definition/*" ] }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodeBuildRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-03-25T04:26:40+00:00" }, "AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy":{ "CreateDate":"2022-03-25T04:27:46+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetUploadArchiveStatus", "codecommit:UploadArchive" ], "Effect":"Allow", "Resource":"arn:aws:codecommit:*:*:sagemaker-*", "Sid":"AmazonSageMakerCodeBuildCodeCommitPermission" }, { "Action":[ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:DescribeImageScanFindings", "ecr:DescribeRegistry", "ecr:DescribeImageReplicationStatus", "ecr:DescribeRepositories", "ecr:DescribeImageReplicationStatus", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmazonSageMakerCodeBuildECRReadPermission" }, { "Action":[ "ecr:CompleteLayerUpload", "ecr:CreateRepository", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart" ], "Effect":"Allow", "Resource":[ "arn:aws:ecr:*:*:repository/sagemaker-*" ], "Sid":"AmazonSageMakerCodeBuildECRWritePermission" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "events.amazonaws.com", "codepipeline.amazonaws.com", "cloudformation.amazonaws.com", "codebuild.amazonaws.com", "sagemaker.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsEventsRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodePipelineRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCloudformationRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodeBuildRole", "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole" ], "Sid":"AmazonSageMakerCodeBuildPassRoletPermission" }, { "Action":[ "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DescribeResourcePolicies", "logs:DescribeDestinations", "logs:DescribeExportTasks", "logs:DescribeMetricFilters", "logs:DescribeQueries", "logs:DescribeQueryDefinitions", "logs:DescribeSubscriptionFilters", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/codebuild/*", "Sid":"AmazonSageMakerCodeBuildLogPermission" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:GetBucketAcl", "s3:GetBucketCors", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutBucketCors", "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ], "Sid":"AmazonSageMakerCodeBuildS3Permission" }, { "Action":[ "sagemaker:AddAssociation", "sagemaker:AddTags", "sagemaker:AssociateTrialComponent", "sagemaker:BatchDescribeModelPackage", "sagemaker:BatchGetMetrics", "sagemaker:BatchGetRecord", "sagemaker:BatchPutMetrics", "sagemaker:CreateAction", "sagemaker:CreateAlgorithm", "sagemaker:CreateApp", "sagemaker:CreateAppImageConfig", "sagemaker:CreateArtifact", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCodeRepository", "sagemaker:CreateCompilationJob", "sagemaker:CreateContext", "sagemaker:CreateDataQualityJobDefinition", "sagemaker:CreateDeviceFleet", "sagemaker:CreateDomain", "sagemaker:CreateEdgePackagingJob", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateExperiment", "sagemaker:CreateFeatureGroup", "sagemaker:CreateFlowDefinition", "sagemaker:CreateHumanTaskUi", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateImage", "sagemaker:CreateImageVersion", "sagemaker:CreateInferenceRecommendationsJob", "sagemaker:CreateLabelingJob", "sagemaker:CreateLineageGroupPolicy", "sagemaker:CreateModel", "sagemaker:CreateModelBiasJobDefinition", "sagemaker:CreateModelExplainabilityJobDefinition", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreateModelQualityJobDefinition", "sagemaker:CreateMonitoringSchedule", "sagemaker:CreateNotebookInstance", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:CreatePipeline", "sagemaker:CreatePresignedDomainUrl", "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateProcessingJob", "sagemaker:CreateProject", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateTrial", "sagemaker:CreateTrialComponent", "sagemaker:CreateUserProfile", "sagemaker:CreateWorkforce", "sagemaker:CreateWorkteam", "sagemaker:DeleteAction", "sagemaker:DeleteAlgorithm", "sagemaker:DeleteApp", "sagemaker:DeleteAppImageConfig", "sagemaker:DeleteArtifact", "sagemaker:DeleteAssociation", "sagemaker:DeleteCodeRepository", "sagemaker:DeleteContext", "sagemaker:DeleteDataQualityJobDefinition", "sagemaker:DeleteDeviceFleet", "sagemaker:DeleteDomain", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteExperiment", "sagemaker:DeleteFeatureGroup", "sagemaker:DeleteFlowDefinition", "sagemaker:DeleteHumanLoop", "sagemaker:DeleteHumanTaskUi", "sagemaker:DeleteImage", "sagemaker:DeleteImageVersion", "sagemaker:DeleteLineageGroupPolicy", "sagemaker:DeleteModel", "sagemaker:DeleteModelBiasJobDefinition", "sagemaker:DeleteModelExplainabilityJobDefinition", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeleteModelPackageGroupPolicy", "sagemaker:DeleteModelQualityJobDefinition", "sagemaker:DeleteMonitoringSchedule", "sagemaker:DeleteNotebookInstance", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:DeletePipeline", "sagemaker:DeleteProject", "sagemaker:DeleteRecord", "sagemaker:DeleteTags", "sagemaker:DeleteTrial", "sagemaker:DeleteTrialComponent", "sagemaker:DeleteUserProfile", "sagemaker:DeleteWorkforce", "sagemaker:DeleteWorkteam", "sagemaker:DeregisterDevices", "sagemaker:DescribeAction", "sagemaker:DescribeAlgorithm", "sagemaker:DescribeApp", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeArtifact", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeContext", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DescribeDevice", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeDomain", "sagemaker:DescribeEdgePackagingJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeExperiment", "sagemaker:DescribeFeatureGroup", "sagemaker:DescribeFlowDefinition", "sagemaker:DescribeHumanLoop", "sagemaker:DescribeHumanTaskUi", "sagemaker:DescribeHyperParameterTuningJob", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeLabelingJob", "sagemaker:DescribeLineageGroup", "sagemaker:DescribeModel", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineDefinitionForExecution", "sagemaker:DescribePipelineExecution", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeProject", "sagemaker:DescribeSubscribedWorkteam", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:DescribeTrial", "sagemaker:DescribeTrialComponent", "sagemaker:DescribeUserProfile", "sagemaker:DescribeWorkforce", "sagemaker:DescribeWorkteam", "sagemaker:DisableSagemakerServicecatalogPortfolio", "sagemaker:DisassociateTrialComponent", "sagemaker:EnableSagemakerServicecatalogPortfolio", "sagemaker:GetDeviceFleetReport", "sagemaker:GetDeviceRegistration", "sagemaker:GetLineageGroupPolicy", "sagemaker:GetModelPackageGroupPolicy", "sagemaker:GetRecord", "sagemaker:GetSagemakerServicecatalogPortfolioStatus", "sagemaker:GetSearchSuggestions", "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointAsync", "sagemaker:ListActions", "sagemaker:ListAlgorithms", "sagemaker:ListAppImageConfigs", "sagemaker:ListApps", "sagemaker:ListArtifacts", "sagemaker:ListAssociations", "sagemaker:ListAutoMLJobs", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:ListCodeRepositories", "sagemaker:ListCompilationJobs", "sagemaker:ListContexts", "sagemaker:ListDataQualityJobDefinitions", "sagemaker:ListDeviceFleets", "sagemaker:ListDevices", "sagemaker:ListDomains", "sagemaker:ListEdgePackagingJobs", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListExperiments", "sagemaker:ListFeatureGroups", "sagemaker:ListFlowDefinitions", "sagemaker:ListHumanLoops", "sagemaker:ListHumanTaskUis", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListImageVersions", "sagemaker:ListImages", "sagemaker:ListInferenceRecommendationsJobs", "sagemaker:ListLabelingJobs", "sagemaker:ListLabelingJobsForWorkteam", "sagemaker:ListLineageGroups", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelExplainabilityJobDefinitions", "sagemaker:ListModelMetadata", "sagemaker:ListModelPackageGroups", "sagemaker:ListModelPackages", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringExecutions", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelineExecutionSteps", "sagemaker:ListPipelineExecutions", "sagemaker:ListPipelineParametersForExecution", "sagemaker:ListPipelines", "sagemaker:ListProcessingJobs", "sagemaker:ListProjects", "sagemaker:ListSubscribedWorkteams", "sagemaker:ListTags", "sagemaker:ListTrainingJobs", "sagemaker:ListTrainingJobsForHyperParameterTuningJob", "sagemaker:ListTransformJobs", "sagemaker:ListTrialComponents", "sagemaker:ListTrials", "sagemaker:ListUserProfiles", "sagemaker:ListWorkforces", "sagemaker:ListWorkteams", "sagemaker:PutLineageGroupPolicy", "sagemaker:PutModelPackageGroupPolicy", "sagemaker:PutRecord", "sagemaker:QueryLineage", "sagemaker:RegisterDevices", "sagemaker:RenderUiTemplate", "sagemaker:Search", "sagemaker:SendHeartbeat", "sagemaker:SendPipelineExecutionStepFailure", "sagemaker:SendPipelineExecutionStepSuccess", "sagemaker:StartHumanLoop", "sagemaker:StartMonitoringSchedule", "sagemaker:StartNotebookInstance", "sagemaker:StartPipelineExecution", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopEdgePackagingJob", "sagemaker:StopHumanLoop", "sagemaker:StopHyperParameterTuningJob", "sagemaker:StopInferenceRecommendationsJob", "sagemaker:StopLabelingJob", "sagemaker:StopMonitoringSchedule", "sagemaker:StopNotebookInstance", "sagemaker:StopPipelineExecution", "sagemaker:StopProcessingJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:UpdateAction", "sagemaker:UpdateAppImageConfig", "sagemaker:UpdateArtifact", "sagemaker:UpdateCodeRepository", "sagemaker:UpdateContext", "sagemaker:UpdateDeviceFleet", "sagemaker:UpdateDevices", "sagemaker:UpdateDomain", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateExperiment", "sagemaker:UpdateImage", "sagemaker:UpdateModelPackage", "sagemaker:UpdateMonitoringSchedule", "sagemaker:UpdateNotebookInstance", "sagemaker:UpdateNotebookInstanceLifecycleConfig", "sagemaker:UpdatePipeline", "sagemaker:UpdatePipelineExecution", "sagemaker:UpdateProject", "sagemaker:UpdateTrainingJob", "sagemaker:UpdateTrial", "sagemaker:UpdateTrialComponent", "sagemaker:UpdateUserProfile", "sagemaker:UpdateWorkforce", "sagemaker:UpdateWorkteam" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:model/*", "arn:aws:sagemaker:*:*:pipeline/*", "arn:aws:sagemaker:*:*:project/*", "arn:aws:sagemaker:*:*:model-package/*" ], "Sid":"AmazonSageMakerCodeBuildSageMakerPermission" }, { "Action":[ "codestar-connections:UseConnection" ], "Condition":{ "StringEqualsIgnoreCase":{ "aws:ResourceTag/sagemaker":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*" ], "Sid":"AmazonSageMakerCodeBuildCodeStarConnectionPermission" }, { "Action":[ "codeconnections:UseConnection" ], "Condition":{ "StringEqualsIgnoreCase":{ "aws:ResourceTag/sagemaker":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"AmazonSageMakerCodeBuildCodeConnectionPermission" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-11T18:45:27+00:00" }, "AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy":{ "CreateDate":"2022-02-22T09:53:17+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudformation:CreateChangeSet", "cloudformation:CreateStack", "cloudformation:DescribeChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", "cloudformation:SetStackPolicy", "cloudformation:UpdateStack" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/sagemaker-*", "Sid":"AmazonSageMakerCodePipelineCFnPermission" }, { "Action":[ "cloudformation:TagResource", "cloudformation:UntagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "sagemaker:project-name" ] } }, "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/sagemaker-*", "Sid":"AmazonSageMakerCodePipelineCFnTagPermission" }, { "Action":[ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::sagemaker-*" ], "Sid":"AmazonSageMakerCodePipelineS3Permission" }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCloudformationRole" ], "Sid":"AmazonSageMakerCodePipelinePassRolePermission" }, { "Action":[ "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Effect":"Allow", "Resource":[ "arn:aws:codebuild:*:*:project/sagemaker-*", "arn:aws:codebuild:*:*:build/sagemaker-*" ], "Sid":"AmazonSageMakerCodePipelineCodeBuildPermission" }, { "Action":[ "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetUploadArchiveStatus", "codecommit:UploadArchive" ], "Effect":"Allow", "Resource":"arn:aws:codecommit:*:*:sagemaker-*", "Sid":"AmazonSageMakerCodePipelineCodeCommitPermission" }, { "Action":[ "codestar-connections:UseConnection" ], "Condition":{ "StringEqualsIgnoreCase":{ "aws:ResourceTag/sagemaker":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:codestar-connections:*:*:connection/*" ], "Sid":"AmazonSageMakerCodePipelineCodeStarConnectionPermission" }, { "Action":[ "codeconnections:UseConnection" ], "Condition":{ "StringEqualsIgnoreCase":{ "aws:ResourceTag/sagemaker":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"AmazonSageMakerCodePipelineCodeConnectionPermission" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-11T18:37:51+00:00" }, "AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy":{ "CreateDate":"2022-02-22T09:53:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"codepipeline:StartPipelineExecution", "Effect":"Allow", "Resource":"arn:aws:codepipeline:*:*:sagemaker-*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-02-22T09:53:59+00:00" }, "AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy":{ "CreateDate":"2022-02-22T09:54:35+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "firehose:PutRecord", "firehose:PutRecordBatch" ], "Effect":"Allow", "Resource":"arn:aws:firehose:*:*:deliverystream/sagemaker-*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-02-22T09:54:35+00:00" }, "AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy":{ "CreateDate":"2022-02-22T09:51:13+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "glue:BatchCreatePartition", "glue:BatchDeletePartition", "glue:BatchDeleteTable", "glue:BatchDeleteTableVersion", "glue:BatchGetPartition", "glue:CreateDatabase", "glue:CreatePartition", "glue:CreateTable", "glue:DeletePartition", "glue:DeleteTable", "glue:DeleteTableVersion", "glue:GetDatabase", "glue:GetPartition", "glue:GetPartitions", "glue:GetTable", "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions", "glue:SearchTables", "glue:UpdatePartition", "glue:UpdateTable", "glue:GetUserDefinedFunctions" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/default", "arn:aws:glue:*:*:database/global_temp", "arn:aws:glue:*:*:database/sagemaker-*", "arn:aws:glue:*:*:table/sagemaker-*", "arn:aws:glue:*:*:tableVersion/sagemaker-*" ] }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:GetBucketAcl", "s3:GetBucketCors", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutBucketCors" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ] }, { "Action":[ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ] }, { "Action":[ "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:Describe*", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/glue/*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-26T19:13:02+00:00" }, "AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy":{ "CreateDate":"2022-04-04T16:34:43+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ecr:DescribeImages", "ecr:BatchDeleteImage", "ecr:CompleteLayerUpload", "ecr:CreateRepository", "ecr:DeleteRepository", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:UploadLayerPart" ], "Effect":"Allow", "Resource":[ "arn:aws:ecr:*:*:repository/sagemaker-*" ], "Sid":"AmazonSageMakerLambdaECRPermission" }, { "Action":[ "events:DeleteRule", "events:DescribeRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/sagemaker-*" ], "Sid":"AmazonSageMakerLambdaEventBridgePermission" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:GetBucketAcl", "s3:GetBucketCors", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutBucketCors" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ], "Sid":"AmazonSageMakerLambdaS3BucketPermission" }, { "Action":[ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*", "arn:aws:s3:::sagemaker-*" ], "Sid":"AmazonSageMakerLambdaS3ObjectPermission" }, { "Action":[ "sagemaker:AddAssociation", "sagemaker:AddTags", "sagemaker:AssociateTrialComponent", "sagemaker:BatchDescribeModelPackage", "sagemaker:BatchGetMetrics", "sagemaker:BatchGetRecord", "sagemaker:BatchPutMetrics", "sagemaker:CreateAction", "sagemaker:CreateAlgorithm", "sagemaker:CreateApp", "sagemaker:CreateAppImageConfig", "sagemaker:CreateArtifact", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCodeRepository", "sagemaker:CreateCompilationJob", "sagemaker:CreateContext", "sagemaker:CreateDataQualityJobDefinition", "sagemaker:CreateDeviceFleet", "sagemaker:CreateDomain", "sagemaker:CreateEdgePackagingJob", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateExperiment", "sagemaker:CreateFeatureGroup", "sagemaker:CreateFlowDefinition", "sagemaker:CreateHumanTaskUi", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateImage", "sagemaker:CreateImageVersion", "sagemaker:CreateInferenceRecommendationsJob", "sagemaker:CreateLabelingJob", "sagemaker:CreateLineageGroupPolicy", "sagemaker:CreateModel", "sagemaker:CreateModelBiasJobDefinition", "sagemaker:CreateModelExplainabilityJobDefinition", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreateModelQualityJobDefinition", "sagemaker:CreateMonitoringSchedule", "sagemaker:CreateNotebookInstance", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:CreatePipeline", "sagemaker:CreatePresignedDomainUrl", "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateProcessingJob", "sagemaker:CreateProject", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateTrial", "sagemaker:CreateTrialComponent", "sagemaker:CreateUserProfile", "sagemaker:CreateWorkforce", "sagemaker:CreateWorkteam", "sagemaker:DeleteAction", "sagemaker:DeleteAlgorithm", "sagemaker:DeleteApp", "sagemaker:DeleteAppImageConfig", "sagemaker:DeleteArtifact", "sagemaker:DeleteAssociation", "sagemaker:DeleteCodeRepository", "sagemaker:DeleteContext", "sagemaker:DeleteDataQualityJobDefinition", "sagemaker:DeleteDeviceFleet", "sagemaker:DeleteDomain", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteExperiment", "sagemaker:DeleteFeatureGroup", "sagemaker:DeleteFlowDefinition", "sagemaker:DeleteHumanLoop", "sagemaker:DeleteHumanTaskUi", "sagemaker:DeleteImage", "sagemaker:DeleteImageVersion", "sagemaker:DeleteLineageGroupPolicy", "sagemaker:DeleteModel", "sagemaker:DeleteModelBiasJobDefinition", "sagemaker:DeleteModelExplainabilityJobDefinition", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeleteModelPackageGroupPolicy", "sagemaker:DeleteModelQualityJobDefinition", "sagemaker:DeleteMonitoringSchedule", "sagemaker:DeleteNotebookInstance", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:DeletePipeline", "sagemaker:DeleteProject", "sagemaker:DeleteRecord", "sagemaker:DeleteTags", "sagemaker:DeleteTrial", "sagemaker:DeleteTrialComponent", "sagemaker:DeleteUserProfile", "sagemaker:DeleteWorkforce", "sagemaker:DeleteWorkteam", "sagemaker:DeregisterDevices", "sagemaker:DescribeAction", "sagemaker:DescribeAlgorithm", "sagemaker:DescribeApp", "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeArtifact", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeCompilationJob", "sagemaker:DescribeContext", "sagemaker:DescribeDataQualityJobDefinition", "sagemaker:DescribeDevice", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeDomain", "sagemaker:DescribeEdgePackagingJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeExperiment", "sagemaker:DescribeFeatureGroup", "sagemaker:DescribeFlowDefinition", "sagemaker:DescribeHumanLoop", "sagemaker:DescribeHumanTaskUi", "sagemaker:DescribeHyperParameterTuningJob", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeLabelingJob", "sagemaker:DescribeLineageGroup", "sagemaker:DescribeModel", "sagemaker:DescribeModelBiasJobDefinition", "sagemaker:DescribeModelExplainabilityJobDefinition", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineDefinitionForExecution", "sagemaker:DescribePipelineExecution", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeProject", "sagemaker:DescribeSubscribedWorkteam", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:DescribeTrial", "sagemaker:DescribeTrialComponent", "sagemaker:DescribeUserProfile", "sagemaker:DescribeWorkforce", "sagemaker:DescribeWorkteam", "sagemaker:DisableSagemakerServicecatalogPortfolio", "sagemaker:DisassociateTrialComponent", "sagemaker:EnableSagemakerServicecatalogPortfolio", "sagemaker:GetDeviceFleetReport", "sagemaker:GetDeviceRegistration", "sagemaker:GetLineageGroupPolicy", "sagemaker:GetModelPackageGroupPolicy", "sagemaker:GetRecord", "sagemaker:GetSagemakerServicecatalogPortfolioStatus", "sagemaker:GetSearchSuggestions", "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointAsync", "sagemaker:ListActions", "sagemaker:ListAlgorithms", "sagemaker:ListAppImageConfigs", "sagemaker:ListApps", "sagemaker:ListArtifacts", "sagemaker:ListAssociations", "sagemaker:ListAutoMLJobs", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:ListCodeRepositories", "sagemaker:ListCompilationJobs", "sagemaker:ListContexts", "sagemaker:ListDataQualityJobDefinitions", "sagemaker:ListDeviceFleets", "sagemaker:ListDevices", "sagemaker:ListDomains", "sagemaker:ListEdgePackagingJobs", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListExperiments", "sagemaker:ListFeatureGroups", "sagemaker:ListFlowDefinitions", "sagemaker:ListHumanLoops", "sagemaker:ListHumanTaskUis", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListImageVersions", "sagemaker:ListImages", "sagemaker:ListInferenceRecommendationsJobs", "sagemaker:ListLabelingJobs", "sagemaker:ListLabelingJobsForWorkteam", "sagemaker:ListLineageGroups", "sagemaker:ListModelBiasJobDefinitions", "sagemaker:ListModelExplainabilityJobDefinitions", "sagemaker:ListModelMetadata", "sagemaker:ListModelPackageGroups", "sagemaker:ListModelPackages", "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringExecutions", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelineExecutionSteps", "sagemaker:ListPipelineExecutions", "sagemaker:ListPipelineParametersForExecution", "sagemaker:ListPipelines", "sagemaker:ListProcessingJobs", "sagemaker:ListProjects", "sagemaker:ListSubscribedWorkteams", "sagemaker:ListTags", "sagemaker:ListTrainingJobs", "sagemaker:ListTrainingJobsForHyperParameterTuningJob", "sagemaker:ListTransformJobs", "sagemaker:ListTrialComponents", "sagemaker:ListTrials", "sagemaker:ListUserProfiles", "sagemaker:ListWorkforces", "sagemaker:ListWorkteams", "sagemaker:PutLineageGroupPolicy", "sagemaker:PutModelPackageGroupPolicy", "sagemaker:PutRecord", "sagemaker:QueryLineage", "sagemaker:RegisterDevices", "sagemaker:RenderUiTemplate", "sagemaker:Search", "sagemaker:SendHeartbeat", "sagemaker:SendPipelineExecutionStepFailure", "sagemaker:SendPipelineExecutionStepSuccess", "sagemaker:StartHumanLoop", "sagemaker:StartMonitoringSchedule", "sagemaker:StartNotebookInstance", "sagemaker:StartPipelineExecution", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopEdgePackagingJob", "sagemaker:StopHumanLoop", "sagemaker:StopHyperParameterTuningJob", "sagemaker:StopInferenceRecommendationsJob", "sagemaker:StopLabelingJob", "sagemaker:StopMonitoringSchedule", "sagemaker:StopNotebookInstance", "sagemaker:StopPipelineExecution", "sagemaker:StopProcessingJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:UpdateAction", "sagemaker:UpdateAppImageConfig", "sagemaker:UpdateArtifact", "sagemaker:UpdateCodeRepository", "sagemaker:UpdateContext", "sagemaker:UpdateDeviceFleet", "sagemaker:UpdateDevices", "sagemaker:UpdateDomain", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateExperiment", "sagemaker:UpdateImage", "sagemaker:UpdateModelPackage", "sagemaker:UpdateMonitoringSchedule", "sagemaker:UpdateNotebookInstance", "sagemaker:UpdateNotebookInstanceLifecycleConfig", "sagemaker:UpdatePipeline", "sagemaker:UpdatePipelineExecution", "sagemaker:UpdateProject", "sagemaker:UpdateTrainingJob", "sagemaker:UpdateTrial", "sagemaker:UpdateTrialComponent", "sagemaker:UpdateUserProfile", "sagemaker:UpdateWorkforce", "sagemaker:UpdateWorkteam" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:action/*", "arn:aws:sagemaker:*:*:algorithm/*", "arn:aws:sagemaker:*:*:app-image-config/*", "arn:aws:sagemaker:*:*:artifact/*", "arn:aws:sagemaker:*:*:automl-job/*", "arn:aws:sagemaker:*:*:code-repository/*", "arn:aws:sagemaker:*:*:compilation-job/*", "arn:aws:sagemaker:*:*:context/*", "arn:aws:sagemaker:*:*:data-quality-job-definition/*", "arn:aws:sagemaker:*:*:device-fleet/*/device/*", "arn:aws:sagemaker:*:*:device-fleet/*", "arn:aws:sagemaker:*:*:edge-packaging-job/*", "arn:aws:sagemaker:*:*:endpoint/*", "arn:aws:sagemaker:*:*:endpoint-config/*", "arn:aws:sagemaker:*:*:experiment/*", "arn:aws:sagemaker:*:*:experiment-trial/*", "arn:aws:sagemaker:*:*:experiment-trial-component/*", "arn:aws:sagemaker:*:*:feature-group/*", "arn:aws:sagemaker:*:*:human-loop/*", "arn:aws:sagemaker:*:*:human-task-ui/*", "arn:aws:sagemaker:*:*:hyper-parameter-tuning-job/*", "arn:aws:sagemaker:*:*:image/*", "arn:aws:sagemaker:*:*:image-version/*/*", "arn:aws:sagemaker:*:*:inference-recommendations-job/*", "arn:aws:sagemaker:*:*:labeling-job/*", "arn:aws:sagemaker:*:*:model/*", "arn:aws:sagemaker:*:*:model-bias-job-definition/*", "arn:aws:sagemaker:*:*:model-explainability-job-definition/*", "arn:aws:sagemaker:*:*:model-package/*", "arn:aws:sagemaker:*:*:model-package-group/*", "arn:aws:sagemaker:*:*:model-quality-job-definition/*", "arn:aws:sagemaker:*:*:monitoring-schedule/*", "arn:aws:sagemaker:*:*:notebook-instance/*", "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/*", "arn:aws:sagemaker:*:*:pipeline/*", "arn:aws:sagemaker:*:*:pipeline/*/execution/*", "arn:aws:sagemaker:*:*:processing-job/*", "arn:aws:sagemaker:*:*:project/*", "arn:aws:sagemaker:*:*:training-job/*", "arn:aws:sagemaker:*:*:transform-job/*", "arn:aws:sagemaker:*:*:workforce/*", "arn:aws:sagemaker:*:*:workteam/*" ], "Sid":"AmazonSageMakerLambdaSageMakerPermission" }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole" ], "Sid":"AmazonSageMakerLambdaPassRolePermission" }, { "Action":[ "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DescribeResourcePolicies", "logs:DescribeDestinations", "logs:DescribeExportTasks", "logs:DescribeMetricFilters", "logs:DescribeQueries", "logs:DescribeQueryDefinitions", "logs:DescribeSubscriptionFilters", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda/*", "Sid":"AmazonSageMakerLambdaLogPermission" }, { "Action":[ "codebuild:StartBuild", "codebuild:BatchGetBuilds" ], "Condition":{ "StringLike":{ "aws:ResourceTag/sagemaker:project-name":"*" } }, "Effect":"Allow", "Resource":"arn:aws:codebuild:*:*:project/sagemaker-*", "Sid":"AmazonSageMakerLambdaCodeBuildPermission" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-11T18:57:13+00:00" }, "AmazonSageMakerTrainingPlanCreateAccess":{ "CreateDate":"2024-12-04T13:21:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sagemaker:CreateTrainingPlan", "sagemaker:CreateReservedCapacity" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:training-plan/*", "arn:aws:sagemaker:*:*:reserved-capacity/*" ], "Sid":"CreateTrainingPlanPermissions" }, { "Action":[ "sagemaker:AddTags" ], "Condition":{ "StringEquals":{ "sagemaker:TaggingAction":[ "CreateTrainingPlan", "CreateReservedCapacity" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:training-plan/*", "arn:aws:sagemaker:*:*:reserved-capacity/*" ], "Sid":"AggTagsToTrainingPlanPermissions" }, { "Action":"sagemaker:DescribeTrainingPlan", "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:training-plan/*" ], "Sid":"DescribeTrainingPlanPermissions" }, { "Action":[ "sagemaker:SearchTrainingPlanOfferings", "sagemaker:ListTrainingPlans" ], "Effect":"Allow", "Resource":"*", "Sid":"NonResourceLevelTrainingPlanPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-04T13:21:07+00:00" }, "AmazonSecurityLakeAdministrator":{ "CreateDate":"2023-05-30T22:04:10+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "securitylake:*", "organizations:DescribeOrganization", "organizations:ListDelegatedServicesForAccount", "organizations:ListAccounts", "iam:ListRoles", "ram:GetResourceShareAssociations" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowActionsWithAnyResource" }, { "Action":[ "glue:CreateCrawler", "glue:StopCrawlerSchedule", "lambda:CreateEventSourceMapping", "lakeformation:GrantPermissions", "lakeformation:ListPermissions", "lakeformation:RegisterResource", "lakeformation:RevokePermissions", "lakeformation:GetDatalakeSettings", "events:ListConnections", "events:ListApiDestinations", "iam:GetRole", "iam:ListAttachedRolePolicies", "kms:DescribeKey" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowActionsWithAnyResourceViaSecurityLake" }, { "Action":[ "s3:CreateBucket", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketNotification", "s3:PutBucketTagging", "s3:PutEncryptionConfiguration", "s3:PutBucketVersioning", "s3:PutReplicationConfiguration", "s3:PutLifecycleConfiguration", "s3:ListBucket", "s3:PutObject", "s3:GetBucketNotification" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::aws-security-data-lake*", "Sid":"AllowManagingSecurityLakeS3Buckets" }, { "Action":[ "lambda:CreateFunction" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*", "arn:aws:lambda:*:*:function:AmazonSecurityLake*" ], "Sid":"AllowLambdaCreateFunction" }, { "Action":[ "lambda:AddPermission" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" }, "StringEquals":{ "lambda:Principal":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*", "arn:aws:lambda:*:*:function:AmazonSecurityLake*" ], "Sid":"AllowLambdaAddPermission" }, { "Action":[ "glue:CreateDatabase", "glue:GetDatabase", "glue:CreateTable", "glue:GetTable" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/amazon_security_lake_glue_db*", "arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*" ], "Sid":"AllowGlueActions" }, { "Action":[ "events:PutTargets", "events:PutRule", "events:DescribeRule", "events:CreateApiDestination", "events:CreateConnection", "events:UpdateConnection", "events:UpdateApiDestination", "events:DeleteConnection", "events:DeleteApiDestination", "events:ListTargetsByRule", "events:RemoveTargets", "events:DeleteRule" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/AmazonSecurityLake*", "arn:aws:events:*:*:rule/SecurityLake*", "arn:aws:events:*:*:api-destination/AmazonSecurityLake*", "arn:aws:events:*:*:connection/AmazonSecurityLake*" ], "Sid":"AllowEventBridgeActions" }, { "Action":[ "sqs:CreateQueue", "sqs:SetQueueAttributes", "sqs:GetQueueURL", "sqs:AddPermission", "sqs:GetQueueAttributes", "sqs:DeleteQueue" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:SecurityLake*", "arn:aws:sqs:*:*:AmazonSecurityLake*" ], "Sid":"AllowSQSActions" }, { "Action":"kms:CreateGrant", "Condition":{ "ForAllValues:StringEquals":{ "kms:GrantOperations":[ "GenerateDataKey", "RetireGrant", "Decrypt" ] }, "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" }, "StringLike":{ "kms:EncryptionContext:aws:s3:arn":"arn:aws:s3:::aws-security-data-lake*" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*", "Sid":"AllowKmsCmkGrantForSecurityLake" }, { "Action":[ "ram:CreateResourceShare", "ram:AssociateResourceShare" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" }, "StringLikeIfExists":{ "ram:ResourceArn":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/amazon_security_lake_glue_db*", "arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowEnablingQueryBasedSubscribers" }, { "Action":[ "ram:UpdateResourceShare", "ram:GetResourceShares", "ram:DisassociateResourceShare", "ram:DeleteResourceShare" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" }, "StringLike":{ "ram:ResourceShareName":"LakeFormation*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowConfiguringQueryBasedSubscribers" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:events!connection/AmazonSecurityLake-*", "Sid":"AllowConfiguringCredentialsForSubscriberNotification" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"lambda.amazonaws.com" }, "StringLike":{ "iam:AssociatedResourceARN":"arn:aws:securitylake:*:*:data-lake/default" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSecurityLakeMetaStoreManager", "arn:aws:iam::*:role/service-role/AmazonSecurityLakeMetaStoreManagerV2" ], "Sid":"AllowPassRoleForUpdatingGluePartitionsSecLakeArn" }, { "Action":"iam:PassRole", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" }, "StringEquals":{ "iam:PassedToService":"lambda.amazonaws.com" }, "StringLike":{ "iam:AssociatedResourceARN":[ "arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*", "arn:aws:lambda:*:*:function:AmazonSecurityLake*" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AmazonSecurityLakeMetaStoreManager", "arn:aws:iam::*:role/service-role/AmazonSecurityLakeMetaStoreManagerV2" ], "Sid":"AllowPassRoleForUpdatingGluePartitionsLambdaArn" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"s3.amazonaws.com" }, "StringLike":{ "iam:AssociatedResourceARN":"arn:aws:securitylake:*:*:data-lake/default" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeS3ReplicationRole", "Sid":"AllowPassRoleForCrossRegionReplicationSecLakeArn" }, { "Action":"iam:PassRole", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" }, "StringEquals":{ "iam:PassedToService":"s3.amazonaws.com" }, "StringLike":{ "iam:AssociatedResourceARN":"arn:aws:s3:::aws-security-data-lake*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeS3ReplicationRole", "Sid":"AllowPassRoleForCrossRegionReplicationS3Arn" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"glue.amazonaws.com" }, "StringLike":{ "iam:AssociatedResourceARN":"arn:aws:securitylake:*:*:data-lake/default" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeCustomDataGlueCrawler*", "Sid":"AllowPassRoleForCustomSourceCrawlerSecLakeArn" }, { "Action":"iam:PassRole", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" }, "StringEquals":{ "iam:PassedToService":"glue.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeCustomDataGlueCrawler*", "Sid":"AllowPassRoleForCustomSourceCrawlerGlueArn" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"events.amazonaws.com" }, "StringLike":{ "iam:AssociatedResourceARN":"arn:aws:securitylake:*:*:subscriber/*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeSubscriberEventBridge", "Sid":"AllowPassRoleForSubscriberNotificationSecLakeArn" }, { "Action":"iam:PassRole", "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" }, "StringEquals":{ "iam:PassedToService":"events.amazonaws.com" }, "StringLike":{ "iam:AssociatedResourceARN":"arn:aws:events:*:*:rule/AmazonSecurityLake*" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeSubscriberEventBridge", "Sid":"AllowPassRoleForSubscriberNotificationEventsArn" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":[ "securitylake.amazonaws.com", "lakeformation.amazonaws.com", "apidestinations.events.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/securitylake.amazonaws.com/AWSServiceRoleForSecurityLake", "arn:aws:iam::*:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess", "arn:aws:iam::*:role/aws-service-role/apidestinations.events.amazonaws.com/AWSServiceRoleForAmazonEventBridgeApiDestinations" ], "Sid":"AllowOnboardingToSecurityLakeDependencies" }, { "Action":[ "iam:CreateRole", "iam:PutRolePolicy", "iam:DeleteRolePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" }, "StringEquals":{ "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/AmazonSecurityLakePermissionsBoundary" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AmazonSecurityLake*", "Sid":"AllowRolePolicyActionsforSubscibersandSources" }, { "Action":[ "iam:PutRolePolicy", "iam:GetRolePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess", "Sid":"AllowRegisterS3LocationInLakeFormation" }, { "Action":[ "iam:ListRolePolicies", "iam:DeleteRole" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AmazonSecurityLake*", "Sid":"AllowIAMActionsByResource" }, { "Action":[ "s3:Get*", "s3:List*" ], "Effect":"Allow", "Resource":"arn:aws:s3:::aws-security-data-lake-*", "Sid":"S3ReadAccessToSecurityLakes" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Effect":"Allow", "Resource":"arn:aws:s3:::security-lake-meta-store-manager-*", "Sid":"S3ReadAccessToSecurityLakeMetastoreObject" }, { "Action":[ "s3:GetAccountPublicAccessBlock", "s3:ListAccessPoints", "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*", "Sid":"S3ResourcelessReadOnly" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-23T16:01:57+00:00" }, "AmazonSecurityLakeMetastoreManager":{ "CreateDate":"2024-01-23T15:26:57+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:CreateLogGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/lambda/AmazonSecurityLake*", "arn:aws:logs:*:*:/aws/lambda/AmazonSecurityLake*" ], "Sid":"AllowWriteLambdaLogs" }, { "Action":[ "glue:CreatePartition", "glue:BatchCreatePartition", "glue:GetTable", "glue:UpdateTable" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*", "arn:aws:glue:*:*:database/amazon_security_lake_glue_db*", "arn:aws:glue:*:*:catalog" ], "Sid":"AllowGlueManage" }, { "Action":[ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:AmazonSecurityLake*" ], "Sid":"AllowToReadFromSqs" }, { "Action":[ "s3:ListBucket", "s3:PutObject", "s3:GetObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-security-data-lake*" ], "Sid":"AllowMetaDataReadWrite" }, { "Action":[ "s3:DeleteObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-security-data-lake*/metadata/*.avro", "arn:aws:s3:::aws-security-data-lake*/metadata/*.metadata.json" ], "Sid":"AllowMetaDataCleanup" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-01T20:04:24+00:00" }, "AmazonSecurityLakePermissionsBoundary":{ "CreateDate":"2022-11-29T14:11:12+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutObject", "s3:GetBucketLocation", "kms:Decrypt", "kms:GenerateDataKey", "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:DeleteMessage", "sqs:GetQueueUrl", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:ListQueues" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowActionsForSecurityLake" }, { "Effect":"Deny", "NotAction":[ "s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutObject", "s3:GetBucketLocation", "kms:Decrypt", "kms:GenerateDataKey", "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:DeleteMessage", "sqs:GetQueueUrl", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:ListQueues" ], "Resource":"*", "Sid":"DenyActionsForSecurityLake" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutObject", "s3:GetBucketLocation" ], "Effect":"Deny", "NotResource":[ "arn:aws:s3:::aws-security-data-lake*" ], "Sid":"DenyActionsNotOnSecurityLakeBucket" }, { "Action":[ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:DeleteMessage", "sqs:GetQueueUrl", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:ListQueues" ], "Effect":"Deny", "NotResource":"arn:aws:sqs:*:*:AmazonSecurityLake*", "Sid":"DenyActionsNotOnSecurityLakeSQS" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "StringNotLike":{ "kms:ViaService":[ "s3.*.amazonaws.com", "sqs.*.amazonaws.com" ] } }, "Effect":"Deny", "Resource":"*", "Sid":"DenyActionsNotOnSecurityLakeKMSS3SQS" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "Null":{ "kms:EncryptionContext:aws:s3:arn":"false" }, "StringNotLikeIfExists":{ "kms:EncryptionContext:aws:s3:arn":[ "arn:aws:s3:::aws-security-data-lake*" ] } }, "Effect":"Deny", "Resource":"*", "Sid":"DenyActionsNotOnSecurityLakeKMSForS3" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "Null":{ "kms:EncryptionContext:aws:sqs:arn":"false" }, "StringNotLikeIfExists":{ "kms:EncryptionContext:aws:sqs:arn":[ "arn:aws:sqs:*:*:AmazonSecurityLake*" ] } }, "Effect":"Deny", "Resource":"*", "Sid":"DenyActionsNotOnSecurityLakeKMSForS3SQS" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-14T20:39:20+00:00" }, "AmazonTextractFullAccess":{ "CreateDate":"2018-11-28T19:07:42+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "textract:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-28T19:07:42+00:00" }, "AmazonTextractServiceRole":{ "CreateDate":"2018-11-28T19:12:16+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:AmazonTextract*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-28T19:12:16+00:00" }, "AmazonTimestreamConsoleFullAccess":{ "CreateDate":"2020-09-30T21:47:18+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "timestream:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:DescribeKey", "kms:ListKeys", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":true }, "ForAnyValue:StringEquals":{ "kms:EncryptionContextKeys":"aws:timestream:database-name" }, "StringLike":{ "kms:ViaService":"timestream.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "dbqms:CreateFavoriteQuery", "dbqms:DescribeFavoriteQueries", "dbqms:UpdateFavoriteQuery", "dbqms:DeleteFavoriteQueries", "dbqms:GetQueryString", "dbqms:CreateQueryHistory", "dbqms:DescribeQueryHistory", "dbqms:UpdateQueryHistory", "dbqms:DeleteQueryHistory" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sns:ListTopics", "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-02-01T21:37:31+00:00" }, "AmazonTimestreamFullAccess":{ "CreateDate":"2020-09-30T21:47:14+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "timestream:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:DescribeKey" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":true }, "ForAnyValue:StringEquals":{ "kms:EncryptionContextKeys":"aws:timestream:database-name" }, "StringLike":{ "kms:ViaService":"timestream.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-26T23:42:00+00:00" }, "AmazonTimestreamInfluxDBFullAccess":{ "CreateDate":"2024-03-14T22:53:22+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "timestream-influxdb:CreateDbParameterGroup", "timestream-influxdb:GetDbParameterGroup", "timestream-influxdb:ListDbParameterGroups", "timestream-influxdb:CreateDbInstance", "timestream-influxdb:DeleteDbInstance", "timestream-influxdb:GetDbInstance", "timestream-influxdb:ListDbInstances", "timestream-influxdb:TagResource", "timestream-influxdb:UntagResource", "timestream-influxdb:ListTagsForResource", "timestream-influxdb:UpdateDbInstance", "timestream-influxdb:CreateDbCluster", "timestream-influxdb:GetDbCluster", "timestream-influxdb:UpdateDbCluster", "timestream-influxdb:DeleteDbCluster", "timestream-influxdb:ListDbClusters", "timestream-influxdb:ListDbInstancesForCluster" ], "Effect":"Allow", "Resource":[ "arn:aws:timestream-influxdb:*:*:*" ], "Sid":"TimestreamInfluxDBStatement" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"timestream-influxdb.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/timestream-influxdb.amazonaws.com/AWSServiceRoleForTimestreamInfluxDB", "Sid":"ServiceLinkedRoleStatement" }, { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"NetworkValidationStatement" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateEniInSubnetStatement" }, { "Action":[ "s3:ListBucket", "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*" ], "Sid":"BucketValidationStatement" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-17T20:37:06+00:00" }, "AmazonTimestreamInfluxDBServiceRolePolicy":{ "CreateDate":"2024-03-14T18:53:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeNetworkStatement" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateEniInSubnetStatement" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonTimestreamInfluxDBManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"CreateEniStatement" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonTimestreamInfluxDBManaged":"false" }, "StringEquals":{ "ec2:CreateAction":[ "CreateNetworkInterface" ] } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"CreateTagWithEniStatement" }, { "Action":[ "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonTimestreamInfluxDBManaged":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"ManageEniStatement" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/Timestream/InfluxDB", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"PutCloudWatchMetricsStatement" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:READONLY-InfluxDB-auth-parameters-*" ], "Sid":"ManageSecretStatement" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-03-14T18:53:21+00:00" }, "AmazonTimestreamReadOnlyAccess":{ "CreateDate":"2020-09-30T21:47:08+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "timestream:CancelQuery", "timestream:DescribeDatabase", "timestream:DescribeEndpoints", "timestream:DescribeTable", "timestream:ListDatabases", "timestream:ListMeasures", "timestream:ListTables", "timestream:ListTagsForResource", "timestream:Select", "timestream:SelectValues", "timestream:DescribeScheduledQuery", "timestream:ListScheduledQueries", "timestream:DescribeBatchLoadTask", "timestream:ListBatchLoadTasks", "timestream:DescribeAccountSettings" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonTimestreamReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-05T19:11:27+00:00" }, "AmazonTranscribeFullAccess":{ "CreateDate":"2018-04-04T16:06:16+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "transcribe:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*transcribe*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-04-04T16:06:16+00:00" }, "AmazonTranscribeReadOnlyAccess":{ "CreateDate":"2018-04-04T16:05:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "transcribe:Get*", "transcribe:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-04-04T16:05:06+00:00" }, "AmazonVPCCrossAccountNetworkInterfaceOperations":{ "CreateDate":"2017-07-18T20:47:16+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeRouteTables", "ec2:CreateRoute", "ec2:DeleteRoute", "ec2:ReplaceRoute" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfacePermissions", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeAvailabilityZones", "ec2:DescribeRegions", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:AssignIpv6Addresses", "ec2:UnassignIpv6Addresses" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-09-25T15:12:17+00:00" }, "AmazonVPCFullAccess":{ "CreateDate":"2015-02-06T18:41:16+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "ec2:AcceptVpcPeeringConnection", "ec2:AcceptVpcEndpointConnections", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateDhcpOptions", "ec2:AssociateRouteTable", "ec2:AssociateSecurityGroupVpc", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachClassicLinkVpc", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateCarrierGateway", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFlowLogs", "ec2:CreateInternetGateway", "ec2:CreateLocalGatewayRouteTableVpcAssociation", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointConnectionNotification", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpcPeeringConnection", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteCarrierGateway", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteEgressOnlyInternetGateway", "ec2:DeleteFlowLogs", "ec2:DeleteInternetGateway", "ec2:DeleteLocalGatewayRouteTableVpcAssociation", "ec2:DeleteNatGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpcEndpointConnectionNotifications", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcPeeringConnection", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCarrierGateways", "ec2:DescribeClassicLinkInstances", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeIpv6Pools", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeKeyPairs", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeSecurityGroupVpcAssociations", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DetachClassicLinkVpc", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachVpnGateway", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLink", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:DisassociateSecurityGroupVpc", "ec2:DisassociateSubnetCidrBlock", "ec2:DisassociateVpcCidrBlock", "ec2:EnableVgwRoutePropagation", "ec2:EnableVpcClassicLink", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:GetSecurityGroupsForVpc", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySecurityGroupRules", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointConnectionNotification", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ModifyVpcPeeringConnectionOptions", "ec2:ModifyVpcTenancy", "ec2:MoveAddressToVpc", "ec2:RejectVpcEndpointConnections", "ec2:RejectVpcPeeringConnection", "ec2:ReleaseAddress", "ec2:ReplaceNetworkAclAssociation", "ec2:ReplaceNetworkAclEntry", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:ResetNetworkInterfaceAttribute", "ec2:RestoreAddressToClassic", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:UnassignIpv6Addresses", "ec2:UnassignPrivateIpAddresses", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonVPCFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-09T17:21:07+00:00" }, "AmazonVPCNetworkAccessAnalyzerFullAccessPolicy":{ "CreateDate":"2023-06-15T22:56:58+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGatewayAssociations", "directconnect:DescribeDirectConnectGatewayAttachments", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeVirtualGateways", "directconnect:DescribeVirtualInterfaces" ], "Effect":"Allow", "Resource":"*", "Sid":"DirectconnectPermissions" }, { "Action":[ "ec2:CreateNetworkInsightsAccessScope", "ec2:DeleteNetworkInsightsAccessScope", "ec2:DeleteNetworkInsightsAccessScopeAnalysis", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeManagedPrefixLists", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInsightsAccessScopeAnalyses", "ec2:DescribeNetworkInsightsAccessScopes", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayConnects", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:SearchTransitGatewayRoutes", "ec2:StartNetworkInsightsAccessScopeAnalysis" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Permissions" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Effect":"Allow", "Resource":[ "arn:*:ec2:*:*:network-insights-access-scope/*", "arn:*:ec2:*:*:network-insights-access-scope-analysis/*" ], "Sid":"EC2TagsPermissions" }, { "Action":[ "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth" ], "Effect":"Allow", "Resource":"*", "Sid":"ElasticloadbalancingPermissions" }, { "Action":[ "globalaccelerator:ListAccelerators", "globalaccelerator:ListCustomRoutingAccelerators", "globalaccelerator:ListCustomRoutingEndpointGroups", "globalaccelerator:ListCustomRoutingListeners", "globalaccelerator:ListCustomRoutingPortMappings", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners" ], "Effect":"Allow", "Resource":"*", "Sid":"GlobalacceleratorPermissions" }, { "Action":[ "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"NetworkFirewallPermissions" }, { "Action":[ "resource-groups:ListGroupResources" ], "Effect":"Allow", "Resource":"*", "Sid":"ResourceGroupsPermissions" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"TagsPermissions" }, { "Action":[ "tiros:CreateQuery", "tiros:GetQueryAnswer" ], "Effect":"Allow", "Resource":"*", "Sid":"TirosPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-15T21:40:54+00:00" }, "AmazonVPCReachabilityAnalyzerFullAccessPolicy":{ "CreateDate":"2023-06-14T20:12:17+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGatewayAssociations", "directconnect:DescribeDirectConnectGatewayAttachments", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeVirtualGateways", "directconnect:DescribeVirtualInterfaces" ], "Effect":"Allow", "Resource":"*", "Sid":"DirectconnectPermissions" }, { "Action":[ "ec2:CreateNetworkInsightsPath", "ec2:DeleteNetworkInsightsAnalysis", "ec2:DeleteNetworkInsightsPath", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeManagedPrefixLists", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInsightsAnalyses", "ec2:DescribeNetworkInsightsPaths", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayConnects", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetManagedPrefixListEntries", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:SearchTransitGatewayRoutes", "ec2:StartNetworkInsightsAnalysis" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2Permissions" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Effect":"Allow", "Resource":[ "arn:*:ec2:*:*:network-insights-path/*", "arn:*:ec2:*:*:network-insights-analysis/*" ], "Sid":"EC2TagsPermissions" }, { "Action":[ "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth" ], "Effect":"Allow", "Resource":"*", "Sid":"ElasticloadbalancingPermissions" }, { "Action":[ "globalaccelerator:ListAccelerators", "globalaccelerator:ListCustomRoutingAccelerators", "globalaccelerator:ListCustomRoutingEndpointGroups", "globalaccelerator:ListCustomRoutingListeners", "globalaccelerator:ListCustomRoutingPortMappings", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners" ], "Effect":"Allow", "Resource":"*", "Sid":"GlobalacceleratorPermissions" }, { "Action":[ "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"NetworkFirewallPermissions" }, { "Action":[ "tiros:CreateQuery", "tiros:ExtendQuery", "tiros:GetQueryAnswer", "tiros:GetQueryExplanation", "tiros:GetQueryExtensionAccounts" ], "Effect":"Allow", "Resource":"*", "Sid":"TirosPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-15T20:47:28+00:00" }, "AmazonVPCReachabilityAnalyzerPathComponentReadPolicy":{ "CreateDate":"2023-05-01T20:38:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "network-firewall:Describe*", "network-firewall:List*" ], "Effect":"Allow", "Resource":"*", "Sid":"NetworkFirewallPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-05-01T20:38:22+00:00" }, "AmazonVPCReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:17+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeCarrierGateways", "ec2:DescribeClassicLinkInstances", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeSecurityGroupVpcAssociations", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetSecurityGroupsForVpc" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonVPCReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-09T15:06:07+00:00" }, "AmazonVerifiedPermissionsFullAccess":{ "CreateDate":"2024-10-11T18:19:31+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "verifiedpermissions:CreatePolicyStore", "verifiedpermissions:ListPolicyStores" ], "Effect":"Allow", "Resource":"*", "Sid":"AccountLevelPermissions" }, { "Action":[ "verifiedpermissions:*" ], "Effect":"Allow", "Resource":[ "arn:aws:verifiedpermissions::*:policy-store/*" ], "Sid":"PolicyStoreLevelPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-11T18:19:31+00:00" }, "AmazonVerifiedPermissionsReadOnlyAccess":{ "CreateDate":"2024-10-11T18:25:51+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "verifiedpermissions:ListPolicyStores" ], "Effect":"Allow", "Resource":"*", "Sid":"AccountLevelPermissions" }, { "Action":[ "verifiedpermissions:GetIdentitySource", "verifiedpermissions:GetPolicy", "verifiedpermissions:GetPolicyStore", "verifiedpermissions:GetPolicyTemplate", "verifiedpermissions:GetSchema", "verifiedpermissions:IsAuthorized", "verifiedpermissions:IsAuthorizedWithToken", "verifiedpermissions:ListIdentitySources", "verifiedpermissions:ListPolicies", "verifiedpermissions:ListPolicyTemplates" ], "Effect":"Allow", "Resource":[ "arn:aws:verifiedpermissions::*:policy-store/*" ], "Sid":"PolicyStoreLevelPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-11T18:25:51+00:00" }, "AmazonWorkDocsFullAccess":{ "CreateDate":"2020-04-16T23:05:11+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "workdocs:*", "ds:DescribeDirectories", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-04-16T23:05:11+00:00" }, "AmazonWorkDocsReadOnlyAccess":{ "CreateDate":"2020-01-08T23:49:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "workdocs:Describe*", "ds:DescribeDirectories", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-01-08T23:49:59+00:00" }, "AmazonWorkMailEventsServiceRolePolicy":{ "CreateDate":"2019-04-16T16:52:43+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-04-16T16:52:43+00:00" }, "AmazonWorkMailFullAccess":{ "CreateDate":"2015-02-06T18:40:41+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "ds:AuthorizeApplication", "ds:CheckAlias", "ds:CreateAlias", "ds:CreateDirectory", "ds:CreateIdentityPoolDirectory", "ds:DeleteDirectory", "ds:DescribeDirectories", "ds:GetDirectoryLimits", "ds:ListAuthorizedApplications", "ds:UnauthorizeApplication", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:DeleteVpc", "ec2:DescribeAvailabilityZones", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "kms:DescribeKey", "kms:ListAliases", "lambda:ListFunctions", "route53:ChangeResourceRecordSets", "route53:ListHostedZones", "route53:ListResourceRecordSets", "route53:GetHostedZone", "route53domains:CheckDomainAvailability", "route53domains:ListDomains", "ses:*", "workmail:*", "iam:ListRoles", "logs:DescribeLogGroups", "logs:CreateLogGroup", "logs:PutRetentionPolicy", "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"events.workmail.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/events.workmail.amazonaws.com/AWSServiceRoleForAmazonWorkMailEvents*" }, { "Action":"iam:PassRole", "Condition":{ "StringLike":{ "iam:PassedToService":"events.workmail.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*workmail*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-21T14:13:40+00:00" }, "AmazonWorkMailMessageFlowFullAccess":{ "CreateDate":"2021-02-11T11:08:35+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "workmailmessageflow:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-11T11:08:35+00:00" }, "AmazonWorkMailMessageFlowReadOnlyAccess":{ "CreateDate":"2021-01-28T12:40:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "workmailmessageflow:Get*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-01-28T12:40:08+00:00" }, "AmazonWorkMailReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:42+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ses:Describe*", "ses:Get*", "workmail:Describe*", "workmail:Get*", "workmail:List*", "workmail:Search*", "lambda:ListFunctions", "iam:ListRoles", "logs:DescribeLogGroups", "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-07-25T08:24:50+00:00" }, "AmazonWorkSpacesAdmin":{ "CreateDate":"2015-09-22T22:21:15+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys", "workspaces:CreateTags", "workspaces:CreateWorkspaceImage", "workspaces:CreateWorkspaces", "workspaces:CreateWorkspacesPool", "workspaces:CreateStandbyWorkspaces", "workspaces:DeleteTags", "workspaces:DeregisterWorkspaceDirectory", "workspaces:DescribeTags", "workspaces:DescribeWorkspaceBundles", "workspaces:DescribeWorkspaceDirectories", "workspaces:DescribeWorkspaces", "workspaces:DescribeWorkspacesPools", "workspaces:DescribeWorkspacesPoolSessions", "workspaces:DescribeWorkspacesConnectionStatus", "workspaces:ModifyCertificateBasedAuthProperties", "workspaces:ModifySamlProperties", "workspaces:ModifyStreamingProperties", "workspaces:ModifyWorkspaceCreationProperties", "workspaces:ModifyWorkspaceProperties", "workspaces:RebootWorkspaces", "workspaces:RebuildWorkspaces", "workspaces:RegisterWorkspaceDirectory", "workspaces:RestoreWorkspace", "workspaces:StartWorkspaces", "workspaces:StartWorkspacesPool", "workspaces:StopWorkspaces", "workspaces:StopWorkspacesPool", "workspaces:TerminateWorkspaces", "workspaces:TerminateWorkspacesPool", "workspaces:TerminateWorkspacesPoolSession", "workspaces:UpdateWorkspacesPool" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonWorkSpacesAdmin" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-27T17:16:27+00:00" }, "AmazonWorkSpacesApplicationManagerAdminAccess":{ "CreateDate":"2015-04-09T14:03:18+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"wam:AuthenticatePackager", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-04-09T14:03:18+00:00" }, "AmazonWorkSpacesPoolServiceAccess":{ "CreateDate":"2024-06-27T16:21:03+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeRouteTables", "s3:ListAllMyBuckets" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"ProvisioningWorkSpacesPoolPermissions" }, { "Action":[ "s3:CreateBucket", "s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetObjectVersion", "s3:DeleteObjectVersion", "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:PutEncryptionConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::wspool-logs-*", "arn:aws:s3:::wspool-app-settings-*", "arn:aws:s3:::wspool-home-folder-*" ], "Sid":"WorkSpacesPoolS3Permissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-27T16:21:03+00:00" }, "AmazonWorkSpacesSecureBrowserReadOnly":{ "CreateDate":"2024-06-24T20:01:09+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "workspaces-web:GetBrowserSettings", "workspaces-web:GetIdentityProvider", "workspaces-web:GetNetworkSettings", "workspaces-web:GetPortal", "workspaces-web:GetPortalServiceProviderMetadata", "workspaces-web:GetTrustStore", "workspaces-web:GetTrustStoreCertificate", "workspaces-web:GetUserSettings", "workspaces-web:GetUserAccessLoggingSettings", "workspaces-web:GetIpAccessSettings", "workspaces-web:ListBrowserSettings", "workspaces-web:ListIdentityProviders", "workspaces-web:ListNetworkSettings", "workspaces-web:ListPortals", "workspaces-web:ListTagsForResource", "workspaces-web:ListTrustStoreCertificates", "workspaces-web:ListTrustStores", "workspaces-web:ListUserSettings", "workspaces-web:ListUserAccessLoggingSettings", "workspaces-web:ListIpAccessSettings" ], "Effect":"Allow", "Resource":"arn:aws:workspaces-web:*:*:*", "Sid":"WorkSpacesSecureBrowser" }, { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "kinesis:ListStreams" ], "Effect":"Allow", "Resource":"*", "Sid":"Dependencies" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-24T20:01:09+00:00" }, "AmazonWorkSpacesSelfServiceAccess":{ "CreateDate":"2019-06-27T19:22:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "workspaces:RebootWorkspaces", "workspaces:RebuildWorkspaces", "workspaces:ModifyWorkspaceProperties" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-27T19:22:52+00:00" }, "AmazonWorkSpacesServiceAccess":{ "CreateDate":"2019-06-27T19:19:09+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-03-18T23:32:10+00:00" }, "AmazonWorkSpacesThinClientFullAccess":{ "CreateDate":"2024-08-09T07:25:24+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "thinclient:*" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowThinClientFullAccess" }, { "Action":[ "workspaces:DescribeConnectionAliases", "workspaces:DescribeWorkspaceDirectories" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowWorkSpacesAccess" }, { "Action":[ "workspaces-web:GetPortal", "workspaces-web:GetUserSettings", "workspaces-web:ListPortals" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowWorkSpacesSecureBrowserAccess" }, { "Action":[ "appstream:DescribeStacks" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAppStreamAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-09T16:52:06+00:00" }, "AmazonWorkSpacesThinClientReadOnlyAccess":{ "CreateDate":"2024-07-19T08:50:52+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "thinclient:GetDevice", "thinclient:GetDeviceDetails", "thinclient:GetEnvironment", "thinclient:GetSoftwareSet", "thinclient:ListDevices", "thinclient:ListDeviceSessions", "thinclient:ListEnvironments", "thinclient:ListSoftwareSets", "thinclient:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowThinClientReadAccess" }, { "Action":[ "workspaces:DescribeConnectionAliases", "workspaces:DescribeWorkspaceDirectories" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowWorkSpacesAccess" }, { "Action":[ "workspaces-web:GetPortal", "workspaces-web:GetUserSettings", "workspaces-web:ListPortals" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowWorkSpacesSecureBrowserAccess" }, { "Action":[ "appstream:DescribeStacks" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowAppStreamAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-09T16:52:05+00:00" }, "AmazonWorkSpacesWebReadOnly":{ "CreateDate":"2021-11-30T14:20:36+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "workspaces-web:GetBrowserSettings", "workspaces-web:GetIdentityProvider", "workspaces-web:GetNetworkSettings", "workspaces-web:GetPortal", "workspaces-web:GetPortalServiceProviderMetadata", "workspaces-web:GetTrustStore", "workspaces-web:GetTrustStoreCertificate", "workspaces-web:GetUserSettings", "workspaces-web:GetUserAccessLoggingSettings", "workspaces-web:ListBrowserSettings", "workspaces-web:ListIdentityProviders", "workspaces-web:ListNetworkSettings", "workspaces-web:ListPortals", "workspaces-web:ListTagsForResource", "workspaces-web:ListTrustStoreCertificates", "workspaces-web:ListTrustStores", "workspaces-web:ListUserSettings", "workspaces-web:ListUserAccessLoggingSettings" ], "Effect":"Allow", "Resource":"arn:aws:workspaces-web:*:*:*" }, { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "kinesis:ListStreams" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-02T20:20:44+00:00" }, "AmazonWorkSpacesWebServiceRolePolicy":{ "CreateDate":"2021-11-30T13:15:53+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:RequestTag/WorkSpacesWebManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "WorkSpacesWebManaged" ] }, "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:DeleteNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/WorkSpacesWebManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ "AWS/WorkSpacesWeb", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesis:PutRecord", "kinesis:PutRecords", "kinesis:DescribeStreamSummary" ], "Effect":"Allow", "Resource":"arn:aws:kinesis:*:*:stream/amazon-workspaces-web-*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-15T22:46:33+00:00" }, "AmazonWorkspacesPCAAccess":{ "CreateDate":"2022-11-08T00:25:55+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "acm-pca:IssueCertificate", "acm-pca:GetCertificate", "acm-pca:DescribeCertificateAuthority" ], "Condition":{ "StringLike":{ "aws:ResourceTag/euc-private-ca":"*" } }, "Effect":"Allow", "Resource":"arn:*:acm-pca:*:*:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-08T00:25:55+00:00" }, "AmazonZocaloFullAccess":{ "CreateDate":"2015-02-06T18:41:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "zocalo:*", "ds:*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:13+00:00" }, "AmazonZocaloReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "zocalo:Describe*", "ds:DescribeDirectories", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:14+00:00" }, "AmplifyBackendDeployFullAccess":{ "CreateDate":"2023-10-06T21:32:59+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudformation:GetTemplateSummary", "cloudformation:DeleteStack" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/amplify-*", "arn:aws:cloudformation:*:*:stack/CDKToolkit/*" ], "Sid":"CDKPreDeploy" }, { "Action":[ "amplify:ListApps", "cloudformation:ListStacks", "ssm:DescribeParameters", "appsync:GetIntrospectionSchema", "amplify:GetBackendEnvironment" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmplifyMetadata" }, { "Action":[ "appsync:GetSchemaCreationStatus", "appsync:StartSchemaCreation", "appsync:UpdateResolver", "appsync:ListFunctions", "appsync:UpdateFunction", "appsync:UpdateApiKey" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmplifyHotSwappableResources" }, { "Action":[ "lambda:InvokeFunction", "lambda:UpdateFunctionCode", "lambda:GetFunction", "lambda:UpdateFunctionConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:amplify-*" ], "Sid":"AmplifyHotSwappableFunctionResource" }, { "Action":[ "lambda:ListTags" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:amplify-*" ], "Sid":"AmplifySandboxLambdaLogsStreamingListTags" }, { "Action":[ "logs:FilterLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/lambda/amplify-*:*", "arn:aws:logs:*:*:log-group:amplify-*:*" ], "Sid":"AmplifySandboxLambdaLogsStreamingFilterLogEvents" }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*amplify*", "arn:aws:s3:::cdk-*-assets-*-*" ], "Sid":"AmplifySchema" }, { "Action":[ "sts:AssumeRole" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/cdk-*-deploy-role-*-*", "arn:aws:iam::*:role/cdk-*-file-publishing-role-*-*", "arn:aws:iam::*:role/cdk-*-image-publishing-role-*-*", "arn:aws:iam::*:role/cdk-*-lookup-role-*-*" ], "Sid":"CDKDeploy" }, { "Action":[ "ssm:GetParametersByPath", "ssm:GetParameters", "ssm:GetParameter" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:parameter/amplify/*", "arn:aws:ssm:*:*:parameter/cdk-bootstrap/*" ], "Sid":"AmplifySSM" }, { "Action":[ "ssm:PutParameter", "ssm:DeleteParameter", "ssm:DeleteParameters" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/amplify/*", "Sid":"AmplifyModifySSMParam" }, { "Action":[ "rds:DescribeDBProxies", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "ec2:DescribeSubnets", "rds:DescribeDBSubnetGroups" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:db:*", "arn:aws:rds:*:*:cluster:*", "arn:aws:rds:*:*:db-proxy:*", "arn:aws:rds:*:*:subgrp:*", "arn:aws:ec2:*:*:subnet/*" ], "Sid":"AmplifyDiscoverRDSVpcConfig" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-14T19:09:39+00:00" }, "AppIntegrationsServiceLinkedRolePolicy":{ "CreateDate":"2022-09-30T19:42:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/AppIntegrations" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "appflow:DescribeConnectorEntity", "appflow:ListConnectorEntities" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "appflow:DescribeConnectorProfiles", "appflow:UseConnectorProfile" ], "Effect":"Allow", "Resource":"arn:aws:appflow:*:*:connector-profile/*" }, { "Action":[ "appflow:DeleteFlow", "appflow:DescribeFlow", "appflow:DescribeFlowExecutionRecords", "appflow:StartFlow", "appflow:StopFlow", "appflow:UpdateFlow" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AppIntegrationsManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:appflow:*:*:flow/FlowCreatedByAppIntegrations-*" }, { "Action":[ "appflow:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AppIntegrationsManaged" ] } }, "Effect":"Allow", "Resource":"arn:aws:appflow:*:*:flow/FlowCreatedByAppIntegrations-*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-09-30T19:42:56+00:00" }, "AppRunnerNetworkingServiceRolePolicy":{ "CreateDate":"2022-01-12T21:02:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateNetworkInterface", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AWSAppRunnerManaged" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" }, "StringLike":{ "aws:RequestTag/AWSAppRunnerManaged":"*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":"ec2:DeleteNetworkInterface", "Condition":{ "Null":{ "ec2:ResourceTag/AWSAppRunnerManaged":"false" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-01-12T21:02:40+00:00" }, "AppRunnerServiceRolePolicy":{ "CreateDate":"2021-05-14T19:15:04+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/apprunner/*" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/apprunner/*:log-stream:*" ] }, { "Action":[ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets", "events:DescribeRule", "events:EnableRule", "events:DisableRule" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/AWSAppRunnerManagedRule*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-05-14T19:15:04+00:00" }, "AppStudioServiceRolePolicy":{ "CreateDate":"2024-07-10T05:01:15+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/appstudio/*" ], "Sid":"AppStudioResourcePermissionsForCloudWatch" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:UpdateSecret", "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "IsAppStudioSecret" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/IsAppStudioSecret":"true" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:appstudio-*", "Sid":"AppStudioResourcePermissionsForSecretsManager" }, { "Action":[ "secretsmanager:DeleteSecret", "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:UpdateSecret" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"appstudio" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:appstudio!*", "Sid":"AppStudioResourcePermissionsForManagedSecrets" }, { "Action":[ "secretsmanager:CreateSecret" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:appstudio!*", "Sid":"AppStudioResourceWritePermissionsForManagedSecrets" }, { "Action":[ "sso:GetManagedApplicationInstance", "sso-directory:DescribeUsers", "sso-directory:ListMembersInGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AppStudioResourcePermissionsForSSO" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-13T20:37:07+00:00" }, "ApplicationAutoScalingForAmazonAppStreamAccess":{ "CreateDate":"2017-02-06T21:39:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "appstream:UpdateFleet", "appstream:DescribeFleets" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-02-06T21:39:56+00:00" }, "ApplicationDiscoveryServiceContinuousExportServiceRolePolicy":{ "CreateDate":"2018-08-09T20:22:01+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "glue:CreateDatabase", "glue:UpdateDatabase", "glue:CreateTable", "glue:UpdateTable", "firehose:CreateDeliveryStream", "firehose:DescribeDeliveryStream", "logs:CreateLogGroup" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "firehose:DeleteDeliveryStream", "firehose:PutRecord", "firehose:PutRecordBatch", "firehose:UpdateDestination" ], "Effect":"Allow", "Resource":"arn:aws:firehose:*:*:deliverystream/aws-application-discovery-service*" }, { "Action":[ "s3:CreateBucket", "s3:ListBucket", "s3:PutBucketLogging", "s3:PutEncryptionConfiguration" ], "Effect":"Allow", "Resource":"arn:aws:s3:::aws-application-discovery-service*" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::aws-application-discovery-service*/*" }, { "Action":[ "logs:CreateLogStream", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":"firehose.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWSApplicationDiscoveryServiceFirehose" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":"firehose.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/service-role/AWSApplicationDiscoveryServiceFirehose" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-08-13T22:31:21+00:00" }, "AuroraDsqlServiceLinkedRolePolicy":{ "CreateDate":"2024-12-03T15:06:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "cloudwatch:namespace":"AWS/AuroraDSQL" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-03T15:06:07+00:00" }, "AutoScalingConsoleFullAccess":{ "CreateDate":"2017-01-12T19:43:16+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateKeyPair", "ec2:CreateSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribePlacementGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcClassicLink", "ec2:ImportKeyPair" ], "Effect":"Allow", "Resource":"*" }, { "Action":"elasticloadbalancing:Describe*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "cloudwatch:Describe*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"autoscaling:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "sns:ListSubscriptions", "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:ListRoles", "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-02-06T23:15:36+00:00" }, "AutoScalingConsoleReadOnlyAccess":{ "CreateDate":"2017-01-12T19:48:53+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeVpcClassicLink", "ec2:DescribeAvailabilityZones", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*" }, { "Action":"elasticloadbalancing:Describe*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:Describe*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"autoscaling:Describe*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "sns:ListSubscriptions", "sns:ListTopics" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-01-12T19:48:53+00:00" }, "AutoScalingFullAccess":{ "CreateDate":"2017-01-12T19:31:58+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"autoscaling:*", "Effect":"Allow", "Resource":"*" }, { "Action":"cloudwatch:PutMetricAlarm", "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribePlacementGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSubnets", "ec2:DescribeVpcClassicLink" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-02-06T21:59:13+00:00" }, "AutoScalingNotificationAccessRole":{ "CreateDate":"2015-02-06T18:41:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sqs:SendMessage", "sqs:GetQueueUrl", "sns:Publish" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:22+00:00" }, "AutoScalingReadOnlyAccess":{ "CreateDate":"2017-01-12T19:39:35+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"autoscaling:Describe*", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-01-12T19:39:35+00:00" }, "AutoScalingServiceRolePolicy":{ "CreateDate":"2018-01-08T23:10:55+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "ec2:AttachClassicLinkVpc", "ec2:CancelSpotInstanceRequests", "ec2:CreateFleet", "ec2:CreateTags", "ec2:DeleteTags", "ec2:Describe*", "ec2:DetachClassicLinkVpc", "ec2:GetInstanceTypesFromInstanceRequirements", "ec2:GetSecurityGroupsForVpc", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2InstanceManagement" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":"ec2.amazonaws.com*" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2InstanceProfileManagement" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"spot.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"EC2SpotManagement" }, { "Action":[ "elasticloadbalancing:Register*", "elasticloadbalancing:Deregister*", "elasticloadbalancing:Describe*" ], "Effect":"Allow", "Resource":"*", "Sid":"ELBManagement" }, { "Action":[ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", "Resource":"*", "Sid":"CWManagement" }, { "Action":[ "sns:Publish" ], "Effect":"Allow", "Resource":"*", "Sid":"SNSManagement" }, { "Action":[ "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:DeleteRule", "events:DescribeRule" ], "Condition":{ "StringEquals":{ "events:ManagedBy":"autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"EventBridgeRuleManagement" }, { "Action":[ "ssm:GetParameters" ], "Effect":"Allow", "Resource":"*", "Sid":"SystemsManagerParameterManagement" }, { "Action":[ "vpc-lattice:DeregisterTargets", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListTargets", "vpc-lattice:ListTargetGroups", "vpc-lattice:RegisterTargets" ], "Effect":"Allow", "Resource":"*", "Sid":"VpcLatticeManagement" }, { "Action":[ "resource-groups:ListGroupResources" ], "Effect":"Allow", "Resource":"arn:*:resource-groups:*:*:group/*", "Sid":"ResourceGroupsManagement" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T17:10:25+00:00" }, "AwsGlueDataBrewFullAccessPolicy":{ "CreateDate":"2020-11-11T16:51:39+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "databrew:CreateDataset", "databrew:DescribeDataset", "databrew:ListDatasets", "databrew:UpdateDataset", "databrew:DeleteDataset", "databrew:CreateProject", "databrew:DescribeProject", "databrew:ListProjects", "databrew:StartProjectSession", "databrew:SendProjectSessionAction", "databrew:UpdateProject", "databrew:DeleteProject", "databrew:CreateRecipe", "databrew:DescribeRecipe", "databrew:ListRecipes", "databrew:ListRecipeVersions", "databrew:PublishRecipe", "databrew:UpdateRecipe", "databrew:BatchDeleteRecipeVersion", "databrew:DeleteRecipeVersion", "databrew:CreateRecipeJob", "databrew:CreateProfileJob", "databrew:DescribeJob", "databrew:DescribeJobRun", "databrew:ListJobRuns", "databrew:ListJobs", "databrew:StartJobRun", "databrew:StopJobRun", "databrew:UpdateProfileJob", "databrew:UpdateRecipeJob", "databrew:DeleteJob", "databrew:CreateSchedule", "databrew:DescribeSchedule", "databrew:ListSchedules", "databrew:UpdateSchedule", "databrew:DeleteSchedule", "databrew:CreateRuleset", "databrew:DeleteRuleset", "databrew:DescribeRuleset", "databrew:ListRulesets", "databrew:UpdateRuleset", "databrew:ListTagsForResource", "databrew:TagResource", "databrew:UntagResource" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "appflow:DescribeFlow", "appflow:DescribeFlowExecutionRecords", "appflow:ListFlows", "glue:GetConnection", "glue:GetConnections", "glue:GetDatabases", "glue:GetPartitions", "glue:GetTable", "glue:GetTables", "glue:GetDataCatalogEncryptionSettings", "dataexchange:ListDataSets", "dataexchange:ListDataSetRevisions", "dataexchange:ListRevisionAssets", "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:GetJob", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "kms:DescribeKey", "kms:ListKeys", "kms:ListAliases", "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "redshift-data:DescribeStatement", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables", "s3:ListAllMyBuckets", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "secretsmanager:ListSecrets", "secretsmanager:DescribeSecret", "sts:GetCallerIdentity", "cloudtrail:LookupEvents", "iam:ListRoles", "iam:GetRole" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "glue:CreateConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:connection/AwsGlueDataBrew-*" ] }, { "Action":[ "glue:GetDatabases" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ] }, { "Action":[ "glue:CreateTable" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:table/*/awsgluedatabrew*" ] }, { "Action":[ "s3:ListBucket", "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::databrew-public-datasets-*" ] }, { "Action":[ "kms:GenerateDataKey" ], "Condition":{ "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "secretsmanager:CreateSecret" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AwsGlueDataBrew-*" }, { "Action":[ "kms:GenerateRandom" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "databrew.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:databrew!default-*" }, { "Action":[ "secretsmanager:CreateSecret" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "databrew.amazonaws.com" ] }, "StringLike":{ "secretsmanager:Name":"databrew!default" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:databrew!default-*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "databrew.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-02-04T18:28:33+00:00" }, "AwsGlueSessionUserRestrictedNotebookPolicy":{ "CreateDate":"2022-04-18T15:24:56+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "glue:CreateSession" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "owner" ] }, "StringEquals":{ "aws:RequestTag/owner":"${aws:PrincipalTag/owner}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" ], "Sid":"NotebokAllowActions0" }, { "Action":[ "glue:TagResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/owner":"${aws:PrincipalTag/owner}", "aws:ResourceTag/owner":"${aws:PrincipalTag/owner}" } }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:session/*", "Sid":"AllowGlueTaggingAction" }, { "Action":[ "glue:StartCompletion", "glue:GetCompletion" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:completion/*" ], "Sid":"NotebookAllowActions1" }, { "Action":[ "glue:RunStatement", "glue:GetStatement", "glue:ListStatements", "glue:CancelStatement", "glue:StopSession", "glue:DeleteSession", "glue:GetSession" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/owner":"${aws:PrincipalTag/owner}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" ], "Sid":"NotebookAllowActions2" }, { "Action":[ "glue:ListSessions" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"NotebookAllowActions3" }, { "Action":[ "glue:UntagResource", "tag:TagResources", "tag:UntagResources" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "owner" ] } }, "Effect":"Deny", "Resource":[ "arn:aws:glue:*:*:session/*" ], "Sid":"NotebookDenyActions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "glue.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AwsGlueSessionServiceRoleUserRestrictedForNotebook*", "arn:aws:iam::*:role/AwsGlueSessionUserRestrictedNotebookServiceRole*" ], "Sid":"NotebookPassRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-15T20:51:03+00:00" }, "AwsGlueSessionUserRestrictedNotebookServiceRole":{ "CreateDate":"2022-04-18T15:27:11+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"glue:*", "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:tableVersion/*", "arn:aws:glue:*:*:connection/*", "arn:aws:glue:*:*:userDefinedFunction/*", "arn:aws:glue:*:*:devEndpoint/*", "arn:aws:glue:*:*:job/*", "arn:aws:glue:*:*:trigger/*", "arn:aws:glue:*:*:crawler/*", "arn:aws:glue:*:*:workflow/*", "arn:aws:glue:*:*:mlTransform/*", "arn:aws:glue:*:*:registry/*", "arn:aws:glue:*:*:schema/*" ] }, { "Action":[ "glue:CreateSession" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "owner" ] }, "StringEquals":{ "aws:RequestTag/owner":"${aws:PrincipalTag/owner}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" ] }, { "Action":[ "glue:TagResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/owner":"${aws:PrincipalTag/owner}", "aws:ResourceTag/owner":"${aws:PrincipalTag/owner}" } }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:session/*", "Sid":"AllowGlueTaggingAction" }, { "Action":[ "glue:RunStatement", "glue:GetStatement", "glue:ListStatements", "glue:CancelStatement", "glue:StopSession", "glue:DeleteSession", "glue:GetSession" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/owner":"${aws:PrincipalTag/owner}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" ] }, { "Action":[ "glue:ListSessions" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "glue:UntagResource", "tag:TagResources", "tag:UntagResources" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "owner" ] } }, "Effect":"Deny", "Resource":[ "arn:aws:glue:*:*:session/*" ] }, { "Action":[ "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*" ] }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*/*", "arn:aws:s3:::*/*aws-glue-*/*" ] }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::crawler-public*" ] }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:/aws-glue/*" ] }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws-glue-service-resource" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-15T20:51:58+00:00" }, "AwsGlueSessionUserRestrictedPolicy":{ "CreateDate":"2022-04-14T21:31:01+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "glue:CreateSession" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "owner" ] }, "StringEquals":{ "aws:RequestTag/owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" ], "Sid":"AllowSessionActions" }, { "Action":[ "glue:TagResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/owner":"${aws:userid}", "aws:ResourceTag/owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:session/*", "Sid":"AllowGlueTaggingAction" }, { "Action":[ "glue:StartCompletion", "glue:GetCompletion" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:completion/*" ], "Sid":"AllowCompletionActions" }, { "Action":[ "glue:RunStatement", "glue:GetStatement", "glue:ListStatements", "glue:CancelStatement", "glue:StopSession", "glue:DeleteSession", "glue:GetSession" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" ], "Sid":"AllowGlueActions" }, { "Action":[ "glue:ListSessions" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowListSessions" }, { "Action":[ "glue:UntagResource", "tag:TagResources", "tag:UntagResources" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "owner" ] } }, "Effect":"Deny", "Resource":[ "arn:aws:glue:*:*:session/*" ], "Sid":"DenyTagActions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "iam:PassedToService":[ "glue.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AwsGlueSessionServiceRoleUserRestricted*" ], "Sid":"AllowPassRoleActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-05T23:06:45+00:00" }, "AwsGlueSessionUserRestrictedServiceRole":{ "CreateDate":"2022-04-14T21:30:07+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"glue:*", "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:tableVersion/*", "arn:aws:glue:*:*:connection/*", "arn:aws:glue:*:*:userDefinedFunction/*", "arn:aws:glue:*:*:devEndpoint/*", "arn:aws:glue:*:*:job/*", "arn:aws:glue:*:*:trigger/*", "arn:aws:glue:*:*:crawler/*", "arn:aws:glue:*:*:workflow/*", "arn:aws:glue:*:*:mlTransform/*", "arn:aws:glue:*:*:registry/*", "arn:aws:glue:*:*:schema/*" ], "Sid":"AllowGlueActions" }, { "Action":[ "glue:StartCompletion", "glue:GetCompletion" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:completion/*" ], "Sid":"AllowCompletionActions" }, { "Action":[ "glue:CreateSession" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "owner" ] }, "StringEquals":{ "aws:RequestTag/owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" ], "Sid":"AllowSessionActions" }, { "Action":[ "glue:TagResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/owner":"${aws:userid}", "aws:ResourceTag/owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:session/*", "Sid":"AllowGlueTaggingAction" }, { "Action":[ "glue:RunStatement", "glue:GetStatement", "glue:ListStatements", "glue:CancelStatement", "glue:StopSession", "glue:DeleteSession", "glue:GetSession" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/owner":"${aws:userid}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" ], "Sid":"AllowStatementActions" }, { "Action":[ "glue:ListSessions" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowListSessionsAction" }, { "Action":[ "glue:UntagResource", "tag:TagResources", "tag:UntagResources" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "owner" ] } }, "Effect":"Deny", "Resource":[ "arn:aws:glue:*:*:session/*" ], "Sid":"DenyTagActions" }, { "Action":[ "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*" ], "Sid":"AllowS3BucketActions" }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-glue-*/*", "arn:aws:s3:::*/*aws-glue-*/*" ], "Sid":"AllowS3ObjectActions" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::crawler-public*" ], "Sid":"AllowS3ObjectCrawlerActions" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:/aws-glue/*" ], "Sid":"AllowLogsActions" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "aws-glue-service-resource" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ], "Sid":"AllowTagsActions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-05T23:14:07+00:00" }, "BatchServiceRolePolicy":{ "CreateDate":"2021-03-10T06:55:36+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceAttribute", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeKeyPairs", "ec2:DescribeImages", "ec2:DescribeImageAttribute", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeVpcClassicLink", "ec2:DescribeLaunchTemplateVersions", "ec2:RequestSpotFleet", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeScalingActivities", "eks:DescribeCluster", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "ecs:ListTasks", "ecs:DeregisterTaskDefinition", "ecs:TagResource", "ecs:ListAccountSettings", "logs:DescribeLogGroups", "iam:GetInstanceProfile", "iam:GetRole" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSBatchPolicyStatement1" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/batch/job*", "Sid":"AWSBatchPolicyStatement2" }, { "Action":[ "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/batch/job*:log-stream:*", "Sid":"AWSBatchPolicyStatement3" }, { "Action":[ "autoscaling:CreateOrUpdateTags" ], "Condition":{ "Null":{ "aws:RequestTag/AWSBatchServiceTag":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSBatchPolicyStatement4" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "ecs-tasks.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSBatchPolicyStatement5" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "spot.amazonaws.com", "spotfleet.amazonaws.com", "autoscaling.amazonaws.com", "ecs.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSBatchPolicyStatement6" }, { "Action":[ "ec2:CreateLaunchTemplate" ], "Condition":{ "Null":{ "aws:RequestTag/AWSBatchServiceTag":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSBatchPolicyStatement7" }, { "Action":[ "ec2:TerminateInstances", "ec2:CancelSpotFleetRequests", "ec2:ModifySpotFleetRequest", "ec2:DeleteLaunchTemplate" ], "Condition":{ "Null":{ "aws:ResourceTag/AWSBatchServiceTag":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSBatchPolicyStatement8" }, { "Action":[ "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteLaunchConfiguration" ], "Effect":"Allow", "Resource":"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/AWSBatch*", "Sid":"AWSBatchPolicyStatement9" }, { "Action":[ "autoscaling:CreateAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "autoscaling:SetDesiredCapacity", "autoscaling:DeleteAutoScalingGroup", "autoscaling:SuspendProcesses", "autoscaling:PutNotificationConfiguration", "autoscaling:TerminateInstanceInAutoScalingGroup" ], "Effect":"Allow", "Resource":"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/AWSBatch*", "Sid":"AWSBatchPolicyStatement10" }, { "Action":[ "ecs:DeleteCluster", "ecs:DeregisterContainerInstance", "ecs:RunTask", "ecs:StartTask", "ecs:StopTask" ], "Effect":"Allow", "Resource":"arn:aws:ecs:*:*:cluster/AWSBatch*", "Sid":"AWSBatchPolicyStatement11" }, { "Action":[ "ecs:RunTask", "ecs:StartTask", "ecs:StopTask" ], "Effect":"Allow", "Resource":"arn:aws:ecs:*:*:task-definition/*", "Sid":"AWSBatchPolicyStatement12" }, { "Action":[ "ecs:StopTask" ], "Effect":"Allow", "Resource":"arn:aws:ecs:*:*:task/*/*", "Sid":"AWSBatchPolicyStatement13" }, { "Action":[ "ecs:CreateCluster", "ecs:RegisterTaskDefinition" ], "Condition":{ "Null":{ "aws:RequestTag/AWSBatchServiceTag":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AWSBatchPolicyStatement14" }, { "Action":"ec2:RunInstances", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:placement-group/*", "arn:aws:ec2:*:*:capacity-reservation/*", "arn:aws:ec2:*:*:elastic-gpu/*", "arn:aws:elastic-inference:*:*:elastic-inference-accelerator/*", "arn:aws:resource-groups:*:*:group/*" ], "Sid":"AWSBatchPolicyStatement15" }, { "Action":"ec2:RunInstances", "Condition":{ "Null":{ "aws:RequestTag/AWSBatchServiceTag":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"AWSBatchPolicyStatement16" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "RunInstances", "CreateLaunchTemplate", "RequestSpotFleet" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"AWSBatchPolicyStatement17" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-05T22:52:40+00:00" }, "Billing":{ "CreateDate":"2016-11-10T17:33:18+00:00", "DefaultVersionId":"v15", "Document":{ "Statement":[ { "Action":[ "account:GetAccountInformation", "aws-portal:*Billing", "aws-portal:*PaymentMethods", "aws-portal:*Usage", "billing:CreateBillingView", "billing:DeleteBillingView", "billing:GetBillingData", "billing:GetBillingDetails", "billing:GetBillingNotifications", "billing:GetBillingPreferences", "billing:GetBillingView", "billing:GetContractInformation", "billing:GetCredits", "billing:GetIAMAccessPreference", "billing:GetSellerOfRecord", "billing:ListBillingViews", "billing:PutContractInformation", "billing:RedeemCredits", "billing:GetResourcePolicy", "billing:ListSourceViewsForBillingView", "billing:ListTagsForResource", "billing:TagResource", "billing:UntagResource", "billing:UpdateBillingPreferences", "billing:UpdateBillingView", "billing:UpdateIAMAccessPreference", "budgets:CreateBudgetAction", "budgets:DeleteBudgetAction", "budgets:DescribeBudgetActionsForBudget", "budgets:DescribeBudgetAction", "budgets:DescribeBudgetActionsForAccount", "budgets:DescribeBudgetActionHistories", "budgets:ExecuteBudgetAction", "budgets:ModifyBudget", "budgets:UpdateBudgetAction", "budgets:ViewBudget", "ce:CreateCostCategoryDefinition", "ce:CreateNotificationSubscription", "ce:CreateReport", "ce:DeleteCostCategoryDefinition", "ce:DeleteNotificationSubscription", "ce:DeleteReport", "ce:DescribeCostCategoryDefinition", "ce:GetCostAndUsage", "ce:ListCostAllocationTags", "ce:ListCostCategoryDefinitions", "ce:ListTagsForResource", "ce:TagResource", "ce:UpdateCostAllocationTagsStatus", "ce:UpdateNotificationSubscription", "ce:UpdatePreferences", "ce:UpdateReport", "ce:UpdateCostCategoryDefinition", "ce:UntagResource", "ce:StartCostAllocationTagBackfill", "ce:ListCostAllocationTagBackfillHistory", "ce:GetTags", "ce:GetDimensionValues", "consolidatedbilling:GetAccountBillingRole", "consolidatedbilling:ListLinkedAccounts", "cur:DeleteReportDefinition", "cur:DescribeReportDefinitions", "cur:GetClassicReport", "cur:GetClassicReportPreferences", "cur:GetUsageReport", "cur:ModifyReportDefinition", "cur:PutClassicReportPreferences", "cur:PutReportDefinition", "cur:ValidateReportDestination", "freetier:GetFreeTierAlertPreference", "freetier:GetFreeTierUsage", "freetier:PutFreeTierAlertPreference", "invoicing:BatchGetInvoiceProfile", "invoicing:CreateInvoiceUnit", "invoicing:DeleteInvoiceUnit", "invoicing:GetInvoiceEmailDeliveryPreferences", "invoicing:GetInvoicePDF", "invoicing:GetInvoiceUnit", "invoicing:ListInvoiceSummaries", "invoicing:ListInvoiceUnits", "invoicing:ListTagsForResource", "invoicing:PutInvoiceEmailDeliveryPreferences", "invoicing:TagResource", "invoicing:UntagResource", "invoicing:UpdateInvoiceUnit", "mapcredits:ListQuarterSpend", "mapcredits:ListAssociatedPrograms", "mapcredits:ListQuarterCredits", "payments:CreateFinancingApplication", "payments:CreatePaymentInstrument", "payments:DeletePaymentInstrument", "payments:GetFinancingApplication", "payments:GetFinancingLine", "payments:GetFinancingLineWithdrawal", "payments:GetFinancingOption", "payments:GetPaymentInstrument", "payments:GetPaymentStatus", "payments:ListFinancingApplications", "payments:ListFinancingLines", "payments:ListFinancingLineWithdrawals", "payments:ListPaymentPreferences", "payments:ListPaymentProgramOptions", "payments:ListPaymentProgramStatus", "payments:ListTagsForResource", "payments:ListPaymentInstruments", "payments:MakePayment", "payments:TagResource", "payments:UntagResource", "payments:UpdateFinancingApplication", "payments:UpdatePaymentInstrument", "payments:UpdatePaymentPreferences", "pricing:DescribeServices", "purchase-orders:AddPurchaseOrder", "purchase-orders:DeletePurchaseOrder", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ListTagsForResource", "purchase-orders:ModifyPurchaseOrders", "purchase-orders:TagResource", "purchase-orders:UntagResource", "purchase-orders:UpdatePurchaseOrder", "purchase-orders:UpdatePurchaseOrderStatus", "purchase-orders:ViewPurchaseOrders", "support:CreateCase", "support:AddAttachmentsToSet", "sustainability:GetCarbonFootprintSummary", "tax:BatchPutTaxRegistration", "tax:DeleteTaxRegistration", "tax:GetExemptions", "tax:GetTaxInheritance", "tax:GetTaxInterview", "tax:GetTaxRegistration", "tax:GetTaxRegistrationDocument", "tax:ListTaxRegistrations", "tax:PutTaxInheritance", "tax:PutTaxInterview", "tax:PutTaxRegistration", "tax:UpdateExemptions" ], "Effect":"Allow", "Resource":"*", "Sid":"VisualEditor0" } ], "Version":"2012-10-17" }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-12T18:07:07+00:00" }, "CertificateManagerServiceRolePolicy":{ "CreateDate":"2020-06-25T17:56:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "acm-pca:IssueCertificate", "acm-pca:GetCertificate" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-25T17:56:49+00:00" }, "ClientVPNServiceConnectionsRolePolicy":{ "CreateDate":"2020-08-12T19:48:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lambda:InvokeFunction" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:AWSClientVPN-*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-12T19:48:06+00:00" }, "ClientVPNServiceRolePolicy":{ "CreateDate":"2018-12-10T21:20:25+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeInternetGateways", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:DescribeAccountAttributes", "ds:AuthorizeApplication", "ds:DescribeDirectories", "ds:GetDirectoryLimits", "ds:UnauthorizeApplication", "logs:DescribeLogStreams", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "acm:GetCertificate", "acm:DescribeCertificate", "iam:GetSAMLProvider", "lambda:GetFunctionConfiguration" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-12T19:39:34+00:00" }, "CloudFormationStackSetsOrgAdminServiceRolePolicy":{ "CreateDate":"2019-12-10T00:20:05+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:List*", "organizations:Describe*" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowsAWSOrganizationsReadAPIs" }, { "Action":"sts:AssumeRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/stacksets-exec-*", "Sid":"AllowAssumeRoleInMemberAccounts" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-10T00:20:05+00:00" }, "CloudFormationStackSetsOrgMemberServiceRolePolicy":{ "CreateDate":"2019-12-09T23:52:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:CreateRole", "iam:DeleteRole", "iam:GetRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/stacksets-exec-*" ] }, { "Action":[ "iam:DetachRolePolicy", "iam:AttachRolePolicy" ], "Condition":{ "StringEquals":{ "iam:PolicyARN":"arn:aws:iam::aws:policy/AdministratorAccess" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/stacksets-exec-*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-09T23:52:37+00:00" }, "CloudFrontFullAccess":{ "CreateDate":"2015-02-06T18:39:50+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"cfflistbuckets" }, { "Action":[ "acm:ListCertificates", "cloudfront:*", "cloudfront-keyvaluestore:*", "iam:ListServerCertificates", "waf:ListWebACLs", "waf:GetWebACL", "wafv2:ListWebACLs", "wafv2:GetWebACL", "kinesis:ListStreams", "ec2:DescribeInstances", "elasticloadbalancing:DescribeLoadBalancers", "ec2:DescribeInternetGateways" ], "Effect":"Allow", "Resource":"*", "Sid":"cffullaccess" }, { "Action":[ "kinesis:DescribeStream" ], "Effect":"Allow", "Resource":"arn:aws:kinesis:*:*:*", "Sid":"cffdescribestream" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:*", "Sid":"cfflistroles" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-20T18:39:41+00:00" }, "CloudFrontReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:55+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "acm:ListCertificates", "cloudfront:Describe*", "cloudfront:Get*", "cloudfront:List*", "cloudfront-keyvaluestore:Describe*", "cloudfront-keyvaluestore:Get*", "cloudfront-keyvaluestore:List*", "iam:ListServerCertificates", "route53:List*", "waf:ListWebACLs", "waf:GetWebACL", "wafv2:ListWebACLs", "wafv2:GetWebACL" ], "Effect":"Allow", "Resource":"*", "Sid":"cfReadOnly" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-04T16:55:27+00:00" }, "CloudHSMServiceRolePolicy":{ "CreateDate":"2017-11-06T19:12:46+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-06T19:12:46+00:00" }, "CloudSearchFullAccess":{ "CreateDate":"2015-02-06T18:39:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudsearch:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:39:56+00:00" }, "CloudSearchReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:57+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudsearch:Describe*", "cloudsearch:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:39:57+00:00" }, "CloudTrailServiceRolePolicy":{ "CreateDate":"2018-10-24T21:21:44+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "cloudtrail:*" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudTrailFullAccess" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AwsOrgsAccess" }, { "Action":"organizations:ListDelegatedAdministrators", "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":[ "cloudtrail.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AwsOrgsDelegatedAdminAccess" }, { "Action":"glue:DeleteTable", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:*:glue:*:*:catalog", "arn:*:glue:*:*:database/aws:cloudtrail", "arn:*:glue:*:*:table/aws:cloudtrail/*" ], "Sid":"DeleteTableAccess" }, { "Action":"lakeformation:DeregisterResource", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DeregisterResourceAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-27T01:18:10+00:00" }, "CloudWatch-CrossAccountAccess":{ "CreateDate":"2019-07-23T09:59:27+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sts:AssumeRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/CloudWatch-CrossAccountSharing*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-07-23T09:59:27+00:00" }, "CloudWatchActionsEC2Access":{ "CreateDate":"2015-07-07T00:00:33+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:Describe*", "ec2:Describe*", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-07-07T00:00:33+00:00" }, "CloudWatchAgentAdminPolicy":{ "CreateDate":"2018-03-07T00:52:31+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData", "ec2:DescribeTags", "logs:PutLogEvents", "logs:PutRetentionPolicy", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream", "logs:CreateLogGroup", "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Effect":"Allow", "Resource":"*", "Sid":"CWACloudWatchPermissions" }, { "Action":[ "ssm:GetParameter", "ssm:PutParameter" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*", "Sid":"CWASSMPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-05T20:59:57+00:00" }, "CloudWatchAgentServerPolicy":{ "CreateDate":"2018-03-07T01:06:44+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData", "ec2:DescribeVolumes", "ec2:DescribeTags", "logs:PutLogEvents", "logs:PutRetentionPolicy", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream", "logs:CreateLogGroup", "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Effect":"Allow", "Resource":"*", "Sid":"CWACloudWatchServerPermissions" }, { "Action":[ "ssm:GetParameter" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*", "Sid":"CWASSMServerPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-06T16:37:37+00:00" }, "CloudWatchApplicationInsightsFullAccess":{ "CreateDate":"2020-11-24T18:44:14+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":"applicationinsights:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeVolumes", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "sqs:ListQueues", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "autoscaling:DescribeAutoScalingGroups", "lambda:ListFunctions", "dynamodb:ListTables", "s3:ListAllMyBuckets", "sns:ListTopics", "states:ListStateMachines", "apigateway:GET", "ecs:ListClusters", "ecs:DescribeTaskDefinition", "ecs:ListServices", "ecs:ListTasks", "eks:ListClusters", "eks:ListNodegroups", "fsx:DescribeFileSystems", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"application-insights.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-01-25T17:51:29+00:00" }, "CloudWatchApplicationInsightsReadOnlyAccess":{ "CreateDate":"2020-11-24T18:48:00+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "applicationinsights:Describe*", "applicationinsights:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-24T18:48:00+00:00" }, "CloudWatchApplicationSignalsFullAccess":{ "CreateDate":"2024-06-06T22:50:16+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"application-signals:*", "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsFullAccessPermissions" }, { "Action":"cloudwatch:DescribeAlarms", "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsAlarmsPermissions" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsMetricsPermissions" }, { "Action":[ "logs:StartQuery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/application-signals/data:*", "Sid":"CloudWatchApplicationSignalsLogGroupPermissions" }, { "Action":[ "logs:StopQuery", "logs:GetQueryResults" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsLogsPermissions" }, { "Action":[ "synthetics:DescribeCanaries", "synthetics:DescribeCanariesLastRun", "synthetics:GetCanaryRuns" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsSyntheticsPermissions" }, { "Action":[ "rum:BatchCreateRumMetricDefinitions", "rum:BatchDeleteRumMetricDefinitions", "rum:BatchGetRumMetricDefinitions", "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors", "rum:PutRumMetricsDestination", "rum:UpdateRumMetricDefinition" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsRumPermissions" }, { "Action":"xray:GetTraceSummaries", "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsXrayPermissions" }, { "Action":"cloudwatch:PutMetricAlarm", "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:SLO-AttainmentGoalAlarm-*", "arn:aws:cloudwatch:*:*:alarm:SLO-WarningAlarm-*", "arn:aws:cloudwatch:*:*:alarm:SLI-HealthAlarm-*" ], "Sid":"CloudWatchApplicationSignalsPutMetricAlarmPermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"application-signals.cloudwatch.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals", "Sid":"CloudWatchApplicationSignalsCreateServiceLinkedRolePermissions" }, { "Action":"iam:GetRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals", "Sid":"CloudWatchApplicationSignalsGetRolePermissions" }, { "Action":[ "sns:CreateTopic", "sns:Subscribe" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:cloudwatch-application-signals-*", "Sid":"CloudWatchApplicationSignalsSnsWritePermissions" }, { "Action":"sns:ListTopics", "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsSnsReadPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-06T22:50:16+00:00" }, "CloudWatchApplicationSignalsReadOnlyAccess":{ "CreateDate":"2024-06-06T22:48:30+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "application-signals:BatchGetServiceLevelObjectiveBudgetReport", "application-signals:GetService", "application-signals:GetServiceLevelObjective", "application-signals:ListServiceLevelObjectives", "application-signals:ListServiceDependencies", "application-signals:ListServiceDependents", "application-signals:ListServiceOperations", "application-signals:ListServices", "application-signals:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsReadOnlyAccessPermissions" }, { "Action":"iam:GetRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals", "Sid":"CloudWatchApplicationSignalsGetRolePermissions" }, { "Action":[ "logs:StartQuery" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/application-signals/data:*", "Sid":"CloudWatchApplicationSignalsLogGroupPermissions" }, { "Action":[ "logs:StopQuery", "logs:GetQueryResults" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsLogsPermissions" }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsAlarmsReadPermissions" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsMetricsReadPermissions" }, { "Action":[ "synthetics:DescribeCanaries", "synthetics:DescribeCanariesLastRun", "synthetics:GetCanaryRuns" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsSyntheticsReadPermissions" }, { "Action":[ "rum:BatchGetRumMetricDefinitions", "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsRumReadPermissions" }, { "Action":[ "xray:GetTraceSummaries" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchApplicationSignalsXrayReadPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-06T22:48:30+00:00" }, "CloudWatchApplicationSignalsServiceRolePolicy":{ "CreateDate":"2023-11-09T18:09:57+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "xray:GetServiceGraph" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"XRayPermission" }, { "Action":[ "logs:StartQuery", "logs:GetQueryResults" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/appsignals/*:*", "arn:aws:logs:*:*:log-group:/aws/application-signals/data:*" ], "Sid":"CWLogsPermission" }, { "Action":[ "cloudwatch:ListMetrics" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"CWListMetricsPermission" }, { "Action":[ "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"CWGetMetricDataPermission" }, { "Action":[ "tag:GetResources" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"TagsPermission" }, { "Action":[ "application-signals:ListServiceLevelObjectiveExclusionWindows", "application-signals:GetServiceLevelObjective" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ApplicationSignalsPermission" }, { "Action":[ "autoscaling:DescribeAutoScalingGroups" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"EC2AutoScalingPermission" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-17T15:07:06+00:00" }, "CloudWatchAutomaticDashboardsAccess":{ "CreateDate":"2019-07-23T10:01:08+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "autoscaling:DescribeAutoScalingGroups", "cloudfront:GetDistribution", "cloudfront:ListDistributions", "dynamodb:DescribeTable", "dynamodb:ListTables", "ec2:DescribeInstances", "ec2:DescribeVolumes", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListServices", "elasticache:DescribeCacheClusters", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeLoadBalancers", "kinesis:DescribeStream", "kinesis:ListStreams", "lambda:GetFunction", "lambda:ListFunctions", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "resource-groups:ListGroupResources", "resource-groups:ListGroups", "route53:GetHealthCheck", "route53:ListHealthChecks", "s3:ListAllMyBuckets", "s3:ListBucket", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListQueues", "synthetics:DescribeCanariesLastRun", "tag:GetResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/restapis*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-20T13:05:40+00:00" }, "CloudWatchCrossAccountSharingConfiguration":{ "CreateDate":"2022-11-27T14:01:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:Link", "oam:ListLinks" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "oam:DeleteLink", "oam:GetLink", "oam:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:oam:*:*:link/*" }, { "Action":[ "oam:CreateLink", "oam:UpdateLink" ], "Effect":"Allow", "Resource":[ "arn:aws:oam:*:*:link/*", "arn:aws:oam:*:*:sink/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-27T14:01:10+00:00" }, "CloudWatchEventsBuiltInTargetExecutionAccess":{ "CreateDate":"2016-01-14T18:35:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:Describe*", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateSnapshot" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchEventsBuiltInTargetExecutionAccess" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-01-14T18:35:49+00:00" }, "CloudWatchEventsFullAccess":{ "CreateDate":"2016-01-14T18:37:08+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "events:*", "schemas:*", "scheduler:*", "pipes:*" ], "Effect":"Allow", "Resource":"*", "Sid":"EventBridgeActions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"apidestinations.events.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/apidestinations.events.amazonaws.com/AWSServiceRoleForAmazonEventBridgeApiDestinations", "Sid":"IAMCreateServiceLinkedRoleForApiDestinations" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"schemas.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas", "Sid":"IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:UpdateSecret", "secretsmanager:DeleteSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:events!*", "Sid":"SecretsManagerAccessForApiDestinations" }, { "Action":"iam:PassRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS_Events_Invoke_Targets", "Sid":"IAMPassRoleForCloudWatchEvents" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"scheduler.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassRoleAccessForScheduler" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"pipes.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"IAMPassRoleAccessForPipes" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-22T02:07:06+00:00" }, "CloudWatchEventsInvocationAccess":{ "CreateDate":"2016-01-14T18:36:33+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "kinesis:PutRecord" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchEventsInvocationAccess" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-01-14T18:36:33+00:00" }, "CloudWatchEventsReadOnlyAccess":{ "CreateDate":"2016-01-14T18:27:18+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "events:DescribeRule", "events:DescribeEventBus", "events:DescribeEventSource", "events:ListEventBuses", "events:ListEventSources", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule", "events:TestEventPattern", "events:DescribeArchive", "events:ListArchives", "events:DescribeReplay", "events:ListReplays", "events:DescribeConnection", "events:ListConnections", "events:DescribeApiDestination", "events:ListApiDestinations", "events:DescribeEndpoint", "events:ListEndpoints", "schemas:DescribeCodeBinding", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", "schemas:ExportSchema", "schemas:GetCodeBindingSource", "schemas:GetDiscoveredSchema", "schemas:GetResourcePolicy", "schemas:ListDiscoverers", "schemas:ListRegistries", "schemas:ListSchemas", "schemas:ListSchemaVersions", "schemas:ListTagsForResource", "schemas:SearchSchemas", "scheduler:GetSchedule", "scheduler:GetScheduleGroup", "scheduler:ListSchedules", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "pipes:DescribePipe", "pipes:ListPipes", "pipes:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-12-01T16:29:31+00:00" }, "CloudWatchEventsServiceRolePolicy":{ "CreateDate":"2017-11-17T00:42:04+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarms", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateSnapshot" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-17T00:42:04+00:00" }, "CloudWatchFullAccess":{ "CreateDate":"2015-02-06T18:40:00+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "autoscaling:Describe*", "cloudwatch:*", "logs:*", "sns:*", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "oam:ListSinks" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"events.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*" }, { "Action":[ "oam:ListAttachedLinks" ], "Effect":"Allow", "Resource":"arn:aws:oam:*:*:sink/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-27T13:23:49+00:00" }, "CloudWatchFullAccessV2":{ "CreateDate":"2023-08-01T11:32:57+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "application-autoscaling:DescribeScalingPolicies", "application-signals:*", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribePolicies", "cloudwatch:*", "logs:*", "sns:CreateTopic", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Subscribe", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "oam:ListSinks", "rum:*", "synthetics:*", "xray:*" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchFullAccessPermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"application-signals.cloudwatch.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals", "Sid":"CloudWatchApplicationSignalsServiceLinkedRolePermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"events.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*", "Sid":"EventsServicePermissions" }, { "Action":[ "oam:ListAttachedLinks" ], "Effect":"Allow", "Resource":"arn:aws:oam:*:*:sink/*", "Sid":"OAMReadPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-17T22:20:49+00:00" }, "CloudWatchInternetMonitorFullAccess":{ "CreateDate":"2024-10-22T21:02:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "internetmonitor:CreateMonitor", "internetmonitor:DeleteMonitor", "internetmonitor:GetHealthEvent", "internetmonitor:GetInternetEvent", "internetmonitor:GetMonitor", "internetmonitor:GetQueryResults", "internetmonitor:GetQueryStatus", "internetmonitor:Link", "internetmonitor:ListHealthEvents", "internetmonitor:ListInternetEvents", "internetmonitor:ListMonitors", "internetmonitor:ListTagsForResource", "internetmonitor:StartQuery", "internetmonitor:StopQuery", "internetmonitor:TagResource", "internetmonitor:UntagResource", "internetmonitor:UpdateMonitor" ], "Effect":"Allow", "Resource":"*", "Sid":"FullAccessActions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"internetmonitor.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/internetmonitor.amazonaws.com/AWSServiceRoleForInternetMonitor", "Sid":"ServiceLinkedRoleActions" }, { "Action":[ "iam:AttachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":"arn:aws:iam::aws:policy/aws-service-role/CloudWatchInternetMonitorServiceRolePolicy" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/internetmonitor.amazonaws.com/AWSServiceRoleForInternetMonitor", "Sid":"RolePolicyActions" }, { "Action":[ "cloudwatch:GetMetricData", "cloudfront:GetDistribution", "cloudfront:ListDistributions", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeLoadBalancers", "logs:DescribeLogGroups", "logs:GetQueryResults", "logs:StartQuery", "logs:StopQuery", "workspaces:DescribeWorkspaceDirectories" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-22T21:02:59+00:00" }, "CloudWatchInternetMonitorReadOnlyAccess":{ "CreateDate":"2024-11-12T23:11:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:GetMetricData", "internetmonitor:GetHealthEvent", "internetmonitor:GetInternetEvent", "internetmonitor:GetMonitor", "internetmonitor:GetQueryResults", "internetmonitor:GetQueryStatus", "internetmonitor:ListHealthEvents", "internetmonitor:ListInternetEvents", "internetmonitor:ListMonitors", "internetmonitor:ListTagsForResource", "internetmonitor:StartQuery", "internetmonitor:StopQuery", "logs:DescribeLogGroups", "logs:GetQueryResults", "logs:StartQuery", "logs:StopQuery" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-12T23:11:17+00:00" }, "CloudWatchInternetMonitorServiceRolePolicy":{ "CreateDate":"2022-11-27T17:46:24+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudfront:GetDistribution", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeLoadBalancers", "workspaces:DescribeWorkspaceDirectories" ], "Effect":"Allow", "Resource":"*" }, { "Action":"logs:CreateLogGroup", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/internet-monitor/*" }, { "Action":[ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/internet-monitor/*:log-stream:*" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/InternetMonitor" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-07-20T04:46:37+00:00" }, "CloudWatchLambdaApplicationSignalsExecutionRolePolicy":{ "CreateDate":"2024-10-16T19:09:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "xray:PutTraceSegments" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"CloudWatchApplicationSignalsXrayWritePermissions" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/application-signals/data:*", "Sid":"CloudWatchApplicationSignalsLogGroupWritePermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-16T19:09:17+00:00" }, "CloudWatchLambdaInsightsExecutionRolePolicy":{ "CreateDate":"2020-10-07T19:27:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"logs:CreateLogGroup", "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda-insights:*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-07T19:27:06+00:00" }, "CloudWatchLogsCrossAccountSharingConfiguration":{ "CreateDate":"2022-11-27T13:55:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:Link", "oam:ListLinks" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "oam:DeleteLink", "oam:GetLink", "oam:TagResource" ], "Effect":"Allow", "Resource":"arn:aws:oam:*:*:link/*" }, { "Action":[ "oam:CreateLink", "oam:UpdateLink" ], "Effect":"Allow", "Resource":[ "arn:aws:oam:*:*:link/*", "arn:aws:oam:*:*:sink/*" ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-27T13:55:22+00:00" }, "CloudWatchLogsFullAccess":{ "CreateDate":"2015-02-06T18:40:02+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "logs:*", "cloudwatch:GenerateQuery" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-26T18:12:09+00:00" }, "CloudWatchLogsReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:03+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "logs:Describe*", "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:TestMetricFilter", "logs:FilterLogEvents", "logs:StartLiveTail", "logs:StopLiveTail", "cloudwatch:GenerateQuery" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-26T18:11:33+00:00" }, "CloudWatchNetworkFlowMonitorAgentPublishPolicy":{ "CreateDate":"2024-12-01T22:51:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "networkflowmonitor:Publish" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T22:51:06+00:00" }, "CloudWatchNetworkFlowMonitorServiceRolePolicy":{ "CreateDate":"2024-12-01T22:36:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/NetworkFlowMonitor" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:ListDelegatedAdministrators", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeAccount", "organizations:ListAccounts" ], "Effect":"Allow", "Resource":[ "arn:aws:organizations::*:account/*", "arn:aws:organizations::*:organization/*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T22:36:07+00:00" }, "CloudWatchNetworkFlowMonitorTopologyServiceRolePolicy":{ "CreateDate":"2024-12-01T22:51:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayConnects", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeVpnConnections", "ec2:DescribeCustomerGateways", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:SearchTransitGatewayRoutes" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T22:51:07+00:00" }, "CloudWatchNetworkMonitorServiceRolePolicy":{ "CreateDate":"2023-12-21T18:53:19+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/NetworkMonitor" } }, "Effect":"Allow", "Resource":"*", "Sid":"PublishCw" }, { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeVpcs", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeAny" }, { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:RevokeSecurityGroupEgress", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/ManagedByCloudWatchNetworkMonitor":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"DeleteModifyEc2Resources" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-21T18:53:19+00:00" }, "CloudWatchOpenSearchDashboardAccess":{ "CreateDate":"2024-12-01T21:06:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:ListIntegrations", "logs:GetIntegration", "logs:DescribeLogGroups", "opensearch:ApplicationAccessAll", "iam:ListRoles", "iam:ListUsers" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchOpenSearchDashboardsIntegration" }, { "Action":[ "aoss:BatchGetCollection", "aoss:BatchGetLifecyclePolicy", "es:ListApplications" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsOpensearchReadAPIs" }, { "Action":[ "aoss:APIAccessAll" ], "Condition":{ "StringLike":{ "aoss:collection":"cloudwatch-logs-*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsAPIAccessAll" }, { "Action":[ "aoss:GetAccessPolicy", "aoss:GetSecurityPolicy" ], "Condition":{ "StringLike":{ "aoss:collection":"cloudwatch-logs-*", "aws:CalledViaFirst":"logs.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsDQSCollectionPolicyAccess" }, { "Action":[ "es:GetApplication" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:ResourceTag/OpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsApplicationResourceAccess" }, { "Action":[ "es:GetDirectQueryDataSource" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:ResourceTag/CloudWatchOpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"arn:aws:opensearch:*:*:datasource/cloudwatch_logs_*", "Sid":"CloudWatchLogsDQSResourceQueryAccess" }, { "Action":[ "opensearch:GetDirectQuery" ], "Effect":"Allow", "Resource":"arn:aws:opensearch:*:*:datasource/cloudwatch_logs_*", "Sid":"CloudWatchLogsDirectQueryStatusAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T21:06:07+00:00" }, "CloudWatchOpenSearchDashboardsFullAccess":{ "CreateDate":"2024-12-01T21:06:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:ListIntegrations", "logs:GetIntegration", "logs:DeleteIntegration", "logs:PutIntegration", "logs:DescribeLogGroups", "opensearch:ApplicationAccessAll", "iam:ListRoles", "iam:ListUsers" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchOpenSearchDashboardsIntegration" }, { "Action":[ "aoss:BatchGetCollection", "aoss:BatchGetLifecyclePolicy", "es:ListApplications" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsOpensearchReadAPIs" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "iam:AWSServiceName":"opensearchservice.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/opensearchservice.amazonaws.com/AWSServiceRoleForAmazonOpenSearchService", "Sid":"CloudWatchLogsOpensearchCreateServiceLinkedAccess" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "iam:AWSServiceName":"observability.aoss.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/observability.aoss.amazonaws.com/AWSServiceRoleForAmazonOpenSearchServerless", "Sid":"CloudWatchLogsObservabilityCreateServiceLinkedAccess" }, { "Action":[ "aoss:CreateCollection" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"CloudWatchOpenSearchIntegration" }, "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:RequestTag/CloudWatchOpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsCollectionRequestAccess" }, { "Action":[ "es:CreateApplication" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"OpenSearchIntegration" }, "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:RequestTag/OpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsApplicationRequestAccess" }, { "Action":[ "aoss:DeleteCollection" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:ResourceTag/CloudWatchOpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsCollectionResourceAccess" }, { "Action":[ "es:UpdateApplication", "es:GetApplication" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:ResourceTag/OpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsApplicationResourceAccess" }, { "Action":[ "aoss:CreateSecurityPolicy", "aoss:CreateAccessPolicy", "aoss:DeleteAccessPolicy", "aoss:DeleteSecurityPolicy", "aoss:GetAccessPolicy", "aoss:GetSecurityPolicy" ], "Condition":{ "StringLike":{ "aoss:collection":"cloudwatch-logs-*", "aws:CalledViaFirst":"logs.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsCollectionPolicyAccess" }, { "Action":[ "aoss:APIAccessAll" ], "Condition":{ "StringLike":{ "aoss:collection":"cloudwatch-logs-*" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsAPIAccessAll" }, { "Action":[ "aoss:CreateAccessPolicy", "aoss:DeleteAccessPolicy", "aoss:GetAccessPolicy", "aoss:CreateLifecyclePolicy", "aoss:DeleteLifecyclePolicy" ], "Condition":{ "StringLike":{ "aoss:index":"cloudwatch-logs-*", "aws:CalledViaFirst":"logs.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsIndexPolicyAccess" }, { "Action":[ "es:AddDirectQueryDataSource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"CloudWatchOpenSearchIntegration" }, "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:RequestTag/CloudWatchOpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"arn:aws:opensearch:*:*:datasource/cloudwatch_logs_*", "Sid":"CloudWatchLogsDQSRequestQueryAccess" }, { "Action":[ "opensearch:StartDirectQuery", "opensearch:GetDirectQuery" ], "Effect":"Allow", "Resource":"arn:aws:opensearch:*:*:datasource/cloudwatch_logs_*", "Sid":"CloudWatchLogsStartDirectQueryAccess" }, { "Action":[ "es:GetDirectQueryDataSource", "es:DeleteDirectQueryDataSource" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:ResourceTag/CloudWatchOpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"arn:aws:opensearch:*:*:datasource/cloudwatch_logs_*", "Sid":"CloudWatchLogsDQSResourceQueryAccess" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringLike":{ "aws:CalledViaFirst":"logs.amazonaws.com", "iam:PassedToService":"directquery.opensearchservice.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchLogsPassRoleAccess" }, { "Action":[ "aoss:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"CloudWatchOpenSearchIntegration" }, "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:ResourceTag/CloudWatchOpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"arn:aws:aoss:*:*:collection/*", "Sid":"CloudWatchLogsAossTagsAccess" }, { "Action":[ "es:AddTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"OpenSearchIntegration" }, "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:ResourceTag/OpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"arn:aws:opensearch:*:*:application/*", "Sid":"CloudWatchLogsEsApplicationTagsAccess" }, { "Action":[ "es:AddTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"CloudWatchOpenSearchIntegration" }, "StringEquals":{ "aws:CalledViaFirst":"logs.amazonaws.com", "aws:ResourceTag/CloudWatchOpenSearchIntegration":[ "Dashboards" ] } }, "Effect":"Allow", "Resource":"arn:aws:opensearch:*:*:datasource/*", "Sid":"CloudWatchLogsEsDataSourceTagsAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T21:06:07+00:00" }, "CloudWatchReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:01+00:00", "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ "application-autoscaling:DescribeScalingPolicies", "application-signals:BatchGet*", "application-signals:Get*", "application-signals:List*", "autoscaling:Describe*", "cloudwatch:BatchGet*", "cloudwatch:Describe*", "cloudwatch:GenerateQuery", "cloudwatch:Get*", "cloudwatch:List*", "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:Describe*", "logs:TestMetricFilter", "logs:FilterLogEvents", "logs:StartLiveTail", "logs:StopLiveTail", "oam:ListSinks", "sns:Get*", "sns:List*", "rum:BatchGet*", "rum:Get*", "rum:List*", "synthetics:Describe*", "synthetics:Get*", "synthetics:List*", "xray:BatchGet*", "xray:Get*", "xray:List*", "xray:StartTraceRetrieval", "xray:CancelTraceRetrieval" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchReadOnlyAccessPermissions" }, { "Action":[ "oam:ListAttachedLinks" ], "Effect":"Allow", "Resource":"arn:aws:oam:*:*:sink/*", "Sid":"OAMReadPermissions" }, { "Action":"iam:GetRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals", "Sid":"CloudWatchReadOnlyGetRolePermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-21T17:51:05+00:00" }, "CloudWatchSyntheticsFullAccess":{ "CreateDate":"2019-11-25T17:39:46+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "synthetics:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:CreateBucket", "s3:PutEncryptionConfiguration" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::cw-syn-results-*" ] }, { "Action":[ "iam:ListRoles", "s3:ListAllMyBuckets", "xray:GetTraceSummaries", "xray:BatchGetTraces", "apigateway:GET" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*" }, { "Action":[ "s3:GetObject", "s3:ListBucket" ], "Effect":"Allow", "Resource":"arn:aws:s3:::cw-syn-*" }, { "Action":[ "s3:GetObjectVersion" ], "Effect":"Allow", "Resource":"arn:aws:s3:::aws-synthetics-library-*" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "lambda.amazonaws.com", "synthetics.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" ] }, { "Action":[ "iam:GetRole", "iam:ListAttachedRolePolicies" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" ] }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:Synthetics-*" ] }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudwatch:*:*:alarm:*" ] }, { "Action":[ "logs:GetLogRecord", "logs:DescribeLogStreams", "logs:StartQuery", "logs:GetLogEvents", "logs:FilterLogEvents", "logs:GetLogGroupFields" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/lambda/cwsyn-*" ] }, { "Action":[ "lambda:CreateFunction", "lambda:AddPermission", "lambda:PublishVersion", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:GetFunctionConfiguration", "lambda:GetFunction", "lambda:DeleteFunction", "lambda:ListTags", "lambda:TagResource", "lambda:UntagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:cwsyn-*" ] }, { "Action":[ "lambda:GetLayerVersion", "lambda:PublishLayerVersion", "lambda:DeleteLayerVersion" ], "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:layer:cwsyn-*", "arn:aws:lambda:*:*:layer:Synthetics:*", "arn:aws:lambda:*:*:layer:Synthetics_Selenium:*", "arn:aws:lambda:*:*:layer:AWS-CW-Synthetics*:*" ] }, { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "sns:ListTopics" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "sns:CreateTopic", "sns:Subscribe", "sns:ListSubscriptionsByTopic" ], "Effect":"Allow", "Resource":[ "arn:*:sns:*:*:Synthetics-*" ] }, { "Action":[ "kms:ListAliases" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:DescribeKey" ], "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "s3.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-21T22:21:05+00:00" }, "CloudWatchSyntheticsReadOnlyAccess":{ "CreateDate":"2019-11-25T17:45:40+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "synthetics:Describe*", "synthetics:Get*", "synthetics:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-03-06T19:26:01+00:00" }, "CloudwatchApplicationInsightsServiceLinkedRolePolicy":{ "CreateDate":"2018-12-01T16:22:12+00:00", "DefaultVersionId":"v25", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:PutAnomalyDetector", "cloudwatch:DeleteAnomalyDetector", "cloudwatch:DescribeAnomalyDetectors" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"CloudWatch" }, { "Action":[ "logs:FilterLogEvents", "logs:GetLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"CloudWatchLogs" }, { "Action":[ "events:DescribeRule" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"EventBridge" }, { "Action":[ "cloudFormation:CreateStack", "cloudFormation:UpdateStack", "cloudFormation:DeleteStack", "cloudFormation:DescribeStackResources", "cloudFormation:UpdateTerminationProtection" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/ApplicationInsights-*" ], "Sid":"CloudFormation" }, { "Action":[ "cloudFormation:DescribeStacks", "cloudFormation:ListStackResources", "cloudFormation:ListStacks" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"CloudFormationStacks" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"Tag" }, { "Action":[ "resource-groups:ListGroupResources", "resource-groups:GetGroupQuery", "resource-groups:GetGroup" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ResourceGroups" }, { "Action":[ "resource-groups:CreateGroup", "resource-groups:DeleteGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:resource-groups:*:*:group/ApplicationInsights-*" ], "Sid":"ApplicationInsightsResourceGroup" }, { "Action":[ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ElasticLoadBalancing" }, { "Action":[ "autoscaling:DescribeAutoScalingGroups" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AutoScaling" }, { "Action":[ "ssm:PutParameter", "ssm:DeleteParameter", "ssm:AddTagsToResource", "ssm:RemoveTagsFromResource", "ssm:GetParameters" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:parameter/AmazonCloudWatch-ApplicationInsights-*", "Sid":"SSMParameter" }, { "Action":[ "ssm:CreateAssociation", "ssm:UpdateAssociation", "ssm:DeleteAssociation", "ssm:DescribeAssociation" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:association/*", "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure", "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent" ], "Sid":"SSMAssociation" }, { "Action":[ "ssm:GetOpsItem", "ssm:CreateOpsItem", "ssm:DescribeOpsItems", "ssm:UpdateOpsItem", "ssm:DescribeInstanceInformation" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SSMOpsItem" }, { "Action":[ "ssm:AddTagsToResource" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:opsitem/*", "Sid":"SSMTags" }, { "Action":[ "ssm:ListCommandInvocations", "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SSMGetCommandInvocation" }, { "Action":"ssm:SendCommand", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:document/AWSEC2-CheckPerformanceCounterSets", "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*:*:document/AWSEC2-DetectWorkload", "arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent" ], "Sid":"SSMSendCommand" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeVolumeStatus", "ec2:DescribeVpcs", "ec2:DescribeVpcAttribute", "ec2:DescribeNatGateways" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"EC2" }, { "Action":[ "rds:DescribeDBInstances", "rds:DescribeDBClusters" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"RDS" }, { "Action":[ "lambda:ListFunctions", "lambda:GetFunctionConfiguration", "lambda:ListEventSourceMappings" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"Lambda" }, { "Action":[ "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:DeleteRule" ], "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/AmazonCloudWatch-ApplicationInsights-*" ], "Sid":"EventBridgeManagedRule" }, { "Action":[ "xray:GetServiceGraph", "xray:GetTraceSummaries", "xray:GetTimeSeriesServiceStatistics", "xray:GetTraceGraph" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"XRay" }, { "Action":[ "dynamodb:ListTables", "dynamodb:DescribeTable", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeTimeToLive" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DynamoDB" }, { "Action":[ "application-autoscaling:DescribeScalableTargets" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ApplicationAutoscaling" }, { "Action":[ "s3:ListAllMyBuckets", "s3:GetMetricsConfiguration", "s3:GetReplicationConfiguration" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"S3" }, { "Action":[ "states:ListStateMachines", "states:DescribeExecution", "states:DescribeStateMachine", "states:GetExecutionHistory" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"States" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"APIGateway" }, { "Action":[ "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListServices", "ecs:ListTasks" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ECS" }, { "Action":[ "ecs:UpdateClusterSettings" ], "Effect":"Allow", "Resource":[ "arn:aws:ecs:*:*:cluster/*" ], "Sid":"ECSCluster" }, { "Action":[ "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeNodegroup", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListNodegroups", "fsx:DescribeFileSystems", "fsx:DescribeVolumes" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"EKS" }, { "Action":[ "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:GetSMSAttributes", "sns:ListSubscriptionsByTopic", "sns:ListTopics" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"SNS" }, { "Action":[ "sqs:ListQueues" ], "Effect":"Allow", "Resource":"*", "Sid":"SQS" }, { "Action":[ "logs:DeleteSubscriptionFilter" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:*" ], "Sid":"CloudWatchLogsDeleteSubscriptionFilter" }, { "Action":[ "logs:PutSubscriptionFilter" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:*", "arn:aws:logs:*:*:destination:AmazonCloudWatch-ApplicationInsights-LogIngestionDestination*" ], "Sid":"CloudWatchLogsCreateSubscriptionFilter" }, { "Action":[ "elasticfilesystem:DescribeFileSystems" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"EFS" }, { "Action":[ "route53:GetHostedZone", "route53:GetHealthCheck", "route53:ListHostedZones", "route53:ListHealthChecks", "route53:ListQueryLoggingConfigs" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"Route53" }, { "Action":[ "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:GetFirewallRuleGroup", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListResolverEndpoints", "route53resolver:GetResolverQueryLogConfig", "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverQueryLogConfigAssociations", "route53resolver:GetResolverEndpoint", "route53resolver:GetFirewallRuleGroupAssociation" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"Route53Resolver" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-25T16:24:03+00:00" }, "ComprehendDataAccessRolePolicy":{ "CreateDate":"2019-03-06T22:28:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":{ "Action":[ "s3:GetObject", "s3:ListBucket", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*Comprehend*", "arn:aws:s3:::*comprehend*" ] }, "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-03-06T22:28:15+00:00" }, "ComprehendFullAccess":{ "CreateDate":"2017-11-29T18:08:43+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "comprehend:*", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "iam:ListRoles", "iam:GetRole" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-05T01:36:24+00:00" }, "ComprehendMedicalFullAccess":{ "CreateDate":"2018-11-27T17:55:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "comprehendmedical:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-27T17:55:52+00:00" }, "ComprehendReadOnly":{ "CreateDate":"2017-11-29T18:10:19+00:00", "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "comprehend:DetectDominantLanguage", "comprehend:BatchDetectDominantLanguage", "comprehend:DetectEntities", "comprehend:BatchDetectEntities", "comprehend:DetectKeyPhrases", "comprehend:BatchDetectKeyPhrases", "comprehend:DetectPiiEntities", "comprehend:ContainsPiiEntities", "comprehend:DetectSentiment", "comprehend:BatchDetectSentiment", "comprehend:DetectSyntax", "comprehend:BatchDetectSyntax", "comprehend:ClassifyDocument", "comprehend:DescribeTopicsDetectionJob", "comprehend:ListTopicsDetectionJobs", "comprehend:DescribeDominantLanguageDetectionJob", "comprehend:ListDominantLanguageDetectionJobs", "comprehend:DescribeEntitiesDetectionJob", "comprehend:ListEntitiesDetectionJobs", "comprehend:DescribeKeyPhrasesDetectionJob", "comprehend:ListKeyPhrasesDetectionJobs", "comprehend:DescribePiiEntitiesDetectionJob", "comprehend:ListPiiEntitiesDetectionJobs", "comprehend:DescribeSentimentDetectionJob", "comprehend:DescribeTargetedSentimentDetectionJob", "comprehend:ListSentimentDetectionJobs", "comprehend:ListTargetedSentimentDetectionJobs", "comprehend:DescribeDocumentClassifier", "comprehend:ListDocumentClassifiers", "comprehend:DescribeDocumentClassificationJob", "comprehend:ListDocumentClassificationJobs", "comprehend:DescribeEntityRecognizer", "comprehend:ListEntityRecognizers", "comprehend:ListTagsForResource", "comprehend:DescribeEndpoint", "comprehend:ListEndpoints", "comprehend:ListDocumentClassifierSummaries", "comprehend:ListEntityRecognizerSummaries", "comprehend:DescribeResourcePolicy" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-26T21:32:41+00:00" }, "ComputeOptimizerReadOnlyAccess":{ "CreateDate":"2020-03-07T00:11:02+00:00", "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ "compute-optimizer:DescribeRecommendationExportJobs", "compute-optimizer:GetEnrollmentStatus", "compute-optimizer:GetEnrollmentStatusesForOrganization", "compute-optimizer:GetRecommendationSummaries", "compute-optimizer:GetEC2InstanceRecommendations", "compute-optimizer:GetEC2RecommendationProjectedMetrics", "compute-optimizer:GetAutoScalingGroupRecommendations", "compute-optimizer:GetEBSVolumeRecommendations", "compute-optimizer:GetLambdaFunctionRecommendations", "compute-optimizer:GetRecommendationPreferences", "compute-optimizer:GetEffectiveRecommendationPreferences", "compute-optimizer:GetECSServiceRecommendations", "compute-optimizer:GetECSServiceRecommendationProjectedMetrics", "compute-optimizer:GetRDSDatabaseRecommendations", "compute-optimizer:GetRDSDatabaseRecommendationProjectedMetrics", "compute-optimizer:GetLicenseRecommendations", "compute-optimizer:GetIdleRecommendations", "ec2:DescribeInstances", "ec2:DescribeVolumes", "ecs:ListServices", "ecs:ListClusters", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "lambda:ListFunctions", "lambda:ListProvisionedConcurrencyConfigs", "cloudwatch:GetMetricData", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeAccount", "rds:DescribeDBInstances", "rds:DescribeDBClusters" ], "Effect":"Allow", "Resource":"*", "Sid":"computeOptimizerReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-20T21:08:59+00:00" }, "ComputeOptimizerServiceRolePolicy":{ "CreateDate":"2019-12-03T08:45:19+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "compute-optimizer:*" ], "Effect":"Allow", "Resource":"*", "Sid":"ComputeOptimizerFullAccess" }, { "Action":[ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AwsOrgsAccess" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchAccess" }, { "Action":[ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions" ], "Effect":"Allow", "Resource":"*", "Sid":"AutoScalingAccess" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeVolumes" ], "Effect":"Allow", "Resource":"*", "Sid":"Ec2Access" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-03T21:37:06+00:00" }, "ConfigConformsServiceRolePolicy":{ "CreateDate":"2019-07-25T21:38:05+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "config:PutConfigRule", "config:DeleteConfigRule" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*" }, { "Action":[ "config:DescribeConfigRules" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "config:DescribeRemediationConfigurations", "config:DeleteRemediationConfiguration", "config:PutRemediationConfigurations" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.amazonaws.com*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/*" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"remediation.config.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ssm.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ssm:DescribeDocument", "ssm:GetDocument" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:GetBucketAcl" ], "Effect":"Allow", "Resource":"arn:aws:s3:::awsconfigconforms*" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:GetStackPolicy", "cloudformation:SetStackPolicy", "cloudformation:UpdateStack", "cloudformation:UpdateTerminationProtection", "cloudformation:ValidateTemplate", "cloudformation:ListStackResources" ], "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/awsconfigconforms-*" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/Config" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-01-12T04:17:34+00:00" }, "CostOptimizationHubAdminAccess":{ "CreateDate":"2023-12-19T00:03:51+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cost-optimization-hub:ListEnrollmentStatuses", "cost-optimization-hub:UpdateEnrollmentStatus", "cost-optimization-hub:GetPreferences", "cost-optimization-hub:UpdatePreferences", "cost-optimization-hub:GetRecommendation", "cost-optimization-hub:ListRecommendations", "cost-optimization-hub:ListRecommendationSummaries" ], "Effect":"Allow", "Resource":"*", "Sid":"CostOptimizationHubAdminAccess" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"cost-optimization-hub.bcm.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/AWSServiceRoleForCostOptimizationHub" ], "Sid":"AllowCreationOfServiceLinkedRoleForCostOptimizationHub" }, { "Action":[ "organizations:EnableAWSServiceAccess" ], "Condition":{ "StringLike":{ "organizations:ServicePrincipal":[ "cost-optimization-hub.bcm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAWSServiceAccessForCostOptimizationHub" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-19T00:03:51+00:00" }, "CostOptimizationHubReadOnlyAccess":{ "CreateDate":"2023-12-13T18:04:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cost-optimization-hub:ListEnrollmentStatuses", "cost-optimization-hub:GetPreferences", "cost-optimization-hub:GetRecommendation", "cost-optimization-hub:ListRecommendations", "cost-optimization-hub:ListRecommendationSummaries" ], "Effect":"Allow", "Resource":"*", "Sid":"CostOptimizationHubReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-13T18:04:15+00:00" }, "CostOptimizationHubServiceRolePolicy":{ "CreateDate":"2023-11-26T08:03:59+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListParents", "organizations:DescribeOrganizationalUnit" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AwsOrgsAccess" }, { "Action":[ "organizations:ListDelegatedAdministrators" ], "Condition":{ "StringLikeIfExists":{ "organizations:ServicePrincipal":[ "cost-optimization-hub.bcm.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AwsOrgsScopedAccess" }, { "Action":[ "ce:ListCostAllocationTags", "ce:GetCostAndUsage" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"CostExplorerAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-05T18:02:53+00:00" }, "CustomerProfilesServiceLinkedRolePolicy":{ "CreateDate":"2023-03-07T22:56:52+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/CustomerProfiles" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:DeleteRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/profile.amazonaws.com/AWSServiceRoleForProfile_*" }, { "Action":[ "connect-campaigns:PutProfileOutboundRequestBatch" ], "Effect":"Allow", "Resource":[ "arn:aws:connect-campaigns:*:*:campaign/*" ] }, { "Action":[ "profile:BatchGetProfile" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-26T22:21:06+00:00" }, "DAXServiceRolePolicy":{ "CreateDate":"2018-03-05T17:51:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:RevokeSecurityGroupIngress" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-03-05T17:51:25+00:00" }, "DataScientist":{ "CreateDate":"2016-11-10T17:28:48+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "autoscaling:*", "cloudwatch:*", "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "datapipeline:Describe*", "datapipeline:ListPipelines", "datapipeline:GetPipelineDefinition", "datapipeline:QueryObjects", "dynamodb:*", "ec2:CancelSpotInstanceRequests", "ec2:CancelSpotFleetRequests", "ec2:CreateTags", "ec2:DeleteTags", "ec2:Describe*", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:ModifySpotFleetRequest", "ec2:RequestSpotInstances", "ec2:RequestSpotFleet", "elasticfilesystem:*", "elasticmapreduce:*", "es:*", "firehose:*", "fsx:DescribeFileSystems", "iam:GetInstanceProfile", "iam:GetRole", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListRoles", "kinesis:*", "kms:List*", "lambda:Create*", "lambda:Delete*", "lambda:Get*", "lambda:InvokeFunction", "lambda:PublishVersion", "lambda:Update*", "lambda:List*", "machinelearning:*", "sdb:*", "rds:*", "sns:ListSubscriptions", "sns:ListTopics", "logs:DescribeLogStreams", "logs:GetLogEvents", "redshift:*", "s3:CreateBucket", "sns:CreateTopic", "sns:Get*", "sns:List*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:Abort*", "s3:DeleteObject", "s3:Get*", "s3:List*", "s3:PutAccelerateConfiguration", "s3:PutBucketCors", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketTagging", "s3:PutObject", "s3:Replicate*", "s3:RestoreObject" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:RunInstances", "ec2:TerminateInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/DataPipelineDefaultRole", "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", "arn:aws:iam::*:role/EMR_EC2_DefaultRole", "arn:aws:iam::*:role/EMR_DefaultRole", "arn:aws:iam::*:role/kinesis-*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"sagemaker.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "sagemaker:*" ], "Effect":"Allow", "NotResource":[ "arn:aws:sagemaker:*:*:domain/*", "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:app/*", "arn:aws:sagemaker:*:*:flow-definition/*" ] }, { "Action":[ "sagemaker:CreatePresignedDomainUrl", "sagemaker:DescribeDomain", "sagemaker:ListDomains", "sagemaker:DescribeUserProfile", "sagemaker:ListUserProfiles", "sagemaker:*App", "sagemaker:ListApps" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "sagemaker:*FlowDefinition", "sagemaker:*FlowDefinitions" ], "Condition":{ "StringEqualsIfExists":{ "sagemaker:WorkteamType":[ "private-crowd", "vendor-crowd" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T16:48:34+00:00" }, "DatabaseAdministrator":{ "CreateDate":"2016-11-10T17:25:43+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DeleteAlarms", "cloudwatch:Describe*", "cloudwatch:DisableAlarmActions", "cloudwatch:EnableAlarmActions", "cloudwatch:Get*", "cloudwatch:List*", "cloudwatch:PutMetricAlarm", "datapipeline:ActivatePipeline", "datapipeline:CreatePipeline", "datapipeline:DeletePipeline", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:PutPipelineDefinition", "datapipeline:QueryObjects", "dynamodb:*", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticache:*", "iam:ListRoles", "iam:GetRole", "kms:ListKeys", "lambda:CreateEventSourceMapping", "lambda:CreateFunction", "lambda:DeleteEventSourceMapping", "lambda:DeleteFunction", "lambda:GetFunctionConfiguration", "lambda:ListEventSourceMappings", "lambda:ListFunctions", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:FilterLogEvents", "logs:GetLogEvents", "logs:Create*", "logs:PutLogEvents", "logs:PutMetricFilter", "rds:*", "redshift:*", "s3:CreateBucket", "sns:CreateTopic", "sns:DeleteTopic", "sns:Get*", "sns:List*", "sns:SetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:AbortMultipartUpload", "s3:DeleteObject*", "s3:Get*", "s3:List*", "s3:PutAccelerateConfiguration", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutLifecycleConfiguration", "s3:PutReplicationConfiguration", "s3:PutObject*", "s3:Replicate*", "s3:RestoreObject" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/rds-monitoring-role", "arn:aws:iam::*:role/rdbms-lambda-access", "arn:aws:iam::*:role/lambda_exec_role", "arn:aws:iam::*:role/lambda-dynamodb-*", "arn:aws:iam::*:role/lambda-vpc-execution-role", "arn:aws:iam::*:role/DataPipelineDefaultRole", "arn:aws:iam::*:role/DataPipelineDefaultResourceRole" ] } ], "Version":"2012-10-17" }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-01-08T00:48:02+00:00" }, "DeclarativePoliciesEC2Report":{ "CreateDate":"2024-11-30T13:21:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeRegions", "ec2:GetSerialConsoleAccessStatus", "ec2:GetInstanceMetadataDefaults", "ec2:GetImageBlockPublicAccessState", "ec2:GetSnapshotBlockPublicAccessState", "ec2:GetAllowedImagesSettings", "ec2:DescribeVpcBlockPublicAccessOptions" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DeclarativePoliciesEC2Report" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-30T13:21:06+00:00" }, "DynamoDBCloudWatchContributorInsightsServiceRolePolicy":{ "CreateDate":"2019-11-15T21:13:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DeleteInsightRules", "cloudwatch:PutInsightRule" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" }, { "Action":[ "cloudwatch:DescribeInsightRules" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-15T21:13:58+00:00" }, "DynamoDBKinesisReplicationServiceRolePolicy":{ "CreateDate":"2020-11-12T00:43:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"kms:GenerateDataKey", "Condition":{ "StringLike":{ "kms:ViaService":"kinesis.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesis:PutRecord", "kinesis:PutRecords", "kinesis:DescribeStream" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-12T00:43:25+00:00" }, "DynamoDBReplicationServiceRolePolicy":{ "CreateDate":"2017-11-09T23:55:34+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", "dynamodb:UpdateTable", "dynamodb:Scan", "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:DescribeTimeToLive", "dynamodb:UpdateTimeToLive", "dynamodb:DescribeLimits", "dynamodb:GetResourcePolicy", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:PutScalingPolicy", "application-autoscaling:DescribeScalingPolicies", "account:ListRegions" ], "Effect":"Allow", "Resource":"*", "Sid":"DynamoDBActionsNeededForSteadyStateReplication" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "dynamodb.application-autoscaling.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DynamoDBReplicationServiceRolePolicy" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-08T20:10:36+00:00" }, "EC2FastLaunchFullAccess":{ "CreateDate":"2024-05-13T22:45:26+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:EnableFastLaunch", "ec2:DisableFastLaunch", "ec2:DescribeFastLaunchImages" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2FastLaunch" }, { "Action":[ "ec2:DescribeImages", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:DescribeRegions", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInstances", "ec2:DescribeLaunchTemplates", "ec2:DescribeTags" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2ReadOnly" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:launch-template/*" ], "Sid":"EC2LaunchInstance" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":"EC2 Fast Launch" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*" ], "Sid":"EC2LaunchInstanceWithVolAndInstance" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":"RunInstances" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*" ], "Sid":"EC2Tags" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"ec2fastlaunch.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/ec2fastlaunch.amazonaws.com/AWSServiceRoleForEC2FastLaunch", "Sid":"IAMSLR" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/*", "arn:aws:iam::*:role/*" ], "Sid":"IAMSLRPassRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-13T22:45:26+00:00" }, "EC2FastLaunchServiceRolePolicy":{ "CreateDate":"2022-01-10T13:08:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:launch-template/*" ] }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":"EC2 Fast Launch" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:StopInstances", "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/CreatedBy":"EC2 Fast Launch" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ] }, { "Action":"ec2:CreateSnapshot", "Condition":{ "StringEquals":{ "aws:ResourceTag/CreatedBy":"EC2 Fast Launch" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ] }, { "Action":"ec2:CreateSnapshot", "Condition":{ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "CreatedByLaunchTemplateName", "CreatedByLaunchTemplateId" ] }, "StringEquals":{ "aws:RequestTag/CreatedBy":"EC2 Fast Launch" }, "StringLike":{ "aws:RequestTag/CreatedByLaunchTemplateVersion":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*" ], "Sid":"AllowCreateTaggedSnapshot" }, { "Action":"ec2:CreateLaunchTemplate", "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":"EC2 Fast Launch" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*" }, { "Action":"ec2:CreateTags", "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateSnapshot", "RunInstances", "CreateLaunchTemplate" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:launch-template/*" ] }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/CreatedBy":"EC2 Fast Launch" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*" ] }, { "Action":[ "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates" ], "Effect":"Allow", "Resource":"*" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/EC2" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-01-10T13:08:21+00:00" }, "EC2FleetTimeShiftableServiceRolePolicy":{ "CreateDate":"2019-12-23T19:47:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DescribeInstances", "ec2:RunInstances", "ec2:CreateFleet" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "ec2:CreateTags" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:spot-instances-request/*" ] }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:ec2:fleet-id":"*" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-23T19:47:15+00:00" }, "EC2ImageBuilderLifecycleExecutionPolicy":{ "CreateDate":"2023-11-16T23:23:09+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:EnableImage", "ec2:DeregisterImage", "ec2:EnableImageDeprecation", "ec2:DescribeImageAttribute", "ec2:DisableImage", "ec2:DisableImageDeprecation" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::image/*", "Sid":"Ec2ImagePermission" }, { "Action":"ec2:DeleteSnapshot", "Condition":{ "StringEquals":{ "aws:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*::snapshot/*", "Sid":"EC2DeleteSnapshotPermission" }, { "Action":[ "ec2:DeleteTags", "ec2:CreateTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"DeprecatedBy" }, "StringEquals":{ "aws:RequestTag/DeprecatedBy":"EC2 Image Builder", "aws:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*::image/*" ], "Sid":"EC2TagsPermission" }, { "Action":[ "ecr:BatchGetImage", "ecr:BatchDeleteImage" ], "Condition":{ "StringEquals":{ "ecr:ResourceTag/LifecycleExecutionAccess":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/*", "Sid":"ECRImagePermission" }, { "Action":[ "ec2:DescribeImages", "tag:GetResources", "imagebuilder:DeleteImage" ], "Effect":"Allow", "Resource":"*", "Sid":"ImageBuilderEC2TagServicePermission" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-16T23:23:09+00:00" }, "EC2InstanceConnect":{ "CreateDate":"2019-06-27T18:53:34+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2-instance-connect:SendSSHPublicKey" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2InstanceConnect" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-27T18:53:34+00:00" }, "EC2InstanceProfileForImageBuilder":{ "CreateDate":"2019-12-01T19:08:23+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVolumes", "ec2:DescribeSnapshots" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*" ] }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/CreatedBy":"EC2 Image Builder" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/CreatedBy":[ "EC2 Image Builder" ], "ec2:CreateAction":"CreateSnapshot" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEquals":{ "s3:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*/*.ISO" }, { "Action":[ "imagebuilder:GetComponent", "imagebuilder:GetMarketplaceResource" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "imagebuilder.amazonaws.com" ], "kms:EncryptionContextKeys":"aws:imagebuilder:arn" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::ec2imagebuilder*" }, { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-26T23:52:07+00:00" }, "EC2InstanceProfileForImageBuilderECRContainerBuilds":{ "CreateDate":"2020-12-11T19:48:15+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:PutImage" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "imagebuilder.amazonaws.com" ], "kms:EncryptionContextKeys":"aws:imagebuilder:arn" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":"arn:aws:s3:::ec2imagebuilder*" }, { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-11T19:48:15+00:00" }, "ECRReplicationServiceRolePolicy":{ "CreateDate":"2020-12-04T22:11:28+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecr:CreateRepository", "ecr:ReplicateImage" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-04T22:11:28+00:00" }, "ECRTemplateServiceRolePolicy":{ "CreateDate":"2024-06-19T23:11:37+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ecr:CreateRepository" ], "Effect":"Allow", "Resource":"*", "Sid":"CreateRepositoryWithTemplate" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-19T23:11:37+00:00" }, "EMRDescribeClusterPolicyForEMRWAL":{ "CreateDate":"2023-06-15T23:30:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elasticmapreduce:DescribeCluster" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-15T23:30:22+00:00" }, "Ec2ImageBuilderCrossAccountDistributionAccess":{ "CreateDate":"2020-09-30T19:22:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"ec2:CreateTags", "Effect":"Allow", "Resource":"arn:aws:ec2:*::image/*" }, { "Action":[ "ec2:DescribeImages", "ec2:CopyImage", "ec2:ModifyImageAttribute" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-30T19:22:54+00:00" }, "Ec2InstanceConnectEndpoint":{ "CreateDate":"2023-01-24T20:19:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:subnet/*" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "InstanceConnectEndpointId" ] }, "Null":{ "aws:RequestTag/InstanceConnectEndpointId":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Condition":{ "Null":{ "aws:ResourceTag/InstanceConnectEndpointId":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "InstanceConnectEndpointId" ] }, "Null":{ "aws:RequestTag/InstanceConnectEndpointId":"false" }, "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:DeleteNetworkInterface" ], "Condition":{ "StringLike":{ "aws:ResourceTag/InstanceConnectEndpointId":[ "eice-*" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-01-24T20:19:21+00:00" }, "ElastiCacheServiceRolePolicy":{ "CreateDate":"2017-12-07T17:50:04+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:ModifyNetworkInterfaceAttribute", "ec2:RevokeSecurityGroupIngress", "cloudwatch:PutMetricData", "outposts:GetOutpost", "outposts:GetOutpostInstanceTypes", "outposts:ListOutposts", "outposts:ListSites" ], "Effect":"Allow", "Resource":"*", "Sid":"ElastiCacheManagementActions" }, { "Action":[ "ec2:CreateVpcEndpoint", "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringLike":{ "ec2:VpceServiceName":"com.amazonaws.elasticache.serverless.*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"CreateDeleteVPCEndpoints" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/AmazonElastiCacheManaged":"true", "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"TagVPCEndpointsOnCreation" }, { "Action":[ "ec2:ModifyVpcEndpoint" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/AmazonElastiCacheManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"ModifyVpcEndpoints" }, { "Action":[ "ec2:CreateVpcEndpoint", "ec2:ModifyVpcEndpoint" ], "Effect":"Allow", "NotResource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"AllowAccessToElastiCacheTaggedVpcEndpoints" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-28T03:05:37+00:00" }, "ElasticLoadBalancingFullAccess":{ "CreateDate":"2018-09-20T20:42:07+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":"elasticloadbalancing:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcClassicLink", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DescribeClassicLinkInstances", "ec2:DescribeRouteTables", "ec2:DescribeCoipPools", "ec2:GetCoipPoolUsage", "ec2:GetSecurityGroupsForVpc", "ec2:DescribeVpcPeeringConnections", "cognito-idp:DescribeUserPoolClient" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"arc-zonal-shift:*", "Effect":"Allow", "Resource":"arn:aws:elasticloadbalancing:*:*:loadbalancer/*" }, { "Action":[ "arc-zonal-shift:ListManagedResources", "arc-zonal-shift:ListZonalShifts" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-10-24T22:21:39+00:00" }, "ElasticLoadBalancingReadOnly":{ "CreateDate":"2018-09-20T20:17:09+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "elasticloadbalancing:Describe*", "elasticloadbalancing:Get*" ], "Effect":"Allow", "Resource":"*", "Sid":"Statement1" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeClassicLinkInstances", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"Statement2" }, { "Action":"arc-zonal-shift:GetManagedResource", "Effect":"Allow", "Resource":"arn:aws:elasticloadbalancing:*:*:loadbalancer/*", "Sid":"Statement3" }, { "Action":[ "arc-zonal-shift:ListManagedResources", "arc-zonal-shift:ListZonalShifts" ], "Effect":"Allow", "Resource":"*", "Sid":"Statement4" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-26T18:15:46+00:00" }, "ElementalActivationsDownloadSoftwareAccess":{ "CreateDate":"2020-09-08T17:26:09+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elemental-activations:Get*", "elemental-activations:Download*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-08T17:26:09+00:00" }, "ElementalActivationsFullAccess":{ "CreateDate":"2020-06-04T21:00:13+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elemental-activations:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-04T21:00:13+00:00" }, "ElementalActivationsGenerateLicenses":{ "CreateDate":"2020-08-28T18:28:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elemental-activations:Get*", "elemental-activations:GenerateLicenses", "elemental-activations:StartFileUpload", "elemental-activations:CompleteFileUpload" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-28T18:28:58+00:00" }, "ElementalActivationsReadOnlyAccess":{ "CreateDate":"2020-08-28T16:51:01+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elemental-activations:Get*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-28T16:51:01+00:00" }, "ElementalAppliancesSoftwareFullAccess":{ "CreateDate":"2019-07-31T16:28:53+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "elemental-appliances-software:*", "elemental-activations:CompleteAccountRegistration" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-05T21:01:25+00:00" }, "ElementalAppliancesSoftwareReadOnlyAccess":{ "CreateDate":"2020-04-01T22:31:09+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elemental-appliances-software:List*", "elemental-appliances-software:Get*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-04-01T22:31:09+00:00" }, "ElementalSupportCenterFullAccess":{ "CreateDate":"2020-11-25T18:08:30+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "elemental-support-cases:*", "elemental-support-content:*", "elemental-activations:CompleteAccountRegistration" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-05T21:02:54+00:00" }, "FMSServiceRolePolicy":{ "CreateDate":"2018-03-28T23:01:12+00:00", "DefaultVersionId":"v31", "Document":{ "Statement":[ { "Action":[ "waf:UpdateWebACL", "waf:DeleteWebACL", "waf:GetWebACL", "waf:GetRuleGroup", "waf:ListSubscribedRuleGroups", "waf-regional:UpdateWebACL", "waf-regional:DeleteWebACL", "waf-regional:GetWebACL", "waf-regional:GetRuleGroup", "waf-regional:ListSubscribedRuleGroups", "waf-regional:ListResourcesForWebACL", "waf-regional:AssociateWebACL", "waf-regional:DisassociateWebACL", "elasticloadbalancing:SetWebACL", "apigateway:SetWebACL", "elasticloadbalancing:SetSecurityGroups", "waf:ListTagsForResource", "waf-regional:ListTagsForResource" ], "Effect":"Allow", "Resource":[ "arn:aws:waf:*:*:webacl/*", "arn:aws:waf-regional:*:*:webacl/*", "arn:aws:waf:*:*:rulegroup/*", "arn:aws:waf-regional:*:*:rulegroup/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*", "arn:aws:apigateway:*::/restapis/*/stages/*" ], "Sid":"WafGeneral" }, { "Action":[ "wafv2:PutLoggingConfiguration", "wafv2:GetLoggingConfiguration", "wafv2:ListLoggingConfigurations", "wafv2:DeleteLoggingConfiguration" ], "Effect":"Allow", "Resource":[ "arn:aws:wafv2:*:*:regional/webacl/*", "arn:aws:wafv2:*:*:global/webacl/*" ], "Sid":"Wafv2Logging" }, { "Action":[ "waf:CreateWebACL", "waf-regional:CreateWebACL", "waf:GetChangeToken", "waf-regional:GetChangeToken", "waf-regional:GetWebACLForResource" ], "Effect":"Allow", "Resource":[ "arn:aws:waf:*:*:*", "arn:aws:waf-regional:*:*:*" ], "Sid":"WafWebaclCreation" }, { "Action":[ "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:DescribeTags" ], "Effect":"Allow", "Resource":"*", "Sid":"ElbGeneral" }, { "Action":[ "waf:PutPermissionPolicy", "waf:GetPermissionPolicy", "waf:DeletePermissionPolicy", "waf-regional:PutPermissionPolicy", "waf-regional:GetPermissionPolicy", "waf-regional:DeletePermissionPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:waf:*:*:webacl/*", "arn:aws:waf:*:*:rulegroup/*", "arn:aws:waf-regional:*:*:webacl/*", "arn:aws:waf-regional:*:*:rulegroup/*" ], "Sid":"WafPermissionPolicy" }, { "Action":[ "cloudfront:GetDistribution", "cloudfront:UpdateDistribution", "cloudfront:ListDistributionsByWebACLId", "cloudfront:ListDistributions", "cloudfront:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudfrontGeneral" }, { "Action":[ "config:DeleteConfigRule", "config:GetComplianceDetailsByConfigRule", "config:PutConfigRule", "config:StartConfigRulesEvaluation", "config:DeleteEvaluationResults" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/fms.amazonaws.com/*", "Sid":"ConfigScoped" }, { "Action":[ "config:DescribeComplianceByConfigRule", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeConfigRules", "config:DescribeConfigRuleEvaluationStatus", "config:PutConfigurationRecorder", "config:StartConfigurationRecorder", "config:PutDeliveryChannel", "config:DescribeDeliveryChannels", "config:DescribeDeliveryChannelStatus", "config:GetComplianceSummaryByConfigRule", "config:GetDiscoveredResourceCounts", "config:PutEvaluations", "config:SelectResourceConfig", "config:BatchGetResourceConfig" ], "Effect":"Allow", "Resource":"*", "Sid":"ConfigUnscoped" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS" ], "Sid":"SlrDeletion" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:DescribeOrganizationalUnit", "organizations:ListChildren", "organizations:ListRoots", "organizations:ListParents", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAWSServiceAccessForOrganization" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"OrganizationsGeneral" }, { "Action":[ "shield:CreateProtection", "shield:DeleteProtection", "shield:DescribeProtection", "shield:ListProtections", "shield:ListAttacks", "shield:CreateSubscription", "shield:DescribeSubscription", "shield:GetSubscriptionState", "shield:DescribeDRTAccess", "shield:DescribeEmergencyContactSettings", "shield:UpdateEmergencyContactSettings", "elasticloadbalancing:DescribeLoadBalancers", "ec2:DescribeAddresses", "shield:EnableApplicationLayerAutomaticResponse", "shield:DisableApplicationLayerAutomaticResponse", "shield:UpdateApplicationLayerAutomaticResponse" ], "Effect":"Allow", "Resource":"*", "Sid":"ShieldGeneral" }, { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ], "Sid":"EC2SecurityGroupScoped" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateSecurityGroup" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"SecurityGroupTagCreation" }, { "Action":[ "ec2:DeleteTags", "ec2:CreateTags" ], "Condition":{ "StringLike":{ "aws:ResourceTag/FMManaged":"*" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"SecurityGroupTagManagement" }, { "Action":[ "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeVpcs", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeInstances", "ec2:AssociateRouteTable", "ec2:CreateSubnet", "ec2:CreateRouteTable", "ec2:DeleteSubnet", "ec2:DisassociateRouteTable", "ec2:ReplaceRouteTableAssociation" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"Ec2Unscoped" }, { "Action":[ "wafv2:TagResource", "wafv2:ListResourcesForWebACL", "wafv2:AssociateWebACL", "wafv2:ListTagsForResource", "wafv2:UntagResource", "wafv2:GetWebACL", "wafv2:DisassociateFirewallManager", "wafv2:DeleteWebACL", "wafv2:DisassociateWebACL" ], "Effect":"Allow", "Resource":[ "arn:aws:wafv2:*:*:global/webacl/*", "arn:aws:wafv2:*:*:regional/webacl/*" ], "Sid":"Wafv2General" }, { "Action":[ "wafv2:UpdateWebACL", "wafv2:CreateWebACL", "wafv2:DeleteFirewallManagerRuleGroups", "wafv2:PutFirewallManagerRuleGroups" ], "Effect":"Allow", "Resource":[ "arn:aws:wafv2:*:*:global/webacl/*", "arn:aws:wafv2:*:*:regional/webacl/*", "arn:aws:wafv2:*:*:global/rulegroup/*", "arn:aws:wafv2:*:*:regional/rulegroup/*", "arn:aws:wafv2:*:*:global/managedruleset/*", "arn:aws:wafv2:*:*:regional/managedruleset/*", "arn:aws:wafv2:*:*:global/ipset/*", "arn:aws:wafv2:*:*:regional/ipset/*", "arn:aws:wafv2:*:*:global/regexpatternset/*", "arn:aws:wafv2:*:*:regional/regexpatternset/*" ], "Sid":"Wafv2WebAclAndRuleGroupMutation" }, { "Action":[ "wafv2:PutPermissionPolicy", "wafv2:GetPermissionPolicy", "wafv2:DeletePermissionPolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:wafv2:*:*:global/rulegroup/*", "arn:aws:wafv2:*:*:regional/rulegroup/*" ], "Sid":"Wafv2PermissionPolicy" }, { "Action":[ "wafv2:GetWebACLForResource" ], "Effect":"Allow", "Resource":[ "arn:aws:wafv2:*:*:regional/webacl/*" ], "Sid":"Wafv2WebaclDescribe" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Name", "FMManaged" ] }, "StringEquals":{ "ec2:CreateAction":"CreateRouteTable" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:route-table/*", "Sid":"RouteTableTagManagement" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Name", "FMManaged" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*" ], "Sid":"SubnetTagManagement" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Name", "FMManaged" ] }, "StringEquals":{ "ec2:CreateAction":"CreateVpcEndpoint" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"VPCEndpointTagManagement" }, { "Action":"ec2:DeleteRouteTable", "Condition":{ "StringEquals":{ "ec2:ResourceTag/FMManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:route-table/*", "Sid":"RouteTableCleanup" }, { "Action":[ "ec2:DescribeInternetGateways", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcEndpoints", "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*", "Sid":"Ec2DescribeUnscoped" }, { "Action":"ec2:CreateVpcEndpoint", "Condition":{ "StringEquals":{ "aws:RequestTag/FMManaged":[ "true" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"CreateVpcEndpointScoped" }, { "Action":"ec2:CreateVpcEndpoint", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:vpc/*" ], "Sid":"CreateVpcEndpointUnscoped" }, { "Action":[ "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/FMManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", "Sid":"VpcEndpointsDeletion" }, { "Action":[ "ram:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Name", "FMManaged" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ram:*:*:resource-share/*" ], "Sid":"RamTagManagement" }, { "Action":[ "ram:AssociateResourceShare", "ram:UpdateResourceShare", "ram:DeleteResourceShare" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/FMManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ram:*:*:resource-share/*", "Sid":"RamMutation" }, { "Action":"ram:CreateResourceShare", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Name", "FMManaged" ] }, "StringEquals":{ "aws:RequestTag/FMManaged":[ "true" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"RamCreation" }, { "Action":[ "ram:GetResourceShareAssociations", "ram:GetResourceShares" ], "Effect":"Allow", "Resource":"*", "Sid":"RamDescribe" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":[ "network-firewall.amazonaws.com", "shield.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"SlrCreation" }, { "Action":"iam:GetRole", "Effect":"Allow", "Resource":"*", "Sid":"IamDescribe" }, { "Action":[ "network-firewall:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Name", "FMManaged" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"NetworkFirewallTagManagement" }, { "Action":[ "network-firewall:AssociateSubnets", "network-firewall:CreateFirewall", "network-firewall:CreateFirewallPolicy", "network-firewall:DisassociateSubnets", "network-firewall:UpdateFirewallDeleteProtection", "network-firewall:UpdateFirewallPolicy", "network-firewall:UpdateFirewallPolicyChangeProtection", "network-firewall:UpdateSubnetChangeProtection", "network-firewall:AssociateFirewallPolicy", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeRuleGroup", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups", "network-firewall:DescribeResourcePolicy", "network-firewall:DeleteResourcePolicy", "network-firewall:DescribeLoggingConfiguration", "network-firewall:UpdateLoggingConfiguration", "network-firewall:DescribeTLSInspectionConfiguration", "network-firewall:ListTLSInspectionConfigurations" ], "Effect":"Allow", "Resource":"*", "Sid":"NetworkFirewallGeneral" }, { "Action":[ "network-firewall:PutResourcePolicy" ], "Effect":"Allow", "Resource":[ "arn:aws:network-firewall:*:*:firewall-policy/*", "arn:aws:network-firewall:*:*:stateful-rulegroup/*", "arn:aws:network-firewall:*:*:stateless-rulegroup/*" ], "Sid":"NetworkFirewallResourcePolicy" }, { "Action":[ "network-firewall:DeleteFirewallPolicy", "network-firewall:DeleteFirewall" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/FMManaged":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"NetworkFirewallCleanup" }, { "Action":[ "logs:ListLogDeliveries", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery" ], "Effect":"Allow", "Resource":"*", "Sid":"LogsGeneral" }, { "Action":[ "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:ListTagsForResource", "route53resolver:ListFirewallRuleGroups", "route53resolver:GetFirewallRuleGroupAssociation", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetFirewallRuleGroupPolicy", "route53resolver:PutFirewallRuleGroupPolicy" ], "Effect":"Allow", "Resource":"*", "Sid":"Route53ResolverRuleGroupUnscoped" }, { "Action":[ "route53resolver:UpdateFirewallRuleGroupAssociation", "route53resolver:DisassociateFirewallRuleGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/FMManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:route53resolver:*:*:firewall-rule-group-association/*", "Sid":"Route53ResolverRuleGroupCleanup" }, { "Action":[ "route53resolver:AssociateFirewallRuleGroup", "route53resolver:TagResource" ], "Condition":{ "StringEquals":{ "aws:RequestTag/FMManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:route53resolver:*:*:firewall-rule-group-association/*", "Sid":"Route53ResolverRuleGroupScoped" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Name", "FMManaged", "FMPolicies" ] }, "StringEquals":{ "ec2:CreateAction":"CreateNetworkAcl" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-acl/*", "Sid":"NaclTagCreation" }, { "Action":[ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "Name", "FMManaged", "FMPolicies" ] }, "StringEquals":{ "aws:ResourceTag/FMManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-acl/*", "Sid":"NaclTagManagement" }, { "Action":[ "ec2:DeleteNetworkAclEntry", "ec2:CreateNetworkAclEntry", "ec2:ReplaceNetworkAclEntry", "ec2:DeleteNetworkAcl" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/FMManaged":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"NaclScoped" }, { "Action":[ "ec2:ReplaceNetworkAclAssociation", "ec2:DescribeNetworkAcls", "ec2:CreateNetworkAcl" ], "Effect":"Allow", "Resource":"*", "Sid":"NaclUnscoped" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-11T21:37:06+00:00" }, "FSxDeleteServiceLinkedRoleAccess":{ "CreateDate":"2018-11-28T10:40:24+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus", "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-28T10:40:24+00:00" }, "GameLiftContainerFleetPolicy":{ "CreateDate":"2024-11-12T19:28:49+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogStream", "logs:PutLogEvents", "logs:PutRetentionPolicy" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:gamelift-*:log-stream:*", "Sid":"WriteGameSessionLogsToLogStream" }, { "Action":"logs:CreateLogGroup", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:gamelift-*", "Sid":"CreateLogGroupToStoreGameSessionLogs" }, { "Action":[ "s3:PutObject", "s3:GetBucketLocation" ], "Condition":{ "StringEquals":{ "s3:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::gamelift-*" ], "Sid":"WriteGameSessionLogsToS3Bucket" }, { "Action":[ "gamelift:GetComputeAuthToken" ], "Effect":"Allow", "Resource":[ "arn:aws:gamelift:*:*:containerfleet/*" ], "Sid":"RetrieveComputeAuthToken" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-05T20:37:06+00:00" }, "GameLiftGameServerGroupPolicy":{ "CreateDate":"2020-04-03T23:12:19+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"ec2:TerminateInstances", "Condition":{ "StringEquals":{ "ec2:ResourceTag/GameLift":"GameServerGroups" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "autoscaling:CompleteLifecycleAction", "autoscaling:ResumeProcesses", "autoscaling:EnterStandby", "autoscaling:SetInstanceProtection", "autoscaling:UpdateAutoScalingGroup", "autoscaling:SuspendProcesses", "autoscaling:DetachInstances" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/GameLift":"GameServerGroups" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeImages", "ec2:DescribeInstances", "autoscaling:DescribeAutoScalingGroups", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*" }, { "Action":"sns:Publish", "Effect":"Allow", "Resource":[ "arn:*:sns:*:*:ActivatingLifecycleHookTopic-*", "arn:*:sns:*:*:TerminatingLifecycleHookTopic-*" ] }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/GameLift" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-05-13T17:27:43+00:00" }, "GlobalAcceleratorFullAccess":{ "CreateDate":"2018-11-27T02:44:44+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "globalaccelerator:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"elasticloadbalancing:DescribeLoadBalancers", "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:DescribeAddresses", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeRegions", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"globalaccelerator.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-04T19:17:26+00:00" }, "GlobalAcceleratorReadOnlyAccess":{ "CreateDate":"2018-11-27T02:41:00+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "globalaccelerator:Describe*", "globalaccelerator:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-27T02:41:00+00:00" }, "GreengrassOTAUpdateArtifactAccess":{ "CreateDate":"2017-11-29T18:11:47+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*-greengrass-updates/*" ], "Sid":"AllowsIotToAccessGreengrassOTAUpdateArtifacts" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-12-18T00:59:43+00:00" }, "GroundTruthSyntheticConsoleFullAccess":{ "CreateDate":"2022-08-25T15:58:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sagemaker-groundtruth-synthetic:*", "s3:ListBucket" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-25T15:58:49+00:00" }, "GroundTruthSyntheticConsoleReadOnlyAccess":{ "CreateDate":"2022-08-25T15:58:49+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "sagemaker-groundtruth-synthetic:List*", "sagemaker-groundtruth-synthetic:Get*", "s3:ListBucket" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-25T15:58:49+00:00" }, "Health_OrganizationsServiceRolePolicy":{ "CreateDate":"2019-12-16T13:28:21+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators", "organizations:DescribeOrganization", "organizations:DescribeAccount" ], "Effect":"Allow", "Resource":"*", "Sid":"HealthAPIOrganizationView0" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-06T16:07:08+00:00" }, "IAMAccessAdvisorReadOnly":{ "CreateDate":"2019-06-21T19:33:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:ListRoles", "iam:ListUsers", "iam:ListGroups", "iam:ListPolicies", "iam:ListPoliciesGrantingServiceAccess", "iam:GenerateServiceLastAccessedDetails", "iam:GenerateOrganizationsAccessReport", "iam:GenerateCredentialReport", "iam:GetRole", "iam:GetPolicy", "iam:GetServiceLastAccessedDetails", "iam:GetServiceLastAccessedDetailsWithEntities", "iam:GetOrganizationsAccessReport", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:ListChildren", "organizations:ListParents", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListPolicies", "organizations:ListTargetsForPolicy" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-21T19:33:45+00:00" }, "IAMAccessAnalyzerFullAccess":{ "CreateDate":"2019-12-02T17:12:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "access-analyzer:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "iam:AWSServiceName":"access-analyzer.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListRoots" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-02T17:12:40+00:00" }, "IAMAccessAnalyzerReadOnlyAccess":{ "CreateDate":"2019-12-02T17:12:53+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "access-analyzer:CheckAccessNotGranted", "access-analyzer:CheckNoNewAccess", "access-analyzer:CheckNoPublicAccess", "access-analyzer:Get*", "access-analyzer:List*", "access-analyzer:ValidatePolicy" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMAccessAnalyzerReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-07-18T17:49:04+00:00" }, "IAMAuditRootUserCredentials":{ "CreateDate":"2024-11-06T22:27:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Effect":"Deny", "NotAction":[ "iam:ListAccessKeys", "iam:ListSigningCertificates", "iam:GetLoginProfile", "iam:ListMFADevices", "iam:GetAccountSummary", "iam:GetUser", "iam:GetAccessKeyLastUsed" ], "Resource":"*", "Sid":"DenyAllOtherActionsOnAnyResource" }, { "Action":[ "iam:ListAccessKeys", "iam:ListSigningCertificates", "iam:GetLoginProfile", "iam:ListMFADevices", "iam:GetUser", "iam:GetAccessKeyLastUsed" ], "Effect":"Deny", "NotResource":"arn:aws:iam::*:root", "Sid":"DenyAuditingCredentialsOnNonRootUserResource" } ], "Version":"2012-10-17" }, "Path":"/root-task/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-06T22:27:58+00:00" }, "IAMCreateRootUserPassword":{ "CreateDate":"2024-11-06T22:32:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Effect":"Deny", "NotAction":[ "iam:CreateLoginProfile", "iam:GetLoginProfile" ], "Resource":"*", "Sid":"DenyAllOtherActionsOnAnyResource" }, { "Action":[ "iam:CreateLoginProfile", "iam:GetLoginProfile" ], "Effect":"Deny", "NotResource":"arn:aws:iam::*:root", "Sid":"DenyCreatingPasswordOnNonRootUserResource" } ], "Version":"2012-10-17" }, "Path":"/root-task/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-06T22:32:59+00:00" }, "IAMDeleteRootUserCredentials":{ "CreateDate":"2024-11-06T22:47:58+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Effect":"Deny", "NotAction":[ "iam:DeleteAccessKey", "iam:DeleteSigningCertificate", "iam:DeleteLoginProfile", "iam:DeactivateMFADevice", "iam:DeleteVirtualMFADevice", "iam:ListAccessKeys", "iam:ListSigningCertificates", "iam:GetLoginProfile", "iam:ListMFADevices", "iam:GetUser", "iam:GetAccessKeyLastUsed" ], "Resource":"*", "Sid":"DenyAllOtherActionsOnAnyResource" }, { "Action":[ "iam:DeleteAccessKey", "iam:DeleteSigningCertificate", "iam:DeleteLoginProfile", "iam:DeactivateMFADevice", "iam:DeleteVirtualMFADevice", "iam:ListAccessKeys", "iam:ListSigningCertificates", "iam:GetLoginProfile", "iam:ListMFADevices", "iam:GetUser", "iam:GetAccessKeyLastUsed" ], "Effect":"Deny", "NotResource":"arn:aws:iam::*:root", "Sid":"DenyDeletingRootUserCredentialsOnNonRootUserResource" } ], "Version":"2012-10-17" }, "Path":"/root-task/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-06T22:47:58+00:00" }, "IAMFullAccess":{ "CreateDate":"2015-02-06T18:40:38+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iam:*", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:ListChildren", "organizations:ListParents", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListPolicies", "organizations:ListTargetsForPolicy" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-21T19:40:00+00:00" }, "IAMReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:39+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-01-25T19:11:27+00:00" }, "IAMSelfManageServiceSpecificCredentials":{ "CreateDate":"2016-12-22T17:25:18+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:CreateServiceSpecificCredential", "iam:ListServiceSpecificCredentials", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:user/${aws:username}" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-12-22T17:25:18+00:00" }, "IAMUserChangePassword":{ "CreateDate":"2016-11-15T00:25:16+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iam:ChangePassword" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:user/${aws:username}" ] }, { "Action":[ "iam:GetAccountPasswordPolicy" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-11-15T23:18:55+00:00" }, "IAMUserSSHKeys":{ "CreateDate":"2015-07-09T17:08:54+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:user/${aws:username}" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-07-09T17:08:54+00:00" }, "IVSFullAccess":{ "CreateDate":"2023-12-13T21:20:21+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ivs:*", "ivschat:*" ], "Effect":"Allow", "Resource":"*", "Sid":"IVSFullAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-13T21:20:21+00:00" }, "IVSReadOnlyAccess":{ "CreateDate":"2023-12-05T18:00:37+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ivs:BatchGetChannel", "ivs:GetChannel", "ivs:GetComposition", "ivs:GetEncoderConfiguration", "ivs:GetIngestConfiguration", "ivs:GetParticipant", "ivs:GetPlaybackKeyPair", "ivs:GetPlaybackRestrictionPolicy", "ivs:GetPublicKey", "ivs:GetRecordingConfiguration", "ivs:GetStage", "ivs:GetStageSession", "ivs:GetStorageConfiguration", "ivs:GetStream", "ivs:GetStreamSession", "ivs:ListChannels", "ivs:ListCompositions", "ivs:ListEncoderConfigurations", "ivs:ListIngestConfigurations", "ivs:ListParticipants", "ivs:ListParticipantEvents", "ivs:ListPlaybackKeyPairs", "ivs:ListPlaybackRestrictionPolicies", "ivs:ListPublicKeys", "ivs:ListRecordingConfigurations", "ivs:ListStages", "ivs:ListStageSessions", "ivs:ListStorageConfigurations", "ivs:ListStreamKeys", "ivs:ListStreams", "ivs:ListStreamSessions", "ivs:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"IVSReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-17T20:42:06+00:00" }, "IVSRecordToS3":{ "CreateDate":"2020-12-05T00:10:43+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::AWSIVS_*/ivs/*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-05T00:10:43+00:00" }, "KafkaConnectServiceRolePolicy":{ "CreateDate":"2021-09-07T13:12:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"AmazonMSKConnectManaged" }, "StringEquals":{ "aws:RequestTag/AmazonMSKConnectManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" }, { "Action":[ "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterfacePermission", "ec2:AttachNetworkInterface", "ec2:DetachNetworkInterface", "ec2:DeleteNetworkInterface" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/AmazonMSKConnectManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-07T13:12:44+00:00" }, "KafkaServiceRolePolicy":{ "CreateDate":"2018-11-15T23:31:48+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterfacePermission", "ec2:AttachNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DetachNetworkInterface", "ec2:DescribeVpcEndpoints", "acm-pca:GetCertificateAuthorityCertificate", "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:ModifyVpcEndpoint" ], "Effect":"Allow", "Resource":"arn:*:ec2:*:*:subnet/*" }, { "Action":[ "ec2:DeleteVpcEndpoints", "ec2:ModifyVpcEndpoint" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/AWSMSKManaged":"true" }, "StringLike":{ "ec2:ResourceTag/ClusterArn":"*" } }, "Effect":"Allow", "Resource":"arn:*:ec2:*:*:vpc-endpoint/*" }, { "Action":[ "secretsmanager:GetResourcePolicy", "secretsmanager:PutResourcePolicy", "secretsmanager:DeleteResourcePolicy", "secretsmanager:DescribeSecret" ], "Condition":{ "ArnLike":{ "secretsmanager:SecretId":"arn:*:secretsmanager:*:*:secret:AmazonMSK_*" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-28T00:39:35+00:00" }, "KeyspacesReplicationServiceRolePolicy":{ "CreateDate":"2023-05-02T16:15:49+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cassandra:Select", "cassandra:Modify", "cassandra:Alter", "cassandra:ModifyMultiRegionResource", "cassandra:SelectMultiRegionResource", "cassandra:AlterMultiRegionResource", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy" ], "Effect":"Allow", "Resource":"*", "Sid":"KeyspacesActionsNeededForSteadyStateReplication" }, { "Action":[ "cloudwatch:DeleteAlarms" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:TargetTracking-*", "Sid":"CWDeleteAlarmPolicy" }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:*", "Sid":"CWDescribeAlarmPolicy" }, { "Action":[ "cloudwatch:PutMetricAlarm" ], "Condition":{ "ForAllValues:StringLike":{ "cloudwatch:AlarmActions":[ "arn:aws:autoscaling:*:*:scalingPolicy:*:resource/cassandra/keyspace/*/table/*:policyName/*:createdBy/*" ] } }, "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:TargetTracking-*", "Sid":"CWPutMetricAlarmPolicy" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-15T20:55:16+00:00" }, "LakeFormationDataAccessServiceRolePolicy":{ "CreateDate":"2019-06-20T20:46:19+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*" ], "Sid":"LakeFormationDataAccessServiceRolePolicy" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-06T18:37:31+00:00" }, "LexBotPolicy":{ "CreateDate":"2017-02-17T22:18:13+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "polly:SynthesizeSpeech" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "comprehend:DetectSentiment" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-13T22:29:16+00:00" }, "LexChannelPolicy":{ "CreateDate":"2017-02-17T23:23:24+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "lex:PostText" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-02-17T23:23:24+00:00" }, "LightsailExportAccess":{ "CreateDate":"2018-09-28T16:35:54+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/lightsail.amazonaws.com/AWSServiceRoleForLightsail*" }, { "Action":[ "ec2:CopySnapshot", "ec2:DescribeSnapshots", "ec2:CopyImage", "ec2:DescribeImages" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:GetAccountPublicAccessBlock" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-01-15T01:45:33+00:00" }, "MediaConnectGatewayInstanceRolePolicy":{ "CreateDate":"2023-03-22T20:43:25+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "mediaconnect:DiscoverGatewayPollEndpoint", "mediaconnect:PollGateway", "mediaconnect:SubmitGatewayStateChange" ], "Effect":"Allow", "Resource":"*", "Sid":"MediaConnectGateway" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-22T20:43:25+00:00" }, "MediaPackageServiceRolePolicy":{ "CreateDate":"2020-09-18T17:45:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"logs:PutLogEvents", "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/MediaPackage/*:log-stream:*" }, { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/MediaPackage/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-18T17:45:47+00:00" }, "MemoryDBServiceRolePolicy":{ "CreateDate":"2021-08-17T22:34:59+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonMemoryDBManaged" ] }, "StringEquals":{ "ec2:CreateAction":"CreateNetworkInterface" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"CreateMemoryDBTagsOnNetworkInterfaces" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateNetworkInterfaces" }, { "Action":[ "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute" ], "Condition":{ "StringEquals":{ "ec2:ResourceTag/AmazonMemoryDBManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"DeleteMemoryDBTaggedNetworkInterfaces" }, { "Action":[ "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"DeleteNetworkInterfaces" }, { "Action":[ "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeEC2Resources" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/MemoryDB" } }, "Effect":"Allow", "Resource":"*", "Sid":"PutCloudWatchMetricData" }, { "Action":[ "memorydb:ReplicateMultiRegionClusterData" ], "Effect":"Allow", "Resource":"arn:aws:memorydb:*:*:cluster/*", "Sid":"ReplicateMemoryDBMultiRegionClusterData" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T16:21:07+00:00" }, "MigrationHubDMSAccessServiceRolePolicy":{ "CreateDate":"2019-06-12T17:50:39+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"mgh:CreateProgressUpdateStream", "Effect":"Allow", "Resource":"arn:aws:mgh:*:*:progressUpdateStream/DMS" }, { "Action":[ "mgh:DescribeMigrationTask", "mgh:AssociateDiscoveredResource", "mgh:ListDiscoveredResources", "mgh:ImportMigrationTask", "mgh:ListCreatedArtifacts", "mgh:DisassociateDiscoveredResource", "mgh:AssociateCreatedArtifact", "mgh:NotifyMigrationTaskState", "mgh:DisassociateCreatedArtifact", "mgh:PutResourceAttributes" ], "Effect":"Allow", "Resource":"arn:aws:mgh:*:*:progressUpdateStream/DMS/migrationTask/*" }, { "Action":[ "mgh:ListMigrationTasks", "mgh:NotifyApplicationState", "mgh:DescribeApplicationState", "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-07T17:57:44+00:00" }, "MigrationHubSMSAccessServiceRolePolicy":{ "CreateDate":"2019-06-12T18:30:28+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"mgh:CreateProgressUpdateStream", "Effect":"Allow", "Resource":"arn:aws:mgh:*:*:progressUpdateStream/SMS" }, { "Action":[ "mgh:DescribeMigrationTask", "mgh:AssociateDiscoveredResource", "mgh:ListDiscoveredResources", "mgh:ImportMigrationTask", "mgh:ListCreatedArtifacts", "mgh:DisassociateDiscoveredResource", "mgh:AssociateCreatedArtifact", "mgh:NotifyMigrationTaskState", "mgh:DisassociateCreatedArtifact", "mgh:PutResourceAttributes" ], "Effect":"Allow", "Resource":"arn:aws:mgh:*:*:progressUpdateStream/SMS/migrationTask/*" }, { "Action":[ "mgh:ListMigrationTasks", "mgh:NotifyApplicationState", "mgh:DescribeApplicationState", "mgh:GetHomeRegion" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-07T18:02:22+00:00" }, "MigrationHubServiceRolePolicy":{ "CreateDate":"2019-06-12T17:22:16+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "discovery:ListConfigurations", "discovery:DescribeConfigurations" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"aws:migrationhub:source-id" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Action":"dms:AddTagsToResource", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"aws:migrationhub:source-id" } }, "Effect":"Allow", "Resource":[ "arn:aws:dms:*:*:endpoint:*" ] }, { "Action":[ "ec2:DescribeInstanceAttribute" ], "Effect":"Allow", "Resource":[ "*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-06T18:08:46+00:00" }, "MonitronServiceRolePolicy":{ "CreateDate":"2022-05-02T19:22:03+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/monitron/*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-05-02T19:22:03+00:00" }, "NeptuneConsoleFullAccess":{ "CreateDate":"2018-06-19T21:35:19+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "rds:CreateDBCluster", "rds:CreateDBInstance" ], "Condition":{ "StringEquals":{ "rds:DatabaseEngine":[ "graphdb", "neptune" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:*" ], "Sid":"AllowNeptuneCreate" }, { "Action":[ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowManagementPermissionsForRDS" }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpoint", "ec2:DescribeAccountAttributes", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "iam:ListRoles", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowOtherDepedentPermissions" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:passedToService":"rds.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPassRoleForNeptune" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"rds.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Sid":"AllowCreateSLRForNeptune" }, { "Action":[ "neptune-graph:CreateGraph", "neptune-graph:DeleteGraph", "neptune-graph:GetGraph", "neptune-graph:ListGraphs", "neptune-graph:UpdateGraph", "neptune-graph:ResetGraph", "neptune-graph:CreateGraphSnapshot", "neptune-graph:DeleteGraphSnapshot", "neptune-graph:GetGraphSnapshot", "neptune-graph:ListGraphSnapshots", "neptune-graph:RestoreGraphFromSnapshot", "neptune-graph:CreatePrivateGraphEndpoint", "neptune-graph:GetPrivateGraphEndpoint", "neptune-graph:ListPrivateGraphEndpoints", "neptune-graph:DeletePrivateGraphEndpoint", "neptune-graph:CreateGraphUsingImportTask", "neptune-graph:GetImportTask", "neptune-graph:ListImportTasks", "neptune-graph:CancelImportTask" ], "Effect":"Allow", "Resource":[ "arn:aws:neptune-graph:*:*:*" ], "Sid":"AllowManagementPermissionsForNeptuneAnalytics" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:passedToService":"neptune-graph.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPassRoleForNeptuneAnalytics" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"neptune-graph.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/neptune-graph.amazonaws.com/AWSServiceRoleForNeptuneGraph", "Sid":"AllowCreateSLRForNeptuneAnalytics" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-30T07:32:44+00:00" }, "NeptuneFullAccess":{ "CreateDate":"2018-05-30T19:17:31+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "rds:CreateDBCluster", "rds:CreateDBInstance" ], "Condition":{ "StringEquals":{ "rds:DatabaseEngine":[ "graphdb", "neptune" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:*" ], "Sid":"AllowNeptuneCreate" }, { "Action":[ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBClusterEndpoint", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:CreateGlobalCluster", "rds:DeleteDBCluster", "rds:DeleteDBClusterEndpoint", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DeleteGlobalCluster", "rds:DescribeDBClusterEndpoints", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:FailoverGlobalCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterEndpoint", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:ModifyGlobalCluster", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveFromGlobalCluster", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime", "rds:StartDBCluster", "rds:StopDBCluster" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowManagementPermissionsForRDS" }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowOtherDepedentPermissions" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:passedToService":"rds.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPassRoleForNeptune" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"rds.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Sid":"AllowCreateSLRForNeptune" }, { "Action":[ "neptune-db:*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowDataAccessForNeptune" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-22T16:32:31+00:00" }, "NeptuneGraphReadOnlyAccess":{ "CreateDate":"2023-11-30T07:32:17+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "neptune-graph:Get*", "neptune-graph:List*", "neptune-graph:Read*" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyPermissionsForNeptuneGraph" }, { "Action":[ "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyPermissionsForEC2" }, { "Action":[ "kms:ListKeys", "kms:ListAliases" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyPermissionsForKMS" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyPermissionsForCloudwatch" }, { "Action":[ "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" ], "Sid":"AllowReadOnlyPermissionsForLogs" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-30T07:32:17+00:00" }, "NeptuneReadOnlyAccess":{ "CreateDate":"2018-05-30T19:16:37+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSubnetGroups", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeGlobalClusters", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyPermissionsForRDS" }, { "Action":[ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyPermissionsForCloudwatch" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyPermissionsForEC2" }, { "Action":[ "kms:ListKeys", "kms:ListRetirableGrants", "kms:ListAliases", "kms:ListKeyPolicies" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowReadOnlyPermissionsForKMS" }, { "Action":[ "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" ], "Sid":"AllowReadOnlyPermissionsForLogs" }, { "Action":[ "neptune-db:Read*", "neptune-db:Get*", "neptune-db:List*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowReadOnlyPermissionsForNeptuneDB" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-01-22T16:33:46+00:00" }, "NetworkAdministrator":{ "CreateDate":"2016-11-10T17:31:35+00:00", "DefaultVersionId":"v13", "Document":{ "Statement":[ { "Action":[ "autoscaling:Describe*", "cloudfront:ListDistributions", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "directconnect:*", "ec2:AcceptVpcEndpointConnections", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateDhcpOptions", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", "ec2:CreateCarrierGateway", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFlowLogs", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreatePlacementGroup", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointConnectionNotification", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteCarrierGateway", "ec2:DeleteEgressOnlyInternetGateway", "ec2:DeleteFlowLogs", "ec2:DeleteNatGateway", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeletePlacementGroup", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpointConnectionNotifications", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCarrierGateways", "ec2:DescribeClassicLinkInstances", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeIpv6Pools", "ec2:DescribeKeyPairs", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribePrefixLists", "ec2:DescribePublicIpv4Pools", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachVpnGateway", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:DisassociateSubnetCidrBlock", "ec2:DisassociateVpcCidrBlock", "ec2:EnableVgwRoutePropagation", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:GetVpnConnectionDeviceSampleConfiguration", "ec2:GetVpnConnectionDeviceTypes", "ec2:GetVpnTunnelReplacementStatus", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySecurityGroupRules", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointConnectionNotification", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ModifyVpcPeeringConnectionOptions", "ec2:ModifyVpcTenancy", "ec2:ModifyVpnConnection", "ec2:ModifyVpnConnectionOptions", "ec2:ModifyVpnTunnelCertificate", "ec2:ModifyVpnTunnelOptions", "ec2:MoveAddressToVpc", "ec2:RejectVpcEndpointConnections", "ec2:ReleaseAddress", "ec2:ReplaceNetworkAclAssociation", "ec2:ReplaceNetworkAclEntry", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:ReplaceVpnTunnel", "ec2:ResetNetworkInterfaceAttribute", "ec2:RestoreAddressToClassic", "ec2:UnassignIpv6Addresses", "ec2:UnassignPrivateIpAddresses", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:RequestEnvironmentInfo", "elasticbeanstalk:RetrieveEnvironmentInfo", "elasticloadbalancing:*", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogEvents", "route53:*", "route53domains:*", "sns:CreateTopic", "sns:ListSubscriptionsByTopic", "sns:ListTopics" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowDefaultNetworkAdminActions" }, { "Action":[ "ec2:AcceptVpcPeeringConnection", "ec2:AssociateSecurityGroupVpc", "ec2:AttachClassicLinkVpc", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateVpcPeeringConnection", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DeleteVpcPeeringConnection", "ec2:DescribeSecurityGroupVpcAssociations", "ec2:DetachClassicLinkVpc", "ec2:DisableVpcClassicLink", "ec2:DisassociateSecurityGroupVpc", "ec2:EnableVpcClassicLink", "ec2:GetConsoleScreenshot", "ec2:GetSecurityGroupsForVpc", "ec2:RejectVpcPeeringConnection", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AllowVPCPermissions" }, { "Action":[ "ec2:CreateLocalGatewayRoute", "ec2:CreateLocalGatewayRouteTableVpcAssociation", "ec2:DeleteLocalGatewayRoute", "ec2:DeleteLocalGatewayRouteTableVpcAssociation", "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayVirtualInterfaceGroups", "ec2:DescribeLocalGatewayVirtualInterfaces", "ec2:DescribeLocalGateways", "ec2:SearchLocalGatewayRoutes" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowLocalGatewayPermissions" }, { "Action":[ "s3:GetBucketLocation", "s3:GetBucketWebsite", "s3:ListBucket" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DiscoverBuckets" }, { "Action":[ "iam:GetRole", "iam:ListRoles", "iam:PassRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/flow-logs-*", "Sid":"DiscoverFlowLogRoles" }, { "Action":[ "networkmanager:*" ], "Effect":"Allow", "Resource":"*", "Sid":"NetworkmanagerPermissions" }, { "Action":[ "ec2:AcceptTransitGatewayVpcAttachment", "ec2:AssociateTransitGatewayRouteTable", "ec2:CreateTransitGateway", "ec2:CreateTransitGatewayRoute", "ec2:CreateTransitGatewayRouteTable", "ec2:CreateTransitGatewayVpcAttachment", "ec2:DeleteTransitGateway", "ec2:DeleteTransitGatewayRoute", "ec2:DeleteTransitGatewayRouteTable", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DisableTransitGatewayRouteTablePropagation", "ec2:DisassociateTransitGatewayRouteTable", "ec2:EnableTransitGatewayRouteTablePropagation", "ec2:ExportTransitGatewayRoutes", "ec2:GetTransitGatewayAttachmentPropagations", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:ModifyTransitGateway", "ec2:ModifyTransitGatewayVpcAttachment", "ec2:RejectTransitGatewayVpcAttachment", "ec2:ReplaceTransitGatewayRoute", "ec2:SearchTransitGatewayRoutes" ], "Effect":"Allow", "Resource":"*", "Sid":"TransitGatewayPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":[ "transitgateway.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowTransitGatewaySLRCreation" } ], "Version":"2012-10-17" }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-19T22:52:06+00:00" }, "OAMFullAccess":{ "CreateDate":"2022-11-27T13:38:29+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "oam:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-27T13:38:29+00:00" }, "OAMReadOnlyAccess":{ "CreateDate":"2022-11-27T13:29:39+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "oam:Get*", "oam:List*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-11-27T13:29:39+00:00" }, "OpensearchIngestionSelfManagedVpcePolicy":{ "CreateDate":"2024-06-10T19:59:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeEc2Resources" }, { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/OSIS" } }, "Effect":"Allow", "Resource":"*", "Sid":"CwPermissionsForOsiNamespace" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-10T19:59:40+00:00" }, "PartnerCentralAccountManagementUserRoleAssociation":{ "CreateDate":"2023-11-10T02:03:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":"partnercentral-account-management.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/PartnerCentralRoleFor*", "Sid":"PassPartnerCentralRole" }, { "Action":[ "iam:ListRoles", "partnercentral-account-management:AssociatePartnerUser", "partnercentral-account-management:DisassociatePartnerUser" ], "Effect":"Allow", "Resource":"*", "Sid":"PartnerUserRoleAssociation" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-11-10T02:03:40+00:00" }, "PowerUserAccess":{ "CreateDate":"2015-02-06T18:39:47+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Effect":"Allow", "NotAction":[ "iam:*", "organizations:*", "account:*" ], "Resource":"*" }, { "Action":[ "account:GetAccountInformation", "account:GetPrimaryEmail", "account:ListRegions", "iam:CreateServiceLinkedRole", "iam:DeleteServiceLinkedRole", "iam:ListRoles", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-08-19T16:12:55+00:00" }, "QAppsServiceRolePolicy":{ "CreateDate":"2024-09-26T19:22:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/QApps" } }, "Effect":"Allow", "Resource":"*", "Sid":"QAppsPutMetricDataPermission" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-09-26T19:22:22+00:00" }, "QBusinessQuicksightPluginPolicy":{ "CreateDate":"2024-12-03T15:36:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "quicksight:PredictQAResults" ], "Effect":"Allow", "Resource":[ "arn:aws:quicksight:*:*:topic/*", "arn:aws:quicksight:*:*:dashboard/*" ], "Sid":"QBusinessToQuickSightPredictQAResultsInvocation" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-03T15:36:06+00:00" }, "QBusinessServiceRolePolicy":{ "CreateDate":"2024-04-29T16:05:44+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/QBusiness" } }, "Effect":"Allow", "Resource":"*", "Sid":"QBusinessPutMetricDataPermission" }, { "Action":[ "logs:CreateLogGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/qbusiness/*" ], "Sid":"QBusinessCreateLogGroupPermission" }, { "Action":[ "logs:DescribeLogGroups" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"QBusinessDescribeLogGroupsPermission" }, { "Action":[ "logs:DescribeLogStreams", "logs:CreateLogStream", "logs:PutLogEvents" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/qbusiness/*:log-stream:*" ], "Sid":"QBusinessLogStreamPermission" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-29T16:05:44+00:00" }, "QuickSightAccessForS3StorageManagementAnalyticsReadOnly":{ "CreateDate":"2017-06-12T18:18:38+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::s3-analytics-export-shared-*" ] }, { "Action":[ "s3:GetAnalyticsConfiguration", "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-08T23:53:11+00:00" }, "RDSCloudHsmAuthorizationRole":{ "CreateDate":"2015-02-06T18:41:29+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudhsm:CreateLunaClient", "cloudhsm:DeleteLunaClient", "cloudhsm:DescribeHapg", "cloudhsm:DescribeLunaClient", "cloudhsm:GetConfig", "cloudhsm:ModifyHapg", "cloudhsm:ModifyLunaClient" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-26T22:14:29+00:00" }, "ROSAAmazonEBSCSIDriverOperatorPolicy":{ "CreateDate":"2023-04-20T22:36:00+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:AttachVolume", "ec2:DetachVolume" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Action":[ "ec2:DeleteVolume", "ec2:ModifyVolume" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ] }, { "Action":[ "ec2:CreateVolume" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ] }, { "Action":[ "ec2:CreateVolume" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*" ], "Sid":"CreateVolumeFromSnapshot" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ], "Sid":"CreateSnapshotResourceTag" }, { "Action":[ "ec2:CreateSnapshot" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*" ], "Sid":"CreateSnapshotRequestTag" }, { "Action":[ "ec2:DeleteSnapshot" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:snapshot/*" ] }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateVolume", "CreateSnapshot" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-22T00:52:12+00:00" }, "ROSACloudNetworkConfigOperatorPolicy":{ "CreateDate":"2023-04-20T22:34:36+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypes", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeNetworkResources" }, { "Action":[ "ec2:UnassignPrivateIpAddresses", "ec2:AssignPrivateIpAddresses", "ec2:UnassignIpv6Addresses", "ec2:AssignIpv6Addresses" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"ModifyEIPs" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-20T22:34:36+00:00" }, "ROSAControlPlaneOperatorPolicy":{ "CreateDate":"2023-04-24T23:02:49+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "route53:ListHostedZones" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadPermissions" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group*/*" ], "Sid":"CreateSecurityGroups" }, { "Action":[ "ec2:DeleteSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group*/*" ], "Sid":"DeleteSecurityGroup" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group*/*" ], "Sid":"SecurityGroupIngressEgress" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*" ], "Sid":"CreateSecurityGroupsVPCNoCondition" }, { "Action":[ "route53:ListResourceRecordSets" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ListResourceRecordSets" }, { "Action":[ "route53:ChangeResourceRecordSets" ], "Condition":{ "ForAllValues:StringLike":{ "route53:ChangeResourceRecordSetsNormalizedRecordNames":[ "*.hypershift.local" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"ChangeResourceRecordSetsRestrictedRecordNames" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"VPCEndpointWithCondition" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group*/*" ], "Sid":"VPCEndpointResourceTagCondition" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*" ], "Sid":"VPCEndpointNoCondition" }, { "Action":[ "ec2:ModifyVpcEndpoint", "ec2:DeleteVpcEndpoints" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"ManageVPCEndpointWithCondition" }, { "Action":[ "ec2:ModifyVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*" ], "Sid":"ModifyVPCEndpoingNoCondition" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateVpcEndpoint", "CreateSecurityGroup" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateTagsRestrictedActions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-30T21:12:32+00:00" }, "ROSAImageRegistryOperatorPolicy":{ "CreateDate":"2023-04-27T20:13:18+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "s3:ListBucket", "s3:ListBucketMultipartUploads" ], "Effect":"Allow", "Resource":"*", "Sid":"ListBuckets" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:GetBucketTagging", "s3:GetBucketPublicAccessBlock", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetBucketLocation", "s3:PutBucketPublicAccessBlock", "s3:PutBucketTagging", "s3:PutEncryptionConfiguration", "s3:PutLifecycleConfiguration" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*-image-registry-${aws:RequestedRegion}-*", "arn:aws:s3:::*-image-registry-${aws:RequestedRegion}" ], "Sid":"AllowSpecificBucketActions" }, { "Action":[ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:ListMultipartUploadParts", "s3:PutObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::*-image-registry-${aws:RequestedRegion}-*/*", "arn:aws:s3:::*-image-registry-${aws:RequestedRegion}/*" ], "Sid":"AllowSpecificObjectActions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-12-12T19:53:12+00:00" }, "ROSAIngressOperatorPolicy":{ "CreateDate":"2023-04-20T22:37:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "elasticloadbalancing:DescribeLoadBalancers", "route53:ListHostedZones", "tag:GetResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "route53:ChangeResourceRecordSets" ], "Condition":{ "ForAllValues:StringLike":{ "route53:ChangeResourceRecordSetsNormalizedRecordNames":[ "*.openshiftapps.com", "*.devshift.org", "*.openshiftusgov.com", "*.devshiftusgov.com" ] } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-20T22:37:08+00:00" }, "ROSAInstallerPolicy":{ "CreateDate":"2023-06-06T21:00:31+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeRegions", "ec2:DescribeReservedInstancesOfferings", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DescribeInstanceTypeOfferings", "elasticloadbalancing:DescribeAccountLimits", "elasticloadbalancing:DescribeLoadBalancers", "iam:GetOpenIDConnectProvider", "iam:GetRole", "route53:GetHostedZone", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListResourceRecordSets", "route53:GetAccountLimit", "servicequotas:GetServiceQuota" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadPermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:*:iam::*:role/*-ROSA-Worker-Role" ], "Sid":"PassRoleToEC2" }, { "Action":[ "iam:AddRoleToInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:DeleteInstanceProfile", "iam:GetInstanceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/rosa-service-managed-*" ], "Sid":"ManageInstanceProfiles" }, { "Action":[ "iam:CreateInstanceProfile", "iam:TagInstanceProfile" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:instance-profile/rosa-service-managed-*" ], "Sid":"CreateInstanceProfiles" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"GetSecretValue" }, { "Action":[ "route53:ChangeResourceRecordSets" ], "Condition":{ "ForAllValues:StringLike":{ "route53:ChangeResourceRecordSetsNormalizedRecordNames":[ "*.openshiftapps.com", "*.devshift.org", "*.hypershift.local", "*.openshiftusgov.com", "*.devshiftusgov.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"Route53ManageRecords" }, { "Action":[ "route53:ChangeTagsForResource", "route53:CreateHostedZone", "route53:DeleteHostedZone" ], "Effect":"Allow", "Resource":"*", "Sid":"Route53Manage" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "RunInstances" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"CreateTags" }, { "Action":"ec2:RunInstances", "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:snapshot/*" ], "Sid":"RunInstancesNoCondition" }, { "Action":"ec2:RunInstances", "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"RunInstancesRestrictedRequestTag" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringEquals":{ "ec2:Owner":[ "531415883065", "251351625822", "210686502322" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:image/*" ], "Sid":"RunInstancesRedHatOwnedAMIs" }, { "Action":[ "ec2:TerminateInstances", "ec2:GetConsoleOutput" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ManageInstancesRestrictedResourceTag" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":true }, "StringEquals":{ "aws:ResourceTag/red-hat":"true" }, "StringLike":{ "kms:ViaService":"ec2.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateGrantRestrictedResourceTag" }, { "Action":[ "kms:DescribeKey", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManagedKMSRestrictedResourceTag" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group*/*" ], "Sid":"CreateSecurityGroups" }, { "Action":[ "ec2:DeleteSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group*/*" ], "Sid":"DeleteSecurityGroup" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group*/*" ], "Sid":"SecurityGroupIngressEgress" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*" ], "Sid":"CreateSecurityGroupsVPCNoCondition" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "CreateSecurityGroup" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateTagsRestrictedActions" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "kubernetes.io/cluster/*" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*" ], "Sid":"CreateTagsK8sSubnet" }, { "Action":[ "iam:ListAttachedRolePolicies", "iam:ListRolePolicies" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/*", "Sid":"ListPoliciesAttachedToRoles" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-24T19:49:55+00:00" }, "ROSAKMSProviderPolicy":{ "CreateDate":"2023-04-27T20:10:20+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "kms:Encrypt", "kms:Decrypt", "kms:DescribeKey" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"VolumeEncryption" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-04-27T20:10:20+00:00" }, "ROSAKubeControllerPolicy":{ "CreateDate":"2023-04-27T20:09:29+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeLoadBalancerPolicies" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ReadPermissions" }, { "Action":[ "kms:DescribeKey" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat":"true" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"KMSDescribeKey" }, { "Action":[ "elasticloadbalancing:AddTags", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:CreateLoadBalancerPolicy", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:ModifyLoadBalancerAttributes", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"LoadBalanacerManagement" }, { "Action":[ "elasticloadbalancing:CreateTargetGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"CreateTargetGroup" }, { "Action":[ "elasticloadbalancing:DeleteListener", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:ModifyTargetGroup", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:DeleteLoadBalancerListeners", "elasticloadbalancing:AttachLoadBalancerToSubnets", "elasticloadbalancing:DetachLoadBalancerFromSubnets", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"LoadBalanacerManagementResourceTag" }, { "Action":[ "elasticloadbalancing:CreateListener" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true", "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"CreateListeners" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateSecurityGroup" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc/*" ], "Sid":"CreateSecurityGroupVpc" }, { "Action":[ "elasticloadbalancing:CreateLoadBalancer" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" ], "Sid":"CreateLoadBalancer" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupIngress", "ec2:DeleteSecurityGroup" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"ModifySecurityGroup" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":"CreateSecurityGroup" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateTagsSecurityGroups" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-10-16T18:17:05+00:00" }, "ROSAManageSubscription":{ "CreateDate":"2022-04-11T20:58:08+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws-marketplace:ProductId":[ "34850061-abaf-402d-92df-94325c9e947f", "bfdca560-2c78-4e64-8193-794c159e6d30" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "aws-marketplace:ViewSubscriptions" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-04T19:59:14+00:00" }, "ROSANodePoolManagementPolicy":{ "CreateDate":"2023-06-08T20:48:08+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeDhcpOptions", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ReadPermissions" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" ], "Sid":"CreateServiceLinkedRole" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:*:iam::*:role/*-ROSA-Worker-Role" ], "Sid":"PassWorkerRole" }, { "Action":[ "ec2:AuthorizeSecurityGroupIngress" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:security-group-rule/*" ], "Sid":"AuthorizeSecurityGroupIngressRestrictedResourceTag" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"NetworkInterfaces" }, { "Action":[ "ec2:ModifyNetworkInterfaceAttribute" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:vpc/*" ], "Sid":"NetworkInterfacesNoCondition" }, { "Action":[ "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"TerminateInstances" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "ec2:CreateAction":[ "RunInstances" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"CreateTags" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"CreateTagsCAPAControllerReconcileInstance" }, { "Action":[ "ec2:CreateTags" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:volume/*" ], "Sid":"CreateTagsCAPAControllerReconcileVolume" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringEquals":{ "aws:RequestTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:instance/*" ], "Sid":"RunInstancesRequest" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*" ], "Sid":"RunInstancesNoCondition" }, { "Action":[ "ec2:RunInstances" ], "Condition":{ "StringEquals":{ "ec2:Owner":[ "531415883065", "251351625822" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:image/*" ], "Sid":"RunInstancesRedHatAMI" }, { "Action":[ "kms:DescribeKey", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "StringLike":{ "aws:ResourceTag/red-hat":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManagedKMSRestrictedResourceTag" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Bool":{ "kms:GrantIsForAWSResource":true }, "StringEquals":{ "aws:ResourceTag/red-hat":"true" }, "StringLike":{ "kms:ViaService":"ec2.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"CreateGrantRestricted" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-05-02T14:01:47+00:00" }, "ROSASRESupportPolicy":{ "CreateDate":"2023-06-01T14:36:06+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeAvailabilityZones", "ec2:DescribeRegions", "sts:DecodeAuthorizationMessage" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadPermissions" }, { "Action":[ "route53:GetHostedZone", "route53:GetHostedZoneCount", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListResourceRecordSets" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"Route53" }, { "Action":[ "iam:GetRole", "iam:ListRoles" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DecribeIAMRoles" }, { "Action":[ "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeIamInstanceProfileAssociations", "ec2:DescribeReservedInstances", "ec2:DescribeScheduledInstances" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"EC2DescribeInstance" }, { "Action":[ "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"VPCNetwork" }, { "Action":[ "cloudtrail:DescribeTrails", "cloudtrail:LookupEvents" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"Cloudtrail" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"Cloudwatch" }, { "Action":[ "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVolumeStatus" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DescribeVolumes" }, { "Action":[ "elasticloadbalancing:DescribeAccountLimits", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListenerCertificates", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeSSLPolicies", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DescribeLoadBalancers" }, { "Action":[ "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpoints" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"DescribeVPC" }, { "Action":[ "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeStaleSecurityGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeSecurityGroups" }, { "Action":"ec2:DescribeAddressesAttribute", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:elastic-ip/*", "Sid":"DescribeAddressesAttribute" }, { "Action":[ "iam:GetInstanceProfile" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:instance-profile/*", "Sid":"DescribeInstance" }, { "Action":"ec2:DescribeSpotFleetInstances", "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:spot-fleet-request/*", "Sid":"DescribeSpotFleetInstances" }, { "Action":"ec2:DescribeVolumeAttribute", "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:volume/*", "Sid":"DescribeVolumeAttribute" }, { "Action":[ "ec2:RebootInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"ManageInstanceLifecycle" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-10T20:51:37+00:00" }, "ROSAWorkerInstancePolicy":{ "CreateDate":"2023-04-20T22:35:32+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "ec2:DescribeInstances", "ec2:DescribeRegions" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2DescribeInstancesRegions" }, { "Action":[ "ecr:GetAuthorizationToken" ], "Effect":"Allow", "Resource":"*", "Sid":"ECRGetAuthorizationToken" }, { "Action":[ "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:DescribeImages", "ecr:BatchGetImage", "ecr:ListTagsForResource" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/red-hat-managed":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"ECRReadOnlyAccessRedHatManaged" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-20T23:07:06+00:00" }, "ReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:48+00:00", "DefaultVersionId":"v128", "Document":{ "Statement":[ { "Action":[ "a4b:Get*", "a4b:List*", "a4b:Search*", "access-analyzer:GetAccessPreview", "access-analyzer:GetAnalyzedResource", "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:GetFinding", "access-analyzer:GetFindingsStatistics", "access-analyzer:GetGeneratedPolicy", "access-analyzer:ListAccessPreviewFindings", "access-analyzer:ListAccessPreviews", "access-analyzer:ListAnalyzedResources", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListFindings", "access-analyzer:ListPolicyGenerations", "access-analyzer:ListTagsForResource", "access-analyzer:ValidatePolicy", "account:GetAccountInformation", "account:GetAlternateContact", "account:GetChallengeQuestions", "account:GetContactInformation", "account:GetPrimaryEmail", "account:GetRegionOptStatus", "account:ListRegions", "acm-pca:Describe*", "acm-pca:Get*", "acm-pca:List*", "acm:Describe*", "acm:Get*", "acm:List*", "aiops:GetInvestigation", "aiops:GetInvestigationEvent", "aiops:GetInvestigationGroup", "aiops:GetInvestigationResource", "aiops:ListInvestigationEvents", "aiops:ListInvestigationGroups", "aiops:ListInvestigations", "airflow:ListEnvironments", "airflow:ListTagsForResource", "amplify:GetApp", "amplify:GetBackendEnvironment", "amplify:GetBranch", "amplify:GetDomainAssociation", "amplify:GetJob", "amplify:GetWebhook", "amplify:ListApps", "amplify:ListArtifacts", "amplify:ListBackendEnvironments", "amplify:ListBranches", "amplify:ListDomainAssociations", "amplify:ListJobs", "amplify:ListTagsForResource", "amplify:ListWebhooks", "aoss:BatchGetCollection", "aoss:BatchGetLifecyclePolicy", "aoss:BatchGetVpcEndpoint", "aoss:GetAccessPolicy", "aoss:GetAccountSettings", "aoss:GetPoliciesStats", "aoss:GetSecurityConfig", "aoss:GetSecurityPolicy", "aoss:ListAccessPolicies", "aoss:ListCollections", "aoss:ListLifecyclePolicies", "aoss:ListSecurityConfigs", "aoss:ListSecurityPolicies", "aoss:ListTagsForResource", "aoss:ListVpcEndpoints", "apigateway:GET", "appconfig:GetApplication", "appconfig:GetConfiguration", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", "appconfig:GetExtension", "appconfig:GetHostedConfigurationVersion", "appconfig:ListApplications", "appconfig:ListConfigurationProfiles", "appconfig:ListDeployments", "appconfig:ListDeploymentStrategies", "appconfig:ListEnvironments", "appconfig:ListExtensions", "appconfig:ListHostedConfigurationVersions", "appconfig:ListTagsForResource", "appfabric:GetAppAuthorization", "appfabric:GetAppBundle", "appfabric:GetIngestion", "appfabric:GetIngestionDestination", "appfabric:ListAppAuthorizations", "appfabric:ListAppBundles", "appfabric:ListIngestionDestinations", "appfabric:ListIngestions", "appfabric:ListTagsForResource", "appflow:DescribeConnector", "appflow:DescribeConnectorEntity", "appflow:DescribeConnectorFields", "appflow:DescribeConnectorProfiles", "appflow:DescribeConnectors", "appflow:DescribeFlow", "appflow:DescribeFlowExecution", "appflow:DescribeFlowExecutionRecords", "appflow:DescribeFlows", "appflow:ListConnectorEntities", "appflow:ListConnectorFields", "appflow:ListConnectors", "appflow:ListFlows", "appflow:ListTagsForResource", "application-autoscaling:Describe*", "application-autoscaling:ListTagsForResource", "application-signals:BatchGetServiceLevelObjectiveBudgetReport", "application-signals:GetService", "application-signals:GetServiceLevelObjective", "application-signals:ListObservedEntities", "application-signals:ListServiceDependencies", "application-signals:ListServiceDependents", "application-signals:ListServiceLevelObjectives", "application-signals:ListServiceOperations", "application-signals:ListServices", "application-signals:ListTagsForResource", "applicationinsights:Describe*", "applicationinsights:List*", "appmesh:Describe*", "appmesh:List*", "apprunner:DescribeAutoScalingConfiguration", "apprunner:DescribeCustomDomains", "apprunner:DescribeObservabilityConfiguration", "apprunner:DescribeService", "apprunner:DescribeVpcConnector", "apprunner:DescribeVpcIngressConnection", "apprunner:DescribeWebAclForService", "apprunner:ListAssociatedServicesForWebAcl", "apprunner:ListAutoScalingConfigurations", "apprunner:ListConnections", "apprunner:ListObservabilityConfigurations", "apprunner:ListOperations", "apprunner:ListServices", "apprunner:ListServicesForAutoScalingConfiguration", "apprunner:ListTagsForResource", "apprunner:ListVpcConnectors", "apprunner:ListVpcIngressConnections", "appstream:Describe*", "appstream:List*", "appstudio:GetAccountStatus", "appstudio:GetEnablementJobStatus", "appsync:Get*", "appsync:List*", "apptest:GetTestCase", "apptest:GetTestConfiguration", "apptest:GetTestRunStep", "apptest:GetTestSuite", "apptest:ListTagsForResource", "apptest:ListTestCases", "apptest:ListTestConfigurations", "apptest:ListTestRuns", "apptest:ListTestRunSteps", "apptest:ListTestRunTestCases", "apptest:ListTestSuites", "aps:DescribeAlertManagerDefinition", "aps:DescribeLoggingConfiguration", "aps:DescribeRuleGroupsNamespace", "aps:DescribeScraper", "aps:DescribeWorkspace", "aps:GetAlertManagerSilence", "aps:GetAlertManagerStatus", "aps:GetDefaultScraperConfiguration", "aps:GetLabels", "aps:GetMetricMetadata", "aps:GetSeries", "aps:ListAlertManagerAlertGroups", "aps:ListAlertManagerAlerts", "aps:ListAlertManagerReceivers", "aps:ListAlertManagerSilences", "aps:ListAlerts", "aps:ListRuleGroupsNamespaces", "aps:ListRules", "aps:ListScrapers", "aps:ListTagsForResource", "aps:ListWorkspaces", "aps:QueryMetrics", "arc-zonal-shift:GetAutoshiftObserverNotificationStatus", "arc-zonal-shift:GetManagedResource", "arc-zonal-shift:ListAutoshifts", "arc-zonal-shift:ListManagedResources", "arc-zonal-shift:ListZonalShifts", "artifact:GetCustomerAgreement", "artifact:GetReport", "artifact:GetReportMetadata", "artifact:GetTermForReport", "artifact:ListAgreements", "artifact:ListCustomerAgreements", "artifact:ListReports", "athena:Batch*", "athena:Get*", "athena:List*", "auditmanager:GetAccountStatus", "auditmanager:GetAssessment", "auditmanager:GetAssessmentFramework", "auditmanager:GetAssessmentReportUrl", "auditmanager:GetChangeLogs", "auditmanager:GetControl", "auditmanager:GetDelegations", "auditmanager:GetEvidence", "auditmanager:GetEvidenceByEvidenceFolder", "auditmanager:GetEvidenceFolder", "auditmanager:GetEvidenceFoldersByAssessment", "auditmanager:GetEvidenceFoldersByAssessmentControl", "auditmanager:GetOrganizationAdminAccount", "auditmanager:GetServicesInScope", "auditmanager:GetSettings", "auditmanager:ListAssessmentFrameworks", "auditmanager:ListAssessmentReports", "auditmanager:ListAssessments", "auditmanager:ListControls", "auditmanager:ListKeywordsForDataSource", "auditmanager:ListNotifications", "auditmanager:ListTagsForResource", "auditmanager:ValidateAssessmentReportIntegrity", "autoscaling-plans:Describe*", "autoscaling-plans:GetScalingPlanResourceForecastData", "autoscaling:Describe*", "autoscaling:GetPredictiveScalingForecast", "aws-portal:View*", "backup-gateway:GetBandwidthRateLimitSchedule", "backup-gateway:GetGateway", "backup-gateway:GetHypervisor", "backup-gateway:GetHypervisorPropertyMappings", "backup-gateway:GetVirtualMachine", "backup-gateway:ListGateways", "backup-gateway:ListHypervisors", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup:Describe*", "backup:Get*", "backup:List*", "batch:Describe*", "batch:List*", "bedrock:GetAgent", "bedrock:GetAgentActionGroup", "bedrock:GetAgentAlias", "bedrock:GetAgentCollaborator", "bedrock:GetAgentKnowledgeBase", "bedrock:GetAgentVersion", "bedrock:GetCustomModel", "bedrock:GetDataSource", "bedrock:GetEvaluationJob", "bedrock:GetFlow", "bedrock:GetFlowAlias", "bedrock:GetFlowVersion", "bedrock:GetFoundationModel", "bedrock:GetFoundationModelAvailability", "bedrock:GetGuardrail", "bedrock:GetInferenceProfile", "bedrock:GetIngestionJob", "bedrock:GetKnowledgeBase", "bedrock:GetModelCustomizationJob", "bedrock:GetModelInvocationLoggingConfiguration", "bedrock:GetPrompt", "bedrock:GetProvisionedModelThroughput", "bedrock:GetUseCaseForModelAccess", "bedrock:ListAgentActionGroups", "bedrock:ListAgentAliases", "bedrock:ListAgentCollaborators", "bedrock:ListAgentKnowledgeBases", "bedrock:ListAgents", "bedrock:ListAgentVersions", "bedrock:ListCustomModels", "bedrock:ListDataSources", "bedrock:ListEvaluationJobs", "bedrock:ListFlowAliases", "bedrock:ListFlows", "bedrock:ListFlowVersions", "bedrock:ListFoundationModelAgreementOffers", "bedrock:ListFoundationModels", "bedrock:ListGuardrails", "bedrock:ListInferenceProfiles", "bedrock:ListIngestionJobs", "bedrock:ListKnowledgeBases", "bedrock:ListModelCustomizationJobs", "bedrock:ListPrompts", "bedrock:ListProvisionedModelThroughputs", "billing:GetBillingData", "billing:GetBillingDetails", "billing:GetBillingNotifications", "billing:GetBillingPreferences", "billing:GetBillingView", "billing:GetContractInformation", "billing:GetCredits", "billing:GetIAMAccessPreference", "billing:GetResourcePolicy", "billing:GetSellerOfRecord", "billing:ListBillingViews", "billing:ListSourceViewsForBillingView", "billing:ListTagsForResource", "billingconductor:GetBillingGroupCostReport", "billingconductor:ListAccountAssociations", "billingconductor:ListBillingGroupCostReports", "billingconductor:ListBillingGroups", "billingconductor:ListCustomLineItems", "billingconductor:ListCustomLineItemVersions", "billingconductor:ListPricingPlans", "billingconductor:ListPricingPlansAssociatedWithPricingRule", "billingconductor:ListPricingRules", "billingconductor:ListPricingRulesAssociatedToPricingPlan", "billingconductor:ListResourcesAssociatedToCustomLineItem", "billingconductor:ListTagsForResource", "braket:GetDevice", "braket:GetJob", "braket:GetQuantumTask", "braket:SearchDevices", "braket:SearchJobs", "braket:SearchQuantumTasks", "budgets:Describe*", "budgets:ListTagsForResource", "budgets:View*", "cassandra:Select", "ce:DescribeCostCategoryDefinition", "ce:DescribeNotificationSubscription", "ce:DescribeReport", "ce:GetAnomalies", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", "ce:GetApproximateUsageRecords", "ce:GetCommitmentPurchaseAnalysis", "ce:GetCostAndUsage", "ce:GetCostAndUsageWithResources", "ce:GetCostCategories", "ce:GetCostForecast", "ce:GetDimensionValues", "ce:GetPreferences", "ce:GetReservationCoverage", "ce:GetReservationPurchaseRecommendation", "ce:GetReservationUtilization", "ce:GetRightsizingRecommendation", "ce:GetSavingsPlanPurchaseRecommendationDetails", "ce:GetSavingsPlansCoverage", "ce:GetSavingsPlansPurchaseRecommendation", "ce:GetSavingsPlansUtilization", "ce:GetSavingsPlansUtilizationDetails", "ce:GetTags", "ce:GetUsageForecast", "ce:ListCommitmentPurchaseAnalyses", "ce:ListCostAllocationTagBackfillHistory", "ce:ListCostAllocationTags", "ce:ListCostCategoryDefinitions", "ce:ListSavingsPlansPurchaseRecommendationGeneration", "ce:ListTagsForResource", "chatbot:Describe*", "chatbot:Get*", "chatbot:List*", "chime:Get*", "chime:List*", "chime:Retrieve*", "chime:Search*", "chime:Validate*", "cleanrooms-ml:GetAudienceGenerationJob", "cleanrooms-ml:GetAudienceModel", "cleanrooms-ml:GetConfiguredAudienceModel", "cleanrooms-ml:GetConfiguredAudienceModelPolicy", "cleanrooms-ml:GetTrainingDataset", "cleanrooms-ml:ListAudienceExportJobs", "cleanrooms-ml:ListAudienceGenerationJobs", "cleanrooms-ml:ListAudienceModels", "cleanrooms-ml:ListConfiguredAudienceModels", "cleanrooms-ml:ListTagsForResource", "cleanrooms-ml:ListTrainingDatasets", "cleanrooms:BatchGetCollaborationAnalysisTemplate", "cleanrooms:BatchGetSchema", "cleanrooms:BatchGetSchemaAnalysisRule", "cleanrooms:GetAnalysisTemplate", "cleanrooms:GetCollaboration", "cleanrooms:GetCollaborationAnalysisTemplate", "cleanrooms:GetCollaborationConfiguredAudienceModelAssociation", "cleanrooms:GetCollaborationIdNamespaceAssociation", "cleanrooms:GetCollaborationPrivacyBudgetTemplate", "cleanrooms:GetConfiguredAudienceModelAssociation", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetConfiguredTableAssociation", "cleanrooms:GetConfiguredTableAssociationAnalysisRule", "cleanrooms:GetIdMappingTable", "cleanrooms:GetIdNamespaceAssociation", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:GetProtectedQuery", "cleanrooms:GetSchema", "cleanrooms:GetSchemaAnalysisRule", "cleanrooms:ListAnalysisTemplates", "cleanrooms:ListCollaborationAnalysisTemplates", "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations", "cleanrooms:ListCollaborationIdNamespaceAssociations", "cleanrooms:ListCollaborationPrivacyBudgets", "cleanrooms:ListCollaborationPrivacyBudgetTemplates", "cleanrooms:ListCollaborations", "cleanrooms:ListConfiguredAudienceModelAssociations", "cleanrooms:ListConfiguredTableAssociations", "cleanrooms:ListConfiguredTables", "cleanrooms:ListIdMappingTables", "cleanrooms:ListIdNamespaceAssociations", "cleanrooms:ListMembers", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgets", "cleanrooms:ListPrivacyBudgetTemplates", "cleanrooms:ListProtectedQueries", "cleanrooms:ListSchemas", "cleanrooms:ListTagsForResource", "cleanrooms:PreviewPrivacyImpact", "cloud9:Describe*", "cloud9:List*", "clouddirectory:BatchRead", "clouddirectory:Get*", "clouddirectory:List*", "clouddirectory:LookupPolicy", "cloudformation:Describe*", "cloudformation:Detect*", "cloudformation:Estimate*", "cloudformation:Get*", "cloudformation:List*", "cloudformation:ValidateTemplate", "cloudfront-keyvaluestore:Describe*", "cloudfront-keyvaluestore:Get*", "cloudfront-keyvaluestore:List*", "cloudfront:Describe*", "cloudfront:Get*", "cloudfront:List*", "cloudhsm:Describe*", "cloudhsm:List*", "cloudsearch:Describe*", "cloudsearch:List*", "cloudtrail:Describe*", "cloudtrail:Get*", "cloudtrail:List*", "cloudtrail:LookupEvents", "cloudwatch:Describe*", "cloudwatch:GenerateQuery", "cloudwatch:Get*", "cloudwatch:List*", "codeartifact:DescribeDomain", "codeartifact:DescribePackage", "codeartifact:DescribePackageVersion", "codeartifact:DescribeRepository", "codeartifact:GetAuthorizationToken", "codeartifact:GetDomainPermissionsPolicy", "codeartifact:GetPackageVersionAsset", "codeartifact:GetPackageVersionReadme", "codeartifact:GetRepositoryEndpoint", "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:ListDomains", "codeartifact:ListPackages", "codeartifact:ListPackageVersionAssets", "codeartifact:ListPackageVersionDependencies", "codeartifact:ListPackageVersions", "codeartifact:ListRepositories", "codeartifact:ListRepositoriesInDomain", "codeartifact:ListTagsForResource", "codeartifact:ReadFromRepository", "codebuild:BatchGet*", "codebuild:DescribeCodeCoverages", "codebuild:DescribeTestCases", "codebuild:List*", "codecatalyst:GetBillingAuthorization", "codecatalyst:GetConnection", "codecatalyst:GetPendingConnection", "codecatalyst:ListConnections", "codecatalyst:ListIamRolesForConnection", "codecatalyst:ListTagsForResource", "codecommit:BatchGet*", "codecommit:Describe*", "codecommit:Get*", "codecommit:GitPull", "codecommit:List*", "codedeploy:BatchGet*", "codedeploy:Get*", "codedeploy:List*", "codeguru-profiler:Describe*", "codeguru-profiler:Get*", "codeguru-profiler:List*", "codeguru-reviewer:Describe*", "codeguru-reviewer:Get*", "codeguru-reviewer:List*", "codepipeline:Get*", "codepipeline:List*", "codestar-connections:GetConnection", "codestar-connections:GetHost", "codestar-connections:GetRepositoryLink", "codestar-connections:GetRepositorySyncStatus", "codestar-connections:GetResourceSyncStatus", "codestar-connections:GetSyncConfiguration", "codestar-connections:ListConnections", "codestar-connections:ListHosts", "codestar-connections:ListRepositoryLinks", "codestar-connections:ListRepositorySyncDefinitions", "codestar-connections:ListSyncConfigurations", "codestar-connections:ListTagsForResource", "codestar-notifications:describeNotificationRule", "codestar-notifications:listEventTypes", "codestar-notifications:listNotificationRules", "codestar-notifications:listTagsForResource", "codestar-notifications:ListTargets", "codestar:Describe*", "codestar:Get*", "codestar:List*", "codestar:Verify*", "cognito-identity:Describe*", "cognito-identity:GetCredentialsForIdentity", "cognito-identity:GetIdentityPoolAnalytics", "cognito-identity:GetIdentityPoolDailyAnalytics", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:GetIdentityProviderDailyAnalytics", "cognito-identity:GetOpenIdToken", "cognito-identity:GetOpenIdTokenForDeveloperIdentity", "cognito-identity:List*", "cognito-identity:Lookup*", "cognito-idp:AdminGet*", "cognito-idp:AdminList*", "cognito-idp:Describe*", "cognito-idp:Get*", "cognito-idp:List*", "cognito-sync:Describe*", "cognito-sync:Get*", "cognito-sync:List*", "cognito-sync:QueryRecords", "comprehend:BatchDetect*", "comprehend:Classify*", "comprehend:Contains*", "comprehend:Describe*", "comprehend:Detect*", "comprehend:List*", "compute-optimizer:DescribeRecommendationExportJobs", "compute-optimizer:GetAutoScalingGroupRecommendations", "compute-optimizer:GetEBSVolumeRecommendations", "compute-optimizer:GetEC2InstanceRecommendations", "compute-optimizer:GetEC2RecommendationProjectedMetrics", "compute-optimizer:GetECSServiceRecommendationProjectedMetrics", "compute-optimizer:GetECSServiceRecommendations", "compute-optimizer:GetEffectiveRecommendationPreferences", "compute-optimizer:GetEnrollmentStatus", "compute-optimizer:GetEnrollmentStatusesForOrganization", "compute-optimizer:GetIdleRecommendations", "compute-optimizer:GetLambdaFunctionRecommendations", "compute-optimizer:GetLicenseRecommendations", "compute-optimizer:GetRDSDatabaseRecommendationProjectedMetrics", "compute-optimizer:GetRDSDatabaseRecommendations", "compute-optimizer:GetRecommendationPreferences", "compute-optimizer:GetRecommendationSummaries", "config:BatchGetAggregateResourceConfig", "config:BatchGetResourceConfig", "config:Deliver*", "config:Describe*", "config:Get*", "config:List*", "config:SelectAggregateResourceConfig", "config:SelectResourceConfig", "connect:Describe*", "connect:GetContactAttributes", "connect:GetCurrentMetricData", "connect:GetCurrentUserData", "connect:GetFederationToken", "connect:GetMetricData", "connect:GetMetricDataV2", "connect:GetTaskTemplate", "connect:GetTrafficDistribution", "connect:List*", "consoleapp:GetDeviceIdentity", "consoleapp:ListDeviceIdentities", "consolidatedbilling:GetAccountBillingRole", "consolidatedbilling:ListLinkedAccounts", "controlcatalog:ListCommonControls", "controlcatalog:ListDomains", "controlcatalog:ListObjectives", "cost-optimization-hub:GetPreferences", "cost-optimization-hub:GetRecommendation", "cost-optimization-hub:ListEnrollmentStatuses", "cost-optimization-hub:ListRecommendations", "cost-optimization-hub:ListRecommendationSummaries", "cur:GetClassicReport", "cur:GetClassicReportPreferences", "cur:GetUsageReport", "customer-verification:GetCustomerVerificationDetails", "customer-verification:GetCustomerVerificationEligibility", "databrew:DescribeDataset", "databrew:DescribeJob", "databrew:DescribeJobRun", "databrew:DescribeProject", "databrew:DescribeRecipe", "databrew:DescribeRuleset", "databrew:DescribeSchedule", "databrew:ListDatasets", "databrew:ListJobRuns", "databrew:ListJobs", "databrew:ListProjects", "databrew:ListRecipes", "databrew:ListRecipeVersions", "databrew:ListRulesets", "databrew:ListSchedules", "databrew:ListTagsForResource", "dataexchange:Get*", "dataexchange:List*", "datapipeline:Describe*", "datapipeline:EvaluateExpression", "datapipeline:Get*", "datapipeline:List*", "datapipeline:QueryObjects", "datapipeline:Validate*", "datasync:Describe*", "datasync:List*", "datazone:GetAsset", "datazone:GetAssetType", "datazone:GetDataProduct", "datazone:GetDataSource", "datazone:GetDataSourceRun", "datazone:GetDomain", "datazone:GetDomainSharingPolicy", "datazone:GetDomainUnit", "datazone:GetEnvironment", "datazone:GetEnvironmentAction", "datazone:GetEnvironmentBlueprint", "datazone:GetEnvironmentBlueprintConfiguration", "datazone:GetEnvironmentProfile", "datazone:GetFormType", "datazone:GetGlossary", "datazone:GetGlossaryTerm", "datazone:GetGroupProfile", "datazone:GetLineageNode", "datazone:GetListing", "datazone:GetMetadataGenerationRun", "datazone:GetProject", "datazone:GetProjectProfile", "datazone:GetSubscription", "datazone:GetSubscriptionEligibility", "datazone:GetSubscriptionGrant", "datazone:GetSubscriptionRequestDetails", "datazone:GetSubscriptionTarget", "datazone:GetTimeSeriesDataPoint", "datazone:GetUserProfile", "datazone:ListAccountEnvironments", "datazone:ListAssetRevisions", "datazone:ListDataProductRevisions", "datazone:ListDataSourceRunActivities", "datazone:ListDataSourceRuns", "datazone:ListDataSources", "datazone:ListDomains", "datazone:ListDomainUnitsForParent", "datazone:ListEntityOwners", "datazone:ListEnvironmentActions", "datazone:ListEnvironmentBlueprintConfigurations", "datazone:ListEnvironmentBlueprintConfigurationSummaries", "datazone:ListEnvironmentBlueprints", "datazone:ListEnvironmentProfiles", "datazone:ListEnvironments", "datazone:ListGroupsForUser", "datazone:ListLineageNodeHistory", "datazone:ListNotifications", "datazone:ListPolicyGrants", "datazone:ListProjectMemberships", "datazone:ListProjectProfiles", "datazone:ListProjects", "datazone:ListSubscriptionGrants", "datazone:ListSubscriptionRequests", "datazone:ListSubscriptions", "datazone:ListSubscriptionTargets", "datazone:ListTagsForResource", "datazone:ListTimeSeriesDataPoints", "datazone:Search", "datazone:SearchGroupProfiles", "datazone:SearchListings", "datazone:SearchTypes", "datazone:SearchUserProfiles", "dax:BatchGetItem", "dax:Describe*", "dax:GetItem", "dax:ListTags", "dax:Query", "dax:Scan", "deadline:BatchGetJobEntity", "deadline:GetApplicationVersion", "deadline:GetBudget", "deadline:GetFarm", "deadline:GetFleet", "deadline:GetJob", "deadline:GetLicenseEndpoint", "deadline:GetMonitor", "deadline:GetQueue", "deadline:GetQueueEnvironment", "deadline:GetQueueFleetAssociation", "deadline:GetSession", "deadline:GetSessionAction", "deadline:GetSessionsStatisticsAggregation", "deadline:GetStep", "deadline:GetStorageProfile", "deadline:GetStorageProfileForQueue", "deadline:GetTask", "deadline:GetWorker", "deadline:ListAvailableMeteredProducts", "deadline:ListBudgets", "deadline:ListFarmMembers", "deadline:ListFarms", "deadline:ListFleetMembers", "deadline:ListFleets", "deadline:ListJobMembers", "deadline:ListJobParameterDefinitions", "deadline:ListJobs", "deadline:ListLicenseEndpoints", "deadline:ListMeteredProducts", "deadline:ListMonitors", "deadline:ListQueueEnvironments", "deadline:ListQueueFleetAssociations", "deadline:ListQueueMembers", "deadline:ListQueues", "deadline:ListSessionActions", "deadline:ListSessions", "deadline:ListSessionsForWorker", "deadline:ListStepConsumers", "deadline:ListStepDependencies", "deadline:ListSteps", "deadline:ListStorageProfiles", "deadline:ListStorageProfilesForQueue", "deadline:ListTagsForResource", "deadline:ListTasks", "deadline:ListWorkers", "deadline:SearchJobs", "deadline:SearchSteps", "deadline:SearchTasks", "deadline:SearchWorkers", "deepcomposer:GetComposition", "deepcomposer:GetModel", "deepcomposer:GetSampleModel", "deepcomposer:ListCompositions", "deepcomposer:ListModels", "deepcomposer:ListSampleModels", "deepcomposer:ListTrainingTopics", "detective:BatchGetGraphMemberDatasources", "detective:BatchGetMembershipDatasources", "detective:Get*", "detective:List*", "detective:SearchGraph", "devicefarm:Get*", "devicefarm:List*", "devops-guru:DescribeAccountHealth", "devops-guru:DescribeAccountOverview", "devops-guru:DescribeAnomaly", "devops-guru:DescribeEventSourcesConfig", "devops-guru:DescribeFeedback", "devops-guru:DescribeInsight", "devops-guru:DescribeOrganizationHealth", "devops-guru:DescribeOrganizationOverview", "devops-guru:DescribeOrganizationResourceCollectionHealth", "devops-guru:DescribeResourceCollectionHealth", "devops-guru:DescribeServiceIntegration", "devops-guru:GetCostEstimation", "devops-guru:GetResourceCollection", "devops-guru:ListAnomaliesForInsight", "devops-guru:ListAnomalousLogGroups", "devops-guru:ListEvents", "devops-guru:ListInsights", "devops-guru:ListMonitoredResources", "devops-guru:ListNotificationChannels", "devops-guru:ListOrganizationInsights", "devops-guru:ListRecommendations", "devops-guru:SearchInsights", "devops-guru:StartCostEstimation", "directconnect:Describe*", "discovery:Describe*", "discovery:Get*", "discovery:List*", "dlm:Get*", "dms:Describe*", "dms:List*", "dms:Test*", "drs:DescribeJobLogItems", "drs:DescribeJobs", "drs:DescribeLaunchConfigurationTemplates", "drs:DescribeRecoveryInstances", "drs:DescribeRecoverySnapshots", "drs:DescribeReplicationConfigurationTemplates", "drs:DescribeSourceNetworks", "drs:DescribeSourceServers", "drs:GetFailbackReplicationConfiguration", "drs:GetLaunchConfiguration", "drs:GetReplicationConfiguration", "drs:ListExtensibleSourceServers", "drs:ListLaunchActions", "drs:ListStagingAccounts", "drs:ListTagsForResource", "ds:Check*", "ds:Describe*", "ds:Get*", "ds:List*", "ds:Verify*", "dsql:GetCluster", "dsql:ListClusters", "dsql:ListTagsForResource", "dynamodb:BatchGet*", "dynamodb:Describe*", "dynamodb:Get*", "dynamodb:List*", "dynamodb:PartiQLSelect", "dynamodb:Query", "dynamodb:Scan", "ec2:Describe*", "ec2:DescribeInstanceImageMetadata", "ec2:Get*", "ec2:ListImagesInRecycleBin", "ec2:ListSnapshotsInRecycleBin", "ec2:SearchLocalGatewayRoutes", "ec2:SearchTransitGatewayRoutes", "ec2messages:Get*", "ecr-public:BatchCheckLayerAvailability", "ecr-public:DescribeImages", "ecr-public:DescribeImageTags", "ecr-public:DescribeRegistries", "ecr-public:DescribeRepositories", "ecr-public:GetAuthorizationToken", "ecr-public:GetRegistryCatalogData", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", "ecr:BatchCheck*", "ecr:BatchGet*", "ecr:Describe*", "ecr:Get*", "ecr:List*", "ecs:Describe*", "ecs:List*", "eks:Describe*", "eks:List*", "elastic-inference:DescribeAcceleratorOfferings", "elastic-inference:DescribeAccelerators", "elastic-inference:DescribeAcceleratorTypes", "elastic-inference:ListTagsForResource", "elasticache:Describe*", "elasticache:List*", "elasticbeanstalk:Check*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:Request*", "elasticbeanstalk:Retrieve*", "elasticbeanstalk:Validate*", "elasticfilesystem:Describe*", "elasticfilesystem:ListTagsForResource", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:List*", "elasticmapreduce:View*", "elastictranscoder:List*", "elastictranscoder:Read*", "elemental-appliances-software:Get*", "elemental-appliances-software:List*", "emr-containers:DescribeJobRun", "emr-containers:DescribeManagedEndpoint", "emr-containers:DescribeVirtualCluster", "emr-containers:ListJobRuns", "emr-containers:ListManagedEndpoints", "emr-containers:ListTagsForResource", "emr-containers:ListVirtualClusters", "emr-serverless:GetApplication", "emr-serverless:GetDashboardForJobRun", "emr-serverless:GetJobRun", "emr-serverless:ListApplications", "emr-serverless:ListJobRuns", "emr-serverless:ListTagsForResource", "es:Describe*", "es:ESHttpGet", "es:ESHttpHead", "es:Get*", "es:List*", "events:Describe*", "events:List*", "events:Test*", "evidently:GetExperiment", "evidently:GetExperimentResults", "evidently:GetFeature", "evidently:GetLaunch", "evidently:GetProject", "evidently:GetSegment", "evidently:ListExperiments", "evidently:ListFeatures", "evidently:ListLaunches", "evidently:ListProjects", "evidently:ListSegmentReferences", "evidently:ListSegments", "evidently:ListTagsForResource", "evidently:TestSegmentPattern", "firehose:Describe*", "firehose:List*", "fis:GetAction", "fis:GetExperiment", "fis:GetExperimentTargetAccountConfiguration", "fis:GetExperimentTemplate", "fis:GetTargetAccountConfiguration", "fis:GetTargetResourceType", "fis:ListActions", "fis:ListExperimentResolvedTargets", "fis:ListExperiments", "fis:ListExperimentTargetAccountConfigurations", "fis:ListExperimentTemplates", "fis:ListTagsForResource", "fis:ListTargetAccountConfigurations", "fis:ListTargetResourceTypes", "fms:GetAdminAccount", "fms:GetAppsList", "fms:GetComplianceDetail", "fms:GetNotificationChannel", "fms:GetPolicy", "fms:GetProtectionStatus", "fms:GetProtocolsList", "fms:GetViolationDetails", "fms:ListAppsLists", "fms:ListComplianceStatus", "fms:ListMemberAccounts", "fms:ListPolicies", "fms:ListProtocolsLists", "fms:ListTagsForResource", "forecast:DescribeAutoPredictor", "forecast:DescribeDataset", "forecast:DescribeDatasetGroup", "forecast:DescribeDatasetImportJob", "forecast:DescribeExplainability", "forecast:DescribeExplainabilityExport", "forecast:DescribeForecast", "forecast:DescribeForecastExportJob", "forecast:DescribeMonitor", "forecast:DescribePredictor", "forecast:DescribePredictorBacktestExportJob", "forecast:DescribeWhatIfAnalysis", "forecast:DescribeWhatIfForecast", "forecast:DescribeWhatIfForecastExport", "forecast:GetAccuracyMetrics", "forecast:ListDatasetGroups", "forecast:ListDatasetImportJobs", "forecast:ListDatasets", "forecast:ListExplainabilities", "forecast:ListExplainabilityExports", "forecast:ListForecastExportJobs", "forecast:ListForecasts", "forecast:ListMonitorEvaluations", "forecast:ListMonitors", "forecast:ListPredictorBacktestExportJobs", "forecast:ListPredictors", "forecast:ListWhatIfAnalyses", "forecast:ListWhatIfForecastExports", "forecast:ListWhatIfForecasts", "forecast:QueryForecast", "forecast:QueryWhatIfForecast", "frauddetector:BatchGetVariable", "frauddetector:DescribeDetector", "frauddetector:DescribeModelVersions", "frauddetector:GetBatchImportJobs", "frauddetector:GetBatchPredictionJobs", "frauddetector:GetDeleteEventsByEventTypeStatus", "frauddetector:GetDetectors", "frauddetector:GetDetectorVersion", "frauddetector:GetEntityTypes", "frauddetector:GetEvent", "frauddetector:GetEventPredictionMetadata", "frauddetector:GetEventTypes", "frauddetector:GetExternalModels", "frauddetector:GetKMSEncryptionKey", "frauddetector:GetLabels", "frauddetector:GetListElements", "frauddetector:GetListsMetadata", "frauddetector:GetModels", "frauddetector:GetModelVersion", "frauddetector:GetOutcomes", "frauddetector:GetRules", "frauddetector:GetVariables", "frauddetector:ListEventPredictions", "frauddetector:ListTagsForResource", "freertos:Describe*", "freertos:List*", "freetier:GetFreeTierAlertPreference", "freetier:GetFreeTierUsage", "fsx:Describe*", "fsx:List*", "gamelift:Describe*", "gamelift:Get*", "gamelift:List*", "gamelift:ResolveAlias", "gamelift:Search*", "glacier:Describe*", "glacier:Get*", "glacier:List*", "globalaccelerator:Describe*", "globalaccelerator:List*", "glue:BatchGetCrawlers", "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetPartition", "glue:BatchGetTableOptimizer", "glue:BatchGetTriggers", "glue:BatchGetWorkflows", "glue:CheckSchemaVersionValidity", "glue:GetCatalogImportStatus", "glue:GetClassifier", "glue:GetClassifiers", "glue:GetCrawler", "glue:GetCrawlerMetrics", "glue:GetCrawlers", "glue:GetDatabase", "glue:GetDatabases", "glue:GetDataCatalogEncryptionSettings", "glue:GetDataflowGraph", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobBookmark", "glue:GetJobRun", "glue:GetJobRuns", "glue:GetJobs", "glue:GetMapping", "glue:GetMLTaskRun", "glue:GetMLTaskRuns", "glue:GetMLTransform", "glue:GetMLTransforms", "glue:GetPartition", "glue:GetPartitions", "glue:GetPlan", "glue:GetRegistry", "glue:GetResourcePolicy", "glue:GetSchema", "glue:GetSchemaByDefinition", "glue:GetSchemaVersion", "glue:GetSchemaVersionsDiff", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetSession", "glue:GetStatement", "glue:GetTable", "glue:GetTableOptimizer", "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions", "glue:GetTags", "glue:GetTrigger", "glue:GetTriggers", "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions", "glue:GetWorkflow", "glue:GetWorkflowRun", "glue:GetWorkflowRunProperties", "glue:GetWorkflowRuns", "glue:ListCrawlers", "glue:ListCrawls", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListMLTransforms", "glue:ListRegistries", "glue:ListSchemas", "glue:ListSchemaVersions", "glue:ListSessions", "glue:ListStatements", "glue:ListTableOptimizerRuns", "glue:ListTriggers", "glue:ListWorkflows", "glue:QuerySchemaVersionMetadata", "glue:SearchTables", "grafana:DescribeWorkspace", "grafana:DescribeWorkspaceAuthentication", "grafana:DescribeWorkspaceConfiguration", "grafana:ListPermissions", "grafana:ListTagsForResource", "grafana:ListVersions", "grafana:ListWorkspaces", "greengrass:DescribeComponent", "greengrass:Get*", "greengrass:List*", "groundstation:DescribeContact", "groundstation:GetConfig", "groundstation:GetDataflowEndpointGroup", "groundstation:GetMinuteUsage", "groundstation:GetMissionProfile", "groundstation:GetSatellite", "groundstation:ListConfigs", "groundstation:ListContacts", "groundstation:ListDataflowEndpointGroups", "groundstation:ListGroundStations", "groundstation:ListMissionProfiles", "groundstation:ListSatellites", "groundstation:ListTagsForResource", "guardduty:Describe*", "guardduty:Get*", "guardduty:List*", "health:Describe*", "healthlake:DescribeFHIRDatastore", "healthlake:DescribeFHIRExportJob", "healthlake:DescribeFHIRImportJob", "healthlake:GetCapabilities", "healthlake:ListFHIRDatastores", "healthlake:ListFHIRExportJobs", "healthlake:ListFHIRImportJobs", "healthlake:ListTagsForResource", "healthlake:ReadResource", "healthlake:SearchWithGet", "healthlake:SearchWithPost", "iam:Generate*", "iam:Get*", "iam:List*", "iam:Simulate*", "identity-sync:GetSyncProfile", "identity-sync:GetSyncTarget", "identity-sync:ListSyncFilters", "identitystore-auth:BatchGetSession", "identitystore-auth:ListSessions", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership", "identitystore:DescribeUser", "identitystore:GetGroupId", "identitystore:GetGroupMembershipId", "identitystore:GetUserId", "identitystore:IsMemberInGroups", "identitystore:ListGroupMemberships", "identitystore:ListGroupMembershipsForMember", "identitystore:ListGroups", "identitystore:ListUsers", "imagebuilder:Get*", "imagebuilder:List*", "importexport:Get*", "importexport:List*", "inspector:Describe*", "inspector:Get*", "inspector:List*", "inspector:Preview*", "inspector2:BatchGetAccountStatus", "inspector2:BatchGetFreeTrialInfo", "inspector2:DescribeOrganizationConfiguration", "inspector2:GetDelegatedAdminAccount", "inspector2:GetFindingsReportStatus", "inspector2:GetMember", "inspector2:ListAccountPermissions", "inspector2:ListCisScans", "inspector2:ListCoverage", "inspector2:ListCoverageStatistics", "inspector2:ListDelegatedAdminAccounts", "inspector2:ListFilters", "inspector2:ListFindingAggregations", "inspector2:ListFindings", "inspector2:ListMembers", "inspector2:ListTagsForResource", "inspector2:ListUsageTotals", "internetmonitor:GetHealthEvent", "internetmonitor:GetInternetEvent", "internetmonitor:GetMonitor", "internetmonitor:ListHealthEvents", "internetmonitor:ListInternetEvents", "internetmonitor:ListMonitors", "internetmonitor:ListTagsForResource", "invoicing:GetInvoiceEmailDeliveryPreferences", "invoicing:GetInvoicePDF", "invoicing:ListInvoiceSummaries", "iot:Describe*", "iot:Get*", "iot:List*", "iot1click:DescribeDevice", "iot1click:DescribePlacement", "iot1click:DescribeProject", "iot1click:GetDeviceMethods", "iot1click:GetDevicesInPlacement", "iot1click:ListDeviceEvents", "iot1click:ListDevices", "iot1click:ListPlacements", "iot1click:ListProjects", "iot1click:ListTagsForResource", "iotanalytics:Describe*", "iotanalytics:Get*", "iotanalytics:List*", "iotanalytics:SampleChannelData", "iotevents:DescribeAlarm", "iotevents:DescribeAlarmModel", "iotevents:DescribeDetector", "iotevents:DescribeDetectorModel", "iotevents:DescribeInput", "iotevents:DescribeLoggingOptions", "iotevents:ListAlarmModels", "iotevents:ListAlarmModelVersions", "iotevents:ListAlarms", "iotevents:ListDetectorModels", "iotevents:ListDetectorModelVersions", "iotevents:ListDetectors", "iotevents:ListInputs", "iotevents:ListTagsForResource", "iotfleethub:DescribeApplication", "iotfleethub:ListApplications", "iotfleetwise:GetCampaign", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetLoggingOptions", "iotfleetwise:GetModelManifest", "iotfleetwise:GetRegisterAccountStatus", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:GetVehicleStatus", "iotfleetwise:ListCampaigns", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListFleetsForVehicle", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotfleetwise:ListVehiclesInFleet", "iotroborunner:GetDestination", "iotroborunner:GetSite", "iotroborunner:GetWorker", "iotroborunner:GetWorkerFleet", "iotroborunner:ListDestinations", "iotroborunner:ListSites", "iotroborunner:ListWorkerFleets", "iotroborunner:ListWorkers", "iotsitewise:Describe*", "iotsitewise:Get*", "iotsitewise:List*", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetEventConfigurationByResourceTypes", "iotwireless:GetFuotaTask", "iotwireless:GetLogLevelsByResourceTypes", "iotwireless:GetMetricConfiguration", "iotwireless:GetMetrics", "iotwireless:GetMulticastGroup", "iotwireless:GetMulticastGroupSession", "iotwireless:GetNetworkAnalyzerConfiguration", "iotwireless:GetPartnerAccount", "iotwireless:GetPosition", "iotwireless:GetPositionConfiguration", "iotwireless:GetPositionEstimate", "iotwireless:GetResourceEventConfiguration", "iotwireless:GetResourceLogLevel", "iotwireless:GetResourcePosition", "iotwireless:GetServiceEndpoint", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", "iotwireless:GetWirelessDeviceImportTask", "iotwireless:GetWirelessDeviceStatistics", "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayCertificate", "iotwireless:GetWirelessGatewayFirmwareInformation", "iotwireless:GetWirelessGatewayStatistics", "iotwireless:GetWirelessGatewayTask", "iotwireless:GetWirelessGatewayTaskDefinition", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListDevicesForWirelessDeviceImportTask", "iotwireless:ListEventConfigurations", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "iotwireless:ListMulticastGroupsByFuotaTask", "iotwireless:ListNetworkAnalyzerConfigurations", "iotwireless:ListPartnerAccounts", "iotwireless:ListPositionConfigurations", "iotwireless:ListQueuedMessages", "iotwireless:ListServiceProfiles", "iotwireless:ListTagsForResource", "iotwireless:ListWirelessDeviceImportTasks", "iotwireless:ListWirelessDevices", "iotwireless:ListWirelessGateways", "iotwireless:ListWirelessGatewayTaskDefinitions", "ivs:BatchGetChannel", "ivs:GetChannel", "ivs:GetComposition", "ivs:GetEncoderConfiguration", "ivs:GetIngestConfiguration", "ivs:GetParticipant", "ivs:GetPlaybackKeyPair", "ivs:GetPlaybackRestrictionPolicy", "ivs:GetPublicKey", "ivs:GetRecordingConfiguration", "ivs:GetStage", "ivs:GetStageSession", "ivs:GetStorageConfiguration", "ivs:GetStream", "ivs:GetStreamSession", "ivs:ListChannels", "ivs:ListCompositions", "ivs:ListEncoderConfigurations", "ivs:ListIngestConfigurations", "ivs:ListParticipantEvents", "ivs:ListParticipants", "ivs:ListPlaybackKeyPairs", "ivs:ListPlaybackRestrictionPolicies", "ivs:ListPublicKeys", "ivs:ListRecordingConfigurations", "ivs:ListStages", "ivs:ListStageSessions", "ivs:ListStorageConfigurations", "ivs:ListStreamKeys", "ivs:ListStreams", "ivs:ListStreamSessions", "ivs:ListTagsForResource", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom", "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "kafka:Describe*", "kafka:DescribeCluster", "kafka:DescribeClusterOperation", "kafka:DescribeClusterV2", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:Get*", "kafka:GetBootstrapBrokers", "kafka:GetCompatibleKafkaVersions", "kafka:List*", "kafka:ListClusterOperations", "kafka:ListClusters", "kafka:ListClustersV2", "kafka:ListConfigurationRevisions", "kafka:ListConfigurations", "kafka:ListKafkaVersions", "kafka:ListNodes", "kafka:ListTagsForResource", "kafkaconnect:DescribeConnector", "kafkaconnect:DescribeCustomPlugin", "kafkaconnect:DescribeWorkerConfiguration", "kafkaconnect:ListConnectors", "kafkaconnect:ListCustomPlugins", "kafkaconnect:ListWorkerConfigurations", "kendra:BatchGetDocumentStatus", "kendra:DescribeDataSource", "kendra:DescribeExperience", "kendra:DescribeFaq", "kendra:DescribeIndex", "kendra:DescribePrincipalMapping", "kendra:DescribeQuerySuggestionsBlockList", "kendra:DescribeQuerySuggestionsConfig", "kendra:DescribeThesaurus", "kendra:GetQuerySuggestions", "kendra:GetSnapshots", "kendra:ListDataSources", "kendra:ListDataSourceSyncJobs", "kendra:ListEntityPersonas", "kendra:ListExperienceEntities", "kendra:ListExperiences", "kendra:ListFaqs", "kendra:ListGroupsOlderThanOrderingId", "kendra:ListIndices", "kendra:ListQuerySuggestionsBlockLists", "kendra:ListTagsForResource", "kendra:ListThesauri", "kendra:Query", "kinesis:Describe*", "kinesis:Get*", "kinesis:List*", "kinesisanalytics:Describe*", "kinesisanalytics:Discover*", "kinesisanalytics:Get*", "kinesisanalytics:List*", "kinesisvideo:Describe*", "kinesisvideo:Get*", "kinesisvideo:List*", "kms:Describe*", "kms:Get*", "kms:List*", "lakeformation:DescribeResource", "lakeformation:GetDataCellsFilter", "lakeformation:GetDataLakeSettings", "lakeformation:GetEffectivePermissionsForPath", "lakeformation:GetLfTag", "lakeformation:GetResourceLfTags", "lakeformation:ListDataCellsFilter", "lakeformation:ListLfTags", "lakeformation:ListPermissions", "lakeformation:ListResources", "lakeformation:ListTableStorageOptimizers", "lakeformation:SearchDatabasesByLfTags", "lakeformation:SearchTablesByLfTags", "lambda:Get*", "lambda:List*", "launchwizard:DescribeAdditionalNode", "launchwizard:DescribeProvisionedApp", "launchwizard:DescribeProvisioningEvents", "launchwizard:DescribeSettingsSet", "launchwizard:GetDeployment", "launchwizard:GetInfrastructureSuggestion", "launchwizard:GetIpAddress", "launchwizard:GetResourceCostEstimate", "launchwizard:GetResourceRecommendation", "launchwizard:GetSettingsSet", "launchwizard:GetWorkload", "launchwizard:GetWorkloadAsset", "launchwizard:GetWorkloadAssets", "launchwizard:GetWorkloadDeploymentPattern", "launchwizard:ListAdditionalNodes", "launchwizard:ListAllowedResources", "launchwizard:ListDeploymentEvents", "launchwizard:ListDeployments", "launchwizard:ListProvisionedApps", "launchwizard:ListResourceCostEstimates", "launchwizard:ListSettingsSets", "launchwizard:ListTagsForResource", "launchwizard:ListWorkloadDeploymentOptions", "launchwizard:ListWorkloadDeploymentPatterns", "launchwizard:ListWorkloads", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotChannel", "lex:DescribeBotLocale", "lex:DescribeBotReplica", "lex:DescribeBotVersion", "lex:DescribeExport", "lex:DescribeImport", "lex:DescribeIntent", "lex:DescribeResourcePolicy", "lex:DescribeSlot", "lex:DescribeSlotType", "lex:Get*", "lex:ListBotAliases", "lex:ListBotAliasReplicas", "lex:ListBotChannels", "lex:ListBotLocales", "lex:ListBotReplicas", "lex:ListBots", "lex:ListBotVersionReplicas", "lex:ListBotVersions", "lex:ListBuiltInIntents", "lex:ListBuiltInSlotTypes", "lex:ListExports", "lex:ListImports", "lex:ListIntents", "lex:ListSlots", "lex:ListSlotTypes", "lex:ListTagsForResource", "license-manager:Get*", "license-manager:List*", "lightsail:GetActiveNames", "lightsail:GetAlarms", "lightsail:GetAutoSnapshots", "lightsail:GetBlueprints", "lightsail:GetBucketAccessKeys", "lightsail:GetBucketBundles", "lightsail:GetBucketMetricData", "lightsail:GetBuckets", "lightsail:GetBundles", "lightsail:GetCertificates", "lightsail:GetCloudFormationStackRecords", "lightsail:GetContainerAPIMetadata", "lightsail:GetContainerImages", "lightsail:GetContainerServiceDeployments", "lightsail:GetContainerServiceMetricData", "lightsail:GetContainerServicePowers", "lightsail:GetContainerServices", "lightsail:GetDisk", "lightsail:GetDisks", "lightsail:GetDiskSnapshot", "lightsail:GetDiskSnapshots", "lightsail:GetDistributionBundles", "lightsail:GetDistributionLatestCacheReset", "lightsail:GetDistributionMetricData", "lightsail:GetDistributions", "lightsail:GetDomain", "lightsail:GetDomains", "lightsail:GetExportSnapshotRecords", "lightsail:GetInstance", "lightsail:GetInstanceMetricData", "lightsail:GetInstancePortStates", "lightsail:GetInstances", "lightsail:GetInstanceSnapshot", "lightsail:GetInstanceSnapshots", "lightsail:GetInstanceState", "lightsail:GetKeyPair", "lightsail:GetKeyPairs", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancerMetricData", "lightsail:GetLoadBalancers", "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetOperation", "lightsail:GetOperations", "lightsail:GetOperationsForResource", "lightsail:GetRegions", "lightsail:GetRelationalDatabase", "lightsail:GetRelationalDatabaseBlueprints", "lightsail:GetRelationalDatabaseBundles", "lightsail:GetRelationalDatabaseEvents", "lightsail:GetRelationalDatabaseLogEvents", "lightsail:GetRelationalDatabaseLogStreams", "lightsail:GetRelationalDatabaseMetricData", "lightsail:GetRelationalDatabaseParameters", "lightsail:GetRelationalDatabases", "lightsail:GetRelationalDatabaseSnapshot", "lightsail:GetRelationalDatabaseSnapshots", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "lightsail:Is*", "logs:Describe*", "logs:FilterLogEvents", "logs:Get*", "logs:ListIntegrations", "logs:ListAnomalies", "logs:ListEntitiesForLogGroup", "logs:ListLogAnomalyDetectors", "logs:ListLogDeliveries", "logs:ListLogGroupsForEntity", "logs:ListLogGroupsForQuery", "logs:ListTagsForResource", "logs:ListTagsLogGroup", "logs:StartLiveTail", "logs:StartQuery", "logs:StopLiveTail", "logs:StopQuery", "logs:TestMetricFilter", "lookoutequipment:DescribeDataIngestionJob", "lookoutequipment:DescribeDataset", "lookoutequipment:DescribeInferenceScheduler", "lookoutequipment:DescribeLabel", "lookoutequipment:DescribeLabelGroup", "lookoutequipment:DescribeModel", "lookoutequipment:DescribeModelVersion", "lookoutequipment:DescribeResourcePolicy", "lookoutequipment:DescribeRetrainingScheduler", "lookoutequipment:ListDataIngestionJobs", "lookoutequipment:ListDatasets", "lookoutequipment:ListInferenceEvents", "lookoutequipment:ListInferenceExecutions", "lookoutequipment:ListInferenceSchedulers", "lookoutequipment:ListLabelGroups", "lookoutequipment:ListLabels", "lookoutequipment:ListModels", "lookoutequipment:ListModelVersions", "lookoutequipment:ListRetrainingSchedulers", "lookoutequipment:ListSensorStatistics", "lookoutequipment:ListTagsForResource", "lookoutmetrics:Describe*", "lookoutmetrics:Get*", "lookoutmetrics:List*", "lookoutvision:DescribeDataset", "lookoutvision:DescribeModel", "lookoutvision:DescribeModelPackagingJob", "lookoutvision:DescribeProject", "lookoutvision:ListDatasetEntries", "lookoutvision:ListModelPackagingJobs", "lookoutvision:ListModels", "lookoutvision:ListProjects", "lookoutvision:ListTagsForResource", "m2:GetApplication", "m2:GetApplicationVersion", "m2:GetBatchJobExecution", "m2:GetDataSetDetails", "m2:GetDataSetImportTask", "m2:GetDeployment", "m2:GetEnvironment", "m2:ListApplications", "m2:ListApplicationVersions", "m2:ListBatchJobDefinitions", "m2:ListBatchJobExecutions", "m2:ListDataSetImportHistory", "m2:ListDataSets", "m2:ListDeployments", "m2:ListEngineVersions", "m2:ListEnvironments", "m2:ListTagsForResource", "machinelearning:Describe*", "machinelearning:Get*", "macie2:BatchGetCustomDataIdentifiers", "macie2:DescribeBuckets", "macie2:DescribeClassificationJob", "macie2:DescribeOrganizationConfiguration", "macie2:GetAdministratorAccount", "macie2:GetAllowList", "macie2:GetAutomatedDiscoveryConfiguration", "macie2:GetBucketStatistics", "macie2:GetClassificationExportConfiguration", "macie2:GetClassificationScope", "macie2:GetCustomDataIdentifier", "macie2:GetFindings", "macie2:GetFindingsFilter", "macie2:GetFindingsPublicationConfiguration", "macie2:GetFindingStatistics", "macie2:GetInvitationsCount", "macie2:GetMacieSession", "macie2:GetMember", "macie2:GetResourceProfile", "macie2:GetRevealConfiguration", "macie2:GetSensitiveDataOccurrencesAvailability", "macie2:GetSensitivityInspectionTemplate", "macie2:GetUsageStatistics", "macie2:GetUsageTotals", "macie2:ListAllowLists", "macie2:ListAutomatedDiscoveryAccounts", "macie2:ListClassificationJobs", "macie2:ListClassificationScopes", "macie2:ListCustomDataIdentifiers", "macie2:ListFindings", "macie2:ListFindingsFilters", "macie2:ListInvitations", "macie2:ListMembers", "macie2:ListOrganizationAdminAccounts", "macie2:ListResourceProfileArtifacts", "macie2:ListResourceProfileDetections", "macie2:ListSensitivityInspectionTemplates", "macie2:ListTagsForResource", "macie2:SearchResources", "managedblockchain:GetMember", "managedblockchain:GetNetwork", "managedblockchain:GetNode", "managedblockchain:GetProposal", "managedblockchain:ListInvitations", "managedblockchain:ListMembers", "managedblockchain:ListNetworks", "managedblockchain:ListNodes", "managedblockchain:ListProposals", "managedblockchain:ListProposalVotes", "managedblockchain:ListTagsForResource", "mediaconnect:DescribeFlow", "mediaconnect:DescribeOffering", "mediaconnect:DescribeReservation", "mediaconnect:ListEntitlements", "mediaconnect:ListFlows", "mediaconnect:ListOfferings", "mediaconnect:ListReservations", "mediaconnect:ListTagsForResource", "mediaconvert:DescribeEndpoints", "mediaconvert:Get*", "mediaconvert:List*", "medialive:DescribeChannel", "medialive:DescribeInput", "medialive:DescribeInputDevice", "medialive:DescribeInputDeviceThumbnail", "medialive:DescribeInputSecurityGroup", "medialive:DescribeMultiplex", "medialive:DescribeMultiplexProgram", "medialive:DescribeOffering", "medialive:DescribeReservation", "medialive:DescribeSchedule", "medialive:GetCloudWatchAlarmTemplate", "medialive:GetCloudWatchAlarmTemplateGroup", "medialive:GetEventBridgeRuleTemplate", "medialive:GetEventBridgeRuleTemplateGroup", "medialive:GetSignalMap", "medialive:ListChannels", "medialive:ListCloudWatchAlarmTemplateGroups", "medialive:ListCloudWatchAlarmTemplates", "medialive:ListEventBridgeRuleTemplateGroups", "medialive:ListEventBridgeRuleTemplates", "medialive:ListInputDevices", "medialive:ListInputDeviceTransfers", "medialive:ListInputs", "medialive:ListInputSecurityGroups", "medialive:ListMultiplexes", "medialive:ListMultiplexPrograms", "medialive:ListOfferings", "medialive:ListReservations", "medialive:ListSignalMaps", "medialive:ListTagsForResource", "mediapackage-vod:Describe*", "mediapackage-vod:List*", "mediapackage:Describe*", "mediapackage:List*", "mediapackagev2:GetChannel", "mediapackagev2:GetChannelGroup", "mediapackagev2:GetChannelPolicy", "mediapackagev2:GetHeadObject", "mediapackagev2:GetObject", "mediapackagev2:GetOriginEndpoint", "mediapackagev2:GetOriginEndpointPolicy", "mediapackagev2:ListChannelGroups", "mediapackagev2:ListChannels", "mediapackagev2:ListOriginEndpoints", "mediapackagev2:ListTagsForResource", "mediastore:DescribeContainer", "mediastore:DescribeObject", "mediastore:GetContainerPolicy", "mediastore:GetCorsPolicy", "mediastore:GetLifecyclePolicy", "mediastore:GetMetricPolicy", "mediastore:GetObject", "mediastore:ListContainers", "mediastore:ListItems", "mediastore:ListTagsForResource", "memorydb:DescribeClusters", "memorydb:DescribeParameterGroups", "memorydb:DescribeParameters", "memorydb:ListTags", "mgh:Describe*", "mgh:GetHomeRegion", "mgh:List*", "mgn:DescribeJobLogItems", "mgn:DescribeJobs", "mgn:DescribeLaunchConfigurationTemplates", "mgn:DescribeReplicationConfigurationTemplates", "mgn:DescribeSourceServers", "mgn:DescribeVcenterClients", "mgn:GetLaunchConfiguration", "mgn:GetReplicationConfiguration", "mgn:ListApplications", "mgn:ListSourceServerActions", "mgn:ListTemplateActions", "mgn:ListWaves", "mobileanalytics:Get*", "mobiletargeting:Get*", "mobiletargeting:List*", "monitron:GetProject", "monitron:GetProjectAdminUser", "monitron:ListProjects", "monitron:ListTagsForResource", "mq:Describe*", "mq:List*", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeLoggingConfiguration", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:DescribeRuleGroupMetadata", "network-firewall:DescribeTLSInspectionConfiguration", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups", "network-firewall:ListTagsForResource", "network-firewall:ListTLSInspectionConfigurations", "networkmanager:DescribeGlobalNetworks", "networkmanager:GetConnectAttachment", "networkmanager:GetConnections", "networkmanager:GetConnectPeer", "networkmanager:GetConnectPeerAssociations", "networkmanager:GetCoreNetwork", "networkmanager:GetCoreNetworkChangeEvents", "networkmanager:GetCoreNetworkChangeSet", "networkmanager:GetCoreNetworkPolicy", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetDevices", "networkmanager:GetLinkAssociations", "networkmanager:GetLinks", "networkmanager:GetNetworkResourceCounts", "networkmanager:GetNetworkResourceRelationships", "networkmanager:GetNetworkResources", "networkmanager:GetNetworkRoutes", "networkmanager:GetNetworkTelemetry", "networkmanager:GetResourcePolicy", "networkmanager:GetRouteAnalysis", "networkmanager:GetSites", "networkmanager:GetSiteToSiteVpnAttachment", "networkmanager:GetTransitGatewayConnectPeerAssociations", "networkmanager:GetTransitGatewayPeering", "networkmanager:GetTransitGatewayRegistrations", "networkmanager:GetTransitGatewayRouteTableAttachment", "networkmanager:GetVpcAttachment", "networkmanager:ListAttachments", "networkmanager:ListConnectPeers", "networkmanager:ListCoreNetworkPolicyVersions", "networkmanager:ListCoreNetworks", "networkmanager:ListPeerings", "networkmanager:ListTagsForResource", "nimble:GetEula", "nimble:GetFeatureMap", "nimble:GetLaunchProfile", "nimble:GetLaunchProfileDetails", "nimble:GetLaunchProfileInitialization", "nimble:GetLaunchProfileMember", "nimble:GetStreamingImage", "nimble:GetStreamingSession", "nimble:GetStudio", "nimble:GetStudioComponent", "nimble:GetStudioMember", "nimble:ListEulaAcceptances", "nimble:ListEulas", "nimble:ListLaunchProfileMembers", "nimble:ListLaunchProfiles", "nimble:ListStreamingImages", "nimble:ListStreamingSessions", "nimble:ListStudioComponents", "nimble:ListStudioMembers", "nimble:ListStudios", "nimble:ListTagsForResource", "notifications-contacts:GetEmailContact", "notifications-contacts:ListEmailContacts", "notifications-contacts:ListTagsForResource", "notifications:GetEventRule", "notifications:GetFeatureOptInStatus", "notifications:GetManagedNotificationChildEvent", "notifications:GetManagedNotificationConfiguration", "notifications:GetManagedNotificationEvent", "notifications:GetNotificationConfiguration", "notifications:GetNotificationsAccessForOrganization", "notifications:GetNotificationEvent", "notifications:List*", "oam:GetLink", "oam:GetSink", "oam:GetSinkPolicy", "oam:ListAttachedLinks", "oam:ListLinks", "oam:ListSinks", "observabilityadmin:GetTelemetryEvaluationStatus", "observabilityadmin:GetTelemetryEvaluationStatusForOrganization", "observabilityadmin:ListResourceTelemetry", "observabilityadmin:ListResourceTelemetryForOrganization", "omics:Get*", "omics:List*", "one:GetDeviceConfigurationTemplate", "one:GetDeviceInstance", "one:GetDeviceInstanceConfiguration", "one:GetSite", "one:GetSiteAddress", "one:ListDeviceConfigurationTemplates", "one:ListDeviceInstances", "one:ListSites", "one:ListUsers", "opsworks-cm:Describe*", "opsworks-cm:List*", "opsworks:Describe*", "opsworks:Get*", "organizations:Describe*", "organizations:List*", "osis:GetPipeline", "osis:GetPipelineBlueprint", "osis:GetPipelineChangeProgress", "osis:ListPipelineBlueprints", "osis:ListPipelines", "osis:ListTagsForResource", "outposts:Get*", "outposts:List*", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:GetPublicKeyCertificate", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "payments:GetPaymentInstrument", "payments:GetPaymentStatus", "payments:ListPaymentInstruments", "payments:ListPaymentPreferences", "payments:ListPaymentProgramOptions", "payments:ListPaymentProgramStatus", "payments:ListTagsForResource", "pca-connector-ad:GetConnector", "pca-connector-ad:GetDirectoryRegistration", "pca-connector-ad:GetServicePrincipalName", "pca-connector-ad:GetTemplate", "pca-connector-ad:GetTemplateGroupAccessControlEntry", "pca-connector-ad:ListConnectors", "pca-connector-ad:ListDirectoryRegistrations", "pca-connector-ad:ListServicePrincipalNames", "pca-connector-ad:ListTagsForResource", "pca-connector-ad:ListTemplateGroupAccessControlEntries", "pca-connector-ad:ListTemplates", "pca-connector-scep:GetChallengeMetadata", "pca-connector-scep:GetConnector", "pca-connector-scep:ListChallengeMetadata", "pca-connector-scep:ListConnectors", "pca-connector-scep:ListTagsForResource", "pcs:GetCluster", "pcs:GetComputeNodeGroup", "pcs:GetQueue", "pcs:ListClusters", "pcs:ListComputeNodeGroups", "pcs:ListQueues", "pcs:ListTagsForResource", "personalize:Describe*", "personalize:Get*", "personalize:List*", "pi:DescribeDimensionKeys", "pi:GetDimensionKeyDetails", "pi:GetResourceMetadata", "pi:GetResourceMetrics", "pi:ListAvailableResourceDimensions", "pi:ListAvailableResourceMetrics", "pipes:DescribePipe", "pipes:ListPipes", "pipes:ListTagsForResource", "polly:Describe*", "polly:Get*", "polly:List*", "polly:SynthesizeSpeech", "pricing:DescribeServices", "pricing:GetAttributeValues", "pricing:GetPriceListFileUrl", "pricing:GetProducts", "pricing:ListPriceLists", "proton:GetDeployment", "proton:GetEnvironment", "proton:GetEnvironmentTemplate", "proton:GetEnvironmentTemplateVersion", "proton:GetService", "proton:GetServiceInstance", "proton:GetServiceTemplate", "proton:GetServiceTemplateVersion", "proton:ListDeployments", "proton:ListEnvironmentAccountConnections", "proton:ListEnvironments", "proton:ListEnvironmentTemplates", "proton:ListServiceInstances", "proton:ListServices", "proton:ListServiceTemplates", "proton:ListTagsForResource", "purchase-orders:GetPurchaseOrder", "purchase-orders:ListPurchaseOrderInvoices", "purchase-orders:ListPurchaseOrders", "purchase-orders:ViewPurchaseOrders", "qbusiness:GetApplication", "qbusiness:GetChatControlsConfiguration", "qbusiness:GetDataSource", "qbusiness:GetGroup", "qbusiness:GetIndex", "qbusiness:GetPlugin", "qbusiness:GetRetriever", "qbusiness:GetUser", "qbusiness:GetWebExperience", "qbusiness:ListApplications", "qbusiness:ListDataSources", "qbusiness:ListDataSourceSyncJobs", "qbusiness:ListGroups", "qbusiness:ListIndices", "qbusiness:ListPlugins", "qbusiness:ListRetrievers", "qbusiness:ListSubscriptions", "qbusiness:ListTagsForResource", "qbusiness:ListWebExperiences", "qldb:DescribeJournalKinesisStream", "qldb:DescribeJournalS3Export", "qldb:DescribeLedger", "qldb:GetBlock", "qldb:GetDigest", "qldb:GetRevision", "qldb:ListJournalKinesisStreamsForLedger", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:ListLedgers", "qldb:ListTagsForResource", "ram:Get*", "ram:List*", "rbin:GetRule", "rbin:ListRules", "rbin:ListTagsForResource", "rds:Describe*", "rds:Download*", "rds:List*", "redshift-serverless:GetCustomDomainAssociation", "redshift-serverless:GetEndpointAccess", "redshift-serverless:GetNamespace", "redshift-serverless:GetRecoveryPoint", "redshift-serverless:GetResourcePolicy", "redshift-serverless:GetScheduledAction", "redshift-serverless:GetSnapshot", "redshift-serverless:GetTableRestoreStatus", "redshift-serverless:GetUsageLimit", "redshift-serverless:GetWorkgroup", "redshift-serverless:ListCustomDomainAssociations", "redshift-serverless:ListEndpointAccess", "redshift-serverless:ListNamespaces", "redshift-serverless:ListRecoveryPoints", "redshift-serverless:ListScheduledActions", "redshift-serverless:ListSnapshotCopyConfigurations", "redshift-serverless:ListSnapshots", "redshift-serverless:ListTableRestoreStatus", "redshift-serverless:ListTagsForResource", "redshift-serverless:ListUsageLimits", "redshift-serverless:ListWorkgroups", "redshift:Describe*", "redshift:GetReservedNodeExchangeOfferings", "redshift:ListRecommendations", "redshift:View*", "refactor-spaces:GetApplication", "refactor-spaces:GetEnvironment", "refactor-spaces:GetResourcePolicy", "refactor-spaces:GetRoute", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListEnvironmentVpcs", "refactor-spaces:ListRoutes", "refactor-spaces:ListServices", "refactor-spaces:ListTagsForResource", "rekognition:CompareFaces", "rekognition:DescribeDataset", "rekognition:DescribeProjects", "rekognition:DescribeProjectVersions", "rekognition:DescribeStreamProcessor", "rekognition:Detect*", "rekognition:GetCelebrityInfo", "rekognition:GetCelebrityRecognition", "rekognition:GetContentModeration", "rekognition:GetFaceDetection", "rekognition:GetFaceSearch", "rekognition:GetLabelDetection", "rekognition:GetPersonTracking", "rekognition:GetSegmentDetection", "rekognition:GetTextDetection", "rekognition:List*", "rekognition:RecognizeCelebrities", "rekognition:Search*", "resiliencehub:DescribeApp", "resiliencehub:DescribeAppAssessment", "resiliencehub:DescribeAppVersion", "resiliencehub:DescribeAppVersionAppComponent", "resiliencehub:DescribeAppVersionResource", "resiliencehub:DescribeAppVersionResourcesResolutionStatus", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:DescribeDraftAppVersionResourcesImportStatus", "resiliencehub:DescribeMetricsExport", "resiliencehub:DescribeResiliencyPolicy", "resiliencehub:DescribeResourceGroupingRecommendationTask", "resiliencehub:ListAlarmRecommendations", "resiliencehub:ListAppAssessmentComplianceDrifts", "resiliencehub:ListAppAssessmentResourceDrifts", "resiliencehub:ListAppAssessments", "resiliencehub:ListAppComponentCompliances", "resiliencehub:ListAppComponentRecommendations", "resiliencehub:ListAppInputSources", "resiliencehub:ListApps", "resiliencehub:ListAppVersionAppComponents", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListAppVersionResources", "resiliencehub:ListAppVersions", "resiliencehub:ListMetrics", "resiliencehub:ListRecommendationTemplates", "resiliencehub:ListResiliencyPolicies", "resiliencehub:ListResourceGroupingRecommendations", "resiliencehub:ListSopRecommendations", "resiliencehub:ListSuggestedResiliencyPolicies", "resiliencehub:ListTagsForResource", "resiliencehub:ListTestRecommendations", "resiliencehub:ListUnsupportedAppVersionResources", "resource-explorer-2:BatchGetView", "resource-explorer-2:GetDefaultView", "resource-explorer-2:GetIndex", "resource-explorer-2:GetView", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListSupportedResourceTypes", "resource-explorer-2:ListTagsForResource", "resource-explorer-2:ListViews", "resource-explorer-2:Search", "resource-groups:Get*", "resource-groups:List*", "resource-groups:Search*", "robomaker:BatchDescribe*", "robomaker:Describe*", "robomaker:Get*", "robomaker:List*", "route53-recovery-cluster:Get*", "route53-recovery-cluster:ListRoutingControls", "route53-recovery-control-config:Describe*", "route53-recovery-control-config:GetResourcePolicy", "route53-recovery-control-config:List*", "route53-recovery-readiness:Get*", "route53-recovery-readiness:List*", "route53:Get*", "route53:List*", "route53:Test*", "route53domains:Check*", "route53domains:Get*", "route53domains:List*", "route53domains:View*", "route53profiles:GetProfile", "route53profiles:GetProfileAssociation", "route53profiles:GetProfileResourceAssociation", "route53profiles:ListProfileAssociations", "route53profiles:ListProfileResourceAssociations", "route53profiles:ListProfiles", "route53profiles:ListTagsForResource", "route53resolver:Get*", "route53resolver:List*", "rum:GetAppMonitor", "rum:GetAppMonitorData", "rum:ListAppMonitors", "s3-object-lambda:GetObject", "s3-object-lambda:GetObjectAcl", "s3-object-lambda:GetObjectLegalHold", "s3-object-lambda:GetObjectRetention", "s3-object-lambda:GetObjectTagging", "s3-object-lambda:GetObjectVersion", "s3-object-lambda:GetObjectVersionAcl", "s3-object-lambda:GetObjectVersionTagging", "s3-object-lambda:ListBucket", "s3-object-lambda:ListBucketMultipartUploads", "s3-object-lambda:ListBucketVersions", "s3-object-lambda:ListMultipartUploadParts", "s3-outposts:GetAccessPoint", "s3-outposts:GetAccessPointPolicy", "s3-outposts:GetBucket", "s3-outposts:GetBucketPolicy", "s3-outposts:GetBucketTagging", "s3-outposts:GetBucketVersioning", "s3-outposts:GetLifecycleConfiguration", "s3-outposts:GetObject", "s3-outposts:GetObjectTagging", "s3-outposts:GetObjectVersion", "s3-outposts:GetObjectVersionForReplication", "s3-outposts:GetObjectVersionTagging", "s3-outposts:GetReplicationConfiguration", "s3-outposts:ListAccessPoints", "s3-outposts:ListBucket", "s3-outposts:ListBucketMultipartUploads", "s3-outposts:ListBucketVersions", "s3-outposts:ListEndpoints", "s3-outposts:ListMultipartUploadParts", "s3-outposts:ListOutpostsWithS3", "s3-outposts:ListRegionalBuckets", "s3-outposts:ListSharedEndpoints", "s3:DescribeJob", "s3:Get*", "s3:List*", "sagemaker-groundtruth-synthetic:GetAccountDetails", "sagemaker-groundtruth-synthetic:GetBatch", "sagemaker-groundtruth-synthetic:GetProject", "sagemaker-groundtruth-synthetic:ListBatchDataTransfers", "sagemaker-groundtruth-synthetic:ListBatchSummaries", "sagemaker-groundtruth-synthetic:ListProjectDataTransfers", "sagemaker-groundtruth-synthetic:ListProjectSummaries", "sagemaker:Describe*", "sagemaker:GetSearchSuggestions", "sagemaker:List*", "sagemaker:Search", "savingsplans:DescribeSavingsPlanRates", "savingsplans:DescribeSavingsPlans", "savingsplans:DescribeSavingsPlansOfferingRates", "savingsplans:DescribeSavingsPlansOfferings", "savingsplans:ListTagsForResource", "scheduler:GetSchedule", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListSchedules", "scheduler:ListTagsForResource", "schemas:Describe*", "schemas:Get*", "schemas:List*", "schemas:Search*", "sdb:Get*", "sdb:List*", "sdb:Select*", "secretsmanager:Describe*", "secretsmanager:GetResourcePolicy", "secretsmanager:List*", "securityhub:BatchGetAutomationRules", "securityhub:BatchGetConfigurationPolicyAssociations", "securityhub:BatchGetControlEvaluations", "securityhub:BatchGetSecurityControls", "securityhub:BatchGetStandardsControlAssociations", "securityhub:Describe*", "securityhub:Get*", "securityhub:List*", "securitylake:GetDataLakeExceptionSubscription", "securitylake:GetDataLakeOrganizationConfiguration", "securitylake:GetDataLakeSources", "securitylake:GetSubscriber", "securitylake:ListDataLakeExceptions", "securitylake:ListDataLakes", "securitylake:ListLogSources", "securitylake:ListSubscribers", "securitylake:ListTagsForResource", "serverlessrepo:Get*", "serverlessrepo:List*", "serverlessrepo:SearchApplications", "servicecatalog:Describe*", "servicecatalog:GetApplication", "servicecatalog:GetAttributeGroup", "servicecatalog:List*", "servicecatalog:Scan*", "servicecatalog:Search*", "servicediscovery:DiscoverInstances", "servicediscovery:DiscoverInstancesRevision", "servicediscovery:Get*", "servicediscovery:List*", "servicequotas:GetAssociationForServiceQuotaTemplate", "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetRequestedServiceQuotaChange", "servicequotas:GetServiceQuota", "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", "servicequotas:ListServiceQuotas", "servicequotas:ListServices", "ses:BatchGetMetricData", "ses:Describe*", "ses:Get*", "ses:List*", "shield:Describe*", "shield:Get*", "shield:List*", "signer:DescribeSigningJob", "signer:GetSigningPlatform", "signer:GetSigningProfile", "signer:ListProfilePermissions", "signer:ListSigningJobs", "signer:ListSigningPlatforms", "signer:ListSigningProfiles", "signer:ListTagsForResource", "signin:ListTrustedIdentityPropagationApplicationsForConsole", "sms-voice:DescribeAccountAttributes", "sms-voice:DescribeAccountLimits", "sms-voice:DescribeConfigurationSets", "sms-voice:DescribeKeywords", "sms-voice:DescribeOptedOutNumbers", "sms-voice:DescribeOptOutLists", "sms-voice:DescribePhoneNumbers", "sms-voice:DescribePools", "sms-voice:DescribeSenderIds", "sms-voice:DescribeSpendLimits", "sms-voice:ListPoolOriginationIdentities", "sms-voice:ListTagsForResource", "snowball:Describe*", "snowball:Get*", "snowball:List*", "sns:Check*", "sns:Get*", "sns:List*", "sqs:Get*", "sqs:List*", "sqs:Receive*", "ssm-contacts:DescribeEngagement", "ssm-contacts:DescribePage", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-contacts:ListEngagements", "ssm-contacts:ListPageReceipts", "ssm-contacts:ListPagesByContact", "ssm-contacts:ListPagesByEngagement", "ssm-incidents:GetIncidentRecord", "ssm-incidents:GetReplicationSet", "ssm-incidents:GetResourcePolicies", "ssm-incidents:GetResponsePlan", "ssm-incidents:GetTimelineEvent", "ssm-incidents:ListIncidentRecords", "ssm-incidents:ListRelatedItems", "ssm-incidents:ListReplicationSets", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm-incidents:ListTimelineEvents", "ssm-sap:GetApplication", "ssm-sap:GetComponent", "ssm-sap:GetDatabase", "ssm-sap:GetOperation", "ssm-sap:GetResourcePermission", "ssm-sap:ListApplications", "ssm-sap:ListComponents", "ssm-sap:ListDatabases", "ssm-sap:ListOperationEvents", "ssm-sap:ListOperations", "ssm-sap:ListTagsForResource", "ssm-quicksetup:GetConfiguration", "ssm-quicksetup:GetConfigurationManager", "ssm-quicksetup:GetServiceSettings", "ssm-quicksetup:ListConfigurationManagers", "ssm-quicksetup:ListConfigurations", "ssm-quicksetup:ListQuickSetupTypes", "ssm-quicksetup:ListTagsForResource", "ssm:Describe*", "ssm:Get*", "ssm:List*", "sso-directory:Describe*", "sso-directory:List*", "sso-directory:Search*", "sso:Describe*", "sso:Get*", "sso:List*", "sso:Search*", "states:Describe*", "states:GetExecutionHistory", "states:List*", "states:ValidateStateMachineDefinition", "storagegateway:Describe*", "storagegateway:List*", "sts:GetAccessKeyInfo", "sts:GetCallerIdentity", "sts:GetSessionToken", "support:DescribeAttachment", "support:DescribeCaseAttributes", "support:DescribeCases", "support:DescribeCommunication", "support:DescribeCommunications", "support:DescribeCreateCaseOptions", "support:DescribeIssueTypes", "support:DescribeServices", "support:DescribeSeverityLevels", "support:DescribeSupportedLanguages", "support:DescribeSupportLevel", "support:DescribeTrustedAdvisorCheckRefreshStatuses", "support:DescribeTrustedAdvisorCheckResult", "support:DescribeTrustedAdvisorChecks", "support:DescribeTrustedAdvisorCheckSummaries", "support:SearchForCases", "supportplans:GetSupportPlan", "supportplans:GetSupportPlanUpdateStatus", "supportplans:ListSupportPlanModifiers", "sustainability:GetCarbonFootprintSummary", "swf:Count*", "swf:Describe*", "swf:Get*", "swf:List*", "synthetics:Describe*", "synthetics:Get*", "synthetics:List*", "tag:DescribeReportCreation", "tag:Get*", "tax:GetExemptions", "tax:GetTaxInheritance", "tax:GetTaxInterview", "tax:GetTaxRegistration", "tax:GetTaxRegistrationDocument", "tax:ListTaxRegistrations", "timestream:DescribeBatchLoadTask", "timestream:DescribeDatabase", "timestream:DescribeEndpoints", "timestream:DescribeTable", "timestream:ListBatchLoadTasks", "timestream:ListDatabases", "timestream:ListMeasures", "timestream:ListTables", "timestream:ListTagsForResource", "tnb:GetSolFunctionInstance", "tnb:GetSolFunctionPackage", "tnb:GetSolFunctionPackageContent", "tnb:GetSolFunctionPackageDescriptor", "tnb:GetSolNetworkInstance", "tnb:GetSolNetworkOperation", "tnb:GetSolNetworkPackage", "tnb:GetSolNetworkPackageContent", "tnb:GetSolNetworkPackageDescriptor", "tnb:ListSolFunctionInstances", "tnb:ListSolFunctionPackages", "tnb:ListSolNetworkInstances", "tnb:ListSolNetworkOperations", "tnb:ListSolNetworkPackages", "tnb:ListTagsForResource", "transcribe:Get*", "transcribe:List*", "transfer:Describe*", "transfer:List*", "transfer:TestIdentityProvider", "translate:DescribeTextTranslationJob", "translate:GetParallelData", "translate:GetTerminology", "translate:ListParallelData", "translate:ListTerminologies", "translate:ListTextTranslationJobs", "trustedadvisor:Describe*", "trustedadvisor:GetOrganizationRecommendation", "trustedadvisor:GetRecommendation", "trustedadvisor:ListChecks", "trustedadvisor:ListOrganizationRecommendationAccounts", "trustedadvisor:ListOrganizationRecommendationResources", "trustedadvisor:ListOrganizationRecommendations", "trustedadvisor:ListRecommendationResources", "trustedadvisor:ListRecommendations", "user-subscriptions:ListApplicationClaims", "user-subscriptions:ListClaims", "user-subscriptions:ListUserSubscriptions", "verifiedpermissions:GetIdentitySource", "verifiedpermissions:GetPolicy", "verifiedpermissions:GetPolicyStore", "verifiedpermissions:GetPolicyTemplate", "verifiedpermissions:GetSchema", "verifiedpermissions:IsAuthorized", "verifiedpermissions:IsAuthorizedWithToken", "verifiedpermissions:ListIdentitySources", "verifiedpermissions:ListPolicies", "verifiedpermissions:ListPolicyStores", "verifiedpermissions:ListPolicyTemplates", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetAuthPolicy", "vpc-lattice:GetListener", "vpc-lattice:GetResourcePolicy", "vpc-lattice:GetRule", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetServiceNetworkServiceAssociation", "vpc-lattice:GetServiceNetworkVpcAssociation", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListListeners", "vpc-lattice:ListRules", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServiceNetworkServiceAssociations", "vpc-lattice:ListServiceNetworkVpcAssociations", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", "vpc-lattice:ListTargets", "waf-regional:Get*", "waf-regional:List*", "waf:Get*", "waf:List*", "wafv2:CheckCapacity", "wafv2:Describe*", "wafv2:Get*", "wafv2:List*", "wellarchitected:ExportLens", "wellarchitected:GetAnswer", "wellarchitected:GetConsolidatedReport", "wellarchitected:GetLens", "wellarchitected:GetLensReview", "wellarchitected:GetLensReviewReport", "wellarchitected:GetLensVersionDifference", "wellarchitected:GetMilestone", "wellarchitected:GetProfile", "wellarchitected:GetProfileTemplate", "wellarchitected:GetReviewTemplate", "wellarchitected:GetReviewTemplateAnswer", "wellarchitected:GetReviewTemplateLensReview", "wellarchitected:GetWorkload", "wellarchitected:List*", "workdocs:CheckAlias", "workdocs:Describe*", "workdocs:Get*", "workmail:Describe*", "workmail:Get*", "workmail:List*", "workmail:Search*", "workspaces-web:GetBrowserSettings", "workspaces-web:GetIdentityProvider", "workspaces-web:GetNetworkSettings", "workspaces-web:GetPortal", "workspaces-web:GetPortalServiceProviderMetadata", "workspaces-web:GetTrustStore", "workspaces-web:GetUserAccessLoggingSettings", "workspaces-web:GetUserSettings", "workspaces-web:ListBrowserSettings", "workspaces-web:ListIdentityProviders", "workspaces-web:ListNetworkSettings", "workspaces-web:ListPortals", "workspaces-web:ListTagsForResource", "workspaces-web:ListTrustStores", "workspaces-web:ListUserAccessLoggingSettings", "workspaces-web:ListUserSettings", "workspaces:Describe*", "xray:BatchGet*", "xray:Get*" ], "Effect":"Allow", "Resource":"*", "Sid":"ReadOnlyActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-23T12:37:06+00:00" }, "ResourceGroupsServiceRolePolicy":{ "CreateDate":"2023-01-05T16:57:08+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "tag:GetResources", "cloudformation:DescribeStacks", "cloudformation:ListStackResources" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-01-05T16:57:08+00:00" }, "ResourceGroupsTaggingAPITagUntagSupportedResources":{ "CreateDate":"2024-10-11T11:11:14+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "a4b:TagResource", "a4b:UntagResource", "access-analyzer:TagResource", "access-analyzer:UntagResource", "acm-pca:TagCertificateAuthority", "acm-pca:UntagCertificateAuthority", "acm:AddTagsToCertificate", "acm:RemoveTagsFromCertificate", "amplify:TagResource", "amplify:UntagResource", "appconfig:TagResource", "appconfig:UntagResource", "appflow:TagResource", "appflow:UntagResource", "appmesh:TagResource", "appmesh:UntagResource", "appstream:TagResource", "appstream:UntagResource", "appsync:TagResource", "appsync:UntagResource", "athena:TagResource", "athena:UntagResource", "auditmanager:TagResource", "auditmanager:UntagResource", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteTags", "backup:TagResource", "backup:UntagResource", "batch:TagResource", "batch:UntagResource", "braket:TagResource", "braket:UntagResource", "cassandra:TagResource", "cassandra:UntagResource", "chime:TagResource", "chime:UntagResource", "cloud9:TagResource", "cloud9:UntagResource", "clouddirectory:TagResource", "clouddirectory:UntagResource", "cloudfront:TagResource", "cloudfront:UntagResource", "cloudhsm:TagResource", "cloudhsm:UntagResource", "cloudtrail:AddTags", "cloudtrail:RemoveTags", "cloudwatch:TagResource", "cloudwatch:UntagResource", "codeartifact:TagResource", "codeartifact:UntagResource", "codecommit:TagResource", "codecommit:UntagResource", "codedeploy:AddTagsToOnPremisesInstances", "codedeploy:RemoveTagsFromOnPremisesInstances", "codedeploy:TagResource", "codedeploy:UntagResource", "codeguru-profiler:TagResource", "codeguru-profiler:UntagResource", "codepipeline:TagResource", "codepipeline:UntagResource", "codestar-connections:TagResource", "codestar-connections:UntagResource", "codestar:TagProject", "codestar:UntagProject", "cognito-identity:TagResource", "cognito-identity:UntagResource", "cognito-idp:TagResource", "cognito-idp:UntagResource", "comprehend:TagResource", "comprehend:UntagResource", "config:TagResource", "config:UntagResource", "connect:TagResource", "connect:UntagResource", "dataexchange:TagResource", "dataexchange:UntagResource", "datapipeline:AddTags", "datapipeline:RemoveTags", "datasync:TagResource", "datasync:UntagResource", "deepcomposer:TagResource", "deepcomposer:UntagResource", "detective:TagResource", "detective:UntagResource", "devicefarm:TagResource", "devicefarm:UntagResource", "directconnect:TagResource", "directconnect:UntagResource", "dlm:TagResource", "dlm:UntagResource", "dms:AddTagsToResource", "dms:RemoveTagsFromResource", "dynamodb:TagResource", "dynamodb:UntagResource", "ec2:CreateTags", "ec2:DeleteTags", "ecr:TagResource", "ecr:UntagResource", "ecs:TagResource", "ecs:UntagResource", "eks:TagResource", "eks:UntagResource", "elastic-inference:TagResource", "elastic-inference:UntagResource", "elasticache:AddTagsToResource", "elasticache:RemoveTagsFromResource", "elasticbeanstalk:UpdateTagsForResource", "elasticfilesystem:CreateTags", "elasticfilesystem:DeleteTags", "elasticloadbalancing:AddTags", "elasticloadbalancing:RemoveTags", "elasticmapreduce:AddTags", "elasticmapreduce:RemoveTags", "emr-containers:TagResource", "emr-containers:UntagResource", "es:AddTags", "es:RemoveTags", "events:TagResource", "events:UntagResource", "firehose:TagDeliveryStream", "firehose:UntagDeliveryStream", "fms:TagResource", "fms:UntagResource", "forecast:TagResource", "forecast:UntagResource", "frauddetector:TagResource", "frauddetector:UntagResource", "fsx:TagResource", "fsx:UntagResource", "gamelift:TagResource", "gamelift:UntagResource", "glacier:AddTagsToVault", "glacier:RemoveTagsFromVault", "globalaccelerator:TagResource", "globalaccelerator:UntagResource", "glue:TagResource", "glue:UntagResource", "greengrass:TagResource", "greengrass:UntagResource", "groundstation:TagResource", "groundstation:UntagResource", "guardduty:TagResource", "guardduty:UntagResource", "iam:TagInstanceProfile", "iam:TagMFADevice", "iam:TagOpenIDConnectProvider", "iam:TagPolicy", "iam:TagRole", "iam:TagSAMLProvider", "iam:TagServerCertificate", "iam:TagUser", "iam:UntagInstanceProfile", "iam:UntagMFADevice", "iam:UntagOpenIDConnectProvider", "iam:UntagPolicy", "iam:UntagRole", "iam:UntagSAMLProvider", "iam:UntagServerCertificate", "iam:UntagUser", "imagebuilder:TagResource", "imagebuilder:UntagResource", "inspector:ListTagsForResource", "inspector:SetTagsForResource", "iot1click:TagResource", "iot1click:UntagResource", "iot:TagResource", "iot:UntagResource", "iotanalytics:TagResource", "iotanalytics:UntagResource", "iotdeviceadvisor:TagResource", "iotdeviceadvisor:UntagResource", "iotevents:TagResource", "iotevents:UntagResource", "iotfleethub:TagResource", "iotfleethub:UntagResource", "iotsitewise:TagResource", "iotsitewise:UntagResource", "iottwinmaker:TagResource", "iottwinmaker:UntagResource", "iotwireless:TagResource", "iotwireless:UntagResource", "ivs:TagResource", "ivs:UntagResource", "kafka:TagResource", "kafka:UntagResource", "kendra:TagResource", "kendra:UntagResource", "kinesis:AddTagsToStream", "kinesis:RemoveTagsFromStream", "kinesisanalytics:TagResource", "kinesisanalytics:UntagResource", "kms:TagResource", "kms:UntagResource", "lambda:TagResource", "lambda:UntagResource", "lex:TagResource", "lex:UntagResource", "license-manager:TagResource", "license-manager:UntagResource", "lightsail:TagResource", "lightsail:UntagResource", "logs:TagLogGroup", "logs:TagResource", "logs:UntagLogGroup", "logs:UntagResource", "lookoutequipment:TagResource", "lookoutequipment:UntagResource", "machinelearning:AddTags", "machinelearning:DeleteTags", "macie2:TagResource", "macie2:UntagResource", "managedblockchain:TagResource", "managedblockchain:UntagResource", "mediaconnect:TagResource", "mediaconnect:UntagResource", "mediaconvert:TagResource", "mediaconvert:UntagResource", "medialive:CreateTags", "medialive:DeleteTags", "mediapackage-vod:TagResource", "mediapackage-vod:UntagResource", "mediapackage:TagResource", "mediapackage:UntagResource", "mediatailor:TagResource", "mediatailor:UntagResource", "mobiletargeting:TagResource", "mobiletargeting:UntagResource", "mq:CreateTags", "mq:DeleteTags", "neptune-graph:TagResource", "neptune-graph:UntagResource", "network-firewall:TagResource", "network-firewall:UntagResource", "networkmanager:TagResource", "networkmanager:UntagResource", "opsworks-cm:TagResource", "opsworks-cm:UntagResource", "opsworks:TagResource", "opsworks:UntagResource", "organizations:TagResource", "organizations:UntagResource", "outposts:TagResource", "outposts:UntagResource", "qldb:TagResource", "qldb:UntagResource", "quicksight:TagResource", "quicksight:UntagResource", "ram:TagResource", "ram:UntagResource", "rds:AddTagsToResource", "rds:RemoveTagsFromResource", "redshift:CreateTags", "redshift:DeleteTags", "resource-explorer-2:TagResource", "resource-explorer-2:UntagResource", "resource-groups:Tag", "resource-groups:Untag", "robomaker:TagResource", "robomaker:UntagResource", "route53:ChangeTagsForResource", "route53domains:DeleteTagsForDomain", "route53domains:UpdateTagsForDomain", "route53resolver:TagResource", "route53resolver:UntagResource", "s3:GetBucketTagging", "s3:GetJobTagging", "s3:GetObjectTagging", "s3:GetObjectVersionTagging", "s3:GetStorageLensConfigurationTagging", "s3:DeleteJobTagging", "s3:DeleteObjectTagging", "s3:DeleteObjectVersionTagging", "s3:PutBucketTagging", "s3:PutJobTagging", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:PutStorageLensConfigurationTagging", "s3:DeleteStorageLensConfigurationTagging", "s3:TagResource", "s3:UntagResource", "sagemaker:AddTags", "sagemaker:DeleteTags", "savingsplans:TagResource", "savingsplans:UntagResource", "schemas:TagResource", "schemas:UntagResource", "secretsmanager:TagResource", "secretsmanager:UntagResource", "securityhub:TagResource", "securityhub:UntagResource", "servicediscovery:TagResource", "servicediscovery:UntagResource", "servicequotas:TagResource", "servicequotas:UntagResource", "ses:TagResource", "ses:UntagResource", "sns:TagResource", "sns:UntagResource", "sqs:TagQueue", "sqs:UntagQueue", "ssm:AddTagsToResource", "ssm:RemoveTagsFromResource", "states:TagResource", "states:UntagResource", "storagegateway:AddTagsToResource", "storagegateway:RemoveTagsFromResource", "swf:TagResource", "swf:UntagResource", "synthetics:TagResource", "synthetics:UntagResource", "tag:GetResources", "tag:TagResources", "tag:UntagResources", "transfer:TagResource", "transfer:UntagResource", "waf-regional:TagResource", "waf-regional:UntagResource", "waf:TagResource", "waf:UntagResource", "wafv2:TagResource", "wafv2:UntagResource", "worklink:TagResource", "worklink:UntagResource", "workmail:TagResource", "workmail:UntagResource", "workspaces:CreateTags", "workspaces:DeleteTags", "xray:TagResource", "xray:UntagResource", "kinesisvideo:TagResource", "kinesisvideo:UntagResource", "redshift-serverless:TagResource", "redshift-serverless:UntagResource", "route53-recovery-control-config:TagResource", "route53-recovery-control-config:UntagResource", "route53-recovery-readiness:TagResource", "route53-recovery-readiness:UntagResource", "ssm-contacts:TagResource", "ssm-contacts:UntagResource", "ssm-incidents:TagResource", "ssm-incidents:UntagResource", "vpc-lattice:TagResource", "vpc-lattice:UntagResource", "workspaces-web:TagResource", "workspaces-web:UntagResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-11T17:51:30+00:00" }, "ResourceGroupsandTagEditorFullAccess":{ "CreateDate":"2015-02-06T18:39:53+00:00", "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "tag:getResources", "tag:getTagKeys", "tag:getTagValues", "tag:TagResources", "tag:UntagResources", "resource-groups:*", "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-10T13:29:19+00:00" }, "ResourceGroupsandTagEditorReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:54+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "tag:getResources", "tag:getTagKeys", "tag:getTagValues", "resource-groups:Get*", "resource-groups:List*", "resource-groups:Search*", "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-10T13:42:58+00:00" }, "Route53RecoveryReadinessServiceRolePolicy":{ "CreateDate":"2021-07-15T16:06:21+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:*" }, { "Action":[ "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive" ], "Effect":"Allow", "Resource":"arn:aws:dynamodb:*:*:table/*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringLike":{ "iam:AWSServiceName":"servicequotas.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas" }, { "Action":[ "lambda:GetFunctionConcurrency", "lambda:GetFunctionConfiguration", "lambda:GetProvisionedConcurrencyConfig", "lambda:ListProvisionedConcurrencyConfigs", "lambda:ListAliases", "lambda:ListVersionsByFunction" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:*" }, { "Action":[ "rds:DescribeDBClusters" ], "Effect":"Allow", "Resource":"arn:aws:rds:*:*:cluster:*" }, { "Action":[ "rds:DescribeDBInstances" ], "Effect":"Allow", "Resource":"arn:aws:rds:*:*:db:*" }, { "Action":[ "route53:ListResourceRecordSets" ], "Effect":"Allow", "Resource":"arn:aws:route53:::hostedzone/*" }, { "Action":[ "route53:GetHealthCheck", "route53:GetHealthCheckStatus" ], "Effect":"Allow", "Resource":"arn:aws:route53:::healthcheck/*" }, { "Action":[ "servicequotas:RequestServiceQuotaIncrease" ], "Effect":"Allow", "Resource":"arn:aws:servicequotas:*:*:*" }, { "Action":[ "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:*" }, { "Action":[ "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "Effect":"Allow", "Resource":"arn:aws:sqs:*:*:*" }, { "Action":[ "apigateway:GET", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeLoadBalancerTargetGroups", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribePolicies", "cloudwatch:GetMetricData", "cloudwatch:DescribeAlarms", "dynamodb:DescribeLimits", "dynamodb:ListGlobalTables", "dynamodb:ListTables", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "kafka:DescribeCluster", "kafka:DescribeConfigurationRevision", "lambda:ListEventSourceMappings", "lambda:ListFunctions", "rds:DescribeAccountAttributes", "route53:GetHostedZone", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListServiceQuotas", "servicequotas:ListServices", "sns:GetEndpointAttributes", "sns:GetSubscriptionAttributes" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-02-14T18:08:46+00:00" }, "Route53ResolverServiceRolePolicy":{ "CreateDate":"2020-08-12T17:47:24+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", "s3:GetBucketPolicy" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-12T17:47:24+00:00" }, "S3StorageLensServiceRolePolicy":{ "CreateDate":"2020-11-18T18:15:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AwsOrgsAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-18T18:15:40+00:00" }, "S3UnlockBucketPolicy":{ "CreateDate":"2024-11-06T21:55:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Effect":"Deny", "NotAction":[ "s3:DeleteBucketPolicy", "s3:PutBucketPolicy", "s3:GetBucketPolicy", "s3:ListAllMyBuckets" ], "Resource":"*", "Sid":"DenyAllOtherActionsOnAnyResource" }, { "Action":[ "s3:DeleteBucketPolicy", "s3:PutBucketPolicy", "s3:GetBucketPolicy", "s3:ListAllMyBuckets" ], "Condition":{ "StringNotLike":{ "aws:PrincipalArn":"arn:aws:iam::*:root" } }, "Effect":"Deny", "Resource":"*", "Sid":"DenyManagingBucketPolicyForNonRootCallers" } ], "Version":"2012-10-17" }, "Path":"/root-task/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-06T21:55:56+00:00" }, "SMSVoiceServiceRolePolicy":{ "CreateDate":"2024-11-14T17:04:34+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"cloudwatch:PutMetricData", "Condition":{ "StringEquals":{ "cloudwatch:namespace":"AWS/SMSVoice" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-14T17:04:34+00:00" }, "SQSUnlockQueuePolicy":{ "CreateDate":"2024-11-06T21:51:02+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Effect":"Deny", "NotAction":[ "sqs:SetQueueAttributes", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:GetQueueUrl" ], "Resource":"*", "Sid":"DenyAllOtherActionsOnAnyResource" }, { "Action":[ "sqs:GetQueueAttributes" ], "Condition":{ "StringNotEqualsIfExists":{ "aws:ResourceAccount":[ "${aws:PrincipalAccount}" ] } }, "Effect":"Deny", "Resource":"arn:aws:sqs:*:*:*", "Sid":"DenyGettingQueueAttributesOnNonOwnQueue" }, { "Action":[ "sqs:SetQueueAttributes", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:GetQueueUrl" ], "Condition":{ "StringNotLike":{ "aws:PrincipalArn":"arn:aws:iam::*:root" } }, "Effect":"Deny", "Resource":"*", "Sid":"DenyActionsForNonRootUser" } ], "Version":"2012-10-17" }, "Path":"/root-task/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-06T21:51:02+00:00" }, "SSMQuickSetupRolePolicy":{ "CreateDate":"2024-06-25T15:20:04+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "ssm:ListResourceDataSync" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMResourceDataSyncPermissions" }, { "Action":[ "ssm:GetOpsSummary" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:resource-data-sync/AWS-QuickSetup-*", "Sid":"SSMResourceDataSyncGetOpsSummaryPermissions" }, { "Action":[ "ssm:DeleteResourceDataSync" ], "Condition":{ "StringEquals":{ "ssm:SyncType":"SyncFromSource" } }, "Effect":"Allow", "Resource":"arn:aws:ssm:*:*:resource-data-sync/AWS-QuickSetup-*", "Sid":"SSMResourceDataSyncManagePermissions" }, { "Action":[ "ssm:ListAssociations", "ssm:DescribeAssociationExecutions" ], "Effect":"Allow", "Resource":"*", "Sid":"SSMAssociationsReadOnlyPermissions" }, { "Action":[ "ssm:DescribeDocument", "ssm:GetDocument" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSQuickSetupType-*", "arn:aws:ssm:*:*:document/*-AWSQuickSetupType-*" ], "Sid":"QuickSetupSSMDocumentsReadOnlyPermissions" }, { "Action":[ "organizations:ListAccounts", "organizations:ListRoots", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListDelegatedServicesForAccount" ], "Effect":"Allow", "Resource":"*", "Sid":"OrganizationReadOnlyPermissions" }, { "Action":[ "cloudformation:DescribeStackInstance", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:ListStackSetOperations", "cloudformation:ListStackSetOperationResults", "cloudformation:GetTemplate" ], "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-*", "arn:aws:cloudformation:*:*:stackset/SSMQuickSetup*", "arn:aws:cloudformation:*:*:stack/StackSet-AWS-QuickSetup-*", "arn:aws:cloudformation:*:*:stack/StackSet-SSMQuickSetup*" ], "Sid":"QuickSetupStackSetReadOnlyPermissions" }, { "Action":[ "cloudformation:DeleteStackInstances", "cloudformation:DeleteStackSet" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-*", "arn:aws:cloudformation:*:*:stackset/SSMQuickSetup*", "arn:aws:cloudformation:*:*:stack/StackSet-AWS-QuickSetup-*", "arn:aws:cloudformation:*:*:stack/StackSet-SSMQuickSetup*", "arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-*", "arn:aws:cloudformation:*:*:stackset-target/SSMQuickSetup*", "arn:aws:cloudformation:*:*:type/resource/*" ], "Sid":"QuickSetupStackSetDeletePermissions" }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"QuickSetupCfnStacksDescribePermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-18T13:06:59+00:00" }, "SageMakerStudioBedrockAgentServiceRolePolicy":{ "CreateDate":"2025-02-13T23:37:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "bedrock:GetInferenceProfile", "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:application-inference-profile/*", "Sid":"BedrockAppInferenceProfileInvocationPermissions" }, { "Action":[ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "Null":{ "bedrock:InferenceProfileArn":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*:*:provisioned-model/*" ], "Sid":"BedrockModelInvocationPermissions" }, { "Action":"bedrock:ApplyGuardrail", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:guardrail/*", "Sid":"BedrockApplyGuardrailPermissions" }, { "Action":"bedrock:RetrieveAndGenerate", "Effect":"Allow", "Resource":"*", "Sid":"BedrockRetrieveAndGeneratePermissions" }, { "Action":"lambda:InvokeFunction", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:amazon-bedrock*", "Sid":"LambdaInvokeFunctionInProjectPermissions" }, { "Action":"bedrock:Retrieve", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:knowledge-base/*", "Sid":"BedrockRetrievePermissions" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion", "s3:GetObjectVersionAttributes", "s3:GetObjectAttributes" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/*", "Sid":"S3GetObjectPermissions" }, { "Action":"kms:Decrypt", "Condition":{ "Null":{ "kms:EncryptionContext:aws:bedrock:guardrail-id":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"BedrockGuardrailKmsPermissions" }, { "Action":"kms:Decrypt", "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":[ "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/*" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"S3KmsPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-13T23:37:06+00:00" }, "SageMakerStudioBedrockChatAgentUserRolePolicy":{ "CreateDate":"2025-02-13T23:52:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"bedrock:GetAgentAlias", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:agent-alias/${aws:PrincipalTag/AgentId}/${aws:PrincipalTag/AgentAliasId}", "Sid":"BedrockGetAgentAliasPermissions" }, { "Action":"bedrock:InvokeAgent", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:agent-alias/${aws:PrincipalTag/AgentId}/${aws:PrincipalTag/AgentAliasId}", "Sid":"BedrockInvokeAgentPermissions" }, { "Action":[ "bedrock:GetAgent", "bedrock:GetAgentActionGroup", "bedrock:GetAgentKnowledgeBase", "bedrock:GetAgentVersion", "bedrock:ListAgentActionGroups", "bedrock:ListAgentAliases", "bedrock:ListAgentKnowledgeBases", "bedrock:ListAgentVersions" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:agent/${aws:PrincipalTag/AgentId}", "Sid":"BedrockGetAndListAgentMetadataPermissions" }, { "Action":"s3:ListBucket", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "s3:prefix":"${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/${aws:PrincipalTag/AppDefinitionPath}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/AppDefinitionPath":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"S3ListAppDefinitionPermissions" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/AppDefinitionPath":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/${aws:PrincipalTag/AppDefinitionPath}", "Sid":"S3GetAppDefinitionPermissions" }, { "Action":"s3:ListBucket", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "s3:prefix":"${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/${aws:PrincipalTag/DataSourcePath}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DataSourcePath":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"S3ListDataSourcePermissions" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DataSourcePath":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/${aws:PrincipalTag/DataSourcePath}", "Sid":"S3GetDataSourcePermissions" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:EncryptionContext:aws:bedrock:arn":"arn:aws:bedrock:*:${aws:PrincipalAccount}:agent/${aws:PrincipalTag/AgentId}", "kms:ViaService":"bedrock.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"BedrockAgentKmsPermissions" }, { "Action":"kms:Decrypt", "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":[ "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/*" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"S3KmsPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-13T23:52:06+00:00" }, "SageMakerStudioBedrockEvaluationJobServiceRolePolicy":{ "CreateDate":"2025-02-14T00:37:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream", "bedrock:GetInferenceProfile" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"BedrockEvaluationInferenceProfileInvocationPermissions" }, { "Action":[ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "Null":{ "bedrock:InferenceProfileArn":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*:*:provisioned-model/*" ], "Sid":"BedrockInvokeModelPermissions" }, { "Action":[ "bedrock:CreateModelInvocationJob", "bedrock:StopModelInvocationJob", "bedrock:GetProvisionedModelThroughput" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"BedrockModelInvocationPermissions" }, { "Action":"s3:GetBucketLocation", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"S3GetBucketLocationPermissions" }, { "Action":"s3:ListBucket", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "s3:prefix":"${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/*" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"S3ListBucketPermissions" }, { "Action":[ "s3:GetObject", "s3:PutObject", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/*" ], "Sid":"S3EvaluationPermissions" }, { "Action":"kms:DescribeKey", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"KmsDescribeKeyPermissions" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":[ "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/*" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"S3KmsPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-14T00:37:06+00:00" }, "SageMakerStudioBedrockFlowServiceRolePolicy":{ "CreateDate":"2025-02-14T00:07:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"bedrock:GetPrompt", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:prompt/*", "Sid":"BedrockPromptPermissions" }, { "Action":"bedrock:Retrieve", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:knowledge-base/*", "Sid":"BedrockKnowledgeBasePermissions" }, { "Action":"bedrock:ApplyGuardrail", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:guardrail/*", "Sid":"BedrockGuardrailPermissions" }, { "Action":"bedrock:RetrieveAndGenerate", "Effect":"Allow", "Resource":"*", "Sid":"AllowBedrockRetrieveAndGeneratePermissions" }, { "Action":"lambda:InvokeFunction", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:amazon-bedrock*", "Sid":"AllowLambdaInvokeFunctionInProjectPermissions" }, { "Action":[ "bedrock:GetInferenceProfile", "bedrock:InvokeModel" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:application-inference-profile/*", "Sid":"AllowBedrockApplicationInferenceProfileAccessInProjectPermissions" }, { "Action":"bedrock:InvokeModel", "Condition":{ "Null":{ "bedrock:InferenceProfileArn":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*:*:provisioned-model/*" ], "Sid":"AllowBedrockInvokeModelAccessWithInferenceProfilePermissions" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:EncryptionContext:aws:bedrock-prompts:arn":"arn:aws:bedrock:*:${aws:PrincipalAccount}:prompt/*", "kms:ViaService":"bedrock.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"BedrockPromptKmsPermissions" }, { "Action":"kms:Decrypt", "Condition":{ "Null":{ "kms:EncryptionContext:aws:bedrock:guardrail-id":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"bedrock.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"BedrockGuardrailKmsPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-12T18:37:06+00:00" }, "SageMakerStudioBedrockFunctionExecutionRolePolicy":{ "CreateDate":"2025-02-25T03:52:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:amazon-bedrock*", "Sid":"SecretsManagerReadPermissions" }, { "Action":"kms:Decrypt", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:EncryptionContext:SecretARN":"arn:aws:secretsmanager:*:${aws:PrincipalAccount}:secret:amazon-bedrock*", "kms:ViaService":"secretsmanager.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"KMSSameAccountBedrockViaSecretsManagerPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-25T03:52:07+00:00" }, "SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy":{ "CreateDate":"2025-02-25T03:37:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"aoss:APIAccessAll", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "aoss:collection":"bedrock*" } }, "Effect":"Allow", "Resource":"arn:aws:aoss:*:*:collection/*", "Sid":"OpenSearchServerlessPermissions" }, { "Action":[ "bedrock:GetIngestionJob", "bedrock:ListIngestionJobs", "bedrock:StartIngestionJob" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:knowledge-base/*", "Sid":"BedrockKnowledgeBasePermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-25T03:37:06+00:00" }, "SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy":{ "CreateDate":"2025-02-25T02:52:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "bedrock:GetInferenceProfile", "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:application-inference-profile/*", "Sid":"BedrockAppInferenceProfileInvocationPermissions" }, { "Action":[ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "Null":{ "bedrock:InferenceProfileArn":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*:*:provisioned-model/*" ], "Sid":"BedrockModelInvocationPermission" }, { "Action":"aoss:APIAccessAll", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "aoss:collection":"bedrock*" } }, "Effect":"Allow", "Resource":"arn:aws:aoss:*:*:collection/*", "Sid":"OpenSearchServerlessPermissions" }, { "Action":"s3:ListBucket", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "s3:prefix":[ "${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}", "${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/*" ] }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"ListDomainS3BucketPermissions" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/*", "Sid":"AccessDomainS3BucketPermissions" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:EncryptionContext:aws:bedrock:arn":"arn:aws:bedrock:*:${aws:PrincipalAccount}:knowledge-base/*" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"BedrockKnowledgeBaseKmsPermissions" }, { "Action":"kms:Decrypt", "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":[ "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/*" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"S3KmsPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-25T02:52:07+00:00" }, "SageMakerStudioBedrockPromptUserRolePolicy":{ "CreateDate":"2025-02-14T00:22:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"bedrock:GetPrompt", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:prompt/${aws:PrincipalTag/PromptId}:${aws:PrincipalTag/PromptVersion}", "Sid":"BedrockPromptReadOnlyPermissions" }, { "Action":"s3:ListBucket", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "s3:prefix":"${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/${aws:PrincipalTag/PromptDefinitionPath}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"", "aws:PrincipalTag/PromptDefinitionPath":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"S3ListPromptDefinitionPermissions" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"", "aws:PrincipalTag/PromptDefinitionPath":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/${aws:PrincipalTag/PromptDefinitionPath}", "Sid":"S3GetPromptDefinitionPermissions" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:EncryptionContext:aws:bedrock-prompts:arn":"arn:aws:bedrock:*:${aws:PrincipalAccount}:prompt/${aws:PrincipalTag/PromptId}", "kms:ViaService":"bedrock.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"BedrockPromptKmsPermissions" }, { "Action":"kms:Decrypt", "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":[ "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/*" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"S3KmsPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-14T00:22:06+00:00" }, "SageMakerStudioDomainExecutionRolePolicy":{ "CreateDate":"2024-11-20T21:56:55+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "datazone:AcceptPredictions", "datazone:AcceptSubscriptionRequest", "datazone:AddEntityOwner", "datazone:AddPolicyGrant", "datazone:CancelMetadataGenerationRun", "datazone:CancelSubscription", "datazone:CreateAsset", "datazone:CreateAssetFilter", "datazone:CreateAssetRevision", "datazone:CreateAssetType", "datazone:CreateConnection", "datazone:CreateDataProduct", "datazone:CreateDataProductRevision", "datazone:CreateDataSource", "datazone:CreateDomainUnit", "datazone:CreateEnvironment", "datazone:CreateEnvironmentProfile", "datazone:CreateFormType", "datazone:CreateGlossary", "datazone:CreateGlossaryTerm", "datazone:CreateListingChangeSet", "datazone:CreateProject", "datazone:CreateProjectMembership", "datazone:CreateRule", "datazone:CreateSubscriptionGrant", "datazone:CreateSubscriptionRequest", "datazone:DeleteAsset", "datazone:DeleteAssetFilter", "datazone:DeleteAssetType", "datazone:DeleteConnection", "datazone:DeleteDataProduct", "datazone:DeleteDataSource", "datazone:DeleteDomainUnit", "datazone:DeleteEnvironment", "datazone:DeleteEnvironmentProfile", "datazone:DeleteFormType", "datazone:DeleteGlossary", "datazone:DeleteGlossaryTerm", "datazone:DeleteListing", "datazone:DeleteProject", "datazone:DeleteProjectMembership", "datazone:DeleteRule", "datazone:DeleteSubscriptionGrant", "datazone:DeleteSubscriptionRequest", "datazone:DeleteSubscriptionTarget", "datazone:DeleteTimeSeriesDataPoints", "datazone:GetAsset", "datazone:GetAssetFilter", "datazone:GetAssetType", "datazone:GetConnection", "datazone:GetDataProduct", "datazone:GetDataSource", "datazone:GetDataSourceRun", "datazone:GetDomain", "datazone:GetDomainUnit", "datazone:GetEnvironment", "datazone:GetEnvironmentAction", "datazone:GetEnvironmentActionLink", "datazone:GetEnvironmentBlueprint", "datazone:GetEnvironmentBlueprintConfiguration", "datazone:GetEnvironmentCredentials", "datazone:GetEnvironmentProfile", "datazone:GetFormType", "datazone:GetGlossary", "datazone:GetGlossaryTerm", "datazone:GetGroupProfile", "datazone:GetLineageNode", "datazone:GetListing", "datazone:GetMetadataGenerationRun", "datazone:GetProject", "datazone:GetRule", "datazone:GetSubscription", "datazone:GetSubscriptionEligibility", "datazone:GetSubscriptionGrant", "datazone:GetSubscriptionRequestDetails", "datazone:GetSubscriptionTarget", "datazone:GetTimeSeriesDataPoint", "datazone:GetUpdateEligibility", "datazone:GetUserProfile", "datazone:ListAccountEnvironments", "datazone:ListAssetFilters", "datazone:ListAssetRevisions", "datazone:ListConnections", "datazone:ListDataProductRevisions", "datazone:ListDataSourceRunActivities", "datazone:ListDataSourceRuns", "datazone:ListDataSources", "datazone:ListDomainUnitsForParent", "datazone:ListEntityOwners", "datazone:ListEnvironmentActions", "datazone:ListEnvironmentBlueprintConfigurationSummaries", "datazone:ListEnvironmentBlueprintConfigurations", "datazone:ListEnvironmentBlueprints", "datazone:ListEnvironmentProfiles", "datazone:ListEnvironments", "datazone:ListGroupsForUser", "datazone:ListLineageNodeHistory", "datazone:ListMetadataGenerationRuns", "datazone:ListNotifications", "datazone:ListPolicyGrants", "datazone:ListProjectMemberships", "datazone:ListProjects", "datazone:ListRules", "datazone:ListSubscriptionGrants", "datazone:ListSubscriptionRequests", "datazone:ListSubscriptionTargets", "datazone:ListSubscriptions", "datazone:ListTimeSeriesDataPoints", "datazone:ListWarehouseMetadata", "datazone:RejectPredictions", "datazone:RejectSubscriptionRequest", "datazone:RemoveEntityOwner", "datazone:RemovePolicyGrant", "datazone:RevokeSubscription", "datazone:Search", "datazone:SearchGroupProfiles", "datazone:SearchListings", "datazone:SearchRules", "datazone:SearchTypes", "datazone:SearchUserProfiles", "datazone:StartDataSourceRun", "datazone:StartMetadataGenerationRun", "datazone:UpdateAssetFilter", "datazone:UpdateConnection", "datazone:UpdateDataSource", "datazone:UpdateDomainUnit", "datazone:UpdateEnvironment", "datazone:UpdateEnvironmentDeploymentStatus", "datazone:UpdateEnvironmentProfile", "datazone:UpdateGlossary", "datazone:UpdateGlossaryTerm", "datazone:UpdateProject", "datazone:UpdateRule", "datazone:UpdateSubscriptionGrantStatus", "datazone:UpdateSubscriptionRequest" ], "Effect":"Allow", "Resource":"*", "Sid":"DataZonePermissions" }, { "Action":[ "ram:GetResourceShareAssociations", "ram:GetResourceShares" ], "Effect":"Allow", "Resource":"*", "Sid":"RAMResourceShareStatement" }, { "Action":[ "q:StartConversation", "q:SendMessage", "q:ListConversations", "q:GetConversation", "q:PassRequest", "glue:StartCompletion", "glue:GetCompletion" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonQPermissionsStatement" }, { "Action":[ "sts:SetContext" ], "Effect":"Allow", "Resource":"arn:aws:sts::*:self", "Sid":"AllowSetTrustedIdentity" }, { "Action":[ "ssm:GetParameter" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:parameter/amazon/datazone/q/${aws:PrincipalTag/datazone-domainId}*", "arn:aws:ssm:*:*:parameter/amazon/datazone/genAI/${aws:PrincipalTag/datazone-domainId}/*" ], "Sid":"SSMGetParameterStatement" }, { "Action":[ "codeconnections:GetConnection", "codeconnections:GetHost", "codestar-connections:GetConnection", "codestar-connections:GetHost" ], "Condition":{ "Null":{ "aws:ResourceTag/for-use-with-all-datazone-projects":"false" }, "StringEquals":{ "aws:ResourceTag/for-use-with-all-datazone-projects":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"GetCodeConnectionsPermissionsStatement" }, { "Action":[ "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "codestar-connections:ListConnections", "codestar-connections:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"ListCodeConnectionsPermissionsStatement" }, { "Action":[ "codeconnections:UseConnection", "codestar-connections:UseConnection" ], "Condition":{ "Null":{ "aws:ResourceTag/for-use-with-all-datazone-projects":"false" }, "StringEquals":{ "aws:ResourceTag/for-use-with-all-datazone-projects":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"UseCodeConnectionsPermissionsStatement" }, { "Action":[ "datazone:GetProjectProfile", "datazone:ListProjectProfiles" ], "Effect":"Allow", "Resource":"arn:aws:datazone:*:*:domain/*", "Sid":"ProjectProfilePermissionsStatement" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-26T18:52:05+00:00" }, "SageMakerStudioDomainServiceRolePolicy":{ "CreateDate":"2024-11-20T21:56:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ssm:GetParameter" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:parameter/amazon/datazone/profiles/*" ], "Sid":"SSMGetParameterStatement" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "Null":{ "aws:ResourceTag/EnableKeyForAmazonDataZone":"false" }, "StringEquals":{ "aws:ResourceTag/EnableKeyForAmazonDataZone":"true" }, "StringLike":{ "kms:EncryptionContext:PARAMETER_ARN":"arn:aws:ssm:*:*:parameter/amazon/datazone/profiles*", "kms:ViaService":"ssm.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"UseKMSKeyPermissionsStatement" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-20T21:56:22+00:00" }, "SageMakerStudioEMRInstanceRolePolicy":{ "CreateDate":"2025-02-27T00:22:06+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"s3:GetObject", "Condition":{ "Null":{ "aws:PrincipalTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/certificate_location/*", "Sid":"AccessCertificateLocationS3Permission" }, { "Action":"s3:GetObject", "Condition":{ "ArnLike":{ "s3:DataAccessPointArn":"arn:aws:s3:*:*:accesspoint/env-blueprint-accesspoint" }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::default-env-blueprint-*/*", "arn:aws:s3:*:*:accesspoint/env-blueprint-accesspoint*" ], "Sid":"AccessPatchingRPMsS3Permission" }, { "Action":"s3:GetObject", "Condition":{ "Null":{ "aws:PrincipalTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/AmazonDataZoneScopeName":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/${aws:PrincipalTag/AmazonDataZoneScopeName}/sys/emr/bootstrap-script/*", "Sid":"AccessBootstrapActionScriptS3Permission" }, { "Action":"s3:PutObject", "Condition":{ "Null":{ "aws:PrincipalTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/AmazonDataZoneScopeName":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/${aws:PrincipalTag/AmazonDataZoneScopeName}/sys/emr/*", "Sid":"EMRClusterLogUploadS3Permission" }, { "Action":[ "sts:AssumeRole", "sts:TagSession" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "LakeFormationAuthorizedCaller" ] }, "StringEquals":{ "iam:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"EMRRuntimeRoleAssumePermissions" }, { "Action":[ "kms:CreateGrant", "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "Null":{ "kms:EncryptionContextKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"EMRKMSPermissions" }, { "Action":"kms:GenerateDataKey", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"AllowGenerateDataKeyForEbsEncryption" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-27T00:22:06+00:00" }, "SageMakerStudioEMRServiceRolePolicy":{ "CreateDate":"2025-01-31T19:52:07+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"iam:PassRole", "Condition":{ "Null":{ "aws:PrincipalTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "iam:PassedToService":"ec2.amazonaws.com" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneEnvironment":"", "aws:PrincipalTag/AmazonDataZoneProject":"" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/datazone_emr_ec2_instance_role_${aws:PrincipalTag/AmazonDataZoneProject}_${aws:PrincipalTag/AmazonDataZoneEnvironment}", "Sid":"PassRoleToEMREC2InstanceRole" }, { "Action":[ "ec2:CreateNetworkInterface", "ec2:RunInstances", "ec2:CreateFleet" ], "Condition":{ "ArnLike":{ "ec2:Vpc":"arn:aws:ec2:*:*:vpc/${aws:PrincipalTag/VpcId}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"CreateInNetworkForSharedSubnet" }, { "Action":[ "kms:CreateGrant", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "Null":{ "kms:EncryptionContextKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"EMRKMSPermissions" }, { "Action":"kms:GenerateDataKey", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"AllowGenerateDataKeyForEbsEncryption" }, { "Action":[ "kms:ListGrants", "kms:RevokeGrant", "kms:DescribeKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "ec2.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"AllowEMRForKMSManagement" }, { "Action":"kms:ListAliases", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"AllowEMRToListKmsAliases" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-27T00:22:06+00:00" }, "SageMakerStudioFullAccess":{ "CreateDate":"2024-11-28T00:06:07+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "datazone:*" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"AmazonDataZoneStatement" }, { "Action":[ "kms:DescribeKey", "kms:ListAliases", "iam:ListRoles", "sso:DescribeRegisteredRegions", "s3:ListAllMyBuckets", "redshift:DescribeClusters", "redshift-serverless:ListWorkgroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "secretsmanager:ListSecrets", "iam:ListUsers", "glue:GetDatabases", "codeconnections:ListConnections", "codeconnections:ListTagsForResource", "codewhisperer:ListProfiles", "bedrock:ListInferenceProfiles", "bedrock:ListFoundationModels", "bedrock:ListTagsForResource", "aoss:ListSecurityPolicies" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"ReadOnlyStatement" }, { "Action":[ "s3:ListBucket", "s3:GetBucketLocation" ], "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"BucketReadOnlyStatement" }, { "Action":[ "s3:CreateBucket" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::amazon-datazone*", "arn:aws:s3:::amazon-sagemaker*" ], "Sid":"CreateBucketStatement" }, { "Action":[ "s3:PutBucketCORS", "s3:PutBucketPolicy", "s3:PutBucketVersioning" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::amazon-sagemaker*" ], "Sid":"ConfigureBucketStatement" }, { "Action":[ "ram:CreateResourceShare" ], "Condition":{ "StringEqualsIfExists":{ "ram:RequestedResourceType":"datazone:Domain" } }, "Effect":"Allow", "Resource":"*", "Sid":"RamCreateResourceStatement" }, { "Action":[ "ram:DeleteResourceShare", "ram:AssociateResourceShare", "ram:DisassociateResourceShare", "ram:RejectResourceShareInvitation" ], "Condition":{ "StringLike":{ "ram:ResourceShareName":[ "DataZone*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"RamResourceStatement" }, { "Action":[ "ram:GetResourceShares", "ram:GetResourceShareInvitations", "ram:GetResourceShareAssociations", "ram:ListResourceSharePermissions" ], "Effect":"Allow", "Resource":"*", "Sid":"RamResourceReadOnlyStatement" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:passedToService":"datazone.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonDataZone*", "arn:aws:iam::*:role/service-role/AmazonSageMaker*" ], "Sid":"IAMPassRoleStatement" }, { "Action":"iam:GetPolicy", "Effect":"Allow", "Resource":[ "arn:aws:iam::*:policy/service-role/AmazonDataZoneRedshiftAccessPolicy*" ], "Sid":"IAMGetPolicyStatement" }, { "Action":[ "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneDomain", "AmazonDataZoneProject" ] }, "StringLike":{ "aws:RequestTag/AmazonDataZoneDomain":"dzd_*", "aws:ResourceTag/AmazonDataZoneDomain":"dzd_*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Sid":"DataZoneTagOnCreateDomainProjectTags" }, { "Action":[ "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneDomain" ] }, "StringLike":{ "aws:RequestTag/AmazonDataZoneDomain":"dzd_*", "aws:ResourceTag/AmazonDataZoneDomain":"dzd_*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Sid":"DataZoneTagOnCreate" }, { "Action":[ "secretsmanager:CreateSecret" ], "Condition":{ "StringLike":{ "aws:RequestTag/AmazonDataZoneDomain":"dzd_*" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", "Sid":"CreateSecretStatement" }, { "Action":[ "codeconnections:GetConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:codeconnections:*:*:connection/*" ], "Sid":"ConnectionStatement" }, { "Action":[ "codeconnections:TagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "for-use-with-all-datazone-projects" ] }, "StringEquals":{ "aws:RequestTag/for-use-with-all-datazone-projects":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:codeconnections:*:*:connection/*", "arn:aws:codeconnections:*:*:host/*" ], "Sid":"TagCodeConnectionsStatement" }, { "Action":[ "codeconnections:UntagResource" ], "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":"for-use-with-all-datazone-projects" } }, "Effect":"Allow", "Resource":[ "arn:aws:codeconnections:*:*:connection/*", "arn:aws:codeconnections:*:*:host/*" ], "Sid":"UntagCodeConnectionsStatement" }, { "Action":[ "ssm:GetParameter", "ssm:GetParametersByPath", "ssm:PutParameter", "ssm:DeleteParameter" ], "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:parameter/amazon/datazone/q*", "arn:aws:ssm:*:*:parameter/amazon/datazone/genAI*", "arn:aws:ssm:*:*:parameter/amazon/datazone/profiles*" ], "Sid":"SSMParameterStatement" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "Null":{ "aws:ResourceTag/EnableKeyForAmazonDataZone":"false" }, "StringEquals":{ "aws:ResourceTag/EnableKeyForAmazonDataZone":"true" }, "StringLike":{ "kms:ViaService":"ssm.*.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"UseKMSKeyPermissionsStatement" }, { "Action":[ "aoss:GetSecurityPolicy", "aoss:CreateSecurityPolicy" ], "Condition":{ "StringLike":{ "aoss:collection":"bedrock-ide-*" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"SecurityPolicyStatement" }, { "Action":[ "bedrock:GetFoundationModel", "bedrock:GetFoundationModelAvailability" ], "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*" ], "Sid":"GetFoundationModelStatement" }, { "Action":[ "bedrock:GetInferenceProfile" ], "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:inference-profile/*", "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"GetInferenceProfileStatement" }, { "Action":[ "bedrock:CreateInferenceProfile" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonDataZoneDomain":"false", "aws:RequestTag/AmazonDataZoneProject":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"ApplicationInferenceProfileStatement" }, { "Action":[ "bedrock:TagResource" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonDataZoneDomain":"false", "aws:RequestTag/AmazonDataZoneProject":"true", "aws:ResourceTag/AmazonDataZoneDomain":"false", "aws:ResourceTag/AmazonDataZoneProject":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"TagApplicationInferenceProfileStatement" }, { "Action":[ "bedrock:DeleteInferenceProfile" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneDomain":"false", "aws:ResourceTag/AmazonDataZoneProject":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:application-inference-profile/*" ], "Sid":"DeleteApplicationInferenceProfileStatement" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-21T22:52:06+00:00" }, "SageMakerStudioProjectProvisioningRolePolicy":{ "CreateDate":"2024-11-20T21:58:39+00:00", "DefaultVersionId":"v12", "Document":{ "Statement":[ { "Action":[ "cloudformation:CreateStack", "cloudformation:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/DataZone*" ], "Sid":"CloudFormationStackCreationAndTagging" }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:UpdateStack" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/DataZone*" ], "Sid":"CloudFormationStackManagement" }, { "Action":[ "cloudformation:DeleteStack" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/DataZone*" ], "Sid":"CloudFormationStackDeletion" }, { "Action":[ "cloudformation:DescribeStacks" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:stack/DataZone*" ], "Sid":"CloudFormationListStacks" }, { "Action":[ "lakeformation:GetDataLakeSettings", "lakeformation:PutDataLakeSettings", "lakeformation:RevokePermissions", "lakeformation:BatchRevokePermissions", "lakeformation:ListPermissions" ], "Effect":"Allow", "Resource":"*", "Sid":"LakeFormationPermissionsForDataLakeValidation" }, { "Action":[ "lakeformation:RegisterResource", "lakeformation:DeregisterResource", "lakeformation:GrantPermissions", "lakeformation:BatchGrantPermissions", "lakeformation:ListResources" ], "Effect":"Allow", "Resource":"*", "Sid":"LakeFormationPermissionsForDataLakeResourceGrant" }, { "Action":"s3:GetObject", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"PermissionsToGetBlueprintTemplates" }, { "Action":[ "codecommit:CreateRepository", "codecommit:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:codecommit:*:*:datazone*", "Sid":"CodeCommitCreationAndTagging" }, { "Action":[ "codecommit:DeleteRepository", "codecommit:UpdateRepositoryEncryptionKey", "codecommit:PutRepositoryTriggers" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:codecommit:*:*:datazone*", "Sid":"CodeCommitDeletion" }, { "Action":[ "codecommit:GetBranch", "codecommit:CreateCommit", "codecommit:GetRepository", "codecommit:GetFile" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:codecommit:*:*:datazone*", "Sid":"CodeCommitAccess" }, { "Action":[ "codecommit:ListRepositories" ], "Effect":"Allow", "Resource":"*", "Sid":"CodeCommitListRepositories" }, { "Action":[ "kms:Decrypt", "kms:ReEncryptTo", "kms:ReEncryptFrom", "kms:GenerateDataKey" ], "Condition":{ "Null":{ "kms:EncryptionContext:aws:codecommit:id":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "codecommit.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeCommitKmsPermissions" }, { "Action":[ "iam:GetRole" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*", "arn:aws:iam::*:role/AmazonBedrock*", "arn:aws:iam::*:role/BedrockStudio*" ], "Sid":"GetIAMRole" }, { "Action":[ "iam:CreateRole", "iam:DetachRolePolicy", "iam:DeleteRolePolicy", "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePermissionsBoundary" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*", "arn:aws:iam::*:role/AmazonBedrockExecution*", "arn:aws:iam::*:role/BedrockStudio*", "arn:aws:iam::*:role/AmazonBedrockConsumptionRole*", "arn:aws:iam::*:role/AmazonBedrockEvaluation*" ], "Sid":"IAMRoleAndPolicyManagement" }, { "Action":[ "iam:DeleteRolePolicy", "iam:PutRolePolicy" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePermissionsBoundary" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*" ], "Sid":"IAMRoleAndPolicyManagementFromDataZone" }, { "Action":[ "iam:CreateRole" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*", "arn:aws:iam::*:role/AmazonBedrock*" ], "Sid":"IAMRoleCreation" }, { "Action":[ "iam:DetachRolePolicy", "iam:AttachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePolicy", "arn:aws:iam::aws:policy/SageMakerStudioProjectRoleMachineLearningPolicy", "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRServiceRolePolicy", "arn:aws:iam::aws:policy/service-role/SageMakerStudioEMRInstanceRolePolicy", "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2", "arn:aws:iam::aws:policy/AmazonSageMakerPartnerAppsFullAccess" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*" ], "Sid":"IAMRoleManagement" }, { "Action":[ "iam:AttachRolePolicy", "iam:DetachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockAgentServiceRolePolicy", "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockChatAgentUserRolePolicy", "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockFlowServiceRolePolicy", "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockFunctionExecutionRolePolicy", "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockKnowledgeBaseServiceRolePolicy", "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockKnowledgeBaseCustomResourcePolicy", "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockPromptUserRolePolicy", "arn:aws:iam::aws:policy/service-role/SageMakerStudioBedrockEvaluationJobServiceRolePolicy" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AmazonBedrock*", "Sid":"IAMRoleManagementForBedrock" }, { "Action":"iam:TagRole", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "AmazonBedrockManaged", "RedshiftDb*", "EnableAmazonBedrockPermissions", "EnableAmazonBedrockIDEPermissions", "EnableGlueWorkloadsPermissions", "EnableSageMakerMLWorkloadsPermissions", "DomainBucketName", "KmsKeyId", "LogGroupName", "RoleName", "vpcArn", "VpcId", "CreatedForUseWithSageMakerStudio", "SageMakerStudioQueryExecutionRole" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_usr_role_*", "arn:aws:iam::*:role/datazone-partner-apps-*", "arn:aws:iam::*:role/datazone_redshift_serverless_admin_role_*", "arn:aws:iam::*:role/AmazonBedrock*", "arn:aws:iam::*:role/BedrockStudio*", "arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole" ], "Sid":"IAMRoleTagging" }, { "Action":"iam:TagRole", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "AmazonBedrockManaged", "DomainBucketName", "KmsKeyId", "AgentId", "AgentAliasId", "AppDefinitionPath", "DataSourcePath", "PromptId", "PromptVersion", "PromptDefinitionPath", "OpenSearchServerlessCollectionId" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AmazonBedrock*", "Sid":"IAMRoleTaggingForBedrock" }, { "Action":"iam:TagRole", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "RedshiftDb*" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_usr_role_*" ], "Sid":"IAMRoleTaggingForRedshift" }, { "Action":"iam:TagRole", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "DataZone*", "for-use-with-amazon-emr-managed-policies", "DomainBucketName", "KmsKeyId", "VpcId" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_emr_service_role_*", "arn:aws:iam::*:role/datazone_emr_ec2_instance_role_*" ], "Sid":"IAMRoleTaggingForEmr" }, { "Action":"iam:UntagRole", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":"EnableAmazonBedrockIDEPermissions" }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/datazone_usr_role_*", "Sid":"IAMRoleUntagging" }, { "Action":[ "iam:DeleteRole", "iam:ListRolePolicies", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*", "arn:aws:iam::*:role/AmazonBedrock*", "arn:aws:iam::*:role/BedrockStudio*" ], "Sid":"IamManageRoles" }, { "Action":[ "iam:GetRole", "iam:UpdateAssumeRolePolicy" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_usr_role_*", "arn:aws:iam::*:role/datazone_emr_*", "arn:aws:iam::*:role/datazone-partner-apps-*", "arn:aws:iam::*:role/AmazonBedrock*" ], "Sid":"IamManageRolesFromDataZone" }, { "Action":[ "iam:AttachRolePolicy" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePermissionsBoundary" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*" ], "Sid":"IamAttachPolicyFromService" }, { "Action":[ "iam:DetachRolePolicy" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*" ], "Sid":"IamDetachPolicyFromService" }, { "Action":[ "iam:DeletePolicy", "iam:CreatePolicy", "iam:ListPolicies", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:CreatePolicyVersion", "iam:ListPolicyVersions", "iam:DeletePolicyVersion" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:policy/datazone*", "arn:aws:iam::*:policy/connector-manage-access-policy*", "arn:aws:iam::*:policy/SageMakerStudioQueryExecutionRolePolicy" ], "Sid":"IAMPolicyManagementFromService" }, { "Action":[ "iam:ListPolicies" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMPolicyManagementWithoutRequiredResources" }, { "Action":[ "glue:ListConnectionTypes", "glue:DescribeConnectionType" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueConnectionTypeUnrestrictedAccess" }, { "Action":[ "iam:GetInstanceProfile", "iam:CreateInstanceProfile", "iam:AddRoleToInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:DeleteInstanceProfile" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:instance-profile/datazone_emr_ec2_instance_profile_*", "Sid":"IAMInstanceProfileManagement" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com", "glue.amazonaws.com" ], "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":[ "glue.amazonaws.com", "lakeformation.amazonaws.com", "redshift-serverless.amazonaws.com", "redshift.amazonaws.com", "emr-serverless.amazonaws.com", "airflow.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_usr_role_*", "arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole" ], "Sid":"IamPassRole" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":[ "sagemaker.amazonaws.com", "redshift-serverless.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_usr_role_*" ], "Sid":"IamPassRoleFromDataZone" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":[ "glue.amazonaws.com", "lakeformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_usr_role_*", "arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole" ], "Sid":"IamPassRoleForGlueCatalog" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":[ "elasticmapreduce.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_emr_service_role_*" ], "Sid":"IamPassRoleForEmrServiceRole" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":[ "ec2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_emr_ec2_instance_role_*" ], "Sid":"IamPassRoleForEmrInstanceRole" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":"bedrock.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonBedrock*", "arn:aws:iam::*:role/BedrockStudio*" ], "Sid":"IamPassRoleToBedrock" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":"lambda.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonBedrock*", "arn:aws:iam::*:role/BedrockStudio*" ], "Sid":"IamPassRoleToLambda" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:AWSServiceName":"observability.aoss.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/observability.aoss.amazonaws.com/AWSServiceRoleForAmazonOpenSearchServerless", "Sid":"IamCreateServiceLinkedRoleForAoss" }, { "Action":[ "glue:CreateDatabase", "glue:GetDatabase" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:database/default", "arn:aws:glue:*:*:catalog" ], "Sid":"GlueDefaultDatabaseCreation" }, { "Action":[ "glue:CreateDatabase" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:catalog" ], "Sid":"GlueDatabaseCreationFromCloudFormation" }, { "Action":[ "glue:GetDatabase" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:catalog" ], "Sid":"GlueGetDatabaseForTagging" }, { "Action":[ "glue:DeleteDatabase" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"GlueDatabaseDeletion" }, { "Action":[ "glue:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*" ] }, "Null":{ "aws:RequestTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"TagGlueResources" }, { "Action":"glue:GetConnection", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:connection/datazone-glue-network-connection-*" ], "Sid":"GetGlueConnectionToAllowTagging" }, { "Action":[ "glue:CreateConnection", "glue:DeleteConnection" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:connection/datazone-glue-network-connection-*", "arn:aws:glue:*:*:catalog" ], "Sid":"GlueConnectionCreateAndDelete" }, { "Action":[ "glue:PassConnection", "glue:GetConnections", "glue:GetTags" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:connection/*", "arn:aws:glue:*:*:catalog/*" ], "Sid":"FederatedDataGlueConnectionPermissions" }, { "Action":[ "athena:CreateDataCatalog" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"arn:aws:athena:*:*:datacatalog/*", "Sid":"FederatedDataAthenaConnectionPermissions" }, { "Action":[ "glue:GetConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:connection/*", "arn:aws:glue:*:*:catalog/*" ], "Sid":"FederatedDataGetConnectionPermissions" }, { "Action":[ "athena:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "federated_athena*" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" } }, "Effect":"Allow", "Resource":"arn:aws:athena:*:*:datacatalog/*", "Sid":"FederatedDataConnectionTaggingPermissions" }, { "Action":[ "glue:CreateConnection" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:connection/*" ], "Sid":"FederatedDataConnectionGlueCreateConnection" }, { "Action":[ "glue:DeleteConnection", "glue:UpdateConnection" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:connection/*" ], "Sid":"FederatedDataConnectionGlueManageConnection" }, { "Action":[ "glue:DeleteConnection", "glue:UpdateConnection" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog" ], "Sid":"FederatedDataConnectionGlueManageConnectionOnCatalog" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "kms:EncryptionContext:glue_catalog_id":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "glue.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"GlueKmsPermissions" }, { "Action":[ "serverlessrepo:GetCloudFormationTemplate", "serverlessrepo:CreateCloudFormationTemplate" ], "Effect":"Allow", "Resource":[ "arn:aws:serverlessrepo:*:*:applications/Athena*" ], "Sid":"FederatedDBAthenaServerlessPermission" }, { "Action":[ "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"lambda.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:ecr:*:*:repository/athena-federation-repository*" ], "Sid":"FederatedDBECRPermission" }, { "Action":[ "cloudformation:CreateChangeSet", "cloudformation:DeleteChangeSet" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:cloudformation:*:*:transform/Serverless*" ], "Sid":"FederatedDBAthenaCFNPermission" }, { "Action":[ "lambda:CreateFunction", "lambda:DeleteFunction" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaLast":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:athenafederatedcatalog*" ], "Sid":"FederatedDBAthenaLambdaPermission" }, { "Action":[ "lambda:GetFunction" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":[ "athena.amazonaws.com", "cloudformation.amazonaws.com" ], "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:athenafederatedcatalog*" ], "Sid":"FederatedDBAthenaGetFunctionLambdaPermission" }, { "Action":[ "lambda:GetFunctionConfiguration", "lambda:UpdateFunctionConfiguration" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:athenafederatedcatalog*" ], "Sid":"FederatedDBAthenaUpdateLambdaPermission" }, { "Action":[ "lambda:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "aws:cloudformation:*", "federated_athena*", "lambda:createdBy" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaLast":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:athenafederatedcatalog*" ], "Sid":"FederatedDBAthenaLambdaTaggingPermission" }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringLike":{ "aws:CalledViaLast":[ "lambda.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::awsserverlessrepo*" ], "Sid":"FederatedDBAthenaS3Permission" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "Null":{ "s3:prefix":"true" }, "StringEquals":{ "aws:CalledViaLast":[ "glue.amazonaws.com" ], "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*" ], "Sid":"FederatedDBGlueS3Permission" }, { "Action":[ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents" ], "Condition":{ "Null":{ "aws:ResourceTag/federated_athena_datacatalog":"false" } }, "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/athenafederatedcatalog*", "Sid":"FederatedDBAthenaCommonPermission" }, { "Action":[ "athena:DeleteDataCatalog", "athena:GetDataCatalog", "athena:UpdateDataCatalog" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:athena:*:*:datacatalog/*", "Sid":"DataCatalogAccessForFederatedDatabase" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":[ "lambda.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone_usr_role_*" ], "Sid":"IamPassProjectRoleToLambdaForFederatedDataConnection" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole", "Sid":"IamGetRoleProvisioningRoleForFederatedDataConnection" }, { "Action":[ "glue:CreateCatalog" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*" ], "Sid":"GlueCatalogCreation" }, { "Action":[ "glue:GetCatalog", "glue:GetCatalogs", "glue:UpdateCatalog", "glue:DeleteCatalog", "glue:GetDatabase" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*" ], "Sid":"GlueCatalogManagement" }, { "Action":[ "redshift-serverless:CreateNamespace", "redshift-serverless:CreateWorkgroup", "redshift-serverless:DeleteNamespace", "redshift-serverless:DeleteWorkgroup", "redshift-serverless:ListTagsForResource" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Sid":"RedShiftPermissionsForGlueCatalogs" }, { "Action":[ "redshift:AssociateDataShareConsumer", "redshift:AuthorizeDataShare" ], "Condition":{ "ForAnyValue:StringLike":{ "aws:CalledVia":[ "redshift-serverless.amazonaws.com", "glue.amazonaws.com" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift:*:*:datashare:*/*" ], "Sid":"RedShiftDataSharePermissionsForGlueCatalogs" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:PutBucketPolicy", "s3:PutEncryptionConfiguration", "s3:PutLifecycleConfiguration", "s3:PutBucketVersioning", "s3:PutBucketTagging" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::redshift-staging-bucket-*", "Sid":"RedShiftStagingBucketCreation" }, { "Action":[ "redshift-serverless:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*" ] }, "Null":{ "aws:RequestTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Sid":"RedshiftServerlessTaggingForGlueCatalog" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Condition":{ "Null":{ "aws:TagKeys":"true" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:vpc/*" ], "Sid":"SecurityGroupCreation" }, { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"SecurityGroupAuthorize" }, { "Action":[ "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"SecurityGroupManagement" }, { "Action":[ "ec2:RevokeSecurityGroupIngress" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"SecurityGroupIngressRevokeForEMR" }, { "Action":"ec2:CreateTags", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "for-use-with-amazon-emr-managed-policies", "aws:cloudformation:*" ] }, "Null":{ "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:security-group/*" ], "Sid":"EC2ResourceTagging" }, { "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "ec2:DescribeNatGateways", "ec2:DescribeRouteTables", "ec2:DescribeSubnets" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeNetworksPermissions" }, { "Action":"logs:DescribeLogGroups", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"DescribeLogGroups" }, { "Action":[ "logs:CreateLogGroup", "logs:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "AmazonBedrockManaged" ] }, "Null":{ "aws:RequestTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:datazone-*", "arn:aws:logs:*:*:log-group:/aws/lambda/amazon-bedrock-ide-*" ], "Sid":"LogGroupCreation" }, { "Action":"logs:PutRetentionPolicy", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:datazone-*", "arn:aws:logs:*:*:log-group:/aws/lambda/amazon-bedrock-ide-*" ], "Sid":"LogGroupPutRetentionPolicy" }, { "Action":[ "logs:DeleteLogGroup", "logs:DeleteRetentionPolicy", "logs:GetDataProtectionPolicy", "logs:PutDataProtectionPolicy", "logs:DeleteDataProtectionPolicy", "logs:AssociateKmsKey", "logs:DisassociateKmsKey", "logs:ListTagsForResource" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:datazone-*", "arn:aws:logs:*:*:log-group:/aws/lambda/amazon-bedrock-ide-*" ], "Sid":"ManageLogGroups" }, { "Action":[ "athena:CreateWorkGroup", "athena:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:athena:*:*:workgroup/*", "Sid":"AthenaWorkgroupCreationAndTagging" }, { "Action":[ "athena:DeleteWorkGroup", "athena:GetWorkGroup" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:athena:*:*:workgroup/*", "Sid":"AthenaWorkgroupDeletion" }, { "Action":[ "redshift-serverless:CreateNamespace", "redshift-serverless:CreateWorkgroup", "redshift-serverless:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Sid":"RedshiftServerlessCreationAndTagging" }, { "Action":[ "redshift-serverless:ListTagsForResource" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Sid":"RedshiftServerlessListTags" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:ResourceTag/CreatedBy":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowSecretManagement" }, { "Action":[ "secretsmanager:DescribeSecret" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowDescribeSecretPerProject" }, { "Action":[ "secretsmanager:DescribeSecret" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-all-datazone-projects":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowDescribeSecretTaggedForAllProjects" }, { "Action":[ "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "CreatedBy" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:ResourceTag/CreatedBy":"false", "aws:TagKeys":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowSecretTagging" }, { "Action":[ "kms:GenerateDataKey", "kms:Decrypt" ], "Condition":{ "Null":{ "kms:EncryptionContext:SecretARN":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "secretsmanager.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"SecretsManagerKmsPermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift", "arn:aws:iam::*:role/aws-service-role/sagemaker.amazonaws.com/AWSServiceRoleForAmazonSageMakerNotebooks", "arn:aws:iam::*:role/aws-service-role/ops.emr-serverless.amazonaws.com/AWSServiceRoleForAmazonEMRServerless", "arn:aws:iam::*:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA", "arn:aws:iam::*:role/aws-service-role/elasticmapreduce.amazonaws.com/AWSServiceRoleForEMRCleanup" ], "Sid":"ServiceLinkedRoleCreation" }, { "Action":[ "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups", "redshift:GetResourcePolicy" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftServerlessCreationPermissions" }, { "Action":[ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2PermissionsForGlueCatalog" }, { "Action":[ "redshift-data:ExecuteStatement", "redshift:GetResourcePolicy", "redshift-serverless:GetCredentials" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Sid":"RedshiftServerlessCreateDatabaseRole" }, { "Action":[ "redshift-data:DescribeStatement", "redshift-data:GetStatementResult" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftDataDescribeStatement" }, { "Action":[ "redshift:DescribeDataSharesForConsumer", "redshift:DescribeDataShares" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftDatashareDescribe" }, { "Action":[ "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Sid":"RedshiftServerlessValidation" }, { "Action":[ "redshift-serverless:UpdateNamespace", "redshift-serverless:UpdateWorkgroup", "redshift-serverless:UntagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:redshift-serverless:*:*:namespace/*", "arn:aws:redshift-serverless:*:*:workgroup/*" ], "Sid":"RedshiftServerlessManagement" }, { "Action":[ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey" ], "Condition":{ "Null":{ "kms:EncryptionContext:aws:redshift-serverless:arn":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "redshift-serverless.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftKmsPermissions" }, { "Action":"secretsmanager:GetRandomPassword", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"GetRandomPasswordForSecret" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:CreateSecret", "secretsmanager:UpdateSecret", "secretsmanager:DeleteSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:PutResourcePolicy", "secretsmanager:DeleteResourcePolicy", "secretsmanager:TagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:amazon-bedrock-ide/*", "Sid":"ManageSecretPermissionsForBedrockApp" }, { "Action":[ "secretsmanager:CreateSecret", "secretsmanager:RotateSecret", "secretsmanager:DescribeSecret", "secretsmanager:UpdateSecret", "secretsmanager:DeleteSecret" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":[ "cloudformation.amazonaws.com" ], "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:redshift!*", "Sid":"ManagedRedshiftAdminSecretPermissions" }, { "Action":[ "secretsmanager:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "Redshift", "aws:secretsmanager:*", "aws:redshift-serverless:*", "AmazonDataZone*", "datazone.rs.workgroup" ] }, "Null":{ "aws:TagKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:redshift!*", "Sid":"ManagedRedshiftAdminSecretTaggingPermissions" }, { "Action":[ "sagemaker:CreateDomain", "sagemaker:AddTags" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:domain/*", "Sid":"SageMakerDomainCreationAndTagging" }, { "Action":[ "sagemaker:UpdateDomain", "sagemaker:DeleteDomain" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:domain/*", "Sid":"SageMakerDomainUpdationAndDeletion" }, { "Action":[ "sagemaker:ListDomains", "sagemaker:DescribeDomain" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerDomainManagement" }, { "Action":"sagemaker:DeleteApp", "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:app/*/*/jupyterlab/*", "arn:aws:sagemaker:*:*:app/*/*/JupyterLab/*" ], "Sid":"SageMakerAppDeletion" }, { "Action":"sagemaker:DeleteSpace", "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:space/*", "Sid":"SageMakerSpaceDeletion" }, { "Action":"sagemaker:DeleteUserProfile", "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:user-profile/*", "Sid":"SageMakerUserProfileDeletion" }, { "Action":[ "emr-serverless:CreateApplication", "emr-serverless:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*" ] }, "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false", "aws:TagKeys":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:emr-serverless:*:*:*" ], "Sid":"EMRServerlessApplicationCreationAndTagging" }, { "Action":[ "emr-serverless:UpdateApplication", "emr-serverless:DeleteApplication" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:emr-serverless:*:*:/applications/*" ], "Sid":"EMRServerlessApplicationManagement" }, { "Action":"emr-serverless:GetApplication", "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:emr-serverless:*:*:/applications/*" ], "Sid":"EMRServerlessGetApplication" }, { "Action":"ec2:CreateNetworkInterface", "Condition":{ "StringEquals":{ "aws:CalledViaLast":"ops.emr-serverless.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"CreateNetworkInterfaceForEMRServerless" }, { "Action":"ec2:CreateNetworkInterface", "Condition":{ "StringEquals":{ "aws:CalledViaLast":"ops.emr-serverless.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"CreateNetworkInterfaceForEMRServerlessSharedVPC" }, { "Action":[ "sagemaker:CreateMlflowTrackingServer", "sagemaker:AddTags" ], "Condition":{ "Null":{ "aws:RequestTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:mlflow-tracking-server/*", "Sid":"SageMakerMlflowTrackingServerCreation" }, { "Action":"sagemaker:DescribeMlflowTrackingServer", "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:mlflow-tracking-server/*", "Sid":"SageMakerMlflowTrackingServerDescribe" }, { "Action":[ "sagemaker:DeleteMlflowTrackingServer" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:mlflow-tracking-server/*", "Sid":"SageMakerMlflowTrackingServerDeletion" }, { "Action":[ "aoss:GetAccessPolicy", "aoss:CreateAccessPolicy", "aoss:DeleteAccessPolicy", "aoss:UpdateAccessPolicy" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" }, "StringLikeIfExists":{ "aoss:collection":"bedrock-ide-*", "aoss:index":"bedrock-ide-*" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageAossAccessPoliciesForBedrock" }, { "Action":[ "aoss:GetSecurityPolicy", "aoss:CreateSecurityPolicy", "aoss:DeleteSecurityPolicy", "aoss:UpdateSecurityPolicy" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" }, "StringLikeIfExists":{ "aoss:collection":"bedrock-ide-*" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageAossSecurityPoliciesForBedrock" }, { "Action":"aoss:BatchGetCollection", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"GetAossCollectionsForBedrock" }, { "Action":[ "aoss:CreateCollection", "aoss:UpdateCollection", "aoss:DeleteCollection", "aoss:TagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageAossCollectionsForBedrock" }, { "Action":[ "s3:GetObject", "s3:GetObjectVersion" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*/dzd_*/*/genAI/*", "Sid":"GetBedrockCfnResourceDefinitionS3Permissions" }, { "Action":[ "bedrock:GetAgent", "bedrock:GetKnowledgeBase", "bedrock:GetGuardrail", "bedrock:GetPrompt", "bedrock:GetFlow", "bedrock:GetFlowAlias", "bedrock:ListTagsForResource" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"GetBedrockResources" }, { "Action":[ "bedrock:CreateAgent", "bedrock:UpdateAgent", "bedrock:PrepareAgent", "bedrock:DeleteAgent", "bedrock:ListAgentAliases", "bedrock:GetAgentAlias", "bedrock:CreateAgentAlias", "bedrock:UpdateAgentAlias", "bedrock:DeleteAgentAlias", "bedrock:ListAgentActionGroups", "bedrock:GetAgentActionGroup", "bedrock:CreateAgentActionGroup", "bedrock:UpdateAgentActionGroup", "bedrock:DeleteAgentActionGroup", "bedrock:ListAgentKnowledgeBases", "bedrock:GetAgentKnowledgeBase", "bedrock:AssociateAgentKnowledgeBase", "bedrock:DisassociateAgentKnowledgeBase", "bedrock:UpdateAgentKnowledgeBase", "bedrock:CreateKnowledgeBase", "bedrock:UpdateKnowledgeBase", "bedrock:DeleteKnowledgeBase", "bedrock:ListDataSources", "bedrock:GetDataSource", "bedrock:CreateDataSource", "bedrock:UpdateDataSource", "bedrock:DeleteDataSource", "bedrock:CreateGuardrail", "bedrock:UpdateGuardrail", "bedrock:DeleteGuardrail", "bedrock:CreateGuardrailVersion", "bedrock:CreatePrompt", "bedrock:UpdatePrompt", "bedrock:DeletePrompt", "bedrock:CreatePromptVersion", "bedrock:CreateFlow", "bedrock:UpdateFlow", "bedrock:PrepareFlow", "bedrock:DeleteFlow", "bedrock:ListFlowAliases", "bedrock:GetFlowAlias", "bedrock:CreateFlowAlias", "bedrock:UpdateFlowAlias", "bedrock:DeleteFlowAlias", "bedrock:ListFlowVersions", "bedrock:GetFlowVersion", "bedrock:CreateFlowVersion", "bedrock:DeleteFlowVersion", "bedrock:TagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageBedrockResources" }, { "Action":"bedrock:TagResource", "Condition":{ "Null":{ "aws:RequestTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:agent-alias/*/TSTALIASID", "arn:aws:bedrock:*:*:flow/*/alias/TSTALIASID" ], "Sid":"TagBedrockTestAliases" }, { "Action":"bedrock:ListEvaluationJobs", "Effect":"Allow", "Resource":"*", "Sid":"ListBedrockEvaluationJobsFromServicePermissions" }, { "Action":"bedrock:BatchDeleteEvaluationJob", "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageBedrockEvaluationJobsFromServicePermissions" }, { "Action":[ "lambda:CreateFunction", "lambda:InvokeFunction", "lambda:DeleteFunction", "lambda:UpdateFunctionCode", "lambda:GetFunctionConfiguration", "lambda:UpdateFunctionConfiguration", "lambda:ListVersionsByFunction", "lambda:PublishVersion", "lambda:GetPolicy", "lambda:AddPermission", "lambda:TagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:amazon-bedrock-ide-*", "Sid":"CreateFunctionPermissionsForBedrockApp" }, { "Action":[ "lambda:GetFunction", "lambda:ListTags", "lambda:RemovePermission" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:amazon-bedrock-ide-*", "Sid":"ManageFunctionPermissionsForBedrockApp" }, { "Action":[ "elasticmapreduce:CreateSecurityConfiguration", "elasticmapreduce:DeleteSecurityConfiguration" ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"EMRSecurityConfigurationManagement" }, { "Action":[ "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:AddTags", "elasticmapreduce:DescribeJobFlows", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ModifyInstanceFleet", "elasticmapreduce:RunJobFlow", "elasticmapreduce:SetTerminationProtection", "elasticmapreduce:TerminateJobFlows", "elasticmapreduce:DescribeCluster" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:CalledViaFirst":"cloudformation.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:elasticmapreduce:*:*:cluster/*", "Sid":"EMRClusterManagement" }, { "Action":[ "airflow:CreateEnvironment", "airflow:UpdateEnvironment", "airflow:DeleteEnvironment", "airflow:TagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AirflowEnvironmentActions" }, { "Action":[ "airflow:GetEnvironment" ], "Effect":"Allow", "Resource":"*", "Sid":"AirflowEnvironmentActionsWithoutRestrictions" }, { "Action":[ "s3:GetEncryptionConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*" ], "Sid":"AirflowS3BucketActions" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*", "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"AirflowVpcEndpointActions" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"AirflowNetworkInterfaceActions" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "Null":{ "kms:EncryptionContextKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "airflow.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"AirflowKmsCreateGrant" }, { "Action":[ "kms:DescribeKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"KmsDescribeKey" }, { "Action":[ "iam:GetRole", "iam:CreateRole", "iam:DetachRolePolicy", "iam:DeleteRolePolicy", "iam:AttachRolePolicy" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/SageMakerStudioProjectUserRolePermissionsBoundary" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole", "Sid":"IamRolePermissionsForSageMakerStudioQueryExecutionRoleWithBoundary" }, { "Action":[ "iam:CreateRole" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole", "Sid":"IamRolePermissionsForCreatingSageMakerStudioQueryExecutionRole" }, { "Action":[ "iam:DetachRolePolicy", "iam:AttachRolePolicy" ], "Condition":{ "ArnEquals":{ "iam:PolicyARN":[ "arn:aws:iam::aws:policy/service-role/SageMakerStudioQueryExecutionRolePolicy" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole", "Sid":"IamRolePermissionsForSageMakerStudioQueryExecutionRole" }, { "Action":"iam:TagRole", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "CreatedForUseWithSageMakerStudio", "SageMakerStudioQueryExecutionRole" ] }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole", "Sid":"IamTagRolePermissionsForSageMakerStudioQueryExecutionRole" }, { "Action":[ "iam:ListAttachedRolePolicies" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/SageMakerStudioQueryExecutionRole", "Sid":"IamListAttachedPoliciesForSageMakerStudioQueryExecutionRole" }, { "Action":"ec2:DeleteSecurityGroup", "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"SecurityGroupCleanUpForEMR" }, { "Action":[ "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListInstanceProfilesForRole", "iam:DeleteRolePolicy", "iam:DeleteRole" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/datazone_emr_*", "Sid":"IAMRoleCleanUpForEMR" }, { "Action":[ "iam:RemoveRoleFromInstanceProfile", "iam:DeleteInstanceProfile" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:instance-profile/datazone_emr_ec2_instance_profile_*", "Sid":"IAMInstanceProfileCleanUpForEMR" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-21T20:07:07+00:00" }, "SageMakerStudioProjectRoleMachineLearningPolicy":{ "CreateDate":"2024-11-20T21:55:27+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "ArnLike":{ "ec2:Vpc":"arn:aws:ec2:*:*:vpc/${aws:PrincipalTag/VpcId}" }, "StringEquals":{ "aws:CalledViaLast":[ "sagemaker.amazonaws.com", "airflow.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"AllowManageSageMakerEniOnVpc" }, { "Action":[ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission" ], "Condition":{ "ArnLike":{ "ec2:Vpc":"arn:aws:ec2:*:*:vpc/${aws:PrincipalTag/VpcId}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:route-table/*", "arn:aws:ec2:*:*:security-group/*" ], "Sid":"AllowManageSageMakerTrainingEniOnVpc" }, { "Action":[ "ec2:CreateNetworkInterface", "ec2:AttachNetworkInterface" ], "Condition":{ "StringEqualsIfExists":{ "aws:CalledViaLast":"sagemaker.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:instance/*" ], "Sid":"AllowManageSageMakerEni" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEquals":{ "ec2:VpcID":"${aws:PrincipalTag/VpcId}" }, "StringEqualsIfExists":{ "aws:CalledViaLast":"sagemaker.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc/${aws:PrincipalTag/VpcId}", "Sid":"AllowSageMakerCreateVpcEndpointOnVpcId" }, { "Action":[ "ec2:CreateVpcEndpoint" ], "Condition":{ "StringEqualsIfExists":{ "aws:CalledViaLast":"sagemaker.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Sid":"AllowSageMakerCreateVpcEndpoint" }, { "Action":[ "ec2:DescribeVpcEndpoints", "ec2:DescribeSubnets", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "glue:ListSessions", "ec2:DescribeVpcs", "ec2:DescribeNetworkInterfaces", "ec2:DescribeDhcpOptions" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowSageMakerDescribeVPCResources" }, { "Action":[ "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/sagemaker/*", "Sid":"AllowSageMakerLogAccess" }, { "Action":[ "sagemaker:UpdateMlflowTrackingServer", "sagemaker:StartMlflowTrackingServer", "sagemaker:StopMlflowTrackingServer", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:CreatePresignedMlflowTrackingServerUrl", "sagemaker-mlflow:AccessUI", "sagemaker-mlflow:CreateExperiment", "sagemaker-mlflow:SearchExperiments", "sagemaker-mlflow:GetExperiment", "sagemaker-mlflow:GetExperimentByName", "sagemaker-mlflow:DeleteExperiment", "sagemaker-mlflow:RestoreExperiment", "sagemaker-mlflow:UpdateExperiment", "sagemaker-mlflow:CreateRun", "sagemaker-mlflow:DeleteRun", "sagemaker-mlflow:RestoreRun", "sagemaker-mlflow:GetRun", "sagemaker-mlflow:LogMetric", "sagemaker-mlflow:LogBatch", "sagemaker-mlflow:LogModel", "sagemaker-mlflow:LogInputs", "sagemaker-mlflow:SetExperimentTag", "sagemaker-mlflow:SetTag", "sagemaker-mlflow:DeleteTag", "sagemaker-mlflow:LogParam", "sagemaker-mlflow:GetMetricHistory", "sagemaker-mlflow:SearchRuns", "sagemaker-mlflow:ListArtifacts", "sagemaker-mlflow:UpdateRun", "sagemaker-mlflow:CreateRegisteredModel", "sagemaker-mlflow:GetRegisteredModel", "sagemaker-mlflow:RenameRegisteredModel", "sagemaker-mlflow:UpdateRegisteredModel", "sagemaker-mlflow:DeleteRegisteredModel", "sagemaker-mlflow:GetLatestModelVersions", "sagemaker-mlflow:CreateModelVersion", "sagemaker-mlflow:GetModelVersion", "sagemaker-mlflow:UpdateModelVersion", "sagemaker-mlflow:DeleteModelVersion", "sagemaker-mlflow:SearchModelVersions", "sagemaker-mlflow:GetDownloadURIForModelVersionArtifacts", "sagemaker-mlflow:TransitionModelVersionStage", "sagemaker-mlflow:SearchRegisteredModels", "sagemaker-mlflow:SetRegisteredModelTag", "sagemaker-mlflow:DeleteRegisteredModelTag", "sagemaker-mlflow:DeleteModelVersionTag", "sagemaker-mlflow:DeleteRegisteredModelAlias", "sagemaker-mlflow:SetRegisteredModelAlias", "sagemaker-mlflow:GetModelVersionByAlias" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:mlflow-tracking-server/*", "Sid":"SageMakerMlflowPermission" }, { "Action":[ "elasticfilesystem:DescribeMountTargets" ], "Effect":"Allow", "Resource":"*", "Sid":"SageMakerBYOFSPermissions" }, { "Action":[ "sagemaker:DescribeImageVersion", "sagemaker:ListImageVersions" ], "Effect":"Allow", "Resource":"*", "Sid":"SageMakerBYOIPermissions" }, { "Action":[ "sagemaker:DescribeImage" ], "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:image/*", "Sid":"SageMakerStudioAppDescribeImageActionPermissions" }, { "Action":[ "sts:GetCallerIdentity" ], "Effect":"Allow", "Resource":"*", "Sid":"SageMakerPipelinesSTSPermissions" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/sagemaker/*", "Sid":"SageMakerLogPermissions" }, { "Action":[ "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateProcessingJob", "sagemaker:CreateAutoMLJob", "sagemaker:CreateAutoMLJobV2", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateEndpointConfig", "sagemaker:CreateEndpoint", "sagemaker:CreateModel", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreateInferenceComponent", "sagemaker:CreatePipeline", "sagemaker:CreateInferenceRecommendationsJob" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerCreatePermissions" }, { "Action":[ "sagemaker:StopTrainingJob", "sagemaker:StopProcessingJob", "sagemaker:StopAutoMLJob", "sagemaker:StopHyperParameterTuningJob", "sagemaker:UpdateTrainingJob", "sagemaker:BatchGetMetrics", "sagemaker:BatchPutMetrics", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteEndpoint", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateInferenceComponentRuntimeConfig", "sagemaker:BatchDescribeModelPackage", "sagemaker:UpdateModelPackage", "sagemaker:DeleteModel", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeleteInferenceComponent", "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointAsync", "sagemaker:InvokeEndpointWithResponseStream", "sagemaker:DescribeInferenceComponent", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeOptimizationJob", "sagemaker:DescribeEndpoint" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerInferencePermissions" }, { "Action":[ "sagemaker:UpdateInferenceComponentRuntimeConfig" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"application-autoscaling.amazonaws.com", "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerUpdateInferenceComponentRuntimeConfigAutoscalingPermissions" }, { "Action":[ "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:UpdatePipeline", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineExecution", "sagemaker:DescribePipelineDefinitionForExecution", "sagemaker:DeletePipeline", "sagemaker:UpdatePipelineExecution", "sagemaker:StartPipelineExecution", "sagemaker:StopPipelineExecution", "sagemaker:DescribeTransformJob", "sagemaker:StopTransformJob", "sagemaker:RetryPipelineExecution", "sagemaker:SendPipelineExecutionStepSuccess", "sagemaker:SendPipelineExecutionStepFailure", "sagemaker:DescribeHyperParameterTuningJob", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeAutoMLJobV2", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeTrainingJob" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerDescribeUpdateDeletePermissions" }, { "Action":[ "sagemaker:CreateContext", "sagemaker:CreateArtifact", "sagemaker:CreateAction", "sagemaker:AddAssociation", "sagemaker:DeleteAssociation", "sagemaker:DeleteContext", "sagemaker:DeleteAction", "sagemaker:DeleteArtifact" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerLineageSpecialPermissions" }, { "Action":[ "sagemaker:QueryLineage", "sagemaker:DescribeAction", "sagemaker:DescribeArtifact", "sagemaker:DescribeTrialComponent", "sagemaker:DescribeContext" ], "Effect":"Allow", "Resource":"*", "Sid":"SageMakerModelRegistryLineageSpecialPermissions" }, { "Action":[ "sagemaker:GetSearchSuggestions", "sagemaker:ListTrainingJobs", "sagemaker:ListTransformJobs", "sagemaker:ListProcessingJobs", "sagemaker:ListAutoMLJobs", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListInferenceComponents", "sagemaker:ListEndpoints", "sagemaker:ListEndpointConfigs", "sagemaker:ListModels", "sagemaker:ListModelPackages", "sagemaker:ListModelPackageGroups", "sagemaker:ListModelMetadata", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListArtifacts", "sagemaker:ListHubs", "sagemaker:ListPipelines", "sagemaker:ListContexts" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerListPermissions" }, { "Action":[ "sagemaker:Search" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "sagemaker:SearchVisibilityCondition/Tags.AmazonDataZoneProject/EqualsIfExists":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerSearchPermissions" }, { "Action":[ "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:ListTrainingJobsForHyperParameterTuningJob", "sagemaker:ListAssociations", "sagemaker:ListHubContents", "sagemaker:ListPipelineExecutionSteps", "sagemaker:ListPipelineExecutions", "sagemaker:ListPipelineParametersForExecution" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerListPermissionsTagRestricted" }, { "Action":[ "ecr:BatchGetImage", "ecr:DescribeImages", "ecr:GetDownloadUrlForLayer" ], "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/*", "Sid":"SageMakerECRPermissions" }, { "Action":[ "ecr:GetAuthorizationToken" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerECRGetAuthorizationTokenPermissions" }, { "Action":[ "resource-groups:GetGroupQuery" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/*", "Sid":"AmazonSageMakerModelRegistryResourceGroupGetPermission" }, { "Action":[ "resource-groups:ListGroupResources" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"AmazonSageMakerModelRegistryResourceGroupListPermission" }, { "Action":[ "resource-groups:CreateGroup", "resource-groups:Tag" ], "Condition":{ "Null":{ "aws:ResourceTag/sagemaker:collection":"false" }, "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/*", "Sid":"AmazonSageMakerModelRegistryResourceGroupWritePermission" }, { "Action":[ "resource-groups:DeleteGroup" ], "Condition":{ "Null":{ "aws:ResourceTag/sagemaker:collection":"false" }, "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/*", "Sid":"AmazonSageMakerModelRegistryResourceGroupDeletePermission" }, { "Action":[ "sagemaker:DescribeModelPackageGroup" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:model-package-group/*", "Sid":"SageMakerMLFlowModelRegistrationPermission" }, { "Action":[ "sagemaker:CreatePresignedDomainUrl" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableSageMakerMLWorkloadsPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}", "Sid":"SageMakerStudioCreatePresignedDomainUrlForUserProfile" }, { "Action":[ "sagemaker:ListApps", "sagemaker:ListDomains", "sagemaker:ListUserProfiles", "sagemaker:ListSpaces" ], "Effect":"Allow", "Resource":"*", "Sid":"SageMakerStudioAppListActionsPermissions" }, { "Action":[ "sagemaker:DescribeDomain" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerStudioAppDescribeDomainActionsPermissions" }, { "Action":[ "sagemaker:DescribeApp" ], "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:app/*/*/jupyterlab/*", "arn:aws:sagemaker:*:*:app/*/*/JupyterLab/*" ], "Sid":"SageMakerStudioAppDescribeJupyterLabAppActionPermissions" }, { "Action":[ "sagemaker:DescribeUserProfile" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}", "Sid":"SageMakerStudioAppDescribeUserProfileActionPermissions" }, { "Action":[ "sagemaker:DescribeSpace" ], "Effect":"Allow", "Resource":"*", "Sid":"SMStudioAppDescribeSpaceActionPermissions" }, { "Action":[ "sagemaker:AddTags", "sagemaker:DeleteTags" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "ProjectUserTag*", "sagemaker*", "sm-jumpstart*", "endpoint-has-jumpstart-model" ] }, "ForAllValues:StringNotLike":{ "aws:TagKeys":[ "AmazonDataZone*", "sagemaker:shared-with:*" ] }, "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerTagPermissions" }, { "Action":[ "sagemaker:CreateUserProfile", "sagemaker:DeleteUserProfile" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}", "Sid":"SageMakerStudioAllowCreatingDeletingOwnerUserProfile" }, { "Action":[ "sagemaker:CreateSpace", "sagemaker:UpdateSpace", "sagemaker:DeleteSpace" ], "Condition":{ "ArnLike":{ "sagemaker:OwnerUserProfileArn":"arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}" }, "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}", "sagemaker:SpaceSharingType":[ "Private" ] } }, "Effect":"Allow", "Resource":"arn:aws:sagemaker:*:*:space/*", "Sid":"SageMakerStudioRestrictPrivateSpaceToOwnerUserProfile" }, { "Action":[ "sagemaker:CreateApp", "sagemaker:DeleteApp" ], "Condition":{ "ArnLike":{ "sagemaker:OwnerUserProfileArn":"arn:aws:sagemaker:*:*:user-profile/*/${aws:PrincipalTag/datazone:userId}" }, "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}", "sagemaker:SpaceSharingType":[ "Private" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:app/*/*/jupyterlab/*", "arn:aws:sagemaker:*:*:app/*/*/JupyterLab/*" ], "Sid":"SageMakerStudioRestrictPrivateSpaceAppsToOwnerUserProfile" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringLike":{ "cloudwatch:namespace":"/aws/sagemaker/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"PublishSagemakerMetric" }, { "Action":[ "cloudwatch:DescribeAlarms" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"ManageSageMakerEndpointsAutoscalingAlarms" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Condition":{ "StringEquals":{ "aws:CalledViaLast":"application-autoscaling.amazonaws.com", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:cloudwatch:*:*:alarm:TargetTracking*", "Sid":"MutateSageMakerEndpointsAutoscalingAlarms" }, { "Action":[ "ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath" ], "Effect":"Allow", "Resource":"arn:aws:ssm:*::parameter/aws/service/sagemaker-distribution/*", "Sid":"SSMPermissions" }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::jumpstart-cache-prod-*/*" ], "Sid":"SageMakerJumpstartS3Access" }, { "Action":[ "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:BatchDescribeModelPackage", "sagemaker:ListModelPackages", "sagemaker:CreateModel" ], "Condition":{ "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SageMakerCrossAccountPermissions" }, { "Action":[ "sagemaker:ListTags" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"SageMakerListTagsRestrictionOnSharedResources" }, { "Action":[ "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:PutScalingPolicy", "application-autoscaling:PutScheduledAction", "application-autoscaling:RegisterScalableTarget" ], "Condition":{ "StringEquals":{ "application-autoscaling:service-namespace":"sagemaker", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:application-autoscaling:*:*:scalable-target/*", "Sid":"SageMakerAutoScalingPermissionsWithserviceNamespace" }, { "Action":[ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:application-autoscaling:*:*:scalable-target/*", "Sid":"SageMakerAutoScalingPermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"sagemaker.application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", "Sid":"SageMakerSLRForAutoScalingPermissions" }, { "Action":[ "kms:CreateGrant" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "sagemaker.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"SageMakerKmsPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-27T00:22:05+00:00" }, "SageMakerStudioProjectUserRolePermissionsBoundary":{ "CreateDate":"2024-11-20T21:57:42+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":"*", "Condition":{ "Null":{ "aws:PrincipalTag/AmazonDataZoneProject":"false", "aws:PrincipalTag/SageMakerStudioQueryExecutionRole":"true", "aws:ResourceTag/AmazonDataZoneProject":"false" }, "StringNotEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Deny", "NotResource":[ "arn:*:sagemaker:*:*:model-package-group/*", "arn:*:sagemaker:*:*:model-package/*", "arn:*:glue:*:*:catalog/*", "arn:*:glue:*:*:database/*" ], "Sid":"DenyAllNonMatchingProjectTag" }, { "Action":[ "q:StartConversation", "q:SendMessage" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonQChatPermissions" }, { "Action":[ "s3:GetBucketLocation" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DataLakeS3BucketActions" }, { "Action":[ "kms:CreateGrant", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "Null":{ "kms:EncryptionContextKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "sqs.*.amazonaws.com", "sagemaker.*.amazonaws.com", "emr-serverless.*.amazonaws.com", "s3.*.amazonaws.com", "redshift.*.amazonaws.com", "redshift-serverless.*.amazonaws.com", "bedrock.*.amazonaws.com", "secretsmanager.*.amazonaws.com", "ec2.*.amazonaws.com", "codecommit.*.amazonaws.com", "glue.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"SameAccountKMSPermissions" }, { "Action":"kms:GenerateDataKey", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"AllowGenerateDataKeyForEmrEbsEncryption" }, { "Action":[ "kms:ListGrants", "kms:RevokeGrant", "kms:DescribeKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "sqs.*.amazonaws.com", "sagemaker.*.amazonaws.com", "emr-serverless.*.amazonaws.com", "s3.*.amazonaws.com", "redshift.*.amazonaws.com", "bedrock.*.amazonaws.com", "secretsmanager.*.amazonaws.com", "codecommit.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"SameAccountKMSManagementPermissions" }, { "Action":[ "kms:ListAliases" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"ListKMSPermissions" }, { "Action":[ "s3:GetObject*", "s3:PutObject", "s3:PutObjectRetention", "s3:RestoreObject", "s3:ReplicateObject", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:ListMultipartUploadParts", "s3:ListBucket", "s3:AbortMultipartUpload" ], "Condition":{ "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountS3Permissions" }, { "Action":[ "kms:CreateGrant", "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "Null":{ "kms:EncryptionContextKeys":"false" }, "StringLike":{ "kms:ViaService":[ "s3.*.amazonaws.com", "sqs.*.amazonaws.com", "sagemaker.*.amazonaws.com" ] }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountKMSPermissions" }, { "Action":[ "kms:DescribeKey", "kms:ListGrants", "kms:GetPublicKey" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "s3.*.amazonaws.com", "sqs.*.amazonaws.com", "sagemaker.*.amazonaws.com" ] }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountKMSManagementPermissions" }, { "Action":[ "kms:CreateGrant", "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "Null":{ "kms:EncryptionContextKeys":"false" }, "StringLike":{ "kms:ViaService":[ "datazone.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "*" ], "Sid":"DataZoneKMSPermissions" }, { "Action":[ "kms:DescribeKey" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "datazone.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"DataZoneDescribeKMSPermissions" }, { "Action":[ "s3:ListBucket", "s3:ListBucketVersions" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "s3:prefix":[ "${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}", "${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/*" ] }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"ListDomainS3BucketPermissions" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"AirflowListDomainS3BucketPermissions" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "ArnEquals":{ "lambda:SourceFunctionArn":"arn:aws:lambda:*:*:function:athenafederatedcatalog_*" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}" ], "Sid":"ListDomainBucketFromAthenaFederatedCatalog" }, { "Action":[ "s3:GetObject*", "s3:PutObject", "s3:PutObjectRetention", "s3:RestoreObject", "s3:ReplicateObject", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/*", "Sid":"AccessDomainS3BucketPermissions" }, { "Action":"s3:GetObject", "Condition":{ "Null":{ "aws:PrincipalTag/AmazonDataZoneProject":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/certificate_location/*", "Sid":"AccessCertificateS3LocationPermissions" }, { "Action":"s3:PutObjectTagging", "Condition":{ "ForAllValues:StringEquals":{ "s3:RequestObjectTagKeys":[ "BasicValidationStatus", "ContainsReferenceResponseForAllPrompts" ] }, "StringEquals":{ "s3:RequestObjectTag/BasicValidationStatus":[ "valid", "invalid" ], "s3:RequestObjectTag/ContainsReferenceResponseForAllPrompts":[ "true", "false" ] }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/genAI/assets/evaluations/*", "Sid":"TagS3ObjectPermissionsForBedrockEvaluation" }, { "Action":[ "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchDescribeLogGroups" }, { "Action":[ "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:CreateLogStream", "logs:CreateLogGroup", "logs:StartQuery", "logs:FilterLogEvents", "logs:GetLogEvents", "logs:GetLogRecord", "logs:GetLogGroupFields", "logs:GetQueryResults" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/*", "arn:aws:logs:*:*:log-group:airflow*", "arn:aws:logs:*:*:log-group:datazone*" ], "Sid":"CloudWatchLogsPermissions" }, { "Action":[ "logs:StopQuery" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchStopQuery" }, { "Action":[ "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetTableMetadata", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListEngineVersions", "athena:ListNamedQueries", "athena:ListPreparedStatements", "athena:ListQueryExecutions", "athena:ListTableMetadata", "athena:ListTagsForResource", "athena:ListWorkGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"AthenaPermissions" }, { "Action":[ "athena:TerminateSession", "athena:CreatePreparedStatement", "athena:StopCalculationExecution", "athena:StartQueryExecution", "athena:UpdatePreparedStatement", "athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:UpdateNotebook", "athena:DeleteNotebook", "athena:DeletePreparedStatement", "athena:UpdateNotebookMetadata", "athena:DeleteNamedQuery", "athena:GetCalculationExecution", "athena:GetCalculationExecutionCode", "athena:GetCalculationExecutionStatus", "athena:GetNamedQuery", "athena:GetNotebookMetadata", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetQueryRuntimeStatistics", "athena:GetSession", "athena:GetSessionStatus", "athena:GetWorkGroup", "athena:UpdateNamedQuery", "athena:CreateNamedQuery", "athena:ExportNotebook", "athena:StopQueryExecution", "athena:StartCalculationExecution", "athena:StartSession", "athena:CreatePresignedNotebookUrl", "athena:CreateNotebook", "athena:ImportNotebook", "athena:ListQueryExecutions", "athena:ListTagsForResource", "athena:ListNamedQueries", "athena:ListPreparedStatements" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"AthenaPermissionsWithResourceTag" }, { "Action":[ "datazone:CreateConnection", "datazone:DeleteConnection", "datazone:GetConnection", "datazone:GetDomain", "datazone:GetDomainExecutionRoleCredentials", "datazone:GetEnvironment", "datazone:GetEnvironmentBlueprintConfiguration", "datazone:GetProject", "datazone:GetUserProfile", "datazone:ListConnections", "datazone:ListEnvironments", "datazone:ListEnvironmentBlueprints", "datazone:ListProjects", "datazone:UpdateConnection" ], "Effect":"Allow", "Resource":"*", "Sid":"DataZonePermissions" }, { "Action":[ "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:BatchGetPartition", "glue:BatchGetTableOptimizer", "glue:GetCatalogImportStatus", "glue:GetColumnStatisticsForPartition", "glue:GetColumnStatisticsForTable", "glue:GetColumnStatisticsTaskRun", "glue:GetColumnStatisticsTaskRuns", "glue:GetDatabase", "glue:GetDatabases", "glue:GetPartition", "glue:GetPartitionIndexes", "glue:GetPartitions", "glue:GetTable", "glue:GetTableOptimizer", "glue:GetTableVersion", "glue:GetTableVersions", "glue:GetTables", "glue:SearchTables", "glue:ListTableOptimizerRuns", "glue:CreatePartitionIndex", "glue:BatchUpdatePartition", "glue:DeleteTableVersion", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeletePartitionIndex", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:BatchDeleteTableVersion", "glue:GetCatalogs", "glue:GetCatalog", "glue:UpdateCatalog" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueDatalakePermissions" }, { "Action":"glue:ListCrawls", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:crawler/*", "Sid":"GlueCrawlerPermissions" }, { "Action":[ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:database/global_temp", "arn:aws:glue:*:*:catalog" ], "Sid":"GlueGlobalTempDatabasePermissions" }, { "Action":[ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:catalog/*" ], "Sid":"GlueCatalogDatabasePermissions" }, { "Action":[ "glue:GetClassifier", "glue:GetClassifiers", "glue:GetConnection", "glue:GetConnections", "glue:GetDatabase", "glue:GetDatabases", "glue:UseGlueStudio", "glue:ListSessions", "glue:StartCompletion", "glue:GetCompletion", "glue:GetGeneratedCode", "glue:GetTags" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueUnrestrictedPermissions" }, { "Action":[ "glue:PassConnection", "glue:GetSession", "glue:GetStatement", "glue:CancelStatement", "glue:ListStatements", "glue:TagResource", "glue:UntagResource", "glue:DeleteSession", "glue:RunStatement", "glue:StopSession", "glue:GetDashboardUrl", "glue:NotifyEvent", "glue:StartBlueprintRun", "glue:PutWorkflowRunProperties", "glue:DeleteJob", "glue:DeleteWorkflow", "glue:DeleteBlueprint", "glue:UpdateWorkflow", "glue:UpdateJob", "glue:StartWorkflowRun", "glue:ResumeWorkflowRun", "glue:UpdateBlueprint", "glue:BatchStopJobRun", "glue:StopWorkflowRun", "glue:StartJobRun", "glue:CancelDataQualityRuleRecommendationRun", "glue:CancelDataQualityRulesetEvaluationRun", "glue:DeleteDataQualityRuleset", "glue:GetDataQualityModel", "glue:GetDataQualityModelResult", "glue:GetDataQualityResult", "glue:GetDataQualityRuleRecommendationRun", "glue:GetDataQualityRuleset", "glue:GetDataQualityRulesetEvaluationRun", "glue:ListDataQualityResults", "glue:ListDataQualityRuleRecommendationRuns", "glue:ListDataQualityRulesetEvaluationRuns", "glue:ListDataQualityRulesets", "glue:PublishDataQuality", "glue:PutDataQualityProfileAnnotation", "glue:PutDataQualityStatisticAnnotation", "glue:StartDataQualityRuleRecommendationRun", "glue:StartDataQualityRulesetEvaluationRun", "glue:UpdateDataQualityRuleset" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"GluePermissionsWithResourceTag" }, { "Action":[ "glue:CreateSession", "glue:CreateBlueprint", "glue:CreateJob", "glue:CreateDataQualityRuleset", "glue:CreateWorkflow", "glue:TagResource" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"GlueCreateAndTagPermissions" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMListRoles" }, { "Action":[ "iam:GetRole" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"IAMGetRole" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "glue.amazonaws.com", "sagemaker.amazonaws.com", "ec2.amazonaws.com", "emr-serverless.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/datazone*" ], "Sid":"IAMPassRolePermission" }, { "Action":[ "redshift-data:DescribeStatement", "redshift-data:GetStatementResult", "redshift-data:CancelStatement", "redshift-data:ListStatements" ], "Condition":{ "StringEquals":{ "redshift-data:statement-owner-iam-userid":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftDataActionsIAMSessionRestriction" }, { "Action":[ "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups", "redshift:DescribeClusters", "sqlworkbench:PutTab", "sqlworkbench:DeleteTab", "sqlworkbench:DriverExecute", "sqlworkbench:GetUserInfo", "sqlworkbench:ListTabs", "sqlworkbench:GetAutocompletionMetadata", "sqlworkbench:GetAutocompletionResource", "sqlworkbench:PassAccountSettings", "sqlworkbench:ListQueryExecutionHistory", "sqlworkbench:GetQueryExecutionHistory", "sqlworkbench:CreateConnection", "sqlworkbench:PutQCustomContext", "sqlworkbench:GetQCustomContext", "sqlworkbench:DeleteQCustomContext", "sqlworkbench:GetQSqlRecommendations", "sqlworkbench:GetQSqlPromptQuotas", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftUnrestrictedPermissions" }, { "Action":[ "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:ListTagsForResource", "redshift:DescribeTags" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftPermissionsWithResourceTag" }, { "Action":[ "redshift-serverless:GetWorkgroup", "redshift-serverless:GetNamespace", "redshift-serverless:ListTagsForResource", "redshift-serverless:GetCredentials", "redshift:DescribeTags", "redshift:GetClusterCredentialsWithIAM", "redshift-data:BatchExecuteStatement", "redshift-data:ExecuteStatement", "redshift-data:DescribeTable", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-all-datazone-projects":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessExistingRedshiftCompute" }, { "Action":[ "redshift-data:BatchExecuteStatement", "redshift-data:ExecuteStatement", "redshift-data:DescribeStatement", "redshift-data:GetStatementResult", "redshift-data:CancelStatement", "redshift-data:GetStagingBucketLocation", "redshift-serverless:GetManagedWorkgroup" ], "Condition":{ "StringLike":{ "redshift-data:glue-catalog-arn":"arn:aws:glue:*:*:catalog/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftDataActionsForManagedWorkgroup" }, { "Action":[ "redshift-serverless:GetCredentials" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "ForAnyValue:StringEquals":{ "aws:CalledVia":"redshift-data.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:redshift-serverless:*:*:workgroup/*", "Sid":"RedshifServerlessCredentialsForManagedWorkgroup" }, { "Action":[ "redshift:GetClusterCredentialsWithIAM" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":"arn:aws:redshift:*:*:dbname:*/*", "Sid":"RedshiftExistingComputeConnectToCatalog" }, { "Action":[ "codewhisperer:GenerateRecommendations" ], "Effect":"Allow", "Resource":"*", "Sid":"GenerativeAIPermissions" }, { "Action":[ "bedrock:GetInferenceProfile", "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:application-inference-profile/*", "Sid":"BedrockAppInferenceProfileInvocationPermissions" }, { "Action":[ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "Null":{ "bedrock:InferenceProfileArn":"false" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:*-model/*" ], "Sid":"BedrockModelInvocationPermissions" }, { "Action":[ "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreateTags", "ec2:CreateVpcEndpoint", "ec2:DescribeNetworkInterfaces", "ec2:DescribeDhcpOptions", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeSubnets", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DeleteNetworkInterface", "ec2:DetachNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteTags" ], "Effect":"Allow", "Resource":"*", "Sid":"ManageNetworkPermissions" }, { "Action":[ "sagemaker:ListImageVersions", "sagemaker:ListTrainingJobs", "sagemaker:ListTransformJobs", "sagemaker:ListProcessingJobs", "sagemaker:ListAutoMLJobs", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:ListContexts", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListTrainingJobsForHyperParameterTuningJob", "sagemaker:ListInferenceComponents", "sagemaker:ListEndpoints", "sagemaker:ListEndpointConfigs", "sagemaker:ListModels", "sagemaker:ListModelPackages", "sagemaker:ListModelPackageGroups", "sagemaker:ListModelMetadata", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListArtifacts", "sagemaker:ListAssociations", "sagemaker:ListHubContents", "sagemaker:ListHubs", "sagemaker:ListPipelineExecutionSteps", "sagemaker:ListPipelineExecutions", "sagemaker:ListPipelineParametersForExecution", "sagemaker:ListPipelines", "sagemaker:ListApps", "sagemaker:ListDomains", "sagemaker:ListUserProfiles", "sagemaker:ListSpaces", "sagemaker:ListTags", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeImageVersion", "sagemaker:DescribeImage", "sagemaker:DescribeInferenceComponent", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeOptimizationJob", "sagemaker:DescribeEndpoint", "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineExecution", "sagemaker:DescribePipelineDefinitionForExecution", "sagemaker:DescribeHyperParameterTuningJob", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeAutoMLJobV2", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeAction", "sagemaker:DescribeArtifact", "sagemaker:DescribeTrialComponent", "sagemaker:DescribeContext", "sagemaker:DescribeDomain", "sagemaker:DescribeApp", "sagemaker:DescribeUserProfile", "sagemaker:DescribeSpace", "sagemaker:AddTags", "sagemaker:AddAssociation", "sagemaker:DeleteAssociation", "sagemaker:DeleteContext", "sagemaker:DeleteAction", "sagemaker:DeleteArtifact", "sagemaker:DeleteUserProfile", "sagemaker:UpdateSpace", "sagemaker:DeleteSpace", "sagemaker:DeleteApp", "sagemaker:CreatePresignedDomainUrl", "sagemaker:CreateUserProfile", "sagemaker:CreateSpace", "sagemaker:CreateApp", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateProcessingJob", "sagemaker:CreateAutoMLJob", "sagemaker:CreateAutoMLJobV2", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateEndpointConfig", "sagemaker:CreateEndpoint", "sagemaker:CreateModel", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreatePipeline", "sagemaker:CreateContext", "sagemaker:CreateArtifact", "sagemaker:CreateAction", "sagemaker:CreateInferenceComponent", "sagemaker:UpdateInferenceComponentRuntimeConfig", "sagemaker:StopTrainingJob", "sagemaker:StopProcessingJob", "sagemaker:StopAutoMLJob", "sagemaker:StopHyperParameterTuningJob", "sagemaker:DescribeTransformJob", "sagemaker:StopTransformJob", "sagemaker:UpdateTrainingJob", "sagemaker:BatchGetMetrics", "sagemaker:BatchPutMetrics", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteEndpoint", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:BatchDescribeModelPackage", "sagemaker:UpdateModelPackage", "sagemaker:DeleteModel", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeleteTags", "sagemaker:DeleteInferenceComponent", "sagemaker:CreateInferenceRecommendationsJob", "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointAsync", "sagemaker:InvokeEndpointWithResponseStream", "sagemaker:QueryLineage", "sagemaker:UpdatePipeline", "sagemaker:DeletePipeline", "sagemaker:UpdatePipelineExecution", "sagemaker:StartPipelineExecution", "sagemaker:StopPipelineExecution", "sagemaker:RetryPipelineExecution", "sagemaker:SendPipelineExecutionStepSuccess", "sagemaker:SendPipelineExecutionStepFailure", "sagemaker:GetSearchSuggestions", "sagemaker:Search", "sagemaker:UpdateMlflowTrackingServer", "sagemaker:StartMlflowTrackingServer", "sagemaker:StopMlflowTrackingServer", "sagemaker:CreatePresignedMlflowTrackingServerUrl", "sagemaker:ListPartnerApps", "sagemaker:CreatePartnerAppPresignedUrl", "sagemaker:DescribePartnerApp", "sagemaker:CallPartnerAppApi", "sagemaker-mlflow:AccessUI", "sagemaker-mlflow:CreateExperiment", "sagemaker-mlflow:SearchExperiments", "sagemaker-mlflow:GetExperiment", "sagemaker-mlflow:GetExperimentByName", "sagemaker-mlflow:DeleteExperiment", "sagemaker-mlflow:RestoreExperiment", "sagemaker-mlflow:UpdateExperiment", "sagemaker-mlflow:CreateRun", "sagemaker-mlflow:DeleteRun", "sagemaker-mlflow:RestoreRun", "sagemaker-mlflow:GetRun", "sagemaker-mlflow:LogMetric", "sagemaker-mlflow:LogBatch", "sagemaker-mlflow:LogModel", "sagemaker-mlflow:LogInputs", "sagemaker-mlflow:SetExperimentTag", "sagemaker-mlflow:SetTag", "sagemaker-mlflow:DeleteTag", "sagemaker-mlflow:LogParam", "sagemaker-mlflow:GetMetricHistory", "sagemaker-mlflow:SearchRuns", "sagemaker-mlflow:ListArtifacts", "sagemaker-mlflow:UpdateRun", "sagemaker-mlflow:CreateRegisteredModel", "sagemaker-mlflow:GetRegisteredModel", "sagemaker-mlflow:RenameRegisteredModel", "sagemaker-mlflow:UpdateRegisteredModel", "sagemaker-mlflow:DeleteRegisteredModel", "sagemaker-mlflow:GetLatestModelVersions", "sagemaker-mlflow:CreateModelVersion", "sagemaker-mlflow:GetModelVersion", "sagemaker-mlflow:UpdateModelVersion", "sagemaker-mlflow:DeleteModelVersion", "sagemaker-mlflow:SearchModelVersions", "sagemaker-mlflow:GetDownloadURIForModelVersionArtifacts", "sagemaker-mlflow:TransitionModelVersionStage", "sagemaker-mlflow:SearchRegisteredModels", "sagemaker-mlflow:SetRegisteredModelTag", "sagemaker-mlflow:DeleteRegisteredModelTag", "sagemaker-mlflow:DeleteModelVersionTag", "sagemaker-mlflow:DeleteRegisteredModelAlias", "sagemaker-mlflow:SetRegisteredModelAlias", "sagemaker-mlflow:GetModelVersionByAlias", "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", "ecr:DescribeImages", "elasticfilesystem:DescribeMountTargets", "ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath", "ec2:DescribeInstanceTypes" ], "Effect":"Allow", "Resource":"*", "Sid":"SageMakerPermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"sagemaker.application-autoscaling.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", "Sid":"SageMakerSLRForAutoScalingPermissions" }, { "Action":[ "cloudwatch:PutMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:GetMetricData", "sts:GetCallerIdentity", "sts:TagSession", "emr-serverless:GetApplication", "emr-serverless:GetDashboardForJobRun", "emr-serverless:GetJobRun", "emr-serverless:ListApplications", "emr-serverless:ListJobRunAttempts", "emr-serverless:ListJobRuns", "emr-serverless:StartApplication", "emr-serverless:StartJobRun", "emr-serverless:StopApplication", "emr-serverless:AccessInteractiveEndpoints", "emr-serverless:AccessLivyEndpoints", "elasticmapreduce:ListReleaseLabels", "elasticmapreduce:ListSupportedInstanceTypes", "elasticmapreduce:ListClusters", "elasticmapreduce:CreatePersistentAppUI", "elasticmapreduce:DescribePersistentAppUI", "elasticmapreduce:GetPersistentAppUIPresignedURL", "pricing:GetProducts" ], "Effect":"Allow", "Resource":"*", "Sid":"ComputePermissions" }, { "Action":[ "sts:AssumeRole" ], "Condition":{ "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneProject":"" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAssumeAccessRole" }, { "Action":"sts:SetSourceIdentity", "Condition":{ "StringLike":{ "sts:SourceIdentity":"${aws:PrincipalTag/datazone:userId}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SetSourceIdentityForAssumeAccessRole" }, { "Action":"secretsmanager:ListSecrets", "Effect":"Allow", "Resource":"*", "Sid":"AllowListSecrets" }, { "Action":[ "secretsmanager:GetSecretValue", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "redshift-serverless:GetWorkgroup", "redshift-serverless:GetNamespace", "redshift-serverless:ListTagsForResource", "redshift-serverless:GetCredentials", "redshift-data:BatchExecuteStatement", "redshift-data:ExecuteStatement", "redshift-data:DescribeTable", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables", "elasticmapreduce:GetClusterSessionCredentials", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetOnClusterAppUIPresignedURL", "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListInstances", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:TerminateJobFlows", "redshift:GetClusterCredentialsWithIAM" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"ComputePermissionsWithResourceTag" }, { "Action":[ "lakeformation:GetDataAccess" ], "Effect":"Allow", "Resource":"*", "Sid":"DataLakePermissions" }, { "Action":[ "codecommit:BatchGetCommits", "codecommit:BatchGetPullRequests", "codecommit:BatchGetRepositories", "codecommit:BatchDescribeMergeConflicts", "codecommit:CreateBranch", "codecommit:CreateCommit", "codecommit:CreatePullRequest", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:DescribeMergeConflicts", "codecommit:DescribePullRequestEvents", "codecommit:GetBlob", "codecommit:GetBranch", "codecommit:GetComment", "codecommit:GetCommentReactions", "codecommit:GetCommentsForComparedCommit", "codecommit:GetCommentsForPullRequest", "codecommit:GetCommit", "codecommit:GetCommitHistory", "codecommit:GetCommitsFromMergeBase", "codecommit:GetDifferences", "codecommit:GetFile", "codecommit:GetFolder", "codecommit:GetMergeCommit", "codecommit:GetMergeConflicts", "codecommit:GetMergeOptions", "codecommit:GetObjectIdentifier", "codecommit:GetPullRequest", "codecommit:GetPullRequestApprovalStates", "codecommit:GetPullRequestOverrideState", "codecommit:GetReferences", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codecommit:GetTree", "codecommit:GetUploadArchiveStatus", "codecommit:GitPull", "codecommit:GitPush", "codecommit:ListAssociatedApprovalRuleTemplatesForRepository", "codecommit:ListBranches", "codecommit:ListFileCommitHistory", "codecommit:ListPullRequests", "codecommit:ListTagsForResource", "codecommit:MergeBranchesByFastForward", "codecommit:MergeBranchesBySquash", "codecommit:MergeBranchesByThreeWay", "codecommit:MergePullRequestByFastForward", "codecommit:MergePullRequestBySquash", "codecommit:MergePullRequestByThreeWay", "codecommit:UpdateComment", "codecommit:UpdateDefaultBranch", "codecommit:UpdatePullRequestApprovalRuleContent", "codecommit:UpdatePullRequestApprovalState", "codecommit:UpdatePullRequestDescription", "codecommit:UpdatePullRequestStatus", "codecommit:UpdatePullRequestTitle", "codecommit:UpdateRepositoryDescription", "codecommit:PostCommentForComparedCommit", "codecommit:PostCommentForPullRequest", "codecommit:PostCommentReply", "codecommit:PutCommentReaction", "codecommit:PutFile" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"CodeCommitPermissions" }, { "Action":[ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScheduledAction", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "ec2:RunInstances", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreatePlacementGroup", "ec2:CreateSecurityGroup", "ec2:DeleteLaunchTemplate", "ec2:DeletePlacementGroup", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances", "ec2:DescribeAccountAttributes", "ec2:DescribeCapacityReservations", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplates", "ec2:DescribeNetworkAcls", "ec2:DescribePlacementGroups", "ec2:DescribeVolumes", "ec2:DescribeVolumeStatus", "ec2:DescribeVpcAttribute", "resource-groups:ListGroupResources" ], "Effect":"Allow", "Resource":"*", "Sid":"EMRServicePermissions" }, { "Action":[ "resource-groups:GetGroupQuery" ], "Effect":"Allow", "Resource":"*", "Sid":"ModelRegistryResourceGroupGetPermissions" }, { "Action":[ "resource-groups:CreateGroup", "resource-groups:DeleteGroup", "resource-groups:Tag" ], "Condition":{ "Null":{ "aws:ResourceTag/sagemaker:collection":"false" } }, "Effect":"Allow", "Resource":"*", "Sid":"ModelRegistryResourceGroupMutatePermissions" }, { "Action":[ "bedrock:ListFoundationModels" ], "Effect":"Allow", "Resource":"*", "Sid":"ModelRegistryBedRockPermissions" }, { "Action":"aoss:APIAccessAll", "Effect":"Allow", "Resource":"*", "Sid":"AccessAossCollectionsForBedrock" }, { "Action":[ "bedrock:GetAgent", "bedrock:GetAgentActionGroup", "bedrock:GetAgentKnowledgeBase", "bedrock:InvokeAgent", "bedrock:ListAgentActionGroups", "bedrock:ListAgentKnowledgeBases", "bedrock:Retrieve", "bedrock:StartIngestionJob", "bedrock:GetIngestionJob", "bedrock:ListIngestionJobs", "bedrock:ApplyGuardrail", "bedrock:ListPrompts", "bedrock:GetPrompt", "bedrock:CreatePrompt", "bedrock:DeletePrompt", "bedrock:CreatePromptVersion", "bedrock:InvokeFlow", "bedrock:GetEvaluationJob", "bedrock:CreateEvaluationJob", "bedrock:StopEvaluationJob", "bedrock:BatchDeleteEvaluationJob", "bedrock:ListTagsForResource", "bedrock:CreateAgentAlias", "bedrock:ListAgentAliases", "bedrock:GetAgentVersion", "bedrock:ListAgentVersions", "bedrock:DeleteAgentVersion", "bedrock:DeleteAgentAlias", "bedrock:GetAgentAlias", "bedrock:UpdateAgentAlias" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AccessBedrockResources" }, { "Action":"bedrock:CreateEvaluationJob", "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:custom-model/*" ], "Sid":"CreateEvaluationJobForFoundationModel" }, { "Action":"bedrock:InvokeInlineAgent", "Effect":"Allow", "Resource":"*", "Sid":"InvokeBedrockInlineAgentPermissions" }, { "Action":"bedrock:RetrieveAndGenerate", "Effect":"Allow", "Resource":"*", "Sid":"BedrockRetrieveAndGeneratePermissions" }, { "Action":"bedrock:ListEvaluationJobs", "Effect":"Allow", "Resource":"*", "Sid":"ListBedrockEvaluationJobPermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "iam:PassedToService":[ "bedrock.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonBedrockEvaluationRole-${aws:PrincipalTag/AmazonDataZoneProject}-*" ], "Sid":"PassRoleToBedrockEvaluation" }, { "Action":"bedrock:TagResource", "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"TagBedrockResourcePermissions" }, { "Action":[ "kms:GenerateDataKey", "kms:Decrypt" ], "Condition":{ "Null":{ "kms:EncryptionContext:aws:bedrock:arn":"false", "kms:ViaService":"true" }, "StringEquals":{ "aws:PrincipalTag/AmazonBedrockManaged":"true" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"BedrockKnowledgeBaseDataIngestionKmsPermissions" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:amazon-bedrock-ide/*", "Sid":"AccessSecretPermissionsForBedrockApp" }, { "Action":"lambda:InvokeFunction", "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:amazon-bedrock-ide-*", "Sid":"InvokeFunctionPermissionsForBedrockApp" }, { "Action":[ "cloudformation:GetTemplate", "cloudformation:DescribeStacks" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/DataZone-Env-*", "Sid":"GetDataZoneEnvironmentCfnStackPermissionsForBedrockAppExport" }, { "Action":[ "airflow:ListEnvironments", "airflow:GetEnvironment", "airflow:UpdateEnvironment", "airflow:CreateWebLoginToken", "airflow:InvokeRestApi" ], "Effect":"Allow", "Resource":"*", "Sid":"MWAAPermissions" }, { "Action":"s3:GetAccountPublicAccessBlock", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AirflowS3GetAccountPublicAccessBlock" }, { "Action":[ "s3:GetEncryptionConfiguration" ], "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"AirflowS3BucketActions" }, { "Action":[ "sqs:ChangeMessageVisibility", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:SendMessage" ], "Effect":"Allow", "Resource":"arn:aws:sqs:*:*:airflow-celery-*", "Sid":"SQSPermissionsForMWAA" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"FederatedDataConnectionGlueSecret" }, { "Action":[ "glue:ListConnectionTypes", "glue:DescribeConnectionType" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueConnectionAccessForFederatedDatabase" }, { "Action":[ "glue:ListEntities", "glue:DescribeEntity", "glue:GetEntityRecords" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueEntitiesAccessForFederatedDatabase" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-all-datazone-projects":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"SecretAccessForForUseWithAllDataZoneProjectsSecrets" }, { "Action":[ "dynamodb:ListTables" ], "Effect":"Allow", "Resource":"*", "Sid":"AccessForDynamoDbConnections" }, { "Action":"lambda:InvokeFunction", "Condition":{ "StringEquals":{ "aws:PrincipalTag/SageMakerStudioQueryExecutionRole":"true", "aws:ResourceTag/federated_athena_datacatalog":"true" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:*", "Sid":"InvokeFunctionPermissionsForAthenaCatalogLambda" }, { "Action":"s3:ListBucket", "Condition":{ "StringEquals":{ "aws:PrincipalTag/SageMakerStudioQueryExecutionRole":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*", "Sid":"ListDomainS3BucketForQueryExecutionRolePermissions" }, { "Action":[ "s3:ListBucket", "s3:PutObject", "s3:GetObject", "s3:DeleteObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::redshift-staging-bucket-*/*", "arn:aws:s3:::redshift-staging-bucket-*" ], "Sid":"S3PermissionsForAthenaCatalog" }, { "Action":"s3:GetObject", "Condition":{ "StringEquals":{ "aws:PrincipalTag/SageMakerStudioQueryExecutionRole":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::*/dzd_*/*/dev/sys/athena/*", "Sid":"GetS3ObjectForQueryExecutionRolePermissions" }, { "Action":[ "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "glue:LakeFormationPermissions":"Enabled" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*" ], "Sid":"GetGlueUserDefinedFuncLakeFormationPermissions" }, { "Action":[ "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:userDefinedFunction/*" ], "Sid":"GetGlueUserDefinedFuncPermissions" }, { "Effect":"Deny", "NotAction":[ "airflow:CreateWebLoginToken", "airflow:GetEnvironment", "airflow:InvokeRestApi", "airflow:ListEnvironments", "airflow:UpdateEnvironment", "aoss:APIAccessAll", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScalingPolicy", "application-autoscaling:PutScheduledAction", "application-autoscaling:RegisterScalableTarget", "athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:CreateNamedQuery", "athena:CreateNotebook", "athena:CreatePreparedStatement", "athena:CreatePresignedNotebookUrl", "athena:DeleteNamedQuery", "athena:DeleteNotebook", "athena:DeletePreparedStatement", "athena:ExportNotebook", "athena:GetCalculationExecution", "athena:GetCalculationExecutionCode", "athena:GetCalculationExecutionStatus", "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetNamedQuery", "athena:GetNotebookMetadata", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetQueryRuntimeStatistics", "athena:GetSession", "athena:GetSessionStatus", "athena:GetTableMetadata", "athena:GetWorkGroup", "athena:ImportNotebook", "athena:ListDatabases", "athena:ListDataCatalogs", "athena:ListEngineVersions", "athena:ListNamedQueries", "athena:ListPreparedStatements", "athena:ListQueryExecutions", "athena:ListTableMetadata", "athena:ListTagsForResource", "athena:ListWorkGroups", "athena:StartCalculationExecution", "athena:StartQueryExecution", "athena:StartSession", "athena:StopCalculationExecution", "athena:StopQueryExecution", "athena:TerminateSession", "athena:UpdateNamedQuery", "athena:UpdateNotebook", "athena:UpdateNotebookMetadata", "athena:UpdatePreparedStatement", "bedrock:ApplyGuardrail", "bedrock:BatchDeleteEvaluationJob", "bedrock:CreateAgentAlias", "bedrock:CreateEvaluationJob", "bedrock:CreatePrompt", "bedrock:CreatePromptVersion", "bedrock:DeleteAgentAlias", "bedrock:DeleteAgentVersion", "bedrock:DeletePrompt", "bedrock:GetAgent", "bedrock:GetAgentActionGroup", "bedrock:GetAgentAlias", "bedrock:GetAgentKnowledgeBase", "bedrock:GetAgentVersion", "bedrock:GetEvaluationJob", "bedrock:GetInferenceProfile", "bedrock:GetIngestionJob", "bedrock:GetPrompt", "bedrock:InvokeAgent", "bedrock:InvokeFlow", "bedrock:InvokeInlineAgent", "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream", "bedrock:ListAgentActionGroups", "bedrock:ListAgentAliases", "bedrock:ListAgentKnowledgeBases", "bedrock:ListAgentVersions", "bedrock:ListEvaluationJobs", "bedrock:ListFoundationModels", "bedrock:ListIngestionJobs", "bedrock:ListPrompts", "bedrock:ListTagsForResource", "bedrock:Retrieve", "bedrock:RetrieveAndGenerate", "bedrock:StartIngestionJob", "bedrock:StopEvaluationJob", "bedrock:TagResource", "bedrock:UpdateAgentAlias", "cloudformation:DescribeStacks", "cloudformation:GetTemplate", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "cloudwatch:PutMetricData", "codecommit:BatchDescribeMergeConflicts", "codecommit:BatchGetCommits", "codecommit:BatchGetPullRequests", "codecommit:BatchGetRepositories", "codecommit:CreateBranch", "codecommit:CreateCommit", "codecommit:CreatePullRequest", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:DescribeMergeConflicts", "codecommit:DescribePullRequestEvents", "codecommit:GetBlob", "codecommit:GetBranch", "codecommit:GetComment", "codecommit:GetCommentReactions", "codecommit:GetCommentsForComparedCommit", "codecommit:GetCommentsForPullRequest", "codecommit:GetCommit", "codecommit:GetCommitHistory", "codecommit:GetCommitsFromMergeBase", "codecommit:GetDifferences", "codecommit:GetFile", "codecommit:GetFolder", "codecommit:GetMergeCommit", "codecommit:GetMergeConflicts", "codecommit:GetMergeOptions", "codecommit:GetObjectIdentifier", "codecommit:GetPullRequest", "codecommit:GetPullRequestApprovalStates", "codecommit:GetPullRequestOverrideState", "codecommit:GetReferences", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codecommit:GetTree", "codecommit:GetUploadArchiveStatus", "codecommit:GitPull", "codecommit:GitPush", "codecommit:ListAssociatedApprovalRuleTemplatesForRepository", "codecommit:ListBranches", "codecommit:ListFileCommitHistory", "codecommit:ListPullRequests", "codecommit:ListTagsForResource", "codecommit:MergeBranchesByFastForward", "codecommit:MergeBranchesBySquash", "codecommit:MergeBranchesByThreeWay", "codecommit:MergePullRequestByFastForward", "codecommit:MergePullRequestBySquash", "codecommit:MergePullRequestByThreeWay", "codecommit:PostCommentForComparedCommit", "codecommit:PostCommentForPullRequest", "codecommit:PostCommentReply", "codecommit:PutCommentReaction", "codecommit:PutFile", "codecommit:UpdateComment", "codecommit:UpdateDefaultBranch", "codecommit:UpdatePullRequestApprovalRuleContent", "codecommit:UpdatePullRequestApprovalState", "codecommit:UpdatePullRequestDescription", "codecommit:UpdatePullRequestStatus", "codecommit:UpdatePullRequestTitle", "codecommit:UpdateRepositoryDescription", "codewhisperer:GenerateRecommendations", "datazone:CreateConnection", "datazone:DeleteConnection", "datazone:GetConnection", "datazone:GetDomain", "datazone:GetDomainExecutionRoleCredentials", "datazone:GetEnvironment", "datazone:GetEnvironmentBlueprintConfiguration", "datazone:GetProject", "datazone:GetUserProfile", "datazone:ListConnections", "datazone:ListEnvironmentBlueprints", "datazone:ListEnvironments", "datazone:ListProjects", "datazone:UpdateConnection", "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:Scan", "dynamodb:Query", "dynamodb:DescribeBackup", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeEndpoints", "dynamodb:DescribeExport", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeImport", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:ListExports", "dynamodb:ListGlobalTables", "dynamodb:ListImports", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "dynamodb:PutItem", "dynamodb:PartiQLSelect", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate", "dynamodb:PartiQLDelete", "dynamodb:UpdateItem", "dynamodb:UpdateGlobalTable", "dynamodb:UpdateTable", "ec2:AttachNetworkInterface", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreatePlacementGroup", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:CreateVpcEndpoint", "ec2:DeleteLaunchTemplate", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeletePlacementGroup", "ec2:DeleteTags", "ec2:DescribeAccountAttributes", "ec2:DescribeCapacityReservations", "ec2:DescribeDhcpOptions", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeInstanceTypes", "ec2:DescribeLaunchTemplates", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVolumeStatus", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DetachNetworkInterface", "ec2:ModifyInstanceAttribute", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RunInstances", "ec2:TerminateInstances", "ecr:BatchGetImage", "ecr:DescribeImages", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer", "elasticfilesystem:DescribeMountTargets", "elasticmapreduce:CreatePersistentAppUI", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribePersistentAppUI", "elasticmapreduce:GetClusterSessionCredentials", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetOnClusterAppUIPresignedURL", "elasticmapreduce:GetPersistentAppUIPresignedURL", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListReleaseLabels", "elasticmapreduce:ListSupportedInstanceTypes", "elasticmapreduce:TerminateJobFlows", "emr-serverless:AccessInteractiveEndpoints", "emr-serverless:AccessLivyEndpoints", "emr-serverless:GetApplication", "emr-serverless:GetDashboardForJobRun", "emr-serverless:GetJobRun", "emr-serverless:ListApplications", "emr-serverless:ListJobRunAttempts", "emr-serverless:ListJobRuns", "emr-serverless:StartApplication", "emr-serverless:StartJobRun", "emr-serverless:StopApplication", "glue:BatchCreatePartition", "glue:BatchDeletePartition", "glue:BatchDeleteTable", "glue:BatchDeleteTableVersion", "glue:BatchGetPartition", "glue:BatchGetTableOptimizer", "glue:BatchStopJobRun", "glue:BatchUpdatePartition", "glue:CancelDataQualityRuleRecommendationRun", "glue:CancelDataQualityRulesetEvaluationRun", "glue:CancelStatement", "glue:CreateBlueprint", "glue:CreateDatabase", "glue:CreateDataQualityRuleset", "glue:CreateJob", "glue:CreatePartition", "glue:CreatePartitionIndex", "glue:CreateSession", "glue:CreateTable", "glue:CreateWorkflow", "glue:DeleteBlueprint", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeleteDatabase", "glue:DeleteDataQualityRuleset", "glue:DeleteJob", "glue:DeletePartition", "glue:DeletePartitionIndex", "glue:DeleteSession", "glue:DeleteTable", "glue:DeleteTableVersion", "glue:DeleteWorkflow", "glue:DescribeConnectionType", "glue:DescribeEntity", "glue:GetCatalog", "glue:GetCatalogImportStatus", "glue:GetCatalogs", "glue:GetClassifier", "glue:GetClassifiers", "glue:GetColumnStatisticsForPartition", "glue:GetColumnStatisticsForTable", "glue:GetColumnStatisticsTaskRun", "glue:GetColumnStatisticsTaskRuns", "glue:GetCompletion", "glue:GetConnection", "glue:GetConnections", "glue:GetDashboardUrl", "glue:GetDatabase", "glue:GetDatabases", "glue:GetDataQualityModel", "glue:GetDataQualityModelResult", "glue:GetDataQualityResult", "glue:GetDataQualityRuleRecommendationRun", "glue:GetDataQualityRuleset", "glue:GetDataQualityRulesetEvaluationRun", "glue:GetEntityRecords", "glue:GetGeneratedCode", "glue:GetPartition", "glue:GetPartitionIndexes", "glue:GetPartitions", "glue:GetSession", "glue:GetStatement", "glue:GetTable", "glue:GetTableOptimizer", "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions", "glue:GetTags", "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions", "glue:ListConnectionTypes", "glue:ListCrawls", "glue:ListDataQualityResults", "glue:ListDataQualityRuleRecommendationRuns", "glue:ListDataQualityRulesetEvaluationRuns", "glue:ListDataQualityRulesets", "glue:ListEntities", "glue:ListSessions", "glue:ListStatements", "glue:ListTableOptimizerRuns", "glue:NotifyEvent", "glue:PassConnection", "glue:PublishDataQuality", "glue:PutDataQualityProfileAnnotation", "glue:PutDataQualityStatisticAnnotation", "glue:PutWorkflowRunProperties", "glue:ResumeWorkflowRun", "glue:RunStatement", "glue:SearchTables", "glue:StartBlueprintRun", "glue:StartCompletion", "glue:StartDataQualityRuleRecommendationRun", "glue:StartDataQualityRulesetEvaluationRun", "glue:StartJobRun", "glue:StartWorkflowRun", "glue:StopSession", "glue:StopWorkflowRun", "glue:TagResource", "glue:UntagResource", "glue:UpdateBlueprint", "glue:UpdateCatalog", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:UpdateDataQualityRuleset", "glue:UpdateJob", "glue:UpdatePartition", "glue:UpdateTable", "glue:UpdateWorkflow", "glue:UseGlueStudio", "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:ListRoles", "iam:PassRole", "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:RevokeGrant", "lakeformation:GetDataAccess", "lambda:InvokeFunction", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:FilterLogEvents", "logs:GetLogEvents", "logs:GetLogGroupFields", "logs:GetLogRecord", "logs:GetQueryResults", "logs:PutLogEvents", "logs:StartQuery", "logs:StopQuery", "pricing:GetProducts", "q:SendMessage", "q:StartConversation", "redshift-data:BatchExecuteStatement", "redshift-data:CancelStatement", "redshift-data:DescribeStatement", "redshift-data:DescribeTable", "redshift-data:ExecuteStatement", "redshift-data:GetStagingBucketLocation", "redshift-data:GetStatementResult", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListStatements", "redshift-data:ListTables", "redshift-serverless:GetCredentials", "redshift-serverless:GetManagedWorkgroup", "redshift-serverless:GetNamespace", "redshift-serverless:GetWorkgroup", "redshift-serverless:ListNamespaces", "redshift-serverless:ListTagsForResource", "redshift-serverless:ListWorkgroups", "redshift:DescribeClusters", "redshift:DescribeTags", "redshift:GetClusterCredentialsWithIAM", "resource-groups:CreateGroup", "resource-groups:DeleteGroup", "resource-groups:GetGroupQuery", "resource-groups:ListGroupResources", "resource-groups:Tag", "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetAccountPublicAccessBlock", "s3:GetBucketLocation", "s3:GetEncryptionConfiguration", "s3:GetObject*", "s3:ListBucket", "s3:ListBucketVersions", "s3:ListMultipartUploadParts", "s3:PutObject", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:ReplicateObject", "s3:RestoreObject", "sagemaker-mlflow:AccessUI", "sagemaker-mlflow:CreateExperiment", "sagemaker-mlflow:CreateModelVersion", "sagemaker-mlflow:CreateRegisteredModel", "sagemaker-mlflow:CreateRun", "sagemaker-mlflow:DeleteExperiment", "sagemaker-mlflow:DeleteModelVersion", "sagemaker-mlflow:DeleteModelVersionTag", "sagemaker-mlflow:DeleteRegisteredModel", "sagemaker-mlflow:DeleteRegisteredModelAlias", "sagemaker-mlflow:DeleteRegisteredModelTag", "sagemaker-mlflow:DeleteRun", "sagemaker-mlflow:DeleteTag", "sagemaker-mlflow:GetDownloadURIForModelVersionArtifacts", "sagemaker-mlflow:GetExperiment", "sagemaker-mlflow:GetExperimentByName", "sagemaker-mlflow:GetLatestModelVersions", "sagemaker-mlflow:GetMetricHistory", "sagemaker-mlflow:GetModelVersion", "sagemaker-mlflow:GetModelVersionByAlias", "sagemaker-mlflow:GetRegisteredModel", "sagemaker-mlflow:GetRun", "sagemaker-mlflow:ListArtifacts", "sagemaker-mlflow:LogBatch", "sagemaker-mlflow:LogInputs", "sagemaker-mlflow:LogMetric", "sagemaker-mlflow:LogModel", "sagemaker-mlflow:LogParam", "sagemaker-mlflow:RenameRegisteredModel", "sagemaker-mlflow:RestoreExperiment", "sagemaker-mlflow:RestoreRun", "sagemaker-mlflow:SearchExperiments", "sagemaker-mlflow:SearchModelVersions", "sagemaker-mlflow:SearchRegisteredModels", "sagemaker-mlflow:SearchRuns", "sagemaker-mlflow:SetExperimentTag", "sagemaker-mlflow:SetRegisteredModelAlias", "sagemaker-mlflow:SetRegisteredModelTag", "sagemaker-mlflow:SetTag", "sagemaker-mlflow:TransitionModelVersionStage", "sagemaker-mlflow:UpdateExperiment", "sagemaker-mlflow:UpdateModelVersion", "sagemaker-mlflow:UpdateRegisteredModel", "sagemaker-mlflow:UpdateRun", "sagemaker:AddAssociation", "sagemaker:AddTags", "sagemaker:BatchDescribeModelPackage", "sagemaker:BatchGetMetrics", "sagemaker:BatchPutMetrics", "sagemaker:CallPartnerAppApi", "sagemaker:CreateAction", "sagemaker:CreateApp", "sagemaker:CreateArtifact", "sagemaker:CreateAutoMLJob", "sagemaker:CreateAutoMLJobV2", "sagemaker:CreateContext", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateInferenceComponent", "sagemaker:CreateInferenceRecommendationsJob", "sagemaker:CreateModel", "sagemaker:CreateModelPackage", "sagemaker:CreateModelPackageGroup", "sagemaker:CreatePartnerAppPresignedUrl", "sagemaker:CreatePipeline", "sagemaker:CreatePresignedDomainUrl", "sagemaker:CreatePresignedMlflowTrackingServerUrl", "sagemaker:CreateProcessingJob", "sagemaker:CreateSpace", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateUserProfile", "sagemaker:DeleteAction", "sagemaker:DeleteApp", "sagemaker:DeleteArtifact", "sagemaker:DeleteAssociation", "sagemaker:DeleteContext", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteInferenceComponent", "sagemaker:DeleteModel", "sagemaker:DeleteModelPackage", "sagemaker:DeleteModelPackageGroup", "sagemaker:DeletePipeline", "sagemaker:DeleteSpace", "sagemaker:DeleteTags", "sagemaker:DeleteUserProfile", "sagemaker:DescribeAction", "sagemaker:DescribeApp", "sagemaker:DescribeArtifact", "sagemaker:DescribeAutoMLJob", "sagemaker:DescribeAutoMLJobV2", "sagemaker:DescribeContext", "sagemaker:DescribeDomain", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeHyperParameterTuningJob", "sagemaker:DescribeImage", "sagemaker:DescribeImageVersion", "sagemaker:DescribeInferenceComponent", "sagemaker:DescribeInferenceRecommendationsJob", "sagemaker:DescribeMlflowTrackingServer", "sagemaker:DescribeModel", "sagemaker:DescribeModelPackage", "sagemaker:DescribeModelPackageGroup", "sagemaker:DescribeOptimizationJob", "sagemaker:DescribePartnerApp", "sagemaker:DescribePipeline", "sagemaker:DescribePipelineDefinitionForExecution", "sagemaker:DescribePipelineExecution", "sagemaker:DescribeProcessingJob", "sagemaker:DescribeSpace", "sagemaker:DescribeTrainingJob", "sagemaker:DescribeTransformJob", "sagemaker:DescribeTrialComponent", "sagemaker:DescribeUserProfile", "sagemaker:GetSearchSuggestions", "sagemaker:InvokeEndpoint", "sagemaker:InvokeEndpointAsync", "sagemaker:InvokeEndpointWithResponseStream", "sagemaker:ListApps", "sagemaker:ListArtifacts", "sagemaker:ListAssociations", "sagemaker:ListAutoMLJobs", "sagemaker:ListCandidatesForAutoMLJob", "sagemaker:ListContexts", "sagemaker:ListDomains", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListHubContents", "sagemaker:ListHubs", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListImageVersions", "sagemaker:ListInferenceComponents", "sagemaker:ListMlflowTrackingServers", "sagemaker:ListModelMetadata", "sagemaker:ListModelPackageGroups", "sagemaker:ListModelPackages", "sagemaker:ListModels", "sagemaker:ListPartnerApps", "sagemaker:ListPipelineExecutions", "sagemaker:ListPipelineExecutionSteps", "sagemaker:ListPipelineParametersForExecution", "sagemaker:ListPipelines", "sagemaker:ListProcessingJobs", "sagemaker:ListSpaces", "sagemaker:ListTags", "sagemaker:ListTrainingJobs", "sagemaker:ListTrainingJobsForHyperParameterTuningJob", "sagemaker:ListTransformJobs", "sagemaker:ListUserProfiles", "sagemaker:QueryLineage", "sagemaker:RetryPipelineExecution", "sagemaker:Search", "sagemaker:SendPipelineExecutionStepFailure", "sagemaker:SendPipelineExecutionStepSuccess", "sagemaker:StartMlflowTrackingServer", "sagemaker:StartPipelineExecution", "sagemaker:StopAutoMLJob", "sagemaker:StopHyperParameterTuningJob", "sagemaker:StopMlflowTrackingServer", "sagemaker:StopPipelineExecution", "sagemaker:StopProcessingJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateInferenceComponentRuntimeConfig", "sagemaker:UpdateMlflowTrackingServer", "sagemaker:UpdateModelPackage", "sagemaker:UpdatePipeline", "sagemaker:UpdatePipelineExecution", "sagemaker:UpdateSpace", "sagemaker:UpdateTrainingJob", "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:ListSecrets", "secretsmanager:PutSecretValue", "sqlworkbench:CreateConnection", "sqlworkbench:DeleteQCustomContext", "sqlworkbench:DeleteTab", "sqlworkbench:DriverExecute", "sqlworkbench:GetAutocompletionMetadata", "sqlworkbench:GetAutocompletionResource", "sqlworkbench:GetQCustomContext", "sqlworkbench:GetQSqlPromptQuotas", "sqlworkbench:GetQSqlRecommendations", "sqlworkbench:GetQueryExecutionHistory", "sqlworkbench:GetUserInfo", "sqlworkbench:ListQueryExecutionHistory", "sqlworkbench:ListTabs", "sqlworkbench:PassAccountSettings", "sqlworkbench:PutQCustomContext", "sqlworkbench:PutTab", "sqs:ChangeMessageVisibility", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:SendMessage", "ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath", "sts:AssumeRole", "sts:GetCallerIdentity", "sts:SetSourceIdentity", "sts:TagSession", "tag:GetResources" ], "Resource":"*", "Sid":"NotDeniedOperations" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-03T00:37:06+00:00" }, "SageMakerStudioProjectUserRolePolicy":{ "CreateDate":"2024-11-20T21:59:23+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "codecommit:BatchGetCommits", "codecommit:BatchGetPullRequests", "codecommit:BatchGetRepositories", "codecommit:BatchDescribeMergeConflicts", "codecommit:CreateBranch", "codecommit:CreateCommit", "codecommit:CreatePullRequest", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:DescribeMergeConflicts", "codecommit:DescribePullRequestEvents", "codecommit:GetBlob", "codecommit:GetBranch", "codecommit:GetComment", "codecommit:GetCommentReactions", "codecommit:GetCommentsForComparedCommit", "codecommit:GetCommentsForPullRequest", "codecommit:GetCommit", "codecommit:GetCommitHistory", "codecommit:GetCommitsFromMergeBase", "codecommit:GetDifferences", "codecommit:GetFile", "codecommit:GetFolder", "codecommit:GetMergeCommit", "codecommit:GetMergeConflicts", "codecommit:GetMergeOptions", "codecommit:GetObjectIdentifier", "codecommit:GetPullRequest", "codecommit:GetPullRequestApprovalStates", "codecommit:GetPullRequestOverrideState", "codecommit:GetReferences", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codecommit:GetTree", "codecommit:GetUploadArchiveStatus", "codecommit:GitPull", "codecommit:GitPush", "codecommit:ListAssociatedApprovalRuleTemplatesForRepository", "codecommit:ListBranches", "codecommit:ListFileCommitHistory", "codecommit:ListPullRequests", "codecommit:ListTagsForResource", "codecommit:MergeBranchesByFastForward", "codecommit:MergeBranchesBySquash", "codecommit:MergeBranchesByThreeWay", "codecommit:MergePullRequestByFastForward", "codecommit:MergePullRequestBySquash", "codecommit:MergePullRequestByThreeWay", "codecommit:UpdateComment", "codecommit:UpdateDefaultBranch", "codecommit:UpdatePullRequestApprovalRuleContent", "codecommit:UpdatePullRequestApprovalState", "codecommit:UpdatePullRequestDescription", "codecommit:UpdatePullRequestStatus", "codecommit:UpdatePullRequestTitle", "codecommit:UpdateRepositoryDescription", "codecommit:PostCommentForComparedCommit", "codecommit:PostCommentForPullRequest", "codecommit:PostCommentReply", "codecommit:PutCommentReaction", "codecommit:PutFile" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"CommonUserCodeCommitPermissions" }, { "Action":[ "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "Null":{ "kms:EncryptionContext:aws:codecommit:id":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "codecommit.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"CodeCommitKmsPermissions" }, { "Action":[ "codewhisperer:GenerateRecommendations" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowCodeWhispererGenerateRecommendations" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "Null":{ "aws:TagKeys":"true" }, "StringEquals":{ "glue:RoleAssumedBy":"glue.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"AllowGlueCreateEni" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}", "glue:RoleAssumedBy":"glue.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:security-group/*", "Sid":"AllowGlueCreateEniOnSecurityGroup" }, { "Action":[ "ec2:CreateNetworkInterface" ], "Condition":{ "StringEquals":{ "glue:RoleAssumedBy":"glue.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:subnet/*", "Sid":"AllowGlueCreateEniOnSubnet" }, { "Action":[ "ec2:DeleteNetworkInterface", "ec2:AttachNetworkInterface" ], "Condition":{ "Null":{ "aws:ResourceTag/aws-glue-service-resource":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "glue:RoleAssumedBy":"glue.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:network-interface/*", "Sid":"AllowManageGlueEni" }, { "Action":[ "ec2:AttachNetworkInterface" ], "Condition":{ "StringEquals":{ "glue:RoleAssumedBy":"glue.amazonaws.com" }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*", "Sid":"AllowAttachGlueEniOnInstance" }, { "Action":[ "ec2:DescribeNetworkInterfaces" ], "Condition":{ "StringEquals":{ "glue:RoleAssumedBy":"glue.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowDescribeGlueEni" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}", "glue:RoleAssumedBy":"glue.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"FederatedDataConnectionGlueSecret" }, { "Action":[ "ec2:DescribeVpcEndpoints", "ec2:DescribeSubnets", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "glue:ListSessions", "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueKernelPermissions" }, { "Action":[ "glue:CreateSession", "glue:CreateBlueprint", "glue:CreateJob", "glue:CreateDataQualityRuleset", "glue:CreateWorkflow", "glue:TagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "ProjectUserTag*" ] }, "Null":{ "aws:TagKeys":"false" }, "StringEquals":{ "aws:PrincipalTag/EnableGlueWorkloadsPermissions":"true", "aws:RequestTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}", "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*", "arn:aws:glue:*:*:blueprint/*", "arn:aws:glue:*:*:job/*", "arn:aws:glue:*:*:dataQualityRuleset/*", "arn:aws:glue:*:*:workflow/*" ], "Sid":"GlueCreateAndTagPermissions" }, { "Action":[ "glue:TagResource", "glue:UntagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "ProjectUserTag*" ] }, "ForAllValues:StringNotLike":{ "aws:TagKeys":[ "AmazonDataZone*" ] }, "StringEquals":{ "aws:PrincipalTag/EnableGlueWorkloadsPermissions":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*", "arn:aws:glue:*:*:blueprint/*", "arn:aws:glue:*:*:job/*", "arn:aws:glue:*:*:dataQualityRuleset/*", "arn:aws:glue:*:*:workflow/*" ], "Sid":"GlueTagSessionPermissions" }, { "Action":[ "glue:CancelStatement", "glue:GetSession", "glue:ListStatements", "glue:DeleteSession", "glue:RunStatement", "glue:GetStatement", "glue:StopSession", "glue:GetDashboardUrl", "glue:NotifyEvent", "glue:StartBlueprintRun", "glue:PutWorkflowRunProperties", "glue:DeleteJob", "glue:DeleteWorkflow", "glue:DeleteBlueprint", "glue:UpdateWorkflow", "glue:UpdateJob", "glue:StartWorkflowRun", "glue:ResumeWorkflowRun", "glue:UpdateBlueprint", "glue:BatchStopJobRun", "glue:StopWorkflowRun", "glue:StartJobRun", "glue:CancelDataQualityRuleRecommendationRun", "glue:CancelDataQualityRulesetEvaluationRun", "glue:DeleteDataQualityRuleset", "glue:GetDataQualityModel", "glue:GetDataQualityModelResult", "glue:GetDataQualityResult", "glue:GetDataQualityRuleRecommendationRun", "glue:GetDataQualityRuleset", "glue:GetDataQualityRulesetEvaluationRun", "glue:ListDataQualityResults", "glue:ListDataQualityRuleRecommendationRuns", "glue:ListDataQualityRulesetEvaluationRuns", "glue:ListDataQualityRulesets", "glue:PublishDataQuality", "glue:PutDataQualityProfileAnnotation", "glue:PutDataQualityStatisticAnnotation", "glue:StartDataQualityRuleRecommendationRun", "glue:StartDataQualityRulesetEvaluationRun", "glue:UpdateDataQualityRuleset" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableGlueWorkloadsPermissions":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*", "arn:aws:glue:*:*:blueprint/*", "arn:aws:glue:*:*:job/*", "arn:aws:glue:*:*:dataQualityRuleset/*", "arn:aws:glue:*:*:workflow/*" ], "Sid":"GluePermissions" }, { "Action":[ "glue:GetGeneratedCode" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueVisualETLPermissions" }, { "Action":[ "glue:StartCompletion", "glue:GetCompletion" ], "Effect":"Allow", "Resource":"arn:aws:glue:*:*:completion/*", "Sid":"GlueCompletionsPermissions" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws-glue/*", "Sid":"GlueJobRunnerSessionLogPermissions" }, { "Action":[ "ec2:DeleteTags", "ec2:CreateTags" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "aws-glue-*" ] }, "Null":{ "aws:TagKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "glue:RoleAssumedBy":"glue.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" ], "Sid":"EC2TagsPermissionsForGlue" }, { "Action":[ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "kms:EncryptionContext:glue_catalog_id":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "glue.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"GlueKmsPermissions" }, { "Action":[ "emr-serverless:AccessInteractiveEndpoints", "emr-serverless:AccessLivyEndpoints", "emr-serverless:GetApplication", "emr-serverless:StartApplication", "emr-serverless:StopApplication" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:emr-serverless:*:*:/applications/*", "Sid":"EmrServerlessInteractivePermissions" }, { "Action":[ "emr-serverless:GetDashboardForJobRun", "emr-serverless:GetJobRun" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":[ "arn:aws:emr-serverless:*:*:/applications/*/jobruns/*" ], "Sid":"EmrServerlessJobAccessPermissions" }, { "Action":[ "airflow:GetEnvironment", "airflow:UpdateEnvironment" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AirflowActionsForTaggedEnvironments" }, { "Action":[ "airflow:ListEnvironments" ], "Effect":"Allow", "Resource":"*", "Sid":"AirflowListEnvironments" }, { "Action":[ "airflow:CreateWebLoginToken", "airflow:InvokeRestApi" ], "Effect":"Allow", "Resource":[ "arn:aws:airflow:*:*:role/DataZoneMWAAEnv-${aws:PrincipalTag/AmazonDataZoneDomain}-${aws:PrincipalTag/AmazonDataZoneProject}-${aws:PrincipalTag/AmazonDataZoneScopeName}/User" ], "Sid":"AirflowUiApiAccess" }, { "Action":[ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents", "logs:GetLogEvents", "logs:GetLogRecord", "logs:GetLogGroupFields", "logs:GetQueryResults" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:airflow-DataZoneMWAAEnv-${aws:PrincipalTag/AmazonDataZoneDomain}-${aws:PrincipalTag/AmazonDataZoneProject}-${aws:PrincipalTag/AmazonDataZoneScopeName}-*" ], "Sid":"AirflowCloudwatchLogsActions" }, { "Action":[ "cloudwatch:PutMetricData" ], "Condition":{ "StringLike":{ "cloudwatch:namespace":"AmazonMWAA" } }, "Effect":"Allow", "Resource":"*", "Sid":"AirflowCloudwatchActions" }, { "Action":"s3:GetAccountPublicAccessBlock", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AirflowS3GetAccountPublicAccessBlock" }, { "Action":[ "sqs:ChangeMessageVisibility", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:SendMessage" ], "Condition":{ "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:airflow-celery-*" ], "Sid":"AirflowSqsActions" }, { "Action":[ "s3:GetEncryptionConfiguration", "s3:GetBucketPublicAccessBlock" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"AirflowS3BucketActions" }, { "Action":[ "s3:GetBucketLocation" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DataLakeS3BucketActions" }, { "Action":[ "s3:GetObject*", "s3:ListMultipartUploadParts", "s3:ListBucket" ], "Condition":{ "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DataLakeCrossAccountS3Permissions" }, { "Action":[ "kms:ListGrants", "kms:GetPublicKey", "kms:DescribeKey" ], "Condition":{ "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DataLakeCrossAccountKMSPermissions" }, { "Action":[ "kms:Decrypt" ], "Condition":{ "ForAnyValue:StringEquals":{ "kms:EncryptionContextKeys":"aws:s3:arn" }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DataLakeCrossAccountDecryptKMSPermissions" }, { "Action":[ "s3:ListBucket", "s3:ListBucketVersions" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "s3:prefix":[ "${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}", "${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/*" ] }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"ListDomainS3BucketPermissions" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "Sid":"AirflowListDomainS3BucketPermissions" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "ArnEquals":{ "lambda:SourceFunctionArn":"arn:aws:lambda:*:*:function:athenafederatedcatalog_*" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}" ], "Sid":"ListDomainBucketFromAthenaFederatedCatalog" }, { "Action":[ "s3:GetObject*", "s3:PutObject", "s3:PutObjectRetention", "s3:RestoreObject", "s3:ReplicateObject", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/*", "Sid":"AccessDomainS3BucketPermissions" }, { "Action":"s3:PutObjectTagging", "Condition":{ "ForAllValues:StringEquals":{ "s3:RequestObjectTagKeys":[ "BasicValidationStatus", "ContainsReferenceResponseForAllPrompts" ] }, "StringEquals":{ "s3:RequestObjectTag/BasicValidationStatus":[ "valid", "invalid" ], "s3:RequestObjectTag/ContainsReferenceResponseForAllPrompts":[ "true", "false" ] }, "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneDomain":"", "aws:PrincipalTag/AmazonDataZoneProject":"", "aws:PrincipalTag/DomainBucketName":"" } }, "Effect":"Allow", "Resource":"arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/${aws:PrincipalTag/AmazonDataZoneDomain}/${aws:PrincipalTag/AmazonDataZoneProject}/genAI/assets/evaluations/*", "Sid":"TagS3ObjectPermissionsForBedrockEvaluation" }, { "Action":[ "kms:GenerateDataKey", "kms:Decrypt" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:aws:s3:arn":[ "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}", "arn:aws:s3:::${aws:PrincipalTag/DomainBucketName}/*" ] }, "StringLike":{ "kms:ViaService":"s3.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"AccessDomainS3BucketKmsPermissions" }, { "Action":[ "logs:DescribeLogGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"ListLogGroupsPermissions" }, { "Action":[ "logs:DescribeLogStreams", "logs:StartQuery", "logs:GetLogEvents", "logs:GetLogRecord", "logs:GetLogGroupFields", "logs:GetQueryResults", "logs:PutLogEvents", "logs:CreateLogStream", "logs:FilterLogEvents" ], "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:${aws:PrincipalTag/LogGroupName}", "arn:aws:logs:*:*:log-group:${aws:PrincipalTag/LogGroupName}:log-stream:*" ], "Sid":"ProjectLogGroupPermissions" }, { "Action":[ "logs:StopQuery" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchStopQuery" }, { "Action":[ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DataLakeEC2Permissions" }, { "Action":[ "athena:TerminateSession", "athena:CreatePreparedStatement", "athena:StopCalculationExecution", "athena:StartQueryExecution", "athena:UpdatePreparedStatement", "athena:BatchGetNamedQuery", "athena:BatchGetPreparedStatement", "athena:BatchGetQueryExecution", "athena:UpdateNotebook", "athena:DeleteNotebook", "athena:DeletePreparedStatement", "athena:UpdateNotebookMetadata", "athena:DeleteNamedQuery", "athena:GetCalculationExecution", "athena:GetCalculationExecutionCode", "athena:GetCalculationExecutionStatus", "athena:GetNamedQuery", "athena:GetNotebookMetadata", "athena:GetPreparedStatement", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetQueryRuntimeStatistics", "athena:GetSession", "athena:GetSessionStatus", "athena:GetWorkGroup", "athena:UpdateNamedQuery", "athena:CreateNamedQuery", "athena:ExportNotebook", "athena:StopQueryExecution", "athena:StartCalculationExecution", "athena:StartSession", "athena:CreatePresignedNotebookUrl", "athena:CreateNotebook", "athena:ImportNotebook", "athena:ListQueryExecutions", "athena:ListTagsForResource", "athena:ListNamedQueries", "athena:ListPreparedStatements" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"DataLakeAthenaPermissions" }, { "Action":[ "athena:GetDatabase", "athena:GetDataCatalog", "athena:GetTableMetadata", "athena:ListDatabases", "athena:ListTableMetadata" ], "Effect":"Allow", "Resource":[ "arn:aws:athena:*:*:datacatalog/AwsDataCatalog", "arn:aws:athena:*:*:datacatalog/awsdatacatalog" ], "Sid":"DefaultAthenaDataCatalogPermissions" }, { "Action":[ "athena:ListDataCatalogs", "athena:ListEngineVersions", "athena:ListWorkGroups" ], "Effect":"Allow", "Resource":"*", "Sid":"AthenaListPermissions" }, { "Action":[ "datazone:CreateConnection", "datazone:DeleteConnection", "datazone:GetConnection", "datazone:GetDomain", "datazone:GetDomainExecutionRoleCredentials", "datazone:GetEnvironment", "datazone:GetEnvironmentBlueprintConfiguration", "datazone:GetProject", "datazone:GetUserProfile", "datazone:ListConnections", "datazone:ListEnvironments", "datazone:ListEnvironmentBlueprints", "datazone:ListProjects", "datazone:UpdateConnection", "datazone:PostLineageEvent" ], "Effect":"Allow", "Resource":"arn:aws:datazone:*:*:domain/${aws:PrincipalTag/AmazonDataZoneDomain}", "Sid":"DataZoneUserPermissions" }, { "Action":[ "glue:GetDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/default" ], "Sid":"GlueGetDefaultDatabase" }, { "Action":"glue:GetDatabases", "Condition":{ "StringEquals":{ "glue:LakeFormationPermissions":"Enabled" } }, "Effect":"Allow", "NotResource":"arn:aws:glue:*:*:database/default", "Sid":"AllowGlueGetDatabasesExceptDefault" }, { "Action":[ "glue:GetDatabases" ], "Effect":"Allow", "Resource":"arn:aws:glue:*:*:catalog", "Sid":"GlueListDatabasesOnNoDatabases" }, { "Action":[ "glue:GetClassifier", "glue:GetClassifiers", "glue:UseGlueStudio" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueFileUploadPermissions" }, { "Action":[ "glue:PassConnection", "glue:GetConnection", "glue:GetConnections" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"GlueProjectConnectionPermissions" }, { "Action":[ "glue:GetConnection", "glue:GetConnections" ], "Effect":"Allow", "Resource":"arn:aws:glue:*:*:catalog", "Sid":"GlueGetConnectionOnlyOnCatalog" }, { "Action":[ "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:BatchGetPartition", "glue:BatchGetTableOptimizer", "glue:GetCatalogImportStatus", "glue:GetColumnStatisticsForPartition", "glue:GetColumnStatisticsForTable", "glue:GetColumnStatisticsTaskRun", "glue:GetColumnStatisticsTaskRuns", "glue:GetDatabase", "glue:GetPartition", "glue:GetPartitionIndexes", "glue:GetPartitions", "glue:GetTable", "glue:GetTableOptimizer", "glue:GetTableVersion", "glue:GetTableVersions", "glue:GetTables", "glue:SearchTables", "glue:ListTableOptimizerRuns", "glue:CreatePartitionIndex", "glue:BatchUpdatePartition", "glue:DeleteTableVersion", "glue:DeleteColumnStatisticsForPartition", "glue:DeleteColumnStatisticsForTable", "glue:DeletePartitionIndex", "glue:UpdateColumnStatisticsForPartition", "glue:UpdateColumnStatisticsForTable", "glue:BatchDeleteTableVersion", "glue:GetCatalogs", "glue:GetCatalog" ], "Condition":{ "StringEquals":{ "glue:LakeFormationPermissions":"Enabled" } }, "Effect":"Allow", "Resource":"*", "Sid":"GlueDatalakePermissions" }, { "Action":"glue:ListCrawls", "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:crawler/*", "Sid":"GlueCrawlerPermissions" }, { "Action":[ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:database/global_temp", "arn:aws:glue:*:*:catalog" ], "Sid":"GlueGlobalTempDatabasePermissions" }, { "Action":[ "glue:GetCatalog", "glue:UpdateCatalog" ], "Condition":{ "StringEquals":{ "glue:LakeFormationPermissions":"Enabled" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog" ], "Sid":"GlueDefaultCatalogsPermissions" }, { "Action":[ "glue:GetCatalog", "glue:UpdateCatalog" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}", "glue:LakeFormationPermissions":"Enabled" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog/*" ], "Sid":"GlueNonDefaultCatalogsPermissions" }, { "Action":[ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetDatabase" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:catalog/*" ], "Sid":"GlueCatalogDatabasePermissions" }, { "Action":[ "lakeformation:GetDataAccess" ], "Effect":"Allow", "Resource":"*", "Sid":"LakeFormationPermissionForDataLakeAccess" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*", "Sid":"IAMListRoles" }, { "Action":[ "iam:GetRole" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"IAMGetRole" }, { "Action":[ "sts:AssumeRole" ], "Condition":{ "StringNotEquals":{ "aws:PrincipalTag/AmazonDataZoneProject":"" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAssumeAccessRole" }, { "Action":"sts:SetSourceIdentity", "Condition":{ "StringLike":{ "sts:SourceIdentity":"${aws:PrincipalTag/datazone:userId}" } }, "Effect":"Allow", "Resource":"*", "Sid":"SetSourceIdentityForAssumeAccessRole" }, { "Action":"sts:TagSession", "Condition":{ "ForAllValues:StringEquals":{ "aws:TagKeys":[ "AmazonDataZoneProject", "AmazonDataZoneDomain" ] }, "StringEquals":{ "aws:RequestTag/AmazonDataZoneDomain":"${aws:PrincipalTag/AmazonDataZoneDomain}", "aws:RequestTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"TagSessionForAssumeAccessRole" }, { "Action":[ "glue:GetConnection", "glue:GetConnections", "glue:GetTags" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"FederatedDataConnectionPermissions" }, { "Action":[ "glue:ListConnectionTypes", "glue:DescribeConnectionType" ], "Effect":"Allow", "Resource":"*", "Sid":"UnRestrictedAccessForGlueEntities" }, { "Action":[ "glue:ListEntities", "glue:DescribeEntity", "glue:GetEntityRecords" ], "Effect":"Allow", "Resource":"*", "Sid":"GlueEntitiesAccessForFederatedDatabase" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "iam:PassedToService":[ "sagemaker.amazonaws.com", "glue.amazonaws.com", "airflow.amazonaws.com", "emr-serverless.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/${aws:PrincipalTag/RoleName}", "Sid":"AllowPassRoleOnProjectRoles" }, { "Action":[ "sqlworkbench:PutTab", "sqlworkbench:DeleteTab", "sqlworkbench:DriverExecute", "sqlworkbench:GetUserInfo", "sqlworkbench:ListTabs", "sqlworkbench:GetAutocompletionMetadata", "sqlworkbench:GetAutocompletionResource", "sqlworkbench:PassAccountSettings", "sqlworkbench:ListQueryExecutionHistory", "sqlworkbench:GetQueryExecutionHistory", "sqlworkbench:CreateConnection", "sqlworkbench:PutQCustomContext", "sqlworkbench:GetQCustomContext", "sqlworkbench:DeleteQCustomContext", "sqlworkbench:GetQSqlRecommendations", "sqlworkbench:GetQSqlPromptQuotas", "sqlworkbench:GetSchemaInference" ], "Effect":"Allow", "Resource":"*", "Sid":"SQLWorkBenchActionsWithoutResourceType" }, { "Action":[ "redshift-data:DescribeStatement", "redshift-data:GetStatementResult", "redshift-data:CancelStatement", "redshift-data:ListStatements" ], "Condition":{ "StringEquals":{ "redshift-data:statement-owner-iam-userid":"${aws:userid}" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftDataActionsIAMSessionRestriction" }, { "Action":[ "redshift-data:BatchExecuteStatement", "redshift-data:ExecuteStatement", "redshift-data:DescribeTable", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftDataActionsForResources" }, { "Action":[ "redshift-serverless:GetWorkgroup", "redshift-serverless:GetNamespace", "redshift-serverless:ListTagsForResource", "redshift-serverless:GetCredentials", "redshift:DescribeTags", "redshift:GetClusterCredentialsWithIAM", "redshift-data:BatchExecuteStatement", "redshift-data:ExecuteStatement", "redshift-data:DescribeTable", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-all-datazone-projects":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowAccessExistingRedshiftCompute" }, { "Action":[ "redshift-serverless:ListNamespaces", "redshift-serverless:ListWorkgroups", "redshift:DescribeClusters" ], "Effect":"Allow", "Resource":"*", "Sid":"RedshiftWithoutResourceType" }, { "Action":[ "redshift-serverless:GetWorkgroup", "redshift-serverless:ListTagsForResource", "redshift-serverless:GetNamespace", "redshift:DescribeTags" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftServerlessWorkgroupWithResourceType" }, { "Action":[ "redshift:GetClusterCredentialsWithIAM" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" } }, "Effect":"Allow", "Resource":"arn:aws:redshift:*:*:dbname:*/*", "Sid":"RedshiftExistingComputeConnectToCatalog" }, { "Action":"secretsmanager:ListSecrets", "Effect":"Allow", "Resource":"*", "Sid":"AllowListSecrets" }, { "Action":[ "redshift-serverless:GetCredentials", "redshift:GetClusterCredentialsWithIAM" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" }, "StringLike":{ "aws:PrincipalTag/RedshiftDbUser":[ "user-${aws:PrincipalTag/datazone:userId}*", "user-project@${aws:PrincipalTag/AmazonDataZoneProject}", "user-*@*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftServerlessGetCredentialsOnlyForDbUser" }, { "Action":[ "redshift-data:BatchExecuteStatement", "redshift-data:ExecuteStatement", "redshift-data:DescribeStatement", "redshift-data:GetStatementResult", "redshift-data:CancelStatement", "redshift-data:GetStagingBucketLocation", "redshift-serverless:GetManagedWorkgroup" ], "Condition":{ "StringLike":{ "redshift-data:glue-catalog-arn":"arn:aws:glue:*:*:catalog/*" } }, "Effect":"Allow", "Resource":"*", "Sid":"RedshiftDataActionsForManagedWorkgroup" }, { "Action":[ "redshift-serverless:GetCredentials" ], "Condition":{ "Bool":{ "aws:ViaAWSService":"true" }, "ForAnyValue:StringEquals":{ "aws:CalledVia":"redshift-data.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:redshift-serverless:*:*:workgroup/*", "Sid":"RedshifServerlessCredentialsForManagedWorkgroup" }, { "Action":"tag:GetResources", "Condition":{ "StringEquals":{ "aws:CalledViaLast":"sqlworkbench.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowTagGetResources" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:*", "Sid":"AllowGetSecretForRedShift" }, { "Action":[ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Effect":"Allow", "Resource":"*", "Sid":"CloudWatchMetricsPermissions" }, { "Action":[ "q:StartConversation", "q:SendMessage" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonQChatPermissions" }, { "Action":[ "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListInstances", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:TerminateJobFlows", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:GetOnClusterAppUIPresignedURL" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":[ "arn:aws:elasticmapreduce:*:*:cluster/*" ], "Sid":"EMRClusterWithDataZoneTags" }, { "Action":[ "elasticmapreduce:ListReleaseLabels", "elasticmapreduce:ListSupportedInstanceTypes", "elasticmapreduce:ListClusters", "elasticmapreduce:CreatePersistentAppUI", "elasticmapreduce:DescribePersistentAppUI", "pricing:GetProducts" ], "Effect":"Allow", "Resource":"*", "Sid":"EMRClusterInfoPermissions" }, { "Action":[ "elasticmapreduce:GetClusterSessionCredentials" ], "Condition":{ "ArnLike":{ "elasticmapreduce:ExecutionRoleArn":"arn:aws:iam::*:role/${aws:PrincipalTag/RoleName}" }, "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":[ "arn:aws:elasticmapreduce:*:*:cluster/*" ], "Sid":"EMRGetClusterSessionCredentials" }, { "Action":[ "elasticmapreduce:GetPersistentAppUIPresignedURL" ], "Condition":{ "ArnLike":{ "elasticmapreduce:ExecutionRoleArn":"arn:aws:iam::*:role/${aws:PrincipalTag/RoleName}" } }, "Effect":"Allow", "Resource":"*", "Sid":"EMRPersistentAppUI" }, { "Action":[ "kms:CreateGrant", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "Null":{ "kms:EncryptionContextKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "sqs.*.amazonaws.com", "sagemaker.*.amazonaws.com", "bedrock.*.amazonaws.com", "s3.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"KmsWithEncryptPermissions" }, { "Action":[ "kms:CreateGrant", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:Decrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "Null":{ "kms:EncryptionContextKeys":"false" }, "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "emr-serverless.*.amazonaws.com", "redshift.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"KmsPermissions" }, { "Action":[ "kms:ListGrants", "kms:RevokeGrant", "kms:DescribeKey" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":[ "sqs.*.amazonaws.com", "sagemaker.*.amazonaws.com", "emr-serverless.*.amazonaws.com", "s3.*.amazonaws.com", "redshift.*.amazonaws.com", "codecommit.*.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"KmsManagementPermissions" }, { "Action":[ "kms:CreateGrant", "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "Null":{ "kms:EncryptionContextKeys":"false" }, "StringLike":{ "kms:ViaService":[ "s3.*.amazonaws.com", "sqs.*.amazonaws.com", "sagemaker.*.amazonaws.com" ] }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:kms:*:*:key/*" ], "Sid":"AwsOwnedKmsKeyPermissions" }, { "Action":[ "kms:DescribeKey" ], "Condition":{ "StringLike":{ "kms:ViaService":[ "sqs.*.amazonaws.com", "sagemaker.*.amazonaws.com" ] }, "StringNotEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:kms:*:*:key/*" ], "Sid":"AwsOwnedKmsManagementPermissions" }, { "Action":[ "kms:ListAliases" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"ListKMSPermissions" }, { "Action":[ "ec2:DescribeInstanceTypes" ], "Effect":"Allow", "Resource":"*", "Sid":"EC2PermissionsForNotebookExecution" }, { "Action":[ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "Null":{ "bedrock:InferenceProfileArn":"false" }, "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*:*:provisioned-model/*" ], "Sid":"InvokeBedrockModelPermissions" }, { "Action":[ "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "ArnLike":{ "bedrock:InferenceProfileArn":"arn:aws:bedrock:*:*:application-inference-profile/*" }, "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*:*:provisioned-model/*" ], "Sid":"BedrockInvokeModelPermissions" }, { "Action":[ "bedrock:GetInferenceProfile", "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:application-inference-profile/*", "Sid":"InvokeBedrockModelAppInferenceProfilePermissions" }, { "Action":[ "bedrock:GetInferenceProfile", "bedrock:InvokeModel", "bedrock:InvokeModelWithResponseStream" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:application-inference-profile/*", "Sid":"BedrockInvokeModelAppInferenceProfilePermissions" }, { "Action":[ "bedrock:InvokeAgent", "bedrock:Retrieve", "bedrock:ListIngestionJobs", "bedrock:StartIngestionJob", "bedrock:GetIngestionJob", "bedrock:ApplyGuardrail", "bedrock:ListPrompts", "bedrock:GetPrompt", "bedrock:CreatePrompt", "bedrock:DeletePrompt", "bedrock:CreatePromptVersion", "bedrock:InvokeFlow", "bedrock:GetEvaluationJob", "bedrock:CreateEvaluationJob", "bedrock:StopEvaluationJob", "bedrock:BatchDeleteEvaluationJob", "bedrock:ListTagsForResource", "bedrock:CreateAgentAlias", "bedrock:ListAgentAliases", "bedrock:GetAgentVersion", "bedrock:ListAgentVersions", "bedrock:DeleteAgentVersion", "bedrock:DeleteAgentAlias", "bedrock:GetAgentAlias", "bedrock:UpdateAgentAlias" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AccessBedrockResourcePermissions" }, { "Action":[ "bedrock:ApplyGuardrail", "bedrock:BatchDeleteEvaluationJob", "bedrock:CreateAgentAlias", "bedrock:CreateEvaluationJob", "bedrock:CreatePrompt", "bedrock:CreatePromptVersion", "bedrock:DeleteAgentAlias", "bedrock:DeleteAgentVersion", "bedrock:DeletePrompt", "bedrock:GetAgentAlias", "bedrock:GetAgentVersion", "bedrock:GetEvaluationJob", "bedrock:GetIngestionJob", "bedrock:GetPrompt", "bedrock:InvokeAgent", "bedrock:InvokeFlow", "bedrock:ListAgentAliases", "bedrock:ListAgentVersions", "bedrock:ListIngestionJobs", "bedrock:ListPrompts", "bedrock:ListTagsForResource", "bedrock:Retrieve", "bedrock:StartIngestionJob", "bedrock:StopEvaluationJob", "bedrock:UpdateAgentAlias" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:*", "Sid":"BedrockResourceAccessPermissions" }, { "Action":"bedrock:CreateEvaluationJob", "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*::foundation-model/*", "arn:aws:bedrock:*:*:custom-model/*" ], "Sid":"CreateEvaluationJobForFoundationModelPermissions" }, { "Action":"bedrock:CreateEvaluationJob", "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:bedrock:*:*:custom-model/*", "arn:aws:bedrock:*::foundation-model/*" ], "Sid":"BedrockCreateEvaluationJobPermissions" }, { "Action":"bedrock:InvokeInlineAgent", "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"InvokeBedrockInlineAgentPermissions" }, { "Action":"bedrock:RetrieveAndGenerate", "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"BedrockRetrieveAndGeneratePermissions" }, { "Action":"bedrock:ListEvaluationJobs", "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"ListBedrockEvaluationJobPermissions" }, { "Action":[ "bedrock:InvokeInlineAgent", "bedrock:ListEvaluationJobs", "bedrock:RetrieveAndGenerate" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true" } }, "Effect":"Allow", "Resource":"*", "Sid":"BedrockNoResourcePermissions" }, { "Action":[ "iam:PassRole" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true", "iam:PassedToService":[ "bedrock.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonBedrockEvaluationRole-${aws:PrincipalTag/AmazonDataZoneProject}-*", "arn:aws:iam::*:role/AmazonBedrockServiceRole-${aws:PrincipalTag/AmazonDataZoneProject}-*" ], "Sid":"PassRoleToBedrockEvaluation" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true", "iam:PassedToService":"bedrock.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/AmazonBedrockEvaluationRole-${aws:PrincipalTag/AmazonDataZoneProject}-*", "arn:aws:iam::*:role/AmazonBedrockServiceRole-${aws:PrincipalTag/AmazonDataZoneProject}-*" ], "Sid":"IamPassRoleToBedrockPermissions" }, { "Action":"bedrock:TagResource", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZone*", "AmazonBedrockManaged", "ProjectUserTag*" ] }, "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true", "aws:RequestTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"*", "Sid":"TagBedrockResourcePermissions" }, { "Action":"bedrock:TagResource", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonBedrockManaged", "AmazonDataZone*", "ProjectUserTag*" ] }, "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" }, "StringEqualsIfExists":{ "aws:RequestTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:bedrock:*:*:*", "Sid":"BedrockTagResourcePermissions" }, { "Action":[ "kms:GenerateDataKey", "kms:Decrypt" ], "Condition":{ "Null":{ "kms:EncryptionContext:aws:bedrock:arn":"false" }, "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"bedrock.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"BedrockKmsPermissions" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ForAllValues:StringLike":{ "kms:EncryptionContextKeys":[ "aws:bedrock*:arn", "aws:bedrock:guardrail-id" ] }, "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"bedrock.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"KmsViaBedrockPermissions" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:PutSecretValue" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:amazon-bedrock-ide/*", "Sid":"AccessSecretPermissionsForAmazonBedrockIDE" }, { "Action":[ "secretsmanager:DescribeSecret", "secretsmanager:PutSecretValue" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:amazon-bedrock*", "Sid":"SecretsManagerPermissionsForBedrock" }, { "Action":[ "kms:GenerateDataKey", "kms:Decrypt" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:SecretARN":"arn:aws:secretsmanager:*:*:secret:amazon-bedrock-ide/*" }, "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"secretsmanager.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"AccessSecretKmsPermissionsForAmazonBedrockIDE" }, { "Action":[ "kms:Decrypt", "kms:GenerateDataKey" ], "Condition":{ "ArnLike":{ "kms:EncryptionContext:SecretARN":"arn:aws:secretsmanager:*:*:secret:amazon-bedrock*" }, "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true", "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "kms:ViaService":"secretsmanager.*.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:kms:*:*:key/${aws:PrincipalTag/KmsKeyId}", "Sid":"KmsViaSecretsManagerPermissionsForBedrock" }, { "Action":"lambda:InvokeFunction", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"bedrock.amazonaws.com", "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:amazon-bedrock-ide-*", "Sid":"InvokeFunctionPermissionsForAmazonBedrockIDE" }, { "Action":"lambda:InvokeFunction", "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"bedrock.amazonaws.com", "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:amazon-bedrock*", "Sid":"LambdaInvokeFunctionViaBedrockPermissions" }, { "Action":[ "cloudformation:GetTemplate", "cloudformation:DescribeStacks" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockIDEPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/DataZone-Env-*", "Sid":"GetDataZoneEnvironmentCloudFormationStackPermissions" }, { "Action":[ "cloudformation:DescribeStacks", "cloudformation:GetTemplate" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/EnableAmazonBedrockPermissions":"true", "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:cloudformation:*:*:stack/DataZone-Env-*", "Sid":"CloudFormationGetDataZoneEnvironmentStackPermissions" }, { "Action":[ "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}", "glue:LakeFormationPermissions":"Enabled" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*" ], "Sid":"GetGlueUserDefinedFuncLakeFormationPermissions" }, { "Action":[ "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:userDefinedFunction/*" ], "Sid":"GetGlueUserDefinedFuncPermissions" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/for-use-with-all-datazone-projects":"true" } }, "Effect":"Allow", "Resource":"arn:*:secretsmanager:*:*:secret:*", "Sid":"FederatedConnectionGetSecretPermissions" }, { "Action":[ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda/athenafederatedcatalog*", "Sid":"FederatedConnectionLambdaLogsPermissions" }, { "Action":[ "dynamodb:ListTables" ], "Effect":"Allow", "Resource":"*", "Sid":"FederatedConnectionDDBPermissions" }, { "Action":[ "ec2:CreateNetworkInterface", "ec2:DescribeSubnets", "ec2:DetachNetworkInterface" ], "Condition":{ "StringEquals":{ "ec2:Vpc":"${aws:PrincipalTag/vpcArn}" } }, "Effect":"Allow", "Resource":"*", "Sid":"FederatedConnectionEC2Permissions" }, { "Action":"ec2:DeleteNetworkInterface", "Condition":{ "StringEqualsIfExists":{ "ec2:Vpc":"${aws:PrincipalTag/vpcArn}" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:*/*", "Sid":"FederatedConnectionDeleteENIPermissions" }, { "Action":[ "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*", "Sid":"FederatedConnectionDescribeENIPermissions" }, { "Action":[ "ecr:BatchCheckLayerAvailability", "ecr:CompleteLayerUpload", "ecr:DeleteRepository", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:BatchDeleteImage", "ecr:ListTagsForResource", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:UploadLayerPart" ], "Condition":{ "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/*", "Sid":"PrivateECRPermissions" }, { "Action":"ecr:CreateRepository", "Condition":{ "StringEquals":{ "aws:RequestTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/*", "Sid":"CreateECRRepositoryPermission" }, { "Action":"ecr:TagResource", "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "AmazonDataZoneProject", "ProjectUserTag*" ] }, "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" }, "StringEqualsIfExists":{ "aws:RequestTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/*", "Sid":"ECRTagResourcePermission" }, { "Action":[ "ecr:UntagResource" ], "Condition":{ "ForAllValues:StringLike":{ "aws:TagKeys":[ "ProjectUserTag*" ] }, "StringEquals":{ "aws:ResourceTag/AmazonDataZoneProject":"${aws:PrincipalTag/AmazonDataZoneProject}" } }, "Effect":"Allow", "Resource":"arn:aws:ecr:*:*:repository/*", "Sid":"ECRUntagResourcePermission" }, { "Action":[ "lakeformation:BatchGrantPermissions", "lakeformation:BatchRevokePermissions", "lakeformation:ListPermissions", "ram:GetResourceShareInvitations", "lakeformation:CreateDataCellsFilter", "lakeformation:ListDataCellsFilter", "lakeformation:DeleteDataCellsFilter", "lakeformation:GetDataCellsFilter", "lakeformation:UpdateDataCellsFilter", "ram:ListResources" ], "Effect":"Allow", "Resource":"*", "Sid":"LakeformationResourceSharingPermissions" }, { "Action":[ "ram:CreateResourceShare" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "lakeformation.amazonaws.com" ] }, "StringEqualsIfExists":{ "ram:RequestedResourceType":[ "glue:Table", "glue:Database", "glue:Catalog" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountLakeFormationResourceSharingPermissions" }, { "Action":[ "glue:DeleteResourcePolicy", "glue:PutResourcePolicy" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "ram.amazonaws.com" ] } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:catalog/*", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:table/*" ], "Sid":"CrossAccountRAMResourceSharingPermissions" }, { "Action":[ "ram:AssociateResourceShare", "ram:DisassociateResourceShare", "ram:DeleteResourceShare", "ram:ListResourceSharePermissions", "ram:UpdateResourceShare" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "lakeformation.amazonaws.com" ] }, "StringLike":{ "ram:ResourceShareName":[ "LakeFormation*" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountRAMResourceSharingViaLakeFormationPermissions" }, { "Action":[ "ram:GetResourceShares" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "lakeformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"RAMGetResourceSharesViaLakeFormation" }, { "Action":[ "ram:AcceptResourceShareInvitation" ], "Condition":{ "StringLike":{ "ram:ResourceShareName":[ "LakeFormation*" ] } }, "Effect":"Allow", "Resource":"arn:aws:ram:*:*:resource-share-invitation/*", "Sid":"CrossAccountRAMResourceShareInvitationPermission" }, { "Action":"ram:AssociateResourceSharePermission", "Condition":{ "ArnLike":{ "ram:PermissionArn":"arn:aws:ram::aws:permission/AWSRAMLFEnabled*" }, "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "lakeformation.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"CrossAccountRAMResourceSharingViaLakeFormationHybrid" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-21T20:07:06+00:00" }, "SageMakerStudioQueryExecutionRolePolicy":{ "CreateDate":"2025-01-31T19:52:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "glue:GetConnection" ], "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:catalog" ], "Sid":"GlueGetConnectionOnCatalog" }, { "Action":[ "glue:GetConnection", "glue:GetConnections", "glue:GetTags" ], "Condition":{ "Null":{ "aws:ResourceTag/AmazonDataZoneProject":"false" } }, "Effect":"Allow", "Resource":"arn:aws:glue:*:*:connection/*", "Sid":"GlueGetConnectionsForProject" }, { "Action":[ "s3:GetObject" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/SageMakerStudioQueryExecutionRole":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::*/dzd_*/*/dev/sys/athena/*" ], "Sid":"S3GetObjectForAthenaSpillBucket" }, { "Action":[ "s3:ListBucket" ], "Condition":{ "StringEquals":{ "aws:PrincipalTag/SageMakerStudioQueryExecutionRole":"true" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::amazon-sagemaker-*" ], "Sid":"S3ListBucketOwnershipCheckForAthenaSpillBucket" }, { "Action":"lambda:InvokeFunction", "Condition":{ "StringEquals":{ "aws:PrincipalTag/SageMakerStudioQueryExecutionRole":"true", "aws:ResourceTag/federated_athena_datacatalog":"true" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:*", "Sid":"InvokeFunctionPermissionsForAthenaCatalogLambda" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-01-31T19:52:07+00:00" }, "SecretsManagerReadWrite":{ "CreateDate":"2018-04-04T18:05:29+00:00", "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "secretsmanager:*", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackResource", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", "docdb-elastic:GetCluster", "docdb-elastic:ListClusters", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys", "lambda:ListFunctions", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "redshift:DescribeClusters", "redshift-serverless:ListWorkgroups", "redshift-serverless:GetNamespace", "tag:GetResources" ], "Effect":"Allow", "Resource":"*", "Sid":"BasePermissions" }, { "Action":[ "lambda:AddPermission", "lambda:CreateFunction", "lambda:GetFunction", "lambda:InvokeFunction", "lambda:UpdateFunctionConfiguration" ], "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:SecretsManager*", "Sid":"LambdaPermissions" }, { "Action":[ "serverlessrepo:CreateCloudFormationChangeSet", "serverlessrepo:GetApplication" ], "Effect":"Allow", "Resource":"arn:aws:serverlessrepo:*:*:applications/SecretsManager*", "Sid":"SARPermissions" }, { "Action":[ "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::awsserverlessrepo-changesets*", "arn:aws:s3:::secrets-manager-rotation-apps-*/*" ], "Sid":"S3Permissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-02-22T18:12:06+00:00" }, "SecurityAudit":{ "CreateDate":"2015-02-06T18:41:01+00:00", "DefaultVersionId":"v50", "Document":{ "Statement":[ { "Action":[ "a4b:ListSkills", "access-analyzer:GetAnalyzedResource", "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:GetFinding", "access-analyzer:ListAnalyzedResources", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListFindings", "access-analyzer:ListTagsForResource", "account:GetAlternateContact", "account:GetPrimaryEmail", "account:GetRegionOptStatus", "acm-pca:DescribeCertificateAuthority", "acm-pca:DescribeCertificateAuthorityAuditReport", "acm-pca:GetPolicy", "acm-pca:ListCertificateAuthorities", "acm-pca:ListPermissions", "acm-pca:ListTags", "acm:Describe*", "acm:List*", "airflow:GetEnvironment", "airflow:ListEnvironments", "appflow:ListFlows", "appflow:ListTagsForResource", "application-autoscaling:Describe*", "appmesh:Describe*", "appmesh:List*", "apprunner:DescribeAutoScalingConfiguration", "apprunner:DescribeCustomDomains", "apprunner:DescribeObservabilityConfiguration", "apprunner:DescribeService", "apprunner:DescribeVpcConnector", "apprunner:DescribeVpcIngressConnection", "apprunner:ListAutoScalingConfigurations", "apprunner:ListConnections", "apprunner:ListObservabilityConfigurations", "apprunner:ListOperations", "apprunner:ListServices", "apprunner:ListTagsForResource", "apprunner:ListVpcConnectors", "apprunner:ListVpcIngressConnections", "appsync:GetApiCache", "appsync:List*", "athena:GetWorkGroup", "athena:List*", "auditmanager:GetAccountStatus", "auditmanager:ListAssessmentControlInsightsByControlDomain", "auditmanager:ListAssessmentFrameworks", "auditmanager:ListAssessmentFrameworkShareRequests", "auditmanager:ListAssessmentReports", "auditmanager:ListAssessments", "auditmanager:ListControlDomainInsights", "auditmanager:ListControlDomainInsightsByAssessment", "auditmanager:ListControlInsightsByControlDomain", "auditmanager:ListControls", "auditmanager:ListNotifications", "auditmanager:ListTagsForResource", "autoscaling-plans:DescribeScalingPlans", "autoscaling:Describe*", "backup:DescribeGlobalSettings", "backup:DescribeRegionSettings", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:ListBackupVaults", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobDefinitions", "bedrock:GetCustomModel", "bedrock:GetModelInvocationLoggingConfiguration", "bedrock:ListCustomModels", "bedrock:ListTagsForResource", "braket:SearchJobs", "braket:SearchQuantumTasks", "chime:List*", "cleanrooms:BatchGetCollaborationAnalysisTemplate", "cleanrooms:BatchGetSchema", "cleanrooms:BatchGetSchemaAnalysisRule", "cleanrooms:GetAnalysisTemplate", "cleanrooms:GetCollaboration", "cleanrooms:GetCollaborationAnalysisTemplate", "cleanrooms:GetCollaborationConfiguredAudienceModelAssociation", "cleanrooms:GetCollaborationIdNamespaceAssociation", "cleanrooms:GetCollaborationPrivacyBudgetTemplate", "cleanrooms:GetConfiguredAudienceModelAssociation", "cleanrooms:GetConfiguredTable", "cleanrooms:GetConfiguredTableAnalysisRule", "cleanrooms:GetConfiguredTableAssociation", "cleanrooms:GetConfiguredTableAssociationAnalysisRule", "cleanrooms:GetIdMappingTable", "cleanrooms:GetIdNamespaceAssociation", "cleanrooms:GetMembership", "cleanrooms:GetPrivacyBudgetTemplate", "cleanrooms:GetProtectedQuery", "cleanrooms:GetSchema", "cleanrooms:GetSchemaAnalysisRule", "cleanrooms:ListAnalysisTemplates", "cleanrooms:ListCollaborationAnalysisTemplates", "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations", "cleanrooms:ListCollaborationIdNamespaceAssociations", "cleanrooms:ListCollaborationPrivacyBudgetTemplates", "cleanrooms:ListCollaborationPrivacyBudgets", "cleanrooms:ListCollaborations", "cleanrooms:ListConfiguredAudienceModelAssociations", "cleanrooms:ListConfiguredTableAssociations", "cleanrooms:ListConfiguredTables", "cleanrooms:ListIdMappingTables", "cleanrooms:ListIdNamespaceAssociations", "cleanrooms:ListMembers", "cleanrooms:ListMemberships", "cleanrooms:ListPrivacyBudgetTemplates", "cleanrooms:ListPrivacyBudgets", "cleanrooms:ListProtectedQueries", "cleanrooms:ListSchemas", "cleanrooms:ListTagsForResource", "cleanrooms:PreviewPrivacyImpact", "cloud9:Describe*", "cloud9:ListEnvironments", "clouddirectory:ListDirectories", "cloudformation:DescribeStack*", "cloudformation:GetStackPolicy", "cloudformation:GetTemplate", "cloudformation:ListStack*", "cloudfront:Get*", "cloudfront:List*", "cloudsearch:DescribeDomainEndpointOptions", "cloudsearch:DescribeDomains", "cloudsearch:DescribeServiceAccessPolicies", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetInsightSelectors", "cloudtrail:GetTrail", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", "cloudtrail:ListTrails", "cloudtrail:LookupEvents", "cloudwatch:Describe*", "cloudwatch:GetDashboard", "cloudwatch:ListDashboards", "cloudwatch:ListTagsForResource", "codeartifact:GetDomainPermissionsPolicy", "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:ListRepositories", "codebuild:BatchGetProjects", "codebuild:GetResourcePolicy", "codebuild:ListProjects", "codebuild:ListSourceCredentials", "codecommit:BatchGetRepositories", "codecommit:GetBranch", "codecommit:GetObjectIdentifier", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codecommit:List*", "codedeploy:Batch*", "codedeploy:Get*", "codedeploy:List*", "codepipeline:GetJobDetails", "codepipeline:GetPipeline", "codepipeline:GetPipelineExecution", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "codestar:Describe*", "codestar:List*", "cognito-identity:Describe*", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:ListIdentityPools", "cognito-identity:ListTagsForResource", "cognito-idp:Describe*", "cognito-idp:ListDevices", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", "cognito-idp:ListResourceServers", "cognito-idp:ListTagsForResource", "cognito-idp:ListUserImportJobs", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", "cognito-idp:ListUsers", "cognito-idp:ListUsersInGroup", "cognito-sync:Describe*", "cognito-sync:List*", "comprehend:Describe*", "comprehend:List*", "comprehendmedical:ListICD10CMInferenceJobs", "comprehendmedical:ListPHIDetectionJobs", "comprehendmedical:ListRxNormInferenceJobs", "comprehendmedical:ListSNOMEDCTInferenceJobs", "config:BatchGetAggregateResourceConfig", "config:BatchGetResourceConfig", "config:Deliver*", "config:Describe*", "config:Get*", "config:List*", "config:SelectAggregateResourceConfig", "config:SelectResourceConfig", "connect:ListApprovedOrigins", "connect:ListInstanceAttributes", "connect:ListInstances", "connect:ListInstanceStorageConfigs", "connect:ListIntegrationAssociations", "connect:ListLambdaFunctions", "connect:ListLexBots", "connect:ListSecurityKeys", "databrew:DescribeDataset", "databrew:DescribeProject", "databrew:ListJobs", "databrew:ListProjects", "dataexchange:ListDataSets", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:EvaluateExpression", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:QueryObjects", "datapipeline:ValidatePipelineDefinition", "datasync:Describe*", "datasync:List*", "dax:Describe*", "dax:ListTags", "deepracer:ListModels", "detective:GetGraphIngestState", "detective:ListGraphs", "detective:ListMembers", "devicefarm:ListProjects", "directconnect:Describe*", "discovery:DescribeAgents", "discovery:DescribeConfigurations", "discovery:DescribeContinuousExports", "discovery:DescribeExportConfigurations", "discovery:DescribeExportTasks", "discovery:DescribeImportTasks", "dms:Describe*", "dms:ListTagsForResource", "docdb-elastic:ListClusters", "ds:DescribeDirectories", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeExport", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive", "dynamodb:ListBackups", "dynamodb:ListExports", "dynamodb:ListGlobalTables", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:GetEbsEncryptionByDefault", "ec2:GetImageBlockPublicAccessState", "ec2:GetManagedPrefixListAssociations", "ec2:GetManagedPrefixListEntries", "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", "ec2:GetNetworkInsightsAccessScopeContent", "ec2:GetTransitGatewayAttachmentPropagations", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:GetTransitGatewayPrefixListReferences", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:SearchTransitGatewayRoutes", "ecr-public:DescribeImages", "ecr-public:DescribeImageTags", "ecr-public:DescribeRegistries", "ecr-public:DescribeRepositories", "ecr-public:GetRegistryCatalogData", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", "ecr:BatchGetRepositoryScanningConfiguration", "ecr:DescribeImages", "ecr:DescribeImageScanFindings", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRegistryPolicy", "ecr:GetRegistryScanningConfiguration", "ecr:GetRepositoryPolicy", "ecr:ListImages", "ecr:ListTagsForResource", "ecs:Describe*", "ecs:List*", "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeNodeGroup", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListNodeGroups", "eks:ListTagsForResource", "eks:ListUpdates", "elastic-inference:DescribeAccelerators", "elasticache:Describe*", "elasticache:ListTagsForResource", "elasticbeanstalk:Describe*", "elasticbeanstalk:ListTagsForResource", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeAccountPreferences", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeReplicationConfigurations", "elasticfilesystem:DescribeTags", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:GetAutoTerminationPolicy", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elastictranscoder:ListPipelines", "emr-serverless:GetApplication", "emr-serverless:ListApplications", "emr-serverless:ListJobRuns", "entityresolution:GetIdNamespace", "es:Describe*", "es:GetCompatibleVersions", "es:ListDomainNames", "es:ListElasticsearchInstanceTypeDetails", "es:ListElasticsearchVersions", "es:ListTags", "events:Describe*", "events:List*", "events:TestEventPattern", "finspace:ListEnvironments", "finspace:ListKxEnvironments", "firehose:Describe*", "firehose:List*", "fms:ListComplianceStatus", "fms:ListPolicies", "forecast:ListDatasets", "frauddetector:GetDetectors", "fsx:Describe*", "fsx:List*", "gamelift:ListBuilds", "gamelift:ListFleets", "geo:ListMaps", "glacier:DescribeVault", "glacier:GetDataRetrievalPolicy", "glacier:GetVaultAccessPolicy", "glacier:GetVaultLock", "glacier:ListVaults", "globalaccelerator:Describe*", "globalaccelerator:List*", "glue:GetCrawlers", "glue:GetDatabases", "glue:GetDataCatalogEncryptionSettings", "glue:GetDevEndpoints", "glue:GetJobs", "glue:GetResourcePolicy", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTags", "grafana:ListWorkspaces", "greengrass:List*", "guardduty:DescribePublishingDestination", "guardduty:Get*", "guardduty:List*", "health:DescribeAffectedAccountsForOrganization", "health:DescribeAffectedEntities", "health:DescribeAffectedEntitiesForOrganization", "health:DescribeEntityAggregates", "health:DescribeEventAggregates", "health:DescribeEventDetails", "health:DescribeEventDetailsForOrganization", "health:DescribeEvents", "health:DescribeEventsForOrganization", "health:DescribeEventTypes", "health:DescribeHealthServiceStatusForOrganization", "healthlake:ListFHIRDatastores", "honeycode:ListTables", "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy", "identitystore:ListGroupMemberships", "identitystore:ListGroupMembershipsForMember", "identitystore:ListGroups", "identitystore:ListUsers", "inspector:Describe*", "inspector:Get*", "inspector:List*", "inspector:Preview*", "inspector2:BatchGetAccountStatus", "inspector2:BatchGetFreeTrialInfo", "inspector2:DescribeOrganizationConfiguration", "inspector2:GetConfiguration", "inspector2:GetDelegatedAdminAccount", "inspector2:GetFindingsReportStatus", "inspector2:GetMember", "inspector2:ListAccountPermissions", "inspector2:ListCoverage", "inspector2:ListCoverageStatistics", "inspector2:ListDelegatedAdminAccounts", "inspector2:ListFilters", "inspector2:ListFindingAggregations", "inspector2:ListFindings", "inspector2:ListTagsForResource", "inspector2:ListUsageTotals", "iot:Describe*", "iot:GetPolicy", "iot:GetPolicyVersion", "iot:List*", "iotanalytics:ListChannels", "iotevents:ListInputs", "iotfleetwise:ListModelManifests", "iotsitewise:DescribeGatewayCapabilityConfiguration", "iotsitewise:ListAssetModels", "iotsitewise:ListGateways", "iottwinmaker:ListWorkspaces", "kafka-cluster:Describe*", "kafka:Describe*", "kafka:GetBootstrapBrokers", "kafka:GetCompatibleKafkaVersions", "kafka:List*", "kafkaconnect:Describe*", "kafkaconnect:List*", "kendra:DescribeIndex", "kendra:ListDataSources", "kendra:ListIndices", "kendra:ListTagsForResource", "kinesis:DescribeLimits", "kinesis:DescribeStream", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListShards", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:ListApplications", "kinesisanalytics:ListTagsForResource", "kinesisvideo:DescribeEdgeConfiguration", "kinesisvideo:DescribeMappedResourceConfiguration", "kinesisvideo:DescribeMediaStorageConfiguration", "kinesisvideo:DescribeNotificationConfiguration", "kinesisvideo:DescribeSignalingChannel", "kinesisvideo:DescribeStream", "kinesisvideo:ListSignalingChannels", "kinesisvideo:ListStreams", "kinesisvideo:ListTagsForResource", "kinesisvideo:ListTagsForStream", "kms:Describe*", "kms:Get*", "kms:List*", "lambda:GetAccountSettings", "lambda:GetFunctionConfiguration", "lambda:GetFunctionEventInvokeConfig", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:List*", "lex:DescribeBot", "lex:DescribeResourcePolicy", "lex:ListBots", "license-manager:List*", "lightsail:GetBuckets", "lightsail:GetContainerServices", "lightsail:GetDisks", "lightsail:GetDiskSnapshots", "lightsail:GetInstances", "lightsail:GetLoadBalancers", "logs:Describe*", "logs:GetLogDelivery", "logs:ListLogDeliveries", "logs:ListTagsForResource", "logs:ListTagsLogGroup", "lookoutequipment:ListDatasets", "lookoutmetrics:ListAnomalyDetectors", "lookoutvision:ListProjects", "m2:GetApplication", "m2:GetEnvironment", "m2:ListApplications", "m2:ListEnvironments", "m2:ListTagsForResource", "machinelearning:DescribeMLModels", "macie2:ListFindings", "managedblockchain:ListNetworks", "mechanicalturk:ListHITs", "mediaconnect:Describe*", "mediaconnect:List*", "medialive:ListChannels", "mediapackage-vod:DescribePackagingGroup", "mediapackage-vod:ListPackagingGroups", "mediapackage:DescribeOriginEndpoint", "mediapackage:ListOriginEndpoints", "mediastore:GetContainerPolicy", "mediastore:GetCorsPolicy", "mediastore:ListContainers", "memorydb:DescribeClusters", "mq:DescribeBroker", "mq:DescribeBrokerEngineTypes", "mq:DescribeBrokerInstanceOptions", "mq:DescribeConfiguration", "mq:DescribeConfigurationRevision", "mq:DescribeUser", "mq:ListBrokers", "mq:ListConfigurationRevisions", "mq:ListConfigurations", "mq:ListTags", "mq:ListUsers", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeLoggingConfiguration", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups", "networkmanager:DescribeGlobalNetworks", "nimble:ListStudios", "opsworks-cm:DescribeServers", "opsworks:DescribeStacks", "organizations:Describe*", "organizations:List*", "pcs:GetCluster", "pcs:GetComputeNodeGroup", "pcs:GetQueue", "pcs:ListClusters", "pcs:ListComputeNodeGroups", "pcs:ListQueues", "pcs:ListTagsForResource", "personalize:DescribeDatasetGroup", "personalize:ListDatasetGroups", "private-networks:ListNetworks", "profile:GetDomain", "profile:ListDomains", "profile:ListIntegrations", "qbusiness:ListApplications", "qbusiness:ListDataSources", "qbusiness:ListDataSourceSyncJobs", "qbusiness:ListDocuments", "qbusiness:ListGroups", "qbusiness:ListIndices", "qbusiness:ListPlugins", "qbusiness:ListRetrievers", "qbusiness:ListSubscriptions", "qbusiness:ListTagsForResource", "qbusiness:ListWebExperiences", "qldb:DescribeJournalS3Export", "qldb:DescribeLedger", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:ListLedgers", "quicksight:Describe*", "quicksight:List*", "ram:GetResourceShares", "ram:List*", "rds:Describe*", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource", "redshift-serverless:GetNamespace", "redshift-serverless:ListTagsForResource", "redshift-serverless:ListWorkgroups", "redshift:Describe*", "rekognition:Describe*", "rekognition:List*", "resource-groups:ListGroupResources", "robomaker:Describe*", "robomaker:List*", "route53:Get*", "route53:List*", "route53domains:GetDomainDetail", "route53domains:GetOperationDetail", "route53domains:ListDomains", "route53domains:ListOperations", "route53domains:ListTagsForDomain", "route53resolver:Get*", "route53resolver:List*", "s3-outposts:ListEndpoints", "s3-outposts:ListOutpostsWithS3", "s3-outposts:ListSharedEndpoints", "s3:DescribeJob", "s3:GetAccelerateConfiguration", "s3:GetAccessGrantsInstanceResourcePolicy", "s3:GetAccessPoint", "s3:GetAccessPointConfigurationForObjectLambda", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatus", "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:GetAccessPointForObjectLambda", "s3:GetAccountPublicAccessBlock", "s3:GetAnalyticsConfiguration", "s3:GetBucket*", "s3:GetEncryptionConfiguration", "s3:GetInventoryConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMetricsConfiguration", "s3:GetMultiRegionAccessPoint", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "s3:GetObjectAcl", "s3:GetObjectVersionAcl", "s3:GetReplicationConfiguration", "s3:GetStorageLensGroup", "s3:GetStorageLensConfiguration", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListMultiRegionAccessPoints", "s3:ListAccessPointsForObjectLambda", "s3:ListStorageLensGroups", "s3:ListJobs", "s3:ListCallerAccessGrants", "s3:ListAccessGrantsInstances", "s3:ListAccessGrants", "s3:ListStorageLensConfigurations", "s3express:ListAllMyDirectoryBuckets", "s3express:GetEncryptionConfiguration", "s3express:GetBucketPolicy", "s3-object-lambda:GetObjectAcl", "s3-object-lambda:GetObjectVersionAcl", "s3tables:ListTableBuckets", "s3tables:ListNamespaces", "s3tables:ListTables", "s3tables:GetNamespace", "s3tables:GetTableBucketPolicy", "s3tables:GetTableBucketMaintenanceConfiguration", "s3tables:GetTableMaintenanceConfiguration", "s3tables:GetTablePolicy", "sagemaker:Describe*", "sagemaker:List*", "schemas:DescribeCodeBinding", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", "schemas:GetResourcePolicy", "schemas:ListDiscoverers", "schemas:ListRegistries", "schemas:ListSchemas", "schemas:ListSchemaVersions", "schemas:ListTagsForResource", "sdb:DomainMetadata", "sdb:ListDomains", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:BatchGetAutomationRules", "securityhub:BatchGetConfigurationPolicyAssociations", "securityhub:BatchGetControlEvaluations", "securityhub:BatchGetSecurityControls", "securityhub:BatchGetStandardsControlAssociations", "securityhub:Describe*", "securityhub:Get*", "securityhub:List*", "serverlessrepo:GetApplicationPolicy", "serverlessrepo:List*", "servicequotas:GetAssociationForServiceQuotaTemplate", "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetRequestedServiceQuotaChange", "servicequotas:GetServiceQuota", "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", "servicequotas:ListServiceQuotas", "servicequotas:ListServices", "servicequotas:ListTagsForResource", "ses:Describe*", "ses:GetAccount", "ses:GetAccountSendingEnabled", "ses:GetConfigurationSet", "ses:GetConfigurationSetEventDestinations", "ses:GetDedicatedIps", "ses:GetEmailIdentity", "ses:GetIdentityDkimAttributes", "ses:GetIdentityPolicies", "ses:GetIdentityVerificationAttributes", "ses:ListConfigurationSets", "ses:ListDedicatedIpPools", "ses:ListIdentities", "ses:ListIdentityPolicies", "ses:ListReceiptFilters", "ses:ListReceiptRuleSets", "ses:ListVerifiedEmailAddresses", "shield:Describe*", "shield:GetSubscriptionState", "shield:List*", "snowball:ListClusters", "snowball:ListJobs", "sns:GetPlatformApplicationAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListDeadLetterSourceQueues", "sqs:ListQueues", "sqs:ListQueueTags", "ssm:Describe*", "ssm:GetAutomationExecution", "ssm:GetServiceSetting", "ssm:ListAssociations", "ssm:ListAssociationVersions", "ssm:ListCommands", "ssm:ListComplianceItems", "ssm:ListComplianceSummaries", "ssm:ListDocumentMetadataHistory", "ssm:ListDocuments", "ssm:ListDocumentVersions", "ssm:ListInventoryEntries", "ssm:ListOpsMetadata", "ssm:ListResourceComplianceSummaries", "ssm:ListResourceDataSync", "ssm:ListTagsForResource", "sso:DescribeAccountAssignmentCreationStatus", "sso:DescribePermissionSet", "sso:DescribePermissionsPolicies", "sso:List*", "states:DescribeStateMachine", "states:ListStateMachines", "storagegateway:DescribeBandwidthRateLimit", "storagegateway:DescribeCache", "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeGatewayInformation", "storagegateway:DescribeMaintenanceStartTime", "storagegateway:DescribeNFSFileShares", "storagegateway:DescribeSnapshotSchedule", "storagegateway:DescribeStorediSCSIVolumes", "storagegateway:DescribeTapeArchives", "storagegateway:DescribeTapeRecoveryPoints", "storagegateway:DescribeTapes", "storagegateway:DescribeUploadBuffer", "storagegateway:DescribeVTLDevices", "storagegateway:DescribeWorkingStorage", "storagegateway:List*", "sts:GetAccessKeyInfo", "support:DescribeTrustedAdvisorCheckRefreshStatuses", "support:DescribeTrustedAdvisorCheckResult", "support:DescribeTrustedAdvisorChecks", "support:DescribeTrustedAdvisorCheckSummaries", "synthetics:DescribeCanaries", "synthetics:DescribeCanariesLastRun", "synthetics:DescribeRuntimeVersions", "synthetics:GetCanary", "synthetics:GetCanaryRuns", "synthetics:GetGroup", "synthetics:ListAssociatedGroups", "synthetics:ListGroupResources", "synthetics:ListGroups", "synthetics:ListTagsForResource", "tag:GetResources", "tag:GetTagKeys", "transcribe:GetCallAnalyticsCategory", "transcribe:GetMedicalVocabulary", "transcribe:GetVocabulary", "transcribe:GetVocabularyFilter", "transcribe:ListCallAnalyticsCategories", "transcribe:ListCallAnalyticsJobs", "transcribe:ListLanguageModels", "transcribe:ListMedicalTranscriptionJobs", "transcribe:ListMedicalVocabularies", "transcribe:ListTagsForResource", "transcribe:ListTranscriptionJobs", "transcribe:ListVocabularies", "transcribe:ListVocabularyFilters", "transfer:Describe*", "transfer:List*", "translate:List*", "trustedadvisor:Describe*", "voiceid:DescribeDomain", "waf-regional:GetWebACL", "waf-regional:ListResourcesForWebACL", "waf-regional:ListTagsForResource", "waf-regional:ListWebACLs", "waf:GetWebACL", "waf:ListTagsForResource", "waf:ListWebACLs", "wafv2:GetLoggingConfiguration", "wafv2:GetWebACL", "wafv2:GetWebACLForResource", "wafv2:ListAvailableManagedRuleGroups", "wafv2:ListIPSets", "wafv2:ListLoggingConfigurations", "wafv2:ListRegexPatternSets", "wafv2:ListResourcesForWebACL", "wafv2:ListRuleGroups", "wafv2:ListTagsForResource", "wafv2:ListWebACLs", "wisdom:GetAssistant", "workdocs:DescribeResourcePermissions", "workspaces:Describe*", "xray:GetEncryptionConfig", "xray:GetGroup", "xray:GetGroups", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetTraceSummaries", "xray:ListTagsForResource" ], "Effect":"Allow", "Resource":"*", "Sid":"BaseSecurityAuditStatement" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*/authorizers/*", "arn:aws:apigateway:*::/apis/*/authorizers", "arn:aws:apigateway:*::/apis/*/cors", "arn:aws:apigateway:*::/apis/*/deployments/*", "arn:aws:apigateway:*::/apis/*/deployments", "arn:aws:apigateway:*::/apis/*/exports/*", "arn:aws:apigateway:*::/apis/*/integrations/*", "arn:aws:apigateway:*::/apis/*/integrations", "arn:aws:apigateway:*::/apis/*/models/*", "arn:aws:apigateway:*::/apis/*/models", "arn:aws:apigateway:*::/apis/*/routes/*", "arn:aws:apigateway:*::/apis/*/routes", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*", "arn:aws:apigateway:*::/clientcertificates", "arn:aws:apigateway:*::/clientcertificates/*", "arn:aws:apigateway:*::/domainnames", "arn:aws:apigateway:*::/domainnames/*/apimappings", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/authorizers/*", "arn:aws:apigateway:*::/restapis/*/authorizers", "arn:aws:apigateway:*::/restapis/*/deployments/*", "arn:aws:apigateway:*::/restapis/*/deployments", "arn:aws:apigateway:*::/restapis/*/documentation/parts/*", "arn:aws:apigateway:*::/restapis/*/documentation/parts", "arn:aws:apigateway:*::/restapis/*/documentation/versions/*", "arn:aws:apigateway:*::/restapis/*/documentation/versions", "arn:aws:apigateway:*::/restapis/*/gatewayresponses/*", "arn:aws:apigateway:*::/restapis/*/gatewayresponses", "arn:aws:apigateway:*::/restapis/*/models/*", "arn:aws:apigateway:*::/restapis/*/models", "arn:aws:apigateway:*::/restapis/*/requestvalidators", "arn:aws:apigateway:*::/restapis/*/requestvalidators/*", "arn:aws:apigateway:*::/restapis/*/resources/*", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/tags/*", "arn:aws:apigateway:*::/vpclinks" ], "Sid":"APIGatewayAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-03-26T14:07:06+00:00" }, "SecurityLakeResourceManagementServiceRolePolicy":{ "CreateDate":"2024-11-14T22:10:14+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "events:ListRules" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"ReadEventBridgeRules" }, { "Action":[ "events:PutRule" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/AmazonSecurityLake-*", "Sid":"ManageSecurityLakeEventRules" }, { "Action":[ "lambda:GetEventSourceMapping", "lambda:GetFunction", "lambda:PutFunctionConcurrency", "lambda:GetProvisionedConcurrencyConfig", "lambda:GetFunctionConcurrency", "lambda:GetRuntimeManagementConfig", "lambda:PutProvisionedConcurrencyConfig", "lambda:PublishVersion", "lambda:DeleteFunctionConcurrency", "lambda:DeleteEventSourceMapping", "lambda:GetAlias", "lambda:GetPolicy", "lambda:GetFunctionConfiguration", "lambda:UpdateFunctionConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*", "arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*" ], "Sid":"ManageSecurityLakeLambdaConfigurations" }, { "Action":[ "lambda:ListEventSourceMappings" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowListLambdaEventSourceMappings" }, { "Action":[ "lambda:UpdateEventSourceMapping" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" }, "StringLike":{ "lambda:FunctionArn":"arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowUpdateLambdaEventSourceMapping" }, { "Action":[ "lambda:UpdateFunctionConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*", "Sid":"AllowUpdateLambdaConfigs" }, { "Action":[ "glue:CreatePartition", "glue:BatchCreatePartition", "glue:GetTable", "glue:GetTables", "glue:UpdateTable", "glue:GetDatabase" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*", "arn:aws:glue:*:*:database/amazon_security_lake_glue_db*", "arn:aws:glue:*:*:catalog" ], "Sid":"ManageSecurityLakeGlueResources" }, { "Action":[ "s3:ListBucket", "s3:PutObject", "s3:GetObjectAttributes", "s3:GetBucketNotification", "s3:PutBucketNotification", "s3:GetLifecycleConfiguration", "s3:PutLifecycleConfiguration", "s3:GetEncryptionConfiguration", "s3:GetReplicationConfiguration" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-security-data-lake*" ], "Sid":"AllowDataLakeConfigurationManagement" }, { "Action":[ "s3:GetObject", "s3:DeleteObject", "s3:RestoreObject" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-security-data-lake*/metadata/*.avro", "arn:aws:s3:::aws-security-data-lake*/metadata/*.metadata.json" ], "Sid":"AllowMetaDataCompactionAndManagement" }, { "Action":[ "logs:DescribeLogStreams", "logs:StartQuery", "logs:GetLogEvents", "logs:GetQueryResults", "logs:GetLogRecord" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/lambda/AmazonSecurityLakeMetastoreManager-*-*" ], "Sid":"ReadSecurityLakeLambdaLogs" }, { "Action":[ "sqs:StartMessageMoveTask", "sqs:DeleteMessage", "sqs:GetQueueUrl", "sqs:ListDeadLetterSourceQueues", "sqs:ChangeMessageVisibility", "sqs:ListMessageMoveTasks", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:SetQueueAttributes" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":[ "arn:aws:sqs:*:*:SecurityLake_*", "arn:aws:sqs:*:*:AmazonSecurityLakeManager-*" ], "Sid":"ManageSecurityLakeSQSQueue" }, { "Action":[ "lakeformation:GetDataLakeSettings", "lakeformation:ListPermissions" ], "Condition":{ "StringEquals":{ "aws:ResourceAccount":"${aws:PrincipalAccount}" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowDataLakeManagement" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-11-14T22:10:14+00:00" }, "SecurityLakeServiceLinkedRole":{ "CreateDate":"2022-11-29T14:03:33+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "organizations:ListAccounts", "organizations:DescribeOrganization" ], "Effect":"Allow", "Resource":[ "*" ], "Sid":"OrganizationsPolicies" }, { "Action":[ "organizations:DescribeAccount" ], "Effect":"Allow", "Resource":[ "arn:aws:organizations::*:account/o-*/*" ], "Sid":"DescribeOrgAccounts" }, { "Action":[ "cloudtrail:CreateServiceLinkedChannel", "cloudtrail:DeleteServiceLinkedChannel", "cloudtrail:GetServiceLinkedChannel", "cloudtrail:UpdateServiceLinkedChannel" ], "Effect":"Allow", "Resource":"arn:aws:cloudtrail:*:*:channel/aws-service-channel/security-lake/*", "Sid":"AllowManagementOfServiceLinkedChannel" }, { "Action":[ "cloudtrail:ListServiceLinkedChannels" ], "Effect":"Allow", "Resource":"*", "Sid":"AllowListServiceLinkedChannel" }, { "Action":[ "ec2:DescribeVpcs" ], "Effect":"Allow", "Resource":"*", "Sid":"DescribeAnyVpc" }, { "Action":[ "organizations:ListDelegatedAdministrators" ], "Condition":{ "StringEquals":{ "organizations:ServicePrincipal":"securitylake.amazonaws.com" } }, "Effect":"Allow", "Resource":"*", "Sid":"ListDelegatedAdmins" }, { "Action":[ "wafv2:PutLoggingConfiguration", "wafv2:GetLoggingConfiguration", "wafv2:ListLoggingConfigurations", "wafv2:DeleteLoggingConfiguration" ], "Condition":{ "StringEquals":{ "wafv2:LogScope":"SecurityLake" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowWafLoggingConfiguration" }, { "Action":[ "wafv2:PutLoggingConfiguration" ], "Condition":{ "ArnLike":{ "wafv2:LogDestinationResource":"arn:aws:s3:::aws-waf-logs-security-lake-*" } }, "Effect":"Allow", "Resource":"*", "Sid":"AllowPutLoggingConfiguration" }, { "Action":[ "wafv2:ListWebACLs" ], "Effect":"Allow", "Resource":"*", "Sid":"ListWebACLs" }, { "Action":[ "logs:CreateLogDelivery", "logs:DeleteLogDelivery" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "wafv2.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*", "Sid":"LogDelivery" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-19T16:00:05+00:00" }, "ServerMigrationConnector":{ "CreateDate":"2016-10-24T21:45:56+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"iam:GetUser", "Effect":"Allow", "Resource":"*" }, { "Action":[ "sms:SendMessage", "sms:GetMessages" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl", "s3:PutLifecycleConfiguration", "s3:AbortMultipartUpload", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::sms-b-*", "arn:aws:s3:::import-to-ec2-*", "arn:aws:s3:::server-migration-service-upgrade", "arn:aws:s3:::server-migration-service-upgrade/*", "arn:aws:s3:::connector-platform-upgrade-info/*", "arn:aws:s3:::connector-platform-upgrade-info", "arn:aws:s3:::connector-platform-upgrade-bundles/*", "arn:aws:s3:::connector-platform-upgrade-bundles", "arn:aws:s3:::connector-platform-release-notes/*", "arn:aws:s3:::connector-platform-release-notes" ] }, { "Action":"awsconnector:*", "Effect":"Allow", "Resource":"*" }, { "Action":[ "SNS:Publish" ], "Effect":"Allow", "Resource":"arn:aws:sns:*:*:metrics-sns-topic-for-*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2016-10-24T21:45:56+00:00" }, "ServerMigrationServiceConsoleFullAccess":{ "CreateDate":"2020-05-09T17:18:57+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "sms:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudformation:ListStacks", "cloudformation:DescribeStacks", "cloudformation:DescribeStackResources" ], "Effect":"Allow", "Resource":"*" }, { "Action":"s3:ListAllMyBuckets", "Effect":"Allow", "Resource":"*" }, { "Action":"s3:GetObject", "Effect":"Allow", "Resource":"arn:aws:s3:::sms-app-*/*" }, { "Action":[ "ec2:DescribeKeyPairs", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"sms.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:GetInstanceProfile", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-07-20T22:00:37+00:00" }, "ServerMigrationServiceLaunchRole":{ "CreateDate":"2018-11-26T19:53:06+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "ec2:ModifyInstanceAttribute", "ec2:StopInstances", "ec2:StartInstances", "ec2:TerminateInstances" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" } }, "Effect":"Allow", "Resource":"*" }, { "Action":"ec2:CreateTags", "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":[ "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "ec2:ReplaceIamInstanceProfileAssociation" ], "Condition":{ "StringLike":{ "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" } }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:instance/*" }, { "Action":"iam:PassRole", "Condition":{ "StringEquals":{ "iam:PassedToService":"ec2.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:RunInstances", "ec2:Describe*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "applicationinsights:Describe*", "applicationinsights:List*", "cloudformation:ListStackResources", "cloudformation:DescribeStacks" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "applicationinsights:CreateApplication", "applicationinsights:CreateComponent", "applicationinsights:UpdateApplication", "applicationinsights:DeleteApplication", "applicationinsights:UpdateComponentConfiguration", "applicationinsights:DeleteComponent" ], "Effect":"Allow", "Resource":"arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" }, { "Action":[ "resource-groups:CreateGroup", "resource-groups:GetGroup", "resource-groups:UpdateGroup", "resource-groups:DeleteGroup" ], "Condition":{ "StringLike":{ "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" } }, "Effect":"Allow", "Resource":"arn:aws:resource-groups:*:*:group/sms-app-*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"application-insights.amazonaws.com" } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" ] } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-15T17:29:00+00:00" }, "ServerMigrationServiceRoleForInstanceValidation":{ "CreateDate":"2020-07-20T22:25:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":"s3:GetObject", "Effect":"Allow", "Resource":"arn:aws:s3:::sms-app-*/*" }, { "Action":"sms:NotifyAppValidationOutput", "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-07-20T22:25:07+00:00" }, "ServiceQuotasFullAccess":{ "CreateDate":"2019-06-24T15:44:35+00:00", "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "autoscaling:DescribeAccountLimits", "cloudformation:DescribeAccountLimits", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "dynamodb:DescribeLimits", "elasticloadbalancing:DescribeAccountLimits", "iam:GetAccountSummary", "kinesis:DescribeLimits", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "rds:DescribeAccountAttributes", "route53:GetAccountLimit", "tag:GetTagKeys", "tag:GetTagValues", "servicequotas:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "cloudwatch:DeleteAlarms" ], "Condition":{ "Null":{ "aws:ResourceTag/ServiceQuotaMonitor":"false" } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "organizations:EnableAWSServiceAccess" ], "Condition":{ "StringLike":{ "organizations:ServicePrincipal":[ "servicequotas.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":[ "iam:CreateServiceLinkedRole" ], "Condition":{ "StringEquals":{ "iam:AWSServiceName":"servicequotas.amazonaws.com" } }, "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-04T21:29:43+00:00" }, "ServiceQuotasReadOnlyAccess":{ "CreateDate":"2019-06-24T15:31:06+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "autoscaling:DescribeAccountLimits", "cloudformation:DescribeAccountLimits", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "dynamodb:DescribeLimits", "elasticloadbalancing:DescribeAccountLimits", "iam:GetAccountSummary", "kinesis:DescribeLimits", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "rds:DescribeAccountAttributes", "route53:GetAccountLimit", "tag:GetTagKeys", "tag:GetTagValues", "servicequotas:GetAssociationForServiceQuotaTemplate", "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetRequestedServiceQuotaChange", "servicequotas:GetServiceQuota", "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", "servicequotas:ListServices", "servicequotas:ListServiceQuotas", "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", "servicequotas:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-21T18:11:57+00:00" }, "ServiceQuotasServiceRolePolicy":{ "CreateDate":"2019-05-22T20:44:17+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "support:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-24T14:52:56+00:00" }, "SimpleWorkflowFullAccess":{ "CreateDate":"2015-02-06T18:41:04+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "swf:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:04+00:00" }, "SplitCostAllocationDataServiceRolePolicy":{ "CreateDate":"2024-04-16T16:05:16+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListParents" ], "Effect":"Allow", "Resource":"*", "Sid":"AwsOrganizationsAccess" }, { "Action":[ "aps:ListWorkspaces", "aps:QueryMetrics" ], "Effect":"Allow", "Resource":"*", "Sid":"AmazonManagedServiceForPrometheusAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-04-16T16:05:16+00:00" }, "SupportUser":{ "CreateDate":"2016-11-10T17:21:53+00:00", "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ "support:*", "acm:DescribeCertificate", "acm:GetCertificate", "acm:List*", "acm-pca:DescribeCertificateAuthority", "acm-pca:ListCertificateAuthorities", "apigateway:GET", "autoscaling:Describe*", "aws-marketplace:ViewSubscriptions", "cloudformation:Describe*", "cloudformation:Get*", "cloudformation:List*", "cloudformation:EstimateTemplateCost", "cloudfront:Get*", "cloudfront:List*", "cloudsearch:Describe*", "cloudsearch:List*", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:LookupEvents", "cloudtrail:ListTags", "cloudtrail:ListPublicKeys", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "codecommit:BatchGetRepositories", "codecommit:Get*", "codecommit:List*", "codedeploy:Batch*", "codedeploy:Get*", "codedeploy:List*", "codepipeline:AcknowledgeJob", "codepipeline:AcknowledgeThirdPartyJob", "codepipeline:ListActionTypes", "codepipeline:ListPipelines", "codepipeline:PollForJobs", "codepipeline:PollForThirdPartyJobs", "codepipeline:GetPipelineState", "codepipeline:GetPipeline", "cognito-identity:List*", "cognito-identity:LookupDeveloperIdentity", "cognito-identity:Describe*", "cognito-idp:DescribeResourceServer", "cognito-idp:DescribeRiskConfiguration", "cognito-idp:DescribeUserImportJob", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolDomain", "cognito-idp:List*", "cognito-sync:Describe*", "cognito-sync:GetBulkPublishDetails", "cognito-sync:GetCognitoEvents", "cognito-sync:GetIdentityPoolConfiguration", "cognito-sync:List*", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeConfigRuleEvaluationStatus", "config:DescribeConfigRules", "config:DescribeDeliveryChannels", "config:DescribeDeliveryChannelStatus", "config:GetResourceConfigHistory", "config:ListDiscoveredResources", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:QueryObjects", "datapipeline:ReportTaskProgress", "datapipeline:ReportTaskRunnerHeartbeat", "devicefarm:List*", "devicefarm:Get*", "directconnect:Describe*", "discovery:Describe*", "discovery:ListConfigurations", "dms:Describe*", "dms:List*", "ds:DescribeDirectories", "ds:DescribeSnapshots", "ds:GetDirectoryLimits", "ds:GetSnapshotLimits", "ds:ListAuthorizedApplications", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", "ec2:Describe*", "ec2:DescribeHosts", "ec2:describeIdentityIdFormat", "ec2:DescribeIdFormat", "ec2:DescribeInstanceAttribute", "ec2:DescribeNatGateways", "ec2:DescribeReservedInstancesModifications", "ec2:DescribeTags", "ec2:SearchLocalGatewayRoutes", "ecr:GetRepositoryPolicy", "ecr:BatchCheckLayerAvailability", "ecr:DescribeRepositories", "ecr:ListImages", "ecs:Describe*", "ecs:List*", "elasticache:Describe*", "elasticache:List*", "elasticbeanstalk:Check*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:RequestEnvironmentInfo", "elasticbeanstalk:RetrieveEnvironmentInfo", "elasticbeanstalk:ValidateConfigurationSettings", "elasticfilesystem:Describe*", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:List*", "elastictranscoder:List*", "elastictranscoder:ReadJob", "elasticfilesystem:DescribeFileSystems", "es:Describe*", "es:List*", "es:ESHttpGet", "es:ESHttpHead", "events:DescribeRule", "events:List*", "events:TestEventPattern", "firehose:Describe*", "firehose:List*", "gamelift:List*", "gamelift:Describe*", "glacier:ListVaults", "glacier:DescribeVault", "glacier:DescribeJob", "glacier:Get*", "glacier:List*", "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "importexport:GetStatus", "importexport:ListJobs", "inspector:Describe*", "inspector:List*", "iot:Describe*", "iot:Get*", "iot:List*", "kinesisanalytics:DescribeApplication", "kinesisanalytics:DiscoverInputSchema", "kinesisanalytics:GetApplicationState", "kinesisanalytics:ListApplications", "kinesis:Describe*", "kinesis:Get*", "kinesis:List*", "kms:Describe*", "kms:Get*", "kms:List*", "lambda:List*", "lambda:Get*", "logs:Describe*", "logs:TestMetricFilter", "machinelearning:Describe*", "machinelearning:Get*", "opsworks:Describe*", "rds:Describe*", "rds:ListTagsForResource", "redshift:Describe*", "route53:Get*", "route53:List*", "route53domains:CheckDomainAvailability", "route53domains:GetDomainDetail", "route53domains:GetOperationDetail", "route53domains:List*", "s3:List*", "sdb:GetAttributes", "sdb:List*", "sdb:Select*", "servicecatalog:SearchProducts", "servicecatalog:DescribeProduct", "servicecatalog:DescribeProductView", "servicecatalog:ListLaunchPaths", "servicecatalog:DescribeProvisioningParameters", "servicecatalog:ListRecordHistory", "servicecatalog:DescribeRecord", "servicecatalog:ScanProvisionedProducts", "ses:Get*", "ses:List*", "sns:Get*", "sns:List*", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListQueues", "sqs:ReceiveMessage", "ssm:List*", "ssm:Describe*", "storagegateway:Describe*", "storagegateway:List*", "swf:Count*", "swf:Describe*", "swf:Get*", "swf:List*", "waf:Get*", "waf:List*", "workdocs:Describe*", "workmail:Describe*", "workmail:Get*", "workspaces:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-08-25T18:40:27+00:00" }, "SystemAdministrator":{ "CreateDate":"2016-11-10T17:23:56+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "acm:Describe*", "acm:Get*", "acm:List*", "acm:Request*", "acm:Resend*", "autoscaling:*", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:ListPublicKeys", "cloudtrail:ListTags", "cloudtrail:LookupEvents", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudwatch:*", "codecommit:BatchGetRepositories", "codecommit:CreateBranch", "codecommit:CreateRepository", "codecommit:Get*", "codecommit:GitPull", "codecommit:GitPush", "codecommit:List*", "codecommit:Put*", "codecommit:Test*", "codecommit:Update*", "codedeploy:*", "codepipeline:*", "config:*", "ds:*", "ec2:Allocate*", "ec2:AssignPrivateIpAddresses*", "ec2:Associate*", "ec2:Allocate*", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", "ec2:Bundle*", "ec2:Cancel*", "ec2:Copy*", "ec2:CreateCustomerGateway", "ec2:CreateDhcpOptions", "ec2:CreateFlowLogs", "ec2:CreateImage", "ec2:CreateInstanceExportTask", "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreatePlacementGroup", "ec2:CreateReservedInstancesListing", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateSpotDatafeedSubscription", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVolume", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteFlowLogs", "ec2:DeleteKeyPair", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteNatGateway", "ec2:DeleteNetworkInterface", "ec2:DeletePlacementGroup", "ec2:DeleteSnapshot", "ec2:DeleteSpotDatafeedSubscription", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DeregisterImage", "ec2:Describe*", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachVpnGateway", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:EnableVgwRoutePropagation", "ec2:EnableVolumeIO", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:GetConsoleOutput", "ec2:GetHostReservationPurchasePreview", "ec2:GetLaunchTemplateData", "ec2:GetPasswordData", "ec2:GetSecurityGroupsForVpc", "ec2:Import*", "ec2:Modify*", "ec2:MonitorInstances", "ec2:MoveAddressToVpc", "ec2:Purchase*", "ec2:RegisterImage", "ec2:Release*", "ec2:Replace*", "ec2:ReportInstanceStatus", "ec2:Request*", "ec2:Reset*", "ec2:RestoreAddressToClassic", "ec2:RunScheduledInstances", "ec2:UnassignPrivateIpAddresses", "ec2:UnmonitorInstances", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "elasticloadbalancing:*", "events:*", "iam:GetAccount*", "iam:GetContextKeys*", "iam:GetCredentialReport", "iam:ListAccountAliases", "iam:ListGroups", "iam:ListOpenIDConnectProviders", "iam:ListPolicies", "iam:ListPoliciesGrantingServiceAccess", "iam:ListRoles", "iam:ListSAMLProviders", "iam:ListServerCertificates", "iam:Simulate*", "iam:UpdateServerCertificate", "iam:UpdateSigningCertificate", "kinesis:ListStreams", "kinesis:PutRecord", "kms:CreateAlias", "kms:CreateKey", "kms:DeleteAlias", "kms:Describe*", "kms:GenerateRandom", "kms:Get*", "kms:List*", "kms:Encrypt", "kms:ReEncrypt*", "lambda:Create*", "lambda:Delete*", "lambda:Get*", "lambda:InvokeFunction", "lambda:List*", "lambda:PublishVersion", "lambda:Update*", "logs:*", "rds:Describe*", "rds:ListTagsForResource", "route53:*", "route53domains:*", "ses:*", "sns:*", "sqs:*", "trustedadvisor:*" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "ec2:AcceptVpcPeeringConnection", "ec2:AttachClassicLinkVpc", "ec2:AttachVolume", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateVpcPeeringConnection", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteNetworkAcl*", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DeleteVpcPeeringConnection", "ec2:DetachClassicLinkVpc", "ec2:DetachVolume", "ec2:DisableVpcClassicLink", "ec2:EnableVpcClassicLink", "ec2:GetConsoleScreenshot", "ec2:RebootInstances", "ec2:RejectVpcPeeringConnection", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":"s3:*", "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:GetAccessKeyLastUsed", "iam:GetGroup*", "iam:GetInstanceProfile", "iam:GetLoginProfile", "iam:GetOpenIDConnectProvider", "iam:GetPolicy*", "iam:GetRole*", "iam:GetSAMLProvider", "iam:GetSSHPublicKey", "iam:GetServerCertificate", "iam:GetServiceLastAccessed*", "iam:GetUser*", "iam:ListAccessKeys", "iam:ListAttached*", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroupsForUser", "iam:ListInstanceProfiles*", "iam:ListMFADevices", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListSSHPublicKeys", "iam:ListSigningCertificates", "iam:ListUserPolicies", "iam:Upload*" ], "Effect":"Allow", "Resource":[ "*" ] }, { "Action":[ "iam:GetRole", "iam:ListRoles", "iam:PassRole" ], "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/rds-monitoring-role", "arn:aws:iam::*:role/ec2-sysadmin-*", "arn:aws:iam::*:role/ecr-sysadmin-*", "arn:aws:iam::*:role/lambda-sysadmin-*" ] } ], "Version":"2012-10-17" }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2025-02-11T22:07:07+00:00" }, "TranslateFullAccess":{ "CreateDate":"2018-11-27T23:36:20+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "translate:*", "comprehend:DetectDominantLanguage", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "iam:ListRoles", "iam:GetRole" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-01-08T21:22:27+00:00" }, "TranslateReadOnly":{ "CreateDate":"2017-11-29T18:22:00+00:00", "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "translate:TranslateText", "translate:TranslateDocument", "translate:GetTerminology", "translate:ListTerminologies", "translate:ListTextTranslationJobs", "translate:DescribeTextTranslationJob", "translate:GetParallelData", "translate:ListParallelData", "comprehend:DetectDominantLanguage", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-05-24T17:19:30+00:00" }, "VMImportExportRoleForAWSConnector":{ "CreateDate":"2015-09-03T20:48:59+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "s3:ListBucket", "s3:GetBucketLocation", "s3:GetObject" ], "Effect":"Allow", "Resource":[ "arn:aws:s3:::import-to-ec2-*" ] }, { "Action":[ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-09-03T20:48:59+00:00" }, "VPCLatticeFullAccess":{ "CreateDate":"2023-03-30T02:49:02+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "vpc-lattice:*", "acm:DescribeCertificate", "acm:ListCertificates", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeLoadBalancers", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "logs:DescribeLogGroups", "s3:ListAllMyBuckets", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListVersionsByFunction", "rds:DescribeDBInstances", "rds:DescribeDBClusters" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", "logs:GetLogDelivery", "logs:ListLogDeliveries", "logs:UpdateLogDelivery", "logs:DescribeResourcePolicies" ], "Condition":{ "ForAnyValue:StringEquals":{ "aws:CalledVia":[ "vpc-lattice.amazonaws.com" ] } }, "Effect":"Allow", "Resource":"*" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"vpc-lattice.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/vpc-lattice.amazonaws.com/AWSServiceRoleForVpcLattice" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringLike":{ "iam:AWSServiceName":"delivery.logs.amazonaws.com" } }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery" }, { "Action":[ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/vpc-lattice.amazonaws.com/AWSServiceRoleForVpcLattice" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T14:21:06+00:00" }, "VPCLatticeReadOnlyAccess":{ "CreateDate":"2023-03-30T02:47:25+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "vpc-lattice:Get*", "vpc-lattice:List*", "acm:DescribeCertificate", "acm:ListCertificates", "cloudwatch:GetMetricData", "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeLoadBalancers", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListVersionsByFunction", "logs:DescribeLogGroups", "logs:GetLogDelivery", "logs:ListLogDeliveries", "s3:ListAllMyBuckets", "rds:DescribeDBInstances", "rds:DescribeDBClusters" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-01T14:21:06+00:00" }, "VPCLatticeServicesInvokeAccess":{ "CreateDate":"2023-03-30T02:45:07+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "vpc-lattice-svcs:Invoke" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-03-30T02:45:07+00:00" }, "ViewOnlyAccess":{ "CreateDate":"2016-11-10T17:20:15+00:00", "DefaultVersionId":"v23", "Document":{ "Statement":[ { "Action":[ "acm:ListCertificates", "aiops:GetInvestigation", "aiops:GetInvestigationGroup", "aiops:ListInvestigationEvents", "aiops:ListInvestigationGroups", "aiops:ListInvestigations", "athena:List*", "autoscaling:Describe*", "aws-marketplace:ViewSubscriptions", "backup:DescribeBackupJob", "backup:DescribeBackupVault", "backup:DescribeCopyJob", "backup:DescribeFramework", "backup:DescribeGlobalSettings", "backup:DescribeProtectedResource", "backup:DescribeRecoveryPoint", "backup:DescribeRegionSettings", "backup:DescribeReportJob", "backup:DescribeReportPlan", "backup:DescribeRestoreJob", "backup:GetSupportedResourceTypes", "backup:ListBackupJobs", "backup:ListBackupPlans", "backup:ListBackupPlanTemplates", "backup:ListBackupPlanVersions", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListCopyJobs", "backup:ListFrameworks", "backup:ListLegalHolds", "backup:ListProtectedResources", "backup:ListProtectedResourcesByBackupVault", "backup:ListRecoveryPointsByBackupVault", "backup:ListRecoveryPointsByLegalHold", "backup:ListRecoveryPointsByResource", "backup:ListReportJobs", "backup:ListReportPlans", "backup:ListRestoreJobs", "backup:ListTags", "batch:ListJobs", "bedrock:ListCustomModels", "bedrock:ListTagsForResource", "clouddirectory:ListAppliedSchemaArns", "clouddirectory:ListDevelopmentSchemaArns", "clouddirectory:ListDirectories", "clouddirectory:ListPublishedSchemaArns", "cloudformation:DescribeStacks", "cloudformation:List*", "cloudfront:List*", "cloudsearch:DescribeDomains", "cloudsearch:List*", "cloudtrail:DescribeTrails", "cloudtrail:ListTrails", "cloudtrail:LookupEvents", "cloudwatch:Get*", "cloudwatch:List*", "codebuild:ListBuilds*", "codebuild:ListProjects", "codecommit:List*", "codedeploy:BatchGetApplicationRevisions", "codedeploy:BatchGetApplications", "codedeploy:BatchGetDeploymentGroups", "codedeploy:BatchGetDeploymentInstances", "codedeploy:BatchGetDeployments", "codedeploy:BatchGetDeploymentTargets", "codedeploy:BatchGetOnPremisesInstances", "codedeploy:Get*", "codedeploy:List*", "codepipeline:ListPipelines", "codestar:List*", "cognito-identity:ListIdentities", "cognito-identity:ListIdentityPools", "cognito-idp:List*", "cognito-sync:ListDatasets", "comprehend:Describe*", "comprehend:List*", "config:Describe*", "config:List*", "connect:List*", "cost-optimization-hub:GetPreferences", "cost-optimization-hub:GetRecommendation", "cost-optimization-hub:ListEnrollmentStatuses", "cost-optimization-hub:ListRecommendations", "cost-optimization-hub:ListRecommendationSummaries", "databrew:ListJobs", "databrew:ListProjects", "datapipeline:DescribePipelines", "datapipeline:GetAccountLimits", "datapipeline:ListPipelines", "dax:DescribeClusters", "dax:DescribeDefaultParameters", "dax:DescribeEvents", "dax:DescribeParameterGroups", "dax:DescribeParameters", "dax:DescribeSubnetGroups", "dax:ListTags", "devicefarm:List*", "directconnect:Describe*", "discovery:List*", "dms:List*", "ds:DescribeDirectories", "dynamodb:DescribeBackup", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive", "dynamodb:ListBackups", "dynamodb:ListExports", "dynamodb:ListGlobalTables", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeBundleTasks", "ec2:DescribeCarrierGateways", "ec2:DescribeClassicLinkInstances", "ec2:DescribeConversionTasks", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeExportTasks", "ec2:DescribeFlowLogs", "ec2:DescribeHost*", "ec2:DescribeIdentityIdFormat", "ec2:DescribeIdFormat", "ec2:DescribeImage*", "ec2:DescribeImport*", "ec2:DescribeInstance*", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeLocalGatewayVirtualInterfaceGroups", "ec2:DescribeLocalGatewayVirtualInterfaces", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetwork*", "ec2:DescribePlacementGroups", "ec2:DescribePrefixLists", "ec2:DescribeRegions", "ec2:DescribeReserved*", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshot*", "ec2:DescribeSpot*", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolume*", "ec2:DescribeVpc*", "ec2:DescribeVpnGateways", "ec2:SearchLocalGatewayRoutes", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:ListImages", "ecs:Describe*", "ecs:List*", "eks:ListTagsForResource", "elastic-inference:DescribeAcceleratorOfferings", "elastic-inference:DescribeAccelerators", "elastic-inference:DescribeAcceleratorTypes", "elastic-inference:ListTagsForResource", "elasticache:Describe*", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeApplicationVersions", "elasticbeanstalk:DescribeEnvironments", "elasticbeanstalk:ListAvailableSolutionStacks", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:List*", "elastictranscoder:List*", "emr-serverless:ListApplications", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:ListDomainNames", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule", "firehose:DescribeDeliveryStream", "firehose:List*", "fsx:DescribeFileSystems", "gamelift:List*", "glacier:List*", "glue:GetTags", "greengrass:List*", "iam:GetAccountSummary", "iam:GetLoginProfile", "iam:List*", "importexport:ListJobs", "inspector:List*", "iot:List*", "kafka:ListClusters", "kendra:ListDataSources", "kendra:ListTagsForResource", "kinesis:ListStreams", "kinesisanalytics:ListApplications", "kinesisanalytics:ListTagsForResource", "kms:ListKeys", "kms:ListResourceTags", "lambda:List*", "lex:GetBotAliases", "lex:GetBotChannelAssociations", "lex:GetBots", "lex:GetBotVersions", "lex:GetIntents", "lex:GetIntentVersions", "lex:GetSlotTypes", "lex:GetSlotTypeVersions", "lex:GetUtterancesView", "lightsail:GetBlueprints", "lightsail:GetBundles", "lightsail:GetInstances", "lightsail:GetInstanceSnapshots", "lightsail:GetKeyPair", "lightsail:GetRegions", "lightsail:GetStaticIps", "lightsail:IsVpcPeered", "logs:Describe*", "logs:GetTransformer", "logs:ListEntitiesForLogGroup", "logs:ListLogGroupsForEntity", "logs:ListLogGroupsForQuery", "logs:ListTagsForResource", "lookoutvision:ListModelPackagingJobs", "lookoutvision:ListModels", "lookoutvision:ListProjects", "m2:GetApplication", "m2:GetEnvironment", "m2:ListApplications", "m2:ListEnvironments", "m2:ListTagsForResource", "machinelearning:Describe*", "mediaconnect:ListEntitlements", "mediaconnect:ListFlows", "mediaconnect:ListOfferings", "mediaconnect:ListReservations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetCampaigns", "mobiletargeting:GetImportJobs", "mobiletargeting:GetSegments", "oam:ListAttachedLinks", "oam:ListLinks", "oam:ListSinks", "opsworks-cm:Describe*", "opsworks:Describe*", "organizations:List*", "outposts:GetOutpost", "outposts:GetOutpostInstanceTypes", "outposts:ListOutposts", "outposts:ListSites", "outposts:ListTagsForResource", "polly:Describe*", "polly:List*", "profile:ListDomains", "profile:ListIntegrations", "rds:Describe*", "redshift-serverless:ListTagsForResource", "redshift-serverless:ListWorkgroups", "redshift:DescribeClusters", "redshift:DescribeEvents", "redshift:ViewQueriesInConsole", "resource-explorer-2:GetDefaultView", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListSupportedResourceTypes", "resource-explorer-2:ListTagsForResource", "resource-explorer-2:ListViews", "route53:Get*", "route53:List*", "route53domains:List*", "route53resolver:Get*", "route53resolver:List*", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListMultiRegionAccessPoints", "sagemaker:Describe*", "sagemaker:List*", "sdb:List*", "servicecatalog:List*", "ses:DescribeActiveReceiptRuleSet", "ses:List*", "ses:ListDedicatedIpPools", "shield:List*", "sns:List*", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListDeadLetterSourceQueues", "sqs:ListMessageMoveTasks", "sqs:ListQueues", "sqs:ListQueueTags", "ssm:ListAssociations", "ssm:ListDocuments", "states:ListActivities", "states:ListStateMachineAliases", "states:ListStateMachines", "states:ListStateMachineVersions", "storagegateway:ListGateways", "storagegateway:ListLocalDisks", "storagegateway:ListVolumeRecoveryPoints", "storagegateway:ListVolumes", "swf:List*", "trustedadvisor:Describe*", "waf-regional:List*", "waf:List*", "wafv2:List*", "workdocs:DescribeAvailableDirectories", "workdocs:DescribeInstances", "workmail:Describe*", "workspaces:Describe*" ], "Effect":"Allow", "Resource":"*", "Sid":"GeneralViewOnlyAccessStatement" }, { "Action":[ "apigateway:GET" ], "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*/authorizers/*", "arn:aws:apigateway:*::/apis/*/authorizers", "arn:aws:apigateway:*::/apis/*/cors", "arn:aws:apigateway:*::/apis/*/deployments/*", "arn:aws:apigateway:*::/apis/*/deployments", "arn:aws:apigateway:*::/apis/*/exports/*", "arn:aws:apigateway:*::/apis/*/integrations/*", "arn:aws:apigateway:*::/apis/*/integrations", "arn:aws:apigateway:*::/apis/*/models/*", "arn:aws:apigateway:*::/apis/*/models", "arn:aws:apigateway:*::/apis/*/routes/*", "arn:aws:apigateway:*::/apis/*/routes", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*", "arn:aws:apigateway:*::/clientcertificates", "arn:aws:apigateway:*::/clientcertificates/*", "arn:aws:apigateway:*::/domainnames", "arn:aws:apigateway:*::/domainnames/*/apimappings", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/authorizers/*", "arn:aws:apigateway:*::/restapis/*/authorizers", "arn:aws:apigateway:*::/restapis/*/deployments/*", "arn:aws:apigateway:*::/restapis/*/deployments", "arn:aws:apigateway:*::/restapis/*/documentation/parts/*", "arn:aws:apigateway:*::/restapis/*/documentation/parts", "arn:aws:apigateway:*::/restapis/*/documentation/versions/*", "arn:aws:apigateway:*::/restapis/*/documentation/versions", "arn:aws:apigateway:*::/restapis/*/gatewayresponses/*", "arn:aws:apigateway:*::/restapis/*/gatewayresponses", "arn:aws:apigateway:*::/restapis/*/models/*", "arn:aws:apigateway:*::/restapis/*/models", "arn:aws:apigateway:*::/restapis/*/requestvalidators", "arn:aws:apigateway:*::/restapis/*/requestvalidators/*", "arn:aws:apigateway:*::/restapis/*/resources/*", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/tags/*", "arn:aws:apigateway:*::/vpclinks" ], "Sid":"APIGatewayAccess" } ], "Version":"2012-10-17" }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-12-19T22:52:06+00:00" }, "WAFLoggingServiceRolePolicy":{ "CreateDate":"2018-08-24T21:05:47+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "firehose:PutRecord", "firehose:PutRecordBatch" ], "Effect":"Allow", "Resource":[ "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-08-24T21:05:47+00:00" }, "WAFRegionalLoggingServiceRolePolicy":{ "CreateDate":"2018-08-24T18:40:55+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "firehose:PutRecord", "firehose:PutRecordBatch" ], "Effect":"Allow", "Resource":[ "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-08-24T18:40:55+00:00" }, "WAFV2LoggingServiceRolePolicy":{ "CreateDate":"2019-11-07T00:40:56+00:00", "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "firehose:PutRecord", "firehose:PutRecordBatch" ], "Effect":"Allow", "Resource":[ "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" ], "Sid":"FirehoseAPIStatement" }, { "Action":"organizations:DescribeOrganization", "Effect":"Allow", "Resource":"*", "Sid":"DescribeOrganizationAPIStatement" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2024-06-03T17:29:04+00:00" }, "WellArchitectedConsoleFullAccess":{ "CreateDate":"2018-11-29T18:19:23+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "wellarchitected:*" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-29T18:19:23+00:00" }, "WellArchitectedConsoleReadOnlyAccess":{ "CreateDate":"2018-11-29T18:21:08+00:00", "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "wellarchitected:Get*", "wellarchitected:List*", "wellarchitected:ExportLens" ], "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2023-06-29T17:16:13+00:00" }, "WorkLinkServiceRolePolicy":{ "CreateDate":"2019-01-23T19:03:45+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:CreateNetworkInterfacePermission", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ "kinesis:PutRecord", "kinesis:PutRecords" ], "Effect":"Allow", "Resource":"arn:aws:kinesis:*:*:stream/AmazonWorkLink-*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-01-23T19:03:45+00:00" } }"""