From 35eb00914cabff0980d381f8498ba7204ce3f3de Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 18 Jan 2024 14:13:47 -0100 Subject: [PATCH] chore: update IAM Managed Policies (#7224) --- moto/iam/aws_managed_policies.py | 30420 ++++++++++++++++++++++++++--- 1 file changed, 27891 insertions(+), 2529 deletions(-) diff --git a/moto/iam/aws_managed_policies.py b/moto/iam/aws_managed_policies.py index bb7019b25..da45be249 100644 --- a/moto/iam/aws_managed_policies.py +++ b/moto/iam/aws_managed_policies.py @@ -103,9 +103,24 @@ aws_managed_policies_data = """ }, "AWSAccountActivityAccess":{ "CreateDate":"2015-02-06T18:41:18+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ + { + "Action":[ + "account:GetAccountInformation", + "account:GetAlternateContact", + "account:GetChallengeQuestions", + "account:GetContactInformation", + "account:GetRegionOptStatus", + "account:ListRegions", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "payments:ListPaymentPreferences" + ], + "Effect":"Allow", + "Resource":"*" + }, { "Action":[ "aws-portal:ViewBilling" @@ -118,7 +133,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2015-02-06T18:41:18+00:00" + "UpdateDate":"2023-03-07T17:02:30+00:00" }, "AWSAccountManagementFullAccess":{ "CreateDate":"2021-09-30T23:20:37+00:00", @@ -258,6 +273,142 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-02-24T23:08:23+00:00" }, + "AWSAppFabricFullAccess":{ + "CreateDate":"2023-06-27T19:51:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "appfabric:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"KMSListAccess" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3ReadAccess" + }, + { + "Action":[ + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"FirehoseReadAccess" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"appfabric.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/appfabric.amazonaws.com/AWSServiceRoleForAppFabric", + "Sid":"AllowUseOfServiceLinkedRole" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-27T19:51:17+00:00" + }, + "AWSAppFabricReadOnlyAccess":{ + "CreateDate":"2023-06-27T19:52:02+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "appfabric:GetAppAuthorization", + "appfabric:GetAppBundle", + "appfabric:GetIngestion", + "appfabric:GetIngestionDestination", + "appfabric:ListAppAuthorizations", + "appfabric:ListAppBundles", + "appfabric:ListIngestionDestinations", + "appfabric:ListIngestions", + "appfabric:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-27T19:52:02+00:00" + }, + "AWSAppFabricServiceRolePolicy":{ + "CreateDate":"2023-06-26T21:07:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/AppFabric" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchEmitMetric" + }, + { + "Action":[ + "s3:PutObject" + ], + "Condition":{ + "StringEquals":{ + "s3:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*/AWSAppFabric/*", + "Sid":"S3PutObject" + }, + { + "Action":[ + "firehose:PutRecordBatch" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "aws:ResourceTag/AWSAppFabricManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:firehose:*:*:deliverystream/*", + "Sid":"FirehosePutRecord" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-26T21:07:45+00:00" + }, "AWSAppMeshEnvoyAccess":{ "CreateDate":"2019-07-03T21:29:37+00:00", "DefaultVersionId":"v1", @@ -434,12 +585,13 @@ aws_managed_policies_data = """ }, "AWSAppMeshServiceRolePolicy":{ "CreateDate":"2019-06-03T18:30:51+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ - "servicediscovery:DiscoverInstances" + "servicediscovery:DiscoverInstances", + "servicediscovery:DiscoverInstancesRevision" ], "Effect":"Allow", "Resource":"*", @@ -458,7 +610,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-09-10T22:44:43+00:00" + "UpdateDate":"2023-10-10T16:46:37+00:00" }, "AWSAppRunnerFullAccess":{ "CreateDate":"2022-01-11T04:02:09+00:00", @@ -637,7 +789,7 @@ aws_managed_policies_data = """ }, "AWSAppSyncSchemaAuthor":{ "CreateDate":"2018-03-20T21:21:06+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -660,7 +812,18 @@ aws_managed_policies_data = """ "appsync:ListGraphqlApis", "appsync:StartSchemaCreation", "appsync:UpdateResolver", - "appsync:UpdateType" + "appsync:UpdateType", + "appsync:TagResource", + "appsync:UntagResource", + "appsync:ListTagsForResource", + "appsync:CreateFunction", + "appsync:UpdateFunction", + "appsync:GetFunction", + "appsync:DeleteFunction", + "appsync:ListFunctions", + "appsync:ListResolversByFunction", + "appsync:EvaluateMappingTemplate", + "appsync:EvaluateCode" ], "Effect":"Allow", "Resource":"*" @@ -670,7 +833,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-03-20T21:21:06+00:00" + "UpdateDate":"2023-02-01T18:36:20+00:00" }, "AWSAppSyncServiceRolePolicy":{ "CreateDate":"2020-01-21T19:56:53+00:00", @@ -1097,29 +1260,42 @@ aws_managed_policies_data = """ }, "AWSApplicationAutoscalingSageMakerEndpointPolicy":{ "CreateDate":"2018-02-06T19:58:21+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeInferenceComponent", "sagemaker:UpdateEndpointWeightsAndCapacities", - "cloudwatch:PutMetricAlarm", + "sagemaker:UpdateInferenceComponentRuntimeConfig", "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" + "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"SageMaker" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" + ], + "Sid":"SageMakerCloudWatchUpdate" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-02-06T19:58:21+00:00" + "UpdateDate":"2023-11-13T18:52:34+00:00" }, "AWSApplicationDiscoveryAgentAccess":{ "CreateDate":"2016-05-11T21:38:47+00:00", @@ -1147,6 +1323,53 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-02-24T22:26:45+00:00" }, + "AWSApplicationDiscoveryAgentlessCollectorAccess":{ + "CreateDate":"2022-08-16T21:00:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "arsenal:RegisterOnPremisesAgent" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecr-public:DescribeImages" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecr-public::446372222237:repository/6e5498e4-8c31-4f57-9991-13b4b992ff7b" + }, + { + "Action":[ + "ecr-public:GetAuthorizationToken" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sts:GetServiceBearerToken" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-08-16T21:00:59+00:00" + }, "AWSApplicationDiscoveryServiceFullAccess":{ "CreateDate":"2016-05-11T21:30:50+00:00", "DefaultVersionId":"v4", @@ -1208,12 +1431,13 @@ aws_managed_policies_data = """ }, "AWSApplicationMigrationAgentInstallationPolicy":{ "CreateDate":"2022-06-19T07:51:04+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mgn:GetAgentInstallationAssetsForMgn", + "mgn:SendClientMetricsForMgn", "mgn:SendClientLogsForMgn", "mgn:RegisterAgentForMgn", "mgn:VerifyClientRoleForMgn" @@ -1243,17 +1467,18 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-19T07:51:04+00:00" + "UpdateDate":"2022-09-20T11:21:24+00:00" }, "AWSApplicationMigrationAgentPolicy":{ "CreateDate":"2021-04-07T07:00:21+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "mgn:SendAgentMetricsForMgn", "mgn:SendAgentLogsForMgn", + "mgn:SendClientMetricsForMgn", "mgn:SendClientLogsForMgn" ], "Effect":"Allow", @@ -1285,7 +1510,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-04-07T07:00:21+00:00" + "UpdateDate":"2022-09-20T11:13:40+00:00" }, "AWSApplicationMigrationAgentPolicy_v2":{ "CreateDate":"2022-06-06T14:14:38+00:00", @@ -1340,7 +1565,7 @@ aws_managed_policies_data = """ }, "AWSApplicationMigrationEC2Access":{ "CreateDate":"2021-04-07T07:05:22+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -1370,6 +1595,22 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:snapshot/*" }, + { + "Action":[ + "ec2:DescribeSnapshots", + "ec2:DescribeImages", + "ec2:DescribeVolumes" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "mgn.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, { "Action":[ "ec2:CreateLaunchTemplateVersion", @@ -1384,6 +1625,40 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:launch-template/*" }, + { + "Action":[ + "ec2:CreateLaunchTemplate" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "mgn.amazonaws.com" + ] + }, + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*" + }, + { + "Action":[ + "ec2:DeleteLaunchTemplate" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "mgn.amazonaws.com" + ] + }, + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*" + }, { "Action":[ "ec2:DeleteVolume" @@ -1589,7 +1864,8 @@ aws_managed_policies_data = """ "CreateSecurityGroup", "CreateVolume", "CreateSnapshot", - "RunInstances" + "RunInstances", + "CreateLaunchTemplate" ] } }, @@ -1598,7 +1874,8 @@ aws_managed_policies_data = """ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", - "arn:aws:ec2:*:*:instance/*" + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:launch-template/*" ] }, { @@ -1624,11 +1901,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-02T08:49:20+00:00" + "UpdateDate":"2023-02-06T16:07:02+00:00" }, "AWSApplicationMigrationFullAccess":{ "CreateDate":"2021-04-07T06:56:05+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -1710,22 +1987,6 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*" }, - { - "Action":[ - "ssm:SendCommand" - ], - "Condition":{ - "Bool":{ - "aws:ViaAWSService":"true" - } - }, - "Effect":"Allow", - "Resource":[ - "arn:aws:ssm:*:*:document/AWSDisasterRecovery-InstallDRAgentOnInstance", - "arn:aws:ssm:*:*:document/AWSMigration-ConvertCentOsToRockyLinuxDistribution", - "arn:aws:ssm:*:*:document/AWSMigration-ReplaceSuseSubscriptionWithAwsSubscription" - ] - }, { "Action":[ "ssm:SendCommand" @@ -1765,7 +2026,8 @@ aws_managed_policies_data = """ }, { "Action":[ - "ssm:DescribeDocument" + "ssm:DescribeDocument", + "ssm:SendCommand" ], "Condition":{ "Bool":{ @@ -1775,8 +2037,7 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:ssm:*:*:document/AWSDisasterRecovery-InstallDRAgentOnInstance", - "arn:aws:ssm:*:*:document/AWSMigration-ConvertCentOsToRockyLinuxDistribution", - "arn:aws:ssm:*:*:document/AWSMigration-ReplaceSuseSubscriptionWithAwsSubscription" + "arn:aws:ssm:*:*:document/AWSMigration-*" ] }, { @@ -1808,13 +2069,64 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "ssm:GetAutomationExecution" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:automation-execution/*" + }, + { + "Action":[ + "ssm:GetDocument" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWSDisasterRecovery-InstallDRAgentOnInstance", + "arn:aws:ssm:*:*:document/AWSMigration-*" + ] + }, + { + "Action":[ + "ssm:GetParameters" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSApplicationMigrationService-*" + }, + { + "Action":[ + "ssm:StartAutomationExecution" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"mgn.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:automation-definition/AWSMigration-*:$DEFAULT" + }, + { + "Action":"ssm:ListCommands", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-08-11T16:08:08+00:00" + "UpdateDate":"2023-04-20T17:28:13+00:00" }, "AWSApplicationMigrationMGHAccess":{ "CreateDate":"2021-04-07T07:10:01+00:00", @@ -1843,7 +2155,7 @@ aws_managed_policies_data = """ }, "AWSApplicationMigrationReadOnlyAccess":{ "CreateDate":"2021-04-07T07:15:26+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -1854,7 +2166,16 @@ aws_managed_policies_data = """ "mgn:DescribeReplicationConfigurationTemplates", "mgn:GetLaunchConfiguration", "mgn:DescribeVcenterClients", - "mgn:GetReplicationConfiguration" + "mgn:GetReplicationConfiguration", + "mgn:DescribeLaunchConfigurationTemplates", + "mgn:ListSourceServerActions", + "mgn:ListTemplateActions", + "mgn:ListApplications", + "mgn:ListWaves", + "mgn:ListExports", + "mgn:ListImports", + "mgn:ListImportErrors", + "mgn:ListExportErrors" ], "Effect":"Allow", "Resource":"*" @@ -1881,7 +2202,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-01T08:32:53+00:00" + "UpdateDate":"2023-03-20T08:58:08+00:00" }, "AWSApplicationMigrationReplicationServerPolicy":{ "CreateDate":"2021-04-07T07:21:57+00:00", @@ -1957,9 +2278,141 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-07T07:21:57+00:00" }, + "AWSApplicationMigrationSSMAccess":{ + "CreateDate":"2022-11-27T09:29:05+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:GetCommandInvocation", + "ssm:DescribeInstanceInformation" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "mgn.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:SendCommand", + "ssm:DescribeDocument", + "ssm:StartAutomationExecution" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "mgn.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/*", + "arn:aws:ssm:*:*:automation-definition/*:*" + ] + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "mgn.amazonaws.com" + ] + }, + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ssm:ListDocuments" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:ListDocumentVersions", + "ssm:GetDocument" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:document/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-20T10:57:51+00:00" + }, + "AWSApplicationMigrationServiceEc2InstancePolicy":{ + "CreateDate":"2023-08-22T13:19:02+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "mgn:SendClientLogsForMgn", + "mgn:RegisterAgentForMgn", + "mgn:GetAgentInstallationAssetsForMgn" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"MgnAgentInstallation" + }, + { + "Action":[ + "mgn:SendAgentMetricsForMgn", + "mgn:SendAgentLogsForMgn", + "mgn:UpdateAgentSourcePropertiesForMgn", + "mgn:UpdateAgentReplicationInfoForMgn", + "mgn:UpdateAgentConversionInfoForMgn", + "mgn:GetAgentCommandForMgn", + "mgn:GetAgentConfirmedResumeInfoForMgn", + "mgn:GetAgentRuntimeConfigurationForMgn", + "mgn:UpdateAgentBacklogForMgn", + "mgn:GetAgentReplicationInfoForMgn" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgn:*:*:source-server/*", + "Sid":"MgnAgentReplication" + }, + { + "Action":"mgn:TagResource", + "Condition":{ + "StringEquals":{ + "mgn:CreateAction":"RegisterAgentForMgn" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:mgn:*:*:source-server/*", + "Sid":"MgnSourceServerTagResource" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2024-01-03T14:19:47+00:00" + }, "AWSApplicationMigrationServiceRolePolicy":{ "CreateDate":"2021-04-07T06:43:20+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -2006,6 +2459,23 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*" }, + { + "Action":[ + "organizations:DescribeAccount" + ], + "Effect":"Allow", + "Resource":"arn:aws:organizations::*:account/*" + }, + { + "Action":[ + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators", + "organizations:ListAccounts" + ], + "Effect":"Allow", + "Resource":"*" + }, { "Action":[ "ec2:RegisterImage", @@ -2249,7 +2719,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-04-07T06:43:20+00:00" + "UpdateDate":"2023-06-20T09:12:04+00:00" }, "AWSApplicationMigrationVCenterClientPolicy":{ "CreateDate":"2021-11-08T12:53:08+00:00", @@ -2304,6 +2774,52 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-04-10T23:04:33+00:00" }, + "AWSArtifactReportsReadOnlyAccess":{ + "CreateDate":"2024-01-02T22:42:58+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "artifact:Get", + "artifact:GetReport", + "artifact:GetReportMetadata", + "artifact:GetTermForReport", + "artifact:ListReports" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ArtifactReportActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2024-01-02T22:42:58+00:00" + }, + "AWSArtifactServiceRolePolicy":{ + "CreateDate":"2023-08-21T20:27:31+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:DescribeAccount", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-08-21T20:27:31+00:00" + }, "AWSAuditManagerAdministratorAccess":{ "CreateDate":"2020-12-11T20:02:42+00:00", "DefaultVersionId":"v2", @@ -2470,191 +2986,156 @@ aws_managed_policies_data = """ }, "AWSAuditManagerServiceRolePolicy":{ "CreateDate":"2020-12-08T15:12:12+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ - "license-manager:ListLicenseConfigurations", - "license-manager:ListAssociationsForLicenseConfiguration", - "license-manager:ListUsageForLicenseConfiguration" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"LicenseManagerAccess" - }, - { - "Action":[ - "iam:GenerateCredentialReport", - "iam:GetAccountSummary", - "iam:ListPolicies", - "iam:GetAccountPasswordPolicy", - "iam:ListUsers", - "iam:ListUserPolicies", - "iam:ListRoles", - "iam:ListRolePolicies", - "iam:ListGroups", - "iam:ListGroupPolicies", - "iam:ListEntitiesForPolicy" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"IAMAccess" - }, - { - "Action":[ - "ec2:DescribeInstances", - "ec2:DescribeFlowLogs", - "ec2:DescribeVpcs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeNetworkAcls", - "ec2:DescribeRouteTables", - "ec2:DescribeSnapshots", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVolumes" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"EC2Access" - }, - { - "Action":[ - "cloudtrail:DescribeTrails" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"CloudtrailAccess" - }, - { - "Action":[ + "acm:GetAccountConfiguration", + "acm:ListCertificates", + "backup:ListRecoveryPointsByResource", + "bedrock:GetCustomModel", + "bedrock:GetFoundationModel", + "bedrock:GetModelCustomizationJob", + "bedrock:GetModelInvocationLoggingConfiguration", + "bedrock:ListCustomModels", + "bedrock:ListFoundationModels", + "bedrock:ListModelCustomizationJobs", + "cloudtrail:DescribeTrails", + "cloudtrail:LookupEvents", + "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "cognito-idp:DescribeUserPool", + "config:DescribeConfigRules", "config:DescribeDeliveryChannels", "config:ListDiscoveredResources", - "config:DescribeConfigRules" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"ConfigAccess" - }, - { - "Action":[ - "securityhub:DescribeStandards" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"SecurityHubAccess" - }, - { - "Action":[ - "kms:ListKeys", + "directconnect:DescribeDirectConnectGateways", + "directconnect:DescribeVirtualGateways", + "dynamodb:DescribeTable", + "dynamodb:ListBackups", + "dynamodb:ListGlobalTables", + "dynamodb:ListTables", + "ec2:DescribeAddresses", + "ec2:DescribeCustomerGateways", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeFlowLogs", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "ec2:DescribeLocalGateways", + "ec2:DescribeLocalGatewayVirtualInterfaces", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeTransitGateways", + "ec2:DescribeVolumes", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:GetEbsDefaultKmsKeyId", + "ec2:GetEbsEncryptionByDefault", + "ecs:DescribeClusters", + "eks:DescribeAddonVersions", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeServiceUpdates", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeFileSystems", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeSslPolicies", + "elasticloadbalancing:DescribeTargetGroups", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListSecurityConfigurations", + "events:DescribeRule", + "events:ListConnections", + "events:ListEventBuses", + "events:ListEventSources", + "events:ListRules", + "firehose:ListDeliveryStreams", + "fsx:DescribeFileSystems", + "guardduty:ListDetectors", + "iam:GenerateCredentialReport", + "iam:GetAccountAuthorizationDetails", + "iam:GetAccountPasswordPolicy", + "iam:GetAccountSummary", + "iam:GetCredentialReport", + "iam:ListEntitiesForPolicy", + "iam:ListGroupPolicies", + "iam:ListGroups", + "iam:ListOpenIdConnectProviders", + "iam:ListPolicies", + "iam:ListRolePolicies", + "iam:ListRoles", + "iam:ListSamlProviders", + "iam:ListUserPolicies", + "iam:ListUsers", + "iam:ListVirtualMFADevices", + "kafka:ListClusters", + "kafka:ListKafkaVersions", + "kinesis:ListStreams", "kms:DescribeKey", - "kms:ListGrants", - "kms:GetKeyRotationStatus", "kms:GetKeyPolicy", - "kms:ListKeyPolicies" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"KMSAccess" - }, - { - "Action":[ - "cloudwatch:DescribeAlarms" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"CloudwatchAccess" - }, - { - "Action":[ - "s3:GetLifecycleConfiguration", + "kms:GetKeyRotationStatus", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeys", + "lambda:ListFunctions", + "license-manager:ListAssociationsForLicenseConfiguration", + "license-manager:ListLicenseConfigurations", + "license-manager:ListUsageForLicenseConfiguration", + "logs:DescribeDestinations", + "logs:DescribeExportTasks", + "logs:DescribeLogGroups", + "logs:DescribeMetricFilters", + "logs:DescribeResourcePolicies", + "logs:FilterLogEvents", + "organizations:DescribeOrganization", + "organizations:DescribePolicy", + "rds:DescribeCertificates", + "rds:DescribeDbClusterEndpoints", + "rds:DescribeDbClusterParameterGroups", + "rds:DescribeDbClusters", + "rds:DescribeDBInstances", + "rds:DescribeDbSecurityGroups", + "redshift:DescribeClusters", + "route53:GetQueryLoggingConfig", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketVersioning", "s3:GetEncryptionConfiguration", - "s3:ListAllMyBuckets" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"S3Access" - }, - { - "Action":[ - "events:DescribeRule" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"EventBridgeAccess" - }, - { - "Action":[ + "s3:GetLifecycleConfiguration", + "s3:ListAllMyBuckets", + "securityhub:DescribeStandards", + "sns:ListTopics", + "sqs:ListQueues", + "waf-regional:GetLoggingConfiguration", + "waf-regional:ListRuleGroups", + "waf-regional:ListSubscribedRuleGroups", + "waf-regional:ListWebACLs", "waf:ListActivatedRulesInRuleGroup" ], "Effect":"Allow", "Resource":"*", - "Sid":"WAFAccess" + "Sid":"AuditManagerAPICallAccess" }, { "Action":[ - "guardduty:ListDetectors" + "s3:GetBucketPolicy" ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":[ + "${aws:PrincipalAccount}" + ] + } + }, "Effect":"Allow", "Resource":"*", - "Sid":"GuardDutyAccess" - }, - { - "Action":[ - "route53:GetQueryLoggingConfig" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"Route53Access" - }, - { - "Action":[ - "dynamodb:DescribeTable", - "dynamodb:ListTables" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"DynamoDBAccess" - }, - { - "Action":[ - "redshift:DescribeClusters" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"RedshiftAccess" - }, - { - "Action":[ - "rds:DescribeDBInstances" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"RDSAccess" - }, - { - "Action":[ - "organizations:DescribePolicy", - "organizations:DescribeOrganization" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"OrganizationsAccess" - }, - { - "Action":[ - "cognito-idp:DescribeUserPool" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"CognitoAccess" - }, - { - "Action":[ - "elasticfilesystem:DescribeFileSystems" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"EFSAccess" + "Sid":"AuditManagerS3GetBucketPolicyAccess" }, { "Action":[ @@ -2696,7 +3177,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-07T22:26:07+00:00" + "UpdateDate":"2023-12-06T20:39:40+00:00" }, "AWSAutoScalingPlansEC2AutoScalingPolicy":{ "CreateDate":"2018-08-23T22:46:59+00:00", @@ -2723,7 +3204,7 @@ aws_managed_policies_data = """ }, "AWSBackupAuditAccess":{ "CreateDate":"2021-08-24T01:02:23+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -2750,14 +3231,14 @@ aws_managed_policies_data = """ { "Action":[ "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus" + "config:DescribeConfigurationRecorderStatus", + "config:DescribeComplianceByConfigRule" ], "Effect":"Allow", "Resource":"*" }, { "Action":[ - "config:DescribeComplianceByConfigRule", "config:GetComplianceDetailsByConfigRule" ], "Effect":"Allow", @@ -2776,22 +3257,49 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-08-24T01:02:23+00:00" + "UpdateDate":"2023-04-10T21:23:31+00:00" + }, + "AWSBackupDataTransferAccess":{ + "CreateDate":"2022-11-10T22:48:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "backup-storage:StartObject", + "backup-storage:PutChunk", + "backup-storage:GetChunk", + "backup-storage:ListChunks", + "backup-storage:ListObjects", + "backup-storage:GetObjectMetadata", + "backup-storage:NotifyObjectComplete" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-10T22:48:05+00:00" }, "AWSBackupFullAccess":{ "CreateDate":"2019-11-18T22:21:52+00:00", - "DefaultVersionId":"v11", + "DefaultVersionId":"v17", "Document":{ "Statement":[ { "Action":"backup:*", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AwsBackupAllAccessPermissions" }, { "Action":"backup-storage:*", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AwsBackupStorageAllAccessPermissions" }, { "Action":[ @@ -2806,10 +3314,12 @@ aws_managed_policies_data = """ "rds:describeDBClusters", "rds:describeDBParameterGroups", "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBInstanceAutomatedBackups" + "rds:DescribeDBInstanceAutomatedBackups", + "rds:DescribeDBClusterAutomatedBackups" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"RdsPermissions" }, { "Action":[ @@ -2824,7 +3334,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"RdsDeletePermissions" }, { "Action":[ @@ -2832,7 +3343,8 @@ aws_managed_policies_data = """ "dynamodb:ListTables" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DynamoDbPermissions" }, { "Action":[ @@ -2846,14 +3358,16 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DynamoDbDeleteBackupPermissions" }, { "Action":[ "elasticfilesystem:DescribeFilesystems" ], "Effect":"Allow", - "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", + "Sid":"EfsFileSystemPermissions" }, { "Action":[ @@ -2868,10 +3382,12 @@ aws_managed_policies_data = """ "ec2:DescribePlacementGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", - "ec2:DescribeVpcEndpoints" + "ec2:DescribeVpcEndpoints", + "ec2:DescribeAddresses" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"Ec2Permissions" }, { "Action":[ @@ -2886,7 +3402,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"Ec2DeletePermissions" }, { "Action":[ @@ -2895,7 +3412,8 @@ aws_managed_policies_data = """ "tag:GetResources" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ResourceGroupTaggingPermissions" }, { "Action":[ @@ -2903,14 +3421,16 @@ aws_managed_policies_data = """ "storagegateway:DescribeStorediSCSIVolumes" ], "Effect":"Allow", - "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*" + "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*", + "Sid":"StorageGatewayVolumePermissions" }, { "Action":[ "storagegateway:ListGateways" ], "Effect":"Allow", - "Resource":"arn:aws:storagegateway:*:*:*" + "Resource":"arn:aws:storagegateway:*:*:*", + "Sid":"StorageGatewayPermissions" }, { "Action":[ @@ -2919,7 +3439,8 @@ aws_managed_policies_data = """ "storagegateway:ListLocalDisks" ], "Effect":"Allow", - "Resource":"arn:aws:storagegateway:*:*:gateway/*" + "Resource":"arn:aws:storagegateway:*:*:gateway/*", + "Sid":"StorageGatewayGatewayPermissions" }, { "Action":[ @@ -2927,25 +3448,31 @@ aws_managed_policies_data = """ "iam:GetRole" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"IamRolePermissions" }, { "Action":"iam:PassRole", "Condition":{ - "StringLike":{ - "iam:PassedToService":"backup.amazonaws.com" + "StringEquals":{ + "iam:PassedToService":[ + "backup.amazonaws.com", + "restore-testing.backup.amazonaws.com" + ] } }, "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/*AwsBackup*", "arn:aws:iam::*:role/*AWSBackup*" - ] + ], + "Sid":"IamPassRolePermissions" }, { "Action":"organizations:DescribeOrganization", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AwsOrganizationsPermissions" }, { "Action":[ @@ -2955,7 +3482,8 @@ aws_managed_policies_data = """ "kms:ListAliases" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KmsPermissions" }, { "Action":[ @@ -2973,7 +3501,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KmsCreateGrantPermissions" }, { "Action":[ @@ -2981,7 +3510,8 @@ aws_managed_policies_data = """ "ssm:GetCommandInvocation" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"SystemManagerCommandPermissions" }, { "Action":"ssm:SendCommand", @@ -2989,27 +3519,19 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" - ] + ], + "Sid":"SystemManagerSendCommandPermissions" }, { - "Action":"fsx:DescribeFileSystems", + "Action":[ + "fsx:DescribeFileSystems", + "fsx:DescribeBackups", + "fsx:DescribeVolumes", + "fsx:DescribeStorageVirtualMachines" + ], "Effect":"Allow", - "Resource":"*" - }, - { - "Action":"fsx:DescribeBackups", - "Effect":"Allow", - "Resource":"*" - }, - { - "Action":"fsx:DescribeVolumes", - "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:volume/*/*" - }, - { - "Action":"fsx:DescribeStorageVirtualMachines", - "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:storage-virtual-machine/*/*" + "Resource":"*", + "Sid":"FsxPermissions" }, { "Action":"fsx:DeleteBackup", @@ -3021,22 +3543,28 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:backup/*" + "Resource":"arn:aws:fsx:*:*:backup/*", + "Sid":"FsxDeletePermissions" }, { "Action":"ds:DescribeDirectories", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DirectoryServicePermissions" }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ "StringEquals":{ - "iam:AWSServiceName":"backup.amazonaws.com" + "iam:AWSServiceName":[ + "backup.amazonaws.com", + "restore-testing.backup.amazonaws.com" + ] } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"IamCreateServiceLinkedRolePermissions" }, { "Action":[ @@ -3058,23 +3586,166 @@ aws_managed_policies_data = """ "backup-gateway:UpdateHypervisor" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"BackupGatewayPermissions" }, { - "Action":"backup-gateway:GetGateway", + "Action":[ + "backup-gateway:GetHypervisor", + "backup-gateway:GetHypervisorPropertyMappings", + "backup-gateway:PutHypervisorPropertyMappings", + "backup-gateway:StartVirtualMachinesMetadataSync" + ], "Effect":"Allow", - "Resource":"arn:aws:backup-gateway:*:*:gateway/*" + "Resource":"arn:aws:backup-gateway:*:*:hypervisor/*", + "Sid":"BackupGatewayHypervisorPermissions" + }, + { + "Action":[ + "backup-gateway:GetVirtualMachine" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:vm/*", + "Sid":"BackupGatewayVirtualMachinePermissions" + }, + { + "Action":[ + "backup-gateway:GetBandwidthRateLimitSchedule", + "backup-gateway:GetGateway", + "backup-gateway:PutBandwidthRateLimitSchedule" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:gateway/*", + "Sid":"BackupGatewayGatewayPermissions" + }, + { + "Action":"cloudwatch:GetMetricData", + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchPermissions" + }, + { + "Action":[ + "timestream:ListTables", + "timestream:ListDatabases" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:timestream:*:*:database/*" + ], + "Sid":"TimestreamDatabasePermissions" + }, + { + "Action":[ + "timestream:DescribeEndpoints" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"TimestreamPermissions" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*", + "Sid":"S3BucketPermissions" + }, + { + "Action":[ + "redshift:DescribeClusters", + "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeClusterSnapshots", + "redshift:DescribeSnapshotSchedules" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:cluster:*", + "arn:aws:redshift:*:*:subnetgroup:*", + "arn:aws:redshift:*:*:snapshot:*/*", + "arn:aws:redshift:*:*:snapshotschedule:*" + ], + "Sid":"RedshiftResourcesPermissions" + }, + { + "Action":[ + "redshift:DescribeNodeConfigurationOptions", + "redshift:DescribeOrderableClusterOptions", + "redshift:DescribeClusterParameterGroups", + "redshift:DescribeClusterTracks" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RedshiftPermissions" + }, + { + "Action":[ + "cloudformation:ListStacks" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/*" + ], + "Sid":"CloudFormationStackPermissions" + }, + { + "Action":[ + "ssm-sap:GetOperation", + "ssm-sap:ListDatabases", + "ssm-sap:GetDatabase", + "ssm-sap:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SystemsManagerForSapPermissions" + }, + { + "Action":[ + "ram:GetResourceShareAssociations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceAccessManagerPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-01T17:36:04+00:00" + "UpdateDate":"2023-11-27T17:33:10+00:00" + }, + "AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync":{ + "CreateDate":"2022-12-15T19:43:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "backup-gateway:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:vm/*", + "Sid":"ListVmTags" + }, + { + "Action":[ + "backup-gateway:TagResource", + "backup-gateway:UntagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:vm/*", + "Sid":"VMTagPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-12-15T19:43:11+00:00" }, "AWSBackupOperatorAccess":{ "CreateDate":"2019-11-18T22:23:17+00:00", - "DefaultVersionId":"v10", + "DefaultVersionId":"v15", "Document":{ "Statement":[ { @@ -3104,7 +3775,8 @@ aws_managed_policies_data = """ "rds:DescribeDBClusters", "rds:DescribeDBParameterGroups", "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBInstanceAutomatedBackups" + "rds:DescribeDBInstanceAutomatedBackups", + "rds:DescribeDBClusterAutomatedBackups" ], "Effect":"Allow", "Resource":"*" @@ -3137,7 +3809,8 @@ aws_managed_policies_data = """ "ec2:DescribePlacementGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", - "ec2:DescribeVpcEndpoints" + "ec2:DescribeVpcEndpoints", + "ec2:DescribeAddresses" ], "Effect":"Allow", "Resource":"*" @@ -3253,26 +3926,131 @@ aws_managed_policies_data = """ "Resource":"*" }, { - "Action":"backup-gateway:GetGateway", + "Action":[ + "backup-gateway:GetHypervisor", + "backup-gateway:GetHypervisorPropertyMappings" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:hypervisor/*" + }, + { + "Action":[ + "backup-gateway:GetVirtualMachine" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:vm/*" + }, + { + "Action":[ + "backup-gateway:GetBandwidthRateLimitSchedule", + "backup-gateway:GetGateway" + ], "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:gateway/*" + }, + { + "Action":"cloudwatch:GetMetricData", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "timestream:ListDatabases", + "timestream:ListTables" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:timestream:*:*:database/*" + ] + }, + { + "Action":[ + "timestream:DescribeEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "redshift:DescribeClusters", + "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeClusterSnapshots", + "redshift:DescribeSnapshotSchedules" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:cluster:*", + "arn:aws:redshift:*:*:subnetgroup:*", + "arn:aws:redshift:*:*:snapshot:*/*", + "arn:aws:redshift:*:*:snapshotschedule:*" + ] + }, + { + "Action":[ + "redshift:DescribeNodeConfigurationOptions", + "redshift:DescribeOrderableClusterOptions", + "redshift:DescribeClusterParameterGroups", + "redshift:DescribeClusterTracks" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudformation:ListStacks" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/*" + ] + }, + { + "Action":[ + "ssm-sap:GetOperation", + "ssm-sap:ListDatabases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm-sap:GetDatabase", + "ssm-sap:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm-sap:*:*:*" + }, + { + "Action":[ + "ram:GetResourceShareAssociations" + ], + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-01T17:35:31+00:00" + "UpdateDate":"2023-09-06T20:45:05+00:00" }, "AWSBackupOrganizationAdminAccess":{ "CreateDate":"2020-06-24T16:23:14+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "organizations:DisableAWSServiceAccess", - "organizations:EnableAWSServiceAccess" + "organizations:EnableAWSServiceAccess", + "organizations:ListDelegatedAdministrators" ], "Condition":{ "StringEquals":{ @@ -3284,6 +4062,21 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*" }, + { + "Action":[ + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "backup.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:organizations::*:account/*" + }, { "Action":[ "organizations:AttachPolicy", @@ -3330,11 +4123,53 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-11-24T22:09:43+00:00" + "UpdateDate":"2022-11-18T18:26:40+00:00" + }, + "AWSBackupRestoreAccessForSAPHANA":{ + "CreateDate":"2022-11-10T22:43:27+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "backup:Get*", + "backup:List*", + "backup:Describe*", + "backup:StartBackupJob", + "backup:StartRestoreJob" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm-sap:GetOperation", + "ssm-sap:ListDatabases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm-sap:BackupDatabase", + "ssm-sap:RestoreDatabase", + "ssm-sap:UpdateHanaBackupSettings", + "ssm-sap:GetDatabase", + "ssm-sap:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm-sap:*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-10T22:43:27+00:00" }, "AWSBackupServiceLinkedRolePolicyForBackup":{ "CreateDate":"2020-06-02T23:08:40+00:00", - "DefaultVersionId":"v11", + "DefaultVersionId":"v15", "Document":{ "Statement":[ { @@ -3348,7 +4183,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", + "Sid":"EFSResourcePermissions" }, { "Action":[ @@ -3366,7 +4202,8 @@ aws_managed_policies_data = """ "s3:GetBucketTagging" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DescribePermissions" }, { "Action":"ec2:CreateTags", @@ -3376,7 +4213,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*::snapshot/*" + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"SnapshotCopyTagPermissions" }, { "Action":"ec2:CreateTags", @@ -3391,7 +4229,8 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" - ] + ], + "Sid":"EC2CreateBackupTagPermissions" }, { "Action":"ec2:CreateTags", @@ -3404,32 +4243,38 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" - ] + ], + "Sid":"EC2CreateTagsPermissions" }, { "Action":[ "ec2:DescribeSnapshots", + "ec2:DescribeSnapshotTierStatus", "ec2:DescribeImages", "rds:DescribeDBSnapshots", "rds:DescribeDBClusterSnapshots" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2RDSDescribePermissions" }, { "Action":"ec2:CopySnapshot", "Effect":"Allow", - "Resource":"arn:aws:ec2:*::snapshot/*" + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"EBSCopyPermissions" }, { "Action":"ec2:CopyImage", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2CopyPermissions" }, { "Action":[ "ec2:DeregisterImage", - "ec2:DeleteSnapshot" + "ec2:DeleteSnapshot", + "ec2:ModifySnapshotTier" ], "Condition":{ "Null":{ @@ -3437,16 +4282,19 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2ModifyPermissions" }, { "Action":[ "rds:AddTagsToResource", "rds:CopyDBSnapshot", - "rds:DeleteDBSnapshot" + "rds:DeleteDBSnapshot", + "rds:DeleteDBInstanceAutomatedBackup" ], "Effect":"Allow", - "Resource":"arn:aws:rds:*:*:snapshot:awsbackup:*" + "Resource":"arn:aws:rds:*:*:snapshot:awsbackup:*", + "Sid":"RDSInstanceAndSnashotPermissions" }, { "Action":[ @@ -3455,12 +4303,14 @@ aws_managed_policies_data = """ "rds:DeleteDBClusterSnapshot" ], "Effect":"Allow", - "Resource":"arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" + "Resource":"arn:aws:rds:*:*:cluster-snapshot:awsbackup:*", + "Sid":"RDSClusterPermissions" }, { "Action":"kms:DescribeKey", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMSDescribePermissions" }, { "Action":[ @@ -3478,7 +4328,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMSGrantPermissions" }, { "Action":"kms:CreateGrant", @@ -3495,7 +4346,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMSCreateGrantPermissions" }, { "Action":[ @@ -3505,12 +4357,14 @@ aws_managed_policies_data = """ "fsx:DeleteBackup" ], "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:backup/*" + "Resource":"arn:aws:fsx:*:*:backup/*", + "Sid":"FsxPermissions" }, { "Action":"dynamodb:DeleteBackup", "Effect":"Allow", - "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*" + "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*", + "Sid":"DynamoDBDeletePermissions" }, { "Action":[ @@ -3534,7 +4388,8 @@ aws_managed_policies_data = """ "dynamodb:DescribeTable" ], "Effect":"Allow", - "Resource":"arn:aws:dynamodb:*:*:table/*" + "Resource":"arn:aws:dynamodb:*:*:table/*", + "Sid":"DynamoDBPermissions" }, { "Action":[ @@ -3542,7 +4397,8 @@ aws_managed_policies_data = """ "storagegateway:DescribeStorediSCSIVolumes" ], "Effect":"Allow", - "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*" + "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*", + "Sid":"StorageGatewayPermissions" }, { "Action":[ @@ -3558,26 +4414,96 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:events:*:*:rule/AwsBackupManagedRule*" - ] + ], + "Sid":"EventBridgePermissions" }, { "Action":"events:ListRules", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EventBridgeRulesPermissions" }, { "Action":[ - "sysops-sap:GetOperation" + "ssm-sap:GetOperation", + "ssm-sap:UpdateHANABackupSettings" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"SSMSAPPermissions" + }, + { + "Action":[ + "timestream:ListDatabases", + "timestream:ListTables", + "timestream:ListTagsForResource", + "timestream:DescribeDatabase", + "timestream:DescribeTable", + "timestream:GetAwsBackupStatus", + "timestream:GetAwsRestoreStatus" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:timestream:*:*:database/*" + ], + "Sid":"TimestreamResourcePermissions" + }, + { + "Action":[ + "timestream:DescribeEndpoints" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"TimestreamPermissions" + }, + { + "Action":[ + "redshift:DescribeClusterSnapshots", + "redshift:DescribeTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:snapshot:*/*", + "arn:aws:redshift:*:*:cluster:*" + ], + "Sid":"RedshiftDescribePermissions" + }, + { + "Action":[ + "redshift:DeleteClusterSnapshot" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:snapshot:*/*" + ], + "Sid":"RedshiftClusterSnapshotPermissions" + }, + { + "Action":[ + "redshift:DescribeClusters" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:cluster:*" + ], + "Sid":"RedshiftClusterPermissions" + }, + { + "Action":[ + "cloudformation:ListStacks" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/*" + ], + "Sid":"CloudformationStackPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-28T17:29:44+00:00" + "UpdateDate":"2023-12-15T22:06:53+00:00" }, "AWSBackupServiceLinkedRolePolicyForBackupTest":{ "CreateDate":"2020-05-12T17:37:29+00:00", @@ -3613,7 +4539,7 @@ aws_managed_policies_data = """ }, "AWSBackupServiceRolePolicyForBackup":{ "CreateDate":"2019-01-10T21:01:28+00:00", - "DefaultVersionId":"v12", + "DefaultVersionId":"v18", "Document":{ "Statement":[ { @@ -3622,7 +4548,8 @@ aws_managed_policies_data = """ "dynamodb:CreateBackup" ], "Effect":"Allow", - "Resource":"arn:aws:dynamodb:*:*:table/*" + "Resource":"arn:aws:dynamodb:*:*:table/*", + "Sid":"DynamoDBPermissions" }, { "Action":[ @@ -3630,7 +4557,8 @@ aws_managed_policies_data = """ "dynamodb:DeleteBackup" ], "Effect":"Allow", - "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*" + "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*", + "Sid":"DynamoDBBackupResourcePermissions" }, { "Action":[ @@ -3643,10 +4571,12 @@ aws_managed_policies_data = """ "rds:CreateDBClusterSnapshot", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshots", - "rds:CopyDBClusterSnapshot" + "rds:CopyDBClusterSnapshot", + "rds:DescribeDBClusterAutomatedBackups" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DynamoDBBackupPermissions" }, { "Action":[ @@ -3655,7 +4585,26 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:db:*" - ] + ], + "Sid":"RDSModifyPermissions" + }, + { + "Action":[ + "rds:ModifyDBCluster" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:cluster:*" + ], + "Sid":"RDSClusterPermissions" + }, + { + "Action":[ + "rds:DeleteDBClusterAutomatedBackup" + ], + "Effect":"Allow", + "Resource":"arn:aws:rds:*:*:cluster-auto-backup:*", + "Sid":"RDSClusterBackupPermissions" }, { "Action":[ @@ -3665,7 +4614,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:snapshot:awsbackup:*" - ] + ], + "Sid":"RDSBackupPermissions" }, { "Action":[ @@ -3675,7 +4625,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" - ] + ], + "Sid":"RDSClusterModifyPermissions" }, { "Action":[ @@ -3683,21 +4634,24 @@ aws_managed_policies_data = """ "storagegateway:ListTagsForResource" ], "Effect":"Allow", - "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*" + "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*", + "Sid":"StorageGatewayPermissions" }, { "Action":[ "ec2:CopySnapshot" ], "Effect":"Allow", - "Resource":"arn:aws:ec2:*::snapshot/*" + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"EBSCopyPermissions" }, { "Action":[ "ec2:CopyImage" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2CopyPermissions" }, { "Action":[ @@ -3705,25 +4659,13 @@ aws_managed_policies_data = """ "ec2:DeleteSnapshot" ], "Effect":"Allow", - "Resource":"arn:aws:ec2:*::snapshot/*" + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"EBSTagAndDeletePermissions" }, { "Action":[ "ec2:CreateImage", - "ec2:DeregisterImage" - ], - "Effect":"Allow", - "Resource":"*" - }, - { - "Action":[ - "ec2:CreateTags" - ], - "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:image/*" - }, - { - "Action":[ + "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeImages", @@ -3732,10 +4674,20 @@ aws_managed_policies_data = """ "ec2:DescribeInstanceCreditSpecifications", "ec2:DescribeNetworkInterfaces", "ec2:DescribeElasticGpus", - "ec2:DescribeSpotInstanceRequests" + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeSnapshotTierStatus" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2Permissions" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:image/*", + "Sid":"EC2TagPermissions" }, { "Action":[ @@ -3748,7 +4700,21 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2ModifyPermissions" + }, + { + "Action":[ + "ec2:ModifySnapshotTier" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/aws:backup:source-resource":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"EBSSnapshotTierPermissions" }, { "Action":[ @@ -3756,14 +4722,16 @@ aws_managed_policies_data = """ "backup:CopyIntoBackupVault" ], "Effect":"Allow", - "Resource":"arn:aws:backup:*:*:backup-vault:*" + "Resource":"arn:aws:backup:*:*:backup-vault:*", + "Sid":"BackupVaultPermissions" }, { "Action":[ "backup:CopyFromBackupVault" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"BackupVaultCopyPermissions" }, { "Action":[ @@ -3771,7 +4739,8 @@ aws_managed_policies_data = """ "elasticfilesystem:DescribeTags" ], "Effect":"Allow", - "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", + "Sid":"EFSPermissions" }, { "Action":[ @@ -3784,7 +4753,8 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:volume/*" - ] + ], + "Sid":"EBSResourcePermissions" }, { "Action":[ @@ -3799,12 +4769,14 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMSDynamoDBPermissions" }, { "Action":"kms:DescribeKey", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMSPermissions" }, { "Action":"kms:CreateGrant", @@ -3814,7 +4786,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMSCreateGrantPermissions" }, { "Action":[ @@ -3828,14 +4801,16 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:kms:*:*:key/*" + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"KMSDataKeyEC2Permissions" }, { "Action":[ "tag:GetResources" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"GetResourcesPermissions" }, { "Action":[ @@ -3843,7 +4818,8 @@ aws_managed_policies_data = """ "ssm:GetCommandInvocation" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"SSMPermissions" }, { "Action":"ssm:SendCommand", @@ -3851,12 +4827,14 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" - ] + ], + "Sid":"SSMSendPermissions" }, { "Action":"fsx:DescribeBackups", "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:backup/*" + "Resource":"arn:aws:fsx:*:*:backup/*", + "Sid":"FsxBackupPermissions" }, { "Action":"fsx:CreateBackup", @@ -3865,17 +4843,20 @@ aws_managed_policies_data = """ "arn:aws:fsx:*:*:file-system/*", "arn:aws:fsx:*:*:backup/*", "arn:aws:fsx:*:*:volume/*" - ] + ], + "Sid":"FsxCreateBackupPermissions" }, { "Action":"fsx:DescribeFileSystems", "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:file-system/*" + "Resource":"arn:aws:fsx:*:*:file-system/*", + "Sid":"FsxPermissions" }, { "Action":"fsx:DescribeVolumes", "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:volume/*" + "Resource":"arn:aws:fsx:*:*:volume/*", + "Sid":"FsxVolumePermissions" }, { "Action":"fsx:ListTagsForResource", @@ -3883,12 +4864,14 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:fsx:*:*:file-system/*", "arn:aws:fsx:*:*:volume/*" - ] + ], + "Sid":"FsxListTagsPermissions" }, { "Action":"fsx:DeleteBackup", "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:backup/*" + "Resource":"arn:aws:fsx:*:*:backup/*", + "Sid":"FsxDeletePermissions" }, { "Action":[ @@ -3898,7 +4881,8 @@ aws_managed_policies_data = """ "fsx:TagResource" ], "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:backup/*" + "Resource":"arn:aws:fsx:*:*:backup/*", + "Sid":"FsxResourcePermissions" }, { "Action":[ @@ -3917,17 +4901,115 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:vm/*", "Sid":"BackupGatewayBackupPermissions" + }, + { + "Action":[ + "cloudformation:ListStacks", + "cloudformation:GetTemplate", + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/*/*", + "Sid":"CloudformationStackPermissions" + }, + { + "Action":[ + "redshift:CreateClusterSnapshot", + "redshift:DescribeClusterSnapshots", + "redshift:DescribeTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:snapshot:*/*", + "arn:aws:redshift:*:*:cluster:*" + ], + "Sid":"RedshiftCreatePermissions" + }, + { + "Action":[ + "redshift:DeleteClusterSnapshot" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:snapshot:*/*" + ], + "Sid":"RedshiftSnapshotPermissions" + }, + { + "Action":[ + "redshift:DescribeClusters" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:cluster:*" + ], + "Sid":"RedshiftPermissions" + }, + { + "Action":[ + "redshift:CreateTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:snapshot:*/*" + ], + "Sid":"RedshiftResourcePermissions" + }, + { + "Action":[ + "timestream:StartAwsBackupJob", + "timestream:GetAwsBackupStatus", + "timestream:ListTables", + "timestream:ListDatabases", + "timestream:ListTagsForResource", + "timestream:DescribeTable", + "timestream:DescribeDatabase" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:timestream:*:*:database/*" + ], + "Sid":"TimestreamResourcePermissions" + }, + { + "Action":[ + "timestream:DescribeEndpoints" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"TimestreamEndpointPermissions" + }, + { + "Action":[ + "ssm-sap:GetOperation", + "ssm-sap:ListDatabases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SSMSAPPermissions" + }, + { + "Action":[ + "ssm-sap:BackupDatabase", + "ssm-sap:UpdateHanaBackupSettings", + "ssm-sap:GetDatabase", + "ssm-sap:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm-sap:*:*:*", + "Sid":"SSMSAPResourcePermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-17T17:31:44+00:00" + "UpdateDate":"2023-12-15T22:04:27+00:00" }, "AWSBackupServiceRolePolicyForRestores":{ "CreateDate":"2019-01-12T00:23:54+00:00", - "DefaultVersionId":"v13", + "DefaultVersionId":"v20", "Document":{ "Statement":[ { @@ -3942,14 +5024,16 @@ aws_managed_policies_data = """ "dynamodb:DescribeTable" ], "Effect":"Allow", - "Resource":"arn:aws:dynamodb:*:*:table/*" + "Resource":"arn:aws:dynamodb:*:*:table/*", + "Sid":"DynamoDBPermissions" }, { "Action":[ "dynamodb:RestoreTableFromBackup" ], "Effect":"Allow", - "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*" + "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*", + "Sid":"DynamoDBBackupResourcePermissions" }, { "Action":[ @@ -3960,26 +5044,38 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:volume/*" - ] + ], + "Sid":"EBSPermissions" }, { "Action":[ "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeSnapshots", - "ec2:DescribeVolumes" + "ec2:DescribeVolumes", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeInternetGateways", + "ec2:DescribeSnapshotTierStatus" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2DescribePermissions" }, { "Action":[ "storagegateway:DeleteVolume", "storagegateway:DescribeCachediSCSIVolumes", - "storagegateway:DescribeStorediSCSIVolumes" + "storagegateway:DescribeStorediSCSIVolumes", + "storagegateway:AddTagsToResource" ], "Effect":"Allow", - "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*" + "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*", + "Sid":"StorageGatewayVolumePermissions" }, { "Action":[ @@ -3988,14 +5084,16 @@ aws_managed_policies_data = """ "storagegateway:CreateCachediSCSIVolume" ], "Effect":"Allow", - "Resource":"arn:aws:storagegateway:*:*:gateway/*" + "Resource":"arn:aws:storagegateway:*:*:gateway/*", + "Sid":"StorageGatewayGatewayPermissions" }, { "Action":[ "storagegateway:ListVolumes" ], "Effect":"Allow", - "Resource":"arn:aws:storagegateway:*:*:*" + "Resource":"arn:aws:storagegateway:*:*:*", + "Sid":"StorageGatewayListPermissions" }, { "Action":[ @@ -4008,25 +5106,31 @@ aws_managed_policies_data = """ "rds:DescribeDBClusters", "rds:RestoreDBClusterFromSnapshot", "rds:DeleteDBCluster", - "rds:RestoreDBInstanceToPointInTime" + "rds:RestoreDBInstanceToPointInTime", + "rds:DescribeDBClusterSnapshots", + "rds:RestoreDBClusterToPointInTime" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"RDSPermissions" }, { "Action":[ "elasticfilesystem:Restore", "elasticfilesystem:CreateFilesystem", "elasticfilesystem:DescribeFilesystems", - "elasticfilesystem:DeleteFilesystem" + "elasticfilesystem:DeleteFilesystem", + "elasticfilesystem:TagResource" ], "Effect":"Allow", - "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", + "Sid":"EFSPermissions" }, { "Action":"kms:DescribeKey", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMSDescribePermissions" }, { "Action":[ @@ -4034,7 +5138,8 @@ aws_managed_policies_data = """ "kms:Encrypt", "kms:GenerateDataKey", "kms:ReEncryptTo", - "kms:ReEncryptFrom" + "kms:ReEncryptFrom", + "kms:GenerateDataKeyWithoutPlaintext" ], "Condition":{ "StringLike":{ @@ -4042,12 +5147,14 @@ aws_managed_policies_data = """ "dynamodb.*.amazonaws.com", "ec2.*.amazonaws.com", "elasticfilesystem.*.amazonaws.com", - "rds.*.amazonaws.com" + "rds.*.amazonaws.com", + "redshift.*.amazonaws.com" ] } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMSPermissions" }, { "Action":"kms:CreateGrant", @@ -4057,7 +5164,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMSCreateGrantPermissions" }, { "Action":[ @@ -4066,19 +5174,22 @@ aws_managed_policies_data = """ "ebs:PutSnapshotBlock" ], "Effect":"Allow", - "Resource":"arn:aws:ec2:*::snapshot/*" + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"EBSSnapshotBlockPermissions" }, { "Action":[ "rds:CreateDBInstance" ], "Effect":"Allow", - "Resource":"arn:aws:rds:*:*:db:*" + "Resource":"arn:aws:rds:*:*:db:*", + "Sid":"RDSResourcePermissions" }, { "Action":[ "ec2:DeleteSnapshot", - "ec2:DeleteTags" + "ec2:DeleteTags", + "ec2:RestoreSnapshotTier" ], "Condition":{ "Null":{ @@ -4086,7 +5197,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*::snapshot/*" + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"EC2DeleteAndRestorePermissions" }, { "Action":"ec2:CreateTags", @@ -4098,21 +5210,46 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*::snapshot/*" + "Resource":[ + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"EC2CreateTagsScopedPermissions" }, { "Action":[ "ec2:RunInstances" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2RunInstancesPermissions" }, { "Action":[ "ec2:TerminateInstances" ], "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:instance/*" + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"EC2TerminateInstancesPermissions" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "ec2:CreateAction":[ + "RunInstances", + "CreateVolume" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"EC2CreateTagsPermissions" }, { "Action":[ @@ -4122,7 +5259,8 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:fsx:*:*:file-system/*", "arn:aws:fsx:*:*:backup/*" - ] + ], + "Sid":"FsxPermissions" }, { "Action":[ @@ -4130,12 +5268,14 @@ aws_managed_policies_data = """ "fsx:TagResource" ], "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:file-system/*" + "Resource":"arn:aws:fsx:*:*:file-system/*", + "Sid":"FsxTagPermissions" }, { "Action":"fsx:DescribeBackups", "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:backup/*" + "Resource":"arn:aws:fsx:*:*:backup/*", + "Sid":"FsxBackupPermissions" }, { "Action":[ @@ -4148,14 +5288,16 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:file-system/*" + "Resource":"arn:aws:fsx:*:*:file-system/*", + "Sid":"FsxDeletePermissions" }, { "Action":[ "fsx:DescribeVolumes" ], "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:volume/*" + "Resource":"arn:aws:fsx:*:*:volume/*", + "Sid":"FsxDescribePermissions" }, { "Action":[ @@ -4172,17 +5314,21 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:fsx:*:*:volume/*" - ] + ], + "Sid":"FsxVolumeTagPermissions" }, { "Action":[ - "fsx:CreateVolumeFromBackup" + "fsx:CreateVolumeFromBackup", + "fsx:TagResource" ], "Effect":"Allow", "Resource":[ "arn:aws:fsx:*:*:storage-virtual-machine/*", - "arn:aws:fsx:*:*:backup/*" - ] + "arn:aws:fsx:*:*:backup/*", + "arn:aws:fsx:*:*:volume/*" + ], + "Sid":"FsxBackupTagPermissions" }, { "Action":[ @@ -4195,12 +5341,14 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:fsx:*:*:volume/*" + "Resource":"arn:aws:fsx:*:*:volume/*", + "Sid":"FsxVolumePermissions" }, { "Action":"ds:DescribeDirectories", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DSPermissions" }, { "Action":[ @@ -4217,17 +5365,83 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"arn:aws:backup-gateway:*:*:hypervisor/*", "Sid":"GatewayRestorePermissions" + }, + { + "Action":[ + "cloudformation:CreateChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:*/*/*", + "Sid":"CloudformationChangeSetPermissions" + }, + { + "Action":[ + "redshift:RestoreFromClusterSnapshot", + "redshift:RestoreTableFromClusterSnapshot" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:snapshot:*/*", + "arn:aws:redshift:*:*:cluster:*" + ], + "Sid":"RedshiftClusterSnapshotPermissions" + }, + { + "Action":[ + "redshift:DescribeClusters" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:cluster:*" + ], + "Sid":"RedshiftClusterPermissions" + }, + { + "Action":[ + "redshift:DescribeTableRestoreStatus" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RedshiftTablePermissions" + }, + { + "Action":[ + "timestream:StartAwsRestoreJob", + "timestream:GetAwsRestoreStatus", + "timestream:ListTables", + "timestream:ListTagsForResource", + "timestream:ListDatabases", + "timestream:DescribeTable", + "timestream:DescribeDatabase" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:timestream:*:*:database/*" + ], + "Sid":"TimestreamResourcePermissions" + }, + { + "Action":[ + "timestream:DescribeEndpoints" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"TimestreamEndpointPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-19T23:22:51+00:00" + "UpdateDate":"2023-12-15T22:05:32+00:00" }, "AWSBackupServiceRolePolicyForS3Backup":{ "CreateDate":"2022-02-18T17:40:24+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -4277,6 +5491,7 @@ aws_managed_policies_data = """ "s3:ListBucket", "s3:GetBucketVersioning", "s3:GetBucketLocation", + "s3:GetBucketAcl", "s3:PutInventoryConfiguration", "s3:GetBucketNotification", "s3:PutBucketNotification" @@ -4306,11 +5521,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-02-26T00:01:09+00:00" + "UpdateDate":"2022-09-01T16:52:33+00:00" }, "AWSBackupServiceRolePolicyForS3Restore":{ "CreateDate":"2022-02-18T17:39:37+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -4320,7 +5535,9 @@ aws_managed_policies_data = """ "s3:ListBucket", "s3:GetBucketVersioning", "s3:GetBucketLocation", - "s3:PutBucketVersioning" + "s3:PutBucketVersioning", + "s3:PutBucketOwnershipControls", + "s3:GetBucketOwnershipControls" ], "Effect":"Allow", "Resource":[ @@ -4349,7 +5566,8 @@ aws_managed_policies_data = """ { "Action":[ "kms:DescribeKey", - "kms:GenerateDataKey" + "kms:GenerateDataKey", + "kms:Decrypt" ], "Condition":{ "StringLike":{ @@ -4364,11 +5582,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-02-18T17:39:37+00:00" + "UpdateDate":"2023-02-07T00:06:00+00:00" }, "AWSBatchFullAccess":{ "CreateDate":"2016-12-06T19:35:42+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -4385,6 +5603,8 @@ aws_managed_policies_data = """ "ecs:DescribeClusters", "ecs:Describe*", "ecs:List*", + "eks:DescribeCluster", + "eks:ListClusters", "logs:Describe*", "logs:Get*", "logs:TestMetricFilter", @@ -4427,7 +5647,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-03-10T07:02:45+00:00" + "UpdateDate":"2022-10-24T16:09:09+00:00" }, "AWSBatchServiceEventTargetRole":{ "CreateDate":"2018-02-28T22:31:13+00:00", @@ -4450,7 +5670,7 @@ aws_managed_policies_data = """ }, "AWSBatchServiceRole":{ "CreateDate":"2016-12-06T19:36:24+00:00", - "DefaultVersionId":"v12", + "DefaultVersionId":"v13", "Document":{ "Statement":[ { @@ -4468,6 +5688,7 @@ aws_managed_policies_data = """ "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", + "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeVpcClassicLink", "ec2:DescribeLaunchTemplateVersions", "ec2:CreateLaunchTemplate", @@ -4481,6 +5702,7 @@ aws_managed_policies_data = """ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeScalingActivities", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", @@ -4518,14 +5740,16 @@ aws_managed_policies_data = """ "iam:GetRole" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSBatchPolicyStatement1" }, { "Action":"ecs:TagResource", "Effect":"Allow", "Resource":[ "arn:aws:ecs:*:*:task/*_Batch_*" - ] + ], + "Sid":"AWSBatchPolicyStatement2" }, { "Action":"iam:PassRole", @@ -4541,7 +5765,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AWSBatchPolicyStatement3" }, { "Action":"iam:CreateServiceLinkedRole", @@ -4556,7 +5781,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSBatchPolicyStatement4" }, { "Action":[ @@ -4570,14 +5796,15 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AWSBatchPolicyStatement5" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-12-07T02:22:29+00:00" + "UpdateDate":"2023-12-05T18:49:44+00:00" }, "AWSBillingConductorFullAccess":{ "CreateDate":"2022-04-13T18:02:29+00:00", @@ -4623,22 +5850,66 @@ aws_managed_policies_data = """ }, "AWSBillingReadOnlyAccess":{ "CreateDate":"2020-08-27T20:08:51+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ - "aws-portal:ViewBilling" + "account:GetAccountInformation", + "aws-portal:ViewBilling", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetCredits", + "billing:GetContractInformation", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "budgets:ViewBudget", + "budgets:DescribeBudgetActionsForBudget", + "budgets:DescribeBudgetAction", + "budgets:DescribeBudgetActionsForAccount", + "budgets:DescribeBudgetActionHistories", + "ce:DescribeCostCategoryDefinition", + "ce:GetCostAndUsage", + "ce:ListCostCategoryDefinitions", + "ce:ListTagsForResource", + "ce:ListCostAllocationTags", + "consolidatedbilling:ListLinkedAccounts", + "consolidatedbilling:GetAccountBillingRole", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:GetUsageReport", + "cur:DescribeReportDefinitions", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "purchase-orders:GetPurchaseOrder", + "purchase-orders:ViewPurchaseOrders", + "purchase-orders:ListPurchaseOrderInvoices", + "purchase-orders:ListPurchaseOrders", + "purchase-orders:ListTagsForResource", + "sustainability:GetCarbonFootprintSummary", + "tax:GetTaxRegistrationDocument", + "tax:GetTaxInheritance", + "tax:ListTaxRegistrations" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"VisualEditor0" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-08-27T20:08:51+00:00" + "UpdateDate":"2024-01-17T18:15:35+00:00" }, "AWSBudgetsActionsWithAWSResourceControlAccess":{ "CreateDate":"2020-10-15T17:19:12+00:00", @@ -5165,9 +6436,667 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-18T16:39:50+00:00" }, + "AWSCleanRoomsFullAccess":{ + "CreateDate":"2023-01-12T16:10:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cleanrooms:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CleanRoomsAccess" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/*cleanrooms*", + "Sid":"PassServiceRole" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListRolesToPickServiceRole" + }, + { + "Action":[ + "iam:GetRole", + "iam:ListRolePolicies", + "iam:ListAttachedRolePolicies" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/*cleanrooms*", + "Sid":"GetRoleAndListRolePoliciesToInspectServiceRole" + }, + { + "Action":[ + "iam:ListPolicies" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListPoliciesToInspectServiceRolePolicy" + }, + { + "Action":[ + "iam:GetPolicy", + "iam:GetPolicyVersion" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:policy/*cleanrooms*", + "Sid":"GetPolicyToInspectServiceRolePolicy" + }, + { + "Action":[ + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetSchema", + "glue:GetSchemaVersion", + "glue:BatchGetPartition" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleDisplayTables" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsolePickQueryResultsBucketListAll" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListBucketVersions" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::cleanrooms-queryresults*", + "Sid":"ConsolePickQueryResultsBucket" + }, + { + "Action":[ + "s3:ListBucket", + "s3:PutObject" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::cleanrooms-queryresults*", + "Sid":"WriteQueryResults" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::cleanrooms-queryresults*", + "Sid":"ConsoleDisplayQueryResults" + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EstablishLogDeliveries" + }, + { + "Action":[ + "logs:DescribeLogGroups" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SetupLogGroupsDescribe" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", + "Sid":"SetupLogGroupsCreate" + }, + { + "Action":[ + "logs:DescribeResourcePolicies", + "logs:PutResourcePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SetupLogGroupsResourcePolicy" + }, + { + "Action":[ + "logs:StartQuery" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", + "Sid":"ConsoleLogSummaryQueryLogs" + }, + { + "Action":[ + "logs:GetQueryResults" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleLogSummaryObtainLogs" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-01-12T16:10:54+00:00" + }, + "AWSCleanRoomsFullAccessNoQuerying":{ + "CreateDate":"2023-01-12T16:12:31+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "cleanrooms:BatchGetCollaborationAnalysisTemplate", + "cleanrooms:BatchGetSchema", + "cleanrooms:CreateAnalysisTemplate", + "cleanrooms:CreateCollaboration", + "cleanrooms:CreateConfiguredTable", + "cleanrooms:CreateConfiguredTableAnalysisRule", + "cleanrooms:CreateConfiguredTableAssociation", + "cleanrooms:CreateMembership", + "cleanrooms:DeleteAnalysisTemplate", + "cleanrooms:DeleteCollaboration", + "cleanrooms:DeleteConfiguredTable", + "cleanrooms:DeleteConfiguredTableAnalysisRule", + "cleanrooms:DeleteConfiguredTableAssociation", + "cleanrooms:DeleteMember", + "cleanrooms:DeleteMembership", + "cleanrooms:GetAnalysisTemplate", + "cleanrooms:GetCollaborationAnalysisTemplate", + "cleanrooms:GetCollaboration", + "cleanrooms:GetConfiguredTable", + "cleanrooms:GetConfiguredTableAnalysisRule", + "cleanrooms:GetConfiguredTableAssociation", + "cleanrooms:GetMembership", + "cleanrooms:GetProtectedQuery", + "cleanrooms:GetSchema", + "cleanrooms:GetSchemaAnalysisRule", + "cleanrooms:ListAnalysisTemplates", + "cleanrooms:ListCollaborationAnalysisTemplates", + "cleanrooms:ListCollaborations", + "cleanrooms:ListConfiguredTableAssociations", + "cleanrooms:ListConfiguredTables", + "cleanrooms:ListMembers", + "cleanrooms:ListMemberships", + "cleanrooms:ListProtectedQueries", + "cleanrooms:ListSchemas", + "cleanrooms:UpdateAnalysisTemplate", + "cleanrooms:UpdateCollaboration", + "cleanrooms:UpdateConfiguredTable", + "cleanrooms:UpdateConfiguredTableAnalysisRule", + "cleanrooms:UpdateConfiguredTableAssociation", + "cleanrooms:UpdateMembership", + "cleanrooms:ListTagsForResource", + "cleanrooms:UntagResource", + "cleanrooms:TagResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CleanRoomsAccess" + }, + { + "Action":[ + "cleanrooms:StartProtectedQuery", + "cleanrooms:UpdateProtectedQuery" + ], + "Effect":"Deny", + "Resource":"*", + "Sid":"CleanRoomsNoQuerying" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/*cleanrooms*", + "Sid":"PassServiceRole" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListRolesToPickServiceRole" + }, + { + "Action":[ + "iam:GetRole", + "iam:ListRolePolicies", + "iam:ListAttachedRolePolicies" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/*cleanrooms*", + "Sid":"GetRoleAndListRolePoliciesToInspectServiceRole" + }, + { + "Action":[ + "iam:ListPolicies" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListPoliciesToInspectServiceRolePolicy" + }, + { + "Action":[ + "iam:GetPolicy", + "iam:GetPolicyVersion" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:policy/*cleanrooms*", + "Sid":"GetPolicyToInspectServiceRolePolicy" + }, + { + "Action":[ + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetSchema", + "glue:GetSchemaVersion", + "glue:BatchGetPartition" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleDisplayTables" + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EstablishLogDeliveries" + }, + { + "Action":[ + "logs:DescribeLogGroups" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SetupLogGroupsDescribe" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", + "Sid":"SetupLogGroupsCreate" + }, + { + "Action":[ + "logs:DescribeResourcePolicies", + "logs:PutResourcePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cleanrooms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SetupLogGroupsResourcePolicy" + }, + { + "Action":[ + "logs:StartQuery" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", + "Sid":"ConsoleLogSummaryQueryLogs" + }, + { + "Action":[ + "logs:GetQueryResults" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleLogSummaryObtainLogs" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-07-31T20:03:50+00:00" + }, + "AWSCleanRoomsMLFullAccess":{ + "CreateDate":"2023-11-29T21:02:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cleanrooms-ml:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CleanRoomsMLFullAccess" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"cleanrooms-ml.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/cleanrooms-ml*" + ], + "Sid":"PassServiceRole" + }, + { + "Action":[ + "cleanrooms:GetCollaboration", + "cleanrooms:GetConfiguredAudienceModelAssociation", + "cleanrooms:GetMembership", + "cleanrooms:ListAnalysisTemplates", + "cleanrooms:ListCollaborationAnalysisTemplates", + "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations", + "cleanrooms:ListCollaborations", + "cleanrooms:ListConfiguredTableAssociations", + "cleanrooms:ListConfiguredTables", + "cleanrooms:ListMembers", + "cleanrooms:ListMemberships", + "cleanrooms:ListProtectedQueries", + "cleanrooms:ListSchemas", + "cleanrooms:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CleanRoomsConsoleNavigation" + }, + { + "Action":[ + "cleanrooms:ListMembers" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "cleanrooms-ml.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CollaborationMembershipCheck" + }, + { + "Action":[ + "cleanrooms:CreateConfiguredAudienceModelAssociation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AssociateModels" + }, + { + "Action":[ + "cleanrooms:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:cleanrooms:*:*:membership/*/configuredaudiencemodelassociation/*", + "Sid":"TagAssociations" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListRolesToPickServiceRole" + }, + { + "Action":[ + "iam:GetRole", + "iam:ListRolePolicies", + "iam:ListAttachedRolePolicies" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/cleanrooms-ml*", + "arn:aws:iam::*:role/role/cleanrooms-ml*" + ], + "Sid":"GetRoleAndListRolePoliciesToInspectServiceRole" + }, + { + "Action":[ + "iam:ListPolicies" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListPoliciesToInspectServiceRolePolicy" + }, + { + "Action":[ + "iam:GetPolicy", + "iam:GetPolicyVersion" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:policy/*cleanroomsml*", + "Sid":"GetPolicyToInspectServiceRolePolicy" + }, + { + "Action":[ + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetSchema", + "glue:GetSchemaVersion", + "glue:BatchGetPartition" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleDisplayTables" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsolePickOutputBucket" + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*cleanrooms-ml*", + "Sid":"ConsolePickS3Location" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-29T21:02:06+00:00" + }, + "AWSCleanRoomsMLReadOnlyAccess":{ + "CreateDate":"2023-11-29T20:55:31+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cleanrooms:GetCollaboration", + "cleanrooms:GetConfiguredAudienceModelAssociation", + "cleanrooms:GetMembership", + "cleanrooms:ListAnalysisTemplates", + "cleanrooms:ListCollaborationAnalysisTemplates", + "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations", + "cleanrooms:ListCollaborations", + "cleanrooms:ListConfiguredTableAssociations", + "cleanrooms:ListConfiguredTables", + "cleanrooms:ListMembers", + "cleanrooms:ListMemberships", + "cleanrooms:ListProtectedQueries", + "cleanrooms:ListSchemas", + "cleanrooms:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CleanRoomsConsoleNavigation" + }, + { + "Action":[ + "cleanrooms-ml:Get*", + "cleanrooms-ml:List*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CleanRoomsMLRead" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-29T20:55:31+00:00" + }, + "AWSCleanRoomsReadOnlyAccess":{ + "CreateDate":"2023-01-12T16:10:48+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cleanrooms:BatchGet*", + "cleanrooms:Get*", + "cleanrooms:List*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CleanRoomsRead" + }, + { + "Action":[ + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetSchema", + "glue:GetSchemaVersion", + "glue:BatchGetPartition" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleDisplayTables" + }, + { + "Action":[ + "logs:StartQuery" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/cleanrooms*", + "Sid":"ConsoleLogSummaryQueryLogs" + }, + { + "Action":[ + "logs:GetQueryResults" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleLogSummaryObtainLogs" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-01-12T16:10:48+00:00" + }, "AWSCloud9Administrator":{ "CreateDate":"2017-11-30T16:17:28+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -5176,7 +7105,9 @@ aws_managed_policies_data = """ "iam:GetUser", "iam:ListUsers", "ec2:DescribeVpcs", - "ec2:DescribeSubnets" + "ec2:DescribeSubnets", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":"*" @@ -5194,7 +7125,10 @@ aws_managed_policies_data = """ "Resource":"*" }, { - "Action":"ssm:StartSession", + "Action":[ + "ssm:StartSession", + "ssm:GetConnectionStatus" + ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloud9.amazonaws.com" @@ -5220,11 +7154,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-07-29T06:28:54+00:00" + "UpdateDate":"2023-10-11T12:59:29+00:00" }, "AWSCloud9EnvironmentMember":{ "CreateDate":"2017-11-30T16:18:28+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -5253,7 +7187,10 @@ aws_managed_policies_data = """ ] }, { - "Action":"ssm:StartSession", + "Action":[ + "ssm:StartSession", + "ssm:GetConnectionStatus" + ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloud9.amazonaws.com" @@ -5279,7 +7216,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-07-29T06:29:08+00:00" + "UpdateDate":"2023-10-11T12:13:40+00:00" }, "AWSCloud9SSMInstanceProfile":{ "CreateDate":"2020-05-14T11:40:49+00:00", @@ -5413,18 +7350,19 @@ aws_managed_policies_data = """ }, "AWSCloud9User":{ "CreateDate":"2017-11-30T16:16:17+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ - "cloud9:ValidateEnvironmentName", "cloud9:UpdateUserSettings", "cloud9:GetUserSettings", "iam:GetUser", "iam:ListUsers", "ec2:DescribeVpcs", - "ec2:DescribeSubnets" + "ec2:DescribeSubnets", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":"*" @@ -5482,7 +7420,10 @@ aws_managed_policies_data = """ "Resource":"*" }, { - "Action":"ssm:StartSession", + "Action":[ + "ssm:StartSession", + "ssm:GetConnectionStatus" + ], "Condition":{ "StringEquals":{ "aws:CalledViaFirst":"cloud9.amazonaws.com" @@ -5508,7 +7449,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-07-29T06:26:43+00:00" + "UpdateDate":"2023-10-11T13:24:10+00:00" }, "AWSCloudFormationFullAccess":{ "CreateDate":"2019-07-26T21:50:35+00:00", @@ -5642,12 +7583,13 @@ aws_managed_policies_data = """ }, "AWSCloudMapDiscoverInstanceAccess":{ "CreateDate":"2018-11-29T00:02:42+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ - "servicediscovery:DiscoverInstances" + "servicediscovery:DiscoverInstances", + "servicediscovery:DiscoverInstancesRevision" ], "Effect":"Allow", "Resource":[ @@ -5659,7 +7601,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-11-29T00:02:42+00:00" + "UpdateDate":"2023-09-20T21:48:09+00:00" }, "AWSCloudMapFullAccess":{ "CreateDate":"2018-11-28T23:57:31+00:00", @@ -5696,14 +7638,15 @@ aws_managed_policies_data = """ }, "AWSCloudMapReadOnlyAccess":{ "CreateDate":"2018-11-28T23:45:26+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "servicediscovery:Get*", "servicediscovery:List*", - "servicediscovery:DiscoverInstances" + "servicediscovery:DiscoverInstances", + "servicediscovery:DiscoverInstancesRevision" ], "Effect":"Allow", "Resource":[ @@ -5715,11 +7658,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-11-28T23:45:26+00:00" + "UpdateDate":"2023-09-20T21:47:45+00:00" }, "AWSCloudMapRegisterInstanceAccess":{ "CreateDate":"2018-11-29T00:04:57+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -5736,6 +7679,7 @@ aws_managed_policies_data = """ "servicediscovery:RegisterInstance", "servicediscovery:DeregisterInstance", "servicediscovery:DiscoverInstances", + "servicediscovery:DiscoverInstancesRevision", "ec2:DescribeInstances" ], "Effect":"Allow", @@ -5748,7 +7692,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-07-29T17:57:24+00:00" + "UpdateDate":"2023-09-20T21:47:06+00:00" }, "AWSCloudShellFullAccess":{ "CreateDate":"2020-12-15T18:07:44+00:00", @@ -5769,44 +7713,6 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-15T18:07:44+00:00" }, - "AWSCloudTrailReadOnlyAccess":{ - "CreateDate":"2015-02-06T18:39:59+00:00", - "DefaultVersionId":"v9", - "Document":{ - "Statement":[ - { - "Action":[ - "s3:GetObject", - "s3:GetBucketLocation" - ], - "Effect":"Allow", - "Resource":"*" - }, - { - "Action":[ - "cloudtrail:GetTrail", - "cloudtrail:GetTrailStatus", - "cloudtrail:DescribeTrails", - "cloudtrail:ListTrails", - "cloudtrail:LookupEvents", - "cloudtrail:ListTags", - "cloudtrail:ListPublicKeys", - "cloudtrail:GetEventSelectors", - "cloudtrail:GetInsightSelectors", - "s3:ListAllMyBuckets", - "kms:ListAliases", - "lambda:ListFunctions" - ], - "Effect":"Allow", - "Resource":"*" - } - ], - "Version":"2012-10-17" - }, - "Path":"/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-11-20T21:06:49+00:00" - }, "AWSCloudTrail_FullAccess":{ "CreateDate":"2020-10-08T23:41:15+00:00", "DefaultVersionId":"v3", @@ -6021,7 +7927,7 @@ aws_managed_policies_data = """ }, "AWSCodeBuildAdminAccess":{ "CreateDate":"2016-12-01T19:04:44+00:00", - "DefaultVersionId":"v12", + "DefaultVersionId":"v13", "Document":{ "Statement":[ { @@ -6053,28 +7959,32 @@ aws_managed_policies_data = """ "s3:ListAllMyBuckets" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSServicesAccess" }, { "Action":[ "logs:DeleteLogGroup" ], "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*", + "Sid":"CWLDeleteLogGroupAccess" }, { "Action":[ "ssm:PutParameter" ], "Effect":"Allow", - "Resource":"arn:aws:ssm:*:*:parameter/CodeBuild/*" + "Resource":"arn:aws:ssm:*:*:parameter/CodeBuild/*", + "Sid":"SSMParameterWriteAccess" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", - "Resource":"arn:aws:ecs:*:*:task/*/*" + "Resource":"arn:aws:ecs:*:*:task/*/*", + "Sid":"SSMStartSessionAccess" }, { "Action":[ @@ -6146,7 +8056,8 @@ aws_managed_policies_data = """ }, { "Action":[ - "chatbot:DescribeSlackChannelConfigurations" + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", @@ -6157,11 +8068,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-09-14T16:03:39+00:00" + "UpdateDate":"2023-07-31T23:06:23+00:00" }, "AWSCodeBuildDeveloperAccess":{ "CreateDate":"2016-12-01T19:02:32+00:00", - "DefaultVersionId":"v13", + "DefaultVersionId":"v14", "Document":{ "Statement":[ { @@ -6190,21 +8101,24 @@ aws_managed_policies_data = """ "s3:ListAllMyBuckets" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSServicesAccess" }, { "Action":[ "ssm:PutParameter" ], "Effect":"Allow", - "Resource":"arn:aws:ssm:*:*:parameter/CodeBuild/*" + "Resource":"arn:aws:ssm:*:*:parameter/CodeBuild/*", + "Sid":"SSMParameterWriteAccess" }, { "Action":[ "ssm:StartSession" ], "Effect":"Allow", - "Resource":"arn:aws:ecs:*:*:task/*/*" + "Resource":"arn:aws:ecs:*:*:task/*/*", + "Sid":"SSMStartSessionAccess" }, { "Action":[ @@ -6254,7 +8168,8 @@ aws_managed_policies_data = """ }, { "Action":[ - "chatbot:DescribeSlackChannelConfigurations" + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", @@ -6265,7 +8180,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-09-14T16:03:44+00:00" + "UpdateDate":"2023-07-31T23:06:10+00:00" }, "AWSCodeBuildReadOnlyAccess":{ "CreateDate":"2016-12-01T19:03:41+00:00", @@ -6332,7 +8247,7 @@ aws_managed_policies_data = """ }, "AWSCodeCommitFullAccess":{ "CreateDate":"2015-07-09T17:02:19+00:00", - "DefaultVersionId":"v9", + "DefaultVersionId":"v10", "Document":{ "Statement":[ { @@ -6508,7 +8423,8 @@ aws_managed_policies_data = """ }, { "Action":[ - "chatbot:DescribeSlackChannelConfigurations" + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", @@ -6528,11 +8444,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-07-30T23:17:35+00:00" + "UpdateDate":"2023-07-17T21:50:11+00:00" }, "AWSCodeCommitPowerUser":{ "CreateDate":"2015-07-09T17:06:49+00:00", - "DefaultVersionId":"v14", + "DefaultVersionId":"v15", "Document":{ "Statement":[ { @@ -6717,7 +8633,8 @@ aws_managed_policies_data = """ }, { "Action":[ - "chatbot:DescribeSlackChannelConfigurations" + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", @@ -6737,7 +8654,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-07-30T23:12:48+00:00" + "UpdateDate":"2023-07-17T21:49:06+00:00" }, "AWSCodeCommitReadOnly":{ "CreateDate":"2015-07-09T17:05:06+00:00", @@ -7037,7 +8954,7 @@ aws_managed_policies_data = """ }, "AWSCodeDeployRole":{ "CreateDate":"2015-05-04T18:05:37+00:00", - "DefaultVersionId":"v9", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { @@ -7049,6 +8966,7 @@ aws_managed_policies_data = """ "autoscaling:PutLifecycleHook", "autoscaling:RecordLifecycleActionHeartbeat", "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", "autoscaling:UpdateAutoScalingGroup", "autoscaling:EnableMetricsCollection", "autoscaling:DescribePolicies", @@ -7071,6 +8989,8 @@ aws_managed_policies_data = """ "sns:Publish", "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", @@ -7088,7 +9008,7 @@ aws_managed_policies_data = """ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-05-19T00:42:51+00:00" + "UpdateDate":"2023-08-16T20:38:58+00:00" }, "AWSCodeDeployRoleForCloudFormation":{ "CreateDate":"2020-05-19T17:12:52+00:00", @@ -7381,232 +9301,9 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-07-09T17:02:54+00:00" }, - "AWSCodePipelineFullAccess":{ - "CreateDate":"2015-07-09T16:58:07+00:00", - "DefaultVersionId":"v10", - "Document":{ - "Statement":[ - { - "Action":[ - "codepipeline:*", - "cloudformation:DescribeStacks", - "cloudformation:ListChangeSets", - "cloudtrail:CreateTrail", - "cloudtrail:DescribeTrails", - "cloudtrail:GetEventSelectors", - "cloudtrail:PutEventSelectors", - "cloudtrail:StartLogging", - "codebuild:BatchGetProjects", - "codebuild:CreateProject", - "codebuild:ListCuratedEnvironmentImages", - "codebuild:ListProjects", - "codecommit:GetBranch", - "codecommit:GetRepositoryTriggers", - "codecommit:ListBranches", - "codecommit:ListRepositories", - "codecommit:PutRepositoryTriggers", - "codecommit:GetReferences", - "codedeploy:GetApplication", - "codedeploy:BatchGetApplications", - "codedeploy:GetDeploymentGroup", - "codedeploy:BatchGetDeploymentGroups", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentGroups", - "devicefarm:GetDevicePool", - "devicefarm:GetProject", - "devicefarm:ListDevicePools", - "devicefarm:ListProjects", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecs:ListClusters", - "ecs:ListServices", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "iam:ListRoles", - "iam:GetRole", - "lambda:GetFunctionConfiguration", - "lambda:ListFunctions", - "events:ListRules", - "events:ListTargetsByRule", - "events:DescribeRule", - "opsworks:DescribeApps", - "opsworks:DescribeLayers", - "opsworks:DescribeStacks", - "s3:GetBucketPolicy", - "s3:GetBucketVersioning", - "s3:GetObjectVersion", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "sns:ListTopics", - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListTargets", - "codestar-notifications:ListTagsforResource", - "codestar-notifications:ListEventTypes", - "states:ListStateMachines" - ], - "Effect":"Allow", - "Resource":"*" - }, - { - "Action":[ - "s3:GetObject", - "s3:CreateBucket", - "s3:PutBucketPolicy" - ], - "Effect":"Allow", - "Resource":"arn:aws:s3::*:codepipeline-*" - }, - { - "Action":[ - "iam:PassRole" - ], - "Condition":{ - "StringEquals":{ - "iam:PassedToService":[ - "events.amazonaws.com" - ] - } - }, - "Effect":"Allow", - "Resource":[ - "arn:aws:iam::*:role/service-role/cwe-role-*" - ] - }, - { - "Action":[ - "iam:PassRole" - ], - "Condition":{ - "StringEquals":{ - "iam:PassedToService":[ - "codepipeline.amazonaws.com" - ] - } - }, - "Effect":"Allow", - "Resource":"*" - }, - { - "Action":[ - "events:PutRule", - "events:PutTargets", - "events:DeleteRule", - "events:DisableRule", - "events:RemoveTargets" - ], - "Effect":"Allow", - "Resource":[ - "arn:aws:events:*:*:rule/codepipeline-*" - ] - }, - { - "Action":[ - "codestar-notifications:CreateNotificationRule", - "codestar-notifications:DescribeNotificationRule", - "codestar-notifications:UpdateNotificationRule", - "codestar-notifications:DeleteNotificationRule", - "codestar-notifications:Subscribe", - "codestar-notifications:Unsubscribe" - ], - "Condition":{ - "StringLike":{ - "codestar-notifications:NotificationsForResource":"arn:aws:codepipeline:*" - } - }, - "Effect":"Allow", - "Resource":"*", - "Sid":"CodeStarNotificationsReadWriteAccess" - }, - { - "Action":[ - "sns:CreateTopic", - "sns:SetTopicAttributes" - ], - "Effect":"Allow", - "Resource":"arn:aws:sns:*:*:codestar-notifications*", - "Sid":"CodeStarNotificationsSNSTopicCreateAccess" - }, - { - "Action":[ - "chatbot:DescribeSlackChannelConfigurations" - ], - "Effect":"Allow", - "Resource":"*", - "Sid":"CodeStarNotificationsChatbotAccess" - } - ], - "Version":"2012-10-17" - }, - "Path":"/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-05-21T22:03:13+00:00" - }, - "AWSCodePipelineReadOnlyAccess":{ - "CreateDate":"2015-07-09T16:43:57+00:00", - "DefaultVersionId":"v9", - "Document":{ - "Statement":[ - { - "Action":[ - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:GetPipelineExecution", - "codepipeline:ListPipelineExecutions", - "codepipeline:ListActionExecutions", - "codepipeline:ListActionTypes", - "codepipeline:ListPipelines", - "codepipeline:ListTagsForResource", - "iam:ListRoles", - "s3:GetBucketPolicy", - "s3:GetObject", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "codecommit:ListBranches", - "codecommit:ListRepositories", - "codedeploy:GetApplication", - "codedeploy:GetDeploymentGroup", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentGroups", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "lambda:GetFunctionConfiguration", - "lambda:ListFunctions", - "opsworks:DescribeApps", - "opsworks:DescribeLayers", - "opsworks:DescribeStacks", - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListEventTypes", - "codestar-notifications:ListTargets" - ], - "Effect":"Allow", - "Resource":"*" - }, - { - "Action":[ - "codestar-notifications:DescribeNotificationRule" - ], - "Condition":{ - "StringLike":{ - "codestar-notifications:NotificationsForResource":"arn:aws:codepipeline:*" - } - }, - "Effect":"Allow", - "Resource":"*", - "Sid":"CodeStarNotificationsReadOnlyAccess" - } - ], - "Version":"2012-10-17" - }, - "Path":"/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-03-26T16:07:17+00:00" - }, "AWSCodePipeline_FullAccess":{ "CreateDate":"2020-08-03T22:38:28+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -7749,7 +9446,8 @@ aws_managed_policies_data = """ }, { "Action":[ - "chatbot:DescribeSlackChannelConfigurations" + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:ListMicrosoftTeamsChannelConfigurations" ], "Effect":"Allow", "Resource":"*", @@ -7760,7 +9458,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-08-03T22:38:28+00:00" + "UpdateDate":"2023-06-21T22:46:59+00:00" }, "AWSCodePipeline_ReadOnlyAccess":{ "CreateDate":"2020-08-03T22:25:17+00:00", @@ -7816,7 +9514,7 @@ aws_managed_policies_data = """ }, "AWSCodeStarFullAccess":{ "CreateDate":"2017-04-19T16:23:19+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -7835,6 +9533,7 @@ aws_managed_policies_data = """ { "Action":[ "cloudformation:DescribeStack*", + "cloudformation:ListStacks*", "cloudformation:GetTemplateSummary" ], "Effect":"Allow", @@ -7848,7 +9547,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-01-10T21:54:06+00:00" + "UpdateDate":"2023-03-28T00:06:28+00:00" }, "AWSCodeStarNotificationsServiceRolePolicy":{ "CreateDate":"2019-11-05T16:10:21+00:00", @@ -8163,7 +9862,7 @@ aws_managed_policies_data = """ }, "AWSCompromisedKeyQuarantineV2":{ "CreateDate":"2021-04-21T22:30:59+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -8223,7 +9922,11 @@ aws_managed_policies_data = """ "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccountPublicAccessBlock", "s3:PutBucketPolicy", - "s3:ListAllMyBuckets" + "s3:ListAllMyBuckets", + "ec2:PurchaseReservedInstancesOffering", + "ec2:AcceptReservedInstancesExchangeQuote", + "ec2:CreateReservedInstancesListing", + "savingsplans:CreateSavingsPlan" ], "Effect":"Deny", "Resource":[ @@ -8235,11 +9938,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-08-10T21:15:53+00:00" + "UpdateDate":"2023-03-16T00:20:25+00:00" }, "AWSConfigMultiAccountSetupPolicy":{ "CreateDate":"2019-06-17T18:03:16+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -8270,12 +9973,18 @@ aws_managed_policies_data = """ { "Action":[ "config:PutConformancePack", - "config:DeleteConformancePack", - "config:DescribeConformancePackStatus" + "config:DeleteConformancePack" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:conformance-pack/aws-service-conformance-pack/config-multiaccountsetup.amazonaws.com/*" }, + { + "Action":[ + "config:DescribeConformancePackStatus" + ], + "Effect":"Allow", + "Resource":"*" + }, { "Action":[ "iam:GetRole" @@ -8310,7 +10019,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-05-21T22:59:26+00:00" + "UpdateDate":"2023-02-24T01:39:49+00:00" }, "AWSConfigRemediationServiceRolePolicy":{ "CreateDate":"2019-06-18T21:21:35+00:00", @@ -8343,326 +10052,6 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-06-18T21:21:35+00:00" }, - "AWSConfigRole":{ - "CreateDate":"2015-04-02T17:36:23+00:00", - "DefaultVersionId":"v42", - "Document":{ - "Statement":[ - { - "Action":[ - "access-analyzer:GetAnalyzer", - "access-analyzer:GetArchiveRule", - "access-analyzer:ListAnalyzers", - "access-analyzer:ListArchiveRules", - "access-analyzer:ListTagsForResource", - "account:GetAlternateContact", - "acm:DescribeCertificate", - "acm:ListCertificates", - "acm:ListTagsForCertificate", - "apigateway:GET", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeLifecycleHooks", - "autoscaling:DescribePolicies", - "autoscaling:DescribeScheduledActions", - "autoscaling:DescribeTags", - "backup:DescribeBackupVault", - "backup:DescribeRecoveryPoint", - "backup:GetBackupPlan", - "backup:GetBackupSelection", - "backup:GetBackupVaultAccessPolicy", - "backup:GetBackupVaultNotifications", - "backup:ListBackupPlans", - "backup:ListBackupSelections", - "backup:ListBackupVaults", - "backup:ListRecoveryPointsByBackupVault", - "backup:ListTags", - "cloudformation:DescribeType", - "cloudformation:ListTypes", - "cloudfront:ListDistributions", - "cloudfront:ListTagsForResource", - "cloudtrail:DescribeTrails", - "cloudtrail:GetEventSelectors", - "cloudtrail:GetTrailStatus", - "cloudtrail:ListTags", - "cloudwatch:DescribeAlarms", - "codedeploy:GetDeploymentConfig", - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:ListPipelines", - "config:BatchGet*", - "config:Describe*", - "config:Get*", - "config:List*", - "config:Put*", - "config:Select*", - "dax:DescribeClusters", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:ListTagsForResource", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "dynamodb:ListTagsOfResource", - "ec2:Describe*", - "ec2:GetEbsEncryptionByDefault", - "ecr-public:DescribeRepositories", - "ecr-public:GetRepositoryCatalogData", - "ecr-public:GetRepositoryPolicy", - "ecr-public:ListTagsForResource", - "ecr:DescribeRepositories", - "ecr:GetLifecyclePolicy", - "ecr:GetRepositoryPolicy", - "ecr:ListTagsForResource", - "ecs:DescribeClusters", - "ecs:DescribeServices", - "ecs:DescribeTaskDefinition", - "ecs:DescribeTaskSets", - "ecs:ListClusters", - "ecs:ListServices", - "ecs:ListTagsForResource", - "ecs:ListTaskDefinitionFamilies", - "ecs:ListTaskDefinitions", - "eks:DescribeCluster", - "eks:DescribeNodegroup", - "eks:ListClusters", - "eks:ListNodegroups", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeSnapshots", - "elasticache:ListTagsForResource", - "elasticbeanstalk:DescribeConfigurationSettings", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeBackupPolicy", - "elasticfilesystem:DescribeFileSystemPolicy", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeLifecycleConfiguration", - "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:DescribeMountTargetSecurityGroups", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticmapreduce:DescribeCluster", - "elasticmapreduce:DescribeSecurityConfiguration", - "elasticmapreduce:DescribeStep", - "elasticmapreduce:GetBlockPublicAccessConfiguration", - "elasticmapreduce:GetManagedScalingPolicy", - "elasticmapreduce:ListClusters", - "elasticmapreduce:ListInstanceFleets", - "elasticmapreduce:ListInstanceGroups", - "elasticmapreduce:ListInstances", - "elasticmapreduce:ListSecurityConfigurations", - "elasticmapreduce:ListSteps", - "es:DescribeDomain", - "es:DescribeDomains", - "es:DescribeElasticsearchDomain", - "es:DescribeElasticsearchDomains", - "es:GetCompatibleElasticsearchVersions", - "es:GetCompatibleVersions", - "es:ListDomainNames", - "es:ListTags", - "firehose:DescribeDeliveryStream", - "firehose:ListDeliveryStreams", - "firehose:ListTagsForDeliveryStream", - "fsx:DescribeFileSystems", - "globalaccelerator:DescribeAccelerator", - "globalaccelerator:DescribeEndpointGroup", - "globalaccelerator:DescribeListener", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "globalaccelerator:ListTagsForResource", - "guardduty:GetDetector", - "guardduty:GetFindings", - "guardduty:GetMasterAccount", - "guardduty:ListDetectors", - "guardduty:ListFindings", - "iam:GenerateCredentialReport", - "iam:GetAccountAuthorizationDetails", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetGroup", - "iam:GetGroupPolicy", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:GetUser", - "iam:GetUserPolicy", - "iam:ListAttachedGroupPolicies", - "iam:ListAttachedRolePolicies", - "iam:ListAttachedUserPolicies", - "iam:ListEntitiesForPolicy", - "iam:ListGroupPolicies", - "iam:ListGroupsForUser", - "iam:ListInstanceProfilesForRole", - "iam:ListPolicyVersions", - "iam:ListRolePolicies", - "iam:ListUserPolicies", - "iam:ListVirtualMFADevices", - "kafka:DescribeCluster", - "kafka:ListClusters", - "kinesis:DescribeStreamConsumer", - "kinesis:DescribeStreamSummary", - "kinesis:ListStreamConsumers", - "kinesis:ListStreams", - "kinesis:ListTagsForStream", - "kms:DescribeKey", - "kms:GetKeyPolicy", - "kms:GetKeyRotationStatus", - "kms:ListKeys", - "kms:ListResourceTags", - "lambda:GetAlias", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetPolicy", - "lambda:ListAliases", - "lambda:ListFunctions", - "lambda:ListVersionsByFunction", - "logs:DescribeLogGroups", - "logs:ListTagsLogGroup", - "network-firewall:DescribeLoggingConfiguration", - "network-firewall:ListFirewalls", - "organizations:DescribeOrganization", - "organizations:DescribePolicy", - "organizations:ListParents", - "organizations:ListPoliciesForTarget", - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshotAttributes", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeOptionGroups", - "rds:ListTagsForResource", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterParameters", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeLoggingStatus", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListQueryLoggingConfigs", - "route53:ListResourceRecordSets", - "route53:ListTagsForResource", - "route53resolver:GetResolverEndpoint", - "route53resolver:GetResolverRule", - "route53resolver:GetResolverRuleAssociation", - "route53resolver:ListResolverEndpointIpAddresses", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverRuleAssociations", - "route53resolver:ListResolverRules", - "route53resolver:ListTagsForResource", - "s3:GetAccelerateConfiguration", - "s3:GetAccessPoint", - "s3:GetAccessPointPolicy", - "s3:GetAccessPointPolicyStatus", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketCORS", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketPolicy", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketRequestPayment", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetObject", - "s3:GetReplicationConfiguration", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "sagemaker:DescribeCodeRepository", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DescribeModel", - "sagemaker:DescribeMonitoringSchedule", - "sagemaker:DescribeNotebookInstance", - "sagemaker:DescribeNotebookInstanceLifecycleConfig", - "sagemaker:DescribeWorkteam", - "sagemaker:ListCodeRepositories", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListTags", - "sagemaker:ListWorkteams", - "secretsmanager:ListSecrets", - "secretsmanager:ListSecretVersionIds", - "securityhub:DescribeHub", - "shield:DescribeDRTAccess", - "shield:DescribeProtection", - "shield:DescribeSubscription", - "sns:GetSubscriptionAttributes", - "sns:GetTopicAttributes", - "sns:ListSubscriptions", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sns:ListTopics", - "sqs:GetQueueAttributes", - "sqs:ListQueues", - "sqs:ListQueueTags", - "ssm:DescribeAutomationExecutions", - "ssm:DescribeDocument", - "ssm:DescribeDocumentPermission", - "ssm:GetAutomationExecution", - "ssm:GetDocument", - "ssm:ListDocuments", - "states:DescribeStateMachine", - "states:ListStateMachines", - "states:ListTagsForResource", - "storagegateway:ListGateways", - "storagegateway:ListTagsForResource", - "storagegateway:ListVolumes", - "support:DescribeCases", - "tag:GetResources", - "waf-regional:GetLoggingConfiguration", - "waf-regional:GetWebACL", - "waf-regional:GetWebACLForResource", - "waf:GetLoggingConfiguration", - "waf:GetWebACL", - "wafv2:GetLoggingConfiguration" - ], - "Effect":"Allow", - "Resource":"*" - } - ], - "Version":"2012-10-17" - }, - "Path":"/service-role/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-02-10T18:33:55+00:00" - }, "AWSConfigRoleForOrganizations":{ "CreateDate":"2018-03-19T22:53:01+00:00", "DefaultVersionId":"v2", @@ -8718,7 +10107,7 @@ aws_managed_policies_data = """ }, "AWSConfigServiceRolePolicy":{ "CreateDate":"2018-05-30T23:31:46+00:00", - "DefaultVersionId":"v33", + "DefaultVersionId":"v49", "Document":{ "Statement":[ { @@ -8729,38 +10118,109 @@ aws_managed_policies_data = """ "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "account:GetAlternateContact", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:ListCertificateAuthorities", + "acm-pca:ListTags", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", - "amplifyuibuilder:GetTheme", + "airflow:GetEnvironment", + "airflow:ListEnvironments", + "airflow:ListTagsForResource", + "amplify:GetApp", + "amplify:GetBranch", + "amplify:ListApps", + "amplify:ListBranches", "amplifyuibuilder:ExportThemes", - "apigateway:GET", + "amplifyuibuilder:GetTheme", + "amplifyuibuilder:ListThemes", + "app-integrations:GetEventIntegration", + "app-integrations:ListEventIntegrationAssociations", + "app-integrations:ListEventIntegrations", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", + "appconfig:GetExtensionAssociation", "appconfig:GetHostedConfigurationVersion", + "appconfig:ListApplications", + "appconfig:ListConfigurationProfiles", + "appconfig:ListDeployments", + "appconfig:ListDeploymentStrategies", + "appconfig:ListEnvironments", + "appconfig:ListExtensionAssociations", + "appconfig:ListHostedConfigurationVersions", "appconfig:ListTagsForResource", + "appflow:DescribeConnectorProfiles", + "appflow:DescribeFlow", + "appflow:ListFlows", + "appflow:ListTagsForResource", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", + "appmesh:DescribeGatewayRoute", + "appmesh:DescribeMesh", + "appmesh:DescribeRoute", + "appmesh:DescribeVirtualGateway", + "appmesh:DescribeVirtualNode", + "appmesh:DescribeVirtualRouter", + "appmesh:DescribeVirtualService", + "appmesh:ListGatewayRoutes", + "appmesh:ListMeshes", + "appmesh:ListRoutes", + "appmesh:ListTagsForResource", + "appmesh:ListVirtualGateways", + "appmesh:ListVirtualNodes", + "appmesh:ListVirtualRouters", + "appmesh:ListVirtualServices", + "apprunner:DescribeService", + "apprunner:DescribeVpcConnector", + "apprunner:ListServices", + "apprunner:ListTagsForResource", + "apprunner:ListVpcConnectors", + "appstream:DescribeApplications", + "appstream:DescribeDirectoryConfigs", + "appstream:DescribeFleets", + "appstream:DescribeStacks", + "appstream:ListTagsForResource", + "appsync:GetApiCache", "appsync:GetGraphqlApi", "appsync:ListGraphqlApis", + "aps:DescribeLoggingConfiguration", + "APS:DescribeRuleGroupsNamespace", + "APS:DescribeWorkspace", + "aps:ListRuleGroupsNamespaces", + "aps:ListTagsForResource", + "APS:ListWorkspaces", "athena:GetDataCatalog", + "athena:GetPreparedStatement", "athena:GetWorkGroup", "athena:ListDataCatalogs", + "athena:ListPreparedStatements", "athena:ListTagsForResource", "athena:ListWorkGroups", + "auditmanager:GetAccountStatus", + "auditmanager:GetAssessment", + "auditmanager:ListAssessments", + "autoscaling-plans:DescribeScalingPlanResources", + "autoscaling-plans:DescribeScalingPlans", + "autoscaling-plans:GetScalingPlanResourceForecastData", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", + "autoscaling:DescribeWarmPool", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup:DescribeBackupVault", + "backup:DescribeFramework", + "backup:DescribeProtectedResource", "backup:DescribeRecoveryPoint", + "backup:DescribeReportPlan", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", @@ -8768,23 +10228,46 @@ aws_managed_policies_data = """ "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", + "backup:ListFrameworks", "backup:ListRecoveryPointsByBackupVault", + "backup:ListReportPlans", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", + "batch:DescribeSchedulingPolicies", + "batch:ListSchedulingPolicies", "batch:ListTagsForResource", - "billingconductor:ListBillingGroups", "billingconductor:ListAccountAssociations", - "billingconductor:ListTagsForResource", - "billingconductor:ListPricingRules", + "billingconductor:ListBillingGroups", "billingconductor:ListCustomLineItems", "billingconductor:ListPricingPlans", + "billingconductor:ListPricingRules", "billingconductor:ListPricingRulesAssociatedToPricingPlan", + "billingconductor:ListTagsForResource", + "budgets:DescribeBudgetAction", + "budgets:DescribeBudgetActionsForAccount", + "budgets:DescribeBudgetActionsForBudget", + "budgets:ViewBudget", + "cassandra:Select", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "cloud9:DescribeEnvironmentMemberships", + "cloud9:DescribeEnvironments", + "cloud9:ListEnvironments", + "cloud9:ListTagsForResource", "cloudformation:DescribeType", "cloudformation:GetResource", "cloudformation:ListResources", + "cloudformation:ListStackResources", + "cloudformation:ListStacks", "cloudformation:ListTypes", + "cloudfront:GetFunction", + "cloudfront:GetOriginAccessControl", + "cloudfront:GetResponseHeadersPolicy", "cloudfront:ListDistributions", + "cloudfront:ListFunctions", + "cloudfront:ListOriginAccessControls", + "cloudfront:ListResponseHeadersPolicies", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudtrail:GetEventDataStore", @@ -8792,27 +10275,111 @@ aws_managed_policies_data = """ "cloudtrail:GetTrailStatus", "cloudtrail:ListEventDataStores", "cloudtrail:ListTags", + "cloudtrail:ListTrails", "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAnomalyDetectors", + "cloudwatch:GetDashboard", + "cloudwatch:GetMetricStream", + "cloudwatch:ListDashboards", + "cloudwatch:ListMetricStreams", + "cloudwatch:ListTagsForResource", + "codeartifact:DescribeRepository", + "codeartifact:GetRepositoryPermissionsPolicy", + "codeartifact:ListDomains", + "codeartifact:ListPackages", + "codeartifact:ListPackageVersions", + "codeartifact:ListRepositories", + "codeartifact:ListTagsForResource", + "codebuild:BatchGetReportGroups", + "codebuild:ListReportGroups", + "codecommit:GetRepository", + "codecommit:GetRepositoryTriggers", + "codecommit:ListRepositories", + "codecommit:ListTagsForResource", "codedeploy:GetDeploymentConfig", + "codeguru-profiler:DescribeProfilingGroup", + "codeguru-profiler:GetNotificationConfiguration", + "codeguru-profiler:GetPolicy", + "codeguru-profiler:ListProfilingGroups", + "codeguru-reviewer:DescribeRepositoryAssociation", + "codeguru-reviewer:ListRepositoryAssociations", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:ListIdentityPools", + "cognito-identity:ListTagsForResource", + "cognito-idp:DescribeIdentityProvider", + "cognito-idp:DescribeResourceServer", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:DescribeUserPoolDomain", + "cognito-idp:GetGroup", + "cognito-idp:GetUserPoolMfaConfig", + "cognito-idp:ListGroups", + "cognito-idp:ListIdentityProviders", + "cognito-idp:ListResourceServers", + "cognito-idp:ListUserPoolClients", + "cognito-idp:ListUserPools", + "cognito-idp:ListTagsForResource", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", + "connect:DescribeEvaluationForm", + "connect:DescribeInstance", + "connect:DescribeInstanceStorageConfig", + "connect:DescribePhoneNumber", + "connect:DescribePrompt", + "connect:DescribeQuickConnect", + "connect:DescribeRule", + "connect:DescribeUser", + "connect:GetTaskTemplate", + "connect:ListApprovedOrigins", + "connect:ListEvaluationForms", + "connect:ListInstanceAttributes", + "connect:ListInstances", + "connect:ListInstanceStorageConfigs", + "connect:ListIntegrationAssociations", + "connect:ListPhoneNumbers", + "connect:ListPhoneNumbersV2", + "connect:ListPrompts", + "connect:ListQuickConnects", + "connect:ListRules", + "connect:ListSecurityKeys", + "connect:ListTagsForResource", + "connect:ListTaskTemplates", + "connect:ListUsers", + "connect:SearchAvailablePhoneNumbers", + "databrew:DescribeDataset", + "databrew:DescribeJob", + "databrew:DescribeProject", + "databrew:DescribeRecipe", + "databrew:DescribeRuleset", + "databrew:DescribeSchedule", + "databrew:ListDatasets", + "databrew:ListJobs", + "databrew:ListProjects", + "databrew:ListRecipes", + "databrew:ListRecipeVersions", + "databrew:ListRulesets", + "databrew:ListSchedules", "datasync:DescribeAgent", "datasync:DescribeLocationEfs", "datasync:DescribeLocationFsxLustre", + "datasync:DescribeLocationFsxWindows", "datasync:DescribeLocationHdfs", "datasync:DescribeLocationNfs", "datasync:DescribeLocationObjectStorage", "datasync:DescribeLocationS3", "datasync:DescribeLocationSmb", "datasync:DescribeTask", + "datasync:ListAgents", + "datasync:ListLocations", "datasync:ListTagsForResource", + "datasync:ListTasks", "dax:DescribeClusters", "dax:DescribeParameterGroups", "dax:DescribeParameters", @@ -8820,17 +10387,36 @@ aws_managed_policies_data = """ "dax:ListTags", "detective:ListGraphs", "detective:ListTagsForResource", + "devicefarm:GetInstanceProfile", + "devicefarm:GetNetworkProfile", + "devicefarm:GetProject", + "devicefarm:GetTestGridProject", + "devicefarm:ListInstanceProfiles", + "devicefarm:ListNetworkProfiles", + "devicefarm:ListProjects", + "devicefarm:ListTagsForResource", + "devicefarm:ListTestGridProjects", + "devops-guru:GetResourceCollection", "dms:DescribeCertificates", + "dms:DescribeEndpoints", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", + "dms:DescribeReplicationTaskAssessmentRuns", "dms:DescribeReplicationTasks", "dms:ListTagsForResource", + "ds:DescribeDirectories", + "ds:DescribeDomainControllers", + "ds:DescribeEventTopics", + "ds:ListLogSubscriptions", + "ds:ListTagsForResource", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", + "dynamodb:DescribeTableReplicaAutoScaling", + "dynamodb:DescribeTimeToLive", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", @@ -8840,21 +10426,34 @@ aws_managed_policies_data = """ "ec2:DescribeFleets", "ec2:DescribeNetworkAcls", "ec2:DescribePlacementGroups", + "ec2:DescribeRouteTables", "ec2:DescribeSpotFleetRequests", + "ec2:DescribeTags", + "ec2:DescribeTrafficMirrorFilters", + "ec2:DescribeTrafficMirrorSessions", + "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", + "ec2:GetInstanceTypesFromInstanceRequirements", + "ec2:GetIpamPoolAllocations", + "ec2:GetIpamPoolCidrs", + "ec2:GetManagedPrefixListEntries", + "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", + "ec2:GetNetworkInsightsAccessScopeContent", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", - "ecr:DescribeRepositories", + "ecr:BatchGetRepositoryScanningConfiguration", "ecr:DescribePullThroughCacheRules", "ecr:DescribeRegistry", + "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", + "ecs:DescribeCapacityProviders", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", @@ -8864,11 +10463,15 @@ aws_managed_policies_data = """ "ecs:ListTagsForResource", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", + "eks:DescribeAddon", "eks:DescribeCluster", "eks:DescribeFargateProfile", + "eks:DescribeIdentityProviderConfig", "eks:DescribeNodegroup", + "eks:ListAddons", "eks:ListClusters", "eks:ListFargateProfiles", + "eks:ListIdentityProviderConfigs", "eks:ListNodegroups", "eks:ListTagsForResource", "elasticache:DescribeCacheClusters", @@ -8900,14 +10503,22 @@ aws_managed_policies_data = """ "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", + "elasticmapreduce:DescribeStudio", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", + "elasticmapreduce:GetStudioSessionMapping", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", + "elasticmapreduce:ListStudios", + "elasticmapreduce:ListStudioSessionMappings", + "emr-containers:DescribeVirtualCluster", + "emr-containers:ListVirtualClusters", + "emr-serverless:GetApplication", + "emr-serverless:ListApplications", "es:DescribeDomain", "es:DescribeDomains", "es:DescribeElasticsearchDomain", @@ -8916,24 +10527,92 @@ aws_managed_policies_data = """ "es:GetCompatibleVersions", "es:ListDomainNames", "es:ListTags", - "events:DescribeArchive", "events:DescribeApiDestination", + "events:DescribeArchive", + "events:DescribeConnection", + "events:DescribeEndpoint", + "events:DescribeEventBus", + "events:DescribeRule", + "events:ListApiDestinations", + "events:ListArchives", + "events:ListConnections", + "events:ListEndpoints", + "events:ListEventBuses", + "events:ListRules", + "events:ListTagsForResource", + "events:ListTargetsByRule", + "evidently:GetLaunch", + "evidently:GetProject", + "evidently:GetSegment", + "evidently:ListLaunches", + "evidently:ListProjects", + "evidently:ListSegments", + "evidently:ListTagsForResource", + "finspace:GetEnvironment", + "finspace:ListEnvironments", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", - "fms:ListPolicies", - "fms:GetPolicy", - "fms:ListTagsForResource", + "fis:GetExperimentTemplate", + "fis:ListExperimentTemplates", "fms:GetNotificationChannel", + "fms:GetPolicy", + "fms:ListPolicies", + "fms:ListTagsForResource", + "forecast:DescribeDataset", + "forecast:DescribeDatasetGroup", + "forecast:ListDatasetGroups", + "forecast:ListDatasets", + "forecast:ListTagsForResource", + "frauddetector:GetDetectors", + "frauddetector:GetDetectorVersion", + "frauddetector:GetEntityTypes", + "frauddetector:GetEventTypes", + "frauddetector:GetExternalModels", + "frauddetector:GetLabels", + "frauddetector:GetModels", + "frauddetector:GetOutcomes", + "frauddetector:GetRules", + "frauddetector:GetVariables", + "frauddetector:ListTagsForResource", + "fsx:DescribeBackups", "fsx:DescribeFileSystems", + "fsx:DescribeSnapshots", + "fsx:DescribeStorageVirtualMachines", "fsx:DescribeVolumes", "fsx:ListTagsForResource", - "geo:DescribeTracker", - "geo:ListTrackerConsumers", + "gamelift:DescribeAlias", + "gamelift:DescribeBuild", + "gamelift:DescribeFleetAttributes", + "gamelift:DescribeFleetCapacity", + "gamelift:DescribeFleetLocationAttributes", + "gamelift:DescribeFleetLocationCapacity", + "gamelift:DescribeFleetPortSettings", + "gamelift:DescribeGameServerGroup", + "gamelift:DescribeGameSessionQueues", + "gamelift:DescribeMatchmakingConfigurations", + "gamelift:DescribeMatchmakingRuleSets", + "gamelift:DescribeRuntimeConfiguration", + "gamelift:DescribeScript", + "gamelift:DescribeVpcPeeringAuthorizations", + "gamelift:DescribeVpcPeeringConnections", + "gamelift:ListAliases", + "gamelift:ListBuilds", + "gamelift:ListFleets", + "gamelift:ListGameServerGroups", + "gamelift:ListScripts", + "gamelift:ListTagsForResource", "geo:DescribeGeofenceCollection", + "geo:DescribeMap", "geo:DescribePlaceIndex", "geo:DescribeRouteCalculator", - "geo:DescribeMap", + "geo:DescribeTracker", + "geo:ListGeofenceCollections", + "geo:ListMaps", + "geo:ListPlaceIndexes", + "geo:ListRouteCalculators", + "geo:ListTrackerConsumers", + "geo:ListTrackers", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", @@ -8944,25 +10623,51 @@ aws_managed_policies_data = """ "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetWorkflows", + "glue:GetClassifier", + "glue:GetClassifiers", "glue:GetCrawler", "glue:GetCrawlers", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobs", + "glue:GetMLTransform", + "glue:GetMLTransforms", + "glue:GetPartition", + "glue:GetPartitions", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", + "glue:GetTable", "glue:GetTags", "glue:GetWorkflow", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", + "glue:ListMLTransforms", "glue:ListWorkflows", + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:DescribeWorkspaceConfiguration", + "grafana:ListWorkspaces", + "greengrass:DescribeComponent", + "greengrass:GetComponent", + "greengrass:ListComponents", + "greengrass:ListComponentVersions", + "groundstation:GetConfig", + "groundstation:GetDataflowEndpointGroup", + "groundstation:GetMissionProfile", + "groundstation:ListConfigs", + "groundstation:ListDataflowEndpointGroups", + "groundstation:ListMissionProfiles", + "groundstation:ListTagsForResource", + "guardduty:DescribePublishingDestination", + "guardduty:GetAdministratorAccount", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetFindings", "guardduty:GetIPSet", "guardduty:GetMasterAccount", + "guardduty:GetMemberDetectors", "guardduty:GetMembers", "guardduty:GetThreatIntelSet", "guardduty:ListDetectors", @@ -8971,8 +10676,12 @@ aws_managed_policies_data = """ "guardduty:ListIPSets", "guardduty:ListMembers", "guardduty:ListOrganizationAdminAccounts", + "guardduty:ListPublishingDestinations", "guardduty:ListTagsForResource", "guardduty:ListThreatIntelSets", + "healthlake:DescribeFHIRDatastore", + "healthlake:ListFHIRDatastores", + "healthlake:ListTagsForResource", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", @@ -8980,71 +10689,398 @@ aws_managed_policies_data = """ "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", + "iam:GetInstanceProfile", + "iam:GetOpenIDConnectProvider", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", + "iam:GetSAMLProvider", + "iam:GetServerCertificate", "iam:GetUser", "iam:GetUserPolicy", + "iam:ListAccessKeys", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", + "iam:ListGroups", "iam:ListGroupsForUser", + "iam:ListInstanceProfiles", "iam:ListInstanceProfilesForRole", + "iam:ListInstanceProfileTags", + "iam:ListMFADevices", + "iam:ListMFADeviceTags", + "iam:ListOpenIDConnectProviders", "iam:ListPolicyVersions", "iam:ListRolePolicies", + "iam:ListRoles", + "iam:ListSAMLProviders", + "iam:ListServerCertificates", "iam:ListUserPolicies", "iam:ListVirtualMFADevices", "imagebuilder:GetComponent", + "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", + "imagebuilder:GetImage", + "imagebuilder:GetImagePipeline", + "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", + "imagebuilder:ListContainerRecipes", "imagebuilder:ListDistributionConfigurations", + "imagebuilder:ListImageBuildVersions", + "imagebuilder:ListImagePipelines", + "imagebuilder:ListImageRecipes", + "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", + "inspector2:BatchGetAccountStatus", + "inspector2:GetDelegatedAdminAccount", + "inspector2:ListFilters", + "inspector2:ListMembers", + "iot:DescribeAccountAuditConfiguration", + "iot:DescribeAuthorizer", + "iot:DescribeCACertificate", + "iot:DescribeCertificate", + "iot:DescribeCustomMetric", + "iot:DescribeDimension", + "iot:DescribeDomainConfiguration", + "iot:DescribeFleetMetric", + "iot:DescribeJobTemplate", + "iot:DescribeMitigationAction", + "iot:DescribeProvisioningTemplate", + "iot:DescribeRoleAlias", + "iot:DescribeScheduledAudit", + "iot:DescribeSecurityProfile", + "iot:GetPolicy", + "iot:GetTopicRule", + "iot:GetTopicRuleDestination", + "iot:ListAuthorizers", + "iot:ListCACertificates", + "iot:ListCertificates", + "iot:ListCustomMetrics", + "iot:ListDimensions", + "iot:ListDomainConfigurations", + "iot:ListFleetMetrics", + "iot:ListJobTemplates", + "iot:ListMitigationActions", + "iot:ListPolicies", + "iot:ListProvisioningTemplates", + "iot:ListRoleAliases", + "iot:ListScheduledAudits", + "iot:ListSecurityProfiles", + "iot:ListSecurityProfilesForTarget", + "iot:ListTagsForResource", + "iot:ListTargetsForSecurityProfile", + "iot:ListTopicRuleDestinations", + "iot:ListTopicRules", + "iot:ListV2LoggingLevels", + "iot:ValidateSecurityProfileBehaviors", + "iotanalytics:DescribeChannel", + "iotanalytics:DescribeDataset", + "iotanalytics:DescribeDatastore", + "iotanalytics:DescribePipeline", + "iotanalytics:ListChannels", + "iotanalytics:ListDatasets", + "iotanalytics:ListDatastores", + "iotanalytics:ListPipelines", + "iotanalytics:ListTagsForResource", + "iotevents:DescribeAlarmModel", + "iotevents:DescribeDetectorModel", + "iotevents:DescribeInput", + "iotevents:ListAlarmModels", + "iotevents:ListDetectorModels", + "iotevents:ListInputs", + "iotevents:ListTagsForResource", + "iotsitewise:DescribeAccessPolicy", + "iotsitewise:DescribeAsset", + "iotsitewise:DescribeAssetModel", + "iotsitewise:DescribeDashboard", + "iotsitewise:DescribeGateway", + "iotsitewise:DescribePortal", + "iotsitewise:DescribeProject", + "iotsitewise:ListAccessPolicies", + "iotsitewise:ListAssetModels", + "iotsitewise:ListAssets", + "iotsitewise:ListDashboards", + "iotsitewise:ListGateways", + "iotsitewise:ListPortals", + "iotsitewise:ListProjectAssets", + "iotsitewise:ListProjects", + "iotsitewise:ListTagsForResource", + "iottwinmaker:GetComponentType", + "iottwinmaker:GetEntity", + "iottwinmaker:GetScene", + "iottwinmaker:GetSyncJob", + "iottwinmaker:GetWorkspace", + "iottwinmaker:ListComponentTypes", + "iottwinmaker:ListEntities", + "iottwinmaker:ListScenes", + "iottwinmaker:ListSyncJobs", + "iottwinmaker:ListTagsForResource", + "iottwinmaker:ListWorkspaces", + "iotwireless:GetFuotaTask", + "iotwireless:GetMulticastGroup", + "iotwireless:GetServiceProfile", + "iotwireless:GetWirelessDevice", + "iotwireless:GetWirelessGatewayTaskDefinition", + "iotwireless:ListFuotaTasks", + "iotwireless:ListMulticastGroups", + "iotwireless:ListServiceProfiles", + "iotwireless:ListTagsForResource", + "iotwireless:ListWirelessDevices", + "iotwireless:ListWirelessGatewayTaskDefinitions", + "ivs:GetChannel", + "ivs:GetPlaybackKeyPair", + "ivs:GetRecordingConfiguration", + "ivs:GetStreamKey", + "ivs:ListChannels", + "ivs:ListPlaybackKeyPairs", + "ivs:ListRecordingConfigurations", + "ivs:ListStreamKeys", + "ivs:ListTagsForResource", "kafka:DescribeCluster", "kafka:DescribeClusterV2", + "kafka:DescribeConfiguration", + "kafka:DescribeConfigurationRevision", + "kafka:DescribeVpcConnection", + "kafka:GetClusterPolicy", "kafka:ListClusters", "kafka:ListClustersV2", + "kafka:ListConfigurations", + "kafka:ListScramSecrets", + "kafka:ListTagsForResource", + "kafka:ListVpcConnections", + "kafkaconnect:DescribeConnector", + "kafkaconnect:ListConnectors", + "kendra:DescribeIndex", + "kendra:ListIndices", + "kendra:ListTagsForResource", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:DescribeApplication", + "kinesisanalytics:ListApplications", "kinesisanalytics:ListTagsForResource", + "kinesisvideo:DescribeSignalingChannel", + "kinesisvideo:DescribeStream", + "kinesisvideo:ListSignalingChannels", + "kinesisvideo:ListStreams", + "kinesisvideo:ListTagsForResource", + "kinesisvideo:ListTagsForStream", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListKeys", "kms:ListResourceTags", + "lakeformation:DescribeResource", + "lakeformation:GetDataLakeSettings", + "lakeformation:ListPermissions", + "lakeformation:ListResources", "lambda:GetAlias", + "lambda:GetCodeSigningConfig", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetPolicy", "lambda:ListAliases", + "lambda:ListCodeSigningConfigs", "lambda:ListFunctions", + "lambda:ListTags", "lambda:ListVersionsByFunction", + "lex:DescribeBot", + "lex:DescribeBotAlias", + "lex:DescribeBotVersion", + "lex:DescribeResourcePolicy", + "lex:ListBotAliases", + "lex:ListBotLocales", + "lex:ListBots", + "lex:ListBotVersions", + "lex:ListTagsForResource", + "license-manager:GetGrant", + "license-manager:GetLicense", + "license-manager:ListDistributedGrants", + "license-manager:ListLicenses", + "license-manager:ListReceivedGrants", + "lightsail:GetAlarms", + "lightsail:GetBuckets", + "lightsail:GetCertificates", + "lightsail:GetContainerServices", + "lightsail:GetDisk", + "lightsail:GetDisks", + "lightsail:GetDistributions", + "lightsail:GetInstance", + "lightsail:GetInstances", + "lightsail:GetKeyPair", + "lightsail:GetLoadBalancer", + "lightsail:GetLoadBalancers", + "lightsail:GetLoadBalancerTlsCertificates", + "lightsail:GetRelationalDatabase", + "lightsail:GetRelationalDatabaseParameters", + "lightsail:GetRelationalDatabases", + "lightsail:GetStaticIp", + "lightsail:GetStaticIps", + "logs:DescribeMetricFilters", + "logs:DescribeDestinations", "logs:DescribeLogGroups", + "logs:GetDataProtectionPolicy", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", "logs:ListTagsLogGroup", + "lookoutequipment:DescribeInferenceScheduler", + "lookoutequipment:ListTagsForResource", + "lookoutmetrics:DescribeAlert", + "lookoutmetrics:DescribeAnomalyDetector", + "lookoutmetrics:ListAlerts", + "lookoutmetrics:ListAnomalyDetectors", + "lookoutmetrics:ListMetricSets", + "lookoutmetrics:ListTagsForResource", + "lookoutvision:DescribeProject", + "lookoutvision:ListProjects", + "m2:GetEnvironment", + "m2:ListEnvironments", + "m2:ListTagsForResource", + "macie2:DescribeOrganizationConfiguration", + "macie2:GetAutomatedDiscoveryConfiguration", + "macie2:GetClassificationExportConfiguration", + "macie2:GetCustomDataIdentifier", + "macie2:GetFindingsPublicationConfiguration", "macie2:GetMacieSession", + "macie2:ListCustomDataIdentifiers", + "macie2:ListTagsForResource", + "managedblockchain:GetMember", + "managedblockchain:GetNetwork", + "managedblockchain:GetNode", + "managedblockchain:ListInvitations", + "managedblockchain:ListMembers", + "managedblockchain:ListNodes", + "mediaconnect:DescribeFlow", + "mediaconnect:ListFlows", + "mediaconnect:ListTagsForResource", + "mediapackage-vod:DescribePackagingConfiguration", + "mediapackage-vod:DescribePackagingGroup", + "mediapackage-vod:ListPackagingConfigurations", + "mediapackage-vod:ListPackagingGroups", + "mediapackage-vod:ListTagsForResource", + "mediatailor:GetPlaybackConfiguration", + "mediatailor:ListPlaybackConfigurations", + "memorydb:DescribeAcls", + "memorydb:DescribeClusters", + "memorydb:DescribeParameterGroups", + "memorydb:DescribeParameters", + "memorydb:DescribeSubnetGroups", + "memorydb:DescribeUsers", + "memorydb:ListTags", + "mobiletargeting:GetApp", + "mobiletargeting:GetApplicationSettings", + "mobiletargeting:GetApps", + "mobiletargeting:GetCampaign", + "mobiletargeting:GetCampaigns", + "mobiletargeting:GetEmailChannel", + "mobiletargeting:GetEmailTemplate", + "mobiletargeting:GetEventStream", + "mobiletargeting:GetInAppTemplate", + "mobiletargeting:GetSegment", + "mobiletargeting:GetSegments", + "mobiletargeting:ListTagsForResource", + "mobiletargeting:ListTemplates", + "mq:DescribeBroker", + "mq:ListBrokers", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", + "networkmanager:DescribeGlobalNetworks", + "networkmanager:GetConnectPeer", + "networkmanager:GetCustomerGatewayAssociations", + "networkmanager:GetDevices", + "networkmanager:GetLinkAssociations", + "networkmanager:GetLinks", + "networkmanager:GetSites", + "networkmanager:GetTransitGatewayRegistrations", + "networkmanager:ListConnectPeers", + "networkmanager:ListTagsForResource", + "nimble:GetLaunchProfile", + "nimble:GetLaunchProfileDetails", + "nimble:GetStreamingImage", + "nimble:GetStudio", + "nimble:GetStudioComponent", + "nimble:ListLaunchProfiles", + "nimble:ListStreamingImages", + "nimble:ListStudioComponents", + "nimble:ListStudios", + "opsworks:DescribeInstances", "opsworks:DescribeLayers", + "opsworks:DescribeTimeBasedAutoScaling", + "opsworks:DescribeVolumes", "opsworks:ListTags", + "organizations:DescribeAccount", + "organizations:DescribeEffectivePolicy", "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", + "organizations:DescribeResourcePolicy", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListDelegatedAdministrators", + "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListPolicies", "organizations:ListPoliciesForTarget", + "organizations:ListRoots", + "organizations:ListTagsForResource", + "organizations:ListTargetsForPolicy", + "panorama:DescribeApplicationInstance", + "panorama:DescribeApplicationInstanceDetails", + "panorama:DescribePackage", + "panorama:DescribePackageVersion", + "panorama:ListApplicationInstances", + "panorama:ListNodes", + "panorama:ListPackages", + "personalize:DescribeDataset", + "personalize:DescribeDatasetGroup", + "personalize:DescribeSchema", + "personalize:DescribeSolution", + "personalize:ListDatasetGroups", + "personalize:ListDatasetImportJobs", + "personalize:ListDatasets", + "personalize:ListSchemas", + "personalize:ListSolutions", + "personalize:ListTagsForResource", + "profile:GetDomain", + "profile:GetIntegration", + "profile:GetProfileObjectType", + "profile:ListDomains", + "profile:ListIntegrations", + "profile:ListProfileObjectTypes", + "profile:ListTagsForResource", + "quicksight:DescribeAccountSubscription", + "quicksight:DescribeAnalysis", + "quicksight:DescribeAnalysisPermissions", + "quicksight:DescribeDashboard", + "quicksight:DescribeDashboardPermissions", + "quicksight:DescribeDataSet", + "quicksight:DescribeDataSetPermissions", + "quicksight:DescribeDataSetRefreshProperties", "quicksight:DescribeDataSource", "quicksight:DescribeDataSourcePermissions", + "quicksight:DescribeTemplate", + "quicksight:DescribeTemplatePermissions", + "quicksight:DescribeTheme", + "quicksight:DescribeThemePermissions", + "quicksight:ListAnalyses", + "quicksight:ListDashboards", + "quicksight:ListDataSets", + "quicksight:ListDataSources", "quicksight:ListTagsForResource", + "quicksight:ListTemplates", + "quicksight:ListThemes", "ram:GetResourceShareAssociations", "ram:GetResourceShares", + "ram:ListResources", + "ram:ListResourceSharePermissions", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusters", @@ -9054,11 +11090,15 @@ aws_managed_policies_data = """ "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", + "rds:DescribeDBProxies", + "rds:DescribeDBProxyEndpoints", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", + "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEventSubscriptions", + "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:ListTagsForResource", "redshift:DescribeClusterParameterGroups", @@ -9067,32 +11107,111 @@ aws_managed_policies_data = """ "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeEndpointAccess", + "redshift:DescribeEndpointAuthorization", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", + "redshift:DescribeScheduledActions", + "refactor-spaces:GetEnvironment", + "refactor-spaces:GetService", + "refactor-spaces:ListApplications", + "refactor-spaces:ListEnvironments", + "refactor-spaces:ListServices", "rekognition:DescribeStreamProcessor", + "rekognition:ListStreamProcessors", "rekognition:ListTagsForResource", + "resiliencehub:DescribeApp", + "resiliencehub:DescribeAppVersionTemplate", + "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:ListApps", + "resiliencehub:ListAppVersionResourceMappings", + "resiliencehub:ListResiliencyPolicies", + "resiliencehub:ListTagsForResource", + "resource-explorer-2:GetIndex", + "resource-explorer-2:ListIndexes", + "resource-explorer-2:ListTagsForResource", + "resource-groups:GetGroup", + "resource-groups:GetGroupConfiguration", + "resource-groups:GetGroupQuery", + "resource-groups:GetTags", + "resource-groups:ListGroupResources", + "resource-groups:ListGroups", "robomaker:DescribeRobotApplication", "robomaker:DescribeSimulationApplication", + "robomaker:ListRobotApplications", + "robomaker:ListSimulationApplications", + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:DescribeControlPanel", + "route53-recovery-control-config:DescribeRoutingControl", + "route53-recovery-control-config:DescribeSafetyRule", + "route53-recovery-control-config:ListClusters", + "route53-recovery-control-config:ListControlPanels", + "route53-recovery-control-config:ListRoutingControls", + "route53-recovery-control-config:ListSafetyRules", + "route53-recovery-control-config:ListTagsForResource", + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:GetReadinessCheck", + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:ListCells", + "route53-recovery-readiness:ListReadinessChecks", + "route53-recovery-readiness:ListRecoveryGroups", + "route53-recovery-readiness:ListResourceSets", + "route53:GetChange", + "route53:GetDNSSEC", "route53:GetHealthCheck", "route53:GetHostedZone", + "route53:ListCidrBlocks", + "route53:ListCidrCollections", + "route53:ListCidrLocations", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", + "route53resolver:GetFirewallDomainList", + "route53resolver:GetFirewallRuleGroup", + "route53resolver:GetFirewallRuleGroupAssociation", + "route53resolver:GetResolverDnssecConfig", "route53resolver:GetResolverEndpoint", + "route53resolver:GetResolverQueryLogConfig", + "route53resolver:GetResolverQueryLogConfigAssociation", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", + "route53resolver:ListFirewallDomainLists", + "route53resolver:ListFirewallDomains", + "route53resolver:ListFirewallRuleGroupAssociations", + "route53resolver:ListFirewallRuleGroups", + "route53resolver:ListFirewallRules", + "route53resolver:ListResolverDnssecConfigs", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", + "route53resolver:ListResolverQueryLogConfigAssociations", + "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", + "rum:GetAppMonitor", + "rum:GetAppMonitorData", + "rum:ListAppMonitors", + "rum:ListTagsForResource", + "s3-outposts:GetAccessPoint", + "s3-outposts:GetAccessPointPolicy", + "s3-outposts:GetBucket", + "s3-outposts:GetBucketPolicy", + "s3-outposts:GetBucketTagging", + "s3-outposts:GetLifecycleConfiguration", + "s3-outposts:ListAccessPoints", + "s3-outposts:ListEndpoints", + "s3-outposts:ListRegionalBuckets", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", + "s3:GetAccessPointForObjectLambda", "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatus", + "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", @@ -9101,6 +11220,7 @@ aws_managed_policies_data = """ "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", + "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", @@ -9108,35 +11228,80 @@ aws_managed_policies_data = """ "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", + "s3:GetMultiRegionAccessPoint", + "s3:GetMultiRegionAccessPointPolicy", + "s3:GetMultiRegionAccessPointPolicyStatus", "s3:GetReplicationConfiguration", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", "s3:ListAccessPoints", + "s3:ListAccessPointsForObjectLambda", "s3:ListAllMyBuckets", "s3:ListBucket", + "s3:ListMultiRegionAccessPoints", + "s3:ListStorageLensConfigurations", + "s3express:GetBucketPolicy", + "s3express:ListAllMyDirectoryBuckets", + "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeCodeRepository", + "sagemaker:DescribeDataQualityJobDefinition", + "sagemaker:DescribeDeviceFleet", + "sagemaker:DescribeDomain", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeFeatureGroup", + "sagemaker:DescribeImage", + "sagemaker:DescribeImageVersion", "sagemaker:DescribeModel", + "sagemaker:DescribeModelBiasJobDefinition", + "sagemaker:DescribeModelExplainabilityJobDefinition", + "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:DescribePipeline", + "sagemaker:DescribeProject", "sagemaker:DescribeWorkteam", + "sagemaker:ListAppImageConfigs", "sagemaker:ListCodeRepositories", + "sagemaker:ListDataQualityJobDefinitions", + "sagemaker:ListDeviceFleets", + "sagemaker:ListDomains", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", + "sagemaker:ListFeatureGroups", + "sagemaker:ListImages", + "sagemaker:ListImageVersions", + "sagemaker:ListModelBiasJobDefinitions", + "sagemaker:ListModelExplainabilityJobDefinitions", + "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", + "sagemaker:ListPipelines", + "sagemaker:ListProjects", "sagemaker:ListTags", "sagemaker:ListWorkteams", + "schemas:DescribeDiscoverer", + "schemas:DescribeRegistry", + "schemas:DescribeSchema", + "schemas:GetResourcePolicy", + "schemas:ListDiscoverers", + "schemas:ListRegistries", + "schemas:ListSchemas", + "sdb:GetAttributes", + "sdb:ListDomains", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", + "serviceCatalog:DescribePortfolioShares", "servicediscovery:GetInstance", "servicediscovery:GetNamespace", "servicediscovery:GetService", + "servicediscovery:ListInstances", + "servicediscovery:ListNamespaces", + "servicediscovery:ListServices", "servicediscovery:ListTagsForResource", "ses:DescribeReceiptRule", "ses:DescribeReceiptRuleSet", @@ -9146,9 +11311,18 @@ aws_managed_policies_data = """ "ses:GetEmailTemplate", "ses:GetTemplate", "ses:ListConfigurationSets", + "ses:ListContactLists", + "ses:ListEmailTemplates", + "ses:ListReceiptFilters", + "ses:ListReceiptRuleSets", + "ses:ListTemplates", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", + "signer:GetSigningProfile", + "signer:ListProfilePermissions", + "signer:ListSigningProfiles", + "sns:GetDataProtectionPolicy", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", @@ -9161,9 +11335,11 @@ aws_managed_policies_data = """ "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", + "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:ListDocuments", + "ssm:ListTagsForResource", "sso:DescribeInstanceAccessControlAttributeConfiguration", "sso:DescribePermissionSet", "sso:GetInlinePolicyForPermissionSet", @@ -9178,11 +11354,46 @@ aws_managed_policies_data = """ "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", + "sts:GetCallerIdentity", "support:DescribeCases", + "synthetics:DescribeCanaries", + "synthetics:DescribeCanariesLastRun", + "synthetics:DescribeRuntimeVersions", + "synthetics:GetCanary", + "synthetics:GetCanaryRuns", + "synthetics:GetGroup", + "synthetics:ListAssociatedGroups", + "synthetics:ListGroupResources", + "synthetics:ListGroups", + "synthetics:ListTagsForResource", "tag:GetResources", + "timestream:DescribeDatabase", + "timestream:DescribeEndpoints", + "timestream:DescribeTable", + "timestream:ListDatabases", + "timestream:ListTables", + "timestream:ListTagsForResource", + "transfer:DescribeAgreement", + "transfer:DescribeCertificate", + "transfer:DescribeConnector", + "transfer:DescribeProfile", + "transfer:DescribeServer", + "transfer:DescribeUser", + "transfer:DescribeWorkflow", + "transfer:ListAgreements", + "transfer:ListCertificates", + "transfer:ListConnectors", + "transfer:ListProfiles", + "transfer:ListServers", + "transfer:ListTagsForResource", + "transfer:ListUsers", + "transfer:ListWorkflows", + "voiceid:DescribeDomain", + "voiceid:ListTagsForResource", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", + "waf-regional:ListLoggingConfigurations", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration", @@ -9194,7 +11405,8 @@ aws_managed_policies_data = """ "workspaces:DescribeWorkspaces" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSConfigServiceRolePolicyStatementID" }, { "Action":[ @@ -9202,19 +11414,53 @@ aws_managed_policies_data = """ "logs:CreateLogGroup" ], "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*", + "Sid":"AWSConfigSLRLogStatementID" }, { "Action":"logs:PutLogEvents", "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*", + "Sid":"AWSConfigSLRLogEventStatementID" + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/apis", + "arn:aws:apigateway:*::/apis/*", + "arn:aws:apigateway:*::/apis/*/integrations", + "arn:aws:apigateway:*::/apis/*/integrations/*", + "arn:aws:apigateway:*::/domainnames", + "arn:aws:apigateway:*::/clientcertificates", + "arn:aws:apigateway:*::/clientcertificates/*", + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/restapis/*/stages/*", + "arn:aws:apigateway:*::/restapis/*/stages", + "arn:aws:apigateway:*::/restapis/*/resources", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", + "arn:aws:apigateway:*::/restapis/*/resources/*", + "arn:aws:apigateway:*::/apis/*/routes/*", + "arn:aws:apigateway:*::/apis/*/routes", + "arn:aws:apigateway:*::/v2/apis/*/routes", + "arn:aws:apigateway:*::/v2/apis/*/routes/*", + "arn:aws:apigateway:*::/v2/apis", + "arn:aws:apigateway:*::/v2/apis/*", + "arn:aws:apigateway:*::/v2/apis/*/integrations", + "arn:aws:apigateway:*::/v2/apis/*/integrations/*" + ], + "Sid":"AWSConfigSLRApiGatewayStatementID" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-15T01:41:02+00:00" + "UpdateDate":"2023-12-04T23:52:36+00:00" }, "AWSConfigUserAccess":{ "CreateDate":"2015-02-18T19:38:41+00:00", @@ -9330,9 +11576,85 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-09-28T19:50:38+00:00" }, + "AWSControlTowerAccountServiceRolePolicy":{ + "CreateDate":"2023-06-05T22:04:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"events:PutRule", + "Condition":{ + "ForAnyValue:StringEquals":{ + "events:source":"aws.securityhub" + }, + "Null":{ + "events:detail-type":"false" + }, + "StringEquals":{ + "events:ManagedBy":"controltower.amazonaws.com", + "events:detail-type":"Security Hub Findings - Imported" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/*ControlTower*", + "Sid":"AllowPutRuleOnSpecificSourcesAndDetailTypes" + }, + { + "Action":[ + "events:DeleteRule", + "events:EnableRule", + "events:DisableRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"controltower.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/*ControlTower*", + "Sid":"AllowOtherOperationsOnRulesManagedByControlTower" + }, + { + "Action":[ + "events:DescribeRule", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/*ControlTower*", + "Sid":"AllowDescribeOperationsOnRulesManagedByControlTower" + }, + { + "Action":"sns:publish", + "Condition":{ + "StringEquals":{ + "aws:PrincipalAccount":"${aws:ResourceAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:aws-controltower-AggregateSecurityNotifications", + "Sid":"AllowControlTowerToPublishSecurityNotifications" + }, + { + "Action":[ + "securityhub:DescribeStandardsControls", + "securityhub:GetEnabledStandards" + ], + "Effect":"Allow", + "Resource":"arn:aws:securityhub:*:*:hub/default", + "Sid":"AllowActionsForSecurityHubIntegration" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-05T22:04:50+00:00" + }, "AWSControlTowerServiceRolePolicy":{ "CreateDate":"2019-05-03T18:19:11+00:00", - "DefaultVersionId":"v8", + "DefaultVersionId":"v10", "Document":{ "Statement":[ { @@ -9417,7 +11739,8 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":[ - "arn:aws:iam::*:role/AWSControlTowerExecution" + "arn:aws:iam::*:role/AWSControlTowerExecution", + "arn:aws:iam::*:role/AWSControlTowerBlueprintAccess" ] }, { @@ -9508,13 +11831,22 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "account:EnableRegion", + "account:ListRegions", + "account:GetRegionOptStatus" + ], + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-20T21:45:54+00:00" + "UpdateDate":"2023-04-12T19:15:51+00:00" }, "AWSCostAndUsageReportAutomationPolicy":{ "CreateDate":"2021-11-01T21:27:29+00:00", @@ -9561,6 +11893,92 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-01T21:27:29+00:00" }, + "AWSDMSFleetAdvisorServiceRolePolicy":{ + "CreateDate":"2023-03-06T09:10:42+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/DMS/FleetAdvisor" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-06T09:10:42+00:00" + }, + "AWSDMSServerlessServiceRolePolicy":{ + "CreateDate":"2023-05-18T20:28:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "dms:CreateReplicationInstance", + "dms:CreateReplicationTask" + ], + "Condition":{ + "StringEquals":{ + "dms:req-tag/ResourceCreatedBy":"DMSServerless" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"id0" + }, + { + "Action":[ + "dms:DescribeReplicationInstances", + "dms:DescribeReplicationTasks" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"id1" + }, + { + "Action":[ + "dms:StartReplicationTask", + "dms:StopReplicationTask", + "dms:DeleteReplicationTask", + "dms:DeleteReplicationInstance" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "aws:ResourceTag/ResourceCreatedBy":"DMSServerless" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:dms:*:*:rep:*", + "arn:aws:dms:*:*:task:*" + ], + "Sid":"id2" + }, + { + "Action":[ + "dms:TestConnection", + "dms:DeleteConnection" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:dms:*:*:rep:*", + "arn:aws:dms:*:*:endpoint:*" + ], + "Sid":"id3" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-18T20:28:05+00:00" + }, "AWSDataExchangeFullAccess":{ "CreateDate":"2019-11-13T19:27:59+00:00", "DefaultVersionId":"v6", @@ -9984,9 +12402,71 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-29T23:00:06+00:00" }, + "AWSDataLifecycleManagerSSMFullAccess":{ + "CreateDate":"2023-10-31T20:29:44+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:GetCommandInvocation", + "ssm:ListCommands", + "ssm:DescribeInstanceInformation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowSSMReadOnlyAccess" + }, + { + "Action":[ + "ssm:SendCommand", + "ssm:DescribeDocument", + "ssm:GetDocument" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/DLMScriptsAccess":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/*" + ], + "Sid":"AllowTaggedSSMDocumentsOnly" + }, + { + "Action":[ + "ssm:SendCommand", + "ssm:DescribeDocument", + "ssm:GetDocument" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", + "arn:aws:ssm:*:*:document/AWSSystemsManagerSAP-CreateDLMSnapshotForSAPHANA" + ], + "Sid":"AllowSpecificAWSOwnedSSMDocuments" + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"AllowAllEC2Instances" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-16T22:31:54+00:00" + }, "AWSDataLifecycleManagerServiceRole":{ "CreateDate":"2018-07-06T19:34:16+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -10002,7 +12482,9 @@ aws_managed_policies_data = """ "ec2:DisableFastSnapshotRestores", "ec2:CopySnapshot", "ec2:ModifySnapshotAttribute", - "ec2:DescribeSnapshotAttribute" + "ec2:DescribeSnapshotAttribute", + "ec2:DescribeSnapshotTierStatus", + "ec2:ModifySnapshotTier" ], "Effect":"Allow", "Resource":"*" @@ -10033,7 +12515,7 @@ aws_managed_policies_data = """ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-12-11T18:15:06+00:00" + "UpdateDate":"2022-09-19T17:34:08+00:00" }, "AWSDataLifecycleManagerServiceRoleForAMIManagement":{ "CreateDate":"2020-10-21T19:39:41+00:00", @@ -10090,97 +12572,6 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-19T17:03:44+00:00" }, - "AWSDataPipelineRole":{ - "CreateDate":"2015-02-06T18:41:24+00:00", - "DefaultVersionId":"v6", - "Document":{ - "Statement":[ - { - "Action":[ - "cloudwatch:*", - "datapipeline:DescribeObjects", - "datapipeline:EvaluateExpression", - "dynamodb:BatchGetItem", - "dynamodb:DescribeTable", - "dynamodb:GetItem", - "dynamodb:Query", - "dynamodb:Scan", - "dynamodb:UpdateTable", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CancelSpotInstanceRequests", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:Describe*", - "ec2:ModifyImageAttribute", - "ec2:ModifyInstanceAttribute", - "ec2:RequestSpotInstances", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupEgress", - "ec2:DescribeNetworkInterfaces", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DetachNetworkInterface", - "elasticmapreduce:*", - "iam:GetInstanceProfile", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "iam:ListInstanceProfiles", - "iam:PassRole", - "rds:DescribeDBInstances", - "rds:DescribeDBSecurityGroups", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "s3:CreateBucket", - "s3:DeleteObject", - "s3:Get*", - "s3:List*", - "s3:Put*", - "sdb:BatchPutAttributes", - "sdb:Select*", - "sns:GetTopicAttributes", - "sns:ListTopics", - "sns:Publish", - "sns:Subscribe", - "sns:Unsubscribe", - "sqs:CreateQueue", - "sqs:Delete*", - "sqs:GetQueue*", - "sqs:PurgeQueue", - "sqs:ReceiveMessage" - ], - "Effect":"Allow", - "Resource":[ - "*" - ] - }, - { - "Action":"iam:CreateServiceLinkedRole", - "Condition":{ - "StringLike":{ - "iam:AWSServiceName":[ - "elasticmapreduce.amazonaws.com", - "spot.amazonaws.com" - ] - } - }, - "Effect":"Allow", - "Resource":"*" - } - ], - "Version":"2012-10-17" - }, - "Path":"/service-role/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2017-12-22T23:43:28+00:00" - }, "AWSDataPipeline_FullAccess":{ "CreateDate":"2017-01-19T23:14:54+00:00", "DefaultVersionId":"v2", @@ -10262,9 +12653,55 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-08-17T18:49:42+00:00" }, + "AWSDataSyncDiscoveryServiceRolePolicy":{ + "CreateDate":"2023-03-20T22:19:51+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"datasync" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:secretsmanager:*:*:secret:datasync!*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:logs:*:*:log-group:/aws/datasync*" + ] + }, + { + "Action":[ + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:logs:*:*:log-group:/aws/datasync:log-stream:*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-20T22:19:51+00:00" + }, "AWSDataSyncFullAccess":{ "CreateDate":"2019-01-18T19:40:36+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -10276,8 +12713,11 @@ aws_managed_policies_data = """ "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints", "ec2:ModifyNetworkInterfaceAttribute", "fsx:DescribeFileSystems", + "fsx:DescribeStorageVirtualMachines", + "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "iam:GetRole", @@ -10285,8 +12725,12 @@ aws_managed_policies_data = """ "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:DescribeResourcePolicies", + "outposts:ListOutposts", + "s3:GetBucketLocation", "s3:ListAllMyBuckets", - "s3:ListBucket" + "s3:ListBucket", + "s3-outposts:ListAccessPoints", + "s3-outposts:ListRegionalBuckets" ], "Effect":"Allow", "Resource":"*" @@ -10310,7 +12754,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-06-30T17:58:58+00:00" + "UpdateDate":"2023-05-02T16:37:43+00:00" }, "AWSDataSyncReadOnlyAccess":{ "CreateDate":"2019-01-18T19:18:44+00:00", @@ -11203,7 +13647,7 @@ aws_managed_policies_data = """ }, "AWSDenyAll":{ "CreateDate":"2019-05-01T22:36:14+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -11211,14 +13655,15 @@ aws_managed_policies_data = """ "*" ], "Effect":"Deny", - "Resource":"*" + "Resource":"*", + "Sid":"DenyAll" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-05-01T22:36:14+00:00" + "UpdateDate":"2023-12-18T16:42:05+00:00" }, "AWSDeviceFarmFullAccess":{ "CreateDate":"2015-07-13T16:37:38+00:00", @@ -11239,6 +13684,99 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-07-13T16:37:38+00:00" }, + "AWSDeviceFarmServiceRolePolicy":{ + "CreateDate":"2022-09-20T21:02:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/AWSDeviceFarmManaged":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AWSDeviceFarmManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AWSDeviceFarmManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-09-20T21:02:28+00:00" + }, "AWSDeviceFarmTestGridServiceRolePolicy":{ "CreateDate":"2021-05-26T22:01:35+00:00", "DefaultVersionId":"v1", @@ -11845,7 +14383,7 @@ aws_managed_policies_data = """ }, "AWSECRPullThroughCache_ServiceRolePolicy":{ "CreateDate":"2021-11-26T21:51:09+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -11858,14 +14396,28 @@ aws_managed_policies_data = """ "ecr:PutImage" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ECR" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:ecr-pullthroughcache/*", + "Sid":"SecretsManager" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-26T21:51:09+00:00" + "UpdateDate":"2023-11-13T15:23:16+00:00" }, "AWSElasticBeanstalkCustomPlatformforEC2Role":{ "CreateDate":"2017-02-21T22:50:30+00:00", @@ -12023,7 +14575,7 @@ aws_managed_policies_data = """ }, "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy":{ "CreateDate":"2021-03-03T22:18:00+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -12163,6 +14715,7 @@ aws_managed_policies_data = """ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", + "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteScheduledAction", @@ -12199,6 +14752,7 @@ aws_managed_policies_data = """ }, { "Action":[ + "elasticloadbalancing:AddTags", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:CreateLoadBalancer", @@ -12288,17 +14842,33 @@ aws_managed_policies_data = """ "arn:aws:cloudwatch:*:*:alarm:eb-*" ], "Sid":"CWPutMetricAlarmOperationPermissions" + }, + { + "Action":[ + "ecs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "ecs:CreateAction":[ + "CreateCluster", + "RegisterTaskDefinition" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowECSTagResource" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-06-16T22:40:31+00:00" + "UpdateDate":"2023-03-23T23:15:54+00:00" }, "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy":{ "CreateDate":"2019-11-21T22:35:06+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -12358,7 +14928,9 @@ aws_managed_policies_data = """ "elasticloadbalancing:Describe*", "logs:DescribeLogGroups", "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic" + "sns:ListSubscriptionsByTopic", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances" ], "Effect":"Allow", "Resource":"*", @@ -12369,6 +14941,7 @@ aws_managed_policies_data = """ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", + "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteScheduledAction", @@ -12480,17 +15053,54 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*", "Sid":"SNS" + }, + { + "Action":[ + "ec2:CreateLaunchTemplate", + "ec2:DeleteLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DeleteLaunchTemplateVersions" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"EC2LaunchTemplate" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "ArnLike":{ + "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowLaunchTemplateRunInstances" + }, + { + "Action":[ + "ecs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "ecs:CreateAction":[ + "RegisterTaskDefinition" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowECSTagResource" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-12-11T18:21:32+00:00" + "UpdateDate":"2023-03-24T00:18:43+00:00" }, "AWSElasticBeanstalkMulticontainerDocker":{ "CreateDate":"2016-02-08T23:15:29+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -12509,13 +15119,29 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*", "Sid":"ECSAccess" + }, + { + "Action":[ + "ecs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "ecs:CreateAction":[ + "RegisterContainerInstance", + "StartTask" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowECSTagResource" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2016-06-06T23:45:37+00:00" + "UpdateDate":"2023-03-23T22:04:20+00:00" }, "AWSElasticBeanstalkReadOnly":{ "CreateDate":"2021-01-22T19:02:37+00:00", @@ -12846,7 +15472,7 @@ aws_managed_policies_data = """ }, "AWSElasticBeanstalkRoleECS":{ "CreateDate":"2020-06-05T21:47:27+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -12861,13 +15487,29 @@ aws_managed_policies_data = """ "*" ], "Sid":"AllowECS" + }, + { + "Action":[ + "ecs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "ecs:CreateAction":[ + "CreateCluster", + "RegisterTaskDefinition" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowECSTagResource" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-06-05T21:47:27+00:00" + "UpdateDate":"2023-03-23T22:43:56+00:00" }, "AWSElasticBeanstalkRoleRDS":{ "CreateDate":"2020-06-05T21:46:55+00:00", @@ -12968,7 +15610,7 @@ aws_managed_policies_data = """ }, "AWSElasticBeanstalkService":{ "CreateDate":"2016-04-11T20:27:23+00:00", - "DefaultVersionId":"v16", + "DefaultVersionId":"v17", "Document":{ "Statement":[ { @@ -12992,6 +15634,22 @@ aws_managed_policies_data = """ ], "Sid":"AllowDeleteCloudwatchLogGroups" }, + { + "Action":[ + "ecs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "ecs:CreateAction":[ + "CreateCluster", + "RegisterTaskDefinition" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowECSTagResource" + }, { "Action":[ "s3:*" @@ -13014,11 +15672,27 @@ aws_managed_policies_data = """ "Resource":"*", "Sid":"AllowLaunchTemplateRunInstances" }, + { + "Action":[ + "elasticloadbalancing:AddTags" + ], + "Condition":{ + "StringEquals":{ + "elasticloadbalancing:CreateAction":[ + "CreateLoadBalancer" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowELBAddTags" + }, { "Action":[ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", + "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteScheduledAction", @@ -13121,7 +15795,7 @@ aws_managed_policies_data = """ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-06-14T23:18:46+00:00" + "UpdateDate":"2023-05-10T19:29:34+00:00" }, "AWSElasticBeanstalkServiceRolePolicy":{ "CreateDate":"2017-09-13T23:46:37+00:00", @@ -13345,19 +16019,22 @@ aws_managed_policies_data = """ }, "AWSElasticDisasterRecoveryAgentInstallationPolicy":{ "CreateDate":"2021-11-17T10:37:54+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "drs:GetAgentInstallationAssetsForDrs", "drs:SendClientLogsForDrs", + "drs:SendClientMetricsForDrs", "drs:CreateSourceServerForDrs", "drs:CreateRecoveryInstanceForDrs", - "drs:DescribeRecoveryInstances" + "drs:DescribeRecoveryInstances", + "drs:CreateSourceNetwork" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSAgentInstallationPolicy1" }, { "Action":"drs:TagResource", @@ -13367,7 +16044,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:source-server/*" + "Resource":"arn:aws:drs:*:*:source-server/*", + "Sid":"DRSAgentInstallationPolicy2" }, { "Action":"drs:TagResource", @@ -13377,23 +16055,36 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:recovery-instance/*" + "Resource":"arn:aws:drs:*:*:source-server/*", + "Sid":"DRSAgentInstallationPolicy3" + }, + { + "Action":"drs:TagResource", + "Condition":{ + "StringEquals":{ + "drs:CreateAction":"CreateSourceNetwork" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:source-network/*", + "Sid":"DRSAgentInstallationPolicy4" }, { "Action":"drs:IssueAgentCertificateForDrs", "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:source-server/*" + "Resource":"arn:aws:drs:*:*:source-server/*", + "Sid":"DRSAgentInstallationPolicy5" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-03T09:11:23+00:00" + "UpdateDate":"2023-11-27T12:38:51+00:00" }, "AWSElasticDisasterRecoveryAgentPolicy":{ "CreateDate":"2021-11-17T10:32:32+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -13411,18 +16102,27 @@ aws_managed_policies_data = """ "drs:IssueAgentCertificateForDrs" ], "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:source-server/${aws:SourceIdentity}" + "Resource":"arn:aws:drs:*:*:source-server/${aws:SourceIdentity}", + "Sid":"DRSAgentPolicy1" + }, + { + "Action":[ + "drs:GetAgentInstallationAssetsForDrs" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DRSAgentPolicy2" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-17T10:32:32+00:00" + "UpdateDate":"2023-11-27T13:44:15+00:00" }, "AWSElasticDisasterRecoveryConsoleFullAccess":{ "CreateDate":"2021-11-17T10:46:29+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -13430,7 +16130,8 @@ aws_managed_policies_data = """ "drs:*" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ConsoleFullAccess1" }, { "Action":[ @@ -13438,7 +16139,8 @@ aws_managed_policies_data = """ "kms:DescribeKey" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ConsoleFullAccess2" }, { "Action":[ @@ -13457,25 +16159,32 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", - "ec2:GetEbsDefaultKmsKeyId" + "ec2:GetEbsDefaultKmsKeyId", + "ec2:DescribeKeyPairs", + "ec2:DescribeCapacityReservations", + "ec2:DescribeHosts" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ConsoleFullAccess3" }, { "Action":"license-manager:ListLicenseConfigurations", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ConsoleFullAccess4" }, { "Action":"resource-groups:ListGroups", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ConsoleFullAccess5" }, { "Action":"elasticloadbalancing:DescribeLoadBalancers", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ConsoleFullAccess6" }, { "Action":[ @@ -13483,7 +16192,8 @@ aws_managed_policies_data = """ "iam:ListRoles" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ConsoleFullAccess7" }, { "Action":"iam:PassRole", @@ -13496,7 +16206,8 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole" - ] + ], + "Sid":"ConsoleFullAccess8" }, { "Action":[ @@ -13511,13 +16222,16 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:snapshot/*" + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"ConsoleFullAccess9" }, { "Action":[ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate", - "ec2:DeleteLaunchTemplateVersions" + "ec2:DeleteLaunchTemplateVersions", + "ec2:CreateTags", + "ec2:DeleteTags" ], "Condition":{ "Null":{ @@ -13525,7 +16239,21 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:launch-template/*" + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"ConsoleFullAccess10" + }, + { + "Action":[ + "ec2:CreateLaunchTemplate" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"ConsoleFullAccess11" }, { "Action":[ @@ -13540,7 +16268,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess12" }, { "Action":[ @@ -13560,7 +16289,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:instance/*" + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ConsoleFullAccess13" }, { "Action":[ @@ -13577,7 +16307,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:security-group/*" + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"ConsoleFullAccess14" }, { "Action":[ @@ -13592,12 +16323,14 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess15" }, { "Action":"ec2:CreateSecurityGroup", "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:vpc/*" + "Resource":"arn:aws:ec2:*:*:vpc/*", + "Sid":"ConsoleFullAccess16" }, { "Action":[ @@ -13612,7 +16345,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:security-group/*" + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"ConsoleFullAccess17" }, { "Action":[ @@ -13627,7 +16361,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess18" }, { "Action":[ @@ -13642,7 +16377,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:snapshot/*" + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"ConsoleFullAccess19" }, { "Action":[ @@ -13658,7 +16394,30 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:instance/*" + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ConsoleFullAccess20" + }, + { + "Action":[ + "ec2:DetachVolume", + "ec2:AttachVolume", + "ec2:StartInstances", + "ec2:GetConsoleOutput", + "ec2:GetConsoleScreenshot" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + }, + "StringEquals":{ + "ec2:ResourceTag/AWSDRS":"AllowLaunchingIntoThisInstance" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ConsoleFullAccess21" }, { "Action":[ @@ -13673,7 +16432,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess22" }, { "Action":[ @@ -13685,7 +16445,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess23" }, { "Action":[ @@ -13700,7 +16461,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:instance/*" + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ConsoleFullAccess24" }, { "Action":[ @@ -13719,7 +16481,8 @@ aws_managed_policies_data = """ "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" - ] + ], + "Sid":"ConsoleFullAccess25" }, { "Action":"ec2:CreateTags", @@ -13742,18 +16505,599 @@ aws_managed_policies_data = """ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*" - ] + ], + "Sid":"ConsoleFullAccess26" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateLaunchTemplate" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"ConsoleFullAccess27" + }, + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStacks" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess28" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess29" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-29T08:40:00+00:00" + "UpdateDate":"2023-10-16T12:24:20+00:00" + }, + "AWSElasticDisasterRecoveryConsoleFullAccess_v2":{ + "CreateDate":"2023-11-27T13:35:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess1" + }, + { + "Action":[ + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess2" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:GetEbsEncryptionByDefault", + "ec2:GetEbsDefaultKmsKeyId", + "ec2:DescribeKeyPairs", + "ec2:DescribeCapacityReservations", + "ec2:DescribeHosts" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess3" + }, + { + "Action":"license-manager:ListLicenseConfigurations", + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess4" + }, + { + "Action":"resource-groups:ListGroups", + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess5" + }, + { + "Action":"elasticloadbalancing:DescribeLoadBalancers", + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess6" + }, + { + "Action":[ + "iam:ListInstanceProfiles", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess7" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", + "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole", + "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole" + ], + "Sid":"ConsoleFullAccess8" + }, + { + "Action":[ + "ec2:DeleteSnapshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"ConsoleFullAccess9" + }, + { + "Action":[ + "ec2:CreateLaunchTemplateVersion", + "ec2:ModifyLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"ConsoleFullAccess10" + }, + { + "Action":[ + "ec2:CreateLaunchTemplate" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"ConsoleFullAccess11" + }, + { + "Action":[ + "ec2:DeleteVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess12" + }, + { + "Action":[ + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:ModifyInstanceAttribute", + "ec2:GetConsoleOutput", + "ec2:GetConsoleScreenshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ConsoleFullAccess13" + }, + { + "Action":[ + "ec2:RevokeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"ConsoleFullAccess14" + }, + { + "Action":[ + "ec2:CreateVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess15" + }, + { + "Action":"ec2:CreateSecurityGroup", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc/*", + "Sid":"ConsoleFullAccess16" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"ConsoleFullAccess17" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess18" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"ConsoleFullAccess19" + }, + { + "Action":[ + "ec2:DetachVolume", + "ec2:AttachVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ConsoleFullAccess20" + }, + { + "Action":[ + "ec2:DetachVolume", + "ec2:AttachVolume", + "ec2:StartInstances", + "ec2:GetConsoleOutput", + "ec2:GetConsoleScreenshot" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + }, + "StringEquals":{ + "ec2:ResourceTag/AWSDRS":"AllowLaunchingIntoThisInstance" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ConsoleFullAccess21" + }, + { + "Action":[ + "ec2:AttachVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess22" + }, + { + "Action":[ + "ec2:DetachVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ConsoleFullAccess23" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ConsoleFullAccess24" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:launch-template/*" + ], + "Sid":"ConsoleFullAccess25" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "StringEquals":{ + "ec2:CreateAction":[ + "CreateSecurityGroup", + "CreateVolume", + "CreateSnapshot", + "RunInstances" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"ConsoleFullAccess26" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateLaunchTemplate" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"ConsoleFullAccess27" + }, + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStacks" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess28" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess29" + }, + { + "Action":[ + "ssm:DescribeInstanceInformation" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ConsoleFullAccess30" + }, + { + "Action":[ + "ssm:SendCommand", + "ssm:StartAutomationExecution" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:automation-definition/AWS-CreateImage:$DEFAULT", + "arn:aws:ssm:*:*:document/AWSMigration-ValidateNetworkConnectivity", + "arn:aws:ssm:*:*:document/AWSMigration-VerifyMountedVolumes", + "arn:aws:ssm:*:*:document/AWSMigration-ValidateHttpResponse", + "arn:aws:ssm:*:*:document/AWSMigration-ValidateDiskSpace", + "arn:aws:ssm:*:*:document/AWSMigration-VerifyProcessIsRunning", + "arn:aws:ssm:*:*:document/AWSMigration-LinuxTimeSyncSetting", + "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure" + ], + "Sid":"ConsoleFullAccess31" + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"ConsoleFullAccess32" + }, + { + "Action":[ + "ssm:ListDocuments", + "ssm:ListCommandInvocations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleFullAccess33" + }, + { + "Action":[ + "ssm:GetParameter", + "ssm:PutParameter" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecoveryService-*", + "Sid":"ConsoleFullAccess34" + }, + { + "Action":[ + "ssm:DescribeDocument", + "ssm:GetDocument" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:document/*", + "Sid":"ConsoleFullAccess35" + }, + { + "Action":[ + "ssm:GetParameters" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecovery-*" + ], + "Sid":"ConsoleFullAccess36" + }, + { + "Action":[ + "ssm:GetAutomationExecution" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:automation-execution/*", + "Sid":"ConsoleFullAccess37" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-27T13:35:19+00:00" }, "AWSElasticDisasterRecoveryConversionServerPolicy":{ "CreateDate":"2021-11-17T13:42:23+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -13762,7 +17106,8 @@ aws_managed_policies_data = """ "drs:SendClientLogsForDrs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSConversionServerPolicy1" }, { "Action":[ @@ -13770,28 +17115,33 @@ aws_managed_policies_data = """ "drs:SendChannelCommandResultForDrs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSConversionServerPolicy2" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-17T13:42:23+00:00" + "UpdateDate":"2023-11-27T13:13:38+00:00" }, - "AWSElasticDisasterRecoveryEc2InstancePolicy":{ - "CreateDate":"2022-05-26T12:30:18+00:00", - "DefaultVersionId":"v1", + "AWSElasticDisasterRecoveryCrossAccountReplicationPolicy":{ + "CreateDate":"2023-05-14T07:16:47+00:00", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ - "drs:GetAgentInstallationAssetsForDrs", - "drs:SendClientLogsForDrs", + "ec2:DescribeVolumes", + "ec2:DescribeVolumeAttribute", + "ec2:DescribeInstances", + "drs:DescribeSourceServers", + "drs:DescribeReplicationConfigurationTemplates", "drs:CreateSourceServerForDrs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CrossAccountPolicy1" }, { "Action":[ @@ -13803,7 +17153,58 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:source-server/*" + "Resource":"arn:aws:drs:*:*:source-server/*", + "Sid":"CrossAccountPolicy2" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2024-01-17T13:19:58+00:00" + }, + "AWSElasticDisasterRecoveryEc2InstancePolicy":{ + "CreateDate":"2022-05-26T12:30:18+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:GetAgentInstallationAssetsForDrs", + "drs:SendClientLogsForDrs", + "drs:SendClientMetricsForDrs", + "drs:CreateSourceServerForDrs", + "drs:CreateSourceNetwork" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DRSEc2InstancePolicy1" + }, + { + "Action":[ + "drs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "drs:CreateAction":"CreateSourceServerForDrs" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:source-server/*", + "Sid":"DRSEc2InstancePolicy2" + }, + { + "Action":[ + "drs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "drs:CreateAction":"CreateSourceNetwork" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:source-network/*", + "Sid":"DRSEc2InstancePolicy3" }, { "Action":[ @@ -13819,18 +17220,38 @@ aws_managed_policies_data = """ "drs:GetAgentReplicationInfoForDrs" ], "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:source-server/*" + "Resource":"arn:aws:drs:*:*:source-server/*", + "Sid":"DRSEc2InstancePolicy4" + }, + { + "Action":[ + "sts:AssumeRole", + "sts:TagSession" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "sts:TransitiveTagKeys":"SourceInstanceARN" + }, + "StringLike":{ + "aws:RequestTag/SourceInstanceARN":"${ec2:SourceInstanceARN}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/DRSCrossAccountAgentAuthorizedRole_*" + ], + "Sid":"DRSEc2InstancePolicy5" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-26T12:30:18+00:00" + "UpdateDate":"2023-11-27T13:39:44+00:00" }, "AWSElasticDisasterRecoveryFailbackInstallationPolicy":{ "CreateDate":"2021-11-17T11:02:03+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -13841,7 +17262,8 @@ aws_managed_policies_data = """ "drs:DescribeSourceServers" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSFailbackInstallationPolicy1" }, { "Action":[ @@ -13853,18 +17275,19 @@ aws_managed_policies_data = """ "drs:UpdateFailbackClientDeviceMappingForDrs" ], "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:recovery-instance/*" + "Resource":"arn:aws:drs:*:*:recovery-instance/*", + "Sid":"DRSFailbackInstallationPolicy2" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-27T09:13:40+00:00" + "UpdateDate":"2023-11-27T13:43:08+00:00" }, "AWSElasticDisasterRecoveryFailbackPolicy":{ "CreateDate":"2021-11-17T10:41:40+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -13873,7 +17296,8 @@ aws_managed_policies_data = """ "drs:SendClientLogsForDrs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSFailbackPolicy1" }, { "Action":[ @@ -13881,7 +17305,8 @@ aws_managed_policies_data = """ "drs:SendChannelCommandResultForDrs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSFailbackPolicy2" }, { "Action":[ @@ -13889,7 +17314,8 @@ aws_managed_policies_data = """ "drs:DescribeRecoveryInstances" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSFailbackPolicy3" }, { "Action":[ @@ -13905,18 +17331,310 @@ aws_managed_policies_data = """ "drs:IssueAgentCertificateForDrs" ], "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:recovery-instance/${aws:SourceIdentity}" + "Resource":"arn:aws:drs:*:*:recovery-instance/${aws:SourceIdentity}", + "Sid":"DRSFailbackPolicy4" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-17T10:41:40+00:00" + "UpdateDate":"2023-11-27T12:56:46+00:00" + }, + "AWSElasticDisasterRecoveryLaunchActionsPolicy":{ + "CreateDate":"2023-09-13T07:38:26+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:DescribeInstanceInformation" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"LaunchActionsPolicy1" + }, + { + "Action":[ + "ssm:SendCommand", + "ssm:StartAutomationExecution" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + }, + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/*", + "arn:aws:ssm:*:*:automation-definition/*:*" + ], + "Sid":"LaunchActionsPolicy2" + }, + { + "Action":[ + "ssm:SendCommand", + "ssm:StartAutomationExecution" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*::document/AWS-*", + "arn:aws:ssm:*::document/AWSCodeDeployAgent-*", + "arn:aws:ssm:*::document/AWSConfigRemediation-*", + "arn:aws:ssm:*::document/AWSConformancePacks-*", + "arn:aws:ssm:*::document/AWSDisasterRecovery-*", + "arn:aws:ssm:*::document/AWSDistroOTel-*", + "arn:aws:ssm:*::document/AWSDocs-*", + "arn:aws:ssm:*::document/AWSEC2-*", + "arn:aws:ssm:*::document/AWSEC2Launch-*", + "arn:aws:ssm:*::document/AWSFIS-*", + "arn:aws:ssm:*::document/AWSFleetManager-*", + "arn:aws:ssm:*::document/AWSIncidents-*", + "arn:aws:ssm:*::document/AWSKinesisTap-*", + "arn:aws:ssm:*::document/AWSMigration-*", + "arn:aws:ssm:*::document/AWSNVMe-*", + "arn:aws:ssm:*::document/AWSNitroEnclavesWindows-*", + "arn:aws:ssm:*::document/AWSObservabilityExporter-*", + "arn:aws:ssm:*::document/AWSPVDriver-*", + "arn:aws:ssm:*::document/AWSQuickSetupType-*", + "arn:aws:ssm:*::document/AWSQuickStarts-*", + "arn:aws:ssm:*::document/AWSRefactorSpaces-*", + "arn:aws:ssm:*::document/AWSResilienceHub-*", + "arn:aws:ssm:*::document/AWSSAP-*", + "arn:aws:ssm:*::document/AWSSAPTools-*", + "arn:aws:ssm:*::document/AWSSQLServer-*", + "arn:aws:ssm:*::document/AWSSSO-*", + "arn:aws:ssm:*::document/AWSSupport-*", + "arn:aws:ssm:*::document/AWSSystemsManagerSAP-*", + "arn:aws:ssm:*::document/AmazonCloudWatch-*", + "arn:aws:ssm:*::document/AmazonCloudWatchAgent-*", + "arn:aws:ssm:*::document/AmazonECS-*", + "arn:aws:ssm:*::document/AmazonEFSUtils-*", + "arn:aws:ssm:*::document/AmazonEKS-*", + "arn:aws:ssm:*::document/AmazonInspector-*", + "arn:aws:ssm:*::document/AmazonInspector2-*", + "arn:aws:ssm:*::document/AmazonInternal-*", + "arn:aws:ssm:*::document/AwsEnaNetworkDriver-*", + "arn:aws:ssm:*::document/AwsVssComponents-*", + "arn:aws:ssm:*::automation-definition/AWS-*:*", + "arn:aws:ssm:*::automation-definition/AWSCodeDeployAgent-*:*", + "arn:aws:ssm:*::automation-definition/AWSConfigRemediation-*:*", + "arn:aws:ssm:*::automation-definition/AWSConformancePacks-*:*", + "arn:aws:ssm:*::automation-definition/AWSDisasterRecovery-*:*", + "arn:aws:ssm:*::automation-definition/AWSDistroOTel-*:*", + "arn:aws:ssm:*::automation-definition/AWSDocs-*:*", + "arn:aws:ssm:*::automation-definition/AWSEC2-*:*", + "arn:aws:ssm:*::automation-definition/AWSEC2Launch-*:*", + "arn:aws:ssm:*::automation-definition/AWSFIS-*:*", + "arn:aws:ssm:*::automation-definition/AWSFleetManager-*:*", + "arn:aws:ssm:*::automation-definition/AWSIncidents-*:*", + "arn:aws:ssm:*::automation-definition/AWSKinesisTap-*:*", + "arn:aws:ssm:*::automation-definition/AWSMigration-*:*", + "arn:aws:ssm:*::automation-definition/AWSNVMe-*:*", + "arn:aws:ssm:*::automation-definition/AWSNitroEnclavesWindows-*:*", + "arn:aws:ssm:*::automation-definition/AWSObservabilityExporter-*:*", + "arn:aws:ssm:*::automation-definition/AWSPVDriver-*:*", + "arn:aws:ssm:*::automation-definition/AWSQuickSetupType-*:*", + "arn:aws:ssm:*::automation-definition/AWSQuickStarts-*:*", + "arn:aws:ssm:*::automation-definition/AWSRefactorSpaces-*:*", + "arn:aws:ssm:*::automation-definition/AWSResilienceHub-*:*", + "arn:aws:ssm:*::automation-definition/AWSSAP-*:*", + "arn:aws:ssm:*::automation-definition/AWSSAPTools-*:*", + "arn:aws:ssm:*::automation-definition/AWSSQLServer-*:*", + "arn:aws:ssm:*::automation-definition/AWSSSO-*:*", + "arn:aws:ssm:*::automation-definition/AWSSupport-*:*", + "arn:aws:ssm:*::automation-definition/AWSSystemsManagerSAP-*:*", + "arn:aws:ssm:*::automation-definition/AmazonCloudWatch-*:*", + "arn:aws:ssm:*::automation-definition/AmazonCloudWatchAgent-*:*", + "arn:aws:ssm:*::automation-definition/AmazonECS-*:*", + "arn:aws:ssm:*::automation-definition/AmazonEFSUtils-*:*", + "arn:aws:ssm:*::automation-definition/AmazonEKS-*:*", + "arn:aws:ssm:*::automation-definition/AmazonInspector-*:*", + "arn:aws:ssm:*::automation-definition/AmazonInspector2-*:*", + "arn:aws:ssm:*::automation-definition/AmazonInternal-*:*", + "arn:aws:ssm:*::automation-definition/AwsEnaNetworkDriver-*:*", + "arn:aws:ssm:*::automation-definition/AwsVssComponents-*:*" + ], + "Sid":"LaunchActionsPolicy3" + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"LaunchActionsPolicy4" + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "drs.amazonaws.com" + ] + }, + "StringEquals":{ + "aws:ResourceTag/AWSDRS":"AllowLaunchingIntoThisInstance" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"LaunchActionsPolicy5" + }, + { + "Action":[ + "ssm:ListDocuments", + "ssm:ListCommandInvocations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LaunchActionsPolicy6" + }, + { + "Action":[ + "ssm:ListDocumentVersions", + "ssm:GetDocument", + "ssm:DescribeDocument" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:document/*", + "Sid":"LaunchActionsPolicy7" + }, + { + "Action":[ + "ssm:GetAutomationExecution" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:automation-execution/*", + "Sid":"LaunchActionsPolicy8" + }, + { + "Action":[ + "ssm:GetParameters" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecoveryService-*", + "Sid":"LaunchActionsPolicy9" + }, + { + "Action":[ + "ssm:GetParameter", + "ssm:PutParameter" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecoveryService-*", + "Sid":"LaunchActionsPolicy10" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"drs.amazonaws.com" + }, + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceWithLaunchActionsRole" + ], + "Sid":"LaunchActionsPolicy11" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-10-16T12:28:44+00:00" + }, + "AWSElasticDisasterRecoveryNetworkReplicationPolicy":{ + "CreateDate":"2023-06-11T12:36:48+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeVpcAttribute", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeNetworkAcls", + "ec2:DescribeSecurityGroups", + "ec2:DescribeRouteTables", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeManagedPrefixLists", + "ec2:GetManagedPrefixListEntries", + "ec2:GetManagedPrefixListAssociations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DRSNetworkReplicationPolicy1" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2024-01-02T13:25:23+00:00" }, "AWSElasticDisasterRecoveryReadOnlyAccess":{ "CreateDate":"2021-11-17T10:50:05+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -13932,10 +17650,12 @@ aws_managed_policies_data = """ "drs:GetReplicationConfiguration", "drs:ListExtensibleSourceServers", "drs:ListStagingAccounts", - "drs:ListTagsForResource" + "drs:ListTagsForResource", + "drs:ListLaunchActions" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSReadOnlyAccess1" }, { "Action":[ @@ -13945,23 +17665,68 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSReadOnlyAccess2" }, { "Action":"iam:ListRoles", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSReadOnlyAccess4" + }, + { + "Action":"ssm:ListCommandInvocations", + "Effect":"Allow", + "Resource":"*", + "Sid":"DRSReadOnlyAccess5" + }, + { + "Action":"ssm:GetParameter", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSElasticDisasterRecovery-*", + "Sid":"DRSReadOnlyAccess6" + }, + { + "Action":[ + "ssm:DescribeDocument", + "ssm:GetDocument" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWS-CreateImage", + "arn:aws:ssm:*:*:document/AWSMigration-ValidateNetworkConnectivity", + "arn:aws:ssm:*:*:document/AWSMigration-VerifyMountedVolumes", + "arn:aws:ssm:*:*:document/AWSMigration-ValidateHttpResponse", + "arn:aws:ssm:*:*:document/AWSMigration-ValidateDiskSpace", + "arn:aws:ssm:*:*:document/AWSMigration-VerifyProcessIsRunning", + "arn:aws:ssm:*:*:document/AWSMigration-LinuxTimeSyncSetting", + "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure" + ], + "Sid":"DRSReadOnlyAccess7" + }, + { + "Action":[ + "ssm:GetAutomationExecution" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:automation-execution/*", + "Sid":"DRSReadOnlyAccess8" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-29T08:27:37+00:00" + "UpdateDate":"2023-11-27T13:03:00+00:00" }, "AWSElasticDisasterRecoveryRecoveryInstancePolicy":{ "CreateDate":"2021-11-17T10:20:43+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -13985,32 +17750,94 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:recovery-instance/*" + "Resource":"arn:aws:drs:*:*:recovery-instance/*", + "Sid":"DRSRecoveryInstancePolicy1" }, { "Action":[ "drs:DescribeRecoveryInstances" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSRecoveryInstancePolicy2" }, { "Action":[ "ec2:DescribeInstanceTypes" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSRecoveryInstancePolicy3" + }, + { + "Action":[ + "drs:GetAgentInstallationAssetsForDrs", + "drs:SendClientLogsForDrs", + "drs:CreateSourceServerForDrs" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DRSRecoveryInstancePolicy4" + }, + { + "Action":[ + "drs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "drs:CreateAction":"CreateSourceServerForDrs" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:source-server/*", + "Sid":"DRSRecoveryInstancePolicy5" + }, + { + "Action":[ + "drs:SendAgentMetricsForDrs", + "drs:SendAgentLogsForDrs", + "drs:UpdateAgentSourcePropertiesForDrs", + "drs:UpdateAgentReplicationInfoForDrs", + "drs:UpdateAgentConversionInfoForDrs", + "drs:GetAgentCommandForDrs", + "drs:GetAgentConfirmedResumeInfoForDrs", + "drs:GetAgentRuntimeConfigurationForDrs", + "drs:UpdateAgentBacklogForDrs", + "drs:GetAgentReplicationInfoForDrs" + ], + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:source-server/*", + "Sid":"DRSRecoveryInstancePolicy6" + }, + { + "Action":[ + "sts:AssumeRole", + "sts:TagSession" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "sts:TransitiveTagKeys":"SourceInstanceARN" + }, + "StringLike":{ + "aws:RequestTag/SourceInstanceARN":"${ec2:SourceInstanceARN}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/DRSCrossAccountAgentAuthorizedRole_*" + ], + "Sid":"DRSRecoveryInstancePolicy7" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-17T10:20:43+00:00" + "UpdateDate":"2023-11-27T13:11:08+00:00" }, "AWSElasticDisasterRecoveryReplicationServerPolicy":{ "CreateDate":"2021-11-17T13:34:00+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -14019,7 +17846,8 @@ aws_managed_policies_data = """ "drs:SendClientLogsForDrs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSReplicationServerPolicy1" }, { "Action":[ @@ -14027,7 +17855,8 @@ aws_managed_policies_data = """ "drs:SendChannelCommandResultForDrs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSReplicationServerPolicy2" }, { "Action":[ @@ -14045,7 +17874,8 @@ aws_managed_policies_data = """ "drs:SendVolumeStatsForDrs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSReplicationServerPolicy3" }, { "Action":[ @@ -14053,7 +17883,8 @@ aws_managed_policies_data = """ "ec2:DescribeSnapshots" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSReplicationServerPolicy4" }, { "Action":[ @@ -14065,7 +17896,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"DRSReplicationServerPolicy5" }, { "Action":[ @@ -14077,7 +17909,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:snapshot/*" + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"DRSReplicationServerPolicy6" }, { "Action":"ec2:CreateTags", @@ -14087,18 +17920,19 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSReplicationServerPolicy7" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-10T12:34:15+00:00" + "UpdateDate":"2023-11-27T13:28:14+00:00" }, "AWSElasticDisasterRecoveryServiceRolePolicy":{ "CreateDate":"2021-11-17T10:56:17+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -14106,14 +17940,16 @@ aws_managed_policies_data = """ "drs:ListTagsForResource" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSServiceRolePolicy1" }, { "Action":[ "drs:TagResource" ], "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:recovery-instance/*" + "Resource":"arn:aws:drs:*:*:recovery-instance/*", + "Sid":"DRSServiceRolePolicy2" }, { "Action":[ @@ -14121,17 +17957,20 @@ aws_managed_policies_data = """ "drs:TagResource" ], "Effect":"Allow", - "Resource":"arn:aws:drs:*:*:source-server/*" + "Resource":"arn:aws:drs:*:*:source-server/*", + "Sid":"DRSServiceRolePolicy3" }, { "Action":"iam:GetInstanceProfile", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSServiceRolePolicy4" }, { "Action":"kms:ListRetirableGrants", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSServiceRolePolicy5" }, { "Action":[ @@ -14148,18 +17987,30 @@ aws_managed_policies_data = """ "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", + "ec2:DescribeVolumeAttribute", "ec2:GetEbsDefaultKmsKeyId", - "ec2:GetEbsEncryptionByDefault" + "ec2:GetEbsEncryptionByDefault", + "ec2:DescribeVpcAttribute", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpcs", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables", + "ec2:DescribeDhcpOptions", + "ec2:DescribeManagedPrefixLists", + "ec2:GetManagedPrefixListEntries", + "ec2:GetManagedPrefixListAssociations" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSServiceRolePolicy6" }, { "Action":[ "ec2:RegisterImage" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSServiceRolePolicy7" }, { "Action":[ @@ -14171,7 +18022,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSServiceRolePolicy8" }, { "Action":[ @@ -14183,7 +18035,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:snapshot/*" + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"DRSServiceRolePolicy9" }, { "Action":[ @@ -14198,7 +18051,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:launch-template/*" + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"DRSServiceRolePolicy10" }, { "Action":[ @@ -14211,7 +18065,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"DRSServiceRolePolicy11" }, { "Action":[ @@ -14228,7 +18083,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:instance/*" + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"DRSServiceRolePolicy12" }, { "Action":[ @@ -14242,7 +18098,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:security-group/*" + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"DRSServiceRolePolicy13" }, { "Action":[ @@ -14254,7 +18111,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"DRSServiceRolePolicy14" }, { "Action":[ @@ -14266,14 +18124,16 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:security-group/*" + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"DRSServiceRolePolicy15" }, { "Action":[ "ec2:CreateSecurityGroup" ], "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:vpc/*" + "Resource":"arn:aws:ec2:*:*:vpc/*", + "Sid":"DRSServiceRolePolicy16" }, { "Action":[ @@ -14285,7 +18145,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:launch-template/*" + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"DRSServiceRolePolicy17" }, { "Action":[ @@ -14297,7 +18158,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"DRSServiceRolePolicy18" }, { "Action":[ @@ -14309,7 +18171,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:snapshot/*" + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"DRSServiceRolePolicy19" }, { "Action":[ @@ -14322,7 +18185,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:instance/*" + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"DRSServiceRolePolicy20" }, { "Action":[ @@ -14334,14 +18198,16 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"DRSServiceRolePolicy21" }, { "Action":[ "ec2:DetachVolume" ], "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:volume/*" + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"DRSServiceRolePolicy22" }, { "Action":[ @@ -14353,7 +18219,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:instance/*" + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"DRSServiceRolePolicy23" }, { "Action":[ @@ -14367,7 +18234,8 @@ aws_managed_policies_data = """ "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" - ] + ], + "Sid":"DRSServiceRolePolicy24" }, { "Action":"iam:PassRole", @@ -14381,7 +18249,8 @@ aws_managed_policies_data = """ "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryReplicationServerRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole" - ] + ], + "Sid":"DRSServiceRolePolicy25" }, { "Action":"ec2:CreateTags", @@ -14403,7 +18272,8 @@ aws_managed_policies_data = """ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*" - ] + ], + "Sid":"DRSServiceRolePolicy26" }, { "Action":"ec2:CreateTags", @@ -14415,23 +18285,25 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:image/*" - ] + ], + "Sid":"DRSServiceRolePolicy27" }, { "Action":"cloudwatch:GetMetricData", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSServiceRolePolicy28" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-10T12:44:41+00:00" + "UpdateDate":"2024-01-17T13:49:07+00:00" }, "AWSElasticDisasterRecoveryStagingAccountPolicy":{ "CreateDate":"2022-05-26T09:49:18+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -14444,7 +18316,8 @@ aws_managed_policies_data = """ "drs:DescribeJobLogItems" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DRSStagingAccountPolicy1" }, { "Action":[ @@ -14459,14 +18332,64 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:snapshot/*" + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"DRSStagingAccountPolicy2" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-26T09:49:18+00:00" + "UpdateDate":"2023-11-27T13:07:49+00:00" + }, + "AWSElasticDisasterRecoveryStagingAccountPolicy_v2":{ + "CreateDate":"2023-01-05T12:11:44+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:DescribeSourceServers", + "drs:DescribeRecoverySnapshots", + "drs:CreateConvertedSnapshotForDrs", + "drs:GetReplicationConfiguration", + "drs:DescribeJobs", + "drs:DescribeJobLogItems" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DRSStagingAccountPolicyv21" + }, + { + "Action":[ + "ec2:ModifySnapshotAttribute" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + }, + "StringEquals":{ + "ec2:Add/userId":"${aws:SourceIdentity}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"DRSStagingAccountPolicyv22" + }, + { + "Action":"drs:IssueAgentCertificateForDrs", + "Effect":"Allow", + "Resource":[ + "arn:aws:drs:*:*:source-server/*" + ], + "Sid":"DRSStagingAccountPolicyv23" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-27T13:32:09+00:00" }, "AWSElasticLoadBalancingClassicServiceRolePolicy":{ "CreateDate":"2017-09-19T22:36:18+00:00", @@ -14682,6 +18605,39 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-30T00:04:29+00:00" }, + "AWSElementalMediaPackageV2FullAccess":{ + "CreateDate":"2023-07-25T20:29:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":"mediapackagev2:*", + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-07-25T20:29:37+00:00" + }, + "AWSElementalMediaPackageV2ReadOnly":{ + "CreateDate":"2023-07-25T20:31:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":[ + "mediapackagev2:List*", + "mediapackagev2:Get*" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-07-25T20:31:25+00:00" + }, "AWSElementalMediaStoreFullAccess":{ "CreateDate":"2018-03-05T23:15:31+00:00", "DefaultVersionId":"v1", @@ -14786,9 +18742,148 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-09-20T17:29:09+00:00" }, + "AWSEntityResolutionConsoleFullAccess":{ + "CreateDate":"2023-08-17T17:54:14+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "entityresolution:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EntityResolutionAccess" + }, + { + "Action":[ + "glue:GetSchema", + "glue:SearchTables", + "glue:GetSchemaByDefinition", + "glue:GetSchemaVersion", + "glue:GetSchemaVersionsDiff", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetTableVersion", + "glue:GetTableVersions" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"GlueSourcesConsoleDisplay" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3BucketsConsoleDisplay" + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetBucketLocation", + "s3:ListBucketVersions", + "s3:GetBucketVersioning" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3SourcesConsoleDisplay" + }, + { + "Action":[ + "tag:GetTagKeys", + "tag:GetTagValues" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"TaggingConsoleDisplay" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"KMSConsoleDisplay" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListRolesToPickRoleForPassing" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "entityresolution.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*entityresolution*", + "Sid":"PassRoleToEntityResolutionService" + }, + { + "Action":[ + "events:DeleteRule", + "events:PutTargets", + "events:PutRule" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/entity-resolution-automatic*" + ], + "Sid":"ManageEventBridgeRules" + }, + { + "Action":[ + "dataexchange:GetDataSet" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ADXReadAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-10-16T18:46:10+00:00" + }, + "AWSEntityResolutionConsoleReadOnlyAccess":{ + "CreateDate":"2023-08-17T18:18:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "entityresolution:Get*", + "entityresolution:List*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EntityResolutionRead" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-08-17T18:18:36+00:00" + }, "AWSFMAdminFullAccess":{ "CreateDate":"2018-05-09T18:06:18+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -14797,21 +18892,80 @@ aws_managed_policies_data = """ "waf:*", "waf-regional:*", "elasticloadbalancing:SetWebACL", - "organizations:DescribeOrganization" + "firehose:ListDeliveryStreams", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListRoots", + "organizations:ListChildren", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListOrganizationalUnitsForParent", + "shield:GetSubscriptionState", + "route53resolver:ListFirewallRuleGroups", + "route53resolver:GetFirewallRuleGroup", + "wafv2:ListRuleGroups", + "wafv2:ListAvailableManagedRuleGroups", + "wafv2:CheckCapacity", + "wafv2:PutLoggingConfiguration", + "wafv2:ListAvailableManagedRuleGroupVersions", + "network-firewall:DescribeRuleGroup", + "network-firewall:DescribeRuleGroupMetadata", + "network-firewall:ListRuleGroups", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeRegions" ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "s3:PutBucketPolicy", + "s3:GetBucketPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-waf-logs-*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "fms.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:EnableAWSServiceAccess", + "organizations:ListDelegatedAdministrators", + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "fms.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-05-09T18:06:18+00:00" + "UpdateDate":"2022-10-20T23:39:06+00:00" }, "AWSFMAdminReadOnlyAccess":{ "CreateDate":"2018-05-09T20:07:39+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -14822,17 +18976,59 @@ aws_managed_policies_data = """ "waf:List*", "waf-regional:Get*", "waf-regional:List*", - "organizations:DescribeOrganization" + "firehose:ListDeliveryStreams", + "organizations:DescribeOrganization", + "organizations:DescribeAccount", + "organizations:ListRoots", + "organizations:ListChildren", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListOrganizationalUnitsForParent", + "shield:GetSubscriptionState", + "route53resolver:ListFirewallRuleGroups", + "route53resolver:GetFirewallRuleGroup", + "wafv2:ListRuleGroups", + "wafv2:ListAvailableManagedRuleGroups", + "wafv2:CheckCapacity", + "wafv2:ListAvailableManagedRuleGroupVersions", + "network-firewall:DescribeRuleGroup", + "network-firewall:DescribeRuleGroupMetadata", + "network-firewall:ListRuleGroups", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeRegions" ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "s3:GetBucketPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-waf-logs-*" + ] + }, + { + "Action":[ + "organizations:ListDelegatedAdministrators" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "fms.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-05-09T20:07:39+00:00" + "UpdateDate":"2022-10-31T22:42:13+00:00" }, "AWSFMMemberReadOnlyAccess":{ "CreateDate":"2018-05-09T21:05:29+00:00", @@ -14858,6 +19054,391 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-05-09T21:05:29+00:00" }, + "AWSFaultInjectionSimulatorEC2Access":{ + "CreateDate":"2022-10-26T20:39:26+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:RebootInstances", + "ec2:SendSpotInstanceInterruptions", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"AllowEc2Actions" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":"true" + }, + "StringLike":{ + "kms:ViaService":"ec2.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:kms:*:*:key/*" + ], + "Sid":"AllowEc2InstancesWithEncryptedEbsVolumes" + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ssm:*:*:document/*" + ], + "Sid":"AllowSSMSendOnEc2" + }, + { + "Action":[ + "ssm:CancelCommand", + "ssm:ListCommands" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowSSMStopOnEc2" + }, + { + "Action":"ec2:DescribeInstances", + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeInstances" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-27T15:08:12+00:00" + }, + "AWSFaultInjectionSimulatorECSAccess":{ + "CreateDate":"2022-10-26T20:37:56+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ecs:DescribeClusters", + "ecs:ListContainerInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecs:*:*:cluster/*" + ] + }, + { + "Action":[ + "ecs:DescribeTasks", + "ecs:StopTask" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecs:*:*:task/*/*" + ] + }, + { + "Action":[ + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecs:*:*:container-instance/*/*" + ] + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:managed-instance/*", + "arn:aws:ssm:*:*:document/*" + ] + }, + { + "Action":[ + "ssm:ListCommands", + "ssm:CancelCommand" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-01T10:48:27+00:00" + }, + "AWSFaultInjectionSimulatorEKSAccess":{ + "CreateDate":"2022-10-26T20:34:43+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":"ec2:DescribeInstances", + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeInstances" + }, + { + "Action":"ec2:TerminateInstances", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"TerminateInstances" + }, + { + "Action":"ec2:DescribeSubnets", + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeSubnets" + }, + { + "Action":"eks:DescribeCluster", + "Effect":"Allow", + "Resource":"arn:aws:eks:*:*:cluster/*", + "Sid":"DescribeCluster" + }, + { + "Action":"eks:DescribeNodegroup", + "Effect":"Allow", + "Resource":"arn:aws:eks:*:*:nodegroup/*", + "Sid":"DescribeNodeGroup" + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"TargetResolutionByTags" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-13T16:44:51+00:00" + }, + "AWSFaultInjectionSimulatorNetworkAccess":{ + "CreateDate":"2022-10-26T20:32:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/managedByFIS":"true", + "ec2:CreateAction":"CreateNetworkAcl" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-acl/*" + }, + { + "Action":"ec2:CreateNetworkAcl", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/managedByFIS":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-acl/*" + }, + { + "Action":[ + "ec2:CreateNetworkAclEntry", + "ec2:DeleteNetworkAcl" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/managedByFIS":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-acl/*", + "arn:aws:ec2:*:*:vpc/*" + ] + }, + { + "Action":"ec2:CreateNetworkAcl", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc/*" + }, + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeManagedPrefixLists", + "ec2:DescribeSubnets", + "ec2:DescribeNetworkAcls" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:ReplaceNetworkAclAssociation", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:network-acl/*" + ] + }, + { + "Action":"ec2:GetManagedPrefixListEntries", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:prefix-list/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-10-26T20:32:50+00:00" + }, + "AWSFaultInjectionSimulatorRDSAccess":{ + "CreateDate":"2022-10-26T20:30:57+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:FailoverDBCluster" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:cluster:*" + ], + "Sid":"AllowFailover" + }, + { + "Action":[ + "rds:RebootDBInstance" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:db:*" + ], + "Sid":"AllowReboot" + }, + { + "Action":[ + "rds:DescribeDBClusters", + "rds:DescribeDBInstances" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeResources" + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"TargetResolutionByTags" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-13T16:23:29+00:00" + }, + "AWSFaultInjectionSimulatorSSMAccess":{ + "CreateDate":"2022-10-26T15:33:44+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":[ + "ssm:StartAutomationExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:automation-definition/*:*" + ] + }, + { + "Action":[ + "ssm:GetAutomationExecution", + "ssm:StopAutomationExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:automation-execution/*" + ] + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ssm:*:*:document/*" + ] + }, + { + "Action":[ + "ssm:ListCommands", + "ssm:CancelCommand" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-02T22:55:18+00:00" + }, + "AWSFinSpaceServiceRolePolicy":{ + "CreateDate":"2023-05-12T16:42:03+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/FinSpace", + "AWS/Usage" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSFinSpaceServiceRolePolicy" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-01T21:05:00+00:00" + }, "AWSForWordPressPluginPolicy":{ "CreateDate":"2019-10-30T00:27:46+00:00", "DefaultVersionId":"v2", @@ -14938,9 +19519,34 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-01-20T23:20:47+00:00" }, + "AWSGitSyncServiceRolePolicy":{ + "CreateDate":"2023-11-16T17:05:42+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codestar-connections:UseConnection" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*", + "Sid":"AccessGitRepos" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-16T17:05:42+00:00" + }, "AWSGlobalAcceleratorSLRPolicy":{ "CreateDate":"2019-04-05T19:39:13+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -14952,10 +19558,12 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "ec2:DescribeRegions", "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface" + "ec2:DeleteNetworkInterface", + "ec2:DescribeAddresses" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2Action1" }, { "Action":[ @@ -14969,7 +19577,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2Action2" }, { "Action":[ @@ -14977,12 +19586,18 @@ aws_managed_policies_data = """ "ec2:DescribeSecurityGroups" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2Action3" }, { - "Action":"elasticloadbalancing:DescribeLoadBalancers", + "Action":[ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeTargetGroups" + ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ElbAction1" }, { "Action":"ec2:CreateTags", @@ -14990,18 +19605,19 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*" - ] + ], + "Sid":"EC2Action4" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-02T18:33:56+00:00" + "UpdateDate":"2023-09-12T16:45:28+00:00" }, "AWSGlueConsoleFullAccess":{ "CreateDate":"2017-08-14T13:37:39+00:00", - "DefaultVersionId":"v12", + "DefaultVersionId":"v14", "Document":{ "Statement":[ { @@ -15032,18 +19648,23 @@ aws_managed_policies_data = """ "s3:ListBucket", "s3:GetBucketAcl", "s3:GetBucketLocation", + "cloudformation:ListStacks", "cloudformation:DescribeStacks", "cloudformation:GetTemplateSummary", "dynamodb:ListTables", "kms:ListAliases", "kms:DescribeKey", "cloudwatch:GetMetricData", - "cloudwatch:ListDashboards" + "cloudwatch:ListDashboards", + "databrew:ListRecipes", + "databrew:ListRecipeVersions", + "databrew:DescribeRecipe" ], "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"BaseAppPermissions" }, { "Action":[ @@ -15175,7 +19796,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-02-11T19:49:01+00:00" + "UpdateDate":"2023-07-14T14:37:54+00:00" }, "AWSGlueConsoleSageMakerNotebookFullAccess":{ "CreateDate":"2018-10-05T17:52:35+00:00", @@ -15606,7 +20227,7 @@ aws_managed_policies_data = """ }, "AWSGlueServiceNotebookRole":{ "CreateDate":"2017-08-14T13:37:42+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -15653,7 +20274,8 @@ aws_managed_policies_data = """ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", - "s3:GetBucketAcl" + "s3:GetBucketAcl", + "codewhisperer:GenerateRecommendations" ], "Effect":"Allow", "Resource":[ @@ -15704,11 +20326,11 @@ aws_managed_policies_data = """ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-10-07T18:05:54+00:00" + "UpdateDate":"2023-10-09T15:59:41+00:00" }, "AWSGlueServiceRole":{ "CreateDate":"2017-08-14T13:37:21+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -15775,7 +20397,7 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":[ - "arn:aws:logs:*:*:/aws-glue/*" + "arn:aws:logs:*:*:*:/aws-glue/*" ] }, { @@ -15802,7 +20424,7 @@ aws_managed_policies_data = """ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-06-25T18:23:09+00:00" + "UpdateDate":"2023-09-11T16:39:47+00:00" }, "AWSGrafanaAccountAdministrator":{ "CreateDate":"2021-02-23T00:20:38+00:00", @@ -15872,7 +20494,7 @@ aws_managed_policies_data = """ }, "AWSGrafanaWorkspacePermissionManagement":{ "CreateDate":"2021-02-23T00:15:54+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -15886,13 +20508,71 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"arn:aws:grafana:*:*:/workspaces*", "Sid":"AWSGrafanaPermissions" + }, + { + "Action":[ + "sso:DescribeRegisteredRegions", + "sso:GetSharedSsoConfiguration", + "sso:ListDirectoryAssociations", + "sso:GetManagedApplicationInstance", + "sso:ListProfiles", + "sso:AssociateProfile", + "sso:DisassociateProfile", + "sso:GetProfile", + "sso:ListProfileAssociations", + "sso-directory:DescribeUser", + "sso-directory:DescribeGroup" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMIdentityCenterPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-09-21T20:30:06+00:00" + "UpdateDate":"2023-03-15T22:17:26+00:00" + }, + "AWSGrafanaWorkspacePermissionManagementV2":{ + "CreateDate":"2024-01-05T18:39:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:UpdatePermissions", + "grafana:ListPermissions", + "grafana:ListWorkspaces" + ], + "Effect":"Allow", + "Resource":"arn:aws:grafana:*:*:/workspaces*", + "Sid":"AWSGrafanaPermissions" + }, + { + "Action":[ + "sso:DescribeRegisteredRegions", + "sso:GetSharedSsoConfiguration", + "sso:ListDirectoryAssociations", + "sso:GetManagedApplicationInstance", + "sso:ListProfiles", + "sso:GetProfile", + "sso:ListProfileAssociations", + "sso-directory:DescribeUser", + "sso-directory:DescribeGroup" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMIdentityCenterPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2024-01-05T18:39:46+00:00" }, "AWSGreengrassFullAccess":{ "CreateDate":"2017-05-03T00:47:37+00:00", @@ -16034,6 +20714,27 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-14T00:35:02+00:00" }, + "AWSGroundStationAgentInstancePolicy":{ + "CreateDate":"2023-03-29T15:23:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "groundstation:RegisterAgent", + "groundstation:UpdateAgentStatus", + "groundstation:GetAgentConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-29T15:23:12+00:00" + }, "AWSHealthFullAccess":{ "CreateDate":"2016-12-06T12:30:31+00:00", "DefaultVersionId":"v3", @@ -16080,26 +20781,208 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-16T18:11:34+00:00" }, - "AWSIPAMServiceRolePolicy":{ - "CreateDate":"2021-11-30T19:08:11+00:00", + "AWSHealthImagingFullAccess":{ + "CreateDate":"2023-07-25T23:39:40+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ + "medical-imaging:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"medical-imaging.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-07-25T23:39:40+00:00" + }, + "AWSHealthImagingReadOnlyAccess":{ + "CreateDate":"2023-07-25T23:40:40+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "medical-imaging:GetDICOMImportJob", + "medical-imaging:GetDatastore", + "medical-imaging:GetImageFrame", + "medical-imaging:GetImageSet", + "medical-imaging:GetImageSetMetadata", + "medical-imaging:ListDICOMImportJobs", + "medical-imaging:ListDatastores", + "medical-imaging:ListImageSetVersions", + "medical-imaging:ListTagsForResource", + "medical-imaging:SearchImageSets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-08-01T15:18:49+00:00" + }, + "AWSHealth_EventProcessorServiceRolePolicy":{ + "CreateDate":"2023-01-13T19:24:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "events:DeleteRule", + "events:PutTargets", + "events:PutRule", + "events:RemoveTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"event-processor.health.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:DescribeRule", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-01-13T19:24:56+00:00" + }, + "AWSIAMIdentityCenterAllowListForIdentityContext":{ + "CreateDate":"2023-11-08T15:21:33+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Effect":"Deny", + "NotAction":[ + "athena:BatchGetNamedQuery", + "athena:BatchGetPreparedStatement", + "athena:BatchGetQueryExecution", + "athena:CreateNamedQuery", + "athena:CreatePreparedStatement", + "athena:DeleteNamedQuery", + "athena:DeletePreparedStatement", + "athena:GetNamedQuery", + "athena:GetPreparedStatement", + "athena:GetQueryExecution", + "athena:GetQueryResults", + "athena:GetQueryResultsStream", + "athena:GetQueryRuntimeStatistics", + "athena:GetWorkGroup", + "athena:ListNamedQueries", + "athena:ListPreparedStatements", + "athena:ListQueryExecutions", + "athena:StartQueryExecution", + "athena:StopQueryExecution", + "athena:UpdateNamedQuery", + "athena:UpdatePreparedStatement", + "athena:GetDatabase", + "athena:GetDataCatalog", + "athena:GetTableMetadata", + "athena:ListDatabases", + "athena:ListDataCatalogs", + "athena:ListTableMetadata", + "athena:ListWorkGroups", + "elasticmapreduce:GetClusterSessionCredentials", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetTableVersions", + "glue:GetPartition", + "glue:GetPartitions", + "glue:BatchGetPartition", + "glue:GetColumnStatisticsForPartition", + "glue:GetColumnStatisticsForTable", + "glue:SearchTables", + "glue:CreateDatabase", + "glue:UpdateDatabase", + "glue:DeleteDatabase", + "glue:CreateTable", + "glue:DeleteTable", + "glue:BatchDeleteTable", + "glue:UpdateTable", + "glue:BatchCreatePartition", + "glue:CreatePartition", + "glue:DeletePartition", + "glue:BatchDeletePartition", + "glue:UpdatePartition", + "glue:BatchUpdatePartition", + "glue:DeleteColumnStatisticsForPartition", + "glue:DeleteColumnStatisticsForTable", + "glue:UpdateColumnStatisticsForPartition", + "glue:UpdateColumnStatisticsForTable", + "lakeformation:GetDataAccess", + "s3:GetAccessGrantsInstanceForPrefix", + "s3:GetDataAccess" + ], + "Resource":"*", + "Sid":"TrustedIdentityPropagation" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-25T19:27:00+00:00" + }, + "AWSIPAMServiceRolePolicy":{ + "CreateDate":"2021-11-30T19:08:11+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeByoipCidrs", "ec2:DescribeIpv6Pools", + "ec2:DescribeNetworkInterfaces", "ec2:DescribePublicIpv4Pools", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSecurityGroupRules", "ec2:DescribeSubnets", "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:GetIpamDiscoveredAccounts", + "ec2:GetIpamDiscoveredPublicAddresses", + "ec2:GetIpamDiscoveredResourceCidrs", + "globalaccelerator:ListAccelerators", + "globalaccelerator:ListByoipCidrs", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListDelegatedAdministrators" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"IPAMDiscoveryDescribeActions" }, { "Action":"cloudwatch:PutMetricData", @@ -16109,14 +20992,15 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CloudWatchMetricsPublishActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-30T19:08:11+00:00" + "UpdateDate":"2023-11-08T19:05:45+00:00" }, "AWSIQContractServiceRolePolicy":{ "CreateDate":"2019-08-22T19:28:39+00:00", @@ -16451,6 +21335,30 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:40:42+00:00" }, + "AWSIncidentManagerIncidentAccessServiceRolePolicy":{ + "CreateDate":"2023-11-13T00:01:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResources", + "codedeploy:BatchGetDeployments", + "codedeploy:ListDeployments", + "codedeploy:ListDeploymentTargets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IncidentAccessPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-13T00:01:23+00:00" + }, "AWSIncidentManagerResolverAccess":{ "CreateDate":"2021-05-10T06:12:34+00:00", "DefaultVersionId":"v1", @@ -16499,7 +21407,7 @@ aws_managed_policies_data = """ }, "AWSIncidentManagerServiceRolePolicy":{ "CreateDate":"2021-05-10T03:34:45+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -16525,13 +21433,26 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*", "Sid":"IncidentEngagementPermissions" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/IncidentManager" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PutMetricDataPermission" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-05-10T03:34:45+00:00" + "UpdateDate":"2022-12-05T02:11:58+00:00" }, "AWSIoT1ClickFullAccess":{ "CreateDate":"2018-05-11T22:10:14+00:00", @@ -17082,7 +22003,7 @@ aws_managed_policies_data = """ }, "AWSIoTDeviceTesterForFreeRTOSFullAccess":{ "CreateDate":"2020-02-12T20:33:53+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -17116,7 +22037,6 @@ aws_managed_policies_data = """ "iot:DetachThingPrincipal", "iot:RegisterCACertificate", "iot:CreateThing", - "freertos:ListHardwarePlatforms", "iam:ListRoles", "iot:RegisterCertificate", "iot:DeleteCACertificate", @@ -17329,7 +22249,9 @@ aws_managed_policies_data = """ "ForAnyValue:StringEquals":{ "aws:TagKeys":[ "Owner" - ], + ] + }, + "StringEquals":{ "ec2:CreateAction":[ "RunInstances", "CreateSecurityGroup" @@ -17348,7 +22270,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-12-15T18:03:46+00:00" + "UpdateDate":"2023-08-10T20:30:07+00:00" }, "AWSIoTDeviceTesterForGreengrassFullAccess":{ "CreateDate":"2020-02-20T21:21:27+00:00", @@ -17595,6 +22517,32 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-04T18:03:01+00:00" }, + "AWSIoTFleetwiseServiceRolePolicy":{ + "CreateDate":"2022-09-21T23:27:48+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/IoTFleetWise" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-09-21T23:27:48+00:00" + }, "AWSIoTFullAccess":{ "CreateDate":"2015-10-08T15:19:49+00:00", "DefaultVersionId":"v2", @@ -17885,14 +22833,15 @@ aws_managed_policies_data = """ }, "AWSIoTSiteWiseReadOnlyAccess":{ "CreateDate":"2018-12-04T20:55:11+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "iotsitewise:Describe*", "iotsitewise:List*", - "iotsitewise:Get*" + "iotsitewise:Get*", + "iotsitewise:BatchGet*" ], "Effect":"Allow", "Resource":"*" @@ -17902,7 +22851,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-12-04T20:55:11+00:00" + "UpdateDate":"2022-09-16T19:05:20+00:00" }, "AWSIoTThingsRegistration":{ "CreateDate":"2017-12-01T20:21:52+00:00", @@ -17954,6 +22903,75 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-05T19:20:12+00:00" }, + "AWSIoTTwinMakerServiceRolePolicy":{ + "CreateDate":"2023-11-13T18:59:42+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotsitewise:DescribeAsset" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iotsitewise:*:*:asset/*" + ], + "Sid":"SiteWiseAssetReadAccess" + }, + { + "Action":[ + "iotsitewise:DescribeAssetModel" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iotsitewise:*:*:asset-model/*" + ], + "Sid":"SiteWiseAssetModelReadAccess" + }, + { + "Action":[ + "iotsitewise:ListAssets", + "iotsitewise:ListAssetModels" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"SiteWiseAssetModelAndAssetListAccess" + }, + { + "Action":[ + "iottwinmaker:GetEntity", + "iottwinmaker:CreateEntity", + "iottwinmaker:UpdateEntity", + "iottwinmaker:DeleteEntity", + "iottwinmaker:ListEntities", + "iottwinmaker:GetComponentType", + "iottwinmaker:CreateComponentType", + "iottwinmaker:UpdateComponentType", + "iottwinmaker:DeleteComponentType", + "iottwinmaker:ListComponentTypes" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "iottwinmaker:linkedServices":[ + "IOTSITEWISE" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iottwinmaker:*:*:workspace/*" + ], + "Sid":"TwinMakerAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-13T18:59:42+00:00" + }, "AWSIoTWirelessDataAccess":{ "CreateDate":"2020-12-15T15:31:39+00:00", "DefaultVersionId":"v1", @@ -18079,44 +23097,44 @@ aws_managed_policies_data = """ }, "AWSIotRoboRunnerFullAccess":{ "CreateDate":"2021-11-29T03:54:37+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"iotroborunner:*", "Effect":"Allow", "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"iotroborunner.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/iotroborunner.amazonaws.com/AWSServiceRoleForIoTRoboRunner" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-29T03:54:37+00:00" + "UpdateDate":"2023-02-23T18:34:44+00:00" }, "AWSIotRoboRunnerReadOnly":{ "CreateDate":"2021-11-29T03:43:32+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ - "iotroborunner:GetTask", - "iotroborunner:ListActivities", "iotroborunner:GetSite", - "iotroborunner:GetDestinationRelationship", "iotroborunner:GetWorker", - "iotroborunner:ListTasks", - "iotroborunner:GetAction", - "iotroborunner:GetActivity", - "iotroborunner:ListDestinationRelationships", - "iotroborunner:ListActionTemplates", "iotroborunner:ListWorkerFleets", "iotroborunner:ListSites", - "iotroborunner:ListActions", "iotroborunner:ListWorkers", "iotroborunner:GetDestination", - "iotroborunner:GetActionTemplate", "iotroborunner:GetWorkerFleet", "iotroborunner:ListDestinations" ], @@ -18128,11 +23146,35 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-29T03:43:32+00:00" + "UpdateDate":"2022-11-16T20:51:43+00:00" + }, + "AWSIotRoboRunnerServiceRolePolicy":{ + "CreateDate":"2023-02-21T16:56:31+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/Usage" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-02-21T16:56:31+00:00" }, "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy":{ "CreateDate":"2018-11-14T20:10:53+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -18143,7 +23185,10 @@ aws_managed_policies_data = """ "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupEgress", - "ec2:DeleteSecurityGroup" + "ec2:DeleteSecurityGroup", + "ec2:DescribeVpcs", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*" @@ -18153,7 +23198,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-11-14T20:10:53+00:00" + "UpdateDate":"2023-11-10T19:03:34+00:00" }, "AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy":{ "CreateDate":"2021-06-16T15:37:37+00:00", @@ -18206,7 +23251,7 @@ aws_managed_policies_data = """ }, "AWSLakeFormationCrossAccountManager":{ "CreateDate":"2020-08-04T20:59:46+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -18243,6 +23288,20 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*" }, + { + "Action":[ + "ram:AssociateResourceSharePermission" + ], + "Condition":{ + "StringLike":{ + "ram:PermissionArn":[ + "arn:aws:ram::aws:permission/AWSRAMLFEnabled*" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, { "Action":[ "glue:PutResourcePolicy", @@ -18269,7 +23328,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-20T22:19:37+00:00" + "UpdateDate":"2023-11-01T00:50:49+00:00" }, "AWSLakeFormationDataAdmin":{ "CreateDate":"2019-08-08T17:33:44+00:00", @@ -18607,7 +23666,7 @@ aws_managed_policies_data = """ }, "AWSLambdaVPCAccessExecutionRole":{ "CreateDate":"2016-02-11T23:15:26+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -18617,19 +23676,21 @@ aws_managed_policies_data = """ "logs:PutLogEvents", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSLambdaVPCAccessExecutionPermissions" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-10-15T22:53:03+00:00" + "UpdateDate":"2024-01-05T22:38:26+00:00" }, "AWSLambda_FullAccess":{ "CreateDate":"2020-11-17T21:14:08+00:00", @@ -18692,12 +23753,13 @@ aws_managed_policies_data = """ }, "AWSLambda_ReadOnlyAccess":{ "CreateDate":"2020-11-17T21:10:32+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "cloudformation:DescribeStacks", + "cloudformation:ListStacks", "cloudformation:ListStackResources", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", @@ -18728,7 +23790,13 @@ aws_managed_policies_data = """ "Action":[ "logs:DescribeLogStreams", "logs:GetLogEvents", - "logs:FilterLogEvents" + "logs:FilterLogEvents", + "logs:StartQuery", + "logs:StopQuery", + "logs:DescribeQueries", + "logs:GetLogGroupFields", + "logs:GetLogRecord", + "logs:GetQueryResults" ], "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda/*" @@ -18738,7 +23806,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-11-17T21:10:32+00:00" + "UpdateDate":"2023-07-27T17:32:05+00:00" }, "AWSLicenseManagerConsumptionPolicy":{ "CreateDate":"2021-08-11T23:18:08+00:00", @@ -18760,6 +23828,47 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-11T23:18:08+00:00" }, + "AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy":{ + "CreateDate":"2022-12-20T18:54:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeRegions" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"EC2Permissions" + }, + { + "Action":[ + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:DescribeAccount", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListAccountsForParent", + "organizations:ListRoots", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"OrganizationPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-12-20T18:54:54+00:00" + }, "AWSLicenseManagerMasterAccountRolePolicy":{ "CreateDate":"2018-11-26T19:03:51+00:00", "DefaultVersionId":"v5", @@ -19167,7 +24276,7 @@ aws_managed_policies_data = """ }, "AWSLicenseManagerUserSubscriptionsServiceRolePolicy":{ "CreateDate":"2022-07-30T01:17:18+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -19192,7 +24301,8 @@ aws_managed_policies_data = """ }, { "Action":[ - "ec2:DescribeInstances" + "ec2:DescribeInstances", + "ec2:DescribeVpcPeeringConnections" ], "Effect":"Allow", "Resource":"*", @@ -19207,7 +24317,8 @@ aws_managed_policies_data = """ "StringEquals":{ "ec2:productCode":[ "bz0vcy31ooqlzk5tsash4r1ik", - "d44g89hc0gp9jdzm99rznthpw" + "d44g89hc0gp9jdzm99rznthpw", + "77yzkpa7kvee1y1tt7wnsdwoc" ] } }, @@ -19247,7 +24358,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-30T01:17:18+00:00" + "UpdateDate":"2022-11-21T19:51:42+00:00" }, "AWSM2ServicePolicy":{ "CreateDate":"2022-06-07T20:26:39+00:00", @@ -19309,19 +24420,241 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-06-07T20:26:39+00:00" }, - "AWSManagedServicesDeploymentToolkitPolicy":{ - "CreateDate":"2022-06-09T18:33:03+00:00", + "AWSMSKReplicatorExecutionRole":{ + "CreateDate":"2023-12-06T00:07:52+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ + { + "Action":[ + "kafka-cluster:Connect", + "kafka-cluster:DescribeCluster", + "kafka-cluster:AlterCluster", + "kafka-cluster:DescribeTopic", + "kafka-cluster:CreateTopic", + "kafka-cluster:AlterTopic", + "kafka-cluster:WriteData", + "kafka-cluster:ReadData", + "kafka-cluster:AlterGroup", + "kafka-cluster:DescribeGroup", + "kafka-cluster:DescribeTopicDynamicConfiguration", + "kafka-cluster:AlterTopicDynamicConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kafka:*:*:cluster/*" + ], + "Sid":"ClusterPermissions" + }, + { + "Action":[ + "kafka-cluster:DescribeTopic", + "kafka-cluster:CreateTopic", + "kafka-cluster:AlterTopic", + "kafka-cluster:WriteData", + "kafka-cluster:ReadData", + "kafka-cluster:DescribeTopicDynamicConfiguration", + "kafka-cluster:AlterTopicDynamicConfiguration", + "kafka-cluster:AlterCluster" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kafka:*:*:topic/*/*" + ], + "Sid":"TopicPermissions" + }, + { + "Action":[ + "kafka-cluster:AlterGroup", + "kafka-cluster:DescribeGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kafka:*:*:group/*/*" + ], + "Sid":"GroupPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-06T00:07:52+00:00" + }, + "AWSManagedServicesDeploymentToolkitPolicy":{ + "CreateDate":"2022-06-09T18:33:03+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteBucketPolicy", + "s3:DeleteObject", + "s3:DeleteObjectTagging", + "s3:DeleteObjectVersion", + "s3:DeleteObjectVersionTagging", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketPolicy", + "s3:GetBucketVersioning", + "s3:GetLifecycleConfiguration", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectAttributes", + "s3:GetObjectLegalHold", + "s3:GetObjectRetention", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:GetObjectVersionAcl", + "s3:GetObjectVersionAttributes", + "s3:GetObjectVersionForReplication", + "s3:GetObjectVersionTagging", + "s3:GetObjectVersionTorrent", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:PutBucketAcl", + "s3:PutBucketLogging", + "s3:PutBucketObjectLockConfiguration", + "s3:PutBucketPolicy", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketTagging", + "s3:PutBucketVersioning", + "s3:PutEncryptionConfiguration", + "s3:PutLifecycleConfiguration" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::ams-cdktoolkit*" + }, + { + "Action":[ + "cloudformation:CreateChangeSet", + "cloudformation:DeleteChangeSet", + "cloudformation:DeleteStack", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:ExecuteChangeSet", + "cloudformation:GetTemplate", + "cloudformation:GetTemplateSummary", + "cloudformation:TagResource", + "cloudformation:UntagResource", + "cloudformation:UpdateTerminationProtection" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/ams-cdk-toolkit*" + }, + { + "Action":[ + "ecr:CreateRepository", + "ecr:DeleteLifecyclePolicy", + "ecr:DeleteRepository", + "ecr:DeleteRepositoryPolicy", + "ecr:DescribeRepositories", + "ecr:GetLifecyclePolicy", + "ecr:ListTagsForResource", + "ecr:PutImageTagMutability", + "ecr:PutLifecyclePolicy", + "ecr:SetRepositoryPolicy", + "ecr:TagResource", + "ecr:UntagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecr:*:*:repository/ams-cdktoolkit*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-10T17:48:44+00:00" + }, + "AWSManagedServices_ContactsServiceRolePolicy":{ + "CreateDate":"2023-03-23T17:07:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:ListRoleTags", + "iam:ListUserTags", + "tag:GetResources", + "ec2:DescribeTags" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:GetBucketTagging", + "Condition":{ + "NumericGreaterThanEquals":{ + "s3:TlsVersion":"1.2" + }, + "StringEquals":{ + "s3:authType":"REST-HEADER", + "s3:signatureversion":"AWS4-HMAC-SHA256" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-23T17:07:46+00:00" + }, + "AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy":{ + "CreateDate":"2022-12-19T23:11:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:UpdateTermination*", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackResources", + "cloudformation:CreateChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:ExecuteChangeSet", + "cloudformation:GetTemplateSummary", + "cloudformation:DescribeStacks" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/ams-detective-controls-config-recorder", + "arn:aws:cloudformation:*:*:stack/ams-detective-controls-config-rules-cdk", + "arn:aws:cloudformation:*:*:stack/ams-detective-controls-infrastructure-cdk" + ] + }, + { + "Action":[ + "config:DescribeAggregationAuthorizations", + "config:PutAggregationAuthorization", + "config:TagResource", + "config:PutConfigRule" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:config:*:*:aggregation-authorization/540708452589/*", + "arn:aws:config:*:*::config-rule/*" + ] + }, { "Action":[ "s3:GetBucketPolicy", "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", - "s3:DeleteObject*", + "s3:DeleteObject", + "s3:ListBucket", "s3:ListBucketVersions", + "s3:GetBucketAcl", + "s3:PutObject", "s3:PutBucketAcl", "s3:PutBucketLogging", "s3:PutBucketObjectLockConfiguration", @@ -19332,28 +24665,49 @@ aws_managed_policies_data = """ "s3:PutEncryptionConfiguration" ], "Effect":"Allow", - "Resource":"arn:aws:s3:::ams-cdktoolkit*" - }, - { - "Action":[ - "cloudformation:CreateChangeSet", - "cloudformation:DeleteStack", - "cloudformation:DescribeChangeSet", - "cloudformation:DescribeStackResources", - "cloudformation:DescribeStacks", - "cloudformation:ExecuteChangeSet", - "cloudformation:GetTemplateSummary", - "cloudformation:UpdateTermination*" - ], - "Effect":"Allow", - "Resource":"arn:aws:cloudformation:*:*:stack/ams-cdk-toolkit*" + "Resource":"arn:aws:s3:::ams-config-record-bucket-*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-09T18:33:03+00:00" + "UpdateDate":"2022-12-19T23:11:17+00:00" + }, + "AWSManagedServices_EventsServiceRolePolicy":{ + "CreateDate":"2023-02-07T18:41:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "events:DeleteRule", + "events:PutTargets", + "events:PutRule", + "events:RemoveTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"events.managedservices.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:DescribeRule", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-02-07T18:41:22+00:00" }, "AWSMarketplaceAmiIngestion":{ "CreateDate":"2020-09-25T20:55:10+00:00", @@ -19384,6 +24738,68 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-25T20:55:10+00:00" }, + "AWSMarketplaceDeploymentServiceRolePolicy":{ + "CreateDate":"2023-11-15T23:34:33+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:PutSecretValue", + "secretsmanager:DescribeSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:RemoveRegionsFromReplication" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:marketplace-deployment*!*" + ], + "Sid":"ManageMarketplaceDeploymentSecrets" + }, + { + "Action":[ + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ListSecrets" + }, + { + "Action":[ + "secretsmanager:TagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "expirationDate" + ] + }, + "Null":{ + "aws:RequestTag/expirationDate":"false" + }, + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:marketplace-deployment!*", + "Sid":"TagMarketplaceDeploymentSecrets" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-15T23:34:33+00:00" + }, "AWSMarketplaceFullAccess":{ "CreateDate":"2015-02-11T17:21:45+00:00", "DefaultVersionId":"v4", @@ -19731,7 +25147,7 @@ aws_managed_policies_data = """ }, "AWSMarketplaceManageSubscriptions":{ "CreateDate":"2015-02-06T18:40:32+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -19751,13 +25167,20 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:ListPrivateListings" + ], + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-10-28T21:49:43+00:00" + "UpdateDate":"2023-01-19T23:45:29+00:00" }, "AWSMarketplaceMeteringFullAccess":{ "CreateDate":"2016-03-17T22:39:22+00:00", @@ -19846,7 +25269,7 @@ aws_managed_policies_data = """ }, "AWSMarketplaceRead-only":{ "CreateDate":"2015-02-06T18:40:31+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -19883,17 +25306,24 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:ListPrivateListings" + ], + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-10-28T21:51:31+00:00" + "UpdateDate":"2023-01-19T23:30:25+00:00" }, "AWSMarketplaceSellerFullAccess":{ "CreateDate":"2019-07-02T20:40:09+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v9", "Document":{ "Statement":[ { @@ -19913,6 +25343,7 @@ aws_managed_policies_data = """ "aws-marketplace:DescribeTask", "aws-marketplace:UpdateTask", "aws-marketplace:CompleteTask", + "aws-marketplace:GetSellerDashboard", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", @@ -19970,17 +25401,60 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:TagResource", + "aws-marketplace:UntagResource", + "aws-marketplace:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" + }, + { + "Action":[ + "aws-marketplace-management:GetSellerVerificationDetails", + "aws-marketplace-management:PutSellerVerificationDetails", + "aws-marketplace-management:GetBankAccountVerificationDetails", + "aws-marketplace-management:PutBankAccountVerificationDetails", + "aws-marketplace-management:GetSecondaryUserVerificationDetails", + "aws-marketplace-management:PutSecondaryUserVerificationDetails", + "aws-marketplace-management:GetAdditionalSellerNotificationRecipients", + "aws-marketplace-management:PutAdditionalSellerNotificationRecipients", + "payments:GetPaymentInstrument", + "payments:CreatePaymentInstrument", + "tax:GetTaxInterview", + "tax:PutTaxInterview" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "support:CreateCase" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:GetResourcePolicy", + "aws-marketplace:PutResourcePolicy", + "aws-marketplace:DeleteResourcePolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-26T15:06:13+00:00" + "UpdateDate":"2023-06-01T17:46:22+00:00" }, "AWSMarketplaceSellerProductsFullAccess":{ "CreateDate":"2019-07-02T21:06:25+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -20033,17 +25507,35 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:TagResource", + "aws-marketplace:UntagResource", + "aws-marketplace:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" + }, + { + "Action":[ + "aws-marketplace:GetResourcePolicy", + "aws-marketplace:PutResourcePolicy", + "aws-marketplace:DeleteResourcePolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-26T15:06:29+00:00" + "UpdateDate":"2023-07-18T22:19:58+00:00" }, "AWSMarketplaceSellerProductsReadOnly":{ "CreateDate":"2019-07-02T21:40:47+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -20059,13 +25551,76 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-03-05T23:11:53+00:00" + "UpdateDate":"2022-11-19T00:08:42+00:00" + }, + "AWSMediaConnectServicePolicy":{ + "CreateDate":"2023-04-03T22:11:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecs:UpdateService", + "ecs:DeleteService", + "ecs:CreateService", + "ecs:DescribeServices", + "ecs:PutAttributes", + "ecs:DeleteAttributes", + "ecs:RunTask", + "ecs:ListTasks", + "ecs:StartTask", + "ecs:StopTask", + "ecs:DescribeTasks", + "ecs:DescribeContainerInstances", + "ecs:UpdateContainerInstancesState" + ], + "Condition":{ + "ArnLike":{ + "ecs:cluster":"arn:aws:ecs:*:*:cluster/MediaConnectGateway" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecs:CreateCluster", + "ecs:RegisterTaskDefinition" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecs:UpdateCluster", + "ecs:UpdateClusterSettings", + "ecs:ListAttributes", + "ecs:DescribeClusters", + "ecs:DeregisterContainerInstance", + "ecs:ListContainerInstances" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecs:*:*:cluster/MediaConnectGateway" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-03T22:11:40+00:00" }, "AWSMediaTailorServiceRolePolicy":{ "CreateDate":"2021-09-17T22:27:10+00:00", @@ -20257,7 +25812,7 @@ aws_managed_policies_data = """ }, "AWSMigrationHubOrchestratorConsoleFullAccess":{ "CreateDate":"2022-04-20T02:26:28+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -20265,14 +25820,16 @@ aws_managed_policies_data = """ "migrationhub-orchestrator:*" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"MHO" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", - "Resource":"arn:aws:s3:::*" + "Resource":"arn:aws:s3:::*", + "Sid":"ListAllMyBuckets" }, { "Action":[ @@ -20287,14 +25844,16 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:s3:::migrationhub-orchestrator-*", "arn:aws:s3:::migrationhub-orchestrator-*/*" - ] + ], + "Sid":"S3MHO" }, { "Action":[ "secretsmanager:ListSecrets" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ListSecrets" }, { "Action":[ @@ -20303,28 +25862,59 @@ aws_managed_policies_data = """ "discovery:GetDiscoverySummary" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"Configuration" }, { "Action":[ "mgh:GetHomeRegion" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"GetHomeRegion" }, { "Action":[ - "ec2:DescribeInstances" + "ec2:DescribeInstances", + "ec2:DescribeVpcs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EC2Describe" }, { "Action":[ - "iam:ListInstanceProfiles" + "kms:ListKeys", + "kms:ListAliases" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"KMS" + }, + { + "Action":[ + "iam:ListInstanceProfiles", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMListProfileRole" + }, + { + "Action":[ + "ecs:ListClusters" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ECS" + }, + { + "Action":[ + "account:ListRegions" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Account" }, { "Action":[ @@ -20336,21 +25926,23 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CreateServiceRole" }, { "Action":[ "iam:GetRole" ], "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/aws-service-role/migrationhub-orchestrator.amazonaws.com/AWSServiceRoleForMigrationHubOrchestrator*" + "Resource":"arn:aws:iam::*:role/aws-service-role/migrationhub-orchestrator.amazonaws.com/AWSServiceRoleForMigrationHubOrchestrator*", + "Sid":"GetRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-20T02:26:28+00:00" + "UpdateDate":"2023-12-05T17:34:16+00:00" }, "AWSMigrationHubOrchestratorInstanceRolePolicy":{ "CreateDate":"2022-04-20T02:43:50+00:00", @@ -20439,7 +26031,7 @@ aws_managed_policies_data = """ }, "AWSMigrationHubOrchestratorServiceRolePolicy":{ "CreateDate":"2022-04-20T02:24:04+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -20478,6 +26070,13 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*" }, + { + "Action":[ + "ec2:DescribeLaunchTemplates" + ], + "Effect":"Allow", + "Resource":"*" + }, { "Action":[ "mgh:GetHomeRegion" @@ -20524,7 +26123,8 @@ aws_managed_policies_data = """ "events:PutTargets", "events:DescribeRule", "events:DeleteRule", - "events:PutRule" + "events:PutRule", + "events:RemoveTargets" ], "Effect":"Allow", "Resource":"arn:aws:events:*:*:rule/MigrationHubOrchestratorManagedRule*" @@ -20543,17 +26143,34 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeImportImageTasks" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:ListBucket", + "Condition":{ + "StringLike":{ + "s3:prefix":"migrationhub-orchestrator-vmie-*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-20T02:24:04+00:00" + "UpdateDate":"2023-02-24T20:28:36+00:00" }, - "AWSMigrationHubRefactorSpacesFullAccess":{ - "CreateDate":"2021-11-29T07:12:55+00:00", - "DefaultVersionId":"v3", + "AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess":{ + "CreateDate":"2023-04-03T20:09:48+00:00", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -20566,50 +26183,16 @@ aws_managed_policies_data = """ }, { "Action":[ - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcs", - "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTransitGateways", "ec2:DescribeTags", - "ec2:DescribeTransitGateways", "ec2:DescribeAccountAttributes", "ec2:DescribeInternetGateways" ], "Effect":"Allow", "Resource":"*" }, - { - "Action":[ - "ec2:CreateTransitGateway", - "ec2:CreateSecurityGroup", - "ec2:CreateTransitGatewayVpcAttachment" - ], - "Condition":{ - "Null":{ - "aws:RequestTag/refactor-spaces:environment-id":"false" - } - }, - "Effect":"Allow", - "Resource":"*" - }, - { - "Action":[ - "ec2:CreateTransitGateway", - "ec2:CreateSecurityGroup", - "ec2:CreateTransitGatewayVpcAttachment" - ], - "Condition":{ - "Null":{ - "aws:ResourceTag/refactor-spaces:environment-id":"false" - } - }, - "Effect":"Allow", - "Resource":"*" - }, { "Action":[ "ec2:CreateVpcEndpointServiceConfiguration" @@ -20619,13 +26202,6 @@ aws_managed_policies_data = """ }, { "Action":[ - "ec2:DeleteTransitGateway", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:RevokeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:CreateRoute", - "ec2:DeleteRoute", "ec2:DeleteTags" ], "Condition":{ @@ -20648,6 +26224,7 @@ aws_managed_policies_data = """ }, { "Action":[ + "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateLoadBalancer" ], "Condition":{ @@ -20656,7 +26233,7 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" }, { "Action":[ @@ -20703,7 +26280,10 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" + "Resource":[ + "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", + "arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" + ] }, { "Action":"elasticloadbalancing:DeleteListener", @@ -20802,11 +26382,327 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-21T17:41:49+00:00" + "UpdateDate":"2023-07-20T15:39:19+00:00" + }, + "AWSMigrationHubRefactorSpaces-SSMAutomationPolicy":{ + "CreateDate":"2023-08-10T15:08:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:ModifyInstanceAttribute" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/refactor-spaces:ssm:optin":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:ModifyInstanceAttribute" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"refactor-spaces:ssm:environment-id" + }, + "StringEquals":{ + "aws:ResourceTag/refactor-spaces:ssm:optin":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":"ssm:GetParameters", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSApplicationMigrationService-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-08-10T15:08:14+00:00" + }, + "AWSMigrationHubRefactorSpacesFullAccess":{ + "CreateDate":"2021-11-29T07:12:55+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "refactor-spaces:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RefactorSpaces" + }, + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcs", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTransitGateways", + "ec2:DescribeTags", + "ec2:DescribeAccountAttributes", + "ec2:DescribeInternetGateways" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTransitGateway", + "ec2:CreateSecurityGroup", + "ec2:CreateTransitGatewayVpcAttachment" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:environment-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTransitGateway", + "ec2:CreateSecurityGroup", + "ec2:CreateTransitGatewayVpcAttachment" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:environment-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateVpcEndpointServiceConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteTransitGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + "ec2:DeleteTransitGatewayVpcAttachment", + "ec2:CreateRoute", + "ec2:DeleteRoute", + "ec2:DeleteTags" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:environment-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:DeleteVpcEndpointServiceConfigurations", + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:application-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateLoadBalancer" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:application-id":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" + }, + { + "Action":[ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeListeners" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:CreateLoadBalancerListeners", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/refactor-spaces:route-id":[ + "*" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:DeleteLoadBalancer", + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" + }, + { + "Action":[ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateListener" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:route-id":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", + "arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" + ] + }, + { + "Action":"elasticloadbalancing:DeleteListener", + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" + }, + { + "Action":[ + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:RegisterTargets" + ], + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" + }, + { + "Action":[ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateTargetGroup" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:route-id":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" + }, + { + "Action":[ + "apigateway:GET", + "apigateway:DELETE", + "apigateway:PATCH", + "apigateway:POST", + "apigateway:PUT", + "apigateway:UpdateRestApiPolicy" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:application-id":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/vpclinks", + "arn:aws:apigateway:*::/vpclinks/*", + "arn:aws:apigateway:*::/tags", + "arn:aws:apigateway:*::/tags/*" + ] + }, + { + "Action":"apigateway:GET", + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/vpclinks", + "arn:aws:apigateway:*::/vpclinks/*" + ] + }, + { + "Action":[ + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudformation:CreateStack" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"refactor-spaces.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-07-19T19:07:24+00:00" }, "AWSMigrationHubRefactorSpacesServiceRolePolicy":{ "CreateDate":"2021-11-29T06:50:15+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -20917,7 +26813,10 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" + "Resource":[ + "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*", + "arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" + ] }, { "Action":"elasticloadbalancing:DeleteListener", @@ -20932,6 +26831,18 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" }, + { + "Action":[ + "elasticloadbalancing:DeregisterTargets" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:route-id":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" + }, { "Action":[ "elasticloadbalancing:AddTags", @@ -20950,7 +26861,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-29T06:50:15+00:00" + "UpdateDate":"2023-07-20T15:57:53+00:00" }, "AWSMigrationHubSMSAccess":{ "CreateDate":"2017-08-14T13:57:54+00:00", @@ -20999,23 +26910,31 @@ aws_managed_policies_data = """ }, "AWSMigrationHubStrategyCollector":{ "CreateDate":"2021-10-19T20:15:15+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ + "s3:GetObject", "s3:PutObject", - "s3:GetBucketAcl" + "s3:GetBucketAcl", + "s3:CreateBucket", + "s3:PutEncryptionConfiguration", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketVersioning", + "s3:PutLifecycleConfiguration" ], "Effect":"Allow", - "Resource":"arn:aws:s3:::migrationhub-strategy-*" + "Resource":"arn:aws:s3:::migrationhub-strategy-*", + "Sid":"MHSRAllowS3Resources" }, { "Action":[ "s3:ListAllMyBuckets" ], "Effect":"Allow", - "Resource":"arn:aws:s3:::*" + "Resource":"arn:aws:s3:::*", + "Sid":"MHSRAllowS3ListBucket" }, { "Action":[ @@ -21026,7 +26945,8 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:execute-api:*:*:*/prod/*/put-log-data", "arn:aws:execute-api:*:*:*/prod/*/put-metric-data" - ] + ], + "Sid":"MHSRAllowExecuteAPI" }, { "Action":[ @@ -21035,28 +26955,31 @@ aws_managed_policies_data = """ "migrationhub-strategy:GetMessage", "migrationhub-strategy:SendMessage", "migrationhub-strategy:ListAntiPatterns", - "migrationhub-strategy:ListJarArtifacts" + "migrationhub-strategy:ListJarArtifacts", + "migrationhub-strategy:UpdateCollectorConfiguration" ], "Effect":"Allow", - "Resource":"arn:aws:migrationhub-strategy:*:*:*" + "Resource":"arn:aws:migrationhub-strategy:*:*:*", + "Sid":"MHSRAllowCollectorAPI" }, { "Action":[ "secretsmanager:GetSecretValue" ], "Effect":"Allow", - "Resource":"arn:aws:secretsmanager:*:*:secret:migrationhub-strategy-*" + "Resource":"arn:aws:secretsmanager:*:*:secret:migrationhub-strategy-*", + "Sid":"MHSRAllowSecretsManager" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-10-19T20:15:15+00:00" + "UpdateDate":"2023-10-12T16:44:29+00:00" }, "AWSMigrationHubStrategyConsoleFullAccess":{ "CreateDate":"2021-10-19T20:13:26+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -21095,7 +27018,10 @@ aws_managed_policies_data = """ }, { "Action":[ - "discovery:GetDiscoverySummary" + "discovery:GetDiscoverySummary", + "discovery:DescribeTags", + "discovery:DescribeConfigurations", + "discovery:ListConfigurations" ], "Effect":"Allow", "Resource":"*" @@ -21124,7 +27050,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-10-19T20:13:26+00:00" + "UpdateDate":"2022-11-09T00:00:06+00:00" }, "AWSMigrationHubStrategyServiceRolePolicy":{ "CreateDate":"2021-10-19T20:02:37+00:00", @@ -21168,127 +27094,9 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-10-19T20:02:37+00:00" }, - "AWSMobileHub_FullAccess":{ - "CreateDate":"2016-01-05T19:56:01+00:00", - "DefaultVersionId":"v14", - "Document":{ - "Statement":[ - { - "Action":[ - "apigateway:GET", - "apigateway:POST", - "cloudfront:GetDistribution", - "devicefarm:CreateProject", - "devicefarm:ListJobs", - "devicefarm:ListRuns", - "devicefarm:GetProject", - "devicefarm:GetRun", - "devicefarm:ListArtifacts", - "devicefarm:ListProjects", - "devicefarm:ScheduleRun", - "dynamodb:DescribeTable", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:ListSAMLProviders", - "lambda:ListFunctions", - "sns:ListTopics", - "lex:GetIntent", - "lex:GetIntents", - "lex:GetSlotType", - "lex:GetSlotTypes", - "lex:GetBot", - "lex:GetBots", - "lex:GetBotAlias", - "lex:GetBotAliases", - "mobilehub:*" - ], - "Effect":"Allow", - "Resource":"*" - }, - { - "Action":[ - "s3:GetObject" - ], - "Effect":"Allow", - "Resource":"arn:aws:s3:::*/aws-my-sample-app*.zip" - }, - { - "Action":[ - "s3:PutObject" - ], - "Effect":"Allow", - "Resource":"arn:aws:s3:::*-mobilehub-*/*" - }, - { - "Action":[ - "s3:ListBucket" - ], - "Effect":"Allow", - "Resource":"arn:aws:s3:::*-mobilehub-*" - } - ], - "Version":"2012-10-17" - }, - "Path":"/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-12-19T23:15:52+00:00" - }, - "AWSMobileHub_ReadOnly":{ - "CreateDate":"2016-01-05T19:55:48+00:00", - "DefaultVersionId":"v10", - "Document":{ - "Statement":[ - { - "Action":[ - "dynamodb:DescribeTable", - "iam:ListSAMLProviders", - "lambda:ListFunctions", - "sns:ListTopics", - "lex:GetIntent", - "lex:GetIntents", - "lex:GetSlotType", - "lex:GetSlotTypes", - "lex:GetBot", - "lex:GetBots", - "lex:GetBotAlias", - "lex:GetBotAliases", - "mobilehub:ExportProject", - "mobilehub:GenerateProjectParameters", - "mobilehub:GetProject", - "mobilehub:SynchronizeProject", - "mobilehub:GetProjectSnapshot", - "mobilehub:ListProjectSnapshots", - "mobilehub:ListAvailableConnectors", - "mobilehub:ListAvailableFeatures", - "mobilehub:ListAvailableRegions", - "mobilehub:ListProjects", - "mobilehub:ValidateProject", - "mobilehub:VerifyServiceRole", - "mobilehub:DescribeBundle", - "mobilehub:ExportBundle", - "mobilehub:ListBundles" - ], - "Effect":"Allow", - "Resource":"*" - }, - { - "Action":[ - "s3:GetObject" - ], - "Effect":"Allow", - "Resource":"arn:aws:s3:::*/aws-my-sample-app*.zip" - } - ], - "Version":"2012-10-17" - }, - "Path":"/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-07-23T21:59:05+00:00" - }, "AWSNetworkFirewallServiceRolePolicy":{ "CreateDate":"2020-11-17T17:17:26+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -21296,11 +27104,33 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:CreateVpcEndpoint", - "ec2:DescribeVpcEndpoints" + "ec2:DescribeVpcEndpoints", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces" ], "Effect":"Allow", "Resource":"*" }, + { + "Action":"acm:DescribeCertificate", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"resource-groups:ListGroupResources", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"tag:GetResources", + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"resource-groups.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, { "Action":[ "ec2:CreateTags" @@ -21331,7 +27161,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-11-17T17:17:26+00:00" + "UpdateDate":"2023-03-30T17:19:09+00:00" }, "AWSNetworkManagerCloudWANServiceRolePolicy":{ "CreateDate":"2022-07-12T12:17:49+00:00", @@ -21880,7 +27710,7 @@ aws_managed_policies_data = """ }, "AWSOrganizationsFullAccess":{ "CreateDate":"2018-11-06T20:31:57+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -21892,21 +27722,36 @@ aws_managed_policies_data = """ "Action":[ "account:PutAlternateContact", "account:DeleteAlternateContact", - "account:GetAlternateContact" + "account:GetAlternateContact", + "account:GetContactInformation", + "account:PutContactInformation", + "account:ListRegions", + "account:EnableRegion", + "account:DisableRegion" ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"organizations.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-02-07T18:26:04+00:00" + "UpdateDate":"2022-12-22T18:22:12+00:00" }, "AWSOrganizationsReadOnlyAccess":{ "CreateDate":"2018-11-06T20:32:38+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -21919,7 +27764,9 @@ aws_managed_policies_data = """ }, { "Action":[ - "account:GetAlternateContact" + "account:GetAlternateContact", + "account:GetContactInformation", + "account:ListRegions" ], "Effect":"Allow", "Resource":"*" @@ -21929,7 +27776,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-02-07T18:17:19+00:00" + "UpdateDate":"2022-12-22T18:08:03+00:00" }, "AWSOrganizationsServiceTrustPolicy":{ "CreateDate":"2017-10-10T23:04:07+00:00", @@ -21961,6 +27808,26 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-01T06:01:18+00:00" }, + "AWSOutpostsAuthorizeServerPolicy":{ + "CreateDate":"2023-01-04T19:23:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "outposts:StartConnection", + "outposts:GetConnection" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-01-04T19:23:22+00:00" + }, "AWSOutpostsServiceRolePolicy":{ "CreateDate":"2020-11-09T22:55:56+00:00", "DefaultVersionId":"v1", @@ -22013,7 +27880,7 @@ aws_managed_policies_data = """ }, "AWSPanoramaApplianceServiceRolePolicy":{ "CreateDate":"2021-10-20T12:14:03+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -22052,7 +27919,8 @@ aws_managed_policies_data = """ { "Action":[ "s3:GetObject", - "s3:ListBucket" + "s3:ListBucket", + "s3:GetObjectVersion" ], "Condition":{ "StringLike":{ @@ -22060,7 +27928,11 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*", + "Resource":[ + "arn:aws:s3:::*-nodepackage-store-*", + "arn:aws:s3:::*-application-payload-store-*", + "arn:aws:s3:*:*:accesspoint/panorama*" + ], "Sid":"PanoramaDeviceS3Access" } ], @@ -22068,7 +27940,7 @@ aws_managed_policies_data = """ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-10-20T12:14:03+00:00" + "UpdateDate":"2023-01-17T21:32:36+00:00" }, "AWSPanoramaFullAccess":{ "CreateDate":"2020-12-01T13:12:47+00:00", @@ -22704,9 +28576,199 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-11-22T00:36:27+00:00" }, + "AWSPrivateCAAuditor":{ + "CreateDate":"2023-02-14T18:33:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:CreateCertificateAuthorityAuditReport", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:DescribeCertificateAuthorityAuditReport", + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:GetCertificate", + "acm-pca:GetPolicy", + "acm-pca:ListPermissions", + "acm-pca:ListTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:ListCertificateAuthorities" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-02-14T18:33:44+00:00" + }, + "AWSPrivateCAFullAccess":{ + "CreateDate":"2023-02-14T18:20:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-02-14T18:20:59+00:00" + }, + "AWSPrivateCAPrivilegedUser":{ + "CreateDate":"2023-02-14T18:26:02+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:IssueCertificate" + ], + "Condition":{ + "StringLike":{ + "acm-pca:TemplateArn":[ + "arn:aws:acm-pca:::template/*CACertificate*/V*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:IssueCertificate" + ], + "Condition":{ + "StringNotLike":{ + "acm-pca:TemplateArn":[ + "arn:aws:acm-pca:::template/*CACertificate*/V*" + ] + } + }, + "Effect":"Deny", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:RevokeCertificate", + "acm-pca:GetCertificate", + "acm-pca:ListPermissions" + ], + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:ListCertificateAuthorities" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-02-14T18:26:02+00:00" + }, + "AWSPrivateCAReadOnly":{ + "CreateDate":"2023-02-14T18:30:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":[ + "acm-pca:DescribeCertificateAuthority", + "acm-pca:DescribeCertificateAuthorityAuditReport", + "acm-pca:ListCertificateAuthorities", + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:GetCertificate", + "acm-pca:GetPolicy", + "acm-pca:ListPermissions", + "acm-pca:ListTags" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-02-14T18:30:50+00:00" + }, + "AWSPrivateCAUser":{ + "CreateDate":"2023-02-14T18:16:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:IssueCertificate" + ], + "Condition":{ + "StringLike":{ + "acm-pca:TemplateArn":[ + "arn:aws:acm-pca:::template/EndEntityCertificate/V*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:IssueCertificate" + ], + "Condition":{ + "StringNotLike":{ + "acm-pca:TemplateArn":[ + "arn:aws:acm-pca:::template/EndEntityCertificate/V*" + ] + } + }, + "Effect":"Deny", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:RevokeCertificate", + "acm-pca:GetCertificate", + "acm-pca:ListPermissions" + ], + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:ListCertificateAuthorities" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-02-14T18:16:08+00:00" + }, "AWSPrivateMarketplaceAdminFullAccess":{ "CreateDate":"2018-11-27T16:32:32+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -22732,13 +28794,22 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:TagResource", + "aws-marketplace:UntagResource", + "aws-marketplace:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:aws-marketplace:*:*:AWSMarketplace/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-08-27T15:34:07+00:00" + "UpdateDate":"2022-12-07T20:02:37+00:00" }, "AWSPrivateMarketplaceRequests":{ "CreateDate":"2019-10-28T21:44:03+00:00", @@ -22785,9 +28856,96 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-12-16T23:17:46+00:00" }, + "AWSProtonCodeBuildProvisioningBasicAccess":{ + "CreateDate":"2022-11-09T21:04:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/codebuild/AWSProton-*" + ] + }, + { + "Action":"proton:NotifyResourceDeploymentStatusChange", + "Effect":"Allow", + "Resource":"arn:aws:proton:*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-09T21:04:16+00:00" + }, + "AWSProtonCodeBuildProvisioningServiceRolePolicy":{ + "CreateDate":"2022-11-09T21:32:06+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:CreateChangeSet", + "cloudformation:DeleteChangeSet", + "cloudformation:DeleteStack", + "cloudformation:UpdateStack", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackEvents", + "cloudformation:ListStackResources" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/AWSProton-CodeBuild-*" + ] + }, + { + "Action":[ + "codebuild:CreateProject", + "codebuild:DeleteProject", + "codebuild:UpdateProject", + "codebuild:StartBuild", + "codebuild:StopBuild", + "codebuild:RetryBuild", + "codebuild:BatchGetBuilds", + "codebuild:BatchGetProjects" + ], + "Effect":"Allow", + "Resource":"arn:aws:codebuild:*:*:project/AWSProton*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":"codebuild.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicequotas:GetServiceQuota" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-17T16:11:40+00:00" + }, "AWSProtonDeveloperAccess":{ "CreateDate":"2021-02-17T19:02:08+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -22814,6 +28972,7 @@ aws_managed_policies_data = """ "proton:GetEnvironmentTemplateVersion", "proton:GetRepository", "proton:GetRepositorySyncStatus", + "proton:GetResourcesSummary", "proton:GetService", "proton:GetServiceInstance", "proton:GetServiceTemplate", @@ -22867,7 +29026,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-21T12:57:14+00:00" + "UpdateDate":"2022-11-18T18:35:07+00:00" }, "AWSProtonFullAccess":{ "CreateDate":"2021-02-17T19:07:18+00:00", @@ -22939,7 +29098,7 @@ aws_managed_policies_data = """ }, "AWSProtonReadOnlyAccess":{ "CreateDate":"2021-02-17T19:09:12+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -22959,6 +29118,7 @@ aws_managed_policies_data = """ "proton:GetEnvironmentTemplateVersion", "proton:GetRepository", "proton:GetRepositorySyncStatus", + "proton:GetResourcesSummary", "proton:GetService", "proton:GetServiceInstance", "proton:GetServiceTemplate", @@ -22997,7 +29157,41 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-21T12:33:42+00:00" + "UpdateDate":"2022-11-18T18:28:24+00:00" + }, + "AWSProtonServiceGitSyncServiceRolePolicy":{ + "CreateDate":"2023-04-04T15:55:48+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "proton:GetService", + "proton:UpdateService", + "proton:UpdateServicePipeline", + "proton:GetServiceInstance", + "proton:CreateServiceInstance", + "proton:UpdateServiceInstance", + "proton:ListServiceInstances", + "proton:GetComponent", + "proton:CreateComponent", + "proton:ListComponents", + "proton:UpdateComponent", + "proton:GetEnvironment", + "proton:CreateEnvironment", + "proton:ListEnvironments", + "proton:UpdateEnvironment" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ProtonServiceSync" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-04T15:55:48+00:00" }, "AWSProtonSyncServiceRolePolicy":{ "CreateDate":"2021-11-23T21:14:36+00:00", @@ -23046,13 +29240,31 @@ aws_managed_policies_data = """ }, "AWSPurchaseOrdersServiceRolePolicy":{ "CreateDate":"2020-05-06T18:15:47+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ + "account:GetAccountInformation", + "account:GetContactInformation", "aws-portal:*Billing", - "purchase-orders:*PurchaseOrders" + "consolidatedbilling:GetAccountBillingRole", + "invoicing:GetInvoicePDF", + "payments:GetPaymentInstrument", + "payments:ListPaymentPreferences", + "purchase-orders:AddPurchaseOrder", + "purchase-orders:DeletePurchaseOrder", + "purchase-orders:GetPurchaseOrder", + "purchase-orders:ListPurchaseOrderInvoices", + "purchase-orders:ListPurchaseOrders", + "purchase-orders:ListTagsForResource", + "purchase-orders:ModifyPurchaseOrders", + "purchase-orders:TagResource", + "purchase-orders:UntagResource", + "purchase-orders:UpdatePurchaseOrder", + "purchase-orders:UpdatePurchaseOrderStatus", + "purchase-orders:ViewPurchaseOrders", + "tax:ListTaxRegistrations" ], "Effect":"Allow", "Resource":"*" @@ -23062,7 +29274,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-22T20:06:47+00:00" + "UpdateDate":"2023-07-17T18:59:18+00:00" }, "AWSQuickSightDescribeRDS":{ "CreateDate":"2015-11-10T23:24:50+00:00", @@ -23193,7 +29405,7 @@ aws_managed_policies_data = """ }, "AWSQuickSightSageMakerPolicy":{ "CreateDate":"2020-01-17T17:18:13+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -23203,24 +29415,50 @@ aws_managed_policies_data = """ "sagemaker:CreateTransformJob" ], "Effect":"Allow", - "Resource":"arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*" + "Resource":"arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*", + "Sid":"SageMakerTransformJobAccess" }, { - "Action":"sagemaker:ListModels", + "Action":[ + "sagemaker:ListModels", + "sagemaker:DescribeModel" + ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"SageMakerModelReadAccess" }, { "Action":"s3:GetObject", "Effect":"Allow", - "Resource":"arn:aws:s3:::quicksight-ml.*" + "Resource":[ + "arn:aws:s3:::quicksight-ml.*", + "arn:aws:s3:::sagemaker*" + ], + "Sid":"S3ObjectReadAccess" + }, + { + "Action":"s3:PutObject", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::sagemaker*", + "Sid":"S3ObjectUpdateAccess" + }, + { + "Action":"s3:ListBucket", + "Effect":"Allow", + "Resource":"arn:aws:s3:::sagemaker*", + "Sid":"S3BucketReadAccess" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-01-17T17:18:13+00:00" + "UpdateDate":"2023-10-30T17:57:43+00:00" }, "AWSQuickSightTimestreamPolicy":{ "CreateDate":"2020-09-30T21:47:03+00:00", @@ -23396,6 +29634,937 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-07T23:26:19+00:00" }, + "AWSReachabilityAnalyzerServiceRolePolicy":{ + "CreateDate":"2022-11-23T17:12:28+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "directconnect:DescribeConnections", + "directconnect:DescribeDirectConnectGatewayAssociations", + "directconnect:DescribeDirectConnectGatewayAttachments", + "directconnect:DescribeDirectConnectGateways", + "directconnect:DescribeVirtualGateways", + "directconnect:DescribeVirtualInterfaces", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCustomerGateways", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeManagedPrefixLists", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRegions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayConnects", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTransitGateways", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:GetManagedPrefixListEntries", + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:SearchTransitGatewayRoutes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "globalaccelerator:ListAccelerators", + "globalaccelerator:ListCustomRoutingAccelerators", + "globalaccelerator:ListCustomRoutingEndpointGroups", + "globalaccelerator:ListCustomRoutingListeners", + "globalaccelerator:ListCustomRoutingPortMappings", + "globalaccelerator:ListEndpointGroups", + "globalaccelerator:ListListeners", + "network-firewall:DescribeFirewall", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:DescribeResourcePolicy", + "network-firewall:DescribeRuleGroup", + "network-firewall:ListFirewallPolicies", + "network-firewall:ListFirewalls", + "network-firewall:ListRuleGroups", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListAccounts", + "organizations:ListDelegatedAdministrators", + "resource-groups:ListGroups", + "resource-groups:ListGroupResources", + "tag:GetResources", + "tiros:CreateQuery", + "tiros:ExtendQuery", + "tiros:GetQueryAnswer", + "tiros:GetQueryExplanation", + "tiros:GetQueryExtensionAccounts" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*/stages", + "arn:aws:apigateway:*::/restapis/*/stages/*", + "arn:aws:apigateway:*::/vpclinks" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-23T21:04:06+00:00" + }, + "AWSRefactoringToolkitFullAccess":{ + "CreateDate":"2022-10-25T16:41:15+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "a2c:GetContainerizationJobDetails", + "a2c:GetDeploymentJobDetails", + "a2c:StartContainerizationJob", + "a2c:StartDeploymentJob" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"App2ContainerAccess" + }, + { + "Action":[ + "cloudformation:CreateChangeSet", + "cloudformation:CreateStack", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStackEvents", + "cloudformation:ExecuteChangeSet", + "cloudformation:UpdateStack" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:cloudformation:*:*:stack/a2c-app-*", + "arn:*:cloudformation:*:*:stack/a2c-build-*", + "arn:*:cloudformation:*:*:stack/application-transformation-app-*" + ], + "Sid":"CloudformationExecutionAccess" + }, + { + "Action":[ + "codebuild:CreateProject", + "codebuild:UpdateProject" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/a2c-generated":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:codebuild:*:*:project/*", + "Sid":"CodeBuildCreateAccess" + }, + { + "Action":[ + "codebuild:StartBuild" + ], + "Effect":"Allow", + "Resource":"arn:aws:codebuild:*:*:project/*", + "Sid":"CodeBuildExecutionAccess" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CreateSecurityGroupAccess" + }, + { + "Action":[ + "ec2:CreateInternetGateway", + "ec2:CreateKeyPair", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:AuthorizeSecurityGroupIngress" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/a2c-generated":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Ec2CreateAccess" + }, + { + "Action":[ + "ec2:CreateInternetGateway", + "ec2:CreateKeyPair", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:AuthorizeSecurityGroupIngress" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/application-transformation":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Ec2CreateAccessATS" + }, + { + "Action":[ + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteTags", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVpcAttribute", + "ec2:RevokeSecurityGroupIngress", + "ec2:CreateSubnet", + "ec2:CreateRoute", + "ec2:CreateRouteTable" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/a2c-generated":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Ec2ModifyAccess" + }, + { + "Action":[ + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteTags", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVpcAttribute", + "ec2:RevokeSecurityGroupIngress", + "ec2:CreateSubnet", + "ec2:CreateRoute", + "ec2:CreateRouteTable" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/application-transformation":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Ec2ModifyAccessATS" + }, + { + "Action":[ + "ecr:CreateRepository", + "ecr:TagResource" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/a2c-generated":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ecr:*:*:repository/*", + "Sid":"EcrCreateAccess" + }, + { + "Action":[ + "ecr:CreateRepository", + "ecr:TagResource" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/application-transformation":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ecr:*:*:repository/*", + "Sid":"EcrCreateAccessATS" + }, + { + "Action":[ + "ecr:GetLifecyclePolicy", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", + "ecr:ListTagsForResource", + "ecr:TagResource", + "ecr:UntagResource" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/a2c-generated":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ecr:*:*:repository/*", + "Sid":"EcrModifyAccess" + }, + { + "Action":[ + "ecr:GetLifecyclePolicy", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", + "ecr:ListTagsForResource", + "ecr:TagResource", + "ecr:UntagResource" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/application-transformation":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ecr:*:*:repository/*", + "Sid":"EcrModifyAccessATS" + }, + { + "Action":[ + "ecs:CreateCluster", + "ecs:CreateService", + "ecs:RegisterTaskDefinition", + "ecs:TagResource" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/a2c-generated":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EcsCreateAccess" + }, + { + "Action":[ + "ecs:CreateCluster", + "ecs:CreateService", + "ecs:RegisterTaskDefinition", + "ecs:TagResource" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/application-transformation":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EcsCreateAccessATS" + }, + { + "Action":[ + "ecs:UpdateService", + "ecs:TagResource", + "ecs:UntagResource" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/a2c-generated":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EcsModifyAccess" + }, + { + "Action":[ + "ecs:UpdateService", + "ecs:TagResource", + "ecs:UntagResource" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/application-transformation":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EcsModifyAccessATS" + }, + { + "Action":[ + "ecs:DescribeTaskDefinition" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"cloudformation.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EcsReadTaskDefinitionAccess" + }, + { + "Action":[ + "ecs:ExecuteCommand" + ], + "Condition":{ + "StringLike":{ + "ecs:container-name":"a2c-sidecar" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EcsExecuteCommandInSidecar" + }, + { + "Action":[ + "ecs:ExecuteCommand" + ], + "Condition":{ + "StringLike":{ + "ecs:container-name":"application-transformation-sidecar" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EcsExecuteCommandInSidecarATS" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"ecs.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "Sid":"CreateEcsServiceLinkedRoleAccess" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:TagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "a2c-generated" + ] + }, + "Null":{ + "aws:RequestTag/a2c-generated":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/codebuild/*:*", + "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", + "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" + ], + "Sid":"CloudwatchCreateAccess" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:TagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "application-transformation" + ] + }, + "Null":{ + "aws:RequestTag/application-transformation":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", + "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" + ], + "Sid":"CloudwatchCreateAccessATS" + }, + { + "Action":[ + "logs:GetLogEvents" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/a2c-generated":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/codebuild/*:*", + "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", + "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" + ], + "Sid":"CloudwatchGetAccess" + }, + { + "Action":[ + "logs:GetLogEvents" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/application-transformation":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/ecs/containerinsights/*:*", + "arn:aws:logs:*:*:log-group:/aws/ecs/container-logs/*:*" + ], + "Sid":"CloudwatchGetAccessATS" + }, + { + "Action":[ + "ssm:AddTagsToResource", + "ssm:GetParameters", + "ssm:PutParameter", + "ssm:RemoveTagsFromResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/a2c-generated-check-ecs-slr-*", + "Sid":"SsmParameterAccess" + }, + { + "Action":[ + "ssm:DescribeSessions", + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SsmMessagesAccess" + }, + { + "Action":[ + "s3:DeleteObject", + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*/refactoringtoolkit*", + "arn:aws:s3:::*/a2c-generated*", + "arn:aws:s3:::*/application-transformation*" + ], + "Sid":"S3ObjectAccess" + }, + { + "Action":[ + "s3:ListBucket" + ], + "Condition":{ + "StringLike":{ + "s3:prefix":[ + "application-transformation", + "refactoringtoolkit" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*", + "Sid":"S3ListAccess" + }, + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStacks", + "clouddirectory:ListDirectories", + "codebuild:BatchGetProjects", + "codebuild:BatchGetBuilds", + "ds:DescribeDirectories", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInternetGateways", + "ec2:DescribeKeyPairs", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeRegions", + "ecr:DescribeImages", + "ecr:DescribeRepositories", + "ecs:DescribeClusters", + "ecs:DescribeServices", + "ecs:DescribeTasks", + "ecs:ListTagsForResource", + "ecs:ListTasks", + "iam:ListRoles", + "s3:GetBucketLocation", + "s3:GetBucketVersioning", + "s3:ListAllMyBuckets", + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ReadOnlyAccess" + }, + { + "Action":"iam:GetRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "Sid":"GetECSSLR" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws.portingassistant.dotnet.datastore", + "arn:aws:s3:::aws.portingassistant.dotnet.datastore/*" + ], + "Sid":"PortingAssistantFullAccess" + }, + { + "Action":[ + "application-transformation:StartPortingCompatibilityAssessment", + "application-transformation:GetPortingCompatibilityAssessment", + "application-transformation:StartPortingRecommendationAssessment", + "application-transformation:GetPortingRecommendationAssessment", + "application-transformation:PutLogData", + "application-transformation:PutMetricData", + "application-transformation:StartContainerization", + "application-transformation:GetContainerization", + "application-transformation:StartDeployment", + "application-transformation:GetDeployment" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ApplicationTransformationAccess" + }, + { + "Action":[ + "kms:Decrypt", + "kms:Encrypt", + "kms:DescribeKey", + "kms:GenerateDataKey" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "kms:ResourceAliases":"alias/application-transformation*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*::*", + "Sid":"KmsAccess" + }, + { + "Action":[ + "ecr:InitiateLayerUpload", + "ecr:PutImage", + "ecr:UploadLayerPart", + "ecr:CompleteLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer" + ], + "Condition":{ + "Null":{ + "ecr:ResourceTag/application-transformation":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ecr:*:*:repository/*", + "Sid":"EcrPushAccess" + }, + { + "Action":[ + "ecr:GetAuthorizationToken" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EcrAuthAccess" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":true + }, + "ForAnyValue:StringLike":{ + "kms:ResourceAliases":"alias/application-transformation*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*::*", + "Sid":"KmsCreateGrantAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-18T00:37:27+00:00" + }, + "AWSRefactoringToolkitSidecarPolicy":{ + "CreateDate":"2022-10-25T16:41:12+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ssmmessages:OpenControlChannel", + "ssmmessages:CreateControlChannel", + "ssmmessages:OpenDataChannel", + "ssmmessages:CreateDataChannel" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SsmMessagesAccess" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*/refactoringtoolkit*", + "Sid":"S3GetObjectAccess" + }, + { + "Action":[ + "s3:ListBucket" + ], + "Condition":{ + "StringLike":{ + "s3:prefix":"refactoringtoolkit*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*", + "Sid":"S3ListBucketAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-10-29T22:15:51+00:00" + }, + "AWSRepostSpaceSupportOperationsPolicy":{ + "CreateDate":"2023-11-26T21:52:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "support:AddAttachmentsToSet", + "support:AddCommunicationToCase", + "support:CreateCase", + "support:DescribeCases", + "support:DescribeCommunications", + "support:ResolveCase" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RepostSpaceSupportOperations" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-26T21:52:15+00:00" + }, + "AWSResilienceHubAsssessmentExecutionPolicy":{ + "CreateDate":"2023-06-27T12:32:15+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "application-autoscaling:DescribeScalableTargets", + "autoscaling:DescribeAutoScalingGroups", + "backup:DescribeBackupVault", + "backup:GetBackupPlan", + "backup:GetBackupSelection", + "backup:ListBackupPlans", + "backup:ListBackupSelections", + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "cloudformation:ValidateTemplate", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "devops-guru:ListMonitoredResources", + "dlm:GetLifecyclePolicies", + "dlm:GetLifecyclePolicy", + "drs:DescribeJobs", + "drs:DescribeSourceServers", + "drs:GetReplicationConfiguration", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeGlobalTable", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListGlobalTables", + "dynamodb:ListTagsOfResource", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeFastSnapshotRestores", + "ec2:DescribeFleets", + "ec2:DescribeHosts", + "ec2:DescribeInstances", + "ec2:DescribeNatGateways", + "ec2:DescribePlacementGroups", + "ec2:DescribeRegions", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "ec2:DescribeVpcEndpoints", + "ecr:DescribeRegistry", + "ecs:DescribeCapacityProviders", + "ecs:DescribeClusters", + "ecs:DescribeContainerInstances", + "ecs:DescribeServices", + "ecs:DescribeTaskDefinition", + "ecs:ListContainerInstances", + "ecs:ListServices", + "eks:DescribeCluster", + "eks:DescribeFargateProfile", + "eks:DescribeNodegroup", + "eks:ListFargateProfiles", + "eks:ListNodegroups", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeGlobalReplicationGroups", + "elasticache:DescribeReplicationGroups", + "elasticache:DescribeSnapshots", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeReplicationConfigurations", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "fis:GetExperimentTemplate", + "fis:ListExperimentTemplates", + "fis:ListExperiments", + "lambda:GetFunctionConcurrency", + "lambda:GetFunctionConfiguration", + "lambda:ListAliases", + "lambda:ListVersionsByFunction", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBInstanceAutomatedBackups", + "rds:DescribeDBInstances", + "rds:DescribeDBProxies", + "rds:DescribeDBProxyTargets", + "rds:DescribeDBSnapshots", + "rds:DescribeGlobalClusters", + "resource-groups:GetGroup", + "resource-groups:ListGroupResources", + "route53-recovery-control-config:ListClusters", + "route53-recovery-control-config:ListControlPanels", + "route53-recovery-control-config:ListRoutingControls", + "route53-recovery-readiness:GetReadinessCheckStatus", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:ListReadinessChecks", + "route53:GetHealthCheck", + "route53:ListHealthChecks", + "route53:ListHostedZones", + "route53:ListResourceRecordSets", + "s3:GetBucketLocation", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicyStatus", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetMultiRegionAccessPointRoutes", + "s3:GetReplicationConfiguration", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListMultiRegionAccessPoints", + "servicecatalog:GetApplication", + "servicecatalog:ListAssociatedResources", + "sns:GetSubscriptionAttributes", + "sns:GetTopicAttributes", + "sns:ListSubscriptionsByTopic", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "ssm:DescribeAutomationExecutions", + "states:DescribeStateMachine", + "states:ListStateMachineVersions", + "states:ListStateMachineAliases", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSResilienceHubFullResourceStatement" + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/apis/*", + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/usageplans" + ], + "Sid":"AWSResilienceHubApiGatewayStatement" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:PutObject", + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::aws-resilience-hub-artifacts-*", + "Sid":"AWSResilienceHubS3Statement" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"ResilienceHub" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSResilienceHubCloudWatchStatement" + }, + { + "Action":[ + "ssm:GetParametersByPath" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/ResilienceHub/*", + "Sid":"AWSResilienceHubSSMStatement" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-10-29T16:17:40+00:00" + }, "AWSResourceAccessManagerFullAccess":{ "CreateDate":"2019-06-04T17:28:22+00:00", "DefaultVersionId":"v1", @@ -23498,6 +30667,544 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-11-14T19:28:28+00:00" }, + "AWSResourceExplorerFullAccess":{ + "CreateDate":"2022-11-07T20:01:20+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "resource-explorer-2:*", + "ec2:DescribeRegions", + "ram:ListResources", + "ram:GetResourceShares", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceExplorerConsoleFullAccess" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "resource-explorer-2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceExplorerSLRAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-14T16:53:46+00:00" + }, + "AWSResourceExplorerOrganizationsAccess":{ + "CreateDate":"2023-11-14T17:01:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "resource-explorer-2:*", + "ec2:DescribeRegions", + "ram:ListResources", + "ram:GetResourceShares", + "organizations:ListAccounts", + "organizations:ListRoots", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListAccountsForParent", + "organizations:ListDelegatedAdministrators", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ReadOnlyAccess" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer", + "Sid":"ResourceExplorerGetSLRAccess" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "resource-explorer-2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceExplorerCreateSLRAccess" + }, + { + "Action":[ + "organizations:EnableAWSServiceAccess", + "organizations:DisableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "resource-explorer-2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"OrganizationsAdministratorAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-14T17:01:12+00:00" + }, + "AWSResourceExplorerReadOnlyAccess":{ + "CreateDate":"2022-11-07T19:56:00+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "resource-explorer-2:Get*", + "resource-explorer-2:List*", + "resource-explorer-2:Search", + "resource-explorer-2:BatchGetView", + "ec2:DescribeRegions", + "ram:ListResources", + "ram:GetResourceShares", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceExplorerReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-14T16:43:41+00:00" + }, + "AWSResourceExplorerServiceRolePolicy":{ + "CreateDate":"2022-10-25T20:35:29+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudtrail:CreateServiceLinkedChannel" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*" + ], + "Sid":"CloudTrailEventsAccess" + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*/deployments" + ], + "Sid":"ApiGatewayAccess" + }, + { + "Action":[ + "access-analyzer:ListAnalyzers", + "acm-pca:ListCertificateAuthorities", + "amplify:ListApps", + "amplify:ListBackendEnvironments", + "amplify:ListBranches", + "amplify:ListDomainAssociations", + "amplifyuibuilder:ListComponents", + "amplifyuibuilder:ListThemes", + "app-integrations:ListEventIntegrations", + "apprunner:ListServices", + "apprunner:ListVpcConnectors", + "appstream:DescribeAppBlocks", + "appstream:DescribeApplications", + "appstream:DescribeFleets", + "appstream:DescribeImageBuilders", + "appstream:DescribeStacks", + "appsync:ListGraphqlApis", + "aps:ListRuleGroupsNamespaces", + "aps:ListWorkspaces", + "athena:ListDataCatalogs", + "athena:ListWorkGroups", + "autoscaling:DescribeAutoScalingGroups", + "backup:ListBackupPlans", + "backup:ListReportPlans", + "batch:DescribeComputeEnvironments", + "batch:DescribeJobQueues", + "batch:ListSchedulingPolicies", + "cloudformation:ListStacks", + "cloudformation:ListStackSets", + "cloudfront:ListCachePolicies", + "cloudfront:ListCloudFrontOriginAccessIdentities", + "cloudfront:ListDistributions", + "cloudfront:ListFieldLevelEncryptionConfigs", + "cloudfront:ListFieldLevelEncryptionProfiles", + "cloudfront:ListFunctions", + "cloudfront:ListOriginAccessControls", + "cloudfront:ListOriginRequestPolicies", + "cloudfront:ListRealtimeLogConfigs", + "cloudfront:ListResponseHeadersPolicies", + "cloudtrail:ListTrails", + "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeInsightRules", + "cloudwatch:ListDashboards", + "cloudwatch:ListMetricStreams", + "codeartifact:ListDomains", + "codeartifact:ListRepositories", + "codebuild:ListProjects", + "codecommit:ListRepositories", + "codeguru-profiler:ListProfilingGroups", + "codepipeline:ListPipelines", + "codestar-connections:ListConnections", + "cognito-identity:ListIdentityPools", + "cognito-idp:ListUserPools", + "databrew:ListDatasets", + "databrew:ListRecipes", + "databrew:ListRulesets", + "detective:ListGraphs", + "ds:DescribeDirectories", + "dynamodb:ListStreams", + "dynamodb:ListTables", + "ec2:DescribeAddresses", + "ec2:DescribeCapacityReservationFleets", + "ec2:DescribeCapacityReservations", + "ec2:DescribeCarrierGateways", + "ec2:DescribeClientVpnEndpoints", + "ec2:DescribeCustomerGateways", + "ec2:DescribeDhcpOptions", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeElasticGpus", + "ec2:DescribeExportImageTasks", + "ec2:DescribeExportTasks", + "ec2:DescribeFleets", + "ec2:DescribeFlowLogs", + "ec2:DescribeFpgaImages", + "ec2:DescribeHostReservations", + "ec2:DescribeHosts", + "ec2:DescribeImages", + "ec2:DescribeImportImageTasks", + "ec2:DescribeImportSnapshotTasks", + "ec2:DescribeInstanceEventWindows", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeIpamPools", + "ec2:DescribeIpams", + "ec2:DescribeIpamScopes", + "ec2:DescribeKeyPairs", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeManagedPrefixLists", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInsightsAccessScopeAnalyses", + "ec2:DescribeNetworkInsightsAccessScopes", + "ec2:DescribeNetworkInsightsAnalyses", + "ec2:DescribeNetworkInsightsPaths", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePlacementGroups", + "ec2:DescribePublicIpv4Pools", + "ec2:DescribeReservedInstances", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroupRules", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSpotFleetRequests", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeSubnets", + "ec2:DescribeTrafficMirrorFilters", + "ec2:DescribeTrafficMirrorSessions", + "ec2:DescribeTrafficMirrorTargets", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayConnectPeers", + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTransitGatewayPolicyTables", + "ec2:DescribeTransitGatewayRouteTableAnnouncements", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGateways", + "ec2:DescribeVerifiedAccessEndpoints", + "ec2:DescribeVerifiedAccessGroups", + "ec2:DescribeVerifiedAccessInstances", + "ec2:DescribeVerifiedAccessTrustProviders", + "ec2:DescribeVolumes", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcEndpointServices", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:GetSubnetCidrReservations", + "ecr:DescribeRepositories", + "ecr-public:DescribeRepositories", + "ecs:DescribeCapacityProviders", + "ecs:DescribeServices", + "ecs:ListClusters", + "ecs:ListContainerInstances", + "ecs:ListServices", + "ecs:ListTaskDefinitions", + "ecs:ListTasks", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeCacheParameterGroups", + "elasticache:DescribeCacheSecurityGroups", + "elasticache:DescribeCacheSubnetGroups", + "elasticache:DescribeGlobalReplicationGroups", + "elasticache:DescribeReplicationGroups", + "elasticache:DescribeReservedCacheNodes", + "elasticache:DescribeSnapshots", + "elasticache:DescribeUserGroups", + "elasticache:DescribeUsers", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:DescribeApplicationVersions", + "elasticbeanstalk:DescribeEnvironments", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeFileSystems", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "emr-serverless:ListApplications", + "es:ListDomainNames", + "events:ListEventBuses", + "events:ListRules", + "evidently:ListExperiments", + "evidently:ListFeatures", + "evidently:ListLaunches", + "evidently:ListProjects", + "finspace:ListEnvironments", + "firehose:ListDeliveryStreams", + "fis:ListExperimentTemplates", + "forecast:ListDatasetGroups", + "forecast:ListDatasets", + "frauddetector:GetDetectors", + "frauddetector:GetEntityTypes", + "frauddetector:GetEventTypes", + "frauddetector:GetLabels", + "frauddetector:GetOutcomes", + "frauddetector:GetVariables", + "gamelift:ListAliases", + "geo:ListPlaceIndexes", + "geo:ListTrackers", + "greengrass:ListComponents", + "globalaccelerator:ListAccelerators", + "globalaccelerator:ListEndpointGroups", + "globalaccelerator:ListListeners", + "glue:GetDatabases", + "glue:GetJobs", + "glue:GetTables", + "glue:GetTriggers", + "greengrass:ListComponentVersions", + "greengrass:ListGroups", + "healthlake:ListFHIRDatastores", + "iam:ListGroups", + "iam:ListInstanceProfiles", + "iam:ListOpenIDConnectProviders", + "iam:ListPolicies", + "iam:ListRoles", + "iam:ListSAMLProviders", + "iam:ListServerCertificates", + "iam:ListUsers", + "iam:ListVirtualMFADevices", + "imagebuilder:ListComponentBuildVersions", + "imagebuilder:ListComponents", + "imagebuilder:ListContainerRecipes", + "imagebuilder:ListDistributionConfigurations", + "imagebuilder:ListImageBuildVersions", + "imagebuilder:ListImagePipelines", + "imagebuilder:ListImageRecipes", + "imagebuilder:ListImages", + "imagebuilder:ListInfrastructureConfigurations", + "iotanalytics:ListChannels", + "iotanalytics:ListDatasets", + "iotanalytics:ListDatastores", + "iotanalytics:ListPipelines", + "iotevents:ListAlarmModels", + "iotevents:ListDetectorModels", + "iotevents:ListInputs", + "iot:ListJobTemplates", + "iot:ListAuthorizers", + "iot:ListMitigationActions", + "iot:ListPolicies", + "iot:ListProvisioningTemplates", + "iot:ListRoleAliases", + "iot:ListSecurityProfiles", + "iot:ListThings", + "iot:ListTopicRuleDestinations", + "iot:ListTopicRules", + "iotsitewise:ListAssetModels", + "iotsitewise:ListAssets", + "iotsitewise:ListGateways", + "iottwinmaker:ListComponentTypes", + "iottwinmaker:ListEntities", + "iottwinmaker:ListScenes", + "iottwinmaker:ListWorkspaces", + "kafka:ListConfigurations", + "kms:ListKeys", + "ivs:ListChannels", + "ivs:ListStreamKeys", + "kafka:ListClusters", + "kinesis:ListStreamConsumers", + "kinesis:ListStreams", + "kinesisanalytics:ListApplications", + "kinesisvideo:ListStreams", + "lambda:ListAliases", + "lambda:ListCodeSigningConfigs", + "lambda:ListEventSourceMappings", + "lambda:ListFunctions", + "lambda:ListLayers", + "lambda:ListLayerVersions", + "lex:ListBots", + "lex:ListBotAliases", + "logs:DescribeDestinations", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "lookoutmetrics:ListAlerts", + "lookoutvision:ListProjects", + "mediapackage:ListChannels", + "mediapackage:ListOriginEndpoints", + "mediapackage-vod:ListPackagingConfigurations", + "mediapackage-vod:ListPackagingGroups", + "mq:ListBrokers", + "mediatailor:ListPlaybackConfigurations", + "memorydb:DescribeACLs", + "memorydb:DescribeClusters", + "memorydb:DescribeParameterGroups", + "memorydb:DescribeUsers", + "mobiletargeting:GetApps", + "mobiletargeting:GetSegments", + "mobiletargeting:ListTemplates", + "network-firewall:ListFirewallPolicies", + "network-firewall:ListFirewalls", + "networkmanager:DescribeGlobalNetworks", + "networkmanager:GetDevices", + "networkmanager:GetLinks", + "networkmanager:ListAttachments", + "networkmanager:ListCoreNetworks", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators", + "panorama:ListPackages", + "personalize:ListDatasetGroups", + "personalize:ListDatasets", + "personalize:ListSchemas", + "qldb:ListJournalKinesisStreamsForLedger", + "qldb:ListLedgers", + "rds:DescribeBlueGreenDeployments", + "rds:DescribeDBClusterEndpoints", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstanceAutomatedBackups", + "rds:DescribeDBInstances", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBProxies", + "rds:DescribeDBProxyEndpoints", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSnapshots", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEventSubscriptions", + "rds:DescribeGlobalClusters", + "rds:DescribeOptionGroups", + "rds:DescribeReservedDBInstances", + "redshift:DescribeClusterParameterGroups", + "redshift:DescribeClusters", + "redshift:DescribeClusterSnapshots", + "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeEventSubscriptions", + "redshift:DescribeSnapshotCopyGrants", + "redshift:DescribeSnapshotSchedules", + "redshift:DescribeUsageLimits", + "refactor-spaces:ListApplications", + "refactor-spaces:ListEnvironments", + "refactor-spaces:ListRoutes", + "refactor-spaces:ListServices", + "rekognition:DescribeProjects", + "resiliencehub:ListApps", + "resiliencehub:ListResiliencyPolicies", + "resource-explorer-2:GetIndex", + "resource-explorer-2:ListIndexes", + "resource-explorer-2:ListViews", + "resource-groups:ListGroups", + "route53:ListHealthChecks", + "route53:ListHostedZones", + "route53-recovery-readiness:ListRecoveryGroups", + "route53-recovery-readiness:ListResourceSets", + "route53resolver:ListFirewallDomainLists", + "route53resolver:ListFirewallRuleGroups", + "route53resolver:ListResolverEndpoints", + "route53resolver:ListResolverRules", + "s3:GetBucketLocation", + "s3:ListAccessPoints", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListStorageLensConfigurations", + "sagemaker:ListModels", + "sagemaker:ListNotebookInstances", + "secretsmanager:ListSecrets", + "servicecatalog:ListApplications", + "servicecatalog:ListAttributeGroups", + "signer:ListSigningProfiles", + "sns:ListTopics", + "sqs:ListQueues", + "ssm:DescribeAutomationExecutions", + "ssm:DescribeInstanceInformation", + "ssm:DescribeMaintenanceWindows", + "ssm:DescribeMaintenanceWindowTargets", + "ssm:DescribeMaintenanceWindowTasks", + "ssm:DescribeParameters", + "ssm:DescribePatchBaselines", + "ssm-incidents:ListResponsePlans", + "ssm:ListAssociations", + "ssm:ListDocuments", + "ssm:ListInventoryEntries", + "ssm:ListResourceDataSync", + "states:ListActivities", + "states:ListStateMachines", + "timestream:ListDatabases", + "wisdom:listAssistantAssociations", + "wisdom:ListAssistants", + "wisdom:listKnowledgeBases" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ResourceInventoryAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-20T13:58:52+00:00" + }, "AWSResourceGroupsReadOnlyAccess":{ "CreateDate":"2018-03-07T10:27:04+00:00", "DefaultVersionId":"v2", @@ -23801,6 +31508,391 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-05T15:26:11+00:00" }, + "AWSS3OnOutpostsServiceRolePolicy":{ + "CreateDate":"2023-10-03T20:32:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcs", + "ec2:DescribeCoipPools", + "ec2:GetCoipPoolUsage", + "ec2:DescribeAddresses", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeVpcResources" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"CreateNetworkInterface" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":"S3 On Outposts" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ], + "Sid":"CreateTagsForCreateNetworkInterface" + }, + { + "Action":[ + "ec2:AllocateAddress" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:ipv4pool-ec2/*" + ], + "Sid":"AllocateIpAddress" + }, + { + "Action":[ + "ec2:AllocateAddress" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":"S3 On Outposts" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:elastic-ip/*" + ], + "Sid":"CreateTagsForAllocateIpAddress" + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DisassociateAddress", + "ec2:ReleaseAddress", + "ec2:AssociateAddress" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/CreatedBy":"S3 On Outposts" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ReleaseVpcResources" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":[ + "S3 On Outposts" + ], + "ec2:CreateAction":[ + "CreateNetworkInterface", + "AllocateAddress" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CreateTags" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-10-03T20:32:36+00:00" + }, + "AWSSSMForSAPServiceLinkedRolePolicy":{ + "CreateDate":"2022-11-16T01:18:21+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ssm:GetCommandInvocation", + "ssm:DescribeInstanceInformation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeInstanceActions" + }, + { + "Action":"ec2:DescribeInstanceStatus", + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeInstanceStatus" + }, + { + "Action":[ + "events:DeleteRule", + "events:PutTargets", + "events:DescribeRule", + "events:PutRule", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:events:*:*:rule/SSMSAPManagedRule*", + "arn:*:events:*:*:event-bus/default" + ], + "Sid":"TargetRuleActions" + }, + { + "Action":[ + "ssm:DescribeDocument", + "ssm:SendCommand" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:ssm:*:*:document/AWSSystemsManagerSAP-*", + "arn:*:ssm:*:*:document/AWSSSMSAP*", + "arn:*:ssm:*:*:document/AWSSAP*" + ], + "Sid":"DocumentActions" + }, + { + "Action":"ssm:SendCommand", + "Condition":{ + "StringEqualsIgnoreCase":{ + "ssm:resourceTag/SSMForSAPManaged":"True" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ec2:*:*:instance/*", + "Sid":"CustomerSendCommand" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/awsApplication":"false" + }, + "StringEqualsIgnoreCase":{ + "ec2:ResourceTag/SSMForSAPManaged":"True" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ec2:*:*:instance/*", + "Sid":"InstanceTagActions" + }, + { + "Action":"ec2:DescribeTags", + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeTag" + }, + { + "Action":"servicecatalog:GetApplication", + "Effect":"Allow", + "Resource":"arn:*:servicecatalog:*:*:*", + "Sid":"GetApplication" + }, + { + "Action":[ + "servicecatalog:DeleteApplication", + "servicecatalog:UpdateApplication" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/SSMForSAPCreated":"True" + } + }, + "Effect":"Allow", + "Resource":"arn:*:servicecatalog:*:*:*", + "Sid":"UpdateOrDeleteApplication" + }, + { + "Action":[ + "servicecatalog:TagResource", + "servicecatalog:CreateApplication" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/SSMForSAPCreated":"True" + } + }, + "Effect":"Allow", + "Resource":"arn:*:servicecatalog:*:*:*", + "Sid":"CreateApplication" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"servicecatalog-appregistry.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:*:iam::*:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry", + "Sid":"CreateServiceLinkedRole" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/Usage", + "AWS/SSMForSAP" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PutMetricData" + }, + { + "Action":"servicecatalog:CreateAttributeGroup", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/SSMForSAPCreated":"True" + } + }, + "Effect":"Allow", + "Resource":"arn:*:servicecatalog:*:*:/attribute-groups/*", + "Sid":"CreateAttributeGroup" + }, + { + "Action":"servicecatalog:GetAttributeGroup", + "Effect":"Allow", + "Resource":"arn:*:servicecatalog:*:*:/attribute-groups/*", + "Sid":"GetAttributeGroup" + }, + { + "Action":"servicecatalog:DeleteAttributeGroup", + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/SSMForSAPCreated":"True" + } + }, + "Effect":"Allow", + "Resource":"arn:*:servicecatalog:*:*:/attribute-groups/*", + "Sid":"DeleteAttributeGroup" + }, + { + "Action":[ + "servicecatalog:AssociateAttributeGroup", + "servicecatalog:DisassociateAttributeGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/SSMForSAPCreated":"True" + } + }, + "Effect":"Allow", + "Resource":"arn:*:servicecatalog:*:*:*", + "Sid":"AttributeGroupActions" + }, + { + "Action":"servicecatalog:ListAssociatedAttributeGroups", + "Effect":"Allow", + "Resource":"arn:*:servicecatalog:*:*:*", + "Sid":"ListAssociatedAttributeGroups" + }, + { + "Action":[ + "resource-groups:CreateGroup", + "resource-groups:Tag" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "SSMForSAPCreated" + ] + }, + "StringEquals":{ + "aws:ResourceTag/SSMForSAPCreated":"True" + } + }, + "Effect":"Allow", + "Resource":"arn:*:resource-groups:*:*:group/SystemsManagerForSAP-*", + "Sid":"CreateGroup" + }, + { + "Action":"resource-groups:GetGroup", + "Effect":"Allow", + "Resource":"arn:*:resource-groups:*:*:group/SystemsManagerForSAP-*", + "Sid":"GetGroup" + }, + { + "Action":"resource-groups:DeleteGroup", + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/SSMForSAPCreated":"True" + } + }, + "Effect":"Allow", + "Resource":"arn:*:resource-groups:*:*:group/SystemsManagerForSAP-*", + "Sid":"DeleteGroup" + }, + { + "Action":[ + "resource-groups:CreateGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/EnableAWSServiceCatalogAppRegistry":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:*:resource-groups:*:*:group/AWS_AppRegistry_AppTag_*", + "Sid":"CreateAppTagResourceGroup" + }, + { + "Action":[ + "resource-groups:Tag" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/EnableAWSServiceCatalogAppRegistry":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:*:resource-groups:*:*:group/AWS_AppRegistry_AppTag_*", + "Sid":"TagAppTagResourceGroup" + }, + { + "Action":[ + "resource-groups:GetGroupConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:resource-groups:*:*:group/AWS_AppRegistry_AppTag_*" + ], + "Sid":"GetAppTagResourceGroupConfig" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-21T03:35:14+00:00" + }, "AWSSSMOpsInsightsServiceRolePolicy":{ "CreateDate":"2021-06-16T20:12:52+00:00", "DefaultVersionId":"v1", @@ -23838,13 +31930,14 @@ aws_managed_policies_data = """ }, "AWSSSODirectoryAdministrator":{ "CreateDate":"2018-10-31T23:54:00+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { "Action":[ "sso-directory:*", "identitystore:*", + "identitystore-auth:*", "sso:ListDirectoryAssociations" ], "Effect":"Allow", @@ -23856,11 +31949,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-25T20:31:19+00:00" + "UpdateDate":"2022-10-20T20:34:07+00:00" }, "AWSSSODirectoryReadOnly":{ "CreateDate":"2018-10-31T23:49:32+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -23870,7 +31963,9 @@ aws_managed_policies_data = """ "sso-directory:List*", "sso-directory:Get*", "identitystore:Describe*", - "identitystore:List*" + "identitystore:List*", + "identitystore-auth:ListSessions", + "identitystore-auth:BatchGetSession" ], "Effect":"Allow", "Resource":"*", @@ -23881,11 +31976,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-25T20:57:20+00:00" + "UpdateDate":"2022-11-16T18:17:48+00:00" }, "AWSSSOMasterAccountAdministrator":{ "CreateDate":"2018-06-27T20:36:51+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -23926,26 +32021,42 @@ aws_managed_policies_data = """ "organizations:ListChildren", "organizations:DescribeAccount", "organizations:ListParents", + "organizations:ListDelegatedAdministrators", "sso:*", "sso-directory:*", "identitystore:*", + "identitystore-auth:*", "ds:CreateAlias", "access-analyzer:ValidatePolicy" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSSSOMemberAccountAdministrator" + }, + { + "Action":[ + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":"sso.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSSSOManageDelegatedAdministrator" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-28T18:38:55+00:00" + "UpdateDate":"2022-10-20T20:34:27+00:00" }, "AWSSSOMemberAccountAdministrator":{ "CreateDate":"2018-06-27T20:45:42+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -23964,26 +32075,42 @@ aws_managed_policies_data = """ "organizations:ListParents", "organizations:ListChildren", "organizations:ListOrganizationalUnitsForParent", + "organizations:ListDelegatedAdministrators", "sso:*", "sso-directory:*", "identitystore:*", + "identitystore-auth:*", "ds:CreateAlias", "access-analyzer:ValidatePolicy" ], "Effect":"Allow", "Resource":"*", "Sid":"AWSSSOMemberAccountAdministrator" + }, + { + "Action":[ + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":"sso.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSSSOManageDelegatedAdministrator" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-28T18:53:46+00:00" + "UpdateDate":"2022-10-20T20:32:45+00:00" }, "AWSSSOReadOnly":{ "CreateDate":"2018-06-27T20:24:34+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -23999,6 +32126,7 @@ aws_managed_policies_data = """ "organizations:ListRoots", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", + "organizations:ListDelegatedAdministrators", "sso:Describe*", "sso:Get*", "sso:List*", @@ -24015,11 +32143,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-28T18:46:11+00:00" + "UpdateDate":"2022-08-22T17:23:28+00:00" }, "AWSSSOServiceRolePolicy":{ "CreateDate":"2017-12-05T18:36:15+00:00", - "DefaultVersionId":"v16", + "DefaultVersionId":"v17", "Document":{ "Statement":[ { @@ -24084,8 +32212,7 @@ aws_managed_policies_data = """ }, { "Action":[ - "iam:CreateSAMLProvider", - "iam:UpdateSAMLProvider" + "iam:CreateSAMLProvider" ], "Condition":{ "StringNotEquals":{ @@ -24096,7 +32223,17 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:iam::*:saml-provider/AWSSSO_*" ], - "Sid":"IAMSAMLProviderProvisioningActions" + "Sid":"IAMSAMLProviderCreationAction" + }, + { + "Action":[ + "iam:UpdateSAMLProvider" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:saml-provider/AWSSSO_*" + ], + "Sid":"IAMSAMLProviderUpdateAction" }, { "Action":[ @@ -24161,7 +32298,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-28T20:08:47+00:00" + "UpdateDate":"2022-10-20T20:05:47+00:00" }, "AWSSavingsPlansFullAccess":{ "CreateDate":"2019-11-06T22:45:18+00:00", @@ -24202,13 +32339,14 @@ aws_managed_policies_data = """ }, "AWSSecurityHubFullAccess":{ "CreateDate":"2018-11-27T23:54:34+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":"securityhub:*", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"SecurityHubAllowAll" }, { "Action":"iam:CreateServiceLinkedRole", @@ -24218,27 +32356,46 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"SecurityHubServiceLinkedRole" + }, + { + "Action":[ + "guardduty:GetDetector", + "guardduty:ListDetectors", + "inspector2:BatchGetAccountStatus" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"OtherServicePermission" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-11-27T23:54:34+00:00" + "UpdateDate":"2023-11-16T21:10:53+00:00" }, "AWSSecurityHubOrganizationsAccess":{ "CreateDate":"2021-03-15T20:53:03+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "organizations:ListAccounts", - "organizations:DescribeOrganization" + "organizations:DescribeOrganization", + "organizations:ListRoots", + "organizations:ListDelegatedAdministrators", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListAccountsForParent", + "organizations:DescribeAccount", + "organizations:DescribeOrganizationalUnit" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"OrganizationPermissions" }, { "Action":"organizations:EnableAWSServiceAccess", @@ -24248,7 +32405,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"OrganizationPermissionsEnable" }, { "Action":[ @@ -24261,14 +32419,15 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:organizations::*:account/o-*/*" + "Resource":"arn:aws:organizations::*:account/o-*/*", + "Sid":"OrganizationPermissionsDelegatedAdmin" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-03-15T20:53:03+00:00" + "UpdateDate":"2023-11-16T21:13:44+00:00" }, "AWSSecurityHubReadOnlyAccess":{ "CreateDate":"2018-11-28T01:34:29+00:00", @@ -24294,7 +32453,7 @@ aws_managed_policies_data = """ }, "AWSSecurityHubServiceRolePolicy":{ "CreateDate":"2018-11-27T23:47:51+00:00", - "DefaultVersionId":"v9", + "DefaultVersionId":"v14", "Document":{ "Statement":[ { @@ -24309,38 +32468,81 @@ aws_managed_policies_data = """ "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeConfigRules", + "config:DescribeConfigRuleEvaluationStatus", "config:BatchGetResourceConfig", "config:SelectResourceConfig", "iam:GenerateCredentialReport", - "iam:GetCredentialReport", "organizations:ListAccounts", + "config:PutEvaluations", + "tag:GetResources", + "iam:GetCredentialReport", "organizations:DescribeAccount", "organizations:DescribeOrganization", - "config:PutEvaluations" + "organizations:ListChildren", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeOrganizationalUnit", + "securityhub:BatchDisableStandards", + "securityhub:BatchEnableStandards", + "securityhub:BatchUpdateStandardsControlAssociations", + "securityhub:BatchGetSecurityControls", + "securityhub:BatchGetStandardsControlAssociations", + "securityhub:CreateMembers", + "securityhub:DeleteMembers", + "securityhub:DescribeHub", + "securityhub:DescribeOrganizationConfiguration", + "securityhub:DescribeStandards", + "securityhub:DescribeStandardsControls", + "securityhub:DisassociateFromAdministratorAccount", + "securityhub:DisassociateMembers", + "securityhub:DisableSecurityHub", + "securityhub:EnableSecurityHub", + "securityhub:GetEnabledStandards", + "securityhub:ListStandardsControlAssociations", + "securityhub:ListSecurityControlDefinitions", + "securityhub:UpdateOrganizationConfiguration", + "securityhub:UpdateSecurityControl", + "securityhub:UpdateSecurityHubConfiguration", + "securityhub:UpdateStandardsControl" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"SecurityHubServiceRolePermissions" }, { "Action":[ "config:PutConfigRule", "config:DeleteConfigRule", - "config:GetComplianceDetailsByConfigRule", - "config:DescribeConfigRuleEvaluationStatus" + "config:GetComplianceDetailsByConfigRule" ], "Effect":"Allow", - "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*" + "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*", + "Sid":"SecurityHubServiceRoleConfigPermissions" + }, + { + "Action":[ + "organizations:ListDelegatedAdministrators" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "securityhub.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SecurityHubServiceRoleOrganizationsPermissions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-07-14T20:32:48+00:00" + "UpdateDate":"2023-11-27T03:46:47+00:00" }, "AWSServiceCatalogAdminFullAccess":{ "CreateDate":"2018-02-15T17:19:40+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -24390,7 +32592,13 @@ aws_managed_policies_data = """ "iam:ListGroups", "iam:ListRoles", "iam:ListUsers", - "servicecatalog:*", + "servicecatalog:Get*", + "servicecatalog:Scan*", + "servicecatalog:Search*", + "servicecatalog:List*", + "servicecatalog:TagResource", + "servicecatalog:UntagResource", + "servicecatalog:SyncResource", "ssm:DescribeDocument", "ssm:GetAutomationExecution", "ssm:ListDocuments", @@ -24401,6 +32609,29 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*" }, + { + "Action":[ + "servicecatalog:Accept*", + "servicecatalog:Associate*", + "servicecatalog:Batch*", + "servicecatalog:Copy*", + "servicecatalog:Create*", + "servicecatalog:Delete*", + "servicecatalog:Describe*", + "servicecatalog:Disable*", + "servicecatalog:Disassociate*", + "servicecatalog:Enable*", + "servicecatalog:Execute*", + "servicecatalog:Import*", + "servicecatalog:Provision*", + "servicecatalog:Put*", + "servicecatalog:Reject*", + "servicecatalog:Terminate*", + "servicecatalog:Update*" + ], + "Effect":"Allow", + "Resource":"*" + }, { "Action":"iam:PassRole", "Condition":{ @@ -24410,13 +32641,23 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"orgsdatasync.servicecatalog.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/orgsdatasync.servicecatalog.amazonaws.com/AWSServiceRoleForServiceCatalogOrgsDataSync" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-02-06T01:57:54+00:00" + "UpdateDate":"2023-04-13T18:43:01+00:00" }, "AWSServiceCatalogAdminReadOnlyAccess":{ "CreateDate":"2019-10-25T18:53:38+00:00", @@ -24478,12 +32719,13 @@ aws_managed_policies_data = """ }, "AWSServiceCatalogAppRegistryFullAccess":{ "CreateDate":"2020-11-12T22:25:58+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ - "cloudformation:UpdateStack" + "cloudformation:UpdateStack", + "tag:GetResources" ], "Condition":{ "ForAnyValue:StringEquals":{ @@ -24491,7 +32733,29 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AppRegistryUpdateStackAndResourceGroupTagging" + }, + { + "Action":[ + "resource-groups:CreateGroup", + "resource-groups:DeleteGroup", + "resource-groups:GetGroup", + "resource-groups:GetTags", + "resource-groups:Tag", + "resource-groups:Untag", + "resource-groups:GetGroupConfiguration", + "resource-groups:AssociateResource", + "resource-groups:DisassociateResource" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"servicecatalog-appregistry.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:resource-groups:*:*:group/AWS_*", + "Sid":"AppRegistryResourceGroupsIntegration" }, { "Action":"iam:CreateServiceLinkedRole", @@ -24501,7 +32765,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry*" + "Resource":"arn:aws:iam::*:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry*", + "Sid":"AppRegistryServiceLinkedRole" }, { "Action":[ @@ -24524,10 +32789,13 @@ aws_managed_policies_data = """ "servicecatalog:GetAttributeGroup", "servicecatalog:ListAttributeGroups", "servicecatalog:SyncResource", - "servicecatalog:ListAttributeGroupsForApplication" + "servicecatalog:ListAttributeGroupsForApplication", + "servicecatalog:GetConfiguration", + "servicecatalog:PutConfiguration" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AppRegistryOperations" }, { "Action":[ @@ -24536,18 +32804,19 @@ aws_managed_policies_data = """ "servicecatalog:TagResource" ], "Effect":"Allow", - "Resource":"arn:aws:servicecatalog:*:*:*" + "Resource":"arn:aws:servicecatalog:*:*:*", + "Sid":"AppRegistryResourceTagging" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-15T22:01:01+00:00" + "UpdateDate":"2023-12-07T21:50:00+00:00" }, "AWSServiceCatalogAppRegistryReadOnlyAccess":{ "CreateDate":"2020-11-12T22:34:32+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -24560,7 +32829,8 @@ aws_managed_policies_data = """ "servicecatalog:GetAttributeGroup", "servicecatalog:ListAttributeGroups", "servicecatalog:ListTagsForResource", - "servicecatalog:ListAttributeGroupsForApplication" + "servicecatalog:ListAttributeGroupsForApplication", + "servicecatalog:GetConfiguration" ], "Effect":"Allow", "Resource":"*" @@ -24570,11 +32840,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-15T20:20:31+00:00" + "UpdateDate":"2022-11-17T18:16:39+00:00" }, "AWSServiceCatalogAppRegistryServiceRolePolicy":{ "CreateDate":"2021-05-18T22:18:55+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -24599,11 +32869,9 @@ aws_managed_policies_data = """ "Action":[ "resource-groups:DeleteGroup", "resource-groups:UpdateGroup", - "resource-groups:GetGroup", "resource-groups:GetTags", "resource-groups:Tag", - "resource-groups:Untag", - "resource-groups:GetGroupConfiguration" + "resource-groups:Untag" ], "Condition":{ "StringEquals":{ @@ -24612,13 +32880,24 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "resource-groups:GetGroup", + "resource-groups:GetGroupConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:resource-groups:*:*:group/AWS_AppRegistry*", + "arn:*:resource-groups:*:*:group/AWS_CloudFormation_Stack*" + ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-04T21:06:44+00:00" + "UpdateDate":"2022-10-26T16:05:52+00:00" }, "AWSServiceCatalogEndUserFullAccess":{ "CreateDate":"2018-02-15T17:22:32+00:00", @@ -24784,9 +33063,76 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-10-25T18:49:34+00:00" }, + "AWSServiceCatalogOrgsDataSyncServiceRolePolicy":{ + "CreateDate":"2023-04-10T20:48:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"OrganizationsDataSyncToServiceCatalog" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-10T20:48:28+00:00" + }, + "AWSServiceCatalogSyncServiceRolePolicy":{ + "CreateDate":"2022-11-15T21:20:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "servicecatalog:ListProvisioningArtifacts", + "servicecatalog:DescribeProductAsAdmin", + "servicecatalog:DeleteProvisioningArtifact", + "servicecatalog:ListServiceActionsForProvisioningArtifact", + "servicecatalog:DescribeProvisioningArtifact", + "servicecatalog:CreateProvisioningArtifact", + "servicecatalog:UpdateProvisioningArtifact" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ArtifactSyncToServiceCatalog" + }, + { + "Action":[ + "codestar-connections:UseConnection" + ], + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*", + "Sid":"AccessArtifactRepositories" + }, + { + "Action":[ + "cloudformation:ValidateTemplate" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ValidateTemplate" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-15T21:20:15+00:00" + }, "AWSServiceRoleForAmazonEKSNodegroup":{ "CreateDate":"2019-11-07T01:34:26+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -24898,8 +33244,7 @@ aws_managed_policies_data = """ "Condition":{ "StringEqualsIfExists":{ "iam:PassedToService":[ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn" + "ec2.amazonaws.com" ] } }, @@ -24962,7 +33307,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-01-14T00:33:26+00:00" + "UpdateDate":"2024-01-04T20:37:13+00:00" }, "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy":{ "CreateDate":"2020-10-01T09:49:01+00:00", @@ -24983,6 +33328,30 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-01T09:49:01+00:00" }, + "AWSServiceRoleForCloudWatchMetrics_DbPerfInsightsServiceRolePolicy":{ + "CreateDate":"2023-09-07T09:32:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "pi:GetResourceMetrics" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-09-07T09:32:32+00:00" + }, "AWSServiceRoleForCodeGuru-Profiler":{ "CreateDate":"2020-06-26T22:04:26+00:00", "DefaultVersionId":"v1", @@ -25003,6 +33372,76 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-06-26T22:04:26+00:00" }, + "AWSServiceRoleForCodeWhispererPolicy":{ + "CreateDate":"2023-03-24T19:39:12+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "sso-directory:ListMembersInGroup" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sso:ListProfileAssociations", + "sso:ListProfiles", + "sso:ListDirectoryAssociations", + "sso:DescribeRegisteredRegions", + "sso:GetProfile", + "sso:GetManagedApplicationInstance" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "codeguru-security:CreateUploadUrl" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "codeguru-security:CreateScan", + "codeguru-security:GetScan", + "codeguru-security:ListFindings", + "codeguru-security:GetFindings" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:codeguru-security:*:*:scans/CodeWhisperer-*" + ] + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/CodeWhisperer" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-28T16:57:20+00:00" + }, "AWSServiceRoleForEC2ScheduledInstances":{ "CreateDate":"2017-10-12T18:31:55+00:00", "DefaultVersionId":"v1", @@ -25043,9 +33482,29 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-10-12T18:31:55+00:00" }, + "AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy":{ + "CreateDate":"2022-12-13T23:52:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAddresses", + "ec2:DescribeNetworkInterfaces" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-12-13T23:52:45+00:00" + }, "AWSServiceRoleForImageBuilder":{ "CreateDate":"2019-11-29T22:02:13+00:00", - "DefaultVersionId":"v17", + "DefaultVersionId":"v19", "Document":{ "Statement":[ { @@ -25127,7 +33586,8 @@ aws_managed_policies_data = """ "ec2:ModifyImageAttribute", "ec2:DescribeImportImageTasks", "ec2:DescribeExportImageTasks", - "ec2:DescribeSnapshots" + "ec2:DescribeSnapshots", + "ec2:DescribeHosts" ], "Effect":"Allow", "Resource":"*" @@ -25216,7 +33676,8 @@ aws_managed_policies_data = """ "ssm:ListInventoryEntries", "ssm:SendAutomationSignal", "ssm:DescribeInstanceAssociationsStatus", - "ssm:DescribeAssociationExecutions" + "ssm:DescribeAssociationExecutions", + "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":"*" @@ -25398,17 +33859,74 @@ aws_managed_policies_data = """ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:launch-template/*" ] + }, + { + "Action":[ + "inspector2:ListCoverage", + "inspector2:ListFindings" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecr:CreateRepository" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecr:TagResource" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ecr:*:*:repository/image-builder-*" + }, + { + "Action":[ + "ecr:BatchDeleteImage" + ], + "Condition":{ + "StringEquals":{ + "ecr:ResourceTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ecr:*:*:repository/image-builder-*" + }, + { + "Action":[ + "events:DeleteRule", + "events:DescribeRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/ImageBuilder-*" + ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-16T00:09:27+00:00" + "UpdateDate":"2023-10-19T21:30:10+00:00" }, "AWSServiceRoleForIoTSiteWise":{ "CreateDate":"2018-11-14T19:19:17+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -25420,7 +33938,8 @@ aws_managed_policies_data = """ "greengrass:GetGroupVersion" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowSiteWiseReadGreenGrass" }, { "Action":[ @@ -25428,7 +33947,8 @@ aws_managed_policies_data = """ "logs:DescribeLogGroups" ], "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/iotsitewise*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/iotsitewise*", + "Sid":"AllowSiteWiseAccessLogGroup" }, { "Action":[ @@ -25437,14 +33957,31 @@ aws_managed_policies_data = """ "logs:PutLogEvents" ], "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*", + "Sid":"AllowSiteWiseAccessLog" + }, + { + "Action":[ + "iottwinmaker:GetWorkspace", + "iottwinmaker:ExecuteQuery" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "iottwinmaker:linkedServices":[ + "IOTSITEWISE" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iottwinmaker:*:*:workspace/*", + "Sid":"AllowSiteWiseAccessSiteWiseManagedWorkspaceInTwinMaker" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-04-25T02:15:01+00:00" + "UpdateDate":"2023-11-13T18:27:50+00:00" }, "AWSServiceRoleForLogDeliveryPolicy":{ "CreateDate":"2019-10-04T17:31:19+00:00", @@ -25474,7 +34011,7 @@ aws_managed_policies_data = """ }, "AWSServiceRoleForMonitronPolicy":{ "CreateDate":"2020-12-02T19:06:08+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -25482,6 +34019,7 @@ aws_managed_policies_data = """ "sso:GetManagedApplicationInstance", "sso:GetProfile", "sso:ListProfiles", + "sso:ListProfileAssociations", "sso:AssociateProfile", "sso:ListDirectoryAssociations", "sso-directory:DescribeUsers", @@ -25495,7 +34033,67 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-12-02T19:06:08+00:00" + "UpdateDate":"2022-09-29T20:38:15+00:00" + }, + "AWSServiceRoleForNeptuneGraphPolicy":{ + "CreateDate":"2023-11-29T14:03:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/Neptune", + "AWS/Usage" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"GraphMetrics" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/neptune/*" + ], + "Sid":"GraphLogGroup" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" + ], + "Sid":"GraphLogEvents" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-29T14:03:36+00:00" }, "AWSServiceRoleForSMS":{ "CreateDate":"2019-08-06T18:39:29+00:00", @@ -25789,7 +34387,7 @@ aws_managed_policies_data = """ }, "AWSServiceRolePolicyForBackupReports":{ "CreateDate":"2021-08-19T21:16:45+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -25810,6 +34408,8 @@ aws_managed_policies_data = """ "config:SelectResourceConfig", "config:DescribeConfigurationAggregators", "config:SelectAggregateResourceConfig", + "config:DescribeConfigRuleEvaluationStatus", + "config:DescribeConfigRules", "s3:GetBucketLocation" ], "Effect":"Allow", @@ -25818,8 +34418,6 @@ aws_managed_policies_data = """ { "Action":[ "config:GetComplianceDetailsByConfigRule", - "config:DescribeConfigRuleEvaluationStatus", - "config:DescribeConfigRules", "config:PutConfigRule", "config:DeleteConfigRule" ], @@ -25839,7 +34437,112 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-08-19T21:16:45+00:00" + "UpdateDate":"2023-03-10T00:51:25+00:00" + }, + "AWSServiceRolePolicyForBackupRestoreTesting":{ + "CreateDate":"2023-11-10T23:37:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "backup:DescribeRestoreJob", + "backup:GetRecoveryPointRestoreMetadata", + "backup:ListBackupVaults", + "backup:ListProtectedResourcesByBackupVault", + "backup:ListRecoveryPointsByBackupVault", + "backup:ListTags", + "backup:StartRestoreJob" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"BackupActions" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"backup.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"IamPassRole" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets", + "fsx:DescribeFileSystems", + "fsx:DescribeVolumes", + "fsx:ListTagsForResource", + "rds:DescribeDBInstances", + "rds:DescribeDBClusters", + "rds:DescribeDBInstanceAutomatedBackups", + "rds:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeActions" + }, + { + "Action":[ + "ec2:DeleteVolume", + "ec2:TerminateInstances", + "elasticfilesystem:DeleteFilesystem", + "elasticfilesystem:DeleteMountTarget", + "rds:DeleteDBCluster", + "rds:DeleteDBInstance", + "fsx:DeleteFileSystem", + "fsx:DeleteVolume" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/awsbackup-restore-test":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"DeleteActions" + }, + { + "Action":[ + "dynamodb:DeleteTable", + "dynamodb:DescribeTable" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/awsbackup-restore-test-*", + "Sid":"DdbDeleteActions" + }, + { + "Action":[ + "s3:DeleteBucket", + "s3:GetLifecycleConfiguration", + "s3:PutLifecycleConfiguration" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::awsbackup-restore-test-*", + "Sid":"S3DeleteActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-10T23:37:45+00:00" }, "AWSShieldDRTAccessPolicy":{ "CreateDate":"2018-06-05T22:29:39+00:00", @@ -25987,7 +34690,7 @@ aws_managed_policies_data = """ }, "AWSStorageGatewayFullAccess":{ "CreateDate":"2015-02-06T18:41:09+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -26004,17 +34707,23 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":"ssm:GetParameters", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*::parameter/aws/service/storagegateway/*", + "Sid":"fetchStorageGatewayParams" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2015-02-06T18:41:09+00:00" + "UpdateDate":"2022-09-06T20:26:09+00:00" }, "AWSStorageGatewayReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:10+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -26031,13 +34740,19 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":"ssm:GetParameters", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*::parameter/aws/service/storagegateway/*", + "Sid":"fetchStorageGatewayParams" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2015-02-06T18:41:10+00:00" + "UpdateDate":"2022-09-06T20:24:17+00:00" }, "AWSStorageGatewayServiceRolePolicy":{ "CreateDate":"2021-02-17T19:03:19+00:00", @@ -26058,6 +34773,240 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-02-17T19:03:19+00:00" }, + "AWSSupplyChainFederationAdminAccess":{ + "CreateDate":"2023-03-01T18:54:25+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "scn:*" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:scn:*:*:instance/*" + ], + "Sid":"AWSSupplyChain" + }, + { + "Action":[ + "chime:BatchCreateChannelMembership", + "chime:CreateAppInstanceUser", + "chime:CreateChannel", + "chime:CreateChannelMembership", + "chime:CreateChannelModerator", + "chime:Connect", + "chime:DeleteChannelMembership", + "chime:DeleteChannelModerator", + "chime:DescribeChannelMembershipForAppInstanceUser", + "chime:GetChannelMembershipPreferences", + "chime:ListChannelMemberships", + "chime:ListChannelMembershipsForAppInstanceUser", + "chime:ListChannelMessages", + "chime:ListChannelModerators", + "chime:TagResource", + "chime:PutChannelMembershipPreferences", + "chime:SendChannelMessage", + "chime:UpdateChannelReadMarker", + "chime:UpdateAppInstanceUser" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/SCNInstanceId":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:chime:*:*:app-instance/*" + ], + "Sid":"ChimeAppInstance" + }, + { + "Action":[ + "chime:DescribeChannel" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:chime:*:*:app-instance/*" + ], + "Sid":"ChimeChannel" + }, + { + "Action":[ + "chime:GetMessagingSessionEndpoint" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ChimeMessaging" + }, + { + "Action":[ + "sso:GetManagedApplicationInstance", + "sso:ListDirectoryAssociations", + "sso:AssociateProfile", + "sso:DisassociateProfile", + "sso:ListProfiles", + "sso:GetProfile", + "sso:ListProfileAssociations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMIdentityCenter" + }, + { + "Action":[ + "appflow:CreateConnectorProfile", + "appflow:UseConnectorProfile", + "appflow:DeleteConnectorProfile", + "appflow:UpdateConnectorProfile" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:appflow:*:*:connectorprofile/scn-*" + ], + "Sid":"AppflowConnectorProfile" + }, + { + "Action":[ + "appflow:CreateFlow", + "appflow:DeleteFlow", + "appflow:DescribeFlow", + "appflow:DescribeFlowExecutionRecords", + "appflow:ListFlows", + "appflow:StartFlow", + "appflow:StopFlow", + "appflow:UpdateFlow", + "appflow:TagResource", + "appflow:UntagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:appflow:*:*:flow/scn-*" + ], + "Sid":"AppflowFlow" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3ListAllBuckets" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-supply-chain-data-*" + ], + "Sid":"S3ListSupplyChainBucket" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-supply-chain-data-*" + ], + "Sid":"S3ReadWriteObject" + }, + { + "Action":"secretsmanager:CreateSecret", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "appflow.amazonaws.com" + ] + }, + "StringLike":{ + "secretsmanager:Name":"appflow!*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:*", + "Sid":"SecretsManagerCreateSecret" + }, + { + "Action":[ + "secretsmanager:PutResourcePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "appflow.amazonaws.com" + ] + }, + "StringEqualsIgnoreCase":{ + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"appflow" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:*", + "Sid":"SecretsManagerPutResourcePolicy" + }, + { + "Action":[ + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"KMSListKeys" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListGrants" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/aws-supply-chain-access":"true" + }, + "StringLike":{ + "kms:ViaService":"appflow.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"KMSListGrants" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":"true" + }, + "StringEquals":{ + "aws:ResourceTag/aws-supply-chain-access":"true" + }, + "StringLike":{ + "kms:ViaService":"appflow.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"KMSCreateGrant" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-01T18:50:13+00:00" + }, "AWSSupportAccess":{ "CreateDate":"2015-02-06T18:41:11+00:00", "DefaultVersionId":"v1", @@ -26077,9 +35026,110 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:11+00:00" }, + "AWSSupportAppFullAccess":{ + "CreateDate":"2022-08-22T16:53:41+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "servicequotas:GetRequestedServiceQuotaChange", + "servicequotas:GetServiceQuota", + "servicequotas:RequestServiceQuotaIncrease", + "support:AddAttachmentsToSet", + "support:AddCommunicationToCase", + "support:CreateCase", + "support:DescribeCases", + "support:DescribeCommunications", + "support:DescribeSeverityLevels", + "support:InitiateChatForCase", + "support:ResolveCase" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"servicequotas.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-08-22T16:53:41+00:00" + }, + "AWSSupportAppReadOnlyAccess":{ + "CreateDate":"2022-08-22T17:01:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "support:DescribeCases", + "support:DescribeCommunications" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-08-22T17:01:15+00:00" + }, + "AWSSupportPlansFullAccess":{ + "CreateDate":"2022-09-27T18:19:30+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "supportplans:GetSupportPlan", + "supportplans:GetSupportPlanUpdateStatus", + "supportplans:StartSupportPlanUpdate", + "supportplans:CreateSupportPlanSchedule" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-09T21:07:01+00:00" + }, + "AWSSupportPlansReadOnlyAccess":{ + "CreateDate":"2022-09-27T18:08:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "supportplans:GetSupportPlan", + "supportplans:GetSupportPlanUpdateStatus" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-09-27T18:08:29+00:00" + }, "AWSSupportServiceRolePolicy":{ "CreateDate":"2018-04-19T18:04:44+00:00", - "DefaultVersionId":"v24", + "DefaultVersionId":"v34", "Document":{ "Statement":[ { @@ -26132,8 +35182,13 @@ aws_managed_policies_data = """ "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*" - ] + "arn:aws:apigateway:*::/restapis/*/stages/*", + "arn:aws:apigateway:*::/usageplans", + "arn:aws:apigateway:*::/usageplans/*", + "arn:aws:apigateway:*::/vpclinks", + "arn:aws:apigateway:*::/vpclinks/*" + ], + "Sid":"AWSSupportAPIGatewayAccess" }, { "Action":[ @@ -26142,23 +35197,24 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" - ] + ], + "Sid":"AWSSupportDeleteRoleAccess" }, { "Action":[ - "a4b:getDevice", - "a4b:getProfile", - "a4b:getRoom", - "a4b:getRoomSkillParameter", - "a4b:getSkillGroup", - "a4b:searchDevices", - "a4b:searchProfiles", - "a4b:searchRooms", - "a4b:searchSkillGroups", + "access-analyzer:getAccessPreview", + "access-analyzer:getAnalyzedResource", + "access-analyzer:getAnalyzer", + "access-analyzer:getArchiveRule", "access-analyzer:getFinding", + "access-analyzer:getGeneratedPolicy", + "access-analyzer:listAccessPreviewFindings", + "access-analyzer:listAccessPreviews", + "access-analyzer:listAnalyzedResources", "access-analyzer:listAnalyzers", "access-analyzer:listArchiveRules", "access-analyzer:listFindings", + "access-analyzer:listPolicyGenerations", "acm-pca:describeCertificateAuthority", "acm-pca:describeCertificateAuthorityAuditReport", "acm-pca:getCertificate", @@ -26167,6 +35223,7 @@ aws_managed_policies_data = """ "acm-pca:listCertificateAuthorities", "acm-pca:listTags", "acm:describeCertificate", + "acm:getAccountConfiguration", "acm:getCertificate", "acm:listCertificates", "acm:listTagsForCertificate", @@ -26174,11 +35231,15 @@ aws_managed_policies_data = """ "airflow:listEnvironments", "airflow:listTagsForResource", "amplify:getApp", + "amplify:getBackendEnvironment", "amplify:getBranch", "amplify:getDomainAssociation", "amplify:getJob", "amplify:getWebhook", "amplify:listApps", + "amplify:listBackendEnvironments", + "amplify:listBranches", + "amplify:listDomainAssociations", "amplify:listWebhooks", "amplifyuibuilder:exportComponents", "amplifyuibuilder:exportThemes", @@ -26193,13 +35254,20 @@ aws_managed_policies_data = """ "application-autoscaling:describeScalingActivities", "application-autoscaling:describeScalingPolicies", "application-autoscaling:describeScheduledActions", + "applicationinsights:describeApplication", + "applicationinsights:describeComponent", "applicationinsights:describeComponentConfiguration", "applicationinsights:describeComponentConfigurationRecommendation", + "applicationinsights:describeLogPattern", + "applicationinsights:describeObservation", + "applicationinsights:describeProblem", + "applicationinsights:describeProblemObservations", "applicationinsights:listApplications", "applicationinsights:listComponents", "applicationinsights:listConfigurationHistory", "applicationinsights:listLogPatterns", "applicationinsights:listLogPatternSets", + "applicationinsights:listProblems", "appmesh:describeGatewayRoute", "appmesh:describeMesh", "appmesh:describeRoute", @@ -26224,36 +35292,72 @@ aws_managed_policies_data = """ "apprunner:listOperations", "apprunner:listServices", "apprunner:listTagsForResource", + "appstream:describeAppBlockBuilderAppBlockAssociations", + "appstream:describeAppBlockBuilders", "appstream:describeAppBlocks", "appstream:describeApplicationFleetAssociations", "appstream:describeApplications", "appstream:describeDirectoryConfigs", + "appstream:describeEntitlements", "appstream:describeFleets", "appstream:describeImageBuilders", + "appstream:describeImagePermissions", "appstream:describeImages", "appstream:describeSessions", "appstream:describeStacks", + "appstream:describeUsageReportSubscriptions", + "appstream:describeUsers", + "appstream:describeUserStackAssociations", "appstream:listAssociatedFleets", "appstream:listAssociatedStacks", + "appstream:listEntitledApplications", "appstream:listTagsForResource", + "appsync:getApiAssociation", + "appsync:getApiCache", + "appsync:getDomainName", "appsync:getFunction", "appsync:getGraphqlApi", "appsync:getIntrospectionSchema", "appsync:getResolver", "appsync:getSchemaCreationStatus", + "appsync:getSourceApiAssociation", "appsync:getType", "appsync:listDataSources", + "appsync:listDomainNames", "appsync:listFunctions", "appsync:listGraphqlApis", "appsync:listResolvers", + "appsync:listResolversByFunction", + "appsync:listSourceApiAssociations", "appsync:listTypes", + "appsync:listTypesByAssociation", + "aps:describeAlertManagerDefinition", + "aps:describeRuleGroupsNamespace", + "aps:describeWorkspace", + "aps:listRuleGroupsNamespaces", + "aps:listWorkspaces", "athena:batchGetNamedQuery", "athena:batchGetQueryExecution", + "athena:getCalculationExecution", + "athena:getCalculationExecutionStatus", + "athena:getDataCatalog", "athena:getNamedQuery", + "athena:getNotebookMetadata", "athena:getQueryExecution", + "athena:getQueryRuntimeStatistics", + "athena:getSession", + "athena:getSessionStatus", "athena:getWorkGroup", + "athena:listApplicationDPUSizes", + "athena:listCalculationExecutions", + "athena:listDataCatalogs", + "athena:listEngineVersions", + "athena:listExecutors", "athena:listNamedQueries", + "athena:listNotebookMetadata", + "athena:listNotebookSessions", "athena:listQueryExecutions", + "athena:listSessions", "athena:listTagsForResource", "athena:listWorkGroups", "auditmanager:getAccountStatus", @@ -26286,6 +35390,7 @@ aws_managed_policies_data = """ "autoscaling:describeScheduledActions", "autoscaling:describeTags", "autoscaling:describeTerminationPolicyTypes", + "autoscaling:describeWarmPool", "backup:describeBackupJob", "backup:describeBackupVault", "backup:describeCopyJob", @@ -26303,6 +35408,7 @@ aws_managed_policies_data = """ "backup:getBackupSelection", "backup:getBackupVaultAccessPolicy", "backup:getBackupVaultNotifications", + "backup:getLegalHold", "backup:getRecoveryPointRestoreMetadata", "backup:getSupportedResourceTypes", "backup:listBackupJobs", @@ -26313,13 +35419,22 @@ aws_managed_policies_data = """ "backup:listBackupVaults", "backup:listCopyJobs", "backup:listFrameworks", + "backup:listLegalHolds", "backup:listProtectedResources", "backup:listRecoveryPointsByBackupVault", + "backup:listRecoveryPointsByLegalHold", "backup:listRecoveryPointsByResource", "backup:listReportJobs", "backup:listReportPlans", "backup:listRestoreJobs", "backup:listTags", + "backup-gateway:getGateway", + "backup-gateway:getHypervisor", + "backup-gateway:getHypervisorPropertyMappings", + "backup-gateway:getVirtualMachine", + "backup-gateway:listGateways", + "backup-gateway:listHypervisors", + "backup-gateway:listVirtualMachines", "batch:describeComputeEnvironments", "batch:describeJobDefinitions", "batch:describeJobQueues", @@ -26343,6 +35458,47 @@ aws_managed_policies_data = """ "ce:getSavingsPlansUtilization", "ce:getSavingsPlansUtilizationDetails", "ce:getTags", + "chime:describeAppInstance", + "chime:getAttendee", + "chime:getGlobalSettings", + "chime:getMediaCapturePipeline", + "chime:getMediaPipeline", + "chime:getMeeting", + "chime:getProxySession", + "chime:getSipMediaApplication", + "chime:getSipRule", + "chime:getVoiceConnector", + "chime:getVoiceConnectorGroup", + "chime:getVoiceConnectorLoggingConfiguration", + "chime:listAppInstances", + "chime:listAttendees", + "chime:listChannelBans", + "chime:listChannels", + "chime:listChannelsModeratedByAppInstanceUser", + "chime:listMediaCapturePipelines", + "chime:listMediaPipelines", + "chime:listMeetings", + "chime:listSipMediaApplications", + "chime:listSipRules", + "chime:listVoiceConnectorGroups", + "chime:listVoiceConnectors", + "cleanrooms:batchGetCollaborationAnalysisTemplate", + "cleanrooms:batchGetSchema", + "cleanrooms:getAnalysisTemplate", + "cleanrooms:getCollaboration", + "cleanrooms:getCollaborationAnalysisTemplate", + "cleanrooms:getConfiguredTable", + "cleanrooms:getConfiguredTableAssociation", + "cleanrooms:getMembership", + "cleanrooms:getSchema", + "cleanrooms:listAnalysisTemplates", + "cleanrooms:listCollaborationAnalysisTemplates", + "cleanrooms:listCollaborations", + "cleanrooms:listConfiguredTableAssociations", + "cleanrooms:listConfiguredTables", + "cleanrooms:listMembers", + "cleanrooms:listMemberships", + "cleanrooms:listSchemas", "cloud9:describeEnvironmentMemberships", "cloud9:describeEnvironments", "cloud9:listEnvironments", @@ -26351,6 +35507,7 @@ aws_managed_policies_data = """ "cloudformation:batchDescribeTypeConfigurations", "cloudformation:describeAccountLimits", "cloudformation:describeChangeSet", + "cloudformation:describeChangeSetHooks", "cloudformation:describePublisher", "cloudformation:describeStackEvents", "cloudformation:describeStackInstance", @@ -26377,17 +35534,45 @@ aws_managed_policies_data = """ "cloudformation:listTypeRegistrations", "cloudformation:listTypes", "cloudformation:listTypeVersions", + "cloudfront:describeFunction", + "cloudfront:getCachePolicy", + "cloudfront:getCachePolicyConfig", "cloudfront:getCloudFrontOriginAccessIdentity", "cloudfront:getCloudFrontOriginAccessIdentityConfig", + "cloudfront:getContinuousDeploymentPolicy", + "cloudfront:getContinuousDeploymentPolicyConfig", "cloudfront:getDistribution", "cloudfront:getDistributionConfig", "cloudfront:getInvalidation", + "cloudfront:getKeyGroup", + "cloudfront:getKeyGroupConfig", + "cloudfront:getMonitoringSubscription", + "cloudfront:getOriginAccessControl", + "cloudfront:getOriginAccessControlConfig", + "cloudfront:getOriginRequestPolicy", + "cloudfront:getOriginRequestPolicyConfig", + "cloudfront:getPublicKey", + "cloudfront:getPublicKeyConfig", + "cloudfront:getRealtimeLogConfig", "cloudfront:getStreamingDistribution", "cloudfront:getStreamingDistributionConfig", + "cloudfront:listCachePolicies", "cloudfront:listCloudFrontOriginAccessIdentities", + "cloudfront:listContinuousDeploymentPolicies", "cloudfront:listDistributions", + "cloudfront:listDistributionsByCachePolicyId", + "cloudfront:listDistributionsByKeyGroup", + "cloudfront:listDistributionsByOriginRequestPolicyId", + "cloudfront:listDistributionsByRealtimeLogConfig", + "cloudfront:listDistributionsByResponseHeadersPolicyId", "cloudfront:listDistributionsByWebACLId", + "cloudfront:listFunctions", "cloudfront:listInvalidations", + "cloudfront:listKeyGroups", + "cloudfront:listOriginAccessControls", + "cloudfront:listOriginRequestPolicies", + "cloudfront:listPublicKeys", + "cloudfront:listRealtimeLogConfigs", "cloudfront:listStreamingDistributions", "cloudhsm:describeBackups", "cloudhsm:describeClusters", @@ -26418,8 +35603,11 @@ aws_managed_policies_data = """ "cloudwatch:getInsightRuleReport", "cloudwatch:getMetricData", "cloudwatch:getMetricStatistics", + "cloudwatch:getMetricStream", "cloudwatch:listDashboards", + "cloudwatch:listManagedInsightRules", "cloudwatch:listMetrics", + "cloudwatch:listMetricStreams", "codeartifact:describeDomain", "codeartifact:describePackageVersion", "codeartifact:describeRepository", @@ -26486,6 +35674,10 @@ aws_managed_policies_data = """ "codestar:listResources", "codestar:listTeamMembers", "codestar:listUserProfiles", + "codestar-connections:getConnection", + "codestar-connections:getHost", + "codestar-connections:listConnections", + "codestar-connections:listHosts", "cognito-identity:describeIdentityPool", "cognito-identity:getIdentityPoolRoles", "cognito-identity:listIdentities", @@ -26513,10 +35705,40 @@ aws_managed_policies_data = """ "cognito-sync:getIdentityPoolConfiguration", "cognito-sync:listDatasets", "cognito-sync:listIdentityPoolUsage", + "comprehend:describeDocumentClassificationJob", + "comprehend:describeDocumentClassifier", + "comprehend:describeDominantLanguageDetectionJob", + "comprehend:describeEndpoint", + "comprehend:describeEntitiesDetectionJob", + "comprehend:describeEntityRecognizer", + "comprehend:describeEventsDetectionJob", + "comprehend:describeFlywheel", + "comprehend:describeFlywheelIteration", + "comprehend:describeKeyPhrasesDetectionJob", + "comprehend:describePiiEntitiesDetectionJob", + "comprehend:describeSentimentDetectionJob", + "comprehend:describeTargetedSentimentDetectionJob", + "comprehend:describeTopicsDetectionJob", + "comprehend:listDocumentClassificationJobs", + "comprehend:listDocumentClassifiers", + "comprehend:listDominantLanguageDetectionJobs", + "comprehend:listEndpoints", + "comprehend:listEntitiesDetectionJobs", + "comprehend:listEntityRecognizers", + "comprehend:listEventsDetectionJobs", + "comprehend:listFlywheelIterationHistory", + "comprehend:listFlywheels", + "comprehend:listKeyPhrasesDetectionJobs", + "comprehend:listPiiEntitiesDetectionJobs", + "comprehend:listSentimentDetectionJobs", + "comprehend:listTargetedSentimentDetectionJobs", + "comprehend:listTopicsDetectionJobs", "compute-optimizer:getAutoScalingGroupRecommendations", "compute-optimizer:getEBSVolumeRecommendations", "compute-optimizer:getEC2InstanceRecommendations", "compute-optimizer:getEC2RecommendationProjectedMetrics", + "compute-optimizer:getECSServiceRecommendations", + "compute-optimizer:getECSServiceRecommendationProjectedMetrics", "compute-optimizer:getEnrollmentStatus", "compute-optimizer:getRecommendationSummaries", "config:batchGetAggregateResourceConfig", @@ -26562,12 +35784,22 @@ aws_managed_policies_data = """ "config:listAggregateDiscoveredResources", "config:listDiscoveredResources", "config:listTagsForResource", + "connect:describeContact", + "connect:describePhoneNumber", + "connect:describeQuickConnect", "connect:describeUser", "connect:getCurrentMetricData", "connect:getMetricData", + "connect:listContactEvaluations", + "connect:listEvaluationForms", + "connect:listEvaluationFormVersions", + "connect:listPhoneNumbersV2", + "connect:listQuickConnects", "connect:listRoutingProfiles", "connect:listSecurityProfiles", "connect:listUsers", + "connect:listViews", + "connect:listViewVersions", "controltower:describeAccountFactoryConfig", "controltower:describeCoreService", "controltower:describeGuardrail", @@ -26603,7 +35835,10 @@ aws_managed_policies_data = """ "datapipeline:queryObjects", "datasync:describeAgent", "datasync:describeLocationEfs", + "datasync:describeLocationFsxLustre", + "datasync:describeLocationFsxOpenZfs", "datasync:describeLocationFsxWindows", + "datasync:describeLocationHdfs", "datasync:describeLocationNfs", "datasync:describeLocationObjectStorage", "datasync:describeLocationS3", @@ -26653,33 +35888,75 @@ aws_managed_policies_data = """ "devicefarm:listTests", "devicefarm:listUniqueProblems", "devicefarm:listUploads", + "directconnect:describeConnectionLoa", "directconnect:describeConnections", "directconnect:describeConnectionsOnInterconnect", + "directconnect:describeCustomerMetadata", + "directconnect:describeDirectConnectGatewayAssociationProposals", + "directconnect:describeDirectConnectGatewayAssociations", + "directconnect:describeDirectConnectGatewayAttachments", + "directconnect:describeDirectConnectGateways", + "directconnect:describeHostedConnections", + "directconnect:describeInterconnectLoa", "directconnect:describeInterconnects", + "directconnect:describeLags", + "directconnect:describeLoa", "directconnect:describeLocations", + "directconnect:describeRouterConfiguration", "directconnect:describeVirtualGateways", "directconnect:describeVirtualInterfaces", "dlm:getLifecyclePolicies", "dlm:getLifecyclePolicy", "dms:describeAccountAttributes", + "dms:describeApplicableIndividualAssessments", "dms:describeConnections", "dms:describeEndpoints", + "dms:describeEndpointSettings", "dms:describeEndpointTypes", + "dms:describeEventCategories", + "dms:describeEvents", + "dms:describeEventSubscriptions", + "dms:describeFleetAdvisorCollectors", + "dms:describeFleetAdvisorDatabases", + "dms:describeFleetAdvisorLsaAnalysis", + "dms:describeFleetAdvisorSchemaObjectSummary", + "dms:describeFleetAdvisorSchemas", "dms:describeOrderableReplicationInstances", + "dms:describePendingMaintenanceActions", "dms:describeRefreshSchemasStatus", "dms:describeReplicationInstances", + "dms:describeReplicationInstanceTaskLogs", "dms:describeReplicationSubnetGroups", + "dms:describeReplicationTaskAssessmentResults", + "dms:describeReplicationTaskAssessmentRuns", + "dms:describeReplicationTaskIndividualAssessments", + "dms:describeReplicationTasks", + "dms:describeSchemas", + "dms:describeTableStatistics", + "docdb-elastic:getCluster", + "docdb-elastic:getClusterSnapshot", + "docdb-elastic:listClusters", + "docdb-elastic:listClusterSnapshots", "drs:describeJobLogItems", "drs:describeJobs", + "drs:describeLaunchConfigurationTemplates", "drs:describeRecoveryInstances", "drs:describeRecoverySnapshots", "drs:describeReplicationConfigurationTemplates", + "drs:describeSourceNetworks", "drs:describeSourceServers", "drs:getLaunchConfiguration", "drs:getReplicationConfiguration", + "drs:listExtensibleSourceServers", + "drs:listLaunchActions", + "drs:listStagingAccounts", + "ds:describeClientAuthenticationSettings", "ds:describeConditionalForwarders", "ds:describeDirectories", + "ds:describeDomainControllers", "ds:describeEventTopics", + "ds:describeLDAPSSettings", + "ds:describeSharedDirectories", "ds:describeSnapshots", "ds:describeTrusts", "ds:getDirectoryLimits", @@ -26689,22 +35966,34 @@ aws_managed_policies_data = """ "ds:listTagsForResource", "dynamodb:describeBackup", "dynamodb:describeContinuousBackups", + "dynamodb:describeContributorInsights", + "dynamodb:describeExport", "dynamodb:describeGlobalTable", + "dynamodb:describeImport", + "dynamodb:describeKinesisStreamingDestination", "dynamodb:describeLimits", "dynamodb:describeStream", "dynamodb:describeTable", "dynamodb:describeTimeToLive", "dynamodb:listBackups", + "dynamodb:listContributorInsights", + "dynamodb:listExports", "dynamodb:listGlobalTables", + "dynamodb:listImports", "dynamodb:listStreams", "dynamodb:listTables", "dynamodb:listTagsOfResource", "ec2:describeAccountAttributes", "ec2:describeAddresses", + "ec2:describeAddressesAttribute", + "ec2:describeAddressTransfers", + "ec2:describeAggregateIdFormat", "ec2:describeAvailabilityZones", "ec2:describeBundleTasks", "ec2:describeByoipCidrs", + "ec2:describeCapacityReservationFleets", "ec2:describeCapacityReservations", + "ec2:describeCarrierGateways", "ec2:describeClassicLinkInstances", "ec2:describeClientVpnAuthorizationRules", "ec2:describeClientVpnConnections", @@ -26715,17 +36004,21 @@ aws_managed_policies_data = """ "ec2:describeConversionTasks", "ec2:describeCustomerGateways", "ec2:describeDhcpOptions", - "ec2:describeElasticGpus", + "ec2:describeEgressOnlyInternetGateways", "ec2:describeExportImageTasks", "ec2:describeExportTasks", + "ec2:describeFastLaunchImages", "ec2:describeFastSnapshotRestores", "ec2:describeFleetHistory", "ec2:describeFleetInstances", "ec2:describeFleets", "ec2:describeFlowLogs", + "ec2:describeFpgaImageAttribute", + "ec2:describeFpgaImages", "ec2:describeHostReservationOfferings", "ec2:describeHostReservations", "ec2:describeHosts", + "ec2:describeIamInstanceProfileAssociations", "ec2:describeIdentityIdFormat", "ec2:describeIdFormat", "ec2:describeImageAttribute", @@ -26733,12 +36026,18 @@ aws_managed_policies_data = """ "ec2:describeImportImageTasks", "ec2:describeImportSnapshotTasks", "ec2:describeInstanceAttribute", + "ec2:describeInstanceCreditSpecifications", + "ec2:describeInstanceEventNotificationAttributes", + "ec2:describeInstanceEventWindows", "ec2:describeInstances", "ec2:describeInstanceStatus", + "ec2:describeInstanceTypeOfferings", + "ec2:describeInstanceTypes", "ec2:describeInternetGateways", "ec2:describeIpamPools", "ec2:describeIpams", "ec2:describeIpamScopes", + "ec2:describeIpv6Pools", "ec2:describeKeyPairs", "ec2:describeLaunchTemplates", "ec2:describeLaunchTemplateVersions", @@ -26756,6 +36055,7 @@ aws_managed_policies_data = """ "ec2:describeNetworkInterfaces", "ec2:describePlacementGroups", "ec2:describePrefixLists", + "ec2:describePrincipalIdFormat", "ec2:describePublicIpv4Pools", "ec2:describeRegions", "ec2:describeReservedInstances", @@ -26763,7 +36063,10 @@ aws_managed_policies_data = """ "ec2:describeReservedInstancesModifications", "ec2:describeReservedInstancesOfferings", "ec2:describeRouteTables", + "ec2:describeScheduledInstanceAvailability", "ec2:describeScheduledInstances", + "ec2:describeSecurityGroupReferences", + "ec2:describeSecurityGroupRules", "ec2:describeSecurityGroups", "ec2:describeSnapshotAttribute", "ec2:describeSnapshots", @@ -26773,15 +36076,26 @@ aws_managed_policies_data = """ "ec2:describeSpotFleetRequests", "ec2:describeSpotInstanceRequests", "ec2:describeSpotPriceHistory", + "ec2:describeStaleSecurityGroups", + "ec2:describeStoreImageTasks", "ec2:describeSubnets", "ec2:describeTags", "ec2:describeTrafficMirrorFilters", "ec2:describeTrafficMirrorSessions", "ec2:describeTrafficMirrorTargets", "ec2:describeTransitGatewayAttachments", + "ec2:describeTransitGatewayConnectPeers", + "ec2:describeTransitGatewayMulticastDomains", + "ec2:describeTransitGatewayPeeringAttachments", + "ec2:describeTransitGatewayPolicyTables", + "ec2:describeTransitGatewayRouteTableAnnouncements", "ec2:describeTransitGatewayRouteTables", "ec2:describeTransitGateways", "ec2:describeTransitGatewayVpcAttachments", + "ec2:describeVerifiedAccessEndpoints", + "ec2:describeVerifiedAccessGroups", + "ec2:describeVerifiedAccessInstances", + "ec2:describeVerifiedAccessTrustProviders", "ec2:describeVolumeAttribute", "ec2:describeVolumes", "ec2:describeVolumesModifications", @@ -26799,16 +36113,36 @@ aws_managed_policies_data = """ "ec2:describeVpcs", "ec2:describeVpnConnections", "ec2:describeVpnGateways", + "ec2:getAssociatedIpv6PoolCidrs", + "ec2:getCapacityReservationUsage", "ec2:getCoipPoolUsage", + "ec2:getConsoleOutput", "ec2:getConsoleScreenshot", + "ec2:getDefaultCreditSpecification", + "ec2:getEbsDefaultKmsKeyId", + "ec2:getEbsEncryptionByDefault", + "ec2:getGroupsForCapacityReservation", + "ec2:getHostReservationPurchasePreview", + "ec2:getInstanceTypesFromInstanceRequirements", "ec2:getIpamAddressHistory", "ec2:getIpamPoolAllocations", "ec2:getIpamPoolCidrs", "ec2:getIpamResourceCidrs", + "ec2:getLaunchTemplateData", "ec2:getManagedPrefixListAssociations", "ec2:getManagedPrefixListEntries", "ec2:getReservedInstancesExchangeQuote", + "ec2:getSerialConsoleAccessStatus", + "ec2:getSpotPlacementScores", + "ec2:getTransitGatewayMulticastDomainAssociations", + "ec2:getTransitGatewayPrefixListReferences", + "ec2:getVerifiedAccessEndpointPolicy", + "ec2:getVerifiedAccessGroupPolicy", + "ec2:listImagesInRecycleBin", + "ec2:listSnapshotsInRecycleBin", "ec2:searchLocalGatewayRoutes", + "ec2:searchTransitGatewayMulticastGroups", + "ec2:searchTransitGatewayRoutes", "ecr-public:describeImages", "ecr-public:describeImageTags", "ecr-public:describeRegistries", @@ -26818,12 +36152,17 @@ aws_managed_policies_data = """ "ecr-public:getRepositoryPolicy", "ecr-public:listTagsForResource", "ecr:batchCheckLayerAvailability", + "ecr:batchGetRepositoryScanningConfiguration", "ecr:describeImages", + "ecr:describeImageReplicationStatus", "ecr:describeImageScanFindings", + "ecr:describePullThroughCacheRules", "ecr:describeRegistry", "ecr:describeRepositories", "ecr:getLifecyclePolicy", + "ecr:getLifecyclePolicyPreview", "ecr:getRegistryPolicy", + "ecr:getRegistryScanningConfiguration", "ecr:getRepositoryPolicy", "ecr:listImages", "ecr:listTagsForResource", @@ -26834,21 +36173,35 @@ aws_managed_policies_data = """ "ecs:describeTaskDefinition", "ecs:describeTasks", "ecs:describeTaskSets", + "ecs:getTaskProtection", "ecs:listAccountSettings", "ecs:listAttributes", "ecs:listClusters", "ecs:listContainerInstances", "ecs:listServices", + "ecs:listServicesByNamespace", "ecs:listTagsForResource", "ecs:listTaskDefinitionFamilies", "ecs:listTaskDefinitions", "ecs:listTasks", + "eks:describeAccessEntry", + "eks:describeAddon", + "eks:describeAddonConfiguration", + "eks:describeAddonVersions", "eks:describeCluster", + "eks:describeEksAnywhereSubscription", "eks:describeFargateProfile", + "eks:describeIdentityProviderConfig", "eks:describeNodegroup", "eks:describeUpdate", + "eks:listAccessEntries", + "eks:listAccessPolicies", + "eks:listAddons", + "eks:listAssociatedAccessPolicies", "eks:listClusters", + "eks:listEksAnywhereSubscriptions", "eks:listFargateProfiles", + "eks:listIdentityProviderConfigs", "eks:listNodegroups", "eks:listUpdates", "elasticache:describeCacheClusters", @@ -26859,14 +36212,23 @@ aws_managed_policies_data = """ "elasticache:describeCacheSubnetGroups", "elasticache:describeEngineDefaultParameters", "elasticache:describeEvents", + "elasticache:describeGlobalReplicationGroups", "elasticache:describeReplicationGroups", "elasticache:describeReservedCacheNodes", "elasticache:describeReservedCacheNodesOfferings", + "elasticache:describeServerlessCaches", + "elasticache:describeServerlessCacheSnapshots", + "elasticache:describeServiceUpdates", "elasticache:describeSnapshots", + "elasticache:describeUpdateActions", + "elasticache:describeUserGroups", + "elasticache:describeUsers", "elasticache:listAllowedNodeTypeModifications", "elasticache:listTagsForResource", "elasticbeanstalk:checkDNSAvailability", + "elasticbeanstalk:describeAccountAttributes", "elasticbeanstalk:describeApplicationVersions", + "elasticbeanstalk:describeApplications", "elasticbeanstalk:describeConfigurationOptions", "elasticbeanstalk:describeEnvironmentHealth", "elasticbeanstalk:describeEnvironmentManagedActionHistory", @@ -26877,6 +36239,7 @@ aws_managed_policies_data = """ "elasticbeanstalk:describeInstancesHealth", "elasticbeanstalk:describePlatformVersion", "elasticbeanstalk:listAvailableSolutionStacks", + "elasticbeanstalk:listPlatformBranches", "elasticbeanstalk:listPlatformVersions", "elasticbeanstalk:validateConfigurationSettings", "elasticfilesystem:describeAccessPoints", @@ -26902,35 +36265,102 @@ aws_managed_policies_data = """ "elasticloadbalancing:describeTargetGroups", "elasticloadbalancing:describeTargetHealth", "elasticmapreduce:describeCluster", + "elasticmapreduce:describeNotebookExecution", + "elasticmapreduce:describeReleaseLabel", "elasticmapreduce:describeSecurityConfiguration", "elasticmapreduce:describeStep", + "elasticmapreduce:describeStudio", + "elasticmapreduce:getAutoTerminationPolicy", + "elasticmapreduce:getBlockPublicAccessConfiguration", + "elasticmapreduce:getManagedScalingPolicy", + "elasticmapreduce:getStudioSessionMapping", "elasticmapreduce:listBootstrapActions", "elasticmapreduce:listClusters", + "elasticmapreduce:listInstanceFleets", "elasticmapreduce:listInstanceGroups", "elasticmapreduce:listInstances", + "elasticmapreduce:listNotebookExecutions", + "elasticmapreduce:listReleaseLabels", "elasticmapreduce:listSecurityConfigurations", "elasticmapreduce:listSteps", + "elasticmapreduce:listStudios", + "elasticmapreduce:listStudioSessionMappings", "elastictranscoder:listJobsByPipeline", "elastictranscoder:listJobsByStatus", "elastictranscoder:listPipelines", "elastictranscoder:listPresets", "elastictranscoder:readPipeline", "elastictranscoder:readPreset", + "emr-containers:describeJobRun", + "emr-containers:describeJobTemplate", + "emr-containers:describeManagedEndpoint", + "emr-containers:describeVirtualCluster", + "emr-containers:listJobRuns", + "emr-containers:listJobTemplates", + "emr-containers:listManagedEndpoints", + "emr-containers:listVirtualClusters", + "emr-serverless:getApplication", + "emr-serverless:getJobRun", + "emr-serverless:listApplications", + "es:describeDomain", + "es:describeDomainAutoTunes", + "es:describeDomainChangeProgress", + "es:describeDomainConfig", + "es:describeDomains", + "es:describeDryRunProgress", "es:describeElasticsearchDomain", "es:describeElasticsearchDomainConfig", "es:describeElasticsearchDomains", + "es:describeInboundConnections", + "es:describeInstanceTypeLimits", + "es:describeOutboundConnections", + "es:describePackages", + "es:describeReservedInstanceOfferings", + "es:describeReservedInstances", + "es:describeVpcEndpoints", + "es:getCompatibleVersions", + "es:getPackageVersionHistory", + "es:getUpgradeHistory", + "es:getUpgradeStatus", "es:listDomainNames", + "es:listDomainsForPackage", + "es:listInstanceTypeDetails", + "es:listPackagesForDomain", + "es:listScheduledActions", + "es:listTags", + "es:listVersions", + "es:listVpcEndpointAccess", + "es:listVpcEndpoints", + "es:listVpcEndpointsForDomain", + "evidently:getExperiment", + "evidently:getFeature", + "evidently:getLaunch", + "evidently:getProject", + "evidently:getSegment", + "evidently:listExperiments", + "evidently:listFeatures", + "evidently:listLaunches", + "evidently:listProjects", + "evidently:listSegments", + "evidently:listSegmentReferences", "events:describeApiDestination", + "events:describeArchive", + "events:describeConnection", + "events:describeEndpoint", "events:describeEventBus", "events:describeEventSource", "events:describePartnerEventSource", + "events:describeReplay", "events:describeRule", + "events:listArchives", "events:listApiDestinations", "events:listConnections", + "events:listEndpoints", "events:listEventBuses", "events:listEventSources", "events:listPartnerEventSourceAccounts", "events:listPartnerEventSources", + "events:listReplays", "events:listRuleNamesByTarget", "events:listRules", "events:listTargetsByRule", @@ -26959,12 +36389,46 @@ aws_managed_policies_data = """ "forecast:listForecasts", "forecast:listPredictors", "fsx:describeBackups", + "fsx:describeDataRepositoryAssociations", "fsx:describeDataRepositoryTasks", + "fsx:describeFileCaches", "fsx:describeFileSystems", "fsx:describeSnapshots", "fsx:describeStorageVirtualMachines", "fsx:describeVolumes", "fsx:listTagsForResource", + "gamelift:describeAlias", + "gamelift:describeBuild", + "gamelift:describeEC2InstanceLimits", + "gamelift:describeFleetAttributes", + "gamelift:describeFleetCapacity", + "gamelift:describeFleetEvents", + "gamelift:describeFleetLocationAttributes", + "gamelift:describeFleetLocationCapacity", + "gamelift:describeFleetLocationUtilization", + "gamelift:describeFleetPortSettings", + "gamelift:describeFleetUtilization", + "gamelift:describeGameServer", + "gamelift:describeGameServerGroup", + "gamelift:describeGameSessionDetails", + "gamelift:describeGameSessionPlacement", + "gamelift:describeGameSessionQueues", + "gamelift:describeGameSessions", + "gamelift:describeInstances", + "gamelift:describeMatchmaking", + "gamelift:describeMatchmakingConfigurations", + "gamelift:describeMatchmakingRuleSets", + "gamelift:describePlayerSessions", + "gamelift:describeRuntimeConfiguration", + "gamelift:describeScalingPolicies", + "gamelift:describeScript", + "gamelift:listAliases", + "gamelift:listBuilds", + "gamelift:listFleets", + "gamelift:listGameServerGroups", + "gamelift:listGameServers", + "gamelift:listScripts", + "gamelift:resolveAlias", "glacier:describeJob", "glacier:describeVault", "glacier:getDataRetrievalPolicy", @@ -26981,17 +36445,33 @@ aws_managed_policies_data = """ "globalaccelerator:listAccelerators", "globalaccelerator:listEndpointGroups", "globalaccelerator:listListeners", + "glue:batchGetBlueprints", + "glue:batchGetCrawlers", + "glue:batchGetDevEndpoints", + "glue:batchGetJobs", "glue:batchGetPartition", + "glue:batchGetTriggers", + "glue:batchGetWorkflows", "glue:checkSchemaVersionValidity", + "glue:getBlueprint", + "glue:getBlueprintRun", + "glue:getBlueprintRuns", "glue:getCatalogImportStatus", "glue:getClassifier", "glue:getClassifiers", + "glue:getColumnStatisticsForPartition", + "glue:getColumnStatisticsForTable", "glue:getCrawler", "glue:getCrawlerMetrics", "glue:getCrawlers", + "glue:getCustomEntityType", "glue:getDatabase", "glue:getDatabases", "glue:getDataflowGraph", + "glue:getDataQualityResult", + "glue:getDataQualityRuleRecommendationRun", + "glue:getDataQualityRuleset", + "glue:getDataQualityRulesetEvaluationRun", "glue:getDevEndpoint", "glue:getDevEndpoints", "glue:getJob", @@ -26999,13 +36479,22 @@ aws_managed_policies_data = """ "glue:getJobRuns", "glue:getJobs", "glue:getMapping", + "glue:getMLTaskRun", + "glue:getMLTaskRuns", + "glue:getMLTransform", + "glue:getMLTransforms", "glue:getPartition", + "glue:getPartitionIndexes", "glue:getPartitions", "glue:getRegistry", + "glue:getResourcePolicies", + "glue:getResourcePolicy", "glue:getSchema", "glue:getSchemaByDefinition", "glue:getSchemaVersion", "glue:getSchemaVersionsDiff", + "glue:getSession", + "glue:getStatement", "glue:getTable", "glue:getTables", "glue:getTableVersions", @@ -27013,9 +36502,22 @@ aws_managed_policies_data = """ "glue:getTriggers", "glue:getUserDefinedFunction", "glue:getUserDefinedFunctions", + "glue:getWorkflow", + "glue:getWorkflowRun", + "glue:getWorkflowRuns", + "glue:listCrawlers", + "glue:listCrawls", + "glue:listDataQualityResults", + "glue:listDataQualityRuleRecommendationRuns", + "glue:listDataQualityRulesetEvaluationRuns", + "glue:listDataQualityRulesets", + "glue:listDevEndpoints", + "glue:listMLTransforms", "glue:listRegistries", "glue:listSchemas", "glue:listSchemaVersions", + "glue:listSessions", + "glue:listStatements", "glue:querySchemaVersionMetadata", "greengrass:getConnectivityInfo", "greengrass:getCoreDefinition", @@ -27067,6 +36569,7 @@ aws_managed_policies_data = """ "health:describeAffectedEntities", "health:describeAffectedEntitiesForOrganization", "health:describeEntityAggregates", + "health:describeEntityAggregatesForOrganization", "health:describeEventAggregates", "health:describeEventDetails", "health:describeEventDetailsForOrganization", @@ -27092,6 +36595,7 @@ aws_managed_policies_data = """ "iam:getRolePolicy", "iam:getSAMLProvider", "iam:getServerCertificate", + "iam:getServiceLinkedRoleDeletionStatus", "iam:getSSHPublicKey", "iam:getUser", "iam:getUserPolicy", @@ -27131,6 +36635,10 @@ aws_managed_policies_data = """ "imagebuilder:getImageRecipe", "imagebuilder:getImageRecipePolicy", "imagebuilder:getInfrastructureConfiguration", + "imagebuilder:getLifecycleExecution", + "imagebuilder:getLifecyclePolicy", + "imagebuilder:getWorkflowExecution", + "imagebuilder:getWorkflowStepExecution", "imagebuilder:listComponentBuildVersions", "imagebuilder:listComponents", "imagebuilder:listContainerRecipes", @@ -27140,7 +36648,13 @@ aws_managed_policies_data = """ "imagebuilder:listImagePipelines", "imagebuilder:listImageRecipes", "imagebuilder:listImages", + "imagebuilder:listImageScanFindingAggregations", "imagebuilder:listInfrastructureConfigurations", + "imagebuilder:listLifecycleExecutions", + "imagebuilder:listLifecycleExecutionResources", + "imagebuilder:listLifecyclePolicies", + "imagebuilder:listWorkflowExecutions", + "imagebuilder:listWorkflowStepExecutions", "imagebuilder:listTagsForResource", "inspector:describeAssessmentRuns", "inspector:describeAssessmentTargets", @@ -27161,16 +36675,23 @@ aws_managed_policies_data = """ "inspector2:describeOrganizationConfiguration", "inspector2:getDelegatedAdminAccount", "inspector2:getMember", + "inspector2:getSbomExport", "inspector2:listCoverage", "inspector2:listDelegatedAdminAccounts", "inspector2:listFilters", "inspector2:listFindings", "inspector2:listMembers", "inspector2:listUsageTotals", + "inspector-scan:scanSbom", + "internetmonitor:getMonitor", + "internetmonitor:listMonitors", + "internetmonitor:getHealthEvent", + "internetmonitor:listHealthEvents", "iot:describeAuthorizer", "iot:describeCACertificate", "iot:describeCertificate", "iot:describeDefaultAuthorizer", + "iot:describeDomainConfiguration", "iot:describeEndpoint", "iot:describeIndex", "iot:describeJobExecution", @@ -27189,10 +36710,14 @@ aws_managed_policies_data = """ "iot:listCACertificates", "iot:listCertificates", "iot:listCertificatesByCA", + "iot:listDomainConfigurations", "iot:listJobExecutionsForJob", "iot:listJobExecutionsForThing", "iot:listJobs", + "iot:listNamedShadowsForThing", "iot:listOutgoingCertificates", + "iot:listPackages", + "iot:listPackageVersions", "iot:listPolicies", "iot:listPolicyPrincipals", "iot:listPolicyVersions", @@ -27205,6 +36730,7 @@ aws_managed_policies_data = """ "iot:listThingPrincipals", "iot:listThingRegistrationTasks", "iot:listThings", + "iot:listThingsInThingGroup", "iot:listThingTypes", "iot:listTopicRules", "iot:listTunnels", @@ -27217,6 +36743,24 @@ aws_managed_policies_data = """ "iotevents:listDetectorModelVersions", "iotevents:listDetectors", "iotevents:listInputs", + "iotfleetwise:getCampaign", + "iotfleetwise:getDecoderManifest", + "iotfleetwise:getFleet", + "iotfleetwise:getModelManifest", + "iotfleetwise:getSignalCatalog", + "iotfleetwise:getVehicle", + "iotfleetwise:getVehicleStatus", + "iotfleetwise:listCampaigns", + "iotfleetwise:listDecoderManifests", + "iotfleetwise:listDecoderManifestNetworkInterfaces", + "iotfleetwise:listDecoderManifestSignals", + "iotfleetwise:listFleets", + "iotfleetwise:listFleetsForVehicle", + "iotfleetwise:listModelManifests", + "iotfleetwise:listModelManifestNodes", + "iotfleetwise:listSignalCatalogs", + "iotfleetwise:listSignalCatalogNodes", + "iotfleetwise:listVehicles", "iotsitewise:describeAccessPolicy", "iotsitewise:describeAsset", "iotsitewise:describeAssetModel", @@ -27236,6 +36780,18 @@ aws_managed_policies_data = """ "iotsitewise:listPortals", "iotsitewise:listProjectAssets", "iotsitewise:listProjects", + "iottwinmaker:getComponentType", + "iottwinmaker:getEntity", + "iottwinmaker:getPricingPlan", + "iottwinmaker:getScene", + "iottwinmaker:getWorkspace", + "iottwinmaker:listComponentTypes", + "iottwinmaker:listEntities", + "iottwinmaker:listScenes", + "iottwinmaker:getSyncJob", + "iottwinmaker:listSyncJobs", + "iottwinmaker:listSyncResources", + "iottwinmaker:listWorkspaces", "iotwireless:getDestination", "iotwireless:getDeviceProfile", "iotwireless:getPartnerAccount", @@ -27257,13 +36813,34 @@ aws_managed_policies_data = """ "iotwireless:listWirelessDevices", "iotwireless:listWirelessGateways", "iotwireless:listWirelessGatewayTaskDefinitions", + "ivs:getChannel", + "ivs:getRecordingConfiguration", + "ivs:getStream", + "ivs:getStreamSession", "ivs:listChannels", + "ivs:listPlaybackKeyPairs", + "ivs:listRecordingConfigurations", + "ivs:listStreamKeys", "ivs:listStreams", "ivs:listStreamSessions", "kafka:describeCluster", + "kafka:describeClusterOperation", + "kafka:describeClusterV2", + "kafka:describeConfiguration", + "kafka:describeConfigurationRevision", "kafka:getBootstrapBrokers", + "kafka:listConfigurations", + "kafka:listConfigurationRevisions", + "kafka:listClusterOperations", "kafka:listClusters", + "kafka:listClustersV2", "kafka:listNodes", + "kafkaconnect:describeConnector", + "kafkaconnect:describeCustomPlugin", + "kafkaconnect:describeWorkerConfiguration", + "kafkaconnect:listConnectors", + "kafkaconnect:listCustomPlugins", + "kafkaconnect:listWorkerConfigurations", "kendra:describeDataSource", "kendra:describeFaq", "kendra:describeIndex", @@ -27281,6 +36858,15 @@ aws_managed_policies_data = """ "kinesisanalytics:describeApplicationSnapshot", "kinesisanalytics:listApplications", "kinesisanalytics:listApplicationSnapshots", + "kinesisvideo:describeImageGenerationConfiguration", + "kinesisvideo:describeNotificationConfiguration", + "kinesisvideo:describeSignalingChannel", + "kinesisvideo:describeStream", + "kinesisvideo:getDataEndpoint", + "kinesisvideo:getIceServerConfig", + "kinesisvideo:getSignalingChannelEndpoint", + "kinesisvideo:listSignalingChannels", + "kinesisvideo:listStreams", "kms:describeKey", "kms:getKeyPolicy", "kms:getKeyRotationStatus", @@ -27299,16 +36885,19 @@ aws_managed_policies_data = """ "lambda:getFunctionConcurrency", "lambda:getFunctionConfiguration", "lambda:getFunctionEventInvokeConfig", + "lambda:getFunctionUrlConfig", "lambda:getLayerVersion", "lambda:getLayerVersionPolicy", "lambda:getPolicy", "lambda:getProvisionedConcurrencyConfig", + "lambda:getRuntimeManagementConfig", "lambda:listAliases", "lambda:listCodeSigningConfigs", "lambda:listEventSourceMappings", "lambda:listFunctionEventInvokeConfigs", "lambda:listFunctions", "lambda:listFunctionsByCodeSigningConfig", + "lambda:listFunctionUrlConfigs", "lambda:listLayers", "lambda:listLayerVersions", "lambda:listProvisionedConcurrencyConfigs", @@ -27316,6 +36905,18 @@ aws_managed_policies_data = """ "launchwizard:describeProvisionedApp", "launchwizard:describeProvisioningEvents", "launchwizard:listProvisionedApps", + "lex:describeBot", + "lex:describeBotAlias", + "lex:describeBotLocale", + "lex:describeBotRecommendation", + "lex:describeBotVersion", + "lex:describeCustomVocabularyMetadata", + "lex:describeExport", + "lex:describeImport", + "lex:describeIntent", + "lex:describeResourcePolicy", + "lex:describeSlot", + "lex:describeSlotType", "lex:getBot", "lex:getBotAlias", "lex:getBotAliases", @@ -27332,6 +36933,17 @@ aws_managed_policies_data = """ "lex:getSlotType", "lex:getSlotTypes", "lex:getSlotTypeVersions", + "lex:listBotAliases", + "lex:listBotLocales", + "lex:listBotRecommendations", + "lex:listBots", + "lex:listBotVersions", + "lex:listExports", + "lex:listImports", + "lex:listIntents", + "lex:listRecommendedIntents", + "lex:listSlots", + "lex:listSlotTypes", "license-manager:getLicenseConfiguration", "license-manager:getServiceSettings", "license-manager:listAssociationsForLicenseConfiguration", @@ -27389,17 +37001,37 @@ aws_managed_policies_data = """ "lightsail:getStaticIp", "lightsail:getStaticIps", "lightsail:isVpcPeered", + "logs:describeAccountPolicies", + "logs:describeDeliveries", + "logs:describeDeliveryDestinations", + "logs:describeDeliverySources", "logs:describeDestinations", "logs:describeExportTasks", "logs:describeLogGroups", "logs:describeLogStreams", "logs:describeMetricFilters", "logs:describeQueries", + "logs:describeQueryDefinitions", "logs:describeResourcePolicies", "logs:describeSubscriptionFilters", + "logs:getDataProtectionPolicy", + "logs:getDelivery", + "logs:getDeliveryDestination", + "logs:getDeliveryDestinationPolicy", + "logs:getDeliverySource", "logs:getLogDelivery", + "logs:getLogGroupFields", "logs:listLogDeliveries", "logs:testMetricFilter", + "lookoutequipment:describeDataIngestionJob", + "lookoutequipment:describeDataset", + "lookoutequipment:describeInferenceScheduler", + "lookoutequipment:describeModel", + "lookoutequipment:listDataIngestionJobs", + "lookoutequipment:listDatasets", + "lookoutequipment:listInferenceExecutions", + "lookoutequipment:listInferenceSchedulers", + "lookoutequipment:listModels", "lookoutmetrics:describeAlert", "lookoutmetrics:describeAnomalyDetectionExecutions", "lookoutmetrics:describeAnomalyDetector", @@ -27470,13 +37102,20 @@ aws_managed_policies_data = """ "mediastore:listContainers", "mediatailor:getPlaybackConfiguration", "mediatailor:listPlaybackConfigurations", + "medical-imaging:getDatastore", + "medical-imaging:listDatastores", "mgn:describeJobLogItems", "mgn:describeJobs", + "mgn:describeLaunchConfigurationTemplates", "mgn:describeReplicationConfigurationTemplates", "mgn:describeSourceServers", "mgn:describeVcenterClients", "mgn:getLaunchConfiguration", "mgn:getReplicationConfiguration", + "mgn:listApplications", + "mgn:listSourceServerActions", + "mgn:listTemplateActions", + "mgn:listWaves", "mobiletargeting:getAdmChannel", "mobiletargeting:getApnsChannel", "mobiletargeting:getApnsSandboxChannel", @@ -27499,12 +37138,19 @@ aws_managed_policies_data = """ "mobiletargeting:getGcmChannel", "mobiletargeting:getImportJob", "mobiletargeting:getImportJobs", + "mobiletargeting:getJourney", + "mobiletargeting:getJourneyExecutionMetrics", + "mobiletargeting:getJourneyExecutionActivityMetrics", + "mobiletargeting:getJourneyRunExecutionActivityMetrics", + "mobiletargeting:getJourneyRunExecutionMetrics", + "mobiletargeting:getJourneyRuns", "mobiletargeting:getSegment", "mobiletargeting:getSegmentImportJobs", "mobiletargeting:getSegments", "mobiletargeting:getSegmentVersion", "mobiletargeting:getSegmentVersions", "mobiletargeting:getSmsChannel", + "mobiletargeting:listJourneys", "mq:describeBroker", "mq:describeConfiguration", "mq:describeConfigurationRevision", @@ -27513,19 +37159,38 @@ aws_managed_policies_data = """ "mq:listConfigurationRevisions", "mq:listConfigurations", "mq:listUsers", + "m2:getApplication", + "m2:getApplicationVersion", + "m2:getBatchJobExecution", + "m2:getDataSetDetails", + "m2:getDataSetImportTask", + "m2:getDeployment", + "m2:getEnvironment", + "m2:listApplications", + "m2:listApplicationVersions", + "m2:listBatchJobDefinitions", + "m2:listBatchJobExecutions", + "m2:listDataSetImportHistory", + "m2:listDataSets", + "m2:listDeployments", + "m2:listEngineVersions", + "m2:listEnvironments", "network-firewall:describeFirewall", "network-firewall:describeFirewallPolicy", "network-firewall:describeLoggingConfiguration", "network-firewall:describeRuleGroup", + "network-firewall:describeTlsInspectionConfiguration", "network-firewall:listFirewallPolicies", "network-firewall:listFirewalls", "network-firewall:listRuleGroups", + "network-firewall:listTlsInspectionConfigurations", "networkmanager:describeGlobalNetworks", "networkmanager:getConnectAttachment", "networkmanager:getConnections", "networkmanager:getConnectPeer", "networkmanager:getConnectPeerAssociations", "networkmanager:getCoreNetwork", + "networkmanager:getCoreNetworkChangeEvents", "networkmanager:getCoreNetworkChangeSet", "networkmanager:getCoreNetworkPolicy", "networkmanager:getCustomerGatewayAssociations", @@ -27542,13 +37207,80 @@ aws_managed_policies_data = """ "networkmanager:getSites", "networkmanager:getSiteToSiteVpnAttachment", "networkmanager:getTransitGatewayConnectPeerAssociations", + "networkmanager:getTransitGatewayPeering", "networkmanager:getTransitGatewayRegistrations", + "networkmanager:getTransitGatewayRouteTableAttachment", "networkmanager:getVpcAttachment", "networkmanager:listAttachments", "networkmanager:listConnectPeers", "networkmanager:listCoreNetworkPolicyVersions", "networkmanager:listCoreNetworks", + "networkmanager:listOrganizationServiceAccessStatus", + "networkmanager:listPeerings", "networkmanager:listTagsForResource", + "nimble:getEula", + "nimble:getLaunchProfile", + "nimble:getLaunchProfileDetails", + "nimble:getLaunchProfileInitialization", + "nimble:getLaunchProfileMember", + "nimble:getStreamingImage", + "nimble:getStreamingSession", + "nimble:getStreamingSessionStream", + "nimble:getStudio", + "nimble:getStudioComponent", + "nimble:listEulaAcceptances", + "nimble:listEulas", + "nimble:listLaunchProfiles", + "nimble:listStreamingImages", + "nimble:listStreamingSessions", + "nimble:listStudioComponents", + "nimble:listStudios", + "notifications:getEventRule", + "notifications:getNotificationConfiguration", + "notifications:getNotificationEvent", + "notifications:listChannels", + "notifications:listEventRules", + "notifications:listNotificationConfigurations", + "notifications:listNotificationEvents", + "notifications:listNotificationHubs", + "notifications-contacts:getEmailContact", + "notifications-contacts:listEmailContacts", + "oam:getLink", + "oam:getSink", + "oam:getSinkPolicy", + "oam:listAttachedLinks", + "oam:listLinks", + "oam:listSinks", + "omics:getAnnotationImportJob", + "omics:getAnnotationStore", + "omics:getReadSetImportJob", + "omics:getReadSetMetadata", + "omics:getReference", + "omics:getReferenceImportJob", + "omics:getReferenceMetadata", + "omics:getReferenceStore", + "omics:getRun", + "omics:getRunGroup", + "omics:getSequenceStore", + "omics:getVariantImportJob", + "omics:getVariantStore", + "omics:getWorkflow", + "omics:listAnnotationImportJobs", + "omics:listAnnotationStores", + "omics:listMultipartReadSetUploads", + "omics:listReadSetImportJobs", + "omics:listReadSets", + "omics:listReadSetUploadParts", + "omics:listReferenceImportJobs", + "omics:listReferenceStores", + "omics:listReferences", + "omics:listRunGroups", + "omics:listRunTasks", + "omics:listRuns", + "omics:listSequenceStores", + "omics:listVariantImportJobs", + "omics:listVariantStores", + "omics:listWorkflows", "opsworks-cm:describeAccountAttributes", "opsworks-cm:describeBackups", "opsworks-cm:describeEvents", @@ -27578,54 +37310,129 @@ aws_managed_policies_data = """ "opsworks:getHostnameSuggestion", "organizations:listAccounts", "organizations:listTagsForResource", + "outposts:getCatalogItem", + "outposts:getConnection", + "outposts:getOrder", "outposts:getOutpost", "outposts:getOutpostInstanceTypes", + "outposts:getSite", + "outposts:listAssets", + "outposts:listCatalogItems", + "outposts:listOrders", "outposts:listOutposts", "outposts:listSites", "personalize:describeAlgorithm", + "personalize:describeBatchInferenceJob", + "personalize:describeBatchSegmentJob", "personalize:describeCampaign", "personalize:describeDataset", + "personalize:describeDatasetExportJob", "personalize:describeDatasetGroup", "personalize:describeDatasetImportJob", "personalize:describeEventTracker", "personalize:describeFeatureTransformation", + "personalize:describeFilter", "personalize:describeRecipe", + "personalize:describeRecommender", "personalize:describeSchema", "personalize:describeSolution", "personalize:describeSolutionVersion", + "personalize:getPersonalizedRanking", + "personalize:getRecommendations", + "personalize:getSolutionMetrics", + "personalize:listBatchInferenceJobs", + "personalize:listBatchSegmentJobs", "personalize:listCampaigns", + "personalize:listDatasetExportJobs", "personalize:listDatasetGroups", "personalize:listDatasetImportJobs", "personalize:listDatasets", "personalize:listEventTrackers", "personalize:listRecipes", + "personalize:listRecommenders", "personalize:listSchemas", "personalize:listSolutions", "personalize:listSolutionVersions", + "pipes:describePipe", + "pipes:listPipes", + "pipes:listTagsForResource", "polly:describeVoices", "polly:getLexicon", "polly:listLexicons", "pricing:describeServices", "pricing:getAttributeValues", "pricing:getProducts", + "private-networks:getDeviceIdentifier", + "private-networks:getNetwork", + "private-networks:getNetworkResource", + "private-networks:listDeviceIdentifiers", + "private-networks:listNetworks", + "private-networks:listNetworkResources", + "quicksight:describeAccountCustomization", + "quicksight:describeAccountSettings", + "quicksight:describeAccountSubscription", + "quicksight:describeAnalysis", + "quicksight:describeAnalysisPermissions", "quicksight:describeDashboard", "quicksight:describeDashboardPermissions", + "quicksight:describeDataSet", + "quicksight:describeDataSetPermissions", + "quicksight:describeDataSetRefreshProperties", + "quicksight:describeDataSource", + "quicksight:describeDataSourcePermissions", + "quicksight:describeFolder", + "quicksight:describeFolderPermissions", + "quicksight:describeFolderResolvedPermissions", "quicksight:describeGroup", + "quicksight:describeGroupMembership", "quicksight:describeIAMPolicyAssignment", + "quicksight:describeIngestion", + "quicksight:describeIpRestriction", + "quicksight:describeNamespace", + "quicksight:describeRefreshSchedule", "quicksight:describeTemplate", "quicksight:describeTemplateAlias", "quicksight:describeTemplatePermissions", + "quicksight:describeTheme", + "quicksight:describeThemeAlias", + "quicksight:describeThemePermissions", + "quicksight:describeTopic", + "quicksight:describeTopicPermissions", + "quicksight:describeTopicRefresh", + "quicksight:describeTopicRefreshSchedule", "quicksight:describeUser", + "quicksight:describeVPCConnection", + "quicksight:listAnalyses", "quicksight:listDashboards", + "quicksight:listDashboardVersions", + "quicksight:listDataSets", + "quicksight:listDataSources", + "quicksight:listFolderMembers", + "quicksight:listFolders", "quicksight:listGroupMemberships", "quicksight:listGroups", "quicksight:listIAMPolicyAssignments", "quicksight:listIAMPolicyAssignmentsForUser", + "quicksight:listIngestions", + "quicksight:listNamespaces", + "quicksight:listRefreshSchedules", "quicksight:listTemplateAliases", "quicksight:listTemplates", "quicksight:listTemplateVersions", + "quicksight:listThemeAliases", + "quicksight:listThemes", + "quicksight:listThemeVersions", + "quicksight:listTopicRefreshSchedules", + "quicksight:listTopics", "quicksight:listUserGroups", "quicksight:listUsers", + "quicksight:listVPCConnections", + "quicksight:searchAnalyses", + "quicksight:searchDashboards", + "quicksight:searchDataSets", + "quicksight:searchDataSources", + "quicksight:searchFolders", + "quicksight:searchGroups", "ram:getPermission", "ram:getResourceShareAssociations", "ram:getResourceShareInvitations", @@ -27637,13 +37444,17 @@ aws_managed_policies_data = """ "rbin:getRule", "rbin:listRules", "rds:describeAccountAttributes", + "rds:describeBlueGreenDeployments", "rds:describeCertificates", + "rds:describeDBClusterEndpoints", "rds:describeDBClusterParameterGroups", "rds:describeDBClusterParameters", "rds:describeDBClusters", "rds:describeDBClusterSnapshots", "rds:describeDBEngineVersions", + "rds:describeDBInstanceAutomatedBackups", "rds:describeDBInstances", + "rds:describeDBLogFiles", "rds:describeDBParameterGroups", "rds:describeDBParameters", "rds:describeDBSecurityGroups", @@ -27656,12 +37467,16 @@ aws_managed_policies_data = """ "rds:describeEvents", "rds:describeEventSubscriptions", "rds:describeExportTasks", + "rds:describeGlobalClusters", + "rds:describeIntegrations", "rds:describeOptionGroupOptions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describePendingMaintenanceActions", "rds:describeReservedDBInstances", "rds:describeReservedDBInstancesOfferings", + "rds:describeSourceRegions", + "rds:describeValidDBInstanceModifications", "rds:listTagsForResource", "redshift-data:describeStatement", "redshift-data:listStatements", @@ -27672,6 +37487,9 @@ aws_managed_policies_data = """ "redshift:describeClusterSnapshots", "redshift:describeClusterSubnetGroups", "redshift:describeClusterVersions", + "redshift:describeDataShares", + "redshift:describeDataSharesForConsumer", + "redshift:describeDataSharesForProducer", "redshift:describeDefaultClusterParameters", "redshift:describeEventCategories", "redshift:describeEvents", @@ -27687,8 +37505,28 @@ aws_managed_policies_data = """ "redshift:describeStorage", "redshift:describeTableRestoreStatus", "redshift:describeTags", + "redshift-serverless:getEndpointAccess", + "redshift-serverless:getNamespace", + "redshift-serverless:getRecoveryPoint", + "redshift-serverless:getSnapshot", + "redshift-serverless:getTableRestoreStatus", + "redshift-serverless:getUsageLimit", + "redshift-serverless:getWorkgroup", + "redshift-serverless:listEndpointAccess", + "redshift-serverless:listNamespaces", + "redshift-serverless:listRecoveryPoints", + "redshift-serverless:listSnapshots", + "redshift-serverless:listTableRestoreStatus", + "redshift-serverless:listUsageLimits", + "redshift-serverless:listWorkgroups", "rekognition:listCollections", "rekognition:listFaces", + "resource-explorer-2:getAccountLevelServiceConfiguration", + "resource-explorer-2:getIndex", + "resource-explorer-2:getView", + "resource-explorer-2:listIndexes", + "resource-explorer-2:listViews", + "resource-explorer-2:search", "resource-groups:getGroup", "resource-groups:getGroupQuery", "resource-groups:getTags", @@ -27708,6 +37546,14 @@ aws_managed_policies_data = """ "robomaker:listRobots", "robomaker:listSimulationApplications", "robomaker:listSimulationJobs", + "route53-recovery-cluster:getRoutingControlState", + "route53-recovery-cluster:listRoutingControls", + "route53-recovery-control-config:describeControlPanel", + "route53-recovery-control-config:describeRoutingControl", + "route53-recovery-control-config:describeSafetyRule", + "route53-recovery-control-config:listControlPanels", + "route53-recovery-control-config:listRoutingControls", + "route53-recovery-control-config:listSafetyRules", "route53-recovery-readiness:getCell", "route53-recovery-readiness:getCellReadinessSummary", "route53-recovery-readiness:getReadinessCheck", @@ -27719,8 +37565,10 @@ aws_managed_policies_data = """ "route53-recovery-readiness:listReadinessChecks", "route53-recovery-readiness:listRecoveryGroups", "route53-recovery-readiness:listResourceSets", + "route53:getAccountLimit", "route53:getChange", "route53:getCheckerIpRanges", + "route53:getDNSSEC", "route53:getGeoLocation", "route53:getHealthCheck", "route53:getHealthCheckCount", @@ -27728,14 +37576,21 @@ aws_managed_policies_data = """ "route53:getHealthCheckStatus", "route53:getHostedZone", "route53:getHostedZoneCount", + "route53:getHostedZoneLimit", + "route53:getQueryLoggingConfig", "route53:getReusableDelegationSet", "route53:getTrafficPolicy", "route53:getTrafficPolicyInstance", "route53:getTrafficPolicyInstanceCount", + "route53:listCidrBlocks", + "route53:listCidrCollections", + "route53:listCidrLocations", "route53:listGeoLocations", "route53:listHealthChecks", "route53:listHostedZones", "route53:listHostedZonesByName", + "route53:listHostedZonesByVpc", + "route53:listQueryLoggingConfigs", "route53:listResourceRecordSets", "route53:listReusableDelegationSets", "route53:listTrafficPolicies", @@ -27743,19 +37598,28 @@ aws_managed_policies_data = """ "route53:listTrafficPolicyInstancesByHostedZone", "route53:listTrafficPolicyInstancesByPolicy", "route53:listTrafficPolicyVersions", + "route53:listVPCAssociationAuthorizations", "route53domains:checkDomainAvailability", "route53domains:getContactReachabilityStatus", "route53domains:getDomainDetail", "route53domains:getOperationDetail", "route53domains:listDomains", "route53domains:listOperations", + "route53domains:listPrices", "route53domains:listTagsForDomain", "route53domains:viewBilling", "route53resolver:getFirewallConfig", "route53resolver:getFirewallDomainList", "route53resolver:getFirewallRuleGroup", "route53resolver:getFirewallRuleGroupAssociation", + "route53resolver:getFirewallRuleGroupPolicy", + "route53resolver:getOutpostResolver", "route53resolver:getResolverDnssecConfig", + "route53resolver:getResolverQueryLogConfig", + "route53resolver:getResolverQueryLogConfigAssociation", + "route53resolver:getResolverQueryLogConfigPolicy", + "route53resolver:getResolverRule", + "route53resolver:getResolverRuleAssociation", "route53resolver:getResolverRulePolicy", "route53resolver:listFirewallConfigs", "route53resolver:listFirewallDomainLists", @@ -27763,12 +37627,20 @@ aws_managed_policies_data = """ "route53resolver:listFirewallRuleGroupAssociations", "route53resolver:listFirewallRuleGroups", "route53resolver:listFirewallRules", + "route53resolver:listOutpostResolvers", + "route53resolver:listResolverConfigs", "route53resolver:listResolverDnssecConfigs", "route53resolver:listResolverEndpointIpAddresses", "route53resolver:listResolverEndpoints", + "route53resolver:listResolverQueryLogConfigAssociations", + "route53resolver:listResolverQueryLogConfigs", "route53resolver:listResolverRuleAssociations", "route53resolver:listResolverRules", "route53resolver:listTagsForResource", + "rum:batchGetRumMetricDefinitions", + "rum:getAppMonitor", + "rum:listAppMonitors", + "rum:listRumMetricsDestinations", "s3:describeJob", "s3:describeMultiRegionAccessPointOperation", "s3:getAccelerateConfiguration", @@ -27802,6 +37674,7 @@ aws_managed_policies_data = """ "s3:getMultiRegionAccessPoint", "s3:getMultiRegionAccessPointPolicy", "s3:getMultiRegionAccessPointPolicyStatus", + "s3:getMultiRegionAccessPointRoutes", "s3:getObjectLegalHold", "s3:getObjectRetention", "s3:getReplicationConfiguration", @@ -27816,29 +37689,41 @@ aws_managed_policies_data = """ "s3:listMultipartUploadParts", "s3:listMultiRegionAccessPoints", "s3:listStorageLensConfigurations", + "s3express:listAllMyDirectoryBuckets", "sagemaker:describeAction", "sagemaker:describeAlgorithm", "sagemaker:describeApp", + "sagemaker:describeAppImageConfig", "sagemaker:describeArtifact", "sagemaker:describeAutoMLJob", + "sagemaker:describeCodeRepository", "sagemaker:describeCompilationJob", "sagemaker:describeContext", "sagemaker:describeDataQualityJobDefinition", "sagemaker:describeDevice", "sagemaker:describeDeviceFleet", "sagemaker:describeDomain", + "sagemaker:describeEdgeDeploymentPlan", "sagemaker:describeEdgePackagingJob", "sagemaker:describeEndpoint", "sagemaker:describeEndpointConfig", "sagemaker:describeExperiment", "sagemaker:describeFeatureGroup", + "sagemaker:describeFeatureMetadata", + "sagemaker:describeFlowDefinition", + "sagemaker:describeHub", + "sagemaker:describeHubContent", "sagemaker:describeHumanTaskUi", "sagemaker:describeHyperParameterTuningJob", "sagemaker:describeImage", "sagemaker:describeImageVersion", + "sagemaker:describeInferenceExperiment", + "sagemaker:describeInferenceRecommendationsJob", "sagemaker:describeLabelingJob", "sagemaker:describeModel", "sagemaker:describeModelBiasJobDefinition", + "sagemaker:describeModelCard", + "sagemaker:describeModelCardExportJob", "sagemaker:describeModelExplainabilityJobDefinition", "sagemaker:describeModelPackage", "sagemaker:describeModelPackageGroup", @@ -27851,15 +37736,23 @@ aws_managed_policies_data = """ "sagemaker:describePipelineExecution", "sagemaker:describeProcessingJob", "sagemaker:describeProject", + "sagemaker:describeSpace", + "sagemaker:describeStudioLifecycleConfig", "sagemaker:describeSubscribedWorkteam", "sagemaker:describeTrainingJob", "sagemaker:describeTransformJob", "sagemaker:describeTrial", "sagemaker:describeTrialComponent", "sagemaker:describeUserProfile", + "sagemaker:describeWorkforce", "sagemaker:describeWorkteam", + "sagemaker:getDeviceFleetReport", + "sagemaker:getModelPackageGroupPolicy", + "sagemaker:getSagemakerServicecatalogPortfolioStatus", "sagemaker:listActions", "sagemaker:listAlgorithms", + "sagemaker:listAliases", + "sagemaker:listAppImageConfigs", "sagemaker:listApps", "sagemaker:listArtifacts", "sagemaker:listAssociations", @@ -27872,24 +37765,38 @@ aws_managed_policies_data = """ "sagemaker:listDeviceFleets", "sagemaker:listDevices", "sagemaker:listDomains", + "sagemaker:listEdgeDeploymentPlans", "sagemaker:listEdgePackagingJobs", "sagemaker:listEndpointConfigs", "sagemaker:listEndpoints", "sagemaker:listExperiments", "sagemaker:listFeatureGroups", "sagemaker:listFlowDefinitions", + "sagemaker:listHubContents", + "sagemaker:listHubContentVersions", + "sagemaker:listHubs", "sagemaker:listHumanTaskUis", "sagemaker:listHyperParameterTuningJobs", "sagemaker:listImages", "sagemaker:listImageVersions", + "sagemaker:listInferenceExperiments", + "sagemaker:listInferenceRecommendationsJobs", + "sagemaker:listInferenceRecommendationsJobSteps", "sagemaker:listLabelingJobs", "sagemaker:listLabelingJobsForWorkteam", + "sagemaker:listLineageGroups", "sagemaker:listModelBiasJobDefinitions", + "sagemaker:listModelCardExportJobs", + "sagemaker:listModelCards", + "sagemaker:listModelCardVersions", "sagemaker:listModelExplainabilityJobDefinitions", + "sagemaker:listModelMetadata", "sagemaker:listModelPackageGroups", "sagemaker:listModelPackages", "sagemaker:listModelQualityJobDefinitions", "sagemaker:listModels", + "sagemaker:listMonitoringAlertHistory", + "sagemaker:listMonitoringAlerts", "sagemaker:listMonitoringExecutions", "sagemaker:listMonitoringSchedules", "sagemaker:listNotebookInstanceLifecycleConfigs", @@ -27900,6 +37807,9 @@ aws_managed_policies_data = """ "sagemaker:listPipelines", "sagemaker:listProcessingJobs", "sagemaker:listProjects", + "sagemaker:listSpaces", + "sagemaker:listStageDevices", + "sagemaker:listStudioLifecycleConfigs", "sagemaker:listSubscribedWorkteams", "sagemaker:listTags", "sagemaker:listTrainingJobs", @@ -27908,8 +37818,24 @@ aws_managed_policies_data = """ "sagemaker:listTrialComponents", "sagemaker:listTrials", "sagemaker:listUserProfiles", + "sagemaker:listWorkforces", "sagemaker:listWorkteams", "savingsplans:describeSavingsPlans", + "scheduler:getSchedule", + "scheduler:getScheduleGroup", + "scheduler:listScheduleGroups", + "scheduler:listSchedules", + "schemas:describeCodeBinding", + "schemas:describeDiscoverer", + "schemas:describeRegistry", + "schemas:describeSchema", + "schemas:getCodeBindingSource", + "schemas:getDiscoveredSchema", + "schemas:getResourcePolicy", + "schemas:listDiscoverers", + "schemas:listRegistries", + "schemas:listSchemas", + "schemas:listSchemaVersions", "sdb:domainMetadata", "sdb:listDomains", "secretsmanager:describeSecret", @@ -27925,6 +37851,14 @@ aws_managed_policies_data = """ "securityhub:listEnabledProductsForImport", "securityhub:listInvitations", "securityhub:listMembers", + "securitylake:getDataLakeExceptionSubscription", + "securitylake:getDataLakeOrganizationConfiguration", + "securitylake:getDataLakeSources", + "securitylake:getSubscriber", + "securitylake:listDataLakeExceptions", + "securitylake:listDataLakes", + "securitylake:listLogSources", + "securitylake:listSubscribers", "serverlessrepo:getApplication", "serverlessrepo:getApplicationPolicy", "serverlessrepo:getCloudFormationTemplate", @@ -27962,13 +37896,17 @@ aws_managed_policies_data = """ "servicequotas:listServiceQuotas", "servicequotas:listServices", "ses:describeActiveReceiptRuleSet", + "ses:describeConfigurationSet", "ses:describeReceiptRule", "ses:describeReceiptRuleSet", "ses:getAccount", + "ses:getAccountSendingEnabled", "ses:getBlacklistReports", "ses:getConfigurationSet", "ses:getConfigurationSetEventDestinations", + "ses:getContactList", "ses:getDedicatedIp", + "ses:getDedicatedIpPool", "ses:getDedicatedIps", "ses:getDeliverabilityDashboardOptions", "ses:getDeliverabilityTestReport", @@ -27980,18 +37918,26 @@ aws_managed_policies_data = """ "ses:getIdentityNotificationAttributes", "ses:getIdentityPolicies", "ses:getIdentityVerificationAttributes", + "ses:getImportJob", "ses:getSendQuota", "ses:getSendStatistics", "ses:listConfigurationSets", + "ses:listContactLists", + "ses:listContacts", + "ses:listCustomVerificationEmailTemplates", "ses:listDedicatedIpPools", "ses:listDeliverabilityTestReports", "ses:listDomainDeliverabilityCampaigns", "ses:listEmailIdentities", + "ses:listEmailTemplates", "ses:listIdentities", "ses:listIdentityPolicies", + "ses:listImportJobs", "ses:listReceiptFilters", "ses:listReceiptRuleSets", + "ses:listRecommendations", "ses:listTagsForResource", + "ses:listTemplates", "ses:listVerifiedEmailAddresses", "shield:describeAttack", "shield:describeProtection", @@ -28008,15 +37954,20 @@ aws_managed_policies_data = """ "snowball:describeJob", "snowball:getSnowballUsage", "snowball:listJobs", + "snowball:listServiceVersions", "sns:checkIfPhoneNumberIsOptedOut", + "sns:getDataProtectionPolicy", "sns:getEndpointAttributes", "sns:getPlatformApplicationAttributes", "sns:getSMSAttributes", + "sns:getSMSSandboxAccountStatus", "sns:getSubscriptionAttributes", "sns:getTopicAttributes", "sns:listEndpointsByPlatformApplication", + "sns:listOriginationNumbers", "sns:listPhoneNumbersOptedOut", "sns:listPlatformApplications", + "sns:listSMSSandboxPhoneNumbers", "sns:listSubscriptions", "sns:listSubscriptionsByTopic", "sns:listTopics", @@ -28028,19 +37979,39 @@ aws_managed_policies_data = """ "ssm-contacts:describePage", "ssm-contacts:getContact", "ssm-contacts:getContactChannel", + "ssm-contacts:getContactPolicy", + "ssm-contacts:getRotation", + "ssm-contacts:getRotationOverride", "ssm-contacts:listContactChannels", "ssm-contacts:listContacts", "ssm-contacts:listEngagements", "ssm-contacts:listPageReceipts", + "ssm-contacts:listPageResolutions", "ssm-contacts:listPagesByContact", "ssm-contacts:listPagesByEngagement", + "ssm-contacts:listPreviewRotationShifts", + "ssm-contacts:listRotationOverrides", + "ssm-contacts:listRotations", + "ssm-contacts:listRotationShifts", "ssm-incidents:getIncidentRecord", "ssm-incidents:getReplicationSet", + "ssm-incidents:getResourcePolicies", "ssm-incidents:getResponsePlan", + "ssm-incidents:getTimelineEvent", "ssm-incidents:listIncidentRecords", + "ssm-incidents:listRelatedItems", "ssm-incidents:listReplicationSets", "ssm-incidents:listResponsePlans", "ssm-incidents:listTimelineEvents", + "ssm-sap:getApplication", + "ssm-sap:getComponent", + "ssm-sap:getDatabase", + "ssm-sap:getOperation", + "ssm-sap:getResourcePermission", + "ssm-sap:listApplications", + "ssm-sap:listComponents", + "ssm-sap:listDatabases", + "ssm-sap:listOperations", "ssm:describeActivations", "ssm:describeAssociation", "ssm:describeAssociationExecutions", @@ -28074,6 +38045,7 @@ aws_managed_policies_data = """ "ssm:describePatchProperties", "ssm:describeSessions", "ssm:getAutomationExecution", + "ssm:getCalendarState", "ssm:getCommandInvocation", "ssm:getConnectionStatus", "ssm:getDefaultPatchBaseline", @@ -28085,8 +38057,11 @@ aws_managed_policies_data = """ "ssm:getMaintenanceWindowExecutionTaskInvocation", "ssm:getMaintenanceWindowTask", "ssm:getOpsItem", + "ssm:getOpsMetadata", + "ssm:getOpsSummary", "ssm:getPatchBaseline", "ssm:getPatchBaselineForPatchGroup", + "ssm:getResourcePolicies", "ssm:getServiceSetting", "ssm:listAssociations", "ssm:listAssociationVersions", @@ -28095,19 +38070,52 @@ aws_managed_policies_data = """ "ssm:listComplianceItems", "ssm:listComplianceSummaries", "ssm:listDocuments", + "ssm:listDocumentMetadataHistory", "ssm:listDocumentVersions", "ssm:listOpsItemEvents", + "ssm:listOpsItemRelatedItems", + "ssm:listOpsMetadata", "ssm:listResourceComplianceSummaries", "ssm:listResourceDataSync", "ssm:listTagsForResource", + "sso:describeApplicationAssignment", + "sso:describeApplicationProvider", + "sso:describeApplication", + "sso:describeInstance", + "sso:describeTrustedTokenIssuer", + "sso:getApplicationAccessScope", + "sso:getApplicationAssignmentConfiguration", + "sso:getApplicationAuthenticationMethod", + "sso:getApplicationGrant", + "sso:getApplicationInstance", + "sso:getApplicationTemplate", + "sso:getManagedApplicationInstance", + "sso:getSharedSsoConfiguration", + "sso:listApplicationAccessScopes", + "sso:listApplicationAssignments", + "sso:listApplicationAuthenticationMethods", + "sso:listApplicationGrants", + "sso:listApplicationInstances", + "sso:listApplicationProviders", + "sso:listApplications", + "sso:listApplicationTemplates", + "sso:listDirectoryAssociations", + "sso:listInstances", + "sso:listProfileAssociations", + "sso:listTrustedTokenIssuers", "states:describeActivity", "states:describeExecution", + "states:describeMapRun", "states:describeStateMachine", + "states:describeStateMachineAlias", "states:describeStateMachineForExecution", "states:getExecutionHistory", "states:listActivities", "states:listExecutions", + "states:listMapRuns", + "states:listStateMachineAliases", "states:listStateMachines", + "states:listStateMachineVersions", "storagegateway:describeBandwidthRateLimit", "storagegateway:describeCache", "storagegateway:describeCachediSCSIVolumes", @@ -28154,40 +38162,134 @@ aws_managed_policies_data = """ "synthetics:describeRuntimeVersions", "synthetics:getCanary", "synthetics:getCanaryRuns", + "synthetics:getGroup", + "synthetics:listAssociatedGroups", + "synthetics:listGroupResources", + "synthetics:listGroups", + "tiros:createQuery", + "tiros:getQueryAnswer", + "tiros:getQueryExplanation", + "transcribe:describeLanguageModel", + "transcribe:getCallAnalyticsCategory", + "transcribe:getCallAnalyticsJob", + "transcribe:getMedicalTranscriptionJob", + "transcribe:getMedicalVocabulary", + "transcribe:getTranscriptionJob", + "transcribe:getVocabulary", + "transcribe:getVocabularyFilter", + "transcribe:listCallAnalyticsCategories", + "transcribe:listCallAnalyticsJobs", + "transcribe:listLanguageModels", + "transcribe:listMedicalTranscriptionJobs", + "transcribe:listMedicalVocabularies", + "transcribe:listTranscriptionJobs", + "transcribe:listVocabularies", + "transcribe:listVocabularyFilters", + "transfer:describeAccess", + "transfer:describeAgreement", + "transfer:describeConnector", "transfer:describeExecution", + "transfer:describeProfile", "transfer:describeServer", "transfer:describeUser", "transfer:describeWorkflow", + "transfer:listAccesses", + "transfer:listAgreements", + "transfer:listConnectors", "transfer:listExecutions", + "transfer:listHostKeys", + "transfer:listProfiles", "transfer:listServers", "transfer:listTagsForResource", "transfer:listUsers", "transfer:listWorkflows", "transfer:sendWorkflowStepState", + "trustedadvisor:getOrganizationRecommendation", + "trustedadvisor:getRecommendation", + "trustedadvisor:listChecks", + "trustedadvisor:listOrganizationRecommendationAccounts", + "trustedadvisor:listOrganizationRecommendationResources", + "trustedadvisor:listOrganizationRecommendations", + "trustedadvisor:listRecommendationResources", + "trustedadvisor:listRecommendations", + "verifiedpermissions:getIdentitySource", + "verifiedpermissions:getPolicy", + "verifiedpermissions:getPolicyStore", + "verifiedpermissions:getPolicyTemplate", + "verifiedpermissions:getSchema", + "verifiedpermissions:listIdentitySources", + "verifiedpermissions:listPolicies", + "verifiedpermissions:listPolicyStores", + "verifiedpermissions:listPolicyTemplates", + "vpc-lattice:getAccessLogSubscription", + "vpc-lattice:getAuthPolicy", + "vpc-lattice:getListener", + "vpc-lattice:getResourcePolicy", + "vpc-lattice:getRule", + "vpc-lattice:getService", + "vpc-lattice:getServiceNetwork", + "vpc-lattice:getServiceNetworkServiceAssociation", + "vpc-lattice:getServiceNetworkVpcAssociation", + "vpc-lattice:getTargetGroup", + "vpc-lattice:listAccessLogSubscriptions", + "vpc-lattice:listListeners", + "vpc-lattice:listRules", + "vpc-lattice:listServiceNetworks", + "vpc-lattice:listServiceNetworkServiceAssociations", + "vpc-lattice:listServiceNetworkVpcAssociations", + "vpc-lattice:listServices", + "vpc-lattice:listTargetGroups", + "vpc-lattice:listTargets", "waf-regional:getByteMatchSet", "waf-regional:getChangeTokenStatus", + "waf-regional:getGeoMatchSet", "waf-regional:getIPSet", + "waf-regional:getLoggingConfiguration", + "waf-regional:getRateBasedRule", + "waf-regional:getRegexMatchSet", + "waf-regional:getRegexPatternSet", "waf-regional:getRule", + "waf-regional:getRuleGroup", "waf-regional:getSqlInjectionMatchSet", "waf-regional:getWebACL", "waf-regional:getWebACLForResource", + "waf-regional:listActivatedRulesInRuleGroup", "waf-regional:listByteMatchSets", + "waf-regional:listGeoMatchSets", "waf-regional:listIPSets", + "waf-regional:listLoggingConfigurations", + "waf-regional:listRateBasedRules", + "waf-regional:listRegexMatchSets", + "waf-regional:listRegexPatternSets", "waf-regional:listResourcesForWebACL", + "waf-regional:listRuleGroups", "waf-regional:listRules", "waf-regional:listSqlInjectionMatchSets", "waf-regional:listWebACLs", "waf:getByteMatchSet", "waf:getChangeTokenStatus", + "waf:getGeoMatchSet", "waf:getIPSet", + "waf:getLoggingConfiguration", + "waf:getRateBasedRule", + "waf:getRegexMatchSet", + "waf:getRegexPatternSet", "waf:getRule", + "waf:getRuleGroup", "waf:getSampledRequests", "waf:getSizeConstraintSet", "waf:getSqlInjectionMatchSet", "waf:getWebACL", "waf:getXssMatchSet", + "waf:listActivatedRulesInRuleGroup", "waf:listByteMatchSets", + "waf:listGeoMatchSets", "waf:listIPSets", + "waf:listLoggingConfigurations", + "waf:listRateBasedRules", + "waf:listRegexMatchSets", + "waf:listRegexPatternSets", + "waf:listRuleGroups", "waf:listRules", "waf:listSizeConstraintSets", "waf:listSqlInjectionMatchSets", @@ -28255,24 +38357,27 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AWSSupportActions" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-24T16:27:09+00:00" + "UpdateDate":"2024-01-17T22:28:08+00:00" }, "AWSSystemsManagerAccountDiscoveryServicePolicy":{ "CreateDate":"2019-10-24T17:21:05+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:ListRoots", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", @@ -28288,7 +38393,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-05-27T18:04:51+00:00" + "UpdateDate":"2022-10-17T20:25:02+00:00" }, "AWSSystemsManagerChangeManagementServicePolicy":{ "CreateDate":"2020-12-07T22:21:57+00:00", @@ -28365,9 +38470,62 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-07T22:21:57+00:00" }, + "AWSSystemsManagerForSAPFullAccess":{ + "CreateDate":"2022-11-17T02:11:09+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm-sap:*" + ], + "Effect":"Allow", + "Resource":"arn:*:ssm-sap:*:*:*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"ssm-sap.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/ssm-sap.amazonaws.com/AWSServiceRoleForAWSSSMForSAP" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-18T21:58:54+00:00" + }, + "AWSSystemsManagerForSAPReadOnlyAccess":{ + "CreateDate":"2022-11-17T02:11:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm-sap:get*", + "ssm-sap:list*" + ], + "Effect":"Allow", + "Resource":"arn:*:ssm-sap:*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-17T02:11:44+00:00" + }, "AWSSystemsManagerOpsDataSyncServiceRolePolicy":{ "CreateDate":"2021-04-26T20:42:39+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -28421,32 +38579,113 @@ aws_managed_policies_data = """ { "Action":"securityhub:BatchUpdateFindings", "Condition":{ - "Null":{ - "securityhub:ASFFSyntaxPath/Confidence":false, - "securityhub:ASFFSyntaxPath/Criticality":false, - "securityhub:ASFFSyntaxPath/Note":false, - "securityhub:ASFFSyntaxPath/RelatedFindings":false, - "securityhub:ASFFSyntaxPath/Types":false, - "securityhub:ASFFSyntaxPath/UserDefinedFields":false, - "securityhub:ASFFSyntaxPath/VerificationState":false - }, "StringEquals":{ "securityhub:ASFFSyntaxPath/Workflow.Status":"SUPPRESSED" } }, "Effect":"Deny", "Resource":"*" + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/Confidence":false + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/Criticality":false + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/Note.Text":false + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/Note.UpdatedBy":false + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/RelatedFindings":false + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/Types":false + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/UserDefinedFields.key":false + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/UserDefinedFields.value":false + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/VerificationState":false + } + }, + "Effect":"Deny", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-04-26T20:42:39+00:00" + "UpdateDate":"2023-06-28T22:53:43+00:00" }, "AWSThinkboxAWSPortalAdminPolicy":{ "CreateDate":"2020-05-27T19:41:02+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -28719,6 +38958,24 @@ aws_managed_policies_data = """ "arn:aws:s3::*:logs-for-stack*" ] }, + { + "Action":[ + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3::*:logs-for-aws-portal-cache*" + ] + }, + { + "Action":[ + "s3:PutBucketOwnershipControls" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3::*:logs-for-stack*" + ] + }, { "Action":[ "s3:ListAllMyBuckets" @@ -28755,7 +39012,8 @@ aws_managed_policies_data = """ { "Action":[ "cloudformation:EstimateTemplateCost", - "cloudformation:DescribeStacks" + "cloudformation:DescribeStacks", + "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*" @@ -28825,7 +39083,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-08-20T17:16:03+00:00" + "UpdateDate":"2023-04-18T18:24:02+00:00" }, "AWSThinkboxAWSPortalGatewayPolicy":{ "CreateDate":"2020-05-27T19:05:00+00:00", @@ -29692,9 +39950,131 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-27T17:54:51+00:00" }, + "AWSTrustedAdvisorPriorityFullAccess":{ + "CreateDate":"2022-08-16T16:08:24+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "trustedadvisor:DescribeAccount*", + "trustedadvisor:DescribeOrganization", + "trustedadvisor:DescribeRisk*", + "trustedadvisor:DownloadRisk", + "trustedadvisor:UpdateRiskStatus", + "trustedadvisor:DescribeNotificationConfigurations", + "trustedadvisor:UpdateNotificationConfigurations", + "trustedadvisor:DeleteNotificationConfigurationForDelegatedAdmin", + "trustedadvisor:SetOrganizationAccess" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:ListDelegatedAdministrators", + "organizations:EnableAWSServiceAccess", + "organizations:DisableAWSServiceAccess" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "reporting.trustedadvisor.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"reporting.trustedadvisor.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/reporting.trustedadvisor.amazonaws.com/AWSServiceRoleForTrustedAdvisorReporting" + }, + { + "Action":[ + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "reporting.trustedadvisor.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:organizations::*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-08-16T16:08:24+00:00" + }, + "AWSTrustedAdvisorPriorityReadOnlyAccess":{ + "CreateDate":"2022-08-16T16:35:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "trustedadvisor:DescribeAccount*", + "trustedadvisor:DescribeOrganization", + "trustedadvisor:DescribeRisk*", + "trustedadvisor:DownloadRisk", + "trustedadvisor:DescribeNotificationConfigurations" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:ListDelegatedAdministrators" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "reporting.trustedadvisor.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-08-16T16:35:12+00:00" + }, "AWSTrustedAdvisorReportingServiceRolePolicy":{ "CreateDate":"2019-11-19T17:41:13+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -29703,6 +40083,7 @@ aws_managed_policies_data = """ "organizations:ListAWSServiceAccessForOrganization", "organizations:ListAccounts", "organizations:ListAccountsForParent", + "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListChildren", "organizations:ListParents", @@ -29717,11 +40098,11 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-09-11T21:36:48+00:00" + "UpdateDate":"2023-02-28T23:23:45+00:00" }, "AWSTrustedAdvisorServiceRolePolicy":{ "CreateDate":"2018-02-22T21:24:25+00:00", - "DefaultVersionId":"v9", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { @@ -29729,12 +40110,15 @@ aws_managed_policies_data = """ "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", + "ce:GetReservationPurchaseRecommendation", + "ce:GetSavingsPlansPurchaseRecommendation", "cloudformation:DescribeAccountLimits", "cloudformation:DescribeStacks", "cloudformation:ListStacks", "cloudfront:ListDistributions", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", + "cloudwatch:GetMetricStatistics", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", @@ -29746,11 +40130,15 @@ aws_managed_policies_data = """ "ec2:DescribeImages", "ec2:DescribeVolumes", "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeRegions", "ec2:DescribeReservedInstancesOfferings", "ec2:DescribeSnapshots", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DescribeLaunchTemplateVersions", + "ecs:DescribeTaskDefinition", + "ecs:ListTaskDefinitions", "elasticloadbalancing:DescribeAccountLimits", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancerAttributes", @@ -29765,6 +40153,8 @@ aws_managed_policies_data = """ "iam:GetServerCertificate", "iam:ListServerCertificates", "kinesis:DescribeLimits", + "kafka:ListClustersV2", + "kafka:ListNodes", "rds:DescribeAccountAttributes", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", @@ -29792,6 +40182,8 @@ aws_managed_policies_data = """ "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListResourceRecordSets", + "route53resolver:ListResolverEndpoints", + "route53resolver:ListResolverEndpointIpAddresses", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketPolicy", @@ -29800,15 +40192,50 @@ aws_managed_policies_data = """ "s3:GetBucketLogging", "s3:GetBucketVersioning", "s3:GetBucketPublicAccessBlock", + "s3:GetLifecycleConfiguration", "s3:ListBucket", "s3:ListAllMyBuckets", "ses:GetSendQuota", - "sqs:ListQueues", - "cloudwatch:GetMetricStatistics", - "ce:GetReservationPurchaseRecommendation", - "ce:GetSavingsPlansPurchaseRecommendation" + "sqs:ListQueues" ], "Effect":"Allow", + "Resource":"*", + "Sid":"TrustedAdvisorServiceRolePermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-10T00:18:42+00:00" + }, + "AWSUserNotificationsServiceLinkedRolePolicy":{ + "CreateDate":"2023-04-19T13:28:34+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "events:DescribeRule", + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:ListTargetsByRule", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/AWSUserNotificationsManagedRule-*" + ] + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/Notifications" + } + }, + "Effect":"Allow", "Resource":"*" } ], @@ -29816,7 +40243,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-08-10T22:41:30+00:00" + "UpdateDate":"2023-04-19T13:28:34+00:00" }, "AWSVPCS2SVpnServiceRolePolicy":{ "CreateDate":"2019-08-06T14:13:58+00:00", @@ -29867,9 +40294,80 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-15T16:31:44+00:00" }, + "AWSVPCVerifiedAccessServiceRolePolicy":{ + "CreateDate":"2022-11-29T03:35:11+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/VerifiedAccessManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"VerifiedAccessRoleModifyTaggedNetworkInterfaceActions" + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"VerifiedAccessRoleModifyNetworkInterfaceActions" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"VerifiedAccessRoleNetworkInterfaceActions" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/VerifiedAccessManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"VerifiedAccessRoleTaggedNetworkInterfaceActions" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"VerifiedAccessRoleTaggingActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-17T21:03:13+00:00" + }, "AWSVendorInsightsAssessorFullAccess":{ "CreateDate":"2022-07-26T15:05:40+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -29889,6 +40387,7 @@ aws_managed_policies_data = """ "aws-marketplace:AcceptAgreementRequest", "aws-marketplace:CancelAgreementRequest", "aws-marketplace:ListAgreementRequests", + "aws-marketplace:SearchAgreements", "aws-marketplace:CancelAgreement" ], "Condition":{ @@ -29898,17 +40397,27 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "artifact:GetReport", + "artifact:GetReportMetadata", + "artifact:GetTermForReport", + "artifact:ListReports" + ], + "Effect":"Allow", + "Resource":"arn:aws:artifact:*::report/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-26T15:05:40+00:00" + "UpdateDate":"2022-12-01T00:51:44+00:00" }, "AWSVendorInsightsAssessorReadOnly":{ "CreateDate":"2022-07-26T15:05:56+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -29919,17 +40428,27 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "artifact:GetReport", + "artifact:GetReportMetadata", + "artifact:GetTermForReport", + "artifact:ListReports" + ], + "Effect":"Allow", + "Resource":"arn:aws:artifact:*::report/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-26T15:05:56+00:00" + "UpdateDate":"2022-12-01T00:55:16+00:00" }, "AWSVendorInsightsVendorFullAccess":{ "CreateDate":"2022-07-26T15:05:27+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -29945,6 +40464,7 @@ aws_managed_policies_data = """ { "Action":[ "vendor-insights:CreateDataSource", + "vendor-insights:UpdateDataSource", "vendor-insights:DeleteDataSource", "vendor-insights:GetDataSource", "vendor-insights:ListDataSources", @@ -29956,8 +40476,13 @@ aws_managed_policies_data = """ "vendor-insights:UpdateSecurityProfile", "vendor-insights:ActivateSecurityProfile", "vendor-insights:DeactivateSecurityProfile", + "vendor-insights:UpdateSecurityProfileSnapshotCreationConfiguration", + "vendor-insights:UpdateSecurityProfileSnapshotReleaseConfiguration", + "vendor-insights:ListSecurityProfileSnapshots", "vendor-insights:GetSecurityProfileSnapshot", - "vendor-insights:ListSecurityProfileSnapshots" + "vendor-insights:TagResource", + "vendor-insights:UntagResource", + "vendor-insights:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" @@ -29967,7 +40492,9 @@ aws_managed_policies_data = """ "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:GetAgreementApprovalRequest", - "aws-marketplace:ListAgreementApprovalRequests" + "aws-marketplace:ListAgreementApprovalRequests", + "aws-marketplace:CancelAgreement", + "aws-marketplace:SearchAgreements" ], "Condition":{ "ForAnyValue:StringEquals":{ @@ -29976,17 +40503,27 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "artifact:GetReport", + "artifact:GetReportMetadata", + "artifact:GetTermForReport", + "artifact:ListReports" + ], + "Effect":"Allow", + "Resource":"arn:aws:artifact:*::report/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-26T15:05:27+00:00" + "UpdateDate":"2023-10-19T01:41:01+00:00" }, "AWSVendorInsightsVendorReadOnly":{ "CreateDate":"2022-07-26T15:05:34+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -30006,21 +40543,54 @@ aws_managed_policies_data = """ "vendor-insights:ListSecurityProfiles", "vendor-insights:GetSecurityProfile", "vendor-insights:GetSecurityProfileSnapshot", - "vendor-insights:ListSecurityProfileSnapshots" + "vendor-insights:ListSecurityProfileSnapshots", + "vendor-insights:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "artifact:GetReport", + "artifact:GetReportMetadata", + "artifact:GetTermForReport", + "artifact:ListReports" + ], + "Effect":"Allow", + "Resource":"arn:aws:artifact:*::report/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-26T15:05:34+00:00" + "UpdateDate":"2022-12-01T00:54:38+00:00" + }, + "AWSVpcLatticeServiceRolePolicy":{ + "CreateDate":"2022-11-30T20:47:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/VpcLattice" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-30T20:47:10+00:00" }, "AWSWAFConsoleFullAccess":{ "CreateDate":"2020-04-06T18:38:38+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -30043,7 +40613,22 @@ aws_managed_policies_data = """ "wafv2:*", "s3:ListAllMyBuckets", "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups" + "logs:DescribeLogGroups", + "cognito-idp:ListUserPools", + "cognito-idp:AssociateWebACL", + "cognito-idp:DisassociateWebACL", + "cognito-idp:ListResourcesForWebACL", + "cognito-idp:GetWebACLForResource", + "apprunner:AssociateWebAcl", + "apprunner:DisassociateWebAcl", + "apprunner:DescribeWebAclForService", + "apprunner:ListServices", + "apprunner:ListAssociatedServicesForWebAcl", + "ec2:AssociateVerifiedAccessInstanceWebAcl", + "ec2:DisassociateVerifiedAccessInstanceWebAcl", + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", + "ec2:GetVerifiedAccessInstanceWebAcl", + "ec2:DescribeVerifiedAccessInstances" ], "Effect":"Allow", "Resource":"*", @@ -30089,11 +40674,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-01-11T19:34:04+00:00" + "UpdateDate":"2023-06-05T20:56:03+00:00" }, "AWSWAFConsoleReadOnlyAccess":{ "CreateDate":"2020-04-06T18:43:24+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -30114,7 +40699,16 @@ aws_managed_policies_data = """ "wafv2:Describe*", "wafv2:Get*", "wafv2:List*", - "wafv2:CheckCapacity" + "wafv2:CheckCapacity", + "cognito-idp:ListUserPools", + "cognito-idp:ListResourcesForWebACL", + "cognito-idp:GetWebACLForResource", + "apprunner:DescribeWebAclForService", + "apprunner:ListServices", + "apprunner:ListAssociatedServicesForWebAcl", + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", + "ec2:GetVerifiedAccessInstanceWebAcl", + "ec2:DescribeVerifiedAccessInstances" ], "Effect":"Allow", "Resource":"*" @@ -30124,11 +40718,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-10-01T20:13:54+00:00" + "UpdateDate":"2023-06-05T20:56:51+00:00" }, "AWSWAFFullAccess":{ "CreateDate":"2015-10-06T20:44:00+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { @@ -30140,7 +40734,20 @@ aws_managed_policies_data = """ "apigateway:SetWebACL", "appsync:SetWebACL", "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups" + "logs:DescribeLogGroups", + "cognito-idp:AssociateWebACL", + "cognito-idp:DisassociateWebACL", + "cognito-idp:ListResourcesForWebACL", + "cognito-idp:GetWebACLForResource", + "apprunner:AssociateWebAcl", + "apprunner:DisassociateWebAcl", + "apprunner:DescribeWebAclForService", + "apprunner:ListServices", + "apprunner:ListAssociatedServicesForWebAcl", + "ec2:AssociateVerifiedAccessInstanceWebAcl", + "ec2:DisassociateVerifiedAccessInstanceWebAcl", + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", + "ec2:GetVerifiedAccessInstanceWebAcl" ], "Effect":"Allow", "Resource":"*", @@ -30186,11 +40793,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-01-11T19:33:38+00:00" + "UpdateDate":"2023-06-05T20:55:25+00:00" }, "AWSWAFReadOnlyAccess":{ "CreateDate":"2015-10-06T20:43:45+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -30202,7 +40809,14 @@ aws_managed_policies_data = """ "wafv2:Get*", "wafv2:List*", "wafv2:Describe*", - "wafv2:CheckCapacity" + "wafv2:CheckCapacity", + "cognito-idp:ListResourcesForWebACL", + "cognito-idp:GetWebACLForResource", + "apprunner:DescribeWebAclForService", + "apprunner:ListServices", + "apprunner:ListAssociatedServicesForWebAcl", + "ec2:DescribeVerifiedAccessInstanceWebAclAssociations", + "ec2:GetVerifiedAccessInstanceWebAcl" ], "Effect":"Allow", "Resource":"*" @@ -30212,7 +40826,73 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-06-22T22:38:54+00:00" + "UpdateDate":"2023-06-05T20:55:48+00:00" + }, + "AWSWellArchitectedDiscoveryServiceRolePolicy":{ + "CreateDate":"2023-04-26T18:36:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "trustedadvisor:DescribeChecks", + "trustedadvisor:DescribeCheckItems" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "resource-groups:ListGroupResources", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "servicecatalog:ListAssociatedResources", + "servicecatalog:GetApplication", + "servicecatalog:CreateAttributeGroup" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "servicecatalog:AssociateAttributeGroup", + "servicecatalog:DisassociateAttributeGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:servicecatalog:*:*:/applications/*", + "arn:*:servicecatalog:*:*:/attribute-groups/AWS_WellArchitected-*" + ] + }, + { + "Action":[ + "servicecatalog:UpdateAttributeGroup", + "servicecatalog:DeleteAttributeGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:servicecatalog:*:*:/attribute-groups/AWS_WellArchitected-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-26T18:36:40+00:00" }, "AWSWellArchitectedOrganizationsServiceRolePolicy":{ "CreateDate":"2022-06-23T17:15:26+00:00", @@ -30240,6 +40920,23 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-25T18:03:31+00:00" }, + "AWSWickrFullAccess":{ + "CreateDate":"2022-11-27T20:36:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"wickr:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-27T20:36:44+00:00" + }, "AWSXRayDaemonWriteAccess":{ "CreateDate":"2018-08-28T23:00:33+00:00", "DefaultVersionId":"v1", @@ -30265,6 +40962,46 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-08-28T23:00:33+00:00" }, + "AWSXrayCrossAccountSharingConfiguration":{ + "CreateDate":"2022-11-27T13:46:35+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "xray:Link", + "oam:ListLinks" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "oam:DeleteLink", + "oam:GetLink", + "oam:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:oam:*:*:link/*" + }, + { + "Action":[ + "oam:CreateLink", + "oam:UpdateLink" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:oam:*:*:link/*", + "arn:aws:oam:*:*:sink/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-27T13:46:35+00:00" + }, "AWSXrayFullAccess":{ "CreateDate":"2016-12-01T18:30:55+00:00", "DefaultVersionId":"v1", @@ -30288,7 +41025,7 @@ aws_managed_policies_data = """ }, "AWSXrayReadOnlyAccess":{ "CreateDate":"2016-12-01T18:27:02+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -30297,12 +41034,15 @@ aws_managed_policies_data = """ "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries", "xray:BatchGetTraces", + "xray:BatchGetTraceSummaryById", + "xray:GetDistinctTraceGraphs", "xray:GetServiceGraph", "xray:GetTraceGraph", "xray:GetTraceSummaries", "xray:GetGroups", "xray:GetGroup", "xray:ListTagsForResource", + "xray:ListResourcePolicies", "xray:GetTimeSeriesServiceStatistics", "xray:GetInsightSummaries", "xray:GetInsight", @@ -30319,7 +41059,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-09-03T22:19:40+00:00" + "UpdateDate":"2022-11-15T23:13:57+00:00" }, "AWSXrayWriteOnlyAccess":{ "CreateDate":"2016-12-01T18:19:53+00:00", @@ -30346,9 +41086,41 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-08-28T23:03:04+00:00" }, + "AWSZonalAutoshiftPracticeRunSLRPolicy":{ + "CreateDate":"2023-11-29T17:34:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarms", + "health:DescribeEvents" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"MonitoringPermissions" + }, + { + "Action":[ + "arc-zonal-shift:CancelZonalShift", + "arc-zonal-shift:GetManagedResource", + "arc-zonal-shift:StartZonalShift", + "arc-zonal-shift:UpdateZonalShift" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ZonalShiftManagementPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-29T17:34:54+00:00" + }, "AWS_ConfigRole":{ "CreateDate":"2020-09-15T20:30:30+00:00", - "DefaultVersionId":"v14", + "DefaultVersionId":"v29", "Document":{ "Statement":[ { @@ -30359,38 +41131,110 @@ aws_managed_policies_data = """ "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "account:GetAlternateContact", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:ListCertificateAuthorities", + "acm-pca:ListTags", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", - "amplifyuibuilder:GetTheme", + "airflow:GetEnvironment", + "airflow:ListEnvironments", + "airflow:ListTagsForResource", + "amplify:GetApp", + "amplify:GetBranch", + "amplify:ListApps", + "amplify:ListBranches", "amplifyuibuilder:ExportThemes", + "amplifyuibuilder:GetTheme", + "amplifyuibuilder:ListThemes", "apigateway:GET", + "app-integrations:GetEventIntegration", + "app-integrations:ListEventIntegrationAssociations", + "app-integrations:ListEventIntegrations", "appconfig:GetApplication", "appconfig:GetConfigurationProfile", "appconfig:GetDeployment", "appconfig:GetDeploymentStrategy", "appconfig:GetEnvironment", + "appconfig:GetExtensionAssociation", "appconfig:GetHostedConfigurationVersion", + "appconfig:ListApplications", + "appconfig:ListConfigurationProfiles", + "appconfig:ListDeployments", + "appconfig:ListDeploymentStrategies", + "appconfig:ListEnvironments", + "appconfig:ListExtensionAssociations", + "appconfig:ListHostedConfigurationVersions", "appconfig:ListTagsForResource", + "appflow:DescribeConnectorProfiles", + "appflow:DescribeFlow", + "appflow:ListFlows", + "appflow:ListTagsForResource", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", + "appmesh:DescribeGatewayRoute", + "appmesh:DescribeMesh", + "appmesh:DescribeRoute", + "appmesh:DescribeVirtualGateway", + "appmesh:DescribeVirtualNode", + "appmesh:DescribeVirtualRouter", + "appmesh:DescribeVirtualService", + "appmesh:ListGatewayRoutes", + "appmesh:ListMeshes", + "appmesh:ListRoutes", + "appmesh:ListTagsForResource", + "appmesh:ListVirtualGateways", + "appmesh:ListVirtualNodes", + "appmesh:ListVirtualRouters", + "appmesh:ListVirtualServices", + "apprunner:DescribeService", + "apprunner:DescribeVpcConnector", + "apprunner:ListServices", + "apprunner:ListTagsForResource", + "apprunner:ListVpcConnectors", + "appstream:DescribeApplications", + "appstream:DescribeDirectoryConfigs", + "appstream:DescribeFleets", + "appstream:DescribeStacks", + "appstream:ListTagsForResource", + "appsync:GetApiCache", "appsync:GetGraphqlApi", "appsync:ListGraphqlApis", + "aps:DescribeLoggingConfiguration", + "APS:DescribeRuleGroupsNamespace", + "APS:DescribeWorkspace", + "aps:ListRuleGroupsNamespaces", + "aps:ListTagsForResource", + "APS:ListWorkspaces", "athena:GetDataCatalog", + "athena:GetPreparedStatement", "athena:GetWorkGroup", "athena:ListDataCatalogs", + "athena:ListPreparedStatements", "athena:ListTagsForResource", "athena:ListWorkGroups", + "auditmanager:GetAccountStatus", + "auditmanager:GetAssessment", + "auditmanager:ListAssessments", + "autoscaling-plans:DescribeScalingPlanResources", + "autoscaling-plans:DescribeScalingPlans", + "autoscaling-plans:GetScalingPlanResourceForecastData", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", + "autoscaling:DescribeWarmPool", "backup-gateway:ListTagsForResource", "backup-gateway:ListVirtualMachines", "backup:DescribeBackupVault", + "backup:DescribeFramework", + "backup:DescribeProtectedResource", "backup:DescribeRecoveryPoint", + "backup:DescribeReportPlan", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", @@ -30398,23 +41242,46 @@ aws_managed_policies_data = """ "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", + "backup:ListFrameworks", "backup:ListRecoveryPointsByBackupVault", + "backup:ListReportPlans", "backup:ListTags", "batch:DescribeComputeEnvironments", "batch:DescribeJobQueues", + "batch:DescribeSchedulingPolicies", + "batch:ListSchedulingPolicies", "batch:ListTagsForResource", - "billingconductor:ListBillingGroups", "billingconductor:ListAccountAssociations", - "billingconductor:ListTagsForResource", - "billingconductor:ListPricingRules", + "billingconductor:ListBillingGroups", "billingconductor:ListCustomLineItems", "billingconductor:ListPricingPlans", + "billingconductor:ListPricingRules", "billingconductor:ListPricingRulesAssociatedToPricingPlan", + "billingconductor:ListTagsForResource", + "budgets:DescribeBudgetAction", + "budgets:DescribeBudgetActionsForAccount", + "budgets:DescribeBudgetActionsForBudget", + "budgets:ViewBudget", + "cassandra:Select", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "cloud9:DescribeEnvironmentMemberships", + "cloud9:DescribeEnvironments", + "cloud9:ListEnvironments", + "cloud9:ListTagsForResource", "cloudformation:DescribeType", "cloudformation:GetResource", "cloudformation:ListResources", + "cloudformation:ListStackResources", + "cloudformation:ListStacks", "cloudformation:ListTypes", + "cloudfront:GetFunction", + "cloudfront:GetOriginAccessControl", + "cloudfront:GetResponseHeadersPolicy", "cloudfront:ListDistributions", + "cloudfront:ListFunctions", + "cloudfront:ListOriginAccessControls", + "cloudfront:ListResponseHeadersPolicies", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudtrail:GetEventDataStore", @@ -30422,27 +41289,111 @@ aws_managed_policies_data = """ "cloudtrail:GetTrailStatus", "cloudtrail:ListEventDataStores", "cloudtrail:ListTags", + "cloudtrail:ListTrails", "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAnomalyDetectors", + "cloudwatch:GetDashboard", + "cloudwatch:GetMetricStream", + "cloudwatch:ListDashboards", + "cloudwatch:ListMetricStreams", + "cloudwatch:ListTagsForResource", + "codeartifact:DescribeRepository", + "codeartifact:GetRepositoryPermissionsPolicy", + "codeartifact:ListDomains", + "codeartifact:ListPackages", + "codeartifact:ListPackageVersions", + "codeartifact:ListRepositories", + "codeartifact:ListTagsForResource", + "codebuild:BatchGetReportGroups", + "codebuild:ListReportGroups", + "codecommit:GetRepository", + "codecommit:GetRepositoryTriggers", + "codecommit:ListRepositories", + "codecommit:ListTagsForResource", "codedeploy:GetDeploymentConfig", + "codeguru-profiler:DescribeProfilingGroup", + "codeguru-profiler:GetNotificationConfiguration", + "codeguru-profiler:GetPolicy", + "codeguru-profiler:ListProfilingGroups", + "codeguru-reviewer:DescribeRepositoryAssociation", + "codeguru-reviewer:ListRepositoryAssociations", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:ListIdentityPools", + "cognito-identity:ListTagsForResource", + "cognito-idp:DescribeIdentityProvider", + "cognito-idp:DescribeResourceServer", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:DescribeUserPoolDomain", + "cognito-idp:GetGroup", + "cognito-idp:GetUserPoolMfaConfig", + "cognito-idp:ListGroups", + "cognito-idp:ListIdentityProviders", + "cognito-idp:ListResourceServers", + "cognito-idp:ListUserPoolClients", + "cognito-idp:ListUserPools", + "cognito-idp:ListTagsForResource", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", + "connect:DescribeEvaluationForm", + "connect:DescribeInstance", + "connect:DescribeInstanceStorageConfig", + "connect:DescribePhoneNumber", + "connect:DescribePrompt", + "connect:DescribeQuickConnect", + "connect:DescribeRule", + "connect:DescribeUser", + "connect:GetTaskTemplate", + "connect:ListApprovedOrigins", + "connect:ListEvaluationForms", + "connect:ListInstanceAttributes", + "connect:ListInstances", + "connect:ListInstanceStorageConfigs", + "connect:ListIntegrationAssociations", + "connect:ListPhoneNumbers", + "connect:ListPhoneNumbersV2", + "connect:ListPrompts", + "connect:ListQuickConnects", + "connect:ListRules", + "connect:ListSecurityKeys", + "connect:ListTagsForResource", + "connect:ListTaskTemplates", + "connect:ListUsers", + "connect:SearchAvailablePhoneNumbers", + "databrew:DescribeDataset", + "databrew:DescribeJob", + "databrew:DescribeProject", + "databrew:DescribeRecipe", + "databrew:DescribeRuleset", + "databrew:DescribeSchedule", + "databrew:ListDatasets", + "databrew:ListJobs", + "databrew:ListProjects", + "databrew:ListRecipes", + "databrew:ListRecipeVersions", + "databrew:ListRulesets", + "databrew:ListSchedules", "datasync:DescribeAgent", "datasync:DescribeLocationEfs", "datasync:DescribeLocationFsxLustre", + "datasync:DescribeLocationFsxWindows", "datasync:DescribeLocationHdfs", "datasync:DescribeLocationNfs", "datasync:DescribeLocationObjectStorage", "datasync:DescribeLocationS3", "datasync:DescribeLocationSmb", "datasync:DescribeTask", + "datasync:ListAgents", + "datasync:ListLocations", "datasync:ListTagsForResource", + "datasync:ListTasks", "dax:DescribeClusters", "dax:DescribeParameterGroups", "dax:DescribeParameters", @@ -30450,17 +41401,36 @@ aws_managed_policies_data = """ "dax:ListTags", "detective:ListGraphs", "detective:ListTagsForResource", + "devicefarm:GetInstanceProfile", + "devicefarm:GetNetworkProfile", + "devicefarm:GetProject", + "devicefarm:GetTestGridProject", + "devicefarm:ListInstanceProfiles", + "devicefarm:ListNetworkProfiles", + "devicefarm:ListProjects", + "devicefarm:ListTagsForResource", + "devicefarm:ListTestGridProjects", + "devops-guru:GetResourceCollection", "dms:DescribeCertificates", + "dms:DescribeEndpoints", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", + "dms:DescribeReplicationTaskAssessmentRuns", "dms:DescribeReplicationTasks", "dms:ListTagsForResource", + "ds:DescribeDirectories", + "ds:DescribeDomainControllers", + "ds:DescribeEventTopics", + "ds:ListLogSubscriptions", + "ds:ListTagsForResource", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", + "dynamodb:DescribeTableReplicaAutoScaling", + "dynamodb:DescribeTimeToLive", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", @@ -30470,14 +41440,26 @@ aws_managed_policies_data = """ "ec2:DescribeFleets", "ec2:DescribeNetworkAcls", "ec2:DescribePlacementGroups", + "ec2:DescribeRouteTables", "ec2:DescribeSpotFleetRequests", + "ec2:DescribeTags", + "ec2:DescribeTrafficMirrorFilters", + "ec2:DescribeTrafficMirrorSessions", + "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeVolumeAttribute", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", + "ec2:GetInstanceTypesFromInstanceRequirements", + "ec2:GetIpamPoolAllocations", + "ec2:GetIpamPoolCidrs", + "ec2:GetManagedPrefixListEntries", + "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", + "ec2:GetNetworkInsightsAccessScopeContent", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", + "ecr:BatchGetRepositoryScanningConfiguration", "ecr:DescribePullThroughCacheRules", "ecr:DescribeRegistry", "ecr:DescribeRepositories", @@ -30485,6 +41467,7 @@ aws_managed_policies_data = """ "ecr:GetRegistryPolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", + "ecs:DescribeCapacityProviders", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", @@ -30494,11 +41477,15 @@ aws_managed_policies_data = """ "ecs:ListTagsForResource", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", + "eks:DescribeAddon", "eks:DescribeCluster", "eks:DescribeFargateProfile", + "eks:DescribeIdentityProviderConfig", "eks:DescribeNodegroup", + "eks:ListAddons", "eks:ListClusters", "eks:ListFargateProfiles", + "eks:ListIdentityProviderConfigs", "eks:ListNodegroups", "eks:ListTagsForResource", "elasticache:DescribeCacheClusters", @@ -30530,14 +41517,22 @@ aws_managed_policies_data = """ "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", + "elasticmapreduce:DescribeStudio", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", + "elasticmapreduce:GetStudioSessionMapping", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", + "elasticmapreduce:ListStudios", + "elasticmapreduce:ListStudioSessionMappings", + "emr-containers:DescribeVirtualCluster", + "emr-containers:ListVirtualClusters", + "emr-serverless:GetApplication", + "emr-serverless:ListApplications", "es:DescribeDomain", "es:DescribeDomains", "es:DescribeElasticsearchDomain", @@ -30546,24 +41541,92 @@ aws_managed_policies_data = """ "es:GetCompatibleVersions", "es:ListDomainNames", "es:ListTags", - "events:DescribeArchive", "events:DescribeApiDestination", + "events:DescribeArchive", + "events:DescribeConnection", + "events:DescribeEndpoint", + "events:DescribeEventBus", + "events:DescribeRule", + "events:ListApiDestinations", + "events:ListArchives", + "events:ListConnections", + "events:ListEndpoints", + "events:ListEventBuses", + "events:ListRules", + "events:ListTagsForResource", + "events:ListTargetsByRule", + "evidently:GetLaunch", + "evidently:GetProject", + "evidently:GetSegment", + "evidently:ListLaunches", + "evidently:ListProjects", + "evidently:ListSegments", + "evidently:ListTagsForResource", + "finspace:GetEnvironment", + "finspace:ListEnvironments", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", - "fms:ListPolicies", - "fms:GetPolicy", - "fms:ListTagsForResource", + "fis:GetExperimentTemplate", + "fis:ListExperimentTemplates", "fms:GetNotificationChannel", + "fms:GetPolicy", + "fms:ListPolicies", + "fms:ListTagsForResource", + "forecast:DescribeDataset", + "forecast:DescribeDatasetGroup", + "forecast:ListDatasetGroups", + "forecast:ListDatasets", + "forecast:ListTagsForResource", + "frauddetector:GetDetectors", + "frauddetector:GetDetectorVersion", + "frauddetector:GetEntityTypes", + "frauddetector:GetEventTypes", + "frauddetector:GetExternalModels", + "frauddetector:GetLabels", + "frauddetector:GetModels", + "frauddetector:GetOutcomes", + "frauddetector:GetRules", + "frauddetector:GetVariables", + "frauddetector:ListTagsForResource", + "fsx:DescribeBackups", "fsx:DescribeFileSystems", + "fsx:DescribeSnapshots", + "fsx:DescribeStorageVirtualMachines", "fsx:DescribeVolumes", "fsx:ListTagsForResource", - "geo:DescribeTracker", - "geo:ListTrackerConsumers", + "gamelift:DescribeAlias", + "gamelift:DescribeBuild", + "gamelift:DescribeFleetAttributes", + "gamelift:DescribeFleetCapacity", + "gamelift:DescribeFleetLocationAttributes", + "gamelift:DescribeFleetLocationCapacity", + "gamelift:DescribeFleetPortSettings", + "gamelift:DescribeGameServerGroup", + "gamelift:DescribeGameSessionQueues", + "gamelift:DescribeMatchmakingConfigurations", + "gamelift:DescribeMatchmakingRuleSets", + "gamelift:DescribeRuntimeConfiguration", + "gamelift:DescribeScript", + "gamelift:DescribeVpcPeeringAuthorizations", + "gamelift:DescribeVpcPeeringConnections", + "gamelift:ListAliases", + "gamelift:ListBuilds", + "gamelift:ListFleets", + "gamelift:ListGameServerGroups", + "gamelift:ListScripts", + "gamelift:ListTagsForResource", "geo:DescribeGeofenceCollection", + "geo:DescribeMap", "geo:DescribePlaceIndex", "geo:DescribeRouteCalculator", - "geo:DescribeMap", + "geo:DescribeTracker", + "geo:ListGeofenceCollections", + "geo:ListMaps", + "geo:ListPlaceIndexes", + "geo:ListRouteCalculators", + "geo:ListTrackerConsumers", + "geo:ListTrackers", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", @@ -30574,25 +41637,51 @@ aws_managed_policies_data = """ "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetWorkflows", + "glue:GetClassifier", + "glue:GetClassifiers", "glue:GetCrawler", "glue:GetCrawlers", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobs", + "glue:GetMLTransform", + "glue:GetMLTransforms", + "glue:GetPartition", + "glue:GetPartitions", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", + "glue:GetTable", "glue:GetTags", "glue:GetWorkflow", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", + "glue:ListMLTransforms", "glue:ListWorkflows", + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:DescribeWorkspaceConfiguration", + "grafana:ListWorkspaces", + "greengrass:DescribeComponent", + "greengrass:GetComponent", + "greengrass:ListComponents", + "greengrass:ListComponentVersions", + "groundstation:GetConfig", + "groundstation:GetDataflowEndpointGroup", + "groundstation:GetMissionProfile", + "groundstation:ListConfigs", + "groundstation:ListDataflowEndpointGroups", + "groundstation:ListMissionProfiles", + "groundstation:ListTagsForResource", + "guardduty:DescribePublishingDestination", + "guardduty:GetAdministratorAccount", "guardduty:GetDetector", "guardduty:GetFilter", "guardduty:GetFindings", "guardduty:GetIPSet", "guardduty:GetMasterAccount", + "guardduty:GetMemberDetectors", "guardduty:GetMembers", "guardduty:GetThreatIntelSet", "guardduty:ListDetectors", @@ -30601,8 +41690,12 @@ aws_managed_policies_data = """ "guardduty:ListIPSets", "guardduty:ListMembers", "guardduty:ListOrganizationAdminAccounts", + "guardduty:ListPublishingDestinations", "guardduty:ListTagsForResource", "guardduty:ListThreatIntelSets", + "healthlake:DescribeFHIRDatastore", + "healthlake:ListFHIRDatastores", + "healthlake:ListTagsForResource", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", @@ -30610,71 +41703,398 @@ aws_managed_policies_data = """ "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", + "iam:GetInstanceProfile", + "iam:GetOpenIDConnectProvider", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", + "iam:GetSAMLProvider", + "iam:GetServerCertificate", "iam:GetUser", "iam:GetUserPolicy", + "iam:ListAccessKeys", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", + "iam:ListGroups", "iam:ListGroupsForUser", + "iam:ListInstanceProfiles", "iam:ListInstanceProfilesForRole", + "iam:ListInstanceProfileTags", + "iam:ListMFADevices", + "iam:ListMFADeviceTags", + "iam:ListOpenIDConnectProviders", "iam:ListPolicyVersions", "iam:ListRolePolicies", + "iam:ListRoles", + "iam:ListSAMLProviders", + "iam:ListServerCertificates", "iam:ListUserPolicies", "iam:ListVirtualMFADevices", "imagebuilder:GetComponent", + "imagebuilder:GetContainerRecipe", "imagebuilder:GetDistributionConfiguration", + "imagebuilder:GetImage", + "imagebuilder:GetImagePipeline", + "imagebuilder:GetImageRecipe", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:ListComponentBuildVersions", "imagebuilder:ListComponents", + "imagebuilder:ListContainerRecipes", "imagebuilder:ListDistributionConfigurations", + "imagebuilder:ListImageBuildVersions", + "imagebuilder:ListImagePipelines", + "imagebuilder:ListImageRecipes", + "imagebuilder:ListImages", "imagebuilder:ListInfrastructureConfigurations", + "inspector2:BatchGetAccountStatus", + "inspector2:GetDelegatedAdminAccount", + "inspector2:ListFilters", + "inspector2:ListMembers", + "iot:DescribeAccountAuditConfiguration", + "iot:DescribeAuthorizer", + "iot:DescribeCACertificate", + "iot:DescribeCertificate", + "iot:DescribeCustomMetric", + "iot:DescribeDimension", + "iot:DescribeDomainConfiguration", + "iot:DescribeFleetMetric", + "iot:DescribeJobTemplate", + "iot:DescribeMitigationAction", + "iot:DescribeProvisioningTemplate", + "iot:DescribeRoleAlias", + "iot:DescribeScheduledAudit", + "iot:DescribeSecurityProfile", + "iot:GetPolicy", + "iot:GetTopicRule", + "iot:GetTopicRuleDestination", + "iot:ListAuthorizers", + "iot:ListCACertificates", + "iot:ListCertificates", + "iot:ListCustomMetrics", + "iot:ListDimensions", + "iot:ListDomainConfigurations", + "iot:ListFleetMetrics", + "iot:ListJobTemplates", + "iot:ListMitigationActions", + "iot:ListPolicies", + "iot:ListProvisioningTemplates", + "iot:ListRoleAliases", + "iot:ListScheduledAudits", + "iot:ListSecurityProfiles", + "iot:ListSecurityProfilesForTarget", + "iot:ListTagsForResource", + "iot:ListTargetsForSecurityProfile", + "iot:ListTopicRuleDestinations", + "iot:ListTopicRules", + "iot:ListV2LoggingLevels", + "iot:ValidateSecurityProfileBehaviors", + "iotanalytics:DescribeChannel", + "iotanalytics:DescribeDataset", + "iotanalytics:DescribeDatastore", + "iotanalytics:DescribePipeline", + "iotanalytics:ListChannels", + "iotanalytics:ListDatasets", + "iotanalytics:ListDatastores", + "iotanalytics:ListPipelines", + "iotanalytics:ListTagsForResource", + "iotevents:DescribeAlarmModel", + "iotevents:DescribeDetectorModel", + "iotevents:DescribeInput", + "iotevents:ListAlarmModels", + "iotevents:ListDetectorModels", + "iotevents:ListInputs", + "iotevents:ListTagsForResource", + "iotsitewise:DescribeAccessPolicy", + "iotsitewise:DescribeAsset", + "iotsitewise:DescribeAssetModel", + "iotsitewise:DescribeDashboard", + "iotsitewise:DescribeGateway", + "iotsitewise:DescribePortal", + "iotsitewise:DescribeProject", + "iotsitewise:ListAccessPolicies", + "iotsitewise:ListAssetModels", + "iotsitewise:ListAssets", + "iotsitewise:ListDashboards", + "iotsitewise:ListGateways", + "iotsitewise:ListPortals", + "iotsitewise:ListProjectAssets", + "iotsitewise:ListProjects", + "iotsitewise:ListTagsForResource", + "iottwinmaker:GetComponentType", + "iottwinmaker:GetEntity", + "iottwinmaker:GetScene", + "iottwinmaker:GetSyncJob", + "iottwinmaker:GetWorkspace", + "iottwinmaker:ListComponentTypes", + "iottwinmaker:ListEntities", + "iottwinmaker:ListScenes", + "iottwinmaker:ListSyncJobs", + "iottwinmaker:ListTagsForResource", + "iottwinmaker:ListWorkspaces", + "iotwireless:GetFuotaTask", + "iotwireless:GetMulticastGroup", + "iotwireless:GetServiceProfile", + "iotwireless:GetWirelessDevice", + "iotwireless:GetWirelessGatewayTaskDefinition", + "iotwireless:ListFuotaTasks", + "iotwireless:ListMulticastGroups", + "iotwireless:ListServiceProfiles", + "iotwireless:ListTagsForResource", + "iotwireless:ListWirelessDevices", + "iotwireless:ListWirelessGatewayTaskDefinitions", + "ivs:GetChannel", + "ivs:GetPlaybackKeyPair", + "ivs:GetRecordingConfiguration", + "ivs:GetStreamKey", + "ivs:ListChannels", + "ivs:ListPlaybackKeyPairs", + "ivs:ListRecordingConfigurations", + "ivs:ListStreamKeys", + "ivs:ListTagsForResource", "kafka:DescribeCluster", "kafka:DescribeClusterV2", + "kafka:DescribeConfiguration", + "kafka:DescribeConfigurationRevision", + "kafka:DescribeVpcConnection", + "kafka:GetClusterPolicy", "kafka:ListClusters", "kafka:ListClustersV2", + "kafka:ListConfigurations", + "kafka:ListScramSecrets", + "kafka:ListTagsForResource", + "kafka:ListVpcConnections", + "kafkaconnect:DescribeConnector", + "kafkaconnect:ListConnectors", + "kendra:DescribeIndex", + "kendra:ListIndices", + "kendra:ListTagsForResource", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:DescribeApplication", + "kinesisanalytics:ListApplications", "kinesisanalytics:ListTagsForResource", + "kinesisvideo:DescribeSignalingChannel", + "kinesisvideo:DescribeStream", + "kinesisvideo:ListSignalingChannels", + "kinesisvideo:ListStreams", + "kinesisvideo:ListTagsForResource", + "kinesisvideo:ListTagsForStream", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListKeys", "kms:ListResourceTags", + "lakeformation:DescribeResource", + "lakeformation:GetDataLakeSettings", + "lakeformation:ListPermissions", + "lakeformation:ListResources", "lambda:GetAlias", + "lambda:GetCodeSigningConfig", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetPolicy", "lambda:ListAliases", + "lambda:ListCodeSigningConfigs", "lambda:ListFunctions", + "lambda:ListTags", "lambda:ListVersionsByFunction", + "lex:DescribeBot", + "lex:DescribeBotAlias", + "lex:DescribeBotVersion", + "lex:DescribeResourcePolicy", + "lex:ListBotAliases", + "lex:ListBotLocales", + "lex:ListBots", + "lex:ListBotVersions", + "lex:ListTagsForResource", + "license-manager:GetGrant", + "license-manager:GetLicense", + "license-manager:ListDistributedGrants", + "license-manager:ListLicenses", + "license-manager:ListReceivedGrants", + "lightsail:GetAlarms", + "lightsail:GetBuckets", + "lightsail:GetCertificates", + "lightsail:GetContainerServices", + "lightsail:GetDisk", + "lightsail:GetDisks", + "lightsail:GetDistributions", + "lightsail:GetInstance", + "lightsail:GetInstances", + "lightsail:GetKeyPair", + "lightsail:GetLoadBalancer", + "lightsail:GetLoadBalancers", + "lightsail:GetLoadBalancerTlsCertificates", + "lightsail:GetRelationalDatabase", + "lightsail:GetRelationalDatabaseParameters", + "lightsail:GetRelationalDatabases", + "lightsail:GetStaticIp", + "lightsail:GetStaticIps", + "logs:DescribeMetricFilters", + "logs:DescribeDestinations", "logs:DescribeLogGroups", + "logs:GetDataProtectionPolicy", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", "logs:ListTagsLogGroup", + "lookoutequipment:DescribeInferenceScheduler", + "lookoutequipment:ListTagsForResource", + "lookoutmetrics:DescribeAlert", + "lookoutmetrics:DescribeAnomalyDetector", + "lookoutmetrics:ListAlerts", + "lookoutmetrics:ListAnomalyDetectors", + "lookoutmetrics:ListMetricSets", + "lookoutmetrics:ListTagsForResource", + "lookoutvision:DescribeProject", + "lookoutvision:ListProjects", + "m2:GetEnvironment", + "m2:ListEnvironments", + "m2:ListTagsForResource", + "macie2:DescribeOrganizationConfiguration", + "macie2:GetAutomatedDiscoveryConfiguration", + "macie2:GetClassificationExportConfiguration", + "macie2:GetCustomDataIdentifier", + "macie2:GetFindingsPublicationConfiguration", "macie2:GetMacieSession", + "macie2:ListCustomDataIdentifiers", + "macie2:ListTagsForResource", + "managedblockchain:GetMember", + "managedblockchain:GetNetwork", + "managedblockchain:GetNode", + "managedblockchain:ListInvitations", + "managedblockchain:ListMembers", + "managedblockchain:ListNodes", + "mediaconnect:DescribeFlow", + "mediaconnect:ListFlows", + "mediaconnect:ListTagsForResource", + "mediapackage-vod:DescribePackagingConfiguration", + "mediapackage-vod:DescribePackagingGroup", + "mediapackage-vod:ListPackagingConfigurations", + "mediapackage-vod:ListPackagingGroups", + "mediapackage-vod:ListTagsForResource", + "mediatailor:GetPlaybackConfiguration", + "mediatailor:ListPlaybackConfigurations", + "memorydb:DescribeAcls", + "memorydb:DescribeClusters", + "memorydb:DescribeParameterGroups", + "memorydb:DescribeParameters", + "memorydb:DescribeSubnetGroups", + "memorydb:DescribeUsers", + "memorydb:ListTags", + "mobiletargeting:GetApp", + "mobiletargeting:GetApplicationSettings", + "mobiletargeting:GetApps", + "mobiletargeting:GetCampaign", + "mobiletargeting:GetCampaigns", + "mobiletargeting:GetEmailChannel", + "mobiletargeting:GetEmailTemplate", + "mobiletargeting:GetEventStream", + "mobiletargeting:GetInAppTemplate", + "mobiletargeting:GetSegment", + "mobiletargeting:GetSegments", + "mobiletargeting:ListTagsForResource", + "mobiletargeting:ListTemplates", + "mq:DescribeBroker", + "mq:ListBrokers", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", + "networkmanager:DescribeGlobalNetworks", + "networkmanager:GetConnectPeer", + "networkmanager:GetCustomerGatewayAssociations", + "networkmanager:GetDevices", + "networkmanager:GetLinkAssociations", + "networkmanager:GetLinks", + "networkmanager:GetSites", + "networkmanager:GetTransitGatewayRegistrations", + "networkmanager:ListConnectPeers", + "networkmanager:ListTagsForResource", + "nimble:GetLaunchProfile", + "nimble:GetLaunchProfileDetails", + "nimble:GetStreamingImage", + "nimble:GetStudio", + "nimble:GetStudioComponent", + "nimble:ListLaunchProfiles", + "nimble:ListStreamingImages", + "nimble:ListStudioComponents", + "nimble:ListStudios", + "opsworks:DescribeInstances", "opsworks:DescribeLayers", + "opsworks:DescribeTimeBasedAutoScaling", + "opsworks:DescribeVolumes", "opsworks:ListTags", + "organizations:DescribeAccount", + "organizations:DescribeEffectivePolicy", "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", + "organizations:DescribeResourcePolicy", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListDelegatedAdministrators", + "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListPolicies", "organizations:ListPoliciesForTarget", + "organizations:ListRoots", + "organizations:ListTagsForResource", + "organizations:ListTargetsForPolicy", + "panorama:DescribeApplicationInstance", + "panorama:DescribeApplicationInstanceDetails", + "panorama:DescribePackage", + "panorama:DescribePackageVersion", + "panorama:ListApplicationInstances", + "panorama:ListNodes", + "panorama:ListPackages", + "personalize:DescribeDataset", + "personalize:DescribeDatasetGroup", + "personalize:DescribeSchema", + "personalize:DescribeSolution", + "personalize:ListDatasetGroups", + "personalize:ListDatasetImportJobs", + "personalize:ListDatasets", + "personalize:ListSchemas", + "personalize:ListSolutions", + "personalize:ListTagsForResource", + "profile:GetDomain", + "profile:GetIntegration", + "profile:GetProfileObjectType", + "profile:ListDomains", + "profile:ListIntegrations", + "profile:ListProfileObjectTypes", + "profile:ListTagsForResource", + "quicksight:DescribeAccountSubscription", + "quicksight:DescribeAnalysis", + "quicksight:DescribeAnalysisPermissions", + "quicksight:DescribeDashboard", + "quicksight:DescribeDashboardPermissions", + "quicksight:DescribeDataSet", + "quicksight:DescribeDataSetPermissions", + "quicksight:DescribeDataSetRefreshProperties", "quicksight:DescribeDataSource", "quicksight:DescribeDataSourcePermissions", + "quicksight:DescribeTemplate", + "quicksight:DescribeTemplatePermissions", + "quicksight:DescribeTheme", + "quicksight:DescribeThemePermissions", + "quicksight:ListAnalyses", + "quicksight:ListDashboards", + "quicksight:ListDataSets", + "quicksight:ListDataSources", "quicksight:ListTagsForResource", + "quicksight:ListTemplates", + "quicksight:ListThemes", "ram:GetResourceShareAssociations", "ram:GetResourceShares", + "ram:ListResources", + "ram:ListResourceSharePermissions", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusters", @@ -30683,13 +42103,16 @@ aws_managed_policies_data = """ "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", + "rds:DescribeDBProxies", + "rds:DescribeDBProxyEndpoints", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", + "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEventSubscriptions", + "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:ListTagsForResource", "redshift:DescribeClusterParameterGroups", @@ -30698,32 +42121,111 @@ aws_managed_policies_data = """ "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeEndpointAccess", + "redshift:DescribeEndpointAuthorization", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", + "redshift:DescribeScheduledActions", + "refactor-spaces:GetEnvironment", + "refactor-spaces:GetService", + "refactor-spaces:ListApplications", + "refactor-spaces:ListEnvironments", + "refactor-spaces:ListServices", "rekognition:DescribeStreamProcessor", + "rekognition:ListStreamProcessors", "rekognition:ListTagsForResource", + "resiliencehub:DescribeApp", + "resiliencehub:DescribeAppVersionTemplate", + "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:ListApps", + "resiliencehub:ListAppVersionResourceMappings", + "resiliencehub:ListResiliencyPolicies", + "resiliencehub:ListTagsForResource", + "resource-explorer-2:GetIndex", + "resource-explorer-2:ListIndexes", + "resource-explorer-2:ListTagsForResource", + "resource-groups:GetGroup", + "resource-groups:GetGroupConfiguration", + "resource-groups:GetGroupQuery", + "resource-groups:GetTags", + "resource-groups:ListGroupResources", + "resource-groups:ListGroups", "robomaker:DescribeRobotApplication", "robomaker:DescribeSimulationApplication", + "robomaker:ListRobotApplications", + "robomaker:ListSimulationApplications", + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:DescribeControlPanel", + "route53-recovery-control-config:DescribeRoutingControl", + "route53-recovery-control-config:DescribeSafetyRule", + "route53-recovery-control-config:ListClusters", + "route53-recovery-control-config:ListControlPanels", + "route53-recovery-control-config:ListRoutingControls", + "route53-recovery-control-config:ListSafetyRules", + "route53-recovery-control-config:ListTagsForResource", + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:GetReadinessCheck", + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:ListCells", + "route53-recovery-readiness:ListReadinessChecks", + "route53-recovery-readiness:ListRecoveryGroups", + "route53-recovery-readiness:ListResourceSets", + "route53:GetChange", + "route53:GetDNSSEC", "route53:GetHealthCheck", "route53:GetHostedZone", + "route53:ListCidrBlocks", + "route53:ListCidrCollections", + "route53:ListCidrLocations", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", + "route53resolver:GetFirewallDomainList", + "route53resolver:GetFirewallRuleGroup", + "route53resolver:GetFirewallRuleGroupAssociation", + "route53resolver:GetResolverDnssecConfig", "route53resolver:GetResolverEndpoint", + "route53resolver:GetResolverQueryLogConfig", + "route53resolver:GetResolverQueryLogConfigAssociation", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", + "route53resolver:ListFirewallDomainLists", + "route53resolver:ListFirewallDomains", + "route53resolver:ListFirewallRuleGroupAssociations", + "route53resolver:ListFirewallRuleGroups", + "route53resolver:ListFirewallRules", + "route53resolver:ListResolverDnssecConfigs", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", + "route53resolver:ListResolverQueryLogConfigAssociations", + "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", + "rum:GetAppMonitor", + "rum:GetAppMonitorData", + "rum:ListAppMonitors", + "rum:ListTagsForResource", + "s3-outposts:GetAccessPoint", + "s3-outposts:GetAccessPointPolicy", + "s3-outposts:GetBucket", + "s3-outposts:GetBucketPolicy", + "s3-outposts:GetBucketTagging", + "s3-outposts:GetLifecycleConfiguration", + "s3-outposts:ListAccessPoints", + "s3-outposts:ListEndpoints", + "s3-outposts:ListRegionalBuckets", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", + "s3:GetAccessPointForObjectLambda", "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyForObjectLambda", "s3:GetAccessPointPolicyStatus", + "s3:GetAccessPointPolicyStatusForObjectLambda", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", @@ -30732,6 +42234,7 @@ aws_managed_policies_data = """ "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", + "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", @@ -30739,35 +42242,80 @@ aws_managed_policies_data = """ "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", + "s3:GetMultiRegionAccessPoint", + "s3:GetMultiRegionAccessPointPolicy", + "s3:GetMultiRegionAccessPointPolicyStatus", "s3:GetReplicationConfiguration", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", "s3:GetStorageLensConfiguration", "s3:GetStorageLensConfigurationTagging", + "s3:ListAccessPoints", + "s3:ListAccessPointsForObjectLambda", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListMultiRegionAccessPoints", + "s3:ListStorageLensConfigurations", + "s3express:GetBucketPolicy", + "s3express:ListAllMyDirectoryBuckets", + "sagemaker:DescribeAppImageConfig", "sagemaker:DescribeCodeRepository", + "sagemaker:DescribeDataQualityJobDefinition", + "sagemaker:DescribeDeviceFleet", + "sagemaker:DescribeDomain", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeFeatureGroup", + "sagemaker:DescribeImage", + "sagemaker:DescribeImageVersion", "sagemaker:DescribeModel", + "sagemaker:DescribeModelBiasJobDefinition", + "sagemaker:DescribeModelExplainabilityJobDefinition", + "sagemaker:DescribeModelQualityJobDefinition", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:DescribePipeline", + "sagemaker:DescribeProject", "sagemaker:DescribeWorkteam", + "sagemaker:ListAppImageConfigs", "sagemaker:ListCodeRepositories", + "sagemaker:ListDataQualityJobDefinitions", + "sagemaker:ListDeviceFleets", + "sagemaker:ListDomains", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", + "sagemaker:ListFeatureGroups", + "sagemaker:ListImages", + "sagemaker:ListImageVersions", + "sagemaker:ListModelBiasJobDefinitions", + "sagemaker:ListModelExplainabilityJobDefinitions", + "sagemaker:ListModelQualityJobDefinitions", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", + "sagemaker:ListPipelines", + "sagemaker:ListProjects", "sagemaker:ListTags", "sagemaker:ListWorkteams", + "schemas:DescribeDiscoverer", + "schemas:DescribeRegistry", + "schemas:DescribeSchema", + "schemas:GetResourcePolicy", + "schemas:ListDiscoverers", + "schemas:ListRegistries", + "schemas:ListSchemas", + "sdb:GetAttributes", + "sdb:ListDomains", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", + "serviceCatalog:DescribePortfolioShares", "servicediscovery:GetInstance", "servicediscovery:GetNamespace", "servicediscovery:GetService", + "servicediscovery:ListInstances", + "servicediscovery:ListNamespaces", + "servicediscovery:ListServices", "servicediscovery:ListTagsForResource", "ses:DescribeReceiptRule", "ses:DescribeReceiptRuleSet", @@ -30777,9 +42325,18 @@ aws_managed_policies_data = """ "ses:GetEmailTemplate", "ses:GetTemplate", "ses:ListConfigurationSets", + "ses:ListContactLists", + "ses:ListEmailTemplates", + "ses:ListReceiptFilters", + "ses:ListReceiptRuleSets", + "ses:ListTemplates", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", + "signer:GetSigningProfile", + "signer:ListProfilePermissions", + "signer:ListSigningProfiles", + "sns:GetDataProtectionPolicy", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", @@ -30792,9 +42349,11 @@ aws_managed_policies_data = """ "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", + "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:ListDocuments", + "ssm:ListTagsForResource", "sso:DescribeInstanceAccessControlAttributeConfiguration", "sso:DescribePermissionSet", "sso:GetInlinePolicyForPermissionSet", @@ -30809,11 +42368,46 @@ aws_managed_policies_data = """ "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", + "sts:GetCallerIdentity", "support:DescribeCases", + "synthetics:DescribeCanaries", + "synthetics:DescribeCanariesLastRun", + "synthetics:DescribeRuntimeVersions", + "synthetics:GetCanary", + "synthetics:GetCanaryRuns", + "synthetics:GetGroup", + "synthetics:ListAssociatedGroups", + "synthetics:ListGroupResources", + "synthetics:ListGroups", + "synthetics:ListTagsForResource", "tag:GetResources", + "timestream:DescribeDatabase", + "timestream:DescribeEndpoints", + "timestream:DescribeTable", + "timestream:ListDatabases", + "timestream:ListTables", + "timestream:ListTagsForResource", + "transfer:DescribeAgreement", + "transfer:DescribeCertificate", + "transfer:DescribeConnector", + "transfer:DescribeProfile", + "transfer:DescribeServer", + "transfer:DescribeUser", + "transfer:DescribeWorkflow", + "transfer:ListAgreements", + "transfer:ListCertificates", + "transfer:ListConnectors", + "transfer:ListProfiles", + "transfer:ListServers", + "transfer:ListTagsForResource", + "transfer:ListUsers", + "transfer:ListWorkflows", + "voiceid:DescribeDomain", + "voiceid:ListTagsForResource", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", + "waf-regional:ListLoggingConfigurations", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration", @@ -30825,7 +42419,8 @@ aws_managed_policies_data = """ "workspaces:DescribeWorkspaces" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSConfigRoleStatementID" }, { "Action":[ @@ -30833,33 +42428,81 @@ aws_managed_policies_data = """ "logs:CreateLogGroup" ], "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*", + "Sid":"ConfigLogStreamStatementID" }, { "Action":"logs:PutLogEvents", "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*", + "Sid":"ConfigLogEventsStatementID" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-15T01:37:13+00:00" + "UpdateDate":"2023-12-04T23:44:46+00:00" }, - "AccessAnalyzerServiceRolePolicy":{ - "CreateDate":"2019-12-02T17:13:10+00:00", - "DefaultVersionId":"v7", + "AWSrePostPrivateCloudWatchAccess":{ + "CreateDate":"2023-11-15T16:37:33+00:00", + "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/rePostPrivate", + "AWS/Usage" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchPublishMetrics" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-15T16:37:33+00:00" + }, + "AccessAnalyzerServiceRolePolicy":{ + "CreateDate":"2019-12-02T17:13:10+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:GetResourcePolicy", + "dynamodb:ListTables", + "dynamodb:ListStreams", "ec2:DescribeAddresses", "ec2:DescribeByoipCidrs", + "ec2:DescribeSnapshotAttribute", + "ec2:DescribeSnapshots", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", + "ecr:DescribeRepositories", + "ecr:GetRepositoryPolicy", + "elasticfilesystem:DescribeFileSystemPolicy", + "elasticfilesystem:DescribeFileSystems", "iam:GetRole", + "iam:ListEntitiesForPolicy", "iam:ListRoles", + "iam:ListUsers", + "iam:GetUser", + "iam:GetGroup", + "iam:GenerateServiceLastAccessedDetails", + "iam:GetServiceLastAccessedDetails", + "iam:ListAccessKeys", + "iam:GetLoginProfile", + "iam:GetAccessKeyLastUsed", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:ListGrants", @@ -30884,6 +42527,10 @@ aws_managed_policies_data = """ "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListRoots", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshotAttributes", + "rds:DescribeDBSnapshots", "s3:DescribeMultiRegionAccessPointOperation", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", @@ -30900,6 +42547,8 @@ aws_managed_policies_data = """ "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListMultiRegionAccessPoints", + "s3express:GetBucketPolicy", + "s3express:ListAllMyDirectoryBuckets", "sns:GetTopicAttributes", "sns:ListTopics", "secretsmanager:DescribeSecret", @@ -30909,14 +42558,15 @@ aws_managed_policies_data = """ "sqs:ListQueues" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AccessAnalyzerServiceRolePolicy" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-06T20:18:51+00:00" + "UpdateDate":"2024-01-11T20:13:34+00:00" }, "AdministratorAccess":{ "CreateDate":"2015-02-06T18:39:46+00:00", @@ -30937,7 +42587,7 @@ aws_managed_policies_data = """ }, "AdministratorAccess-AWSElasticBeanstalk":{ "CreateDate":"2021-01-22T19:36:54+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -31268,17 +42918,32 @@ aws_managed_policies_data = """ "arn:aws:sqs:*:*:awseb-e-*", "arn:aws:sqs:*:*:eb-*" ] + }, + { + "Action":[ + "ecs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "ecs:CreateAction":[ + "CreateCluster", + "RegisterTaskDefinition" + ] + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-03-09T22:36:27+00:00" + "UpdateDate":"2023-03-23T23:45:23+00:00" }, "AdministratorAccess-Amplify":{ "CreateDate":"2020-12-01T19:03:08+00:00", - "DefaultVersionId":"v8", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { @@ -31294,6 +42959,7 @@ aws_managed_policies_data = """ "cloudformation:ExecuteChangeSet", "cloudformation:GetTemplate", "cloudformation:UpdateStack", + "cloudformation:ListStacks", "cloudformation:ListStackResources", "cloudformation:DeleteStackSet", "cloudformation:DescribeStackSet", @@ -31316,6 +42982,7 @@ aws_managed_policies_data = """ "iam:DeleteRolePolicy", "iam:DetachRolePolicy", "iam:PutRolePolicy", + "iam:UntagRole", "iam:UpdateRole", "iam:GetRole", "iam:GetPolicy", @@ -31353,6 +43020,7 @@ aws_managed_policies_data = """ "appsync:ListResolversByFunction", "appsync:ListTypes", "appsync:StartSchemaCreation", + "appsync:UntagResource", "appsync:UpdateApiKey", "appsync:UpdateDataSource", "appsync:UpdateFunction", @@ -31425,6 +43093,7 @@ aws_managed_policies_data = """ "dynamodb:PutItem", "dynamodb:TagResource", "dynamodb:ListTagsOfResource", + "dynamodb:UntagResource", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateItem", "dynamodb:UpdateTable", @@ -31467,7 +43136,9 @@ aws_managed_policies_data = """ "es:CreateElasticsearchDomain", "es:DeleteElasticsearchDomain", "es:DescribeElasticsearchDomain", - "s3:PutEncryptionConfiguration" + "es:UpdateElasticsearchDomainConfig", + "s3:PutEncryptionConfiguration", + "s3:PutBucketPublicAccessBlock" ], "Condition":{ "ForAnyValue:StringEquals":{ @@ -31550,6 +43221,7 @@ aws_managed_policies_data = """ "iam:DeleteRole", "iam:DetachRolePolicy", "cloudformation:ListStacks", + "cloudformation:DescribeStacks", "sns:CreateSMSSandboxPhoneNumber", "sns:GetSMSSandboxAccountStatus", "sns:VerifySMSSandboxPhoneNumber", @@ -31564,7 +43236,10 @@ aws_managed_policies_data = """ "lex:GetBuiltinIntents", "lex:GetBuiltinSlotTypes", "cloudformation:GetTemplateSummary", - "codecommit:GitPull" + "codecommit:GitPull", + "cloudfront:GetCloudFrontOriginAccessIdentity", + "cloudfront:GetCloudFrontOriginAccessIdentityConfig", + "polly:DescribeVoices" ], "Effect":"Allow", "Resource":"*", @@ -31591,6 +43266,14 @@ aws_managed_policies_data = """ "Resource":"*", "Sid":"GeoPowerUser" }, + { + "Action":[ + "ecr:DescribeRepositories" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmplifyEcrSDKCalls" + }, { "Action":[ "s3:CreateBucket", @@ -31685,13 +43368,34 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*", "Sid":"AmplifySSRCalls" + }, + { + "Action":"logs:DescribeLogGroups", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:*", + "Sid":"AmplifySSRViewLogGroups" + }, + { + "Action":"logs:CreateLogGroup", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/amplify/*", + "Sid":"AmplifySSRCreateLogGroup" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/amplify/*:log-stream:*", + "Sid":"AmplifySSRPushLogs" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-13T22:42:11+00:00" + "UpdateDate":"2023-05-31T17:08:15+00:00" }, "AlexaForBusinessDeviceSetup":{ "CreateDate":"2017-11-30T16:47:16+00:00", @@ -32356,6 +44060,32 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-08-28T17:24:35+00:00" }, + "AmazonAppStreamPCAAccess":{ + "CreateDate":"2022-10-24T17:05:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:IssueCertificate", + "acm-pca:GetCertificate", + "acm-pca:DescribeCertificateAuthority" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/euc-private-ca":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:*:acm-pca:*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-10-24T17:05:03+00:00" + }, "AmazonAppStreamReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:10+00:00", "DefaultVersionId":"v2", @@ -32431,7 +44161,7 @@ aws_managed_policies_data = """ }, "AmazonAthenaFullAccess":{ "CreateDate":"2016-11-30T16:46:01+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { @@ -32441,7 +44171,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"BaseAthenaPermissions" }, { "Action":[ @@ -32463,12 +44194,16 @@ aws_managed_policies_data = """ "glue:UpdatePartition", "glue:GetPartition", "glue:GetPartitions", - "glue:BatchGetPartition" + "glue:BatchGetPartition", + "glue:StartColumnStatisticsTaskRun", + "glue:GetColumnStatisticsTaskRun", + "glue:GetColumnStatisticsTaskRuns" ], "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"BaseGluePermissions" }, { "Action":[ @@ -32485,7 +44220,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:s3:::aws-athena-query-results-*" - ] + ], + "Sid":"BaseQueryResultsPermissions" }, { "Action":[ @@ -32495,7 +44231,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:s3:::athena-examples*" - ] + ], + "Sid":"BaseAthenaExamplesPermissions" }, { "Action":[ @@ -32506,7 +44243,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"BaseS3BucketPermissions" }, { "Action":[ @@ -32516,18 +44254,21 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"BaseSNSPermissions" }, { "Action":[ "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" + "cloudwatch:DeleteAlarms", + "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"BaseCloudWatchPermissions" }, { "Action":[ @@ -32536,14 +44277,37 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"BaseLakeFormationPermissions" + }, + { + "Action":[ + "datazone:ListDomains", + "datazone:ListProjects", + "datazone:ListAccountEnvironments" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"BaseDataZonePermissions" + }, + { + "Action":[ + "pricing:GetProducts" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"BasePricingPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-07-07T20:15:04+00:00" + "UpdateDate":"2024-01-03T19:05:55+00:00" }, "AmazonAugmentedAIFullAccess":{ "CreateDate":"2019-12-03T16:21:56+00:00", @@ -32671,9 +44435,93 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-04-22T20:47:32+00:00" }, + "AmazonBedrockFullAccess":{ + "CreateDate":"2023-12-06T15:47:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "bedrock:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"BedrockAll" + }, + { + "Action":[ + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"arn:*:kms:*:::*", + "Sid":"DescribeKey" + }, + { + "Action":[ + "iam:ListRoles", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"APIsWithAllResourceAccess" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "bedrock.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*AmazonBedrock*", + "Sid":"PassRoleToBedrock" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-06T15:47:17+00:00" + }, + "AmazonBedrockReadOnly":{ + "CreateDate":"2023-12-06T15:48:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "bedrock:GetFoundationModel", + "bedrock:ListFoundationModels", + "bedrock:GetModelInvocationLoggingConfiguration", + "bedrock:GetProvisionedModelThroughput", + "bedrock:ListProvisionedModelThroughputs", + "bedrock:GetModelCustomizationJob", + "bedrock:ListModelCustomizationJobs", + "bedrock:ListCustomModels", + "bedrock:GetCustomModel", + "bedrock:ListTagsForResource", + "bedrock:GetFoundationModelAvailability" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonBedrockReadOnly" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-06T15:48:19+00:00" + }, "AmazonBraketFullAccess":{ "CreateDate":"2020-08-06T20:12:37+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -32690,7 +44538,9 @@ aws_managed_policies_data = """ }, { "Action":[ - "s3:ListAllMyBuckets" + "s3:ListAllMyBuckets", + "servicequotas:GetServiceQuota", + "cloudwatch:GetMetricData" ], "Effect":"Allow", "Resource":"*" @@ -32845,7 +44695,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-31T19:03:33+00:00" + "UpdateDate":"2023-04-19T16:25:29+00:00" }, "AmazonBraketJobsExecutionPolicy":{ "CreateDate":"2021-11-26T19:34:41+00:00", @@ -33108,7 +44958,7 @@ aws_managed_policies_data = """ }, "AmazonChimeSDK":{ "CreateDate":"2020-02-04T21:53:37+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -33133,7 +44983,16 @@ aws_managed_policies_data = """ "chime:UntagMeeting", "chime:UntagResource", "chime:StartMeetingTranscription", - "chime:StopMeetingTranscription" + "chime:StopMeetingTranscription", + "chime:CreateMediaCapturePipeline", + "chime:CreateMediaConcatenationPipeline", + "chime:CreateMediaLiveConnectorPipeline", + "chime:DeleteMediaCapturePipeline", + "chime:DeleteMediaPipeline", + "chime:GetMediaCapturePipeline", + "chime:GetMediaPipeline", + "chime:ListMediaCapturePipelines", + "chime:ListMediaPipelines" ], "Effect":"Allow", "Resource":"*" @@ -33143,13 +45002,48 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-10-21T18:04:27+00:00" + "UpdateDate":"2023-01-10T18:05:12+00:00" }, "AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy":{ "CreateDate":"2022-04-04T22:02:05+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/ChimeSDK" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowPutMetricsForChimeSDKNamespace" + }, + { + "Action":[ + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:PutMedia", + "kinesisvideo:UpdateDataRetention", + "kinesisvideo:DescribeStream", + "kinesisvideo:CreateStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kinesisvideo:*:*:stream/ChimeMediaPipelines-*" + ], + "Sid":"AllowKinesisVideoStreamsAccess" + }, + { + "Action":[ + "kinesisvideo:ListStreams" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowKinesisVideoStreamsListAccess" + }, { "Action":[ "chime:GetMeeting", @@ -33157,14 +45051,52 @@ aws_managed_policies_data = """ "chime:DeleteAttendee" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowChimeMeetingAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-04T22:02:05+00:00" + "UpdateDate":"2023-12-08T19:14:31+00:00" + }, + "AmazonChimeSDKMessagingServiceRolePolicy":{ + "CreateDate":"2023-03-03T01:43:49+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kms:GenerateDataKey" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":[ + "kinesis.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesis:PutRecord", + "kinesis:PutRecords", + "kinesis:DescribeStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kinesis:*:*:stream/chime-messaging-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-03T01:43:49+00:00" }, "AmazonChimeServiceRolePolicy":{ "CreateDate":"2019-09-30T22:25:06+00:00", @@ -33270,7 +45202,7 @@ aws_managed_policies_data = """ }, "AmazonChimeVoiceConnectorServiceLinkedRolePolicy":{ "CreateDate":"2019-09-30T22:16:42+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -33330,13 +45262,23 @@ aws_managed_policies_data = """ "Resource":[ "*" ] + }, + { + "Action":[ + "chime:CreateMediaInsightsPipeline", + "chime:GetMediaInsightsPipelineConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-17T16:18:11+00:00" + "UpdateDate":"2023-04-14T21:49:14+00:00" }, "AmazonCloudDirectoryFullAccess":{ "CreateDate":"2017-02-25T00:41:39+00:00", @@ -33519,6 +45461,71 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-29T15:08:38+00:00" }, + "AmazonCloudWatchEvidentlyServiceRolePolicy":{ + "CreateDate":"2022-09-13T17:25:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"appconfig:StartDeployment", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/DeployedBy":"Evidently" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:appconfig:*:*:application/*", + "arn:aws:appconfig:*:*:deploymentstrategy/*" + ] + }, + { + "Action":"appconfig:StartDeployment", + "Condition":{ + "StringNotEquals":{ + "aws:ResourceTag/Owner":"Evidently" + } + }, + "Effect":"Deny", + "Resource":"arn:aws:appconfig:*:*:application/*/configurationprofile/*" + }, + { + "Action":"appconfig:TagResource", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/DeployedBy":"Evidently" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:appconfig:*:*:application/*/environment/*/deployment/*" + }, + { + "Action":"appconfig:StopDeployment", + "Effect":"Allow", + "Resource":"arn:aws:appconfig:*:*:application/*" + }, + { + "Action":"appconfig:StopDeployment", + "Condition":{ + "StringNotEquals":{ + "aws:ResourceTag/DeployedBy":"Evidently" + } + }, + "Effect":"Deny", + "Resource":"arn:aws:appconfig:*:*:application/*/environment/*/deployment/*" + }, + { + "Action":"appconfig:ListDeployments", + "Effect":"Allow", + "Resource":"arn:aws:appconfig:*:*:application/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-09-13T17:25:36+00:00" + }, "AmazonCloudWatchRUMFullAccess":{ "CreateDate":"2021-11-29T15:46:12+00:00", "DefaultVersionId":"v1", @@ -33630,14 +45637,16 @@ aws_managed_policies_data = """ }, "AmazonCloudWatchRUMReadOnlyAccess":{ "CreateDate":"2021-11-29T15:43:47+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "rum:GetAppMonitor", "rum:GetAppMonitorData", - "rum:ListAppMonitors" + "rum:ListAppMonitors", + "rum:ListRumMetricsDestinations", + "rum:BatchGetRumMetricDefinitions" ], "Effect":"Allow", "Resource":"*" @@ -33647,11 +45656,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-29T15:43:47+00:00" + "UpdateDate":"2022-10-28T18:12:58+00:00" }, "AmazonCloudWatchRUMServiceRolePolicy":{ "CreateDate":"2021-11-17T23:17:23+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -33662,13 +45671,118 @@ aws_managed_policies_data = """ "Resource":[ "*" ] + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringLike":{ + "cloudwatch:namespace":[ + "RUM/CustomMetrics/*", + "AWS/RUM" + ] + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-17T23:17:23+00:00" + "UpdateDate":"2023-02-22T20:35:15+00:00" + }, + "AmazonCodeCatalystFullAccess":{ + "CreateDate":"2023-04-20T16:50:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codecatalyst:*", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeCatalystResourceAccess" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "codecatalyst.amazonaws.com", + "codecatalyst-runner.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeCatalystAssociateIAMRole" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-20T16:50:16+00:00" + }, + "AmazonCodeCatalystReadOnlyAccess":{ + "CreateDate":"2023-04-20T16:49:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codecatalyst:Get*", + "codecatalyst:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-20T16:49:12+00:00" + }, + "AmazonCodeCatalystSupportAccess":{ + "CreateDate":"2023-04-20T12:34:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "support:DescribeAttachment", + "support:DescribeCaseAttributes", + "support:DescribeCases", + "support:DescribeCommunications", + "support:DescribeIssueTypes", + "support:DescribeServices", + "support:DescribeSeverityLevels", + "support:DescribeSupportLevel", + "support:SearchForCases", + "support:AddAttachmentsToSet", + "support:AddCommunicationToCase", + "support:CreateCase", + "support:InitiateCallForCase", + "support:InitiateChatForCase", + "support:PutCaseAttributes", + "support:RateCaseCommunication", + "support:ResolveCase" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-20T12:34:44+00:00" }, "AmazonCodeGuruProfilerAgentAccess":{ "CreateDate":"2021-02-05T22:11:56+00:00", @@ -33974,6 +46088,49 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-27T15:09:46+00:00" }, + "AmazonCodeGuruSecurityFullAccess":{ + "CreateDate":"2023-05-09T21:03:38+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru-security:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonCodeGuruSecurityFullAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-09T21:03:38+00:00" + }, + "AmazonCodeGuruSecurityScanAccess":{ + "CreateDate":"2023-05-09T20:54:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru-security:CreateScan", + "codeguru-security:CreateUploadUrl", + "codeguru-security:GetScan", + "codeguru-security:GetFindings" + ], + "Effect":"Allow", + "Resource":"arn:aws:codeguru-security:*:*:scans/*", + "Sid":"AmazonCodeGuruSecurityScanAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-09T20:54:32+00:00" + }, "AmazonCognitoDeveloperAuthenticatedIdentities":{ "CreateDate":"2015-03-24T17:22:23+00:00", "DefaultVersionId":"v1", @@ -34133,9 +46290,54 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-08-01T19:21:04+00:00" }, + "AmazonCognitoUnAuthedIdentitiesSessionPolicy":{ + "CreateDate":"2023-07-19T23:04:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rum:PutRumEvents", + "sagemaker:InvokeEndpoint", + "polly:*", + "comprehend:*", + "translate:*", + "transcribe:*", + "rekognition:*", + "mobiletargeting:*", + "firehose:*", + "personalize:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-07-19T23:04:05+00:00" + }, + "AmazonCognitoUnauthenticatedIdentities":{ + "CreateDate":"2023-02-01T22:36:27+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"rum:PutRumEvents", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-02-01T22:36:27+00:00" + }, "AmazonConnectCampaignsServiceLinkedRolePolicy":{ "CreateDate":"2021-09-23T20:54:26+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -34144,13 +46346,21 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "connect:BatchPutContact", + "connect:StopContact" + ], + "Effect":"Allow", + "Resource":"arn:aws:connect:*:*:instance/*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-09-23T20:54:26+00:00" + "UpdateDate":"2023-11-08T16:16:16+00:00" }, "AmazonConnectReadOnlyAccess":{ "CreateDate":"2018-10-17T21:00:44+00:00", @@ -34181,7 +46391,7 @@ aws_managed_policies_data = """ }, "AmazonConnectServiceLinkedRolePolicy":{ "CreateDate":"2018-09-07T00:21:43+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v14", "Document":{ "Statement":[ { @@ -34191,14 +46401,16 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AllowConnectActions" }, { "Action":[ "iam:DeleteRole" ], "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*" + "Resource":"arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*", + "Sid":"AllowDeleteSLR" }, { "Action":[ @@ -34211,7 +46423,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:s3:::amazon-connect-*/*" - ] + ], + "Sid":"AllowS3ObjectForConnectBucket" }, { "Action":[ @@ -34221,7 +46434,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:s3:::amazon-connect-*" - ] + ], + "Sid":"AllowGetBucketMetadataForConnectBucket" }, { "Action":[ @@ -34232,7 +46446,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:logs:*:*:log-group:/aws/connect/*:*" - ] + ], + "Sid":"AllowConnectLogGroupAccess" }, { "Action":[ @@ -34240,33 +46455,112 @@ aws_managed_policies_data = """ "lex:ListBotAliases" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowListLexBotAccess" }, { "Action":[ "profile:SearchProfiles", "profile:CreateProfile", "profile:UpdateProfile", - "profile:AddProfileKey" + "profile:AddProfileKey", + "profile:ListProfileObjectTypes", + "profile:ListCalculatedAttributeDefinitions", + "profile:ListCalculatedAttributesForProfile", + "profile:GetDomain", + "profile:ListIntegrations" ], "Effect":"Allow", - "Resource":"arn:aws:profile:*:*:domains/amazon-connect-*" + "Resource":"arn:aws:profile:*:*:domains/amazon-connect-*", + "Sid":"AllowCustomerProfilesForConnectDomain" }, { "Action":[ - "profile:ListProfileObjects" + "profile:ListProfileObjects", + "profile:GetProfileObjectType" ], "Effect":"Allow", "Resource":[ "arn:aws:profile:*:*:domains/amazon-connect-*/object-types/*" - ] + ], + "Sid":"AllowReadPermissionForCustomerProfileObjects" }, { "Action":[ "profile:ListAccountIntegrations" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowListIntegrationForCustomerProfile" + }, + { + "Action":[ + "profile:ListProfileObjectTypeTemplates", + "profile:GetProfileObjectTypeTemplate" + ], + "Effect":"Allow", + "Resource":"arn:aws:profile:*:*:/templates*", + "Sid":"AllowReadForCustomerProfileObjectTemplates" + }, + { + "Action":[ + "wisdom:CreateContent", + "wisdom:DeleteContent", + "wisdom:CreateKnowledgeBase", + "wisdom:GetAssistant", + "wisdom:GetKnowledgeBase", + "wisdom:GetContent", + "wisdom:GetRecommendations", + "wisdom:GetSession", + "wisdom:NotifyRecommendationsReceived", + "wisdom:QueryAssistant", + "wisdom:StartContentUpload", + "wisdom:UpdateContent", + "wisdom:UntagResource", + "wisdom:TagResource", + "wisdom:CreateSession", + "wisdom:CreateQuickResponse", + "wisdom:GetQuickResponse", + "wisdom:SearchQuickResponses", + "wisdom:StartImportJob", + "wisdom:GetImportJob", + "wisdom:ListImportJobs", + "wisdom:ListQuickResponses", + "wisdom:UpdateQuickResponse", + "wisdom:DeleteQuickResponse", + "wisdom:PutFeedback" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AmazonConnectEnabled":"True" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowWisdomForConnectEnabledTaggedResources" + }, + { + "Action":[ + "wisdom:ListAssistants", + "wisdom:ListKnowledgeBases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowListOperationForWisdom" + }, + { + "Action":[ + "profile:GetCalculatedAttributeForProfile", + "profile:CreateCalculatedAttributeDefinition", + "profile:DeleteCalculatedAttributeDefinition", + "profile:GetCalculatedAttributeDefinition", + "profile:UpdateCalculatedAttributeDefinition" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:profile:*:*:domains/amazon-connect-*/calculated-attributes/*" + ], + "Sid":"AllowCustomerProfilesCalculatedAttributesForConnectDomain" }, { "Action":"cloudwatch:PutMetricData", @@ -34276,14 +46570,119 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowPutMetricsForConnectNamespace" + }, + { + "Action":[ + "sms-voice:SendTextMessage", + "sms-voice:DescribePhoneNumbers" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sms-voice:*:*:phone-number/*", + "Sid":"AllowSMSVoiceOperationsForConnect" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-27T19:35:06+00:00" + "UpdateDate":"2023-11-28T16:05:08+00:00" + }, + "AmazonConnectSynchronizationServiceRolePolicy":{ + "CreateDate":"2023-10-27T22:38:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "connect:CreateUser*", + "connect:UpdateUser*", + "connect:DeleteUser*", + "connect:DescribeUser*", + "connect:ListUser*", + "connect:CreateRoutingProfile", + "connect:UpdateRoutingProfile*", + "connect:DeleteRoutingProfile", + "connect:DescribeRoutingProfile", + "connect:ListRoutingProfile*", + "connect:CreateAgentStatus", + "connect:UpdateAgentStatus", + "connect:DescribeAgentStatus", + "connect:ListAgentStatuses", + "connect:CreateQuickConnect", + "connect:UpdateQuickConnect*", + "connect:DeleteQuickConnect", + "connect:DescribeQuickConnect", + "connect:ListQuickConnects", + "connect:CreateHoursOfOperation", + "connect:UpdateHoursOfOperation", + "connect:DeleteHoursOfOperation", + "connect:DescribeHoursOfOperation", + "connect:ListHoursOfOperations", + "connect:CreateQueue", + "connect:UpdateQueue*", + "connect:DeleteQueue", + "connect:DescribeQueue", + "connect:ListQueue*", + "connect:CreatePrompt", + "connect:UpdatePrompt", + "connect:DeletePrompt", + "connect:DescribePrompt", + "connect:ListPrompts", + "connect:GetPromptFile", + "connect:CreateSecurityProfile", + "connect:UpdateSecurityProfile", + "connect:DeleteSecurityProfile", + "connect:DescribeSecurityProfile", + "connect:ListSecurityProfile*", + "connect:CreateContactFlow*", + "connect:UpdateContactFlow*", + "connect:DeleteContactFlow*", + "connect:DescribeContactFlow*", + "connect:ListContactFlow*", + "connect:BatchGetFlowAssociation", + "connect:CreatePredefinedAttribute", + "connect:UpdatePredefinedAttribute", + "connect:DeletePredefinedAttribute", + "connect:DescribePredefinedAttribute", + "connect:ListPredefinedAttributes", + "connect:ListTagsForResource", + "connect:TagResource", + "connect:UntagResource", + "connect:ListTrafficDistributionGroups", + "connect:ListPhoneNumbersV2", + "connect:UpdatePhoneNumber", + "connect:DescribePhoneNumber", + "connect:Associate*", + "connect:Disassociate*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowConnectActions" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/Connect" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowPutMetricsForConnectNamespace" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-10-27T22:38:25+00:00" }, "AmazonConnectVoiceIDFullAccess":{ "CreateDate":"2021-09-26T19:04:10+00:00", @@ -34304,7 +46703,7 @@ aws_managed_policies_data = """ }, "AmazonConnect_FullAccess":{ "CreateDate":"2020-11-20T19:54:21+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -34399,17 +46798,27 @@ aws_managed_policies_data = """ "Action":"iam:DeleteServiceLinkedRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"profile.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/profile.amazonaws.com/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-23T22:05:12+00:00" + "UpdateDate":"2023-03-07T14:49:25+00:00" }, "AmazonDMSCloudWatchLogsRole":{ "CreateDate":"2016-01-07T23:44:53+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -34428,7 +46837,8 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":[ - "arn:aws:logs:*:*:log-group:dms-tasks-*" + "arn:aws:logs:*:*:log-group:dms-tasks-*", + "arn:aws:logs:*:*:log-group:dms-serverless-replication-*" ], "Sid":"AllowDescribeOfAllLogStreamsOnDmsTasksLogGroup" }, @@ -34438,9 +46848,10 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":[ - "arn:aws:logs:*:*:log-group:dms-tasks-*" + "arn:aws:logs:*:*:log-group:dms-tasks-*", + "arn:aws:logs:*:*:log-group:dms-serverless-replication-*:log-stream:" ], - "Sid":"AllowCreationOfDmsTasksLogGroups" + "Sid":"AllowCreationOfDmsLogGroups" }, { "Action":[ @@ -34448,9 +46859,10 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":[ - "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" + "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*", + "arn:aws:logs:*:*:log-group:dms-serverless-replication-*:log-stream:dms-serverless-*" ], - "Sid":"AllowCreationOfDmsTaskLogStream" + "Sid":"AllowCreationOfDmsLogStream" }, { "Action":[ @@ -34458,16 +46870,17 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":[ - "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" + "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*", + "arn:aws:logs:*:*:log-group:dms-serverless-replication-*:log-stream:dms-serverless-*" ], - "Sid":"AllowUploadOfLogEventsToDmsTaskLogStream" + "Sid":"AllowUploadOfLogEventsToDmsLogStream" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2016-01-07T23:44:53+00:00" + "UpdateDate":"2023-05-23T21:32:57+00:00" }, "AmazonDMSRedshiftS3Role":{ "CreateDate":"2016-04-20T17:05:56+00:00", @@ -34560,9 +46973,1472 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-09-02T00:09:20+00:00" }, + "AmazonDataZoneDomainExecutionRolePolicy":{ + "CreateDate":"2023-09-27T21:55:08+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "datazone:AcceptPredictions", + "datazone:AcceptSubscriptionRequest", + "datazone:CancelSubscription", + "datazone:CreateAsset", + "datazone:CreateAssetRevision", + "datazone:CreateAssetType", + "datazone:CreateDataSource", + "datazone:CreateEnvironment", + "datazone:CreateEnvironmentBlueprint", + "datazone:CreateEnvironmentProfile", + "datazone:CreateFormType", + "datazone:CreateGlossary", + "datazone:CreateGlossaryTerm", + "datazone:CreateListingChangeSet", + "datazone:CreateProject", + "datazone:CreateProjectMembership", + "datazone:CreateSubscriptionGrant", + "datazone:CreateSubscriptionRequest", + "datazone:DeleteAsset", + "datazone:DeleteAssetType", + "datazone:DeleteDataSource", + "datazone:DeleteEnvironment", + "datazone:DeleteEnvironmentBlueprint", + "datazone:DeleteEnvironmentProfile", + "datazone:DeleteFormType", + "datazone:DeleteGlossary", + "datazone:DeleteGlossaryTerm", + "datazone:DeleteListing", + "datazone:DeleteProject", + "datazone:DeleteProjectMembership", + "datazone:DeleteSubscriptionGrant", + "datazone:DeleteSubscriptionRequest", + "datazone:DeleteSubscriptionTarget", + "datazone:GetAsset", + "datazone:GetAssetType", + "datazone:GetDataSource", + "datazone:GetDataSourceRun", + "datazone:GetDomain", + "datazone:GetEnvironment", + "datazone:GetEnvironmentActionLink", + "datazone:GetEnvironmentBlueprint", + "datazone:GetEnvironmentCredentials", + "datazone:GetEnvironmentProfile", + "datazone:GetFormType", + "datazone:GetGlossary", + "datazone:GetGlossaryTerm", + "datazone:GetGroupProfile", + "datazone:GetListing", + "datazone:GetProject", + "datazone:GetSubscription", + "datazone:GetSubscriptionEligibility", + "datazone:GetSubscriptionGrant", + "datazone:GetSubscriptionRequestDetails", + "datazone:GetSubscriptionTarget", + "datazone:GetUserProfile", + "datazone:ListAccountEnvironments", + "datazone:ListAssetRevisions", + "datazone:ListDataSourceRunActivities", + "datazone:ListDataSourceRuns", + "datazone:ListDataSources", + "datazone:ListEnvironmentBlueprintConfigurations", + "datazone:ListEnvironmentBlueprints", + "datazone:ListEnvironmentProfiles", + "datazone:ListEnvironments", + "datazone:ListGroupsForUser", + "datazone:ListNotifications", + "datazone:ListProjectMemberships", + "datazone:ListProjects", + "datazone:ListSubscriptionGrants", + "datazone:ListSubscriptionRequests", + "datazone:ListSubscriptionTargets", + "datazone:ListSubscriptions", + "datazone:ListWarehouseMetadata", + "datazone:RejectPredictions", + "datazone:RejectSubscriptionRequest", + "datazone:RevokeSubscription", + "datazone:Search", + "datazone:SearchGroupProfiles", + "datazone:SearchListings", + "datazone:SearchTypes", + "datazone:SearchUserProfiles", + "datazone:StartDataSourceRun", + "datazone:UpdateDataSource", + "datazone:UpdateEnvironment", + "datazone:UpdateEnvironmentBlueprint", + "datazone:UpdateEnvironmentDeploymentStatus", + "datazone:UpdateEnvironmentProfile", + "datazone:UpdateGlossary", + "datazone:UpdateGlossaryTerm", + "datazone:UpdateProject", + "datazone:UpdateSubscriptionGrantStatus", + "datazone:UpdateSubscriptionRequest", + "datazone:StartMetadataGenerationRun", + "datazone:GetMetadataGenerationRun", + "datazone:StopMetadataGenerationRun", + "datazone:ListMetadataGenerationRuns" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DomainExecutionRoleStatement" + }, + { + "Action":"ram:GetResourceShareAssociations", + "Effect":"Allow", + "Resource":"*", + "Sid":"RAMResourceShareStatement" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-28T12:48:21+00:00" + }, + "AmazonDataZoneEnvironmentRolePermissionsBoundary":{ + "CreateDate":"2023-09-11T23:38:22+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws-glue-service-resource" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ], + "Sid":"CreateGlueConnection" + }, + { + "Action":[ + "glue:*DataQuality*", + "glue:BatchCreatePartition", + "glue:BatchDeleteConnection", + "glue:BatchDeletePartition", + "glue:BatchDeleteTable", + "glue:BatchDeleteTableVersion", + "glue:BatchGetJobs", + "glue:BatchGetWorkflows", + "glue:BatchStopJobRun", + "glue:BatchUpdatePartition", + "glue:CreateBlueprint", + "glue:CreateConnection", + "glue:CreateCrawler", + "glue:CreateDatabase", + "glue:CreateJob", + "glue:CreatePartition", + "glue:CreatePartitionIndex", + "glue:CreateTable", + "glue:CreateWorkflow", + "glue:DeleteBlueprint", + "glue:DeleteColumnStatisticsForPartition", + "glue:DeleteColumnStatisticsForTable", + "glue:DeleteConnection", + "glue:DeleteCrawler", + "glue:DeleteJob", + "glue:DeletePartition", + "glue:DeletePartitionIndex", + "glue:DeleteTable", + "glue:DeleteTableVersion", + "glue:DeleteWorkflow", + "glue:GetColumnStatisticsForPartition", + "glue:GetColumnStatisticsForTable", + "glue:GetConnection", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetPartition", + "glue:GetPartitions", + "glue:ListSchemas", + "glue:ListJobs", + "glue:NotifyEvent", + "glue:PutWorkflowRunProperties", + "glue:ResetJobBookmark", + "glue:ResumeWorkflowRun", + "glue:SearchTables", + "glue:StartBlueprintRun", + "glue:StartCrawler", + "glue:StartCrawlerSchedule", + "glue:StartJobRun", + "glue:StartWorkflowRun", + "glue:StopCrawler", + "glue:StopCrawlerSchedule", + "glue:StopWorkflowRun", + "glue:UpdateBlueprint", + "glue:UpdateColumnStatisticsForPartition", + "glue:UpdateColumnStatisticsForTable", + "glue:UpdateConnection", + "glue:UpdateCrawler", + "glue:UpdateCrawlerSchedule", + "glue:UpdateDatabase", + "glue:UpdateJob", + "glue:UpdatePartition", + "glue:UpdateTable", + "glue:UpdateWorkflow" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AmazonDataZoneEnvironment":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"GlueOperations" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"glue.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/datazone*" + ], + "Sid":"PassRole" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:Decrypt", + "kms:ListKeys" + ], + "Condition":{ + "StringNotEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SameAccountKmsOperations" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:Decrypt", + "kms:ListKeys", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:Verify", + "kms:Sign" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AmazonDataZoneEnvironment":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"KmsOperationsWithResourceTag" + }, + { + "Action":[ + "datazone:*", + "sqlworkbench:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AnalyticsOperations" + }, + { + "Action":[ + "athena:BatchGetNamedQuery", + "athena:BatchGetPreparedStatement", + "athena:BatchGetQueryExecution", + "athena:CreateNamedQuery", + "athena:CreateNotebook", + "athena:CreatePreparedStatement", + "athena:CreatePresignedNotebookUrl", + "athena:DeleteNamedQuery", + "athena:DeleteNotebook", + "athena:DeletePreparedStatement", + "athena:ExportNotebook", + "athena:GetDatabase", + "athena:GetDataCatalog", + "athena:GetNamedQuery", + "athena:GetPreparedStatement", + "athena:GetQueryExecution", + "athena:GetQueryResults", + "athena:GetQueryRuntimeStatistics", + "athena:GetTableMetadata", + "athena:GetWorkGroup", + "athena:ImportNotebook", + "athena:ListDatabases", + "athena:ListDataCatalogs", + "athena:ListEngineVersions", + "athena:ListNamedQueries", + "athena:ListPreparedStatements", + "athena:ListQueryExecutions", + "athena:ListTableMetadata", + "athena:ListTagsForResource", + "athena:ListWorkGroups", + "athena:StartCalculationExecution", + "athena:StartQueryExecution", + "athena:StartSession", + "athena:StopCalculationExecution", + "athena:StopQueryExecution", + "athena:TerminateSession", + "athena:UpdateNamedQuery", + "athena:UpdateNotebook", + "athena:UpdateNotebookMetadata", + "athena:UpdatePreparedStatement", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:Describe*", + "glue:BatchCreatePartition", + "glue:BatchDeletePartition", + "glue:BatchDeleteTable", + "glue:BatchDeleteTableVersion", + "glue:BatchGetJobs", + "glue:BatchGetPartition", + "glue:BatchGetWorkflows", + "glue:BatchUpdatePartition", + "glue:CreateBlueprint", + "glue:CreateConnection", + "glue:CreateCrawler", + "glue:CreateDatabase", + "glue:CreateJob", + "glue:CreatePartition", + "glue:CreatePartitionIndex", + "glue:CreateTable", + "glue:CreateWorkflow", + "glue:DeleteColumnStatisticsForPartition", + "glue:DeleteColumnStatisticsForTable", + "glue:DeletePartition", + "glue:DeletePartitionIndex", + "glue:DeleteTable", + "glue:DeleteTableVersion", + "glue:GetColumnStatisticsForPartition", + "glue:GetColumnStatisticsForTable", + "glue:GetConnection", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetPartition", + "glue:GetPartitions", + "glue:ListSchemas", + "glue:ListJobs", + "glue:NotifyEvent", + "glue:SearchTables", + "glue:UpdateColumnStatisticsForPartition", + "glue:UpdateColumnStatisticsForTable", + "glue:UpdateDatabase", + "glue:UpdatePartition", + "glue:UpdateTable", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListGroups", + "iam:ListRolePolicies", + "iam:ListRoles", + "iam:ListUsers", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:DescribeMetricFilters", + "logs:DescribeQueries", + "logs:DescribeQueryDefinitions", + "logs:DescribeMetricFilters", + "logs:StartQuery", + "logs:StopQuery", + "logs:GetLogEvents", + "logs:GetLogGroupFields", + "logs:GetQueryResults", + "logs:GetLogRecord", + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:FilterLogEvents", + "lakeformation:GetDataAccess", + "lakeformation:GetDataLakeSettings", + "lakeformation:GetResourceLFTags", + "lakeformation:ListPermissions", + "redshift-data:ListTables", + "redshift-data:DescribeTable", + "redshift-data:ListSchemas", + "redshift-data:ListDatabases", + "redshift-data:ExecuteStatement", + "redshift-data:GetStatementResult", + "redshift-data:DescribeStatement", + "redshift:CreateClusterUser", + "redshift:DescribeClusters", + "redshift:DescribeDataShares", + "redshift:GetClusterCredentials", + "redshift:GetClusterCredentialsWithIAM", + "redshift:JoinGroup", + "redshift-serverless:ListNamespaces", + "redshift-serverless:ListWorkgroups", + "redshift-serverless:GetNamespace", + "redshift-serverless:GetWorkgroup", + "redshift-serverless:GetCredentials", + "secretsmanager:ListSecrets", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"QueryOperations" + }, + { + "Action":[ + "athena:GetQueryResultsStream" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AmazonDataZoneEnvironment":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"QueryOperationsWithResourceTag" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:TagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "AmazonDataZoneDomain", + "AmazonDataZoneProject" + ] + }, + "Null":{ + "aws:TagKeys":"false" + }, + "StringLike":{ + "aws:ResourceTag/AmazonDataZoneDomain":"*", + "aws:ResourceTag/AmazonDataZoneProject":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonDataZone-*", + "Sid":"SecretsManagerOperationsWithTagKeys" + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:DeleteObject", + "s3:DeleteObjectVersion", + "s3:GetObject", + "s3:PutObject", + "s3:PutObjectRetention", + "s3:ReplicateObject", + "s3:RestoreObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*/datazone/*" + ], + "Sid":"DataZoneS3Buckets" + }, + { + "Action":[ + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DataZoneS3BucketLocation" + }, + { + "Action":[ + "s3:ListBucket" + ], + "Condition":{ + "StringLike":{ + "s3:prefix":[ + "*/datazone/*", + "datazone/*" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ListDataZoneS3Bucket" + }, + { + "Effect":"Deny", + "NotAction":[ + "datazone:*", + "sqlworkbench:*", + "athena:BatchGetNamedQuery", + "athena:BatchGetPreparedStatement", + "athena:BatchGetQueryExecution", + "athena:CreateNamedQuery", + "athena:CreateNotebook", + "athena:CreatePreparedStatement", + "athena:CreatePresignedNotebookUrl", + "athena:DeleteNamedQuery", + "athena:DeleteNotebook", + "athena:DeletePreparedStatement", + "athena:ExportNotebook", + "athena:GetDatabase", + "athena:GetDataCatalog", + "athena:GetNamedQuery", + "athena:GetPreparedStatement", + "athena:GetQueryExecution", + "athena:GetQueryResults", + "athena:GetQueryResultsStream", + "athena:GetQueryRuntimeStatistics", + "athena:GetTableMetadata", + "athena:GetWorkGroup", + "athena:ImportNotebook", + "athena:ListDatabases", + "athena:ListDataCatalogs", + "athena:ListEngineVersions", + "athena:ListNamedQueries", + "athena:ListPreparedStatements", + "athena:ListQueryExecutions", + "athena:ListTableMetadata", + "athena:ListTagsForResource", + "athena:ListWorkGroups", + "athena:StartCalculationExecution", + "athena:StartQueryExecution", + "athena:StartSession", + "athena:StopCalculationExecution", + "athena:StopQueryExecution", + "athena:TerminateSession", + "athena:UpdateNamedQuery", + "athena:UpdateNotebook", + "athena:UpdateNotebookMetadata", + "athena:UpdatePreparedStatement", + "ec2:CreateNetworkInterface", + "ec2:CreateTags", + "ec2:DeleteNetworkInterface", + "ec2:DeleteTags", + "ec2:Describe*", + "glue:*DataQuality*", + "glue:BatchCreatePartition", + "glue:BatchDeleteConnection", + "glue:BatchDeletePartition", + "glue:BatchDeleteTable", + "glue:BatchDeleteTableVersion", + "glue:BatchGetJobs", + "glue:BatchGetPartition", + "glue:BatchGetWorkflows", + "glue:BatchStopJobRun", + "glue:BatchUpdatePartition", + "glue:CreateBlueprint", + "glue:CreateConnection", + "glue:CreateCrawler", + "glue:CreateDatabase", + "glue:CreateJob", + "glue:CreatePartition", + "glue:CreatePartitionIndex", + "glue:CreateTable", + "glue:CreateWorkflow", + "glue:DeleteBlueprint", + "glue:DeleteColumnStatisticsForPartition", + "glue:DeleteColumnStatisticsForTable", + "glue:DeleteConnection", + "glue:DeleteCrawler", + "glue:DeleteJob", + "glue:DeletePartition", + "glue:DeletePartitionIndex", + "glue:DeleteTable", + "glue:DeleteTableVersion", + "glue:DeleteWorkflow", + "glue:GetColumnStatisticsForPartition", + "glue:GetColumnStatisticsForTable", + "glue:GetConnection", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetPartition", + "glue:GetPartitions", + "glue:ListSchemas", + "glue:ListJobs", + "glue:NotifyEvent", + "glue:PutWorkflowRunProperties", + "glue:ResetJobBookmark", + "glue:ResumeWorkflowRun", + "glue:SearchTables", + "glue:StartBlueprintRun", + "glue:StartCrawler", + "glue:StartCrawlerSchedule", + "glue:StartJobRun", + "glue:StartWorkflowRun", + "glue:StopCrawler", + "glue:StopCrawlerSchedule", + "glue:StopWorkflowRun", + "glue:UpdateBlueprint", + "glue:UpdateColumnStatisticsForPartition", + "glue:UpdateColumnStatisticsForTable", + "glue:UpdateConnection", + "glue:UpdateCrawler", + "glue:UpdateCrawlerSchedule", + "glue:UpdateDatabase", + "glue:UpdateJob", + "glue:UpdatePartition", + "glue:UpdateTable", + "glue:UpdateWorkflow", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:List*", + "iam:PassRole", + "kms:DescribeKey", + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:ListKeys", + "kms:Verify", + "kms:Sign", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:DescribeMetricFilters", + "logs:DescribeQueries", + "logs:DescribeQueryDefinitions", + "logs:StartQuery", + "logs:StopQuery", + "logs:GetLogEvents", + "logs:GetLogGroupFields", + "logs:GetQueryResults", + "logs:GetLogRecord", + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:FilterLogEvents", + "lakeformation:GetDataAccess", + "lakeformation:GetDataLakeSettings", + "lakeformation:GetResourceLFTags", + "lakeformation:ListPermissions", + "redshift-data:ListTables", + "redshift-data:DescribeTable", + "redshift-data:ListSchemas", + "redshift-data:ListDatabases", + "redshift-data:ExecuteStatement", + "redshift-data:GetStatementResult", + "redshift-data:DescribeStatement", + "redshift:CreateClusterUser", + "redshift:DescribeClusters", + "redshift:DescribeDataShares", + "redshift:GetClusterCredentials", + "redshift:GetClusterCredentialsWithIAM", + "redshift:JoinGroup", + "redshift-serverless:ListNamespaces", + "redshift-serverless:ListWorkgroups", + "redshift-serverless:GetNamespace", + "redshift-serverless:GetWorkgroup", + "redshift-serverless:GetCredentials", + "s3:AbortMultipartUpload", + "s3:DeleteObject", + "s3:DeleteObjectVersion", + "s3:GetObject", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:PutObject", + "s3:PutObjectRetention", + "s3:ReplicateObject", + "s3:RestoreObject", + "secretsmanager:CreateSecret", + "secretsmanager:ListSecrets", + "secretsmanager:TagResource", + "tag:GetResources" + ], + "Resource":[ + "*" + ], + "Sid":"NotDeniedOperations" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-17T23:29:08+00:00" + }, + "AmazonDataZoneFullAccess":{ + "CreateDate":"2023-09-22T20:06:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "datazone:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListAliases", + "iam:ListRoles", + "sso:DescribeRegisteredRegions", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":"s3:CreateBucket", + "Effect":"Allow", + "Resource":"arn:aws:s3:::amazon-datazone*" + }, + { + "Action":[ + "ram:CreateResourceShare" + ], + "Condition":{ + "StringEqualsIfExists":{ + "ram:RequestedResourceType":"datazone:Domain" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ram:DeleteResourceShare", + "ram:AssociateResourceShare", + "ram:DisassociateResourceShare", + "ram:RejectResourceShareInvitation" + ], + "Condition":{ + "StringLike":{ + "ram:ResourceShareName":[ + "DataZone*" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ram:GetResourceShares", + "ram:GetResourceShareInvitations", + "ram:GetResourceShareAssociations" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:passedToService":"datazone.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AmazonDataZone*", + "arn:aws:iam::*:role/service-role/AmazonDataZone*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-09-22T20:06:52+00:00" + }, + "AmazonDataZoneFullUserAccess":{ + "CreateDate":"2023-09-22T21:06:41+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "datazone:GetDomain", + "datazone:CreateFormType", + "datazone:GetFormType", + "datazone:GetIamPortalLoginUrl", + "datazone:SearchUserProfiles", + "datazone:SearchGroupProfiles", + "datazone:GetUserProfile", + "datazone:GetGroupProfile", + "datazone:ListGroupsForUser", + "datazone:DeleteFormType", + "datazone:CreateAssetType", + "datazone:GetAssetType", + "datazone:DeleteAssetType", + "datazone:CreateGlossary", + "datazone:GetGlossary", + "datazone:DeleteGlossary", + "datazone:UpdateGlossary", + "datazone:CreateGlossaryTerm", + "datazone:GetGlossaryTerm", + "datazone:DeleteGlossaryTerm", + "datazone:UpdateGlossaryTerm", + "datazone:CreateAsset", + "datazone:GetAsset", + "datazone:DeleteAsset", + "datazone:CreateAssetRevision", + "datazone:ListAssetRevisions", + "datazone:AcceptPredictions", + "datazone:RejectPredictions", + "datazone:Search", + "datazone:SearchTypes", + "datazone:CreateListingChangeSet", + "datazone:DeleteListing", + "datazone:SearchListings", + "datazone:GetListing", + "datazone:CreateDataSource", + "datazone:GetDataSource", + "datazone:DeleteDataSource", + "datazone:UpdateDataSource", + "datazone:ListDataSources", + "datazone:StartDataSourceRun", + "datazone:GetDataSourceRun", + "datazone:ListDataSourceRuns", + "datazone:ListDataSourceRunActivities", + "datazone:ListEnvironmentBlueprintConfigurations", + "datazone:CreateEnvironmentBlueprint", + "datazone:GetEnvironmentBlueprint", + "datazone:DeleteEnvironmentBlueprint", + "datazone:UpdateEnvironmentBlueprint", + "datazone:ListEnvironmentBlueprints", + "datazone:CreateProject", + "datazone:UpdateProject", + "datazone:GetProject", + "datazone:DeleteProject", + "datazone:ListProjects", + "datazone:CreateProjectMembership", + "datazone:DeleteProjectMembership", + "datazone:ListProjectMemberships", + "datazone:CreateEnvironmentProfile", + "datazone:GetEnvironmentProfile", + "datazone:UpdateEnvironmentProfile", + "datazone:DeleteEnvironmentProfile", + "datazone:ListEnvironmentProfiles", + "datazone:CreateEnvironment", + "datazone:GetEnvironment", + "datazone:DeleteEnvironment", + "datazone:UpdateEnvironment", + "datazone:UpdateEnvironmentDeploymentStatus", + "datazone:ListEnvironments", + "datazone:ListAccountEnvironments", + "datazone:GetEnvironmentActionLink", + "datazone:GetEnvironmentCredentials", + "datazone:GetSubscriptionTarget", + "datazone:DeleteSubscriptionTarget", + "datazone:ListSubscriptionTargets", + "datazone:CreateSubscriptionRequest", + "datazone:AcceptSubscriptionRequest", + "datazone:UpdateSubscriptionRequest", + "datazone:ListWarehouseMetadata", + "datazone:RejectSubscriptionRequest", + "datazone:GetSubscriptionRequestDetails", + "datazone:ListSubscriptionRequests", + "datazone:DeleteSubscriptionRequest", + "datazone:GetSubscription", + "datazone:CancelSubscription", + "datazone:GetSubscriptionEligibility", + "datazone:ListSubscriptions", + "datazone:RevokeSubscription", + "datazone:CreateSubscriptionGrant", + "datazone:DeleteSubscriptionGrant", + "datazone:GetSubscriptionGrant", + "datazone:ListSubscriptionGrants", + "datazone:UpdateSubscriptionGrantStatus", + "datazone:ListNotifications", + "datazone:StartMetadataGenerationRun", + "datazone:GetMetadataGenerationRun", + "datazone:StopMetadataGenerationRun", + "datazone:ListMetadataGenerationRuns" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonDataZoneUserOperations" + }, + { + "Action":"ram:GetResourceShareAssociations", + "Effect":"Allow", + "Resource":"*", + "Sid":"RAMResourceShareOperations" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-28T12:52:10+00:00" + }, + "AmazonDataZoneGlueManageAccessRolePolicy":{ + "CreateDate":"2023-09-22T20:21:53+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:CreateTable", + "glue:DeleteTable", + "glue:GetDatabases", + "glue:GetTables" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*", + "arn:aws:glue:*:*:table/*" + ], + "Sid":"GlueTableDatabasePermissions" + }, + { + "Action":[ + "lakeformation:BatchGrantPermissions", + "lakeformation:BatchRevokePermissions", + "lakeformation:CreateLakeFormationOptIn", + "lakeformation:DeleteLakeFormationOptIn", + "lakeformation:GrantPermissions", + "lakeformation:GetResourceLFTags", + "lakeformation:ListLakeFormationOptIns", + "lakeformation:ListPermissions", + "lakeformation:RevokePermissions", + "glue:GetDatabase", + "glue:GetTable", + "organizations:DescribeOrganization", + "ram:GetResourceShareInvitations", + "ram:ListResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LakeformationResourceSharingPermissions" + }, + { + "Action":[ + "glue:DeleteResourcePolicy", + "glue:PutResourcePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "ram.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*", + "arn:aws:glue:*:*:table/*" + ], + "Sid":"CrossAccountRAMResourceSharingPermissions" + }, + { + "Action":[ + "ram:CreateResourceShare" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "lakeformation.amazonaws.com" + ] + }, + "StringEqualsIfExists":{ + "ram:RequestedResourceType":[ + "glue:Table", + "glue:Database", + "glue:Catalog" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CrossAccountLakeFormationResourceSharingPermissions" + }, + { + "Action":[ + "ram:AcceptResourceShareInvitation" + ], + "Effect":"Allow", + "Resource":"arn:aws:ram:*:*:resource-share-invitation/*", + "Sid":"CrossAccountRAMResourceShareInvitationPermission" + }, + { + "Action":[ + "ram:AssociateResourceShare", + "ram:DeleteResourceShare", + "ram:DisassociateResourceShare", + "ram:GetResourceShares", + "ram:ListResourceSharePermissions", + "ram:UpdateResourceShare" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "lakeformation.amazonaws.com" + ] + }, + "StringLike":{ + "ram:ResourceShareName":[ + "LakeFormation*" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CrossAccountRAMResourceSharingViaLakeFormationPermissions" + }, + { + "Action":"ram:AssociateResourceSharePermission", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "lakeformation.amazonaws.com" + ] + }, + "StringLike":{ + "ram:PermissionArn":"arn:aws:ram::aws:permission/AWSRAMLFEnabled*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CrossAccountRAMResourceSharingViaLakeFormationHybrid" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/datazone:projectId":"proj-all" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"KMSDecryptPermission" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-14T23:03:20+00:00" + }, + "AmazonDataZoneRedshiftGlueProvisioningPolicy":{ + "CreateDate":"2023-09-22T20:19:54+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:CreateRole", + "iam:DetachRolePolicy", + "iam:DeleteRolePolicy", + "iam:AttachRolePolicy", + "iam:PutRolePolicy" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ], + "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/AmazonDataZoneEnvironmentRolePermissionsBoundary" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/datazone*", + "Sid":"AmazonDataZonePermissionsToCreateEnvironmentRole" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ], + "iam:PassedToService":[ + "glue.amazonaws.com", + "lakeformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/datazone*" + ] + }, + { + "Action":[ + "iam:DeleteRole", + "iam:GetRole" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/datazone*", + "Sid":"AmazonDataZonePermissionsToManageCreatedEnvironmentRole" + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:TagResource" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":"AmazonDataZoneEnvironment" + }, + "Null":{ + "aws:ResourceTag/AmazonDataZoneEnvironment":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/DataZone*" + ], + "Sid":"AmazonDataZoneCFStackCreationForEnvironments" + }, + { + "Action":[ + "cloudformation:DeleteStack", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/DataZone*" + ], + "Sid":"AmazonDataZoneCFStackManagementForEnvironments" + }, + { + "Action":[ + "lakeformation:GetDataLakeSettings", + "lakeformation:PutDataLakeSettings", + "lakeformation:RevokePermissions", + "lakeformation:ListPermissions", + "glue:CreateDatabase", + "glue:GetDatabase", + "athena:GetWorkGroup", + "logs:DescribeLogGroups", + "redshift-serverless:GetNamespace", + "redshift-serverless:GetWorkgroup", + "redshift:DescribeClusters", + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonDataZoneEnvironmentParameterValidation" + }, + { + "Action":[ + "lakeformation:RegisterResource", + "lakeformation:DeregisterResource", + "lakeformation:GrantPermissions", + "lakeformation:ListResources" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonDataZoneEnvironmentLakeFormationPermissions" + }, + { + "Action":[ + "glue:DeleteDatabase" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonDataZoneEnvironmentGlueDeletePermissions" + }, + { + "Action":[ + "athena:DeleteWorkGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonDataZoneEnvironmentAthenaDeletePermissions" + }, + { + "Action":[ + "athena:CreateWorkGroup", + "athena:TagResource", + "iam:TagRole", + "iam:TagPolicy", + "logs:TagLogGroup" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":"AmazonDataZoneEnvironment" + }, + "Null":{ + "aws:ResourceTag/AmazonDataZoneEnvironment":"false" + }, + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonDataZoneEnvironmentAthenaResourceCreation" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:DeleteLogGroup" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":"AmazonDataZoneEnvironment" + }, + "Null":{ + "aws:ResourceTag/AmazonDataZoneEnvironment":"false" + }, + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:datazone-*", + "Sid":"AmazonDataZoneEnvironmentLogGroupCreation" + }, + { + "Action":[ + "logs:PutRetentionPolicy" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:datazone-*", + "Sid":"AmazonDataZoneEnvironmentLogGroupManagement" + }, + { + "Action":[ + "iam:DeletePolicy", + "iam:CreatePolicy", + "iam:GetPolicy", + "iam:ListPolicyVersions" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:policy/datazone*" + ], + "Sid":"AmazonDataZoneEnvironmentIAMPolicyManagement" + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*", + "Sid":"AmazonDataZoneEnvironmentS3ValidationPermissions" + }, + { + "Action":[ + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AmazonDataZoneEnvironment":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonDataZoneEnvironmentKMSDecryptPermissions" + }, + { + "Action":[ + "glue:TagResource" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":"AmazonDataZoneEnvironment" + }, + "Null":{ + "aws:RequestTag/AmazonDataZoneEnvironment":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PermissionsToTagAmazonDataZoneEnvironmentGlueResources" + }, + { + "Action":"s3:GetObject", + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":[ + "cloudformation.amazonaws.com" + ] + }, + "StringNotEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PermissionsToGetAmazonDataZoneEnvironmentBlueprintTemplates" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-09-23T00:50:47+00:00" + }, + "AmazonDataZoneRedshiftManageAccessRolePolicy":{ + "CreateDate":"2023-09-22T20:15:14+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "redshift-data:BatchExecuteStatement", + "redshift-data:DescribeTable", + "redshift-data:ExecuteStatement", + "redshift-data:ListTables", + "redshift-data:ListSchemas", + "redshift-data:ListDatabases" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift-serverless:*:*:workgroup/*", + "arn:aws:redshift:*:*:cluster:*" + ], + "Sid":"redshiftDataScopeDownPermissions" + }, + { + "Action":"secretsmanager:ListSecrets", + "Effect":"Allow", + "Resource":"*", + "Sid":"listSecretsPermission" + }, + { + "Action":"redshift-serverless:GetWorkgroup", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift-serverless:*:*:workgroup/*" + ], + "Sid":"getWorkgroupPermission" + }, + { + "Action":"redshift-serverless:GetNamespace", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift-serverless:*:*:namespace/*" + ], + "Sid":"getNamespacePermission" + }, + { + "Action":[ + "redshift-data:DescribeStatement", + "redshift-data:GetStatementResult", + "redshift:DescribeClusters" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"redshiftDataPermissions" + }, + { + "Action":[ + "redshift:AuthorizeDataShare", + "redshift:DescribeDataShares" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:datashare:*/datazone*" + ], + "Sid":"dataSharesPermissions" + }, + { + "Action":"redshift:AssociateDataShareConsumer", + "Effect":"Allow", + "Resource":"arn:aws:redshift:*:*:datashare:*/datazone*", + "Sid":"associateDataShareConsumerPermission" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-16T22:04:02+00:00" + }, "AmazonDetectiveFullAccess":{ "CreateDate":"2020-04-30T17:57:15+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -34583,17 +48459,194 @@ aws_managed_policies_data = """ }, { "Action":[ + "guardduty:GetFindings", "guardduty:ListDetectors" ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "securityHub:GetFindings" + ], + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-10-21T22:07:28+00:00" + "UpdateDate":"2023-05-17T19:39:57+00:00" + }, + "AmazonDetectiveInvestigatorAccess":{ + "CreateDate":"2023-01-17T15:24:26+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "detective:BatchGetGraphMemberDatasources", + "detective:BatchGetMembershipDatasources", + "detective:DescribeOrganizationConfiguration", + "detective:GetFreeTrialEligibility", + "detective:GetGraphIngestState", + "detective:GetMembers", + "detective:GetPricingInformation", + "detective:GetUsageInformation", + "detective:ListDatasourcePackages", + "detective:ListGraphs", + "detective:ListHighDegreeEntities", + "detective:ListInvitations", + "detective:ListMembers", + "detective:ListOrganizationAdminAccount", + "detective:ListTagsForResource", + "detective:SearchGraph", + "detective:StartInvestigation", + "detective:GetInvestigation", + "detective:ListInvestigations", + "detective:UpdateInvestigationState", + "detective:ListIndicators", + "detective:InvokeAssistant" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DetectivePermissions" + }, + { + "Action":[ + "organizations:DescribeOrganization", + "organizations:ListAccounts" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"OrganizationsPermissions" + }, + { + "Action":[ + "guardduty:ArchiveFindings", + "guardduty:GetFindings", + "guardduty:ListDetectors" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"GuardDutyPermissions" + }, + { + "Action":[ + "securityHub:GetFindings" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SecurityHubPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-27T03:13:25+00:00" + }, + "AmazonDetectiveMemberAccess":{ + "CreateDate":"2023-01-17T15:16:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "detective:AcceptInvitation", + "detective:BatchGetMembershipDatasources", + "detective:DisassociateMembership", + "detective:GetFreeTrialEligibility", + "detective:GetPricingInformation", + "detective:GetUsageInformation", + "detective:ListInvitations", + "detective:RejectInvitation" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-01-17T15:16:14+00:00" + }, + "AmazonDetectiveOrganizationsAccess":{ + "CreateDate":"2023-03-02T15:20:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "detective:DisableOrganizationAdminAccount", + "detective:EnableOrganizationAdminAccount", + "detective:ListOrganizationAdminAccount" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"detective.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:EnableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "detective.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:ListDelegatedAdministrators" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "detective.amazonaws.com", + "guardduty.amazonaws.com", + "macie.amazonaws.com", + "securityhub.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-02T15:20:50+00:00" }, "AmazonDetectiveServiceLinkedRolePolicy":{ "CreateDate":"2021-11-18T19:47:32+00:00", @@ -34617,7 +48670,7 @@ aws_managed_policies_data = """ }, "AmazonDevOpsGuruConsoleFullAccess":{ "CreateDate":"2021-12-17T18:43:09+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -34700,17 +48753,30 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*", "Sid":"PerformanceInsightsMetricsDataAccess" + }, + { + "Action":[ + "logs:FilterLogEvents" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/DevOps-Guru-Analysis":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:*", + "Sid":"CloudWatchLogsFilterLogEventsAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-12-17T18:43:09+00:00" + "UpdateDate":"2022-08-25T18:18:53+00:00" }, "AmazonDevOpsGuruFullAccess":{ "CreateDate":"2020-12-01T16:38:12+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -34784,13 +48850,26 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*", "Sid":"RDSDescribeDBInstancesAccess" + }, + { + "Action":[ + "logs:FilterLogEvents" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/DevOps-Guru-Analysis":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:*", + "Sid":"CloudWatchLogsFilterLogEventsAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-26T20:39:13+00:00" + "UpdateDate":"2022-08-25T18:23:41+00:00" }, "AmazonDevOpsGuruOrganizationsAccess":{ "CreateDate":"2021-11-15T23:50:52+00:00", @@ -34851,7 +48930,7 @@ aws_managed_policies_data = """ }, "AmazonDevOpsGuruReadOnlyAccess":{ "CreateDate":"2020-12-01T16:34:40+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -34869,6 +48948,8 @@ aws_managed_policies_data = """ "devops-guru:ListAnomaliesForInsight", "devops-guru:ListEvents", "devops-guru:ListInsights", + "devops-guru:ListAnomalousLogGroups", + "devops-guru:ListMonitoredResources", "devops-guru:ListNotificationChannels", "devops-guru:ListRecommendations", "devops-guru:SearchInsights", @@ -34909,17 +48990,30 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*", "Sid":"RDSDescribeDBInstancesAccess" + }, + { + "Action":[ + "logs:FilterLogEvents" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/DevOps-Guru-Analysis":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:*", + "Sid":"CloudWatchLogsFilterLogEventsAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-04T02:37:19+00:00" + "UpdateDate":"2022-08-25T18:11:21+00:00" }, "AmazonDevOpsGuruServiceRolePolicy":{ "CreateDate":"2020-12-01T10:24:42+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v9", "Document":{ "Statement":[ { @@ -34976,7 +49070,20 @@ aws_managed_policies_data = """ "rds:DescribeDBInstanceAutomatedBackups", "rds:DescribeAccountAttributes", "logs:DescribeLogGroups", - "logs:DescribeLogStreams" + "logs:DescribeLogStreams", + "s3:GetBucketNotification", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketTagging", + "s3:GetBucketWebsite", + "s3:GetIntelligentTieringConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetReplicationConfiguration", + "s3:ListAllMyBuckets", + "s3:ListStorageLensConfigurations", + "servicequotas:GetServiceQuota", + "servicequotas:ListRequestedServiceQuotaChangeHistory", + "servicequotas:ListServiceQuotas" ], "Effect":"Allow", "Resource":"*" @@ -35064,21 +49171,70 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"arn:aws:logs:*:*:log-group:*", "Sid":"AllowTagBasedFilterLogEvents" + }, + { + "Action":"apigateway:GET", + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis/??????????", + "arn:aws:apigateway:*::/restapis/*/resources", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration" + ], + "Sid":"AllowAPIGatewayGetIntegrations" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-08T18:03:05+00:00" + "UpdateDate":"2023-01-10T14:36:48+00:00" }, - "AmazonDocDBConsoleFullAccess":{ - "CreateDate":"2019-01-09T20:37:28+00:00", - "DefaultVersionId":"v3", + "AmazonDocDB-ElasticServiceRolePolicy":{ + "CreateDate":"2022-11-30T14:17:05+00:00", + "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/DocDB-Elastic" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-30T14:17:05+00:00" + }, + "AmazonDocDBConsoleFullAccess":{ + "CreateDate":"2019-01-09T20:37:28+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "docdb-elastic:CreateCluster", + "docdb-elastic:UpdateCluster", + "docdb-elastic:GetCluster", + "docdb-elastic:DeleteCluster", + "docdb-elastic:ListClusters", + "docdb-elastic:CreateClusterSnapshot", + "docdb-elastic:GetClusterSnapshot", + "docdb-elastic:DeleteClusterSnapshot", + "docdb-elastic:ListClusterSnapshots", + "docdb-elastic:RestoreClusterFromSnapshot", + "docdb-elastic:TagResource", + "docdb-elastic:UntagResource", + "docdb-elastic:ListTagsForResource", "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", @@ -35093,6 +49249,7 @@ aws_managed_policies_data = """ "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", + "rds:CreateGlobalCluster", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", @@ -35100,6 +49257,7 @@ aws_managed_policies_data = """ "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", + "rds:DeleteGlobalCluster", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", @@ -35119,6 +49277,7 @@ aws_managed_policies_data = """ "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", + "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", @@ -35133,8 +49292,10 @@ aws_managed_policies_data = """ "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", + "rds:ModifyGlobalCluster", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", + "rds:RemoveFromGlobalCluster", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", @@ -35219,13 +49380,185 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"docdb-elastic.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/docdb-elastic.amazonaws.com/AWSServiceRoleForDocDB-Elastic" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-04-05T22:42:40+00:00" + "UpdateDate":"2022-11-30T15:23:27+00:00" + }, + "AmazonDocDBElasticFullAccess":{ + "CreateDate":"2023-06-05T13:51:04+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "docdb-elastic:CreateCluster", + "docdb-elastic:UpdateCluster", + "docdb-elastic:GetCluster", + "docdb-elastic:DeleteCluster", + "docdb-elastic:ListClusters", + "docdb-elastic:CreateClusterSnapshot", + "docdb-elastic:GetClusterSnapshot", + "docdb-elastic:DeleteClusterSnapshot", + "docdb-elastic:ListClusterSnapshots", + "docdb-elastic:RestoreClusterFromSnapshot", + "docdb-elastic:TagResource", + "docdb-elastic:UntagResource", + "docdb-elastic:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints", + "ec2:DeleteVpcEndpoints", + "ec2:ModifyVpcEndpoint", + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeAvailabilityZones", + "secretsmanager:ListSecrets" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":"docdb-elastic.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "kms:Decrypt", + "kms:DescribeKey", + "kms:GenerateDataKey" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/DocDBElasticFullAccess":"*", + "kms:ViaService":[ + "docdb-elastic.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":true + }, + "StringLike":{ + "aws:ResourceTag/DocDBElasticFullAccess":"*", + "kms:ViaService":[ + "docdb-elastic.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:ListSecretVersionIds", + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:GetResourcePolicy" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":"docdb-elastic.amazonaws.com" + }, + "StringLike":{ + "secretsmanager:ResourceTag/DocDBElasticFullAccess":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"docdb-elastic.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/docdb-elastic.amazonaws.com/AWSServiceRoleForDocDB-Elastic" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-21T18:05:47+00:00" + }, + "AmazonDocDBElasticReadOnlyAccess":{ + "CreateDate":"2023-06-08T14:37:37+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "docdb-elastic:ListClusters", + "docdb-elastic:GetCluster", + "docdb-elastic:ListClusterSnapshots", + "docdb-elastic:GetClusterSnapshot", + "docdb-elastic:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-21T16:57:09+00:00" }, "AmazonDocDBFullAccess":{ "CreateDate":"2019-01-09T20:21:44+00:00", @@ -35704,7 +50037,7 @@ aws_managed_policies_data = """ }, "AmazonEBSCSIDriverPolicy":{ "CreateDate":"2022-04-04T17:24:29+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -35775,18 +50108,6 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*" }, - { - "Action":[ - "ec2:CreateVolume" - ], - "Condition":{ - "StringLike":{ - "aws:RequestTag/kubernetes.io/cluster/*":"owned" - } - }, - "Effect":"Allow", - "Resource":"*" - }, { "Action":[ "ec2:DeleteVolume" @@ -35817,7 +50138,7 @@ aws_managed_policies_data = """ ], "Condition":{ "StringLike":{ - "ec2:ResourceTag/kubernetes.io/cluster/*":"owned" + "ec2:ResourceTag/kubernetes.io/created-for/pvc/name":"*" } }, "Effect":"Allow", @@ -35852,7 +50173,7 @@ aws_managed_policies_data = """ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-04T17:24:29+00:00" + "UpdateDate":"2022-11-18T14:42:46+00:00" }, "AmazonEC2ContainerRegistryFullAccess":{ "CreateDate":"2015-12-21T17:06:48+00:00", @@ -35986,7 +50307,7 @@ aws_managed_policies_data = """ }, "AmazonEC2ContainerServiceEventsRole":{ "CreateDate":"2017-05-30T16:51:35+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -36009,13 +50330,25 @@ aws_managed_policies_data = """ "Resource":[ "*" ] + }, + { + "Action":"ecs:TagResource", + "Condition":{ + "StringEquals":{ + "ecs:CreateAction":[ + "RunTask" + ] + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-05-22T19:13:11+00:00" + "UpdateDate":"2023-03-06T22:25:12+00:00" }, "AmazonEC2ContainerServiceRole":{ "CreateDate":"2015-04-09T16:14:19+00:00", @@ -36044,7 +50377,7 @@ aws_managed_policies_data = """ }, "AmazonEC2ContainerServiceforEC2Role":{ "CreateDate":"2015-03-19T18:45:18+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -36067,13 +50400,26 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":"ecs:TagResource", + "Condition":{ + "StringEquals":{ + "ecs:CreateAction":[ + "CreateCluster", + "RegisterContainerInstance" + ] + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-06-13T19:11:37+00:00" + "UpdateDate":"2023-03-06T22:19:04+00:00" }, "AmazonEC2FullAccess":{ "CreateDate":"2015-02-06T18:40:15+00:00", @@ -36626,9 +50972,96 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-04-23T19:30:49+00:00" }, + "AmazonECSInfrastructureRolePolicyForVolumes":{ + "CreateDate":"2024-01-10T22:56:41+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"ec2:CreateVolume", + "Condition":{ + "ArnLike":{ + "aws:RequestTag/AmazonECSCreated":"arn:aws:ecs:*:*:task/*" + }, + "StringEquals":{ + "aws:RequestTag/AmazonECSManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"CreateEBSManagedVolume" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ArnLike":{ + "aws:RequestTag/AmazonECSCreated":"arn:aws:ecs:*:*:task/*" + }, + "StringEquals":{ + "aws:RequestTag/AmazonECSManaged":"true", + "ec2:CreateAction":"CreateVolume" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"TagOnCreateVolume" + }, + { + "Action":[ + "ec2:DescribeVolumes", + "ec2:DescribeAvailabilityZones" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeVolumesForLifecycle" + }, + { + "Action":[ + "ec2:AttachVolume", + "ec2:DetachVolume" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AmazonECSManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"ManageEBSVolumeLifecycle" + }, + { + "Action":[ + "ec2:AttachVolume", + "ec2:DetachVolume" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ManageVolumeAttachmentsForEC2" + }, + { + "Action":"ec2:DeleteVolume", + "Condition":{ + "ArnLike":{ + "aws:ResourceTag/AmazonECSCreated":"arn:aws:ecs:*:*:task/*" + }, + "StringEquals":{ + "aws:ResourceTag/AmazonECSManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"DeleteEBSManagedVolume" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2024-01-10T22:56:41+00:00" + }, "AmazonECSServiceRolePolicy":{ "CreateDate":"2017-10-14T01:18:58+00:00", - "DefaultVersionId":"v8", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { @@ -36674,7 +51107,11 @@ aws_managed_policies_data = """ "autoscaling:DeletePolicy", "autoscaling:PutScalingPolicy", "autoscaling:SetInstanceProtection", - "autoscaling:UpdateAutoScalingGroup" + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:PutLifecycleHook", + "autoscaling:DeleteLifecycleHook", + "autoscaling:CompleteLifecycleAction", + "autoscaling:RecordLifecycleActionHeartbeat" ], "Condition":{ "Null":{ @@ -36689,12 +51126,36 @@ aws_managed_policies_data = """ "Action":[ "autoscaling-plans:CreateScalingPlan", "autoscaling-plans:DeleteScalingPlan", - "autoscaling-plans:DescribeScalingPlans" + "autoscaling-plans:DescribeScalingPlans", + "autoscaling-plans:DescribeScalingPlanResources" ], "Effect":"Allow", "Resource":"*", "Sid":"AutoScalingPlanManagement" }, + { + "Action":[ + "events:DescribeRule", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/ecs-managed-*", + "Sid":"EventBridge" + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"ecs.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EventBridgeRuleManagement" + }, { "Action":[ "cloudwatch:DeleteAlarms", @@ -36751,13 +51212,62 @@ aws_managed_policies_data = """ "arn:aws:ssm:*:*:document/AmazonECS-ExecuteInteractiveCommand" ], "Sid":"ExecuteCommand" + }, + { + "Action":[ + "servicediscovery:CreateHttpNamespace", + "servicediscovery:CreateService" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "AmazonECSManaged" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudMapResourceCreation" + }, + { + "Action":"servicediscovery:TagResource", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AmazonECSManaged":"*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudMapResourceTagging" + }, + { + "Action":[ + "servicediscovery:DeleteService" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AmazonECSManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudMapResourceDeletion" + }, + { + "Action":[ + "servicediscovery:DiscoverInstances", + "servicediscovery:DiscoverInstancesRevision" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudMapResourceDiscovery" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-01-13T20:04:13+00:00" + "UpdateDate":"2023-12-04T19:32:25+00:00" }, "AmazonECSTaskExecutionRolePolicy":{ "CreateDate":"2017-11-16T18:48:22+00:00", @@ -36785,7 +51295,7 @@ aws_managed_policies_data = """ }, "AmazonECS_FullAccess":{ "CreateDate":"2017-11-07T21:36:54+00:00", - "DefaultVersionId":"v19", + "DefaultVersionId":"v20", "Document":{ "Statement":[ { @@ -36993,17 +51503,103 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:AddTags" + ], + "Condition":{ + "StringEquals":{ + "elasticloadbalancing:CreateAction":[ + "CreateTargetGroup", + "CreateRule", + "CreateListener", + "CreateLoadBalancer" + ] + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-10-12T21:02:23+00:00" + "UpdateDate":"2023-01-04T16:26:05+00:00" + }, + "AmazonEFSCSIDriverPolicy":{ + "CreateDate":"2023-07-25T20:10:04+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets", + "ec2:DescribeAvailabilityZones" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowDescribe" + }, + { + "Action":[ + "elasticfilesystem:CreateAccessPoint" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"efs.csi.aws.com/cluster" + }, + "Null":{ + "aws:RequestTag/efs.csi.aws.com/cluster":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowCreateAccessPoint" + }, + { + "Action":[ + "elasticfilesystem:TagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"efs.csi.aws.com/cluster" + }, + "Null":{ + "aws:RequestTag/efs.csi.aws.com/cluster":"false" + }, + "StringEquals":{ + "elasticfilesystem:CreateAction":"CreateAccessPoint" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowTagNewAccessPoints" + }, + { + "Action":"elasticfilesystem:DeleteAccessPoint", + "Condition":{ + "Null":{ + "aws:ResourceTag/efs.csi.aws.com/cluster":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowDeleteAccessPoint" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-07-25T20:10:04+00:00" }, "AmazonEKSClusterPolicy":{ "CreateDate":"2018-05-27T21:06:14+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -37028,6 +51624,7 @@ aws_managed_policies_data = """ "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeAvailabilityZones", "ec2:DetachVolume", "ec2:ModifyInstanceAttribute", "ec2:ModifyVolume", @@ -37086,7 +51683,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-06-15T20:57:05+00:00" + "UpdateDate":"2023-02-07T17:33:23+00:00" }, "AmazonEKSConnectorServiceRolePolicy":{ "CreateDate":"2021-09-04T20:31:08+00:00", @@ -37218,6 +51815,334 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-11-22T04:36:25+00:00" }, + "AmazonEKSLocalOutpostClusterPolicy":{ + "CreateDate":"2022-08-24T21:56:47+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeRouteTables", + "ec2:DescribeTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeInstanceTypes", + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply", + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel", + "ssm:DescribeInstanceProperties", + "ssm:DescribeDocumentParameters", + "ssm:ListInstanceAssociations", + "ssm:RegisterManagedInstance", + "ssm:UpdateInstanceInformation", + "ssm:UpdateInstanceAssociationStatus", + "ssm:PutComplianceItems", + "ssm:PutInventory", + "ecr-public:GetAuthorizationToken", + "ecr:GetAuthorizationToken" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecr:*:*:repository/eks/*", + "arn:aws:ecr:*:*:repository/bottlerocket-admin", + "arn:aws:ecr:*:*:repository/bottlerocket-control-eks", + "arn:aws:ecr:*:*:repository/diagnostics-collector-eks", + "arn:aws:ecr:*:*:repository/kubelet-config-updater" + ] + }, + { + "Action":[ + "secretsmanager:GetSecretValue", + "secretsmanager:DeleteSecret" + ], + "Effect":"Allow", + "Resource":"arn:*:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*" + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-10-17T16:02:34+00:00" + }, + "AmazonEKSLocalOutpostServiceRolePolicy":{ + "CreateDate":"2022-08-23T21:53:02+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables", + "ec2:DescribeAddresses", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcAttribute", + "ec2:DescribePlacementGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/eks-local:controlplane-name":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/eks-local:controlplane-name":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:network-interface/*" + ] + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/eks-local:controlplane-name":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc/*" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "StringLike":{ + "aws:RequestTag/eks-local:controlplane-name":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":"ec2:RunInstances", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:launch-template/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:placement-group/*" + ] + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:TerminateInstances", + "ec2:GetConsoleOutput" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/eks-local:controlplane-name":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":[ + "kubernetes.io/cluster/*", + "eks*" + ] + }, + "StringEquals":{ + "ec2:CreateAction":[ + "CreateNetworkInterface", + "CreateSecurityGroup", + "RunInstances" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "secretsmanager:TagResource" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":[ + "kubernetes.io/cluster/*", + "eks*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" + }, + { + "Action":[ + "secretsmanager:CreateSecret" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/eks-local:controlplane-name":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" + }, + { + "Action":"secretsmanager:DeleteSecret", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/eks-local:controlplane-name":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" + }, + { + "Action":"secretsmanager:DescribeSecret", + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:eks-local.cluster.x-k8s.io/*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:RemoveRoleFromInstanceProfile" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:instance-profile/eks-local-*" + }, + { + "Action":[ + "ssm:StartSession" + ], + "Condition":{ + "StringLike":{ + "ssm:resourceTag/eks-local:controlplane-name":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ssm:StartSession" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*::document/AmazonEKS-ControlPlaneInstanceProxy" + }, + { + "Action":[ + "ssm:ResumeSession", + "ssm:TerminateSession" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "outposts:GetOutpost" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-10-24T16:24:51+00:00" + }, "AmazonEKSServicePolicy":{ "CreateDate":"2018-05-27T21:08:21+00:00", "DefaultVersionId":"v6", @@ -37432,7 +52357,7 @@ aws_managed_policies_data = """ }, "AmazonEKSWorkerNodePolicy":{ "CreateDate":"2018-05-27T21:09:01+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -37445,17 +52370,19 @@ aws_managed_policies_data = """ "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", - "eks:DescribeCluster" + "eks:DescribeCluster", + "eks-auth:AssumeRoleForPodIdentity" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"WorkerNodePermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-21T22:39:36+00:00" + "UpdateDate":"2023-11-27T00:06:13+00:00" }, "AmazonEKS_CNI_Policy":{ "CreateDate":"2018-05-27T21:07:42+00:00", @@ -37530,17 +52457,21 @@ aws_managed_policies_data = """ }, "AmazonEMRContainersServiceRolePolicy":{ "CreateDate":"2020-12-09T00:38:19+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "eks:DescribeCluster", + "eks:ListNodeGroups", + "eks:DescribeNodeGroup", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers" + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth" ], "Effect":"Allow", "Resource":"*" @@ -37575,11 +52506,11 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-12-03T19:55:44+00:00" + "UpdateDate":"2023-03-10T22:58:13+00:00" }, "AmazonEMRFullAccessPolicy_v2":{ "CreateDate":"2021-03-12T01:50:29+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -37623,6 +52554,7 @@ aws_managed_policies_data = """ "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", + "elasticmapreduce:ListSupportedInstanceTypes", "elasticmapreduce:ModifyCluster", "elasticmapreduce:ModifyInstanceFleet", "elasticmapreduce:ModifyInstanceGroups", @@ -37722,11 +52654,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-21T22:31:45+00:00" + "UpdateDate":"2023-07-28T14:04:57+00:00" }, "AmazonEMRReadOnlyAccessPolicy_v2":{ "CreateDate":"2021-03-12T01:39:16+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -37748,6 +52680,7 @@ aws_managed_policies_data = """ "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", + "elasticmapreduce:ListSupportedInstanceTypes", "elasticmapreduce:ViewEventsFromAllClustersInConsole" ], "Effect":"Allow", @@ -37767,11 +52700,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-21T22:31:26+00:00" + "UpdateDate":"2023-08-02T19:15:33+00:00" }, "AmazonEMRServerlessServiceRolePolicy":{ "CreateDate":"2022-05-20T23:15:42+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -37794,7 +52727,10 @@ aws_managed_policies_data = """ ], "Condition":{ "StringEquals":{ - "cloudwatch:namespace":"AWS/EMRServerless" + "cloudwatch:namespace":[ + "AWS/EMRServerless", + "AWS/Usage" + ] } }, "Effect":"Allow", @@ -37807,7 +52743,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-20T23:15:42+00:00" + "UpdateDate":"2023-04-20T15:47:33+00:00" }, "AmazonEMRServicePolicy_v2":{ "CreateDate":"2021-03-12T01:11:08+00:00", @@ -38227,13 +53163,14 @@ aws_managed_policies_data = """ }, "AmazonElastiCacheFullAccess":{ "CreateDate":"2015-02-06T18:40:20+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"elasticache:*", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ElastiCacheManagementActions" }, { "Action":"iam:CreateServiceLinkedRole", @@ -38243,14 +53180,128 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache" + "Resource":"arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache", + "Sid":"CreateServiceLinkedRole" + }, + { + "Action":"ec2:CreateVpcEndpoint", + "Condition":{ + "StringLike":{ + "ec2:VpceServiceName":"com.amazonaws.elasticache.serverless.*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"CreateVPCEndpoints" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint" + ], + "Effect":"Allow", + "NotResource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"AllowAccessToElastiCacheTaggedVpcEndpoints" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/AmazonElastiCacheManaged":"true", + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"TagVPCEndpointsOnCreation" + }, + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAccessToEc2" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeys" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAccessToKMS" + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAccessToCloudWatch" + }, + { + "Action":[ + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScheduledActions", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScalingActivities" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAccessToAutoScaling" + }, + { + "Action":[ + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeLogGroups" + }, + { + "Action":[ + "firehose:ListDeliveryStreams" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListLogDeliveryStreams" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeS3Buckets" + }, + { + "Action":[ + "outposts:ListOutposts" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAccessToOutposts" + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAccessToSNS" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2017-12-07T17:48:26+00:00" + "UpdateDate":"2023-11-28T03:49:56+00:00" }, "AmazonElastiCacheReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:21+00:00", @@ -38416,7 +53467,7 @@ aws_managed_policies_data = """ }, "AmazonElasticFileSystemFullAccess":{ "CreateDate":"2015-05-27T16:22:28+00:00", - "DefaultVersionId":"v8", + "DefaultVersionId":"v9", "Document":{ "Statement":[ { @@ -38460,6 +53511,7 @@ aws_managed_policies_data = """ "elasticfilesystem:PutLifecycleConfiguration", "elasticfilesystem:PutFileSystemPolicy", "elasticfilesystem:UpdateFileSystem", + "elasticfilesystem:UpdateFileSystemProtection", "elasticfilesystem:TagResource", "elasticfilesystem:UntagResource", "elasticfilesystem:ListTagsForResource", @@ -38469,7 +53521,8 @@ aws_managed_policies_data = """ "kms:ListAliases" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ElasticFileSystemFullAccess" }, { "Action":"iam:CreateServiceLinkedRole", @@ -38481,14 +53534,15 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CreateServiceLinkedRoleForEFS" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-01-10T19:03:16+00:00" + "UpdateDate":"2023-11-28T16:53:28+00:00" }, "AmazonElasticFileSystemReadOnlyAccess":{ "CreateDate":"2015-05-27T16:25:25+00:00", @@ -38703,7 +53757,7 @@ aws_managed_policies_data = """ }, "AmazonElasticMapReduceEditorsRole":{ "CreateDate":"2018-11-16T21:55:25+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -38722,8 +53776,10 @@ aws_managed_policies_data = """ "ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "elasticmapreduce:ListInstances", - "elasticmapreduce:DescribeCluster" + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:ListSteps" ], "Effect":"Allow", "Resource":"*" @@ -38746,7 +53802,7 @@ aws_managed_policies_data = """ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-11-16T21:55:25+00:00" + "UpdateDate":"2023-02-09T22:39:29+00:00" }, "AmazonElasticMapReduceFullAccess":{ "CreateDate":"2015-02-06T18:40:22+00:00", @@ -39178,7 +54234,7 @@ aws_managed_policies_data = """ }, "AmazonElasticsearchServiceRolePolicy":{ "CreateDate":"2017-07-07T00:15:31+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -39204,13 +54260,100 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973135" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/ES" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973136" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:route-table/*" + ], + "Sid":"Stmt1480452973198" + }, + { + "Action":"ec2:CreateVpcEndpoint", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/OpenSearchManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"Stmt1480452973199" + }, + { + "Action":[ + "ec2:ModifyVpcEndpoint", + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/OpenSearchManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"Stmt1480452973200" + }, + { + "Action":[ + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973201" + }, + { + "Action":[ + "ec2:AssignIpv6Addresses" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"Stmt1480452973149" + }, + { + "Action":[ + "ec2:UnAssignIpv6Addresses" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"Stmt1480452973150" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"Stmt1480452973202" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-08-02T15:31:35+00:00" + "UpdateDate":"2023-10-23T06:58:31+00:00" }, "AmazonEventBridgeApiDestinationsServiceRolePolicy":{ "CreateDate":"2021-02-11T20:52:05+00:00", @@ -39238,13 +54381,19 @@ aws_managed_policies_data = """ }, "AmazonEventBridgeFullAccess":{ "CreateDate":"2019-07-11T14:08:55+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { - "Action":"events:*", + "Action":[ + "events:*", + "schemas:*", + "scheduler:*", + "pipes:*" + ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"EventBridgeActions" }, { "Action":"iam:CreateServiceLinkedRole", @@ -39254,7 +54403,19 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy" + "Resource":"arn:aws:iam::*:role/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy", + "Sid":"IAMCreateServiceLinkedRoleForApiDestinations" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"schemas.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas", + "Sid":"IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas" }, { "Action":[ @@ -39265,7 +54426,8 @@ aws_managed_policies_data = """ "secretsmanager:PutSecretValue" ], "Effect":"Allow", - "Resource":"arn:aws:secretsmanager:*:*:secret:events!*" + "Resource":"arn:aws:secretsmanager:*:*:secret:events!*", + "Sid":"SecretsManagerAccessForApiDestinations" }, { "Action":"iam:PassRole", @@ -39275,18 +54437,114 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/*" + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMPassRoleAccessForEventBridge" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"scheduler.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMPassRoleAccessForScheduler" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"pipes.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMPassRoleAccessForPipes" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-03-04T18:56:38+00:00" + "UpdateDate":"2022-12-01T17:00:46+00:00" + }, + "AmazonEventBridgePipesFullAccess":{ + "CreateDate":"2022-12-01T17:03:20+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"pipes:*", + "Effect":"Allow", + "Resource":"*", + "Sid":"EventBridgePipesActions" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"pipes.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMPassRoleAccessForPipes" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-12-01T17:03:20+00:00" + }, + "AmazonEventBridgePipesOperatorAccess":{ + "CreateDate":"2022-12-01T17:04:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "pipes:DescribePipe", + "pipes:ListPipes", + "pipes:ListTagsForResource", + "pipes:StartPipe", + "pipes:StopPipe" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-12-01T17:04:32+00:00" + }, + "AmazonEventBridgePipesReadOnlyAccess":{ + "CreateDate":"2022-12-01T17:04:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "pipes:DescribePipe", + "pipes:ListPipes", + "pipes:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-12-01T17:04:03+00:00" }, "AmazonEventBridgeReadOnlyAccess":{ "CreateDate":"2019-07-11T13:59:07+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -39309,7 +54567,29 @@ aws_managed_policies_data = """ "events:DescribeApiDestination", "events:ListApiDestinations", "events:DescribeEndpoint", - "events:ListEndpoints" + "events:ListEndpoints", + "schemas:DescribeCodeBinding", + "schemas:DescribeDiscoverer", + "schemas:DescribeRegistry", + "schemas:DescribeSchema", + "schemas:ExportSchema", + "schemas:GetCodeBindingSource", + "schemas:GetDiscoveredSchema", + "schemas:GetResourcePolicy", + "schemas:ListDiscoverers", + "schemas:ListRegistries", + "schemas:ListSchemas", + "schemas:ListSchemaVersions", + "schemas:ListTagsForResource", + "schemas:SearchSchemas", + "scheduler:GetSchedule", + "scheduler:GetScheduleGroup", + "scheduler:ListSchedules", + "scheduler:ListScheduleGroups", + "scheduler:ListTagsForResource", + "pipes:DescribePipe", + "pipes:ListPipes", + "pipes:ListTagsForResource" ], "Effect":"Allow", "Resource":"*" @@ -39319,7 +54599,57 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-08T20:42:18+00:00" + "UpdateDate":"2022-12-01T17:02:48+00:00" + }, + "AmazonEventBridgeSchedulerFullAccess":{ + "CreateDate":"2022-11-10T18:37:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"scheduler:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"scheduler.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-10T18:37:25+00:00" + }, + "AmazonEventBridgeSchedulerReadOnlyAccess":{ + "CreateDate":"2022-11-10T18:50:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "scheduler:ListSchedules", + "scheduler:ListScheduleGroups", + "scheduler:GetSchedule", + "scheduler:GetScheduleGroup", + "scheduler:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-10T18:50:12+00:00" }, "AmazonEventBridgeSchemasFullAccess":{ "CreateDate":"2019-11-28T23:12:53+00:00", @@ -39422,7 +54752,7 @@ aws_managed_policies_data = """ }, "AmazonFISServiceRolePolicy":{ "CreateDate":"2020-12-21T21:18:19+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -39469,6 +54799,7 @@ aws_managed_policies_data = """ { "Action":[ "ec2:DescribeInstances", + "ec2:DescribeSubnets", "iam:GetUser", "iam:GetRole", "iam:ListUsers", @@ -39490,30 +54821,87 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-06T11:03:20+00:00" + "UpdateDate":"2022-10-25T09:05:23+00:00" }, "AmazonFSxConsoleFullAccess":{ "CreateDate":"2018-11-28T16:36:05+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", "ds:DescribeDirectories", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", + "ec2:GetSecurityGroupsForVpc", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "firehose:ListDeliveryStreams", - "fsx:*", "kms:ListAliases", "logs:DescribeLogGroups", "s3:ListBucket" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ListResourcesAssociatedWithFSxFileSystem" + }, + { + "Action":[ + "fsx:AssociateFileGateway", + "fsx:AssociateFileSystemAliases", + "fsx:CancelDataRepositoryTask", + "fsx:CopyBackup", + "fsx:CopySnapshotAndUpdateVolume", + "fsx:CreateBackup", + "fsx:CreateDataRepositoryAssociation", + "fsx:CreateDataRepositoryTask", + "fsx:CreateFileCache", + "fsx:CreateFileSystem", + "fsx:CreateFileSystemFromBackup", + "fsx:CreateSnapshot", + "fsx:CreateStorageVirtualMachine", + "fsx:CreateVolume", + "fsx:CreateVolumeFromBackup", + "fsx:DeleteBackup", + "fsx:DeleteDataRepositoryAssociation", + "fsx:DeleteFileCache", + "fsx:DeleteFileSystem", + "fsx:DeleteSnapshot", + "fsx:DeleteStorageVirtualMachine", + "fsx:DeleteVolume", + "fsx:DescribeAssociatedFileGateways", + "fsx:DescribeBackups", + "fsx:DescribeDataRepositoryAssociations", + "fsx:DescribeDataRepositoryTasks", + "fsx:DescribeFileCaches", + "fsx:DescribeFileSystemAliases", + "fsx:DescribeFileSystems", + "fsx:DescribeSharedVpcConfiguration", + "fsx:DescribeSnapshots", + "fsx:DescribeStorageVirtualMachines", + "fsx:DescribeVolumes", + "fsx:DisassociateFileGateway", + "fsx:DisassociateFileSystemAliases", + "fsx:ListTagsForResource", + "fsx:ManageBackupPrincipalAssociations", + "fsx:ReleaseFileSystemNfsV3Locks", + "fsx:RestoreVolumeFromSnapshot", + "fsx:TagResource", + "fsx:UntagResource", + "fsx:UpdateDataRepositoryAssociation", + "fsx:UpdateFileCache", + "fsx:UpdateFileSystem", + "fsx:UpdateSharedVpcConfiguration", + "fsx:UpdateSnapshot", + "fsx:UpdateStorageVirtualMachine", + "fsx:UpdateVolume" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"FullAccessToFSx" }, { "Action":"iam:CreateServiceLinkedRole", @@ -39525,7 +54913,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CreateFSxSLR" }, { "Action":"iam:CreateServiceLinkedRole", @@ -39537,7 +54926,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CreateSLRForLustreS3Integration" }, { "Action":[ @@ -39556,26 +54946,46 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:route-table/*" - ] + ], + "Sid":"CreateTags" + }, + { + "Action":[ + "fsx:PutResourcePolicy", + "fsx:GetResourcePolicy", + "fsx:DeleteResourcePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "ram.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ManageCrossAccountDataReplication" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-08-26T13:18:46+00:00" + "UpdateDate":"2024-01-10T20:07:09+00:00" }, "AmazonFSxConsoleReadOnlyAccess":{ "CreateDate":"2018-11-28T16:35:24+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", "ds:DescribeDirectories", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeSecurityGroups", + "ec2:GetSecurityGroupsForVpc", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "firehose:ListDeliveryStreams", @@ -39585,27 +54995,83 @@ aws_managed_policies_data = """ "logs:DescribeLogGroups" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"FSxReadOnlyPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-06-08T12:21:09+00:00" + "UpdateDate":"2024-01-10T20:19:18+00:00" }, "AmazonFSxFullAccess":{ "CreateDate":"2018-11-28T16:34:43+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v10", "Document":{ "Statement":[ { "Action":[ - "ds:DescribeDirectories", - "fsx:*" + "ds:DescribeDirectories" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ViewAWSDSDirectories" + }, + { + "Action":[ + "fsx:AssociateFileGateway", + "fsx:AssociateFileSystemAliases", + "fsx:CancelDataRepositoryTask", + "fsx:CopyBackup", + "fsx:CopySnapshotAndUpdateVolume", + "fsx:CreateBackup", + "fsx:CreateDataRepositoryAssociation", + "fsx:CreateDataRepositoryTask", + "fsx:CreateFileCache", + "fsx:CreateFileSystem", + "fsx:CreateFileSystemFromBackup", + "fsx:CreateSnapshot", + "fsx:CreateStorageVirtualMachine", + "fsx:CreateVolume", + "fsx:CreateVolumeFromBackup", + "fsx:DeleteBackup", + "fsx:DeleteDataRepositoryAssociation", + "fsx:DeleteFileCache", + "fsx:DeleteFileSystem", + "fsx:DeleteSnapshot", + "fsx:DeleteStorageVirtualMachine", + "fsx:DeleteVolume", + "fsx:DescribeAssociatedFileGateways", + "fsx:DescribeBackups", + "fsx:DescribeDataRepositoryAssociations", + "fsx:DescribeDataRepositoryTasks", + "fsx:DescribeFileCaches", + "fsx:DescribeFileSystemAliases", + "fsx:DescribeFileSystems", + "fsx:DescribeSharedVpcConfiguration", + "fsx:DescribeSnapshots", + "fsx:DescribeStorageVirtualMachines", + "fsx:DescribeVolumes", + "fsx:DisassociateFileGateway", + "fsx:DisassociateFileSystemAliases", + "fsx:ListTagsForResource", + "fsx:ManageBackupPrincipalAssociations", + "fsx:ReleaseFileSystemNfsV3Locks", + "fsx:RestoreVolumeFromSnapshot", + "fsx:TagResource", + "fsx:UntagResource", + "fsx:UpdateDataRepositoryAssociation", + "fsx:UpdateFileCache", + "fsx:UpdateFileSystem", + "fsx:UpdateSharedVpcConfiguration", + "fsx:UpdateSnapshot", + "fsx:UpdateStorageVirtualMachine", + "fsx:UpdateVolume" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"FullAccessToFSx" }, { "Action":"iam:CreateServiceLinkedRole", @@ -39617,7 +55083,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CreateSLRForFSx" }, { "Action":"iam:CreateServiceLinkedRole", @@ -39629,7 +55096,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CreateSLRForLustreS3Integration" }, { "Action":[ @@ -39639,8 +55107,9 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":[ - "arn:aws:logs:*:*:log-group:/aws/fsx/*:log-group:*" - ] + "arn:aws:logs:*:*:log-group:/aws/fsx/*" + ], + "Sid":"CreateLogsForFSxWindowsAuditLogs" }, { "Action":[ @@ -39649,7 +55118,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:firehose:*:*:deliverystream/aws-fsx-*" - ] + ], + "Sid":"WriteToAmazonKinesisDataFirehose" }, { "Action":[ @@ -39668,14 +55138,51 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:route-table/*" - ] + ], + "Sid":"CreateTags" + }, + { + "Action":[ + "ec2:DescribeSecurityGroups", + "ec2:GetSecurityGroupsForVpc", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeRouteTables" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "fsx.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeEC2VpcResources" + }, + { + "Action":[ + "fsx:PutResourcePolicy", + "fsx:GetResourcePolicy", + "fsx:DeleteResourcePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "ram.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ManageCrossAccountDataReplication" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-08-26T13:17:29+00:00" + "UpdateDate":"2024-01-10T20:16:00+00:00" }, "AmazonFSxReadOnlyAccess":{ "CreateDate":"2018-11-28T16:33:32+00:00", @@ -39699,12 +55206,11 @@ aws_managed_policies_data = """ }, "AmazonFSxServiceRolePolicy":{ "CreateDate":"2018-11-28T10:38:37+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ - "cloudwatch:PutMetricData", "ds:AuthorizeApplication", "ds:GetAuthorizedApplicationDetails", "ds:UnauthorizeApplication", @@ -39719,10 +55225,27 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DisassociateAddress", + "ec2:GetSecurityGroupsForVpc", "route53:AssociateVPCWithHostedZone" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CreateFileSystem" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/FSx" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PutMetrics" }, { "Action":[ @@ -39739,7 +55262,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" - ] + ], + "Sid":"TagResourceNetworkInterface" }, { "Action":[ @@ -39755,7 +55279,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:network-interface/*" - ] + ], + "Sid":"ManageNetworkInterface" }, { "Action":[ @@ -39771,7 +55296,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:ec2:*:*:route-table/*" - ] + ], + "Sid":"ManageRouteTable" }, { "Action":[ @@ -39780,7 +55306,8 @@ aws_managed_policies_data = """ "logs:PutLogEvents" ], "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/fsx/*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/fsx/*", + "Sid":"PutCloudWatchLogs" }, { "Action":[ @@ -39789,14 +55316,15 @@ aws_managed_policies_data = """ "firehose:PutRecordBatch" ], "Effect":"Allow", - "Resource":"arn:aws:firehose:*:*:deliverystream/aws-fsx-*" + "Resource":"arn:aws:firehose:*:*:deliverystream/aws-fsx-*", + "Sid":"ManageAuditLogs" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-08-20T12:51:29+00:00" + "UpdateDate":"2024-01-10T20:53:47+00:00" }, "AmazonForecastFullAccess":{ "CreateDate":"2019-01-18T01:52:29+00:00", @@ -40090,6 +55618,65 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-22T17:11:11+00:00" }, + "AmazonGrafanaCloudWatchAccess":{ + "CreateDate":"2023-03-24T22:41:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:DescribeAlarmHistory", + "cloudwatch:DescribeAlarms", + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricStatistics", + "cloudwatch:GetMetricData", + "cloudwatch:GetInsightRuleReport" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DescribeLogGroups", + "logs:GetLogGroupFields", + "logs:StartQuery", + "logs:StopQuery", + "logs:GetQueryResults", + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeTags", + "ec2:DescribeInstances", + "ec2:DescribeRegions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"tag:GetResources", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "oam:ListSinks", + "oam:ListAttachedLinks" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-24T22:41:53+00:00" + }, "AmazonGrafanaRedshiftAccess":{ "CreateDate":"2021-11-26T23:15:15+00:00", "DefaultVersionId":"v1", @@ -40147,15 +55734,74 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-11-26T23:15:15+00:00" }, + "AmazonGrafanaServiceLinkedRolePolicy":{ + "CreateDate":"2022-11-08T23:10:33+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcs", + "ec2:DescribeDhcpOptions", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateNetworkInterface", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "AmazonGrafanaManaged" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "Null":{ + "aws:RequestTag/AmazonGrafanaManaged":"false" + }, + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":"ec2:DeleteNetworkInterface", + "Condition":{ + "Null":{ + "ec2:ResourceTag/AmazonGrafanaManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-08T23:10:33+00:00" + }, "AmazonGuardDutyFullAccess":{ "CreateDate":"2017-11-28T22:31:30+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":"guardduty:*", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AmazonGuardDutyFullAccessSid1" }, { "Action":"iam:CreateServiceLinkedRole", @@ -40168,7 +55814,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CreateServiceLinkedRoleSid1" }, { "Action":[ @@ -40178,22 +55825,25 @@ aws_managed_policies_data = """ "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", - "organizations:DescribeOrganization" + "organizations:DescribeOrganization", + "organizations:ListAccounts" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ActionsForOrganizationsSid1" }, { "Action":"iam:GetRole", "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/*AWSServiceRoleForAmazonGuardDutyMalwareProtection" + "Resource":"arn:aws:iam::*:role/*AWSServiceRoleForAmazonGuardDutyMalwareProtection", + "Sid":"IamGetRoleSid1" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-26T18:28:01+00:00" + "UpdateDate":"2023-11-16T23:04:21+00:00" }, "AmazonGuardDutyMalwareProtectionServiceRolePolicy":{ "CreateDate":"2022-07-19T19:06:53+00:00", @@ -40363,7 +56013,7 @@ aws_managed_policies_data = """ }, "AmazonGuardDutyReadOnlyAccess":{ "CreateDate":"2017-11-28T22:29:40+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -40381,7 +56031,8 @@ aws_managed_policies_data = """ "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", - "organizations:DescribeOrganization" + "organizations:DescribeOrganization", + "organizations:ListAccounts" ], "Effect":"Allow", "Resource":"*" @@ -40391,11 +56042,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-02-16T23:37:57+00:00" + "UpdateDate":"2023-11-16T23:07:06+00:00" }, "AmazonGuardDutyServiceRolePolicy":{ "CreateDate":"2017-11-28T20:12:59+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -40415,17 +56066,188 @@ aws_managed_policies_data = """ "s3:ListAllMyBuckets", "s3:GetBucketAcl", "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus" + "s3:GetBucketPolicyStatus", + "lambda:GetFunctionConfiguration", + "lambda:ListTags", + "eks:ListClusters", + "eks:DescribeCluster", + "ec2:DescribeVpcEndpointServices", + "ec2:DescribeSecurityGroups", + "ecs:ListClusters", + "ecs:DescribeClusters" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"GuardDutyGetDescribeListPolicy" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"malware-protection.guardduty.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"GuardDutyCreateSLRPolicy" + }, + { + "Action":"ec2:CreateVpcEndpoint", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":"GuardDutyManaged" + }, + "StringLike":{ + "ec2:VpceServiceName":[ + "com.amazonaws.*.guardduty-data", + "com.amazonaws.*.guardduty-data-fips" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"GuardDutyCreateVpcEndpointPolicy" + }, + { + "Action":[ + "ec2:ModifyVpcEndpoint", + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/GuardDutyManaged":false + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"GuardDutyModifyDeleteVpcEndpointPolicy" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*" + ], + "Sid":"GuardDutyCreateModifyVpcEndpointNetworkPolicy" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":"GuardDutyManaged" + }, + "StringEquals":{ + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"GuardDutyCreateTagsDuringVpcEndpointCreationPolicy" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress", + "ec2:DeleteSecurityGroup" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/GuardDutyManaged":false + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"GuardDutySecurityGroupManagementPolicy" + }, + { + "Action":"ec2:CreateSecurityGroup", + "Condition":{ + "StringLike":{ + "aws:RequestTag/GuardDutyManaged":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"GuardDutyCreateSecurityGroupPolicy" + }, + { + "Action":"ec2:CreateSecurityGroup", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc/*", + "Sid":"GuardDutyCreateSecurityGroupForVpcPolicy" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":"GuardDutyManaged" + }, + "StringEquals":{ + "ec2:CreateAction":"CreateSecurityGroup" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"GuardDutyCreateTagsDuringSecurityGroupCreationPolicy" + }, + { + "Action":"eks:CreateAddon", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":"GuardDutyManaged" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:eks:*:*:cluster/*", + "Sid":"GuardDutyCreateEksAddonPolicy" + }, + { + "Action":[ + "eks:DeleteAddon", + "eks:UpdateAddon", + "eks:DescribeAddon" + ], + "Effect":"Allow", + "Resource":"arn:aws:eks:*:*:addon/*/aws-guardduty-agent/*", + "Sid":"GuardDutyEksAddonManagementPolicy" + }, + { + "Action":"eks:TagResource", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":"GuardDutyManaged" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:eks:*:*:cluster/*", + "Sid":"GuardDutyEksClusterTagResourcePolicy" + }, + { + "Action":"ecs:PutAccountSettingDefault", + "Condition":{ + "StringEquals":{ + "ecs:account-setting":[ + "guardDutyActivate" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"GuardDutyEcsPutAccountSettingsDefaultPolicy" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-08-03T23:14:07+00:00" + "UpdateDate":"2023-11-26T22:03:45+00:00" }, "AmazonHealthLakeFullAccess":{ "CreateDate":"2021-02-17T01:07:05+00:00", @@ -40640,9 +56462,168 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-01T17:32:49+00:00" }, - "AmazonInspector2FullAccess":{ - "CreateDate":"2021-11-29T19:10:15+00:00", + "AmazonInspector2AgentlessServiceRolePolicy":{ + "CreateDate":"2023-11-20T15:18:32+00:00", "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"InstanceIdentification" + }, + { + "Action":[ + "ebs:ListSnapshotBlocks", + "ebs:GetSnapshotBlock" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/InspectorScan":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"GetSnapshotData" + }, + { + "Action":"ec2:CreateSnapshots", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"CreateSnapshotsAnyInstanceOrVolume" + }, + { + "Action":"ec2:CreateSnapshots", + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/InspectorEc2Exclusion":"true" + } + }, + "Effect":"Deny", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"DenyCreateSnapshotsOnExcludedInstances" + }, + { + "Action":"ec2:CreateSnapshots", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"InspectorScan" + }, + "Null":{ + "aws:TagKeys":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"CreateSnapshotsOnAnySnapshotOnlyWithTag" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"InspectorScan" + }, + "Null":{ + "aws:TagKeys":"false" + }, + "StringLike":{ + "ec2:CreateAction":"CreateSnapshots" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"CreateOnlyInspectorScanTagOnlyUsingCreateSnapshots" + }, + { + "Action":"ec2:DeleteSnapshot", + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/InspectorScan":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*", + "Sid":"DeleteOnlySnapshotsTaggedForScanning" + }, + { + "Action":"kms:Decrypt", + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/InspectorEc2Exclusion":"true" + } + }, + "Effect":"Deny", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"DenyKmsDecryptForExcludedKeys" + }, + { + "Action":"kms:Decrypt", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringLike":{ + "kms:EncryptionContext:aws:ebs:id":"vol-*", + "kms:ViaService":"ec2.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"DecryptSnapshotBlocksVolContext" + }, + { + "Action":"kms:Decrypt", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringLike":{ + "kms:EncryptionContext:aws:ebs:id":"snap-*", + "kms:ViaService":"ec2.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"DecryptSnapshotBlocksSnapContext" + }, + { + "Action":"kms:DescribeKey", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringLike":{ + "kms:ViaService":"ec2.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"DescribeKeysForEbsOperations" + }, + { + "Action":"kms:ListResourceTags", + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"ListKeyResourceTags" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-20T15:18:32+00:00" + }, + "AmazonInspector2FullAccess":{ + "CreateDate":"2021-11-29T19:10:15+00:00", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -40650,6 +56631,14 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*" }, + { + "Action":[ + "codeguru-security:BatchGetFindings", + "codeguru-security:GetAccountConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ @@ -40678,11 +56667,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-29T19:10:15+00:00" + "UpdateDate":"2023-08-03T19:28:59+00:00" }, "AmazonInspector2ReadOnlyAccess":{ "CreateDate":"2022-01-21T14:45:14+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -40692,22 +56681,13 @@ aws_managed_policies_data = """ "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:DescribeOrganization", - "inspector2:ListAccountPermissions", - "inspector2:ListMembers", - "inspector2:ListFilters", - "inspector2:DescribeOrganizationConfiguration", - "inspector2:GetMember", - "inspector2:BatchGetFreeTrialInfo", - "inspector2:ListUsageTotals", - "inspector2:ListCoverageStatistics", - "inspector2:BatchGetAccountStatus", - "inspector2:ListFindings", - "inspector2:ListFindingAggregations", - "inspector2:ListCoverage", - "inspector2:GetDelegatedAdminAccount", - "inspector2:GetFindingsReportStatus", - "inspector2:ListDelegatedAdminAccounts", - "inspector2:ListTagsForResource" + "inspector2:BatchGet*", + "inspector2:List*", + "inspector2:Describe*", + "inspector2:Get*", + "inspector2:Search*", + "codeguru-security:BatchGetFindings", + "codeguru-security:GetAccountConfiguration" ], "Effect":"Allow", "Resource":"*" @@ -40717,11 +56697,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-01-21T14:45:14+00:00" + "UpdateDate":"2023-09-22T20:56:53+00:00" }, "AmazonInspector2ServiceRolePolicy":{ "CreateDate":"2021-11-16T20:27:48+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v11", "Document":{ "Statement":[ { @@ -40766,6 +56746,7 @@ aws_managed_policies_data = """ "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetHealth", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", @@ -40799,6 +56780,7 @@ aws_managed_policies_data = """ "organizations:DescribeOrganization", "organizations:ListAccounts", "ssm:DescribeAssociation", + "ssm:DescribeAssociationExecutions", "ssm:DescribeInstanceInformation", "ssm:ListAssociations", "ssm:ListResourceDataSync" @@ -40807,6 +56789,17 @@ aws_managed_policies_data = """ "Resource":"*", "Sid":"PackageVulnerabilityScanning" }, + { + "Action":[ + "lambda:ListFunctions", + "lambda:GetFunction", + "lambda:GetLayerVersion", + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LambdaPackageVulnerabilityScanning" + }, { "Action":[ "ssm:CreateAssociation", @@ -40817,6 +56810,7 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:*:ec2:*:*:instance/*", + "arn:*:ssm:*:*:document/AmazonInspector2-*", "arn:*:ssm:*:*:document/AWS-GatherSoftwareInventory", "arn:*:ssm:*:*:managed-instance/*", "arn:*:ssm:*:*:association/*" @@ -40848,13 +56842,102 @@ aws_managed_policies_data = """ "arn:*:events:*:*:rule/DO-NOT-DELETE-AmazonInspector*ManagedRule" ], "Sid":"ManagedRules" + }, + { + "Action":[ + "codeguru-security:CreateScan", + "codeguru-security:GetAccountConfiguration", + "codeguru-security:GetFindings", + "codeguru-security:GetScan", + "codeguru-security:ListFindings", + "codeguru-security:BatchGetFindings", + "codeguru-security:DeleteScansByCategory" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"LambdaCodeVulnerabilityScanning" + }, + { + "Action":[ + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:ListAttachedRolePolicies", + "iam:ListPolicies", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "lambda:ListVersionsByFunction" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "codeguru-security.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"CodeGuruCodeVulnerabilityScanning" + }, + { + "Action":[ + "ssm:PutParameter", + "ssm:GetParameters", + "ssm:DeleteParameter" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:ssm:*:*:parameter/inspector-aws/service/inspector-linux-application-paths" + ], + "Sid":"Ec2DeepInspection" + }, + { + "Action":[ + "cloudtrail:CreateServiceLinkedChannel", + "cloudtrail:DeleteServiceLinkedChannel" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:cloudtrail:*:*:channel/aws-service-channel/inspector2/*" + ], + "Sid":"AllowManagementOfServiceLinkedChannel" + }, + { + "Action":[ + "cloudtrail:ListServiceLinkedChannels" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowListServiceLinkedChannels" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-08-15T17:38:32+00:00" + "UpdateDate":"2023-09-07T13:20:55+00:00" }, "AmazonInspectorFullAccess":{ "CreateDate":"2015-10-07T17:08:04+00:00", @@ -41097,7 +57180,7 @@ aws_managed_policies_data = """ }, "AmazonKeyspacesFullAccess":{ "CreateDate":"2020-04-23T17:06:37+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -41105,7 +57188,8 @@ aws_managed_policies_data = """ "cassandra:*" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CassandraFullAccess" }, { "Action":[ @@ -41123,7 +57207,8 @@ aws_managed_policies_data = """ "kms:ListAliases" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ApplicationAutoscalingFullAccess" }, { "Action":[ @@ -41133,7 +57218,8 @@ aws_managed_policies_data = """ "cloudwatch:PutMetricAlarm" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CloudwatchAlarmsFullAccess" }, { "Action":"iam:CreateServiceLinkedRole", @@ -41143,14 +57229,35 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable" + "Resource":"arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable", + "Sid":"ApplicationAutoscalingServiceLinkedRole" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"replication.cassandra.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/replication.cassandra.amazonaws.com/AWSServiceRoleForKeyspacesReplication", + "Sid":"KeyspacesReplicationServiceLinkedRole" + }, + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Ec2VpcReadAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-07T15:02:41+00:00" + "UpdateDate":"2023-10-03T19:12:30+00:00" }, "AmazonKeyspacesReadOnlyAccess":{ "CreateDate":"2020-04-23T17:07:14+00:00", @@ -41185,6 +57292,47 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-07T14:54:05+00:00" }, + "AmazonKeyspacesReadOnlyAccess_v2":{ + "CreateDate":"2023-09-12T17:01:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cassandra:Select" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-09-12T17:01:45+00:00" + }, "AmazonKinesisAnalyticsFullAccess":{ "CreateDate":"2016-09-21T19:01:14+00:00", "DefaultVersionId":"v1", @@ -41421,9 +57569,730 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2017-12-01T23:14:32+00:00" }, + "AmazonLaunchWizardFullAccessV2":{ + "CreateDate":"2023-09-01T17:14:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"applicationinsights:*", + "Effect":"Allow", + "Resource":"*", + "Sid":"AppInsightsActions0" + }, + { + "Action":"resource-groups:List*", + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceGroupActions0" + }, + { + "Action":[ + "route53:ChangeResourceRecordSets", + "route53:GetChange", + "route53:ListResourceRecordSets", + "route53:ListHostedZones", + "route53:ListHostedZonesByName" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Route53Actions0" + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3Actions0" + }, + { + "Action":[ + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"KmsActions0" + }, + { + "Action":[ + "cloudwatch:List*", + "cloudwatch:Get*", + "cloudwatch:Describe*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchActions0" + }, + { + "Action":[ + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateVpc", + "ec2:CreateKeyPair", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSubnet" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Ec2Actions0" + }, + { + "Action":[ + "ec2:AllocateAddress", + "ec2:AllocateHosts", + "ec2:AssignPrivateIpAddresses", + "ec2:AssociateAddress", + "ec2:CreateDhcpOptions", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateVolume", + "ec2:CreateVpcEndpoint", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:ModifyInstanceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVolumeAttribute", + "ec2:ModifyVpcAttribute", + "ec2:AssociateDhcpOptions", + "ec2:AssociateSubnetCidrBlock", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:AttachVolume", + "ec2:DeleteDhcpOptions", + "ec2:DeleteInternetGateway", + "ec2:DeleteKeyPair", + "ec2:DeleteNatGateway", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVolume", + "ec2:DeleteVpc", + "ec2:DetachInternetGateway", + "ec2:DetachVolume", + "ec2:DeleteSnapshot", + "ec2:AssociateRouteTable", + "ec2:AssociateVpcCidrBlock", + "ec2:DeleteNetworkAcl", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSubnet", + "ec2:DetachNetworkInterface", + "ec2:DisassociateAddress", + "ec2:DisassociateVpcCidrBlock", + "ec2:GetLaunchTemplateData", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifyVolume", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:GetConsoleOutput", + "ec2:GetPasswordData", + "ec2:ReleaseAddress", + "ec2:ReplaceRoute", + "ec2:ReplaceRouteTableAssociation", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DisassociateIamInstanceProfile", + "ec2:DisassociateRouteTable", + "ec2:DisassociateSubnetCidrBlock", + "ec2:ModifyInstancePlacement", + "ec2:DeletePlacementGroup", + "ec2:CreatePlacementGroup", + "elasticfilesystem:DeleteFileSystem", + "elasticfilesystem:DeleteMountTarget", + "ds:AddIpRoutes", + "ds:CreateComputer", + "ds:CreateMicrosoftAD", + "ds:DeleteDirectory", + "servicecatalog:AssociateProductWithPortfolio", + "cloudformation:GetTemplateSummary", + "sts:GetCallerIdentity" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Ec2Actions1" + }, + { + "Action":[ + "cloudformation:DescribeStack*", + "cloudformation:Get*", + "cloudformation:ListStacks", + "cloudformation:SignalResource", + "cloudformation:DeleteStack" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/LaunchWizard*/*", + "arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*" + ], + "Sid":"CloudFormationActions0" + }, + { + "Action":[ + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"Ec2Actions2" + }, + { + "Action":[ + "iam:CreateInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:AddRoleToInstanceProfile" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", + "arn:aws:iam::*:instance-profile/LaunchWizard*" + ], + "Sid":"IamActions0" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":[ + "lambda.amazonaws.com", + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard", + "arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard", + "arn:aws:iam::*:instance-profile/LaunchWizard*" + ], + "Sid":"IamActions1" + }, + { + "Action":[ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "resource-groups:CreateGroup", + "resource-groups:DeleteGroup", + "sns:ListSubscriptionsByTopic", + "sns:Publish", + "ssm:DeleteDocument", + "ssm:DeleteParameter*", + "ssm:DescribeDocument*", + "ssm:GetDocument", + "ssm:PutParameter" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:resource-groups:*:*:group/LaunchWizard*", + "arn:aws:sns:*:*:*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*", + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*", + "arn:aws:ssm:*:*:parameter/LaunchWizard*", + "arn:aws:ssm:*:*:document/LaunchWizard*" + ], + "Sid":"AutoScalingActions0" + }, + { + "Action":[ + "ssm:GetDocument", + "ssm:SendCommand" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*::document/AWS-RunShellScript" + ], + "Sid":"SsmActions0" + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"SsmActions1" + }, + { + "Action":[ + "ssm:AddTagsToResource", + "ssm:DescribeDocument", + "ssm:GetDocument", + "ssm:ListTagsForResource", + "ssm:RemoveTagsFromResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:parameter/LaunchWizard*", + "arn:aws:ssm:*:*:document/LaunchWizard*" + ], + "Sid":"SsmActions2" + }, + { + "Action":[ + "autoscaling:Describe*", + "cloudformation:DescribeAccountLimits", + "cloudformation:DescribeStackDriftDetectionStatus", + "cloudformation:List*", + "cloudformation:ValidateTemplate", + "ds:Describe*", + "ds:ListAuthorizedApplications", + "ec2:Describe*", + "ec2:Get*", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetUser", + "iam:GetPolicyVersion", + "iam:GetPolicy", + "iam:List*", + "resource-groups:Get*", + "resource-groups:List*", + "servicequotas:GetServiceQuota", + "servicequotas:ListServiceQuotas", + "sns:ListSubscriptions", + "sns:ListTopics", + "ssm:CreateDocument", + "ssm:DescribeAutomation*", + "ssm:DescribeInstanceInformation", + "ssm:DescribeParameters", + "ssm:GetAutomationExecution", + "ssm:GetCommandInvocation", + "ssm:GetParameter*", + "ssm:GetConnectionStatus", + "ssm:ListCommand*", + "ssm:ListDocument*", + "ssm:ListInstanceAssociations", + "ssm:SendAutomationSignal", + "tag:Get*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SsmActions3" + }, + { + "Action":[ + "ssm:StartAutomationExecution", + "ssm:StopAutomationExecution" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:automation-definition/LaunchWizard-*:*", + "Sid":"SsmActions4" + }, + { + "Action":[ + "cloudformation:List*", + "cloudformation:Describe*" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/LaunchWizard*/", + "Sid":"CloudFormationActions1" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "autoscaling.amazonaws.com", + "application-insights.amazonaws.com", + "events.amazonaws.com", + "autoscaling.amazonaws.com.cn", + "events.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"IamActions2" + }, + { + "Action":"launchwizard:*", + "Effect":"Allow", + "Resource":"*", + "Sid":"LaunchWizardActions0" + }, + { + "Action":[ + "sqs:TagQueue", + "sqs:GetQueueUrl", + "sqs:AddPermission", + "sqs:ListQueues", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:ListQueueTags", + "sqs:CreateQueue", + "sqs:SetQueueAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sqs:*:*:LaunchWizard*", + "Sid":"SqsActions0" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "iam:GetInstanceProfile", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:LaunchWizard*", + "arn:aws:iam::*:instance-profile/LaunchWizard*" + ], + "Sid":"CloudWatchActions1" + }, + { + "Action":[ + "cloudformation:CreateStack", + "route53:ListHostedZones", + "ec2:CreateSecurityGroup", + "ec2:AuthorizeSecurityGroupIngress", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:CreateFileSystem", + "elasticfilesystem:CreateMountTarget", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EfsActions0" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::launchwizard*", + "arn:aws:s3:::launchwizard*/*", + "arn:aws:s3:::aws-sap-data-provider/config.properties" + ], + "Sid":"S3Actions1" + }, + { + "Action":"cloudformation:TagResource", + "Condition":{ + "ForAllValues:StringLike":{ + "aws:TagKeys":"LaunchWizard*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudFormationActions2" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:PutBucketVersioning", + "s3:DeleteBucket", + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:LaunchWizard*", + "arn:aws:s3:::launchwizard*" + ], + "Sid":"LambdaActions0" + }, + { + "Action":[ + "dynamodb:CreateTable", + "dynamodb:DescribeTable", + "dynamodb:DeleteTable" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/LaunchWizard*", + "Sid":"DynamodbActions0" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource", + "secretsmanager:UntagResource", + "secretsmanager:PutResourcePolicy", + "secretsmanager:DeleteResourcePolicy", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:LaunchWizard*", + "Sid":"SecretsManagerActions0" + }, + { + "Action":[ + "secretsmanager:GetRandomPassword", + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SecretsManagerActions1" + }, + { + "Action":[ + "ssm:CreateOpsMetadata" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SsmActions5" + }, + { + "Action":"ssm:DeleteOpsMetadata", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*", + "Sid":"SsmActions6" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:Subscribe", + "sns:Unsubscribe" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:LaunchWizard*", + "Sid":"SnsActions0" + }, + { + "Action":[ + "fsx:UntagResource", + "fsx:TagResource", + "fsx:DeleteFileSystem", + "fsx:ListTagsForResource" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/Name":"LaunchWizard*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"FsxActions0" + }, + { + "Action":[ + "fsx:CreateFileSystem" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/Name":[ + "LaunchWizard*" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"FsxActions1" + }, + { + "Action":[ + "fsx:DescribeFileSystems" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"FsxActions2" + }, + { + "Action":[ + "servicecatalog:CreatePortfolio", + "servicecatalog:DescribePortfolio", + "servicecatalog:CreateConstraint", + "servicecatalog:CreateProduct", + "servicecatalog:AssociatePrincipalWithPortfolio", + "servicecatalog:CreateProvisioningArtifact", + "servicecatalog:TagResource", + "servicecatalog:UntagResource" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:servicecatalog:*:*:*/*", + "arn:aws:catalog:*:*:*/*" + ], + "Sid":"ServiceCatalogActions0" + }, + { + "Action":[ + "ssm:CreateAssociation", + "ssm:DeleteAssociation" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", + "arn:aws:ssm:*:*:association/*" + ], + "Sid":"SsmActions7" + }, + { + "Action":[ + "elasticfilesystem:UntagResource", + "elasticfilesystem:TagResource" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*", + "Sid":"EfsActions1" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DeleteLogGroup", + "logs:DescribeLogStreams", + "logs:UntagResource", + "logs:TagResource", + "logs:CreateLogGroup", + "logs:DeleteLogStream", + "logs:PutLogEvents", + "logs:GetLogEvents", + "logs:GetLogDelivery", + "logs:GetLogGroupFields", + "logs:GetLogRecord", + "logs:ListLogDeliveries" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:LaunchWizard*", + "arn:aws:logs:*:*:log-group:LaunchWizard*:log-stream:*" + ], + "Sid":"LogsActions0" + }, + { + "Action":"logs:DescribeLogGroups", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"LogsActions1" + }, + { + "Action":[ + "fsx:CreateStorageVirtualMachine", + "fsx:CreateVolume" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "launchwizard.amazonaws.com" + ] + }, + "StringLike":{ + "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"FsxActions3" + }, + { + "Action":[ + "fsx:DescribeStorageVirtualMachines", + "fsx:DescribeVolumes" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "launchwizard.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"FsxActions4" + }, + { + "Action":[ + "fsx:DeleteStorageVirtualMachine", + "fsx:DeleteVolume" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "launchwizard.amazonaws.com" + ] + }, + "StringLike":{ + "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:fsx:*:*:storage-virtual-machine/*/*", + "arn:aws:fsx:*:*:backup/*", + "arn:aws:fsx:*:*:volume/*/*" + ], + "Sid":"FsxActions5" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-09-01T17:14:56+00:00" + }, "AmazonLaunchWizard_Fullaccess":{ "CreateDate":"2020-08-06T17:47:30+00:00", - "DefaultVersionId":"v13", + "DefaultVersionId":"v15", "Document":{ "Statement":[ { @@ -41614,7 +58483,8 @@ aws_managed_policies_data = """ "StringEqualsIfExists":{ "iam:PassedToService":[ "lambda.amazonaws.com", - "ec2.amazonaws.com" + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" ] } }, @@ -41633,6 +58503,7 @@ aws_managed_policies_data = """ "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:UpdateAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DeleteLogStream", @@ -41785,7 +58656,9 @@ aws_managed_policies_data = """ "iam:AWSServiceName":[ "autoscaling.amazonaws.com", "application-insights.amazonaws.com", - "events.amazonaws.com" + "events.amazonaws.com", + "autoscaling.amazonaws.com.cn", + "events.amazonaws.com.cn" ] } }, @@ -41975,7 +58848,9 @@ aws_managed_policies_data = """ "servicecatalog:CreateConstraint", "servicecatalog:CreateProduct", "servicecatalog:AssociatePrincipalWithPortfolio", - "servicecatalog:CreateProvisioningArtifact" + "servicecatalog:CreateProvisioningArtifact", + "servicecatalog:TagResource", + "servicecatalog:UntagResource" ], "Condition":{ "ForAnyValue:StringEquals":{ @@ -41987,13 +58862,53 @@ aws_managed_policies_data = """ "arn:aws:servicecatalog:*:*:*/*", "arn:aws:catalog:*:*:*/*" ] + }, + { + "Action":[ + "ssm:CreateAssociation", + "ssm:DeleteAssociation" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", + "Sid":"VisualEditor0" + }, + { + "Action":[ + "elasticfilesystem:UntagResource", + "elasticfilesystem:TagResource" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action":[ + "logs:TagResource", + "logs:UntagResource" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:LaunchWizard*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-12T19:16:27+00:00" + "UpdateDate":"2023-02-22T17:25:14+00:00" }, "AmazonLexChannelsAccess":{ "CreateDate":"2021-01-13T20:12:46+00:00", @@ -42193,7 +59108,7 @@ aws_managed_policies_data = """ }, "AmazonLexReadOnly":{ "CreateDate":"2017-04-11T23:13:33+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -42242,7 +59157,8 @@ aws_managed_policies_data = """ "lex:ListSlots", "lex:ListSlotTypes", "lex:ListTagsForResource", - "lex:SearchAssociatedTranscripts" + "lex:SearchAssociatedTranscripts", + "lex:ListCustomVocabularyItems" ], "Effect":"Allow", "Resource":"*" @@ -42252,7 +59168,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-27T23:43:22+00:00" + "UpdateDate":"2023-01-31T19:31:41+00:00" }, "AmazonLexRunBotsOnly":{ "CreateDate":"2017-04-11T23:06:24+00:00", @@ -42356,22 +59272,13 @@ aws_managed_policies_data = """ }, "AmazonLookoutEquipmentReadOnlyAccess":{ "CreateDate":"2021-05-05T16:47:55+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ - "lookoutequipment:DescribeDataset", - "lookoutequipment:DescribeDataIngestionJob", - "lookoutequipment:DescribeModel", - "lookoutequipment:DescribeInferenceScheduler", - "lookoutequipment:ListDatasets", - "lookoutequipment:ListDataIngestionJobs", - "lookoutequipment:ListModels", - "lookoutequipment:ListInferenceSchedulers", - "lookoutequipment:ListInferenceExecutions", - "lookoutequipment:ListTagsForResource", - "lookoutequipment:ListSensorStatistics" + "lookoutequipment:Describe*", + "lookoutequipment:List*" ], "Effect":"Allow", "Resource":"*" @@ -42381,7 +59288,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-30T18:33:42+00:00" + "UpdateDate":"2022-11-10T22:04:33+00:00" }, "AmazonLookoutMetricsFullAccess":{ "CreateDate":"2021-05-07T00:43:38+00:00", @@ -43015,7 +59922,7 @@ aws_managed_policies_data = """ }, "AmazonMSKFullAccess":{ "CreateDate":"2019-01-14T22:07:52+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -43098,6 +60005,16 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"arn:*:ec2:*:*:vpc-endpoint/*" }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"kafka.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, { "Action":"iam:CreateServiceLinkedRole", "Condition":{ @@ -43123,7 +60040,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-01-06T21:18:01+00:00" + "UpdateDate":"2023-10-18T11:33:13+00:00" }, "AmazonMSKReadOnlyAccess":{ "CreateDate":"2019-01-14T22:28:45+00:00", @@ -43153,7 +60070,7 @@ aws_managed_policies_data = """ }, "AmazonMWAAServiceRolePolicy":{ "CreateDate":"2020-11-24T14:13:41+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -43230,13 +60147,25 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/MWAA" + ] + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-11-24T14:13:41+00:00" + "UpdateDate":"2022-11-17T00:56:25+00:00" }, "AmazonMachineLearningBatchPredictionsAccess":{ "CreateDate":"2015-04-09T17:12:19+00:00", @@ -43458,6 +60387,29 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-06-28T15:46:10+00:00" }, + "AmazonMacieReadOnlyAccess":{ + "CreateDate":"2023-06-15T21:50:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "macie2:Describe*", + "macie2:Get*", + "macie2:List*", + "macie2:BatchGetCustomDataIdentifiers", + "macie2:SearchResources" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-15T21:50:06+00:00" + }, "AmazonMacieServiceRole":{ "CreateDate":"2017-08-14T14:53:26+00:00", "DefaultVersionId":"v1", @@ -43911,7 +60863,7 @@ aws_managed_policies_data = """ }, "AmazonNimbleStudio-StudioAdmin":{ "CreateDate":"2021-04-28T04:47:36+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -43923,6 +60875,8 @@ aws_managed_policies_data = """ "nimble:CreateStreamingSessionStream", "nimble:GetStreamingSessionStream", "nimble:DeleteStreamingSession", + "nimble:ListStreamingSessionBackups", + "nimble:GetStreamingSessionBackup", "nimble:ListEulas", "nimble:ListEulaAcceptances", "nimble:GetEula", @@ -43951,7 +60905,9 @@ aws_managed_policies_data = """ { "Action":[ "sso-directory:DescribeUsers", - "sso-directory:SearchUsers" + "sso-directory:SearchUsers", + "identitystore:DescribeUser", + "identitystore:ListUsers" ], "Effect":"Allow", "Resource":[ @@ -43986,11 +60942,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-01T20:02:36+00:00" + "UpdateDate":"2023-09-22T17:40:41+00:00" }, "AmazonNimbleStudio-StudioUser":{ "CreateDate":"2021-04-28T04:48:11+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -44019,7 +60975,9 @@ aws_managed_policies_data = """ { "Action":[ "sso-directory:DescribeUsers", - "sso-directory:SearchUsers" + "sso-directory:SearchUsers", + "identitystore:DescribeUser", + "identitystore:ListUsers" ], "Effect":"Allow", "Resource":[ @@ -44058,7 +61016,9 @@ aws_managed_policies_data = """ "nimble:StopStreamingSession", "nimble:CreateStreamingSessionStream", "nimble:GetStreamingSessionStream", - "nimble:ListStreamingSessions" + "nimble:ListStreamingSessions", + "nimble:ListStreamingSessionBackups", + "nimble:GetStreamingSessionBackup" ], "Condition":{ "StringEquals":{ @@ -44073,7 +61033,327 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-01T20:01:52+00:00" + "UpdateDate":"2023-09-22T17:45:14+00:00" + }, + "AmazonOmicsFullAccess":{ + "CreateDate":"2023-02-24T00:59:33+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "omics:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ram:AcceptResourceShareInvitation", + "ram:GetResourceShareInvitations" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"omics.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"omics.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-02-24T00:59:33+00:00" + }, + "AmazonOmicsReadOnlyAccess":{ + "CreateDate":"2022-11-29T04:17:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "omics:Get*", + "omics:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-29T04:17:07+00:00" + }, + "AmazonOneEnterpriseFullAccess":{ + "CreateDate":"2023-11-28T04:58:21+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "one:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"FullAccessStatementID" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-28T04:58:21+00:00" + }, + "AmazonOneEnterpriseInstallerAccess":{ + "CreateDate":"2023-11-28T05:00:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "one:CreateDeviceActivationQrCode", + "one:GetDeviceInstance", + "one:GetSite", + "one:GetSiteAddress", + "one:ListDeviceInstances", + "one:ListSites" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"InstallerAccessStatementID" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-28T05:00:39+00:00" + }, + "AmazonOneEnterpriseReadOnlyAccess":{ + "CreateDate":"2023-11-28T04:59:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "one:Get*", + "one:List*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ReadOnlyAccessStatementID" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-28T04:59:23+00:00" + }, + "AmazonOpenSearchDashboardsServiceRolePolicy":{ + "CreateDate":"2023-12-22T19:38:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/AOSD" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonOpenSearchDashboardsServiceRoleAllowedActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-22T19:38:16+00:00" + }, + "AmazonOpenSearchIngestionFullAccess":{ + "CreateDate":"2023-04-26T18:11:38+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "osis:CreatePipeline", + "osis:UpdatePipeline", + "osis:DeletePipeline", + "osis:StartPipeline", + "osis:StopPipeline", + "osis:ListPipelines", + "osis:GetPipeline", + "osis:GetPipelineChangeProgress", + "osis:ValidatePipeline", + "osis:GetPipelineBlueprint", + "osis:ListPipelineBlueprints", + "osis:TagResource", + "osis:UntagResource", + "osis:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"osis.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/osis.amazonaws.com/AWSServiceRoleForAmazonOpenSearchIngestionService" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-26T18:11:38+00:00" + }, + "AmazonOpenSearchIngestionReadOnlyAccess":{ + "CreateDate":"2023-04-26T18:09:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "osis:GetPipeline", + "osis:GetPipelineChangeProgress", + "osis:GetPipelineBlueprint", + "osis:ListPipelineBlueprints", + "osis:ListPipelines", + "osis:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-26T18:09:52+00:00" + }, + "AmazonOpenSearchIngestionServiceRolePolicy":{ + "CreateDate":"2022-11-18T16:49:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:route-table/*" + ] + }, + { + "Action":"ec2:CreateVpcEndpoint", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/OSISManaged":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc-endpoint/*" + ] + }, + { + "Action":[ + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/OSISManaged":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc-endpoint/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/OSIS" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-18T16:49:50+00:00" + }, + "AmazonOpenSearchServerlessServiceRolePolicy":{ + "CreateDate":"2022-11-24T19:50:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/AOSS" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-24T19:50:12+00:00" }, "AmazonOpenSearchServiceCognitoAccess":{ "CreateDate":"2021-09-02T06:31:49+00:00", @@ -44167,7 +61447,7 @@ aws_managed_policies_data = """ }, "AmazonOpenSearchServiceRolePolicy":{ "CreateDate":"2021-08-26T09:27:09+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -44211,6 +61491,22 @@ aws_managed_policies_data = """ ], "Sid":"Stmt1480452973165" }, + { + "Action":[ + "ec2:AssignIpv6Addresses" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"Stmt1480452973149" + }, + { + "Action":[ + "ec2:UnAssignIpv6Addresses" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"Stmt1480452973150" + }, { "Action":[ "ec2:DescribeSecurityGroups" @@ -44271,13 +61567,84 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*", "Sid":"Stmt1480452973196" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/ES" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973197" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:route-table/*" + ], + "Sid":"Stmt1480452973198" + }, + { + "Action":"ec2:CreateVpcEndpoint", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/OpenSearchManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"Stmt1480452973199" + }, + { + "Action":[ + "ec2:ModifyVpcEndpoint", + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/OpenSearchManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"Stmt1480452973200" + }, + { + "Action":[ + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973201" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"Stmt1480452973202" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-28T13:10:24+00:00" + "UpdateDate":"2023-10-23T07:07:31+00:00" }, "AmazonPersonalizeFullAccess":{ "CreateDate":"2018-12-04T22:24:33+00:00", @@ -44380,7 +61747,7 @@ aws_managed_policies_data = """ }, "AmazonPrometheusConsoleFullAccess":{ "CreateDate":"2020-12-15T18:11:10+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -44408,7 +61775,11 @@ aws_managed_policies_data = """ "aps:PutAlertManagerDefinition", "aps:PutRuleGroupsNamespace", "aps:TagResource", - "aps:UntagResource" + "aps:UntagResource", + "aps:CreateLoggingConfiguration", + "aps:UpdateLoggingConfiguration", + "aps:DeleteLoggingConfiguration", + "aps:DescribeLoggingConfiguration" ], "Effect":"Allow", "Resource":"*" @@ -44418,11 +61789,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-09-29T15:29:28+00:00" + "UpdateDate":"2022-10-24T22:25:39+00:00" }, "AmazonPrometheusFullAccess":{ "CreateDate":"2020-12-15T18:10:46+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -44430,14 +61801,43 @@ aws_managed_policies_data = """ "aps:*" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllPrometheusActions" + }, + { + "Action":[ + "eks:DescribeCluster", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "aps.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeCluster" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"scraper.aps.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/scraper.aps.amazonaws.com/AWSServiceRoleForAmazonPrometheusScraper*", + "Sid":"CreateServiceLinkedRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-12-15T18:10:46+00:00" + "UpdateDate":"2023-11-26T20:16:13+00:00" }, "AmazonPrometheusQueryAccess":{ "CreateDate":"2020-12-19T01:02:58+00:00", @@ -44480,9 +61880,117 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-19T01:04:32+00:00" }, + "AmazonPrometheusScraperServiceRolePolicy":{ + "CreateDate":"2023-11-26T14:19:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:DeleteRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/scraper.aps.amazonaws.com/AWSServiceRoleForAmazonPrometheusScraper*", + "Sid":"DeleteSLR" + }, + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"NetworkDiscovery" + }, + { + "Action":"ec2:CreateNetworkInterface", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "AMPAgentlessScraper" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ENIManagement" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "Null":{ + "aws:RequestTag/AMPAgentlessScraper":"false" + }, + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ec2:*:*:network-interface/*", + "Sid":"TagManagement" + }, + { + "Action":[ + "ec2:DeleteNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Condition":{ + "Null":{ + "ec2:ResourceTag/AMPAgentlessScraper":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ENIUpdating" + }, + { + "Action":"eks:DescribeCluster", + "Effect":"Allow", + "Resource":"arn:*:eks:*:*:cluster/*", + "Sid":"EKSAccess" + }, + { + "Action":"aps:RemoteWrite", + "Condition":{ + "StringEquals":{ + "aws:PrincipalAccount":"${aws:ResourceAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:*:aps:*:*:workspace/*", + "Sid":"APSWriting" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-26T14:19:52+00:00" + }, + "AmazonQFullAccess":{ + "CreateDate":"2023-11-28T16:00:24+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "q:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAmazonQFullAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-28T16:00:24+00:00" + }, "AmazonQLDBConsoleFullAccess":{ "CreateDate":"2019-09-05T18:24:20+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -44520,7 +62028,8 @@ aws_managed_policies_data = """ "qldb:PartiQLInsert", "qldb:PartiQLUpdate", "qldb:PartiQLSelect", - "qldb:PartiQLHistoryFunction" + "qldb:PartiQLHistoryFunction", + "qldb:PartiQLRedact" ], "Effect":"Allow", "Resource":"*" @@ -44555,11 +62064,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-09-02T23:21:23+00:00" + "UpdateDate":"2022-11-04T17:01:10+00:00" }, "AmazonQLDBFullAccess":{ "CreateDate":"2019-09-05T18:23:32+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -44594,7 +62103,8 @@ aws_managed_policies_data = """ "qldb:PartiQLInsert", "qldb:PartiQLUpdate", "qldb:PartiQLSelect", - "qldb:PartiQLHistoryFunction" + "qldb:PartiQLHistoryFunction", + "qldb:PartiQLRedact" ], "Effect":"Allow", "Resource":"*" @@ -44614,7 +62124,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-09-02T23:21:04+00:00" + "UpdateDate":"2022-11-04T17:01:27+00:00" }, "AmazonQLDBReadOnly":{ "CreateDate":"2019-09-05T18:19:24+00:00", @@ -44647,7 +62157,7 @@ aws_managed_policies_data = """ }, "AmazonRDSBetaServiceRolePolicy":{ "CreateDate":"2018-05-02T19:41:04+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -44730,17 +62240,60 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "secretsmanager:GetRandomPassword" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:DeleteSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:PutSecretValue", + "secretsmanager:RotateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:UpdateSecretVersionStage", + "secretsmanager:ListSecretVersionIds" + ], + "Condition":{ + "StringLike":{ + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds-beta-us-east-1" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:rds-beta-us-east-1!*" + ] + }, + { + "Action":"secretsmanager:TagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws:rds:primaryDBInstanceArn", + "aws:rds:primaryDBClusterArn" + ] + }, + "StringLike":{ + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds-beta-us-east-1" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:rds-beta-us-east-1!*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-07T17:10:39+00:00" + "UpdateDate":"2022-12-14T18:33:17+00:00" }, "AmazonRDSCustomPreviewServiceRolePolicy":{ "CreateDate":"2021-10-08T21:44:15+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -44761,7 +62314,14 @@ aws_managed_policies_data = """ "ec2:DescribeSecurityGroups", "ec2:DescribeVolumesModifications", "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute" + "ec2:DescribeVpcAttribute", + "ec2:SearchTransitGatewayMulticastGroups", + "ec2:GetTransitGatewayMulticastDomainAssociations", + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTransitGateways", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribePlacementGroups", + "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":[ @@ -44783,7 +62343,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44799,7 +62360,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44819,7 +62381,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44829,13 +62392,29 @@ aws_managed_policies_data = """ ], "Sid":"ecc1scoping2" }, + { + "Action":[ + "ec2:AssignPrivateIpAddresses" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"ecc1scoping3" + }, { "Action":"ec2:RunInstances", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44861,6 +62440,41 @@ aws_managed_policies_data = """ ], "Sid":"eccRunInstances2" }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle-rac", + "custom-oracle" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*::snapshot/*" + ], + "Sid":"eccRunInstances3" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + }, + "StringNotEquals":{ + "ec2:MetadataHttpTokens":"required" + } + }, + "Effect":"Deny", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"RequireImdsV2" + }, { "Action":[ "ec2:RunInstances", @@ -44870,7 +62484,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44888,7 +62503,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44898,6 +62514,41 @@ aws_managed_policies_data = """ ], "Sid":"eccKeyPair2" }, + { + "Action":"ec2:CreateNetworkInterface", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"eccNetworkInterface1" + }, + { + "Action":"ec2:CreateNetworkInterface", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"eccNetworkInterface2" + }, + { + "Action":"ec2:DeleteNetworkInterface", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"eccNetworkInterface3" + }, { "Action":[ "ec2:CreateTags" @@ -44906,7 +62557,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44922,11 +62574,13 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ], "ec2:CreateAction":[ "CreateKeyPair", "RunInstances", + "CreateNetworkInterface", "CreateVolume", "CreateSnapshots", "CopySnapshot", @@ -44947,7 +62601,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44964,7 +62619,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44982,7 +62638,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -44999,7 +62656,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45016,7 +62674,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45030,7 +62689,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45078,14 +62738,14 @@ aws_managed_policies_data = """ { "Action":[ "cloudwatch:EnableAlarmActions", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms" + "cloudwatch:DeleteAlarms" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45102,7 +62762,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45110,6 +62771,14 @@ aws_managed_policies_data = """ "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Sid":"cw2" }, + { + "Action":[ + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:*", + "Sid":"cw3" + }, { "Action":"ssm:SendCommand", "Effect":"Allow", @@ -45122,7 +62791,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45140,6 +62810,37 @@ aws_managed_policies_data = """ "Resource":"*", "Sid":"ssm3" }, + { + "Action":[ + "ssm:PutParameter", + "ssm:AddTagsToResource" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", + "Sid":"ssm4" + }, + { + "Action":[ + "ssm:DeleteParameter" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", + "Sid":"ssm5" + }, { "Action":[ "events:PutRule", @@ -45149,7 +62850,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45171,7 +62873,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45179,6 +62882,49 @@ aws_managed_policies_data = """ "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb2" }, + { + "Action":[ + "events:PutRule" + ], + "Condition":{ + "StringLike":{ + "events:ManagedBy":[ + "custom.rds-preview.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb3" + }, + { + "Action":[ + "events:PutTargets", + "events:EnableRule", + "events:DeleteRule", + "events:RemoveTargets", + "events:DisableRule" + ], + "Condition":{ + "StringLike":{ + "events:ManagedBy":[ + "custom.rds-preview.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb4" + }, + { + "Action":[ + "events:DescribeRule", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb5" + }, { "Action":[ "secretsmanager:TagResource", @@ -45188,7 +62934,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45207,24 +62954,33 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "Sid":"secretmanager2" + }, + { + "Action":[ + "servicequotas:GetServiceQuota" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"servicequota1" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-10-08T21:44:15+00:00" + "UpdateDate":"2023-09-20T17:48:39+00:00" }, "AmazonRDSCustomServiceRolePolicy":{ "CreateDate":"2021-10-08T21:39:12+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -45245,7 +63001,14 @@ aws_managed_policies_data = """ "ec2:DescribeSecurityGroups", "ec2:DescribeVolumesModifications", "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute" + "ec2:DescribeVpcAttribute", + "ec2:SearchTransitGatewayMulticastGroups", + "ec2:GetTransitGatewayMulticastDomainAssociations", + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTransitGateways", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribePlacementGroups", + "ec2:DescribeRouteTables" ], "Effect":"Allow", "Resource":[ @@ -45267,7 +63030,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45283,7 +63047,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45303,7 +63068,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45313,13 +63079,29 @@ aws_managed_policies_data = """ ], "Sid":"ecc1scoping2" }, + { + "Action":[ + "ec2:AssignPrivateIpAddresses" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"ecc1scoping3" + }, { "Action":"ec2:RunInstances", "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45345,6 +63127,41 @@ aws_managed_policies_data = """ ], "Sid":"eccRunInstances2" }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle-rac", + "custom-oracle" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*::snapshot/*" + ], + "Sid":"eccRunInstances3" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + }, + "StringNotEquals":{ + "ec2:MetadataHttpTokens":"required" + } + }, + "Effect":"Deny", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"RequireImdsV2" + }, { "Action":[ "ec2:RunInstances", @@ -45354,7 +63171,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45372,7 +63190,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45382,6 +63201,41 @@ aws_managed_policies_data = """ ], "Sid":"eccKeyPair2" }, + { + "Action":"ec2:CreateNetworkInterface", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"eccNetworkInterface1" + }, + { + "Action":"ec2:CreateNetworkInterface", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"eccNetworkInterface2" + }, + { + "Action":"ec2:DeleteNetworkInterface", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"eccNetworkInterface3" + }, { "Action":[ "ec2:CreateTags" @@ -45390,7 +63244,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45406,12 +63261,15 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ], "ec2:CreateAction":[ "CreateKeyPair", "RunInstances", + "CreateNetworkInterface", "CreateVolume", + "CreateSnapshot", "CreateSnapshots", "CopySnapshot", "AllocateAddress" @@ -45431,7 +63289,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45448,7 +63307,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45466,7 +63326,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45483,7 +63344,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45494,13 +63356,15 @@ aws_managed_policies_data = """ { "Action":[ "ec2:CopySnapshot", + "ec2:CreateSnapshot", "ec2:CreateSnapshots" ], "Condition":{ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45514,7 +63378,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45525,6 +63390,21 @@ aws_managed_policies_data = """ ], "Sid":"eccSnapshot3" }, + { + "Action":"ec2:CreateSnapshot", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"eccSnapshot4" + }, { "Action":[ "iam:ListInstanceProfiles", @@ -45562,14 +63442,14 @@ aws_managed_policies_data = """ { "Action":[ "cloudwatch:EnableAlarmActions", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms" + "cloudwatch:DeleteAlarms" ], "Condition":{ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45586,7 +63466,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45594,6 +63475,14 @@ aws_managed_policies_data = """ "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", "Sid":"cw2" }, + { + "Action":[ + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:*", + "Sid":"cw3" + }, { "Action":"ssm:SendCommand", "Effect":"Allow", @@ -45606,7 +63495,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45624,6 +63514,37 @@ aws_managed_policies_data = """ "Resource":"*", "Sid":"ssm3" }, + { + "Action":[ + "ssm:PutParameter", + "ssm:AddTagsToResource" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", + "Sid":"ssm4" + }, + { + "Action":[ + "ssm:DeleteParameter" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle-rac" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/rds/custom-oracle-rac/*", + "Sid":"ssm5" + }, { "Action":[ "events:PutRule", @@ -45633,7 +63554,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45655,7 +63577,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45663,6 +63586,49 @@ aws_managed_policies_data = """ "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", "Sid":"eb2" }, + { + "Action":[ + "events:PutRule" + ], + "Condition":{ + "StringLike":{ + "events:ManagedBy":[ + "custom.rds.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb3" + }, + { + "Action":[ + "events:PutTargets", + "events:EnableRule", + "events:DeleteRule", + "events:RemoveTargets", + "events:DisableRule" + ], + "Condition":{ + "StringLike":{ + "events:ManagedBy":[ + "custom.rds.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb4" + }, + { + "Action":[ + "events:DescribeRule", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb5" + }, { "Action":[ "secretsmanager:TagResource", @@ -45672,7 +63638,8 @@ aws_managed_policies_data = """ "StringLike":{ "aws:RequestTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, @@ -45691,20 +63658,64 @@ aws_managed_policies_data = """ "StringLike":{ "aws:ResourceTag/AWSRDSCustom":[ "custom-oracle", - "custom-sqlserver" + "custom-sqlserver", + "custom-oracle-rac" ] } }, "Effect":"Allow", "Resource":"arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", "Sid":"secretmanager2" + }, + { + "Action":[ + "sqs:CreateQueue", + "sqs:TagQueue" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sqs:*:*:do-not-delete-rds-custom-*", + "Sid":"sqs1" + }, + { + "Action":[ + "sqs:GetQueueAttributes", + "sqs:SendMessage", + "sqs:ReceiveMessage", + "sqs:DeleteMessage", + "sqs:DeleteQueue" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sqs:*:*:do-not-delete-rds-custom-*", + "Sid":"sqs2" + }, + { + "Action":[ + "servicequotas:GetServiceQuota" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"servicequota1" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-10-08T21:39:12+00:00" + "UpdateDate":"2023-09-20T19:16:42+00:00" }, "AmazonRDSDataFullAccess":{ "CreateDate":"2018-11-20T21:29:36+00:00", @@ -45817,7 +63828,7 @@ aws_managed_policies_data = """ }, "AmazonRDSFullAccess":{ "CreateDate":"2015-02-06T18:40:52+00:00", - "DefaultVersionId":"v9", + "DefaultVersionId":"v14", "Document":{ "Statement":[ { @@ -45834,6 +63845,8 @@ aws_managed_policies_data = """ "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricData", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", @@ -45852,7 +63865,8 @@ aws_managed_policies_data = """ "sns:Publish", "logs:DescribeLogStreams", "logs:GetLogEvents", - "outposts:GetOutpostInstanceTypes" + "outposts:GetOutpostInstanceTypes", + "devops-guru:GetResourceCollection" ], "Effect":"Allow", "Resource":"*" @@ -45860,7 +63874,10 @@ aws_managed_policies_data = """ { "Action":"pi:*", "Effect":"Allow", - "Resource":"arn:aws:pi:*:*:metrics/rds/*" + "Resource":[ + "arn:aws:pi:*:*:metrics/rds/*", + "arn:aws:pi:*:*:perf-reports/rds/*" + ] }, { "Action":"iam:CreateServiceLinkedRole", @@ -45874,69 +63891,178 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "devops-guru:SearchInsights", + "devops-guru:ListAnomaliesForInsight" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "devops-guru:ServiceNames":[ + "RDS" + ] + }, + "Null":{ + "devops-guru:ServiceNames":"false" + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-07T21:11:46+00:00" + "UpdateDate":"2023-08-17T23:00:17+00:00" + }, + "AmazonRDSPerformanceInsightsFullAccess":{ + "CreateDate":"2023-08-15T23:41:34+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "pi:DescribeDimensionKeys", + "pi:GetDimensionKeyDetails", + "pi:GetResourceMetadata", + "pi:GetResourceMetrics", + "pi:ListAvailableResourceDimensions", + "pi:ListAvailableResourceMetrics" + ], + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:metrics/rds/*", + "Sid":"AmazonRDSPerformanceInsightsReadAccess" + }, + { + "Action":[ + "pi:CreatePerformanceAnalysisReport", + "pi:GetPerformanceAnalysisReport", + "pi:ListPerformanceAnalysisReports", + "pi:DeletePerformanceAnalysisReport" + ], + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:perf-reports/rds/*/*", + "Sid":"AmazonRDSPerformanceInsightsAnalisysReportFullAccess" + }, + { + "Action":[ + "pi:TagResource", + "pi:UntagResource", + "pi:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:*/rds/*", + "Sid":"AmazonRDSPerformanceInsightsTaggingFullAccess" + }, + { + "Action":[ + "rds:DescribeDBInstances", + "rds:DescribeDBClusters" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRDSDescribeInstanceAccess" + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonCloudWatchReadAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-10-23T21:14:27+00:00" }, "AmazonRDSPerformanceInsightsReadOnly":{ "CreateDate":"2022-04-05T00:02:08+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":"rds:DescribeDBInstances", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AmazonRDSDescribeDBInstances" }, { "Action":"rds:DescribeDBClusters", "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AmazonRDSDescribeDBClusters" }, { "Action":"pi:DescribeDimensionKeys", "Effect":"Allow", - "Resource":"arn:aws:pi:*:*:metrics/rds/*" + "Resource":"arn:aws:pi:*:*:metrics/rds/*", + "Sid":"AmazonRDSPerformanceInsightsDescribeDimensionKeys" }, { "Action":"pi:GetDimensionKeyDetails", "Effect":"Allow", - "Resource":"arn:aws:pi:*:*:metrics/rds/*" + "Resource":"arn:aws:pi:*:*:metrics/rds/*", + "Sid":"AmazonRDSPerformanceInsightsGetDimensionKeyDetails" }, { "Action":"pi:GetResourceMetadata", "Effect":"Allow", - "Resource":"arn:aws:pi:*:*:metrics/rds/*" + "Resource":"arn:aws:pi:*:*:metrics/rds/*", + "Sid":"AmazonRDSPerformanceInsightsGetResourceMetadata" }, { "Action":"pi:GetResourceMetrics", "Effect":"Allow", - "Resource":"arn:aws:pi:*:*:metrics/rds/*" + "Resource":"arn:aws:pi:*:*:metrics/rds/*", + "Sid":"AmazonRDSPerformanceInsightsGetResourceMetrics" }, { "Action":"pi:ListAvailableResourceDimensions", "Effect":"Allow", - "Resource":"arn:aws:pi:*:*:metrics/rds/*" + "Resource":"arn:aws:pi:*:*:metrics/rds/*", + "Sid":"AmazonRDSPerformanceInsightsListAvailableResourceDimensions" }, { "Action":"pi:ListAvailableResourceMetrics", "Effect":"Allow", - "Resource":"arn:aws:pi:*:*:metrics/rds/*" + "Resource":"arn:aws:pi:*:*:metrics/rds/*", + "Sid":"AmazonRDSPerformanceInsightsListAvailableResourceMetrics" + }, + { + "Action":"pi:GetPerformanceAnalysisReport", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:perf-reports/rds/*/*", + "Sid":"AmazonRDSPerformanceInsightsGetPerformanceAnalysisReport" + }, + { + "Action":"pi:ListPerformanceAnalysisReports", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:perf-reports/rds/*/*", + "Sid":"AmazonRDSPerformanceInsightsListPerformanceAnalysisReports" + }, + { + "Action":"pi:ListTagsForResource", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:*/rds/*", + "Sid":"AmazonRDSPerformanceInsightsListTagsForResource" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-05T00:02:08+00:00" + "UpdateDate":"2023-10-23T21:17:06+00:00" }, "AmazonRDSPreviewServiceRolePolicy":{ "CreateDate":"2018-05-31T18:02:00+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -46013,26 +64139,69 @@ aws_managed_policies_data = """ "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ - "AWS/DocDB", - "AWS/Neptune", - "AWS/RDS", + "AWS/DocDB-Preview", + "AWS/Neptune-Preview", + "AWS/RDS-Preview", "AWS/Usage" ] } }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "secretsmanager:GetRandomPassword" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:DeleteSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:PutSecretValue", + "secretsmanager:RotateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:UpdateSecretVersionStage", + "secretsmanager:ListSecretVersionIds" + ], + "Condition":{ + "StringLike":{ + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds-preview-us-east-2" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:rds-preview-us-east-2!*" + ] + }, + { + "Action":"secretsmanager:TagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws:rds:primaryDBInstanceArn", + "aws:rds:primaryDBClusterArn" + ] + }, + "StringLike":{ + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds-preview-us-east-2" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:rds-preview-us-east-2!*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-07T16:55:33+00:00" + "UpdateDate":"2023-10-04T19:01:52+00:00" }, "AmazonRDSReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:53+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -46053,22 +64222,43 @@ aws_managed_policies_data = """ { "Action":[ "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricData", "logs:DescribeLogStreams", - "logs:GetLogEvents" + "logs:GetLogEvents", + "devops-guru:GetResourceCollection" ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "devops-guru:SearchInsights", + "devops-guru:ListAnomaliesForInsight" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "devops-guru:ServiceNames":[ + "RDS" + ] + }, + "Null":{ + "devops-guru:ServiceNames":"false" + } + }, + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2017-08-28T21:36:32+00:00" + "UpdateDate":"2023-04-14T12:32:09+00:00" }, "AmazonRDSServiceRolePolicy":{ "CreateDate":"2018-01-08T18:17:46+00:00", - "DefaultVersionId":"v11", + "DefaultVersionId":"v12", "Document":{ "Statement":[ { @@ -46180,13 +64370,56 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "secretsmanager:GetRandomPassword" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:DeleteSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:PutSecretValue", + "secretsmanager:RotateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:UpdateSecretVersionStage", + "secretsmanager:ListSecretVersionIds" + ], + "Condition":{ + "StringLike":{ + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:rds!*" + ] + }, + { + "Action":"secretsmanager:TagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws:rds:primaryDBInstanceArn", + "aws:rds:primaryDBClusterArn" + ] + }, + "StringLike":{ + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"rds" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:rds!*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-03-21T15:03:27+00:00" + "UpdateDate":"2022-12-13T16:24:27+00:00" }, "AmazonRedshiftAllCommandsFullAccess":{ "CreateDate":"2021-11-04T00:48:08+00:00", @@ -46421,7 +64654,7 @@ aws_managed_policies_data = """ }, "AmazonRedshiftDataFullAccess":{ "CreateDate":"2020-09-09T19:23:55+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -46451,7 +64684,7 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*", + "Resource":"arn:aws:secretsmanager:*:*:secret:*", "Sid":"SecretsManagerPermissions" }, { @@ -46463,6 +64696,12 @@ aws_managed_policies_data = """ ], "Sid":"GetCredentialsForAPIUser" }, + { + "Action":"redshift:GetClusterCredentialsWithIAM", + "Effect":"Allow", + "Resource":"arn:aws:redshift:*:*:dbname:*/*", + "Sid":"GetCredentialsWithFederatedIAMCredentials" + }, { "Action":"redshift-serverless:GetCredentials", "Condition":{ @@ -46471,7 +64710,7 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*", + "Resource":"arn:aws:redshift-serverless:*:*:workgroup/*", "Sid":"GetCredentialsForServerless" }, { @@ -46498,7 +64737,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-12T03:34:16+00:00" + "UpdateDate":"2023-04-07T18:18:32+00:00" }, "AmazonRedshiftFullAccess":{ "CreateDate":"2015-02-06T18:40:50+00:00", @@ -46733,7 +64972,7 @@ aws_managed_policies_data = """ }, "AmazonRedshiftQueryEditorV2NoSharing":{ "CreateDate":"2021-09-24T14:18:42+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -46789,7 +65028,13 @@ aws_managed_policies_data = """ "sqlworkbench:UpdateFolder", "sqlworkbench:ListRedshiftClusters", "sqlworkbench:DriverExecute", - "sqlworkbench:ListTaggedResources" + "sqlworkbench:ListTaggedResources", + "sqlworkbench:ListQueryExecutionHistory", + "sqlworkbench:GetQueryExecutionHistory", + "sqlworkbench:ListNotebooks", + "sqlworkbench:GetSchemaInference", + "sqlworkbench:GetAutocompletionMetadata", + "sqlworkbench:GetAutocompletionResource" ], "Effect":"Allow", "Resource":"*", @@ -46799,7 +65044,11 @@ aws_managed_policies_data = """ "Action":[ "sqlworkbench:CreateConnection", "sqlworkbench:CreateSavedQuery", - "sqlworkbench:CreateChart" + "sqlworkbench:CreateChart", + "sqlworkbench:CreateNotebook", + "sqlworkbench:DuplicateNotebook", + "sqlworkbench:CreateNotebookFromVersion", + "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ @@ -46825,8 +65074,26 @@ aws_managed_policies_data = """ "sqlworkbench:AssociateConnectionWithTab", "sqlworkbench:AssociateQueryWithTab", "sqlworkbench:AssociateConnectionWithChart", + "sqlworkbench:AssociateNotebookWithTab", "sqlworkbench:UpdateFileFolder", - "sqlworkbench:ListTagsForResource" + "sqlworkbench:ListTagsForResource", + "sqlworkbench:GetNotebook", + "sqlworkbench:UpdateNotebook", + "sqlworkbench:DeleteNotebook", + "sqlworkbench:DuplicateNotebook", + "sqlworkbench:CreateNotebookCell", + "sqlworkbench:DeleteNotebookCell", + "sqlworkbench:UpdateNotebookCellContent", + "sqlworkbench:UpdateNotebookCellLayout", + "sqlworkbench:BatchGetNotebookCell", + "sqlworkbench:ListNotebookVersions", + "sqlworkbench:CreateNotebookVersion", + "sqlworkbench:GetNotebookVersion", + "sqlworkbench:DeleteNotebookVersion", + "sqlworkbench:RestoreNotebookVersion", + "sqlworkbench:CreateNotebookFromVersion", + "sqlworkbench:ExportNotebook", + "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ @@ -46857,11 +65124,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-15T09:48:24+00:00" + "UpdateDate":"2023-08-16T19:24:59+00:00" }, "AmazonRedshiftQueryEditorV2ReadSharing":{ "CreateDate":"2021-09-24T14:22:21+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -46917,7 +65184,13 @@ aws_managed_policies_data = """ "sqlworkbench:UpdateFolder", "sqlworkbench:ListRedshiftClusters", "sqlworkbench:DriverExecute", - "sqlworkbench:ListTaggedResources" + "sqlworkbench:ListTaggedResources", + "sqlworkbench:ListQueryExecutionHistory", + "sqlworkbench:GetQueryExecutionHistory", + "sqlworkbench:ListNotebooks", + "sqlworkbench:GetSchemaInference", + "sqlworkbench:GetAutocompletionMetadata", + "sqlworkbench:GetAutocompletionResource" ], "Effect":"Allow", "Resource":"*", @@ -46927,7 +65200,11 @@ aws_managed_policies_data = """ "Action":[ "sqlworkbench:CreateConnection", "sqlworkbench:CreateSavedQuery", - "sqlworkbench:CreateChart" + "sqlworkbench:CreateChart", + "sqlworkbench:CreateNotebook", + "sqlworkbench:DuplicateNotebook", + "sqlworkbench:CreateNotebookFromVersion", + "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ @@ -46953,8 +65230,26 @@ aws_managed_policies_data = """ "sqlworkbench:AssociateConnectionWithTab", "sqlworkbench:AssociateQueryWithTab", "sqlworkbench:AssociateConnectionWithChart", + "sqlworkbench:AssociateNotebookWithTab", "sqlworkbench:UpdateFileFolder", - "sqlworkbench:ListTagsForResource" + "sqlworkbench:ListTagsForResource", + "sqlworkbench:GetNotebook", + "sqlworkbench:UpdateNotebook", + "sqlworkbench:DeleteNotebook", + "sqlworkbench:DuplicateNotebook", + "sqlworkbench:CreateNotebookCell", + "sqlworkbench:DeleteNotebookCell", + "sqlworkbench:UpdateNotebookCellContent", + "sqlworkbench:UpdateNotebookCellLayout", + "sqlworkbench:BatchGetNotebookCell", + "sqlworkbench:ListNotebookVersions", + "sqlworkbench:CreateNotebookVersion", + "sqlworkbench:GetNotebookVersion", + "sqlworkbench:DeleteNotebookVersion", + "sqlworkbench:RestoreNotebookVersion", + "sqlworkbench:CreateNotebookFromVersion", + "sqlworkbench:ExportNotebook", + "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ @@ -46987,7 +65282,15 @@ aws_managed_policies_data = """ "sqlworkbench:GetSavedQuery", "sqlworkbench:ListSavedQueryVersions", "sqlworkbench:ListTagsForResource", - "sqlworkbench:AssociateQueryWithTab" + "sqlworkbench:AssociateQueryWithTab", + "sqlworkbench:AssociateNotebookWithTab", + "sqlworkbench:GetNotebook", + "sqlworkbench:DuplicateNotebook", + "sqlworkbench:BatchGetNotebookCell", + "sqlworkbench:ListNotebookVersions", + "sqlworkbench:GetNotebookVersion", + "sqlworkbench:CreateNotebookFromVersion", + "sqlworkbench:ExportNotebook" ], "Condition":{ "StringEquals":{ @@ -47032,11 +65335,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-15T10:16:40+00:00" + "UpdateDate":"2023-08-16T19:23:13+00:00" }, "AmazonRedshiftQueryEditorV2ReadWriteSharing":{ "CreateDate":"2021-09-24T14:25:37+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -47092,7 +65395,13 @@ aws_managed_policies_data = """ "sqlworkbench:UpdateFolder", "sqlworkbench:ListRedshiftClusters", "sqlworkbench:DriverExecute", - "sqlworkbench:ListTaggedResources" + "sqlworkbench:ListTaggedResources", + "sqlworkbench:ListQueryExecutionHistory", + "sqlworkbench:GetQueryExecutionHistory", + "sqlworkbench:ListNotebooks", + "sqlworkbench:GetSchemaInference", + "sqlworkbench:GetAutocompletionMetadata", + "sqlworkbench:GetAutocompletionResource" ], "Effect":"Allow", "Resource":"*", @@ -47102,7 +65411,11 @@ aws_managed_policies_data = """ "Action":[ "sqlworkbench:CreateConnection", "sqlworkbench:CreateSavedQuery", - "sqlworkbench:CreateChart" + "sqlworkbench:CreateChart", + "sqlworkbench:CreateNotebook", + "sqlworkbench:DuplicateNotebook", + "sqlworkbench:CreateNotebookFromVersion", + "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ @@ -47128,8 +65441,26 @@ aws_managed_policies_data = """ "sqlworkbench:AssociateConnectionWithTab", "sqlworkbench:AssociateQueryWithTab", "sqlworkbench:AssociateConnectionWithChart", + "sqlworkbench:AssociateNotebookWithTab", "sqlworkbench:UpdateFileFolder", - "sqlworkbench:ListTagsForResource" + "sqlworkbench:ListTagsForResource", + "sqlworkbench:GetNotebook", + "sqlworkbench:UpdateNotebook", + "sqlworkbench:DeleteNotebook", + "sqlworkbench:DuplicateNotebook", + "sqlworkbench:CreateNotebookCell", + "sqlworkbench:DeleteNotebookCell", + "sqlworkbench:UpdateNotebookCellContent", + "sqlworkbench:UpdateNotebookCellLayout", + "sqlworkbench:BatchGetNotebookCell", + "sqlworkbench:ListNotebookVersions", + "sqlworkbench:CreateNotebookVersion", + "sqlworkbench:GetNotebookVersion", + "sqlworkbench:DeleteNotebookVersion", + "sqlworkbench:RestoreNotebookVersion", + "sqlworkbench:CreateNotebookFromVersion", + "sqlworkbench:ExportNotebook", + "sqlworkbench:ImportNotebook" ], "Condition":{ "StringEquals":{ @@ -47167,7 +65498,15 @@ aws_managed_policies_data = """ "sqlworkbench:UpdateSavedQuery", "sqlworkbench:AssociateConnectionWithTab", "sqlworkbench:AssociateQueryWithTab", - "sqlworkbench:AssociateConnectionWithChart" + "sqlworkbench:AssociateConnectionWithChart", + "sqlworkbench:AssociateNotebookWithTab", + "sqlworkbench:GetNotebook", + "sqlworkbench:DuplicateNotebook", + "sqlworkbench:BatchGetNotebookCell", + "sqlworkbench:ListNotebookVersions", + "sqlworkbench:GetNotebookVersion", + "sqlworkbench:CreateNotebookFromVersion", + "sqlworkbench:ExportNotebook" ], "Condition":{ "StringEquals":{ @@ -47212,7 +65551,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-15T10:59:24+00:00" + "UpdateDate":"2023-08-16T18:23:05+00:00" }, "AmazonRedshiftReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:51+00:00", @@ -47248,7 +65587,7 @@ aws_managed_policies_data = """ }, "AmazonRedshiftServiceLinkedRolePolicy":{ "CreateDate":"2017-09-18T19:19:45+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v12", "Document":{ "Statement":[ { @@ -47324,55 +65663,44 @@ aws_managed_policies_data = """ }, { "Action":[ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:UpdateSecurityGroupRuleDescriptionsEgress", - "ec2:ReplaceRouteTableAssociation", - "ec2:CreateRouteTable", - "ec2:AttachInternetGateway", - "ec2:UpdateSecurityGroupRuleDescriptionsIngress", - "ec2:AssociateRouteTable", - "ec2:RevokeSecurityGroupIngress", - "ec2:CreateRoute", - "ec2:CreateSecurityGroup", - "ec2:RevokeSecurityGroupEgress", - "ec2:ModifyVpcAttribute", - "ec2:CreateSubnet" + "ec2:CreateSecurityGroup" ], "Condition":{ "StringEquals":{ - "aws:ResourceTag/Purpose":"RedshiftMigrateToVpc" + "aws:RequestTag/Redshift":"true" } }, "Effect":"Allow", "Resource":[ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:route-table/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:internet-gateway/*" + "arn:aws:ec2:*:*:security-group/*" ] }, { "Action":[ - "ec2:CreateSecurityGroup", - "ec2:CreateInternetGateway", - "ec2:CreateVpc", - "ec2:CreateRouteTable", - "ec2:CreateSubnet" + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:ModifySecurityGroupRules", + "ec2:DeleteSecurityGroup" ], "Condition":{ "StringEquals":{ - "aws:RequestTag/Purpose":"RedshiftMigrateToVpc" + "aws:ResourceTag/Redshift":"true" } }, "Effect":"Allow", "Resource":[ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:route-table/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:internet-gateway/*" + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*" ] }, { @@ -47419,23 +65747,61 @@ aws_managed_policies_data = """ "Condition":{ "StringEquals":{ "cloudwatch:namespace":[ - "AWS/Redshift-Serverless" + "AWS/Redshift-Serverless", + "AWS/Redshift" ] } }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "secretsmanager:DescribeSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:PutSecretValue", + "secretsmanager:UpdateSecret", + "secretsmanager:UpdateSecretVersionStage", + "secretsmanager:RotateSecret" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"redshift" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:redshift!*" + ] + }, + { + "Action":[ + "secretsmanager:GetRandomPassword" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AssignIpv6Addresses", + "ec2:UnassignIpv6Addresses" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-01T00:34:09+00:00" + "UpdateDate":"2023-10-27T16:20:17+00:00" }, "AmazonRekognitionCustomLabelsFullAccess":{ "CreateDate":"2020-01-08T19:18:34+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -47473,7 +65839,11 @@ aws_managed_policies_data = """ "rekognition:DescribeDataset", "rekognition:UpdateDatasetEntries", "rekognition:DistributeDatasetEntries", - "rekognition:DeleteDataset" + "rekognition:DeleteDataset", + "rekognition:CopyProjectVersion", + "rekognition:PutProjectPolicy", + "rekognition:ListProjectPolicies", + "rekognition:DeleteProjectPolicy" ], "Effect":"Allow", "Resource":"*" @@ -47483,7 +65853,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-03T02:53:05+00:00" + "UpdateDate":"2022-08-16T20:20:43+00:00" }, "AmazonRekognitionFullAccess":{ "CreateDate":"2016-11-30T14:40:44+00:00", @@ -47506,7 +65876,7 @@ aws_managed_policies_data = """ }, "AmazonRekognitionReadOnlyAccess":{ "CreateDate":"2016-11-30T14:58:06+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v10", "Document":{ "Statement":[ { @@ -47539,17 +65909,24 @@ aws_managed_policies_data = """ "rekognition:ListTagsForResource", "rekognition:ListDatasetEntries", "rekognition:ListDatasetLabels", - "rekognition:DescribeDataset" + "rekognition:DescribeDataset", + "rekognition:ListProjectPolicies", + "rekognition:ListUsers", + "rekognition:SearchUsers", + "rekognition:SearchUsersByImage", + "rekognition:GetMediaAnalysisJob", + "rekognition:ListMediaAnalysisJobs" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AmazonRekognitionReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-03T02:53:36+00:00" + "UpdateDate":"2023-11-08T18:30:22+00:00" }, "AmazonRekognitionServiceRole":{ "CreateDate":"2017-11-29T16:52:13+00:00", @@ -47836,7 +66213,7 @@ aws_managed_policies_data = """ }, "AmazonRoute53RecoveryControlConfigReadOnlyAccess":{ "CreateDate":"2021-08-18T18:01:12+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -47846,6 +66223,7 @@ aws_managed_policies_data = """ "route53-recovery-control-config:DescribeRoutingControl", "route53-recovery-control-config:DescribeRoutingControlByName", "route53-recovery-control-config:DescribeSafetyRule", + "route53-recovery-control-config:GetResourcePolicy", "route53-recovery-control-config:ListAssociatedRoute53HealthChecks", "route53-recovery-control-config:ListClusters", "route53-recovery-control-config:ListControlPanels", @@ -47861,7 +66239,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-12-09T23:38:51+00:00" + "UpdateDate":"2023-10-18T17:15:33+00:00" }, "AmazonRoute53RecoveryReadinessFullAccess":{ "CreateDate":"2021-08-18T16:45:07+00:00", @@ -48115,13 +66493,14 @@ aws_managed_policies_data = """ }, "AmazonS3ReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:59+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "s3:Get*", "s3:List*", + "s3:Describe*", "s3-object-lambda:Get*", "s3-object-lambda:List*" ], @@ -48133,7 +66512,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-09-27T20:24:58+00:00" + "UpdateDate":"2023-08-10T21:31:39+00:00" }, "AmazonSESFullAccess":{ "CreateDate":"2015-02-06T18:41:02+00:00", @@ -48259,7 +66638,7 @@ aws_managed_policies_data = """ }, "AmazonSQSReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:08+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -48267,7 +66646,8 @@ aws_managed_policies_data = """ "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListDeadLetterSourceQueues", - "sqs:ListQueues" + "sqs:ListQueues", + "sqs:ListMessageMoveTasks" ], "Effect":"Allow", "Resource":"*" @@ -48277,7 +66657,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-08-20T23:35:49+00:00" + "UpdateDate":"2023-06-15T15:37:35+00:00" }, "AmazonSSMAutomationApproverAccess":{ "CreateDate":"2017-08-07T23:07:28+00:00", @@ -48505,6 +66885,59 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-07-27T00:16:05+00:00" }, + "AmazonSSMManagedEC2InstanceDefaultPolicy":{ + "CreateDate":"2022-08-30T20:54:27+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-08-30T20:54:27+00:00" + }, "AmazonSSMManagedInstanceCore":{ "CreateDate":"2019-03-15T17:22:12+00:00", "DefaultVersionId":"v2", @@ -48615,7 +67048,7 @@ aws_managed_policies_data = """ }, "AmazonSSMServiceRolePolicy":{ "CreateDate":"2017-11-13T19:20:08+00:00", - "DefaultVersionId":"v13", + "DefaultVersionId":"v14", "Document":{ "Statement":[ { @@ -48628,6 +67061,7 @@ aws_managed_policies_data = """ "ssm:GetAutomationExecution", "ssm:GetParameters", "ssm:StartAutomationExecution", + "ssm:StopAutomationExecution", "ssm:ListTagsForResource", "ssm:GetCalendarState" ], @@ -48752,6 +67186,11 @@ aws_managed_policies_data = """ "*" ] }, + { + "Action":"cloudwatch:DescribeAlarms", + "Effect":"Allow", + "Resource":"*" + }, { "Action":"iam:PassRole", "Condition":{ @@ -48830,7 +67269,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-04-26T20:43:46+00:00" + "UpdateDate":"2022-09-14T19:46:49+00:00" }, "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy":{ "CreateDate":"2020-11-27T18:48:07+00:00", @@ -49271,6 +67710,938 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-08-02T19:12:55+00:00" }, + "AmazonSageMakerCanvasAIServicesAccess":{ + "CreateDate":"2023-03-23T22:36:43+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "textract:AnalyzeDocument", + "textract:AnalyzeExpense", + "textract:AnalyzeID", + "textract:StartDocumentAnalysis", + "textract:StartExpenseAnalysis", + "textract:GetDocumentAnalysis", + "textract:GetExpenseAnalysis" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Textract" + }, + { + "Action":[ + "rekognition:DetectLabels", + "rekognition:DetectText" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Rekognition" + }, + { + "Action":[ + "comprehend:BatchDetectDominantLanguage", + "comprehend:BatchDetectEntities", + "comprehend:BatchDetectSentiment", + "comprehend:DetectPiiEntities", + "comprehend:DetectEntities", + "comprehend:DetectSentiment", + "comprehend:DetectDominantLanguage" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Comprehend" + }, + { + "Action":[ + "bedrock:InvokeModel", + "bedrock:ListFoundationModels", + "bedrock:InvokeModelWithResponseStream" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Bedrock" + }, + { + "Action":[ + "bedrock:CreateModelCustomizationJob", + "bedrock:CreateProvisionedModelThroughput", + "bedrock:TagResource" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "SageMaker", + "Canvas" + ] + }, + "StringEquals":{ + "aws:RequestTag/Canvas":"true", + "aws:RequestTag/SageMaker":"true", + "aws:ResourceTag/Canvas":"true", + "aws:ResourceTag/SageMaker":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:bedrock:*:*:model-customization-job/*", + "arn:aws:bedrock:*:*:custom-model/*", + "arn:aws:bedrock:*:*:provisioned-model/*" + ], + "Sid":"CreateBedrockResourcesPermission" + }, + { + "Action":[ + "bedrock:GetModelCustomizationJob", + "bedrock:GetCustomModel", + "bedrock:GetProvisionedModelThroughput", + "bedrock:StopModelCustomizationJob", + "bedrock:DeleteProvisionedModelThroughput" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/Canvas":"true", + "aws:ResourceTag/SageMaker":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:bedrock:*:*:model-customization-job/*", + "arn:aws:bedrock:*:*:custom-model/*", + "arn:aws:bedrock:*:*:provisioned-model/*" + ], + "Sid":"GetStopAndDeleteBedrockResourcesPermission" + }, + { + "Action":[ + "bedrock:CreateModelCustomizationJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:bedrock:*::foundation-model/*" + ], + "Sid":"FoundationModelPermission" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"bedrock.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/*" + ], + "Sid":"BedrockFineTuningPassRole" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-29T14:47:09+00:00" + }, + "AmazonSageMakerCanvasDataPrepFullAccess":{ + "CreateDate":"2023-10-27T22:56:13+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"sagemaker:ListFeatureGroups", + "Effect":"Allow", + "Resource":"*", + "Sid":"SageMakerListFeatureGroupOperation" + }, + { + "Action":[ + "sagemaker:CreateFeatureGroup", + "sagemaker:DescribeFeatureGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:feature-group/*", + "Sid":"SageMakerFeatureGroupOperations" + }, + { + "Action":[ + "sagemaker:CreateProcessingJob", + "sagemaker:DescribeProcessingJob", + "sagemaker:AddTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:processing-job/*canvas-data-prep*", + "Sid":"SageMakerProcessingJobOperations" + }, + { + "Action":"sagemaker:ListProcessingJobs", + "Effect":"Allow", + "Resource":"*", + "Sid":"SageMakerProcessingJobListOperation" + }, + { + "Action":[ + "sagemaker:DescribePipeline", + "sagemaker:CreatePipeline", + "sagemaker:UpdatePipeline", + "sagemaker:DeletePipeline", + "sagemaker:StartPipelineExecution", + "sagemaker:ListPipelineExecutionSteps", + "sagemaker:DescribePipelineExecution" + ], + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:pipeline/*canvas-data-prep*", + "Sid":"SageMakerPipelineOperations" + }, + { + "Action":"kms:ListAliases", + "Effect":"Allow", + "Resource":"*", + "Sid":"KMSListOperations" + }, + { + "Action":"kms:DescribeKey", + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"KMSOperations" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:GetBucketCors", + "s3:GetBucketLocation", + "s3:AbortMultipartUpload" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ], + "Sid":"S3Operations" + }, + { + "Action":"s3:GetObject", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + }, + "StringEqualsIgnoreCase":{ + "s3:ExistingObjectTag/SageMaker":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*", + "Sid":"S3GetObjectOperation" + }, + { + "Action":[ + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3ListOperations" + }, + { + "Action":"iam:ListRoles", + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMListOperations" + }, + { + "Action":"iam:GetRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMGetOperations" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "sagemaker.amazonaws.com", + "events.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMPassOperation" + }, + { + "Action":[ + "events:PutRule" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/sagemaker:is-canvas-data-prep-job":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/*", + "Sid":"EventBridgePutOperation" + }, + { + "Action":[ + "events:DescribeRule", + "events:PutTargets" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/sagemaker:is-canvas-data-prep-job":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/*", + "Sid":"EventBridgeOperations" + }, + { + "Action":[ + "events:TagResource" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/sagemaker:is-canvas-data-prep-job":"true", + "aws:ResourceTag/sagemaker:is-canvas-data-prep-job":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/*", + "Sid":"EventBridgeTagBasedOperations" + }, + { + "Action":"events:ListTagsForResource", + "Effect":"Allow", + "Resource":"*", + "Sid":"EventBridgeListTagOperation" + }, + { + "Action":[ + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:SearchTables" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:table/*", + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*" + ], + "Sid":"GlueOperations" + }, + { + "Action":[ + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:ListInstanceGroups" + ], + "Effect":"Allow", + "Resource":"arn:aws:elasticmapreduce:*:*:cluster/*", + "Sid":"EMROperations" + }, + { + "Action":"elasticmapreduce:ListClusters", + "Effect":"Allow", + "Resource":"*", + "Sid":"EMRListOperation" + }, + { + "Action":"athena:ListDataCatalogs", + "Effect":"Allow", + "Resource":"*", + "Sid":"AthenaListDataCatalogOperation" + }, + { + "Action":[ + "athena:GetQueryExecution", + "athena:GetQueryResults", + "athena:StartQueryExecution", + "athena:StopQueryExecution" + ], + "Effect":"Allow", + "Resource":"arn:aws:athena:*:*:workgroup/*", + "Sid":"AthenaQueryExecutionOperations" + }, + { + "Action":[ + "athena:ListDatabases", + "athena:ListTableMetadata" + ], + "Effect":"Allow", + "Resource":"arn:aws:athena:*:*:datacatalog/*", + "Sid":"AthenaDataCatalogOperations" + }, + { + "Action":[ + "redshift-data:DescribeStatement", + "redshift-data:CancelStatement", + "redshift-data:GetStatementResult" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RedshiftOperations" + }, + { + "Action":[ + "redshift-data:ExecuteStatement", + "redshift-data:ListSchemas", + "redshift-data:ListTables" + ], + "Effect":"Allow", + "Resource":"arn:aws:redshift:*:*:cluster:*", + "Sid":"RedshiftArnBasedOperations" + }, + { + "Action":"redshift:GetClusterCredentials", + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", + "arn:aws:redshift:*:*:dbname:*" + ], + "Sid":"RedshiftGetCredentialsOperation" + }, + { + "Action":"secretsmanager:CreateSecret", + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*", + "Sid":"SecretsManagerARNBasedOperation" + }, + { + "Action":[ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}", + "aws:ResourceTag/SageMaker":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*", + "Sid":"SecretManagerTagBasedOperation" + }, + { + "Action":"rds:DescribeDBInstances", + "Effect":"Allow", + "Resource":"*", + "Sid":"RDSOperation" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/sagemaker/studio:*", + "Sid":"LoggingOperation" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-08T02:53:24+00:00" + }, + "AmazonSageMakerCanvasDirectDeployAccess":{ + "CreateDate":"2023-10-06T18:11:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:CreateEndpoint", + "sagemaker:CreateEndpointConfig", + "sagemaker:DeleteEndpoint", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeEndpointConfig", + "sagemaker:InvokeEndpoint", + "sagemaker:UpdateEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:Canvas*", + "arn:aws:sagemaker:*:*:canvas*" + ], + "Sid":"SageMakerEndpointPerms" + }, + { + "Action":"cloudwatch:GetMetricData", + "Effect":"Allow", + "Resource":"*", + "Sid":"ReadCWInvocationMetrics" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-10-06T18:11:53+00:00" + }, + "AmazonSageMakerCanvasForecastAccess":{ + "CreateDate":"2022-08-24T20:04:20+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::sagemaker-*/Canvas*", + "arn:aws:s3:::sagemaker-*/canvas*" + ] + }, + { + "Action":[ + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::sagemaker-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-08-24T20:04:20+00:00" + }, + "AmazonSageMakerCanvasFullAccess":{ + "CreateDate":"2022-09-09T00:44:25+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:DescribeDomain", + "sagemaker:DescribeUserProfile", + "sagemaker:ListTags", + "sagemaker:ListModelPackages", + "sagemaker:ListModelPackageGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SageMakerUserDetailsAndPackageOperations" + }, + { + "Action":[ + "sagemaker:CreateModelPackageGroup", + "sagemaker:CreateModelPackage", + "sagemaker:DescribeModelPackageGroup", + "sagemaker:DescribeModelPackage" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:model-package/*", + "arn:aws:sagemaker:*:*:model-package-group/*" + ], + "Sid":"SageMakerPackageGroupOperations" + }, + { + "Action":[ + "sagemaker:CreateCompilationJob", + "sagemaker:CreateEndpoint", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateModel", + "sagemaker:CreateProcessingJob", + "sagemaker:CreateAutoMLJob", + "sagemaker:CreateAutoMLJobV2", + "sagemaker:DeleteEndpoint", + "sagemaker:DescribeCompilationJob", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeModel", + "sagemaker:DescribeProcessingJob", + "sagemaker:DescribeAutoMLJob", + "sagemaker:DescribeAutoMLJobV2", + "sagemaker:ListCandidatesForAutoMLJob", + "sagemaker:AddTags", + "sagemaker:DeleteApp" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:*Canvas*", + "arn:aws:sagemaker:*:*:*canvas*", + "arn:aws:sagemaker:*:*:*model-compilation-*" + ], + "Sid":"SageMakerTrainingOperations" + }, + { + "Action":[ + "sagemaker:DeleteEndpointConfig", + "sagemaker:DeleteModel", + "sagemaker:InvokeEndpoint", + "sagemaker:UpdateEndpointWeightsAndCapacities", + "sagemaker:InvokeEndpointAsync" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:*Canvas*", + "arn:aws:sagemaker:*:*:*canvas*" + ], + "Sid":"SageMakerHostingOperations" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcEndpointServices" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2VPCOperation" + }, + { + "Action":[ + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer", + "ecr:GetAuthorizationToken" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ECROperations" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMGetOperations" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"sagemaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMPassOperation" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/sagemaker/*", + "Sid":"LoggingOperation" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:CreateBucket", + "s3:GetBucketCors", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ], + "Sid":"S3Operations" + }, + { + "Action":"s3:GetObject", + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::jumpstart-cache-prod-us-west-2/*", + "arn:aws:s3:::jumpstart-cache-prod-us-east-1/*", + "arn:aws:s3:::jumpstart-cache-prod-us-east-2/*", + "arn:aws:s3:::jumpstart-cache-prod-eu-west-1/*", + "arn:aws:s3:::jumpstart-cache-prod-eu-central-1/*", + "arn:aws:s3:::jumpstart-cache-prod-ap-south-1/*", + "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-2/*", + "arn:aws:s3:::jumpstart-cache-prod-ap-northeast-1/*", + "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-1/*", + "arn:aws:s3:::jumpstart-cache-prod-ap-southeast-2/*" + ], + "Sid":"ReadSageMakerJumpstartArtifacts" + }, + { + "Action":[ + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3ListOperations" + }, + { + "Action":"glue:SearchTables", + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:table/*/*", + "arn:aws:glue:*:*:database/*", + "arn:aws:glue:*:*:catalog" + ], + "Sid":"GlueOperations" + }, + { + "Action":[ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:CreateSecret", + "secretsmanager:PutResourcePolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" + ], + "Sid":"SecretsManagerARNBasedOperation" + }, + { + "Action":[ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "StringEquals":{ + "secretsmanager:ResourceTag/SageMaker":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SecretManagerTagBasedOperation" + }, + { + "Action":[ + "redshift-data:ExecuteStatement", + "redshift-data:DescribeStatement", + "redshift-data:CancelStatement", + "redshift-data:GetStatementResult", + "redshift-data:ListSchemas", + "redshift-data:ListTables", + "redshift-data:DescribeTable" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RedshiftOperations" + }, + { + "Action":[ + "redshift:GetClusterCredentials" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", + "arn:aws:redshift:*:*:dbname:*" + ], + "Sid":"RedshiftGetCredentialsOperation" + }, + { + "Action":[ + "forecast:CreateExplainabilityExport", + "forecast:CreateExplainability", + "forecast:CreateForecastEndpoint", + "forecast:CreateAutoPredictor", + "forecast:CreateDatasetImportJob", + "forecast:CreateDatasetGroup", + "forecast:CreateDataset", + "forecast:CreateForecast", + "forecast:CreateForecastExportJob", + "forecast:CreatePredictorBacktestExportJob", + "forecast:CreatePredictor", + "forecast:DescribeExplainabilityExport", + "forecast:DescribeExplainability", + "forecast:DescribeAutoPredictor", + "forecast:DescribeForecastEndpoint", + "forecast:DescribeDatasetImportJob", + "forecast:DescribeDataset", + "forecast:DescribeForecast", + "forecast:DescribeForecastExportJob", + "forecast:DescribePredictorBacktestExportJob", + "forecast:GetAccuracyMetrics", + "forecast:InvokeForecastEndpoint", + "forecast:GetRecentForecastContext", + "forecast:DescribePredictor", + "forecast:TagResource", + "forecast:DeleteResourceTree" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:forecast:*:*:*Canvas*" + ], + "Sid":"ForecastOperations" + }, + { + "Action":"rds:DescribeDBInstances", + "Effect":"Allow", + "Resource":"*", + "Sid":"RDSOperation" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"forecast.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMPassOperationForForecast" + }, + { + "Action":[ + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget" + ], + "Condition":{ + "StringEquals":{ + "application-autoscaling:scalable-dimension":"sagemaker:variant:DesiredInstanceCount", + "application-autoscaling:service-namespace":"sagemaker" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:application-autoscaling:*:*:scalable-target/*", + "Sid":"AutoscalingOperations" + }, + { + "Action":[ + "cloudwatch:DescribeAlarms", + "sagemaker:DescribeEndpointConfig" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AsyncEndpointOperations" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"application-autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" + ], + "Sid":"SageMakerCloudWatchUpdate" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"sagemaker.application-autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", + "Sid":"AutoscalingSageMakerEndpointOperation" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-09T00:58:33+00:00" + }, + "AmazonSageMakerClusterInstanceRolePolicy":{ + "CreateDate":"2023-11-29T15:11:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*:log-stream:*" + ], + "Sid":"CloudwatchLogStreamPublishPermissions" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*" + ], + "Sid":"CloudwatchLogGroupCreationPermissions" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"/aws/sagemaker/Clusters" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"CloudwatchPutMetricDataAccess" + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetObject" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::sagemaker-*" + ], + "Sid":"DataRetrievalFromS3BucketPermissions" + }, + { + "Action":[ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SSMConnectivityPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-29T15:11:26+00:00" + }, "AmazonSageMakerCoreServiceRolePolicy":{ "CreateDate":"2020-12-21T21:40:47+00:00", "DefaultVersionId":"v1", @@ -49397,7 +68768,7 @@ aws_managed_policies_data = """ }, "AmazonSageMakerFeatureStoreAccess":{ "CreateDate":"2020-12-01T16:24:05+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -49412,30 +68783,66 @@ aws_managed_policies_data = """ "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*/metadata/*", + "arn:aws:s3:::*Sagemaker*/metadata/*", + "arn:aws:s3:::*sagemaker*/metadata/*" + ] + }, + { + "Action":[ + "glue:GetTable", + "glue:UpdateTable" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/sagemaker_featurestore", + "arn:aws:glue:*:*:table/sagemaker_featurestore/*" + ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-02-24T02:18:50+00:00" + "UpdateDate":"2022-12-05T14:19:58+00:00" }, "AmazonSageMakerFullAccess":{ "CreateDate":"2017-11-29T13:07:59+00:00", - "DefaultVersionId":"v23", + "DefaultVersionId":"v25", "Document":{ "Statement":[ { "Action":[ - "sagemaker:*" + "sagemaker:*", + "sagemaker-geospatial:*" ], "Effect":"Allow", "NotResource":[ "arn:aws:sagemaker:*:*:domain/*", "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:app/*", + "arn:aws:sagemaker:*:*:space/*", "arn:aws:sagemaker:*:*:flow-definition/*" - ] + ], + "Sid":"AllowAllNonAdminSageMakerActions" + }, + { + "Action":[ + "sagemaker:AddTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:app/*" + ], + "Sid":"AllowAddTagsForApp" }, { "Action":[ @@ -49444,11 +68851,99 @@ aws_managed_policies_data = """ "sagemaker:ListDomains", "sagemaker:DescribeUserProfile", "sagemaker:ListUserProfiles", - "sagemaker:*App", + "sagemaker:DescribeSpace", + "sagemaker:ListSpaces", + "sagemaker:DescribeApp", "sagemaker:ListApps" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowStudioActions" + }, + { + "Action":[ + "sagemaker:CreateApp", + "sagemaker:DeleteApp" + ], + "Condition":{ + "Null":{ + "sagemaker:OwnerUserProfileArn":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:app/*/*/*/*", + "Sid":"AllowAppActionsForUserProfile" + }, + { + "Action":[ + "sagemaker:CreateApp", + "sagemaker:DeleteApp" + ], + "Condition":{ + "StringEquals":{ + "sagemaker:SpaceSharingType":[ + "Shared" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*", + "Sid":"AllowAppActionsForSharedSpaces" + }, + { + "Action":[ + "sagemaker:CreateSpace", + "sagemaker:UpdateSpace", + "sagemaker:DeleteSpace" + ], + "Condition":{ + "Null":{ + "sagemaker:OwnerUserProfileArn":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*", + "Sid":"AllowMutatingActionsOnSharedSpacesWithoutOwner" + }, + { + "Action":[ + "sagemaker:CreateSpace", + "sagemaker:UpdateSpace", + "sagemaker:DeleteSpace" + ], + "Condition":{ + "ArnLike":{ + "sagemaker:OwnerUserProfileArn":"arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}" + }, + "StringEquals":{ + "sagemaker:SpaceSharingType":[ + "Private", + "Shared" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*", + "Sid":"RestrictMutatingActionsOnSpacesToOwnerUserProfile" + }, + { + "Action":[ + "sagemaker:CreateApp", + "sagemaker:DeleteApp" + ], + "Condition":{ + "ArnLike":{ + "sagemaker:OwnerUserProfileArn":"arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}" + }, + "StringEquals":{ + "sagemaker:SpaceSharingType":[ + "Private" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*", + "Sid":"RestrictMutatingActionsOnPrivateSpaceAppsToOwnerUserProfile" }, { "Action":"sagemaker:*", @@ -49463,7 +68958,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:sagemaker:*:*:flow-definition/*" - ] + ], + "Sid":"AllowFlowDefinitionActions" }, { "Action":[ @@ -49569,7 +69065,8 @@ aws_managed_policies_data = """ "tag:GetResources" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowAWSServiceActions" }, { "Action":[ @@ -49585,7 +69082,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:ecr:*:*:repository/*sagemaker*" - ] + ], + "Sid":"AllowECRActions" }, { "Action":[ @@ -49597,7 +69095,8 @@ aws_managed_policies_data = """ "arn:aws:codecommit:*:*:*sagemaker*", "arn:aws:codecommit:*:*:*SageMaker*", "arn:aws:codecommit:*:*:*Sagemaker*" - ] + ], + "Sid":"AllowCodeCommitActions" }, { "Action":[ @@ -49608,7 +69107,8 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:codebuild:*:*:project/sagemaker*", "arn:aws:codebuild:*:*:build/*" - ] + ], + "Sid":"AllowCodeBuildActions" }, { "Action":[ @@ -49622,7 +69122,8 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:states:*:*:statemachine:*sagemaker*", "arn:aws:states:*:*:execution:*sagemaker*:*" - ] + ], + "Sid":"AllowStepFunctionsActions" }, { "Action":[ @@ -49633,7 +69134,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" - ] + ], + "Sid":"AllowSecretManagerActions" }, { "Action":[ @@ -49646,14 +69148,16 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowReadOnlySecretManagerActions" }, { "Action":[ "servicecatalog:ProvisionProduct" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowServiceCatalogProvisionProduct" }, { "Action":[ @@ -49666,7 +69170,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowServiceCatalogTerminateUpdateProvisionProduct" }, { "Action":[ @@ -49681,7 +69186,8 @@ aws_managed_policies_data = """ "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*", "arn:aws:s3:::*aws-glue*" - ] + ], + "Sid":"AllowS3ObjectActions" }, { "Action":[ @@ -49693,7 +69199,10 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":[ + "arn:aws:s3:::*" + ], + "Sid":"AllowS3GetObjectWithSageMakerExistingObjectTag" }, { "Action":[ @@ -49705,7 +69214,10 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":[ + "arn:aws:s3:::*" + ], + "Sid":"AllowS3GetObjectWithServiceCatalogProvisioningExistingObjectTag" }, { "Action":[ @@ -49717,7 +69229,8 @@ aws_managed_policies_data = """ "s3:PutBucketCors" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowS3BucketActions" }, { "Action":[ @@ -49729,7 +69242,8 @@ aws_managed_policies_data = """ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" - ] + ], + "Sid":"AllowS3BucketACL" }, { "Action":[ @@ -49741,7 +69255,8 @@ aws_managed_policies_data = """ "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*Sagemaker*", "arn:aws:lambda:*:*:function:*LabelingFunction*" - ] + ], + "Sid":"AllowLambdaInvokeFunction" }, { "Action":"iam:CreateServiceLinkedRole", @@ -49751,7 +69266,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint" + "Resource":"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", + "Sid":"AllowCreateServiceLinkedRoleForSageMakerApplicationAutoscaling" }, { "Action":"iam:CreateServiceLinkedRole", @@ -49761,7 +69277,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowCreateServiceLinkedRoleForRobomaker" }, { "Action":[ @@ -49774,7 +69291,8 @@ aws_managed_policies_data = """ "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sagemaker*" - ] + ], + "Sid":"AllowSNSActions" }, { "Action":[ @@ -49790,7 +69308,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/*AmazonSageMaker*" + "Resource":"arn:aws:iam::*:role/*AmazonSageMaker*", + "Sid":"AllowPassRoleForSageMakerRoles" }, { "Action":[ @@ -49802,7 +69321,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/*" + "Resource":"arn:aws:iam::*:role/*", + "Sid":"AllowPassRoleToSageMaker" }, { "Action":[ @@ -49817,7 +69337,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AllowAthenaActions" }, { "Action":[ @@ -49829,7 +69350,8 @@ aws_managed_policies_data = """ "arn:aws:glue:*:*:table/sagemaker_featurestore/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" - ] + ], + "Sid":"AllowGlueCreateTable" }, { "Action":[ @@ -49840,7 +69362,8 @@ aws_managed_policies_data = """ "arn:aws:glue:*:*:table/sagemaker_featurestore/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/sagemaker_featurestore" - ] + ], + "Sid":"AllowGlueUpdateTable" }, { "Action":[ @@ -49851,7 +69374,8 @@ aws_managed_policies_data = """ "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" - ] + ], + "Sid":"AllowGlueDeleteTable" }, { "Action":[ @@ -49864,7 +69388,8 @@ aws_managed_policies_data = """ "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" - ] + ], + "Sid":"AllowGlueGetTablesAndDatabases" }, { "Action":[ @@ -49878,7 +69403,8 @@ aws_managed_policies_data = """ "arn:aws:glue:*:*:database/sagemaker_processing", "arn:aws:glue:*:*:database/default", "arn:aws:glue:*:*:database/sagemaker_data_wrangler" - ] + ], + "Sid":"AllowGlueGetAndCreateDatabase" }, { "Action":[ @@ -49892,7 +69418,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AllowRedshiftDataActions" }, { "Action":[ @@ -49902,21 +69429,143 @@ aws_managed_policies_data = """ "Resource":[ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", "arn:aws:redshift:*:*:dbname:*" - ] + ], + "Sid":"AllowRedshiftGetClusterCredentials" + }, + { + "Action":[ + "sagemaker:ListTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:user-profile/*" + ], + "Sid":"AllowListTagsForUserProfile" }, { "Action":[ "cloudformation:ListStackResources" ], "Effect":"Allow", - "Resource":"arn:aws:cloudformation:*:*:stack/SC-*" + "Resource":"arn:aws:cloudformation:*:*:stack/SC-*", + "Sid":"AllowCloudformationListStackResources" + }, + { + "Action":[ + "s3express:CreateSession" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3express:*:*:bucket/*SageMaker*", + "arn:aws:s3express:*:*:bucket/*Sagemaker*", + "arn:aws:s3express:*:*:bucket/*sagemaker*", + "arn:aws:s3express:*:*:bucket/*aws-glue*" + ], + "Sid":"AllowS3ExpressObjectActions" + }, + { + "Action":[ + "s3express:CreateBucket" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3express:*:*:bucket/*SageMaker*", + "arn:aws:s3express:*:*:bucket/*Sagemaker*", + "arn:aws:s3express:*:*:bucket/*sagemaker*" + ], + "Sid":"AllowS3ExpressCreateBucketActions" + }, + { + "Action":[ + "s3express:ListAllMyDirectoryBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowS3ExpressListBucketActions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-29T18:30:43+00:00" + "UpdateDate":"2023-11-30T13:40:20+00:00" + }, + "AmazonSageMakerGeospatialExecutionRole":{ + "CreateDate":"2022-11-30T10:08:36+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:PutObject", + "s3:GetObject", + "s3:ListBucketMultipartUploads" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ] + }, + { + "Action":"sagemaker-geospatial:GetEarthObservationJob", + "Effect":"Allow", + "Resource":"arn:aws:sagemaker-geospatial:*:*:earth-observation-job/*" + }, + { + "Action":"sagemaker-geospatial:GetRasterDataCollection", + "Effect":"Allow", + "Resource":"arn:aws:sagemaker-geospatial:*:*:raster-data-collection/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-10T20:28:02+00:00" + }, + "AmazonSageMakerGeospatialFullAccess":{ + "CreateDate":"2022-11-30T10:06:48+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"sagemaker-geospatial:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "sagemaker-geospatial.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-30T10:06:48+00:00" }, "AmazonSageMakerGroundTruthExecution":{ "CreateDate":"2020-07-09T19:30:20+00:00", @@ -50092,11 +69741,242 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-03T16:19:36+00:00" }, - "AmazonSageMakerNotebooksServiceRolePolicy":{ - "CreateDate":"2019-10-18T20:27:37+00:00", - "DefaultVersionId":"v5", + "AmazonSageMakerModelGovernanceUseAccess":{ + "CreateDate":"2022-11-30T08:58:19+00:00", + "DefaultVersionId":"v2", "Document":{ "Statement":[ + { + "Action":[ + "sagemaker:ListMonitoringAlerts", + "sagemaker:ListMonitoringExecutions", + "sagemaker:UpdateMonitoringAlert", + "sagemaker:StartMonitoringSchedule", + "sagemaker:StopMonitoringSchedule", + "sagemaker:ListMonitoringAlertHistory", + "sagemaker:DescribeModelPackage", + "sagemaker:DescribeModelPackageGroup", + "sagemaker:CreateModelCard", + "sagemaker:DescribeModelCard", + "sagemaker:UpdateModelCard", + "sagemaker:DeleteModelCard", + "sagemaker:ListModelCards", + "sagemaker:ListModelCardVersions", + "sagemaker:CreateModelCardExportJob", + "sagemaker:DescribeModelCardExportJob", + "sagemaker:ListModelCardExportJobs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sagemaker:ListTrainingJobs", + "sagemaker:DescribeTrainingJob", + "sagemaker:ListModels", + "sagemaker:DescribeModel", + "sagemaker:Search", + "sagemaker:AddTags", + "sagemaker:DeleteTags", + "sagemaker:ListTags" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:CreateBucket", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ] + }, + { + "Action":[ + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-07-17T22:31:07+00:00" + }, + "AmazonSageMakerModelRegistryFullAccess":{ + "CreateDate":"2023-04-13T05:20:48+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:DescribeAction", + "sagemaker:DescribeInferenceRecommendationsJob", + "sagemaker:DescribeModelPackage", + "sagemaker:DescribeModelPackageGroup", + "sagemaker:DescribePipeline", + "sagemaker:DescribePipelineExecution", + "sagemaker:ListAssociations", + "sagemaker:ListArtifacts", + "sagemaker:ListModelMetadata", + "sagemaker:ListModelPackages", + "sagemaker:Search", + "sagemaker:GetSearchSuggestions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sagemaker:AddTags", + "sagemaker:CreateModel", + "sagemaker:CreateModelPackage", + "sagemaker:CreateModelPackageGroup", + "sagemaker:CreateEndpoint", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateInferenceRecommendationsJob", + "sagemaker:DeleteModelPackage", + "sagemaker:DeleteModelPackageGroup", + "sagemaker:DeleteTags", + "sagemaker:UpdateModelPackage" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ] + }, + { + "Action":[ + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecr:BatchGetImage", + "ecr:DescribeImages" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"sagemaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "resource-groups:GetGroupQuery" + ], + "Effect":"Allow", + "Resource":"arn:aws:resource-groups:*:*:group/*" + }, + { + "Action":[ + "resource-groups:ListGroupResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "resource-groups:CreateGroup", + "resource-groups:Tag" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":"sagemaker:collection" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:resource-groups:*:*:group/*" + }, + { + "Action":"resource-groups:DeleteGroup", + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/sagemaker:collection":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:resource-groups:*:*:group/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-13T05:20:48+00:00" + }, + "AmazonSageMakerNotebooksServiceRolePolicy":{ + "CreateDate":"2019-10-18T20:27:37+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":"elasticfilesystem:CreateAccessPoint", + "Condition":{ + "StringLike":{ + "aws:RequestTag/ManagedByAmazonSageMakerResource":"*", + "aws:ResourceTag/ManagedByAmazonSageMakerResource":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action":[ + "elasticfilesystem:DeleteAccessPoint" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/ManagedByAmazonSageMakerResource":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:access-point/*" + }, { "Action":"elasticfilesystem:CreateFileSystem", "Condition":{ @@ -50123,12 +70003,26 @@ aws_managed_policies_data = """ }, { "Action":[ + "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets" ], "Effect":"Allow", "Resource":"*" }, + { + "Action":"elasticfilesystem:TagResource", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/ManagedByAmazonSageMakerResource":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticfilesystem:*:*:access-point/*", + "arn:aws:elasticfilesystem:*:*:file-system/*" + ] + }, { "Action":"ec2:CreateTags", "Effect":"Allow", @@ -50192,11 +70086,226 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-08-28T22:39:39+00:00" + "UpdateDate":"2023-03-09T18:20:35+00:00" + }, + "AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy":{ + "CreateDate":"2023-08-01T15:06:24+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"lambda:InvokeFunction", + "Condition":{ + "Null":{ + "aws:ResourceTag/sagemaker:partner":"false", + "aws:ResourceTag/sagemaker:project-name":"false" + }, + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:sagemaker-*" + }, + { + "Action":"sagemaker:InvokeEndpoint", + "Condition":{ + "Null":{ + "aws:ResourceTag/sagemaker:partner":"false", + "aws:ResourceTag/sagemaker:project-name":"false" + }, + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:endpoint/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-08-01T15:06:24+00:00" + }, + "AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy":{ + "CreateDate":"2023-08-01T15:06:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"lambda.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsLambdaRole" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"apigateway.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsApiGatewayRole" + ] + }, + { + "Action":[ + "lambda:DeleteFunction", + "lambda:UpdateFunctionCode", + "lambda:ListTags", + "lambda:InvokeFunction" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/sagemaker:partner":"false", + "aws:ResourceTag/sagemaker:project-name":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:sagemaker-*" + ] + }, + { + "Action":[ + "lambda:CreateFunction", + "lambda:TagResource" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "sagemaker:project-name", + "sagemaker:partner" + ] + }, + "Null":{ + "aws:ResourceTag/sagemaker:partner":"false", + "aws:ResourceTag/sagemaker:project-name":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:sagemaker-*" + ] + }, + { + "Action":[ + "lambda:PublishLayerVersion", + "lambda:GetLayerVersion", + "lambda:DeleteLayerVersion", + "lambda:GetFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:layer:sagemaker-*", + "arn:aws:lambda:*:*:function:sagemaker-*" + ] + }, + { + "Action":[ + "apigateway:GET", + "apigateway:DELETE", + "apigateway:PATCH", + "apigateway:POST", + "apigateway:PUT" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/sagemaker:partner":"false", + "aws:ResourceTag/sagemaker:project-name":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/restapis" + ] + }, + { + "Action":[ + "apigateway:POST", + "apigateway:PUT" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "sagemaker:project-name", + "sagemaker:partner" + ] + }, + "Null":{ + "aws:ResourceTag/sagemaker:partner":"false", + "aws:ResourceTag/sagemaker:project-name":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/tags/*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::sagemaker-*/lambda-auth-code/layer.zip" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-08-01T15:06:46+00:00" + }, + "AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy":{ + "CreateDate":"2023-08-01T15:05:51+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"secretsmanager:GetSecretValue", + "Condition":{ + "Null":{ + "aws:ResourceTag/sagemaker:partner":false + }, + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-08-01T15:05:51+00:00" }, "AmazonSageMakerPipelinesIntegrations":{ "CreateDate":"2021-07-30T16:35:10+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -50233,7 +70342,9 @@ aws_managed_policies_data = """ "Condition":{ "StringEquals":{ "iam:PassedToService":[ - "lambda.amazonaws.com" + "lambda.amazonaws.com", + "elasticmapreduce.amazonaws.com", + "ec2.amazonaws.com" ] } }, @@ -50248,14 +70359,19 @@ aws_managed_policies_data = """ ], "Effect":"Allow", "Resource":[ - "arn:aws:events:*:*:rule/SageMakerPipelineExecutionEMRStepStatusUpdateRule" + "arn:aws:events:*:*:rule/SageMakerPipelineExecutionEMRStepStatusUpdateRule", + "arn:aws:events:*:*:rule/SageMakerPipelineExecutionEMRClusterStatusUpdateRule" ] }, { "Action":[ "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:CancelSteps", - "elasticmapreduce:DescribeStep" + "elasticmapreduce:DescribeStep", + "elasticmapreduce:RunJobFlow", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:TerminateJobFlows", + "elasticmapreduce:ListSteps" ], "Effect":"Allow", "Resource":[ @@ -50267,7 +70383,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-20T18:39:06+00:00" + "UpdateDate":"2023-02-17T21:28:19+00:00" }, "AmazonSageMakerReadOnly":{ "CreateDate":"2017-11-29T13:07:09+00:00", @@ -51166,7 +71282,7 @@ aws_managed_policies_data = """ }, "AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy":{ "CreateDate":"2022-02-22T09:51:13+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -51191,7 +71307,8 @@ aws_managed_policies_data = """ "glue:GetTableVersions", "glue:SearchTables", "glue:UpdatePartition", - "glue:UpdateTable" + "glue:UpdateTable", + "glue:GetUserDefinedFunctions" ], "Effect":"Allow", "Resource":[ @@ -51257,7 +71374,7 @@ aws_managed_policies_data = """ }, "Path":"/service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-02-22T09:51:13+00:00" + "UpdateDate":"2022-08-26T19:13:02+00:00" }, "AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy":{ "CreateDate":"2022-04-04T16:34:43+00:00", @@ -51679,16 +71796,564 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-04-04T16:34:43+00:00" }, - "AmazonSumerianFullAccess":{ - "CreateDate":"2018-04-24T20:14:16+00:00", + "AmazonSecurityLakeAdministrator":{ + "CreateDate":"2023-05-30T22:04:10+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ - "sumerian:*" + "securitylake:*", + "organizations:DescribeOrganization", + "organizations:ListDelegatedServicesForAccount", + "organizations:ListAccounts", + "iam:ListRoles", + "ram:GetResourceShareAssociations" ], "Effect":"Allow", + "Resource":"*", + "Sid":"AllowActionsWithAnyResource" + }, + { + "Action":[ + "glue:CreateCrawler", + "glue:StopCrawlerSchedule", + "lambda:CreateEventSourceMapping", + "lakeformation:GrantPermissions", + "lakeformation:ListPermissions", + "lakeformation:RegisterResource", + "lakeformation:RevokePermissions", + "lakeformation:GetDatalakeSettings", + "events:ListConnections", + "events:ListApiDestinations", + "iam:GetRole", + "kms:DescribeKey" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowActionsWithAnyResourceViaSecurityLake" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:PutBucketPolicy", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketNotification", + "s3:PutBucketTagging", + "s3:PutEncryptionConfiguration", + "s3:PutBucketVersioning", + "s3:PutReplicationConfiguration", + "s3:PutLifecycleConfiguration", + "s3:ListBucket", + "s3:PutObject", + "s3:GetBucketNotification" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::aws-security-data-lake*", + "Sid":"AllowManagingSecurityLakeS3Buckets" + }, + { + "Action":"lambda:CreateFunction", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*", + "Sid":"AllowLambdaCreateFunction" + }, + { + "Action":[ + "glue:CreateDatabase", + "glue:GetDatabase", + "glue:CreateTable", + "glue:GetTable" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/amazon_security_lake_glue_db*", + "arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*" + ], + "Sid":"AllowGlueActions" + }, + { + "Action":[ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule", + "events:CreateApiDestination", + "events:CreateConnection", + "events:UpdateConnection", + "events:UpdateApiDestination", + "events:DeleteConnection", + "events:DeleteApiDestination", + "events:ListTargetsByRule", + "events:RemoveTargets", + "events:DeleteRule" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/AmazonSecurityLake*", + "arn:aws:events:*:*:rule/SecurityLake*", + "arn:aws:events:*:*:api-destination/AmazonSecurityLake*", + "arn:aws:events:*:*:connection/AmazonSecurityLake*" + ], + "Sid":"AllowEventBridgeActions" + }, + { + "Action":[ + "sqs:CreateQueue", + "sqs:SetQueueAttributes", + "sqs:GetQueueURL", + "sqs:AddPermission", + "sqs:GetQueueAttributes", + "sqs:DeleteQueue" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:SecurityLake*", + "arn:aws:sqs:*:*:AmazonSecurityLake*" + ], + "Sid":"AllowSQSActions" + }, + { + "Action":"kms:CreateGrant", + "Condition":{ + "ForAllValues:StringEquals":{ + "kms:GrantOperations":[ + "GenerateDataKey", + "RetireGrant" + ] + }, + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + }, + "StringLike":{ + "kms:EncryptionContext:aws:s3:arn":"arn:aws:s3:::aws-security-data-lake*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*", + "Sid":"AllowKmsCmkGrantForSecurityLake" + }, + { + "Action":[ + "ram:CreateResourceShare", + "ram:AssociateResourceShare" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + }, + "StringLikeIfExists":{ + "ram:ResourceArn":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/amazon_security_lake_glue_db*", + "arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowEnablingQueryBasedSubscribers" + }, + { + "Action":[ + "ram:UpdateResourceShare", + "ram:GetResourceShares", + "ram:DisassociateResourceShare", + "ram:DeleteResourceShare" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + }, + "StringLike":{ + "ram:ResourceShareName":"LakeFormation*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowConfiguringQueryBasedSubscribers" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:events!connection/AmazonSecurityLake-*", + "Sid":"AllowConfiguringCredentialsForSubscriberNotification" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"lambda.amazonaws.com" + }, + "StringLike":{ + "iam:AssociatedResourceARN":"arn:aws:securitylake:*:*:data-lake/default" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeMetaStoreManager", + "Sid":"AllowPassRoleForUpdatingGluePartitionsSecLakeArn" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + }, + "StringEquals":{ + "iam:PassedToService":"lambda.amazonaws.com" + }, + "StringLike":{ + "iam:AssociatedResourceARN":"arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeMetaStoreManager", + "Sid":"AllowPassRoleForUpdatingGluePartitionsLambdaArn" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"s3.amazonaws.com" + }, + "StringLike":{ + "iam:AssociatedResourceARN":"arn:aws:securitylake:*:*:data-lake/default" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeS3ReplicationRole", + "Sid":"AllowPassRoleForCrossRegionReplicationSecLakeArn" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + }, + "StringEquals":{ + "iam:PassedToService":"s3.amazonaws.com" + }, + "StringLike":{ + "iam:AssociatedResourceARN":"arn:aws:s3:::aws-security-data-lake*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeS3ReplicationRole", + "Sid":"AllowPassRoleForCrossRegionReplicationS3Arn" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"glue.amazonaws.com" + }, + "StringLike":{ + "iam:AssociatedResourceARN":"arn:aws:securitylake:*:*:data-lake/default" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeCustomDataGlueCrawler*", + "Sid":"AllowPassRoleForCustomSourceCrawlerSecLakeArn" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + }, + "StringEquals":{ + "iam:PassedToService":"glue.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeCustomDataGlueCrawler*", + "Sid":"AllowPassRoleForCustomSourceCrawlerGlueArn" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"events.amazonaws.com" + }, + "StringLike":{ + "iam:AssociatedResourceARN":"arn:aws:securitylake:*:*:subscriber/*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeSubscriberEventBridge", + "Sid":"AllowPassRoleForSubscriberNotificationSecLakeArn" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + }, + "StringEquals":{ + "iam:PassedToService":"events.amazonaws.com" + }, + "StringLike":{ + "iam:AssociatedResourceARN":"arn:aws:events:*:*:rule/AmazonSecurityLake*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonSecurityLakeSubscriberEventBridge", + "Sid":"AllowPassRoleForSubscriberNotificationEventsArn" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":[ + "securitylake.amazonaws.com", + "lakeformation.amazonaws.com", + "apidestinations.events.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/securitylake.amazonaws.com/AWSServiceRoleForSecurityLake", + "arn:aws:iam::*:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess", + "arn:aws:iam::*:role/aws-service-role/apidestinations.events.amazonaws.com/AWSServiceRoleForAmazonEventBridgeApiDestinations" + ], + "Sid":"AllowOnboardingToSecurityLakeDependencies" + }, + { + "Action":[ + "iam:CreateRole", + "iam:PutRolePolicy", + "iam:DeleteRolePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + }, + "StringEquals":{ + "iam:PermissionsBoundary":"arn:aws:iam::aws:policy/AmazonSecurityLakePermissionsBoundary" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AmazonSecurityLake*", + "Sid":"AllowRolePolicyActionsforSubscibersandSources" + }, + { + "Action":[ + "iam:PutRolePolicy", + "iam:GetRolePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/lakeformation.amazonaws.com/AWSServiceRoleForLakeFormationDataAccess", + "Sid":"AllowRegisterS3LocationInLakeFormation" + }, + { + "Action":[ + "iam:ListRolePolicies", + "iam:DeleteRole" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AmazonSecurityLake*", + "Sid":"AllowIAMActionsByResource" + }, + { + "Action":[ + "s3:Get*", + "s3:List*" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::aws-security-data-lake-*", + "Sid":"S3ReadAccessToSecurityLakes" + }, + { + "Action":[ + "s3:GetAccountPublicAccessBlock", + "s3:ListAccessPoints", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3ResourcelessReadOnly" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-30T22:04:10+00:00" + }, + "AmazonSecurityLakePermissionsBoundary":{ + "CreateDate":"2022-11-29T14:11:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:PutObject", + "s3:GetBucketLocation", + "kms:Decrypt", + "kms:GenerateDataKey", + "sqs:ReceiveMessage", + "sqs:ChangeMessageVisibility", + "sqs:DeleteMessage", + "sqs:GetQueueUrl", + "sqs:SendMessage", + "sqs:GetQueueAttributes", + "sqs:ListQueues" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Effect":"Deny", + "NotAction":[ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:PutObject", + "s3:GetBucketLocation", + "kms:Decrypt", + "kms:GenerateDataKey", + "sqs:ReceiveMessage", + "sqs:ChangeMessageVisibility", + "sqs:DeleteMessage", + "sqs:GetQueueUrl", + "sqs:SendMessage", + "sqs:GetQueueAttributes", + "sqs:ListQueues" + ], + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:PutObject", + "s3:GetBucketLocation" + ], + "Effect":"Deny", + "NotResource":[ + "arn:aws:s3:::aws-security-data-lake*" + ] + }, + { + "Action":[ + "sqs:ReceiveMessage", + "sqs:ChangeMessageVisibility", + "sqs:DeleteMessage", + "sqs:GetQueueUrl", + "sqs:SendMessage", + "sqs:GetQueueAttributes", + "sqs:ListQueues" + ], + "Effect":"Deny", + "NotResource":"arn:aws:sqs:*:*:AmazonSecurityLake*" + }, + { + "Action":[ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "Condition":{ + "StringNotLike":{ + "kms:ViaService":[ + "s3.*.amazonaws.com", + "sqs.*.amazonaws.com" + ] + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":[ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "Condition":{ + "Null":{ + "kms:EncryptionContext:aws:s3:arn":"false" + }, + "StringNotLikeIfExists":{ + "kms:EncryptionContext:aws:s3:arn":[ + "arn:aws:s3:::aws-security-data-lake*" + ] + } + }, + "Effect":"Deny", + "Resource":"*" + }, + { + "Action":[ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "Condition":{ + "Null":{ + "kms:EncryptionContext:aws:sqs:arn":"false" + }, + "StringNotLikeIfExists":{ + "kms:EncryptionContext:aws:sqs:arn":[ + "arn:aws:sqs:*:*:AmazonSecurityLake*" + ] + } + }, + "Effect":"Deny", "Resource":"*" } ], @@ -51696,7 +72361,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-04-24T20:14:16+00:00" + "UpdateDate":"2022-11-29T14:11:12+00:00" }, "AmazonTextractFullAccess":{ "CreateDate":"2018-11-28T19:07:42+00:00", @@ -51865,7 +72530,7 @@ aws_managed_policies_data = """ }, "AmazonTimestreamReadOnlyAccess":{ "CreateDate":"2020-09-30T21:47:08+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -51881,7 +72546,9 @@ aws_managed_policies_data = """ "timestream:Select", "timestream:SelectValues", "timestream:DescribeScheduledQuery", - "timestream:ListScheduledQueries" + "timestream:ListScheduledQueries", + "timestream:DescribeBatchLoadTask", + "timestream:ListBatchLoadTasks" ], "Effect":"Allow", "Resource":"*" @@ -51891,7 +72558,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-26T23:39:30+00:00" + "UpdateDate":"2023-02-28T18:22:57+00:00" }, "AmazonTranscribeFullAccess":{ "CreateDate":"2018-04-04T16:06:16+00:00", @@ -51943,7 +72610,7 @@ aws_managed_policies_data = """ }, "AmazonVPCCrossAccountNetworkInterfaceOperations":{ "CreateDate":"2017-07-18T20:47:16+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -51987,13 +72654,23 @@ aws_managed_policies_data = """ "Resource":[ "*" ] + }, + { + "Action":[ + "ec2:AssignIpv6Addresses", + "ec2:UnassignIpv6Addresses" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-06-16T14:16:49+00:00" + "UpdateDate":"2023-09-25T15:12:17+00:00" }, "AmazonVPCFullAccess":{ "CreateDate":"2015-02-06T18:41:16+00:00", @@ -52163,6 +72840,290 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-08-02T19:12:14+00:00" }, + "AmazonVPCNetworkAccessAnalyzerFullAccessPolicy":{ + "CreateDate":"2023-06-15T22:56:58+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "directconnect:DescribeConnections", + "directconnect:DescribeDirectConnectGatewayAssociations", + "directconnect:DescribeDirectConnectGatewayAttachments", + "directconnect:DescribeDirectConnectGateways", + "directconnect:DescribeVirtualGateways", + "directconnect:DescribeVirtualInterfaces" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateNetworkInsightsAccessScope", + "ec2:DeleteNetworkInsightsAccessScope", + "ec2:DeleteNetworkInsightsAccessScopeAnalysis", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCustomerGateways", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeManagedPrefixLists", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInsightsAccessScopeAnalyses", + "ec2:DescribeNetworkInsightsAccessScopes", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRegions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayConnects", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGateways", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:GetManagedPrefixListEntries", + "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", + "ec2:GetNetworkInsightsAccessScopeContent", + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:SearchTransitGatewayRoutes", + "ec2:StartNetworkInsightsAccessScopeAnalysis" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:ec2:*:*:network-insights-access-scope/*", + "arn:*:ec2:*:*:network-insights-access-scope-analysis/*" + ] + }, + { + "Action":[ + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "globalaccelerator:ListAccelerators", + "globalaccelerator:ListCustomRoutingAccelerators", + "globalaccelerator:ListCustomRoutingEndpointGroups", + "globalaccelerator:ListCustomRoutingListeners", + "globalaccelerator:ListCustomRoutingPortMappings", + "globalaccelerator:ListEndpointGroups", + "globalaccelerator:ListListeners" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "network-firewall:DescribeFirewall", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:DescribeResourcePolicy", + "network-firewall:DescribeRuleGroup", + "network-firewall:ListFirewallPolicies", + "network-firewall:ListFirewalls", + "network-firewall:ListRuleGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "resource-groups:ListGroupResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "tiros:CreateQuery", + "tiros:GetQueryAnswer" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-03T19:31:09+00:00" + }, + "AmazonVPCReachabilityAnalyzerFullAccessPolicy":{ + "CreateDate":"2023-06-14T20:12:17+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "directconnect:DescribeConnections", + "directconnect:DescribeDirectConnectGatewayAssociations", + "directconnect:DescribeDirectConnectGatewayAttachments", + "directconnect:DescribeDirectConnectGateways", + "directconnect:DescribeVirtualGateways", + "directconnect:DescribeVirtualInterfaces" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateNetworkInsightsPath", + "ec2:DeleteNetworkInsightsAnalysis", + "ec2:DeleteNetworkInsightsPath", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCustomerGateways", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeManagedPrefixLists", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInsightsAnalyses", + "ec2:DescribeNetworkInsightsPaths", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRegions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayConnects", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGateways", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:GetManagedPrefixListEntries", + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:SearchTransitGatewayRoutes", + "ec2:StartNetworkInsightsAnalysis" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:ec2:*:*:network-insights-path/*", + "arn:*:ec2:*:*:network-insights-analysis/*" + ] + }, + { + "Action":[ + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "globalaccelerator:ListAccelerators", + "globalaccelerator:ListCustomRoutingAccelerators", + "globalaccelerator:ListCustomRoutingEndpointGroups", + "globalaccelerator:ListCustomRoutingListeners", + "globalaccelerator:ListCustomRoutingPortMappings", + "globalaccelerator:ListEndpointGroups", + "globalaccelerator:ListListeners" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "network-firewall:DescribeFirewall", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:DescribeResourcePolicy", + "network-firewall:DescribeRuleGroup", + "network-firewall:ListFirewallPolicies", + "network-firewall:ListFirewalls", + "network-firewall:ListRuleGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "tiros:CreateQuery", + "tiros:ExtendQuery", + "tiros:GetQueryAnswer", + "tiros:GetQueryExplanation", + "tiros:GetQueryExtensionAccounts" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-03T19:37:28+00:00" + }, + "AmazonVPCReachabilityAnalyzerPathComponentReadPolicy":{ + "CreateDate":"2023-05-01T20:38:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "network-firewall:Describe*", + "network-firewall:List*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"NetworkFirewallPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-01T20:38:22+00:00" + }, "AmazonVPCReadOnlyAccess":{ "CreateDate":"2015-02-06T18:41:17+00:00", "DefaultVersionId":"v8", @@ -52440,28 +73401,33 @@ aws_managed_policies_data = """ }, "AmazonWorkSpacesAdmin":{ "CreateDate":"2015-09-22T22:21:15+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { "Action":[ - "workspaces:CreateWorkspaces", - "workspaces:DescribeWorkspaces", - "workspaces:RebootWorkspaces", - "workspaces:RebuildWorkspaces", - "workspaces:TerminateWorkspaces", - "workspaces:DescribeWorkspaceDirectories", - "workspaces:DescribeWorkspaceBundles", - "workspaces:ModifyWorkspaceProperties", - "workspaces:StopWorkspaces", - "workspaces:StartWorkspaces", - "workspaces:DescribeWorkspacesConnectionStatus", + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeys", "workspaces:CreateTags", + "workspaces:CreateWorkspaceImage", + "workspaces:CreateWorkspaces", + "workspaces:CreateStandbyWorkspaces", "workspaces:DeleteTags", "workspaces:DescribeTags", - "kms:ListKeys", - "kms:ListAliases", - "kms:DescribeKey" + "workspaces:DescribeWorkspaceBundles", + "workspaces:DescribeWorkspaceDirectories", + "workspaces:DescribeWorkspaces", + "workspaces:DescribeWorkspacesConnectionStatus", + "workspaces:ModifyCertificateBasedAuthProperties", + "workspaces:ModifySamlProperties", + "workspaces:ModifyWorkspaceProperties", + "workspaces:RebootWorkspaces", + "workspaces:RebuildWorkspaces", + "workspaces:RestoreWorkspace", + "workspaces:StartWorkspaces", + "workspaces:StopWorkspaces", + "workspaces:TerminateWorkspaces" ], "Effect":"Allow", "Resource":"*" @@ -52471,7 +73437,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2016-08-18T23:08:42+00:00" + "UpdateDate":"2023-08-03T23:57:36+00:00" }, "AmazonWorkSpacesApplicationManagerAdminAccess":{ "CreateDate":"2015-04-09T14:03:18+00:00", @@ -52534,7 +73500,7 @@ aws_managed_policies_data = """ }, "AmazonWorkSpacesWebReadOnly":{ "CreateDate":"2021-11-30T14:20:36+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -52547,6 +73513,7 @@ aws_managed_policies_data = """ "workspaces-web:GetTrustStore", "workspaces-web:GetTrustStoreCertificate", "workspaces-web:GetUserSettings", + "workspaces-web:GetUserAccessLoggingSettings", "workspaces-web:ListBrowserSettings", "workspaces-web:ListIdentityProviders", "workspaces-web:ListNetworkSettings", @@ -52554,7 +73521,8 @@ aws_managed_policies_data = """ "workspaces-web:ListTagsForResource", "workspaces-web:ListTrustStoreCertificates", "workspaces-web:ListTrustStores", - "workspaces-web:ListUserSettings" + "workspaces-web:ListUserSettings", + "workspaces-web:ListUserAccessLoggingSettings" ], "Effect":"Allow", "Resource":"arn:aws:workspaces-web:*:*:*" @@ -52563,7 +73531,8 @@ aws_managed_policies_data = """ "Action":[ "ec2:DescribeVpcs", "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups" + "ec2:DescribeSecurityGroups", + "kinesis:ListStreams" ], "Effect":"Allow", "Resource":"*" @@ -52573,11 +73542,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-30T14:20:36+00:00" + "UpdateDate":"2022-11-02T20:20:44+00:00" }, "AmazonWorkSpacesWebServiceRolePolicy":{ "CreateDate":"2021-11-30T13:15:53+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -52585,9 +73554,7 @@ aws_managed_policies_data = """ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeAvailabilityZones", - "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:DescribeRouteTables", @@ -52597,6 +73564,57 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*" }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/WorkSpacesWebManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "WorkSpacesWebManaged" + ] + }, + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:DeleteNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/WorkSpacesWebManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, { "Action":[ "cloudwatch:PutMetricData" @@ -52611,13 +73629,48 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "kinesis:PutRecord", + "kinesis:PutRecords", + "kinesis:DescribeStreamSummary" + ], + "Effect":"Allow", + "Resource":"arn:aws:kinesis:*:*:stream/amazon-workspaces-web-*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-05T22:01:09+00:00" + "UpdateDate":"2022-12-15T22:46:33+00:00" + }, + "AmazonWorkspacesPCAAccess":{ + "CreateDate":"2022-11-08T00:25:55+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:IssueCertificate", + "acm-pca:GetCertificate", + "acm-pca:DescribeCertificateAuthority" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/euc-private-ca":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:*:acm-pca:*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-08T00:25:55+00:00" }, "AmazonZocaloFullAccess":{ "CreateDate":"2015-02-06T18:41:13+00:00", @@ -52676,6 +73729,215 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-02-06T18:41:14+00:00" }, + "AmplifyBackendDeployFullAccess":{ + "CreateDate":"2023-10-06T21:32:59+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackEvents", + "cloudformation:GetTemplate", + "cloudformation:ListStackResources", + "cloudformation:GetTemplateSummary" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/amplify-*", + "arn:aws:cloudformation:*:*:stack/CDKToolkit/*" + ], + "Sid":"CDKPreDeploy" + }, + { + "Action":[ + "amplify:ListApps", + "cloudformation:ListStacks", + "ssm:DescribeParameters", + "appsync:GetIntrospectionSchema", + "amplify:GetBackendEnvironment" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AmplifyMetadata" + }, + { + "Action":[ + "appsync:GetSchemaCreationStatus", + "appsync:StartSchemaCreation", + "appsync:UpdateResolver", + "appsync:ListFunctions", + "appsync:UpdateFunction", + "appsync:UpdateApiKey" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AmplifyHotSwappableResources" + }, + { + "Action":[ + "lambda:InvokeFunction", + "lambda:UpdateFunctionCode" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:amplify-*" + ], + "Sid":"AmplifyHotSwappableSchemaResource" + }, + { + "Action":[ + "s3:GetObject" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*amplify*", + "arn:aws:s3:::cdk-*-assets-*-*" + ], + "Sid":"AmplifySchema" + }, + { + "Action":[ + "sts:AssumeRole" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/cdk-*-deploy-role-*-*", + "arn:aws:iam::*:role/cdk-*-file-publishing-role-*-*", + "arn:aws:iam::*:role/cdk-*-image-publishing-role-*-*", + "arn:aws:iam::*:role/cdk-*-lookup-role-*-*" + ], + "Sid":"CDKDeploy" + }, + { + "Action":[ + "ssm:GetParametersByPath", + "ssm:GetParameters", + "ssm:GetParameter" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:parameter/amplify/*" + ], + "Sid":"AmplifySSM" + }, + { + "Action":[ + "ssm:PutParameter", + "ssm:DeleteParameter", + "ssm:DeleteParameters" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/amplify/*", + "Sid":"AmplifyModifySSMParam" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2024-01-02T21:13:46+00:00" + }, + "AppIntegrationsServiceLinkedRolePolicy":{ + "CreateDate":"2022-09-30T19:42:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/AppIntegrations" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "appflow:DescribeConnectorEntity", + "appflow:ListConnectorEntities" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "appflow:DescribeConnectorProfiles", + "appflow:UseConnectorProfile" + ], + "Effect":"Allow", + "Resource":"arn:aws:appflow:*:*:connector-profile/*" + }, + { + "Action":[ + "appflow:DeleteFlow", + "appflow:DescribeFlow", + "appflow:DescribeFlowExecutionRecords", + "appflow:StartFlow", + "appflow:StopFlow", + "appflow:UpdateFlow" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AppIntegrationsManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:appflow:*:*:flow/FlowCreatedByAppIntegrations-*" + }, + { + "Action":[ + "appflow:TagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "AppIntegrationsManaged" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:appflow:*:*:flow/FlowCreatedByAppIntegrations-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-09-30T19:42:56+00:00" + }, "AppRunnerNetworkingServiceRolePolicy":{ "CreateDate":"2022-01-12T21:02:40+00:00", "DefaultVersionId":"v1", @@ -53118,7 +74380,7 @@ aws_managed_policies_data = """ }, "AutoScalingServiceRolePolicy":{ "CreateDate":"2018-01-08T23:10:55+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -53220,13 +74482,25 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":"*", "Sid":"SystemsManagerParameterManagement" + }, + { + "Action":[ + "vpc-lattice:DeregisterTargets", + "vpc-lattice:GetTargetGroup", + "vpc-lattice:ListTargets", + "vpc-lattice:ListTargetGroups", + "vpc-lattice:RegisterTargets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"VpcLatticeManagement" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-10-29T22:06:23+00:00" + "UpdateDate":"2022-12-06T20:15:29+00:00" }, "AwsGlueDataBrewFullAccessPolicy":{ "CreateDate":"2020-11-11T16:51:39+00:00", @@ -53455,7 +74729,7 @@ aws_managed_policies_data = """ }, "AwsGlueSessionUserRestrictedNotebookPolicy":{ "CreateDate":"2022-04-18T15:24:56+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -53475,7 +74749,19 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" - ] + ], + "Sid":"NotebokAllowActions0" + }, + { + "Action":[ + "glue:StartCompletion", + "glue:GetCompletion" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:completion/*" + ], + "Sid":"NotebookAllowActions1" }, { "Action":[ @@ -53495,7 +74781,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:glue:*:*:session/*" - ] + ], + "Sid":"NotebookAllowActions2" }, { "Action":[ @@ -53504,7 +74791,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"NotebookAllowActions3" }, { "Action":[ @@ -53523,7 +74811,8 @@ aws_managed_policies_data = """ "Effect":"Deny", "Resource":[ "arn:aws:glue:*:*:session/*" - ] + ], + "Sid":"NotebookDenyActions" }, { "Action":[ @@ -53539,14 +74828,15 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:iam::*:role/service-role/AwsGlueSessionServiceRoleUserRestrictedForNotebook*" - ] + ], + "Sid":"NotebookPassRole" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-18T15:24:56+00:00" + "UpdateDate":"2023-11-22T01:32:43+00:00" }, "AwsGlueSessionUserRestrictedNotebookServiceRole":{ "CreateDate":"2022-04-18T15:27:11+00:00", @@ -53963,7 +75253,7 @@ aws_managed_policies_data = """ }, "BatchServiceRolePolicy":{ "CreateDate":"2021-03-10T06:55:36+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -53981,6 +75271,7 @@ aws_managed_policies_data = """ "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", + "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeVpcClassicLink", "ec2:DescribeLaunchTemplateVersions", "ec2:RequestSpotFleet", @@ -53988,6 +75279,8 @@ aws_managed_policies_data = """ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeScalingActivities", + "eks:DescribeCluster", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeTaskDefinition", @@ -54005,7 +75298,8 @@ aws_managed_policies_data = """ "iam:GetRole" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSBatchPolicyStatement1" }, { "Action":[ @@ -54013,14 +75307,16 @@ aws_managed_policies_data = """ "logs:CreateLogStream" ], "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/batch/job*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/batch/job*", + "Sid":"AWSBatchPolicyStatement2" }, { "Action":[ "logs:PutLogEvents" ], "Effect":"Allow", - "Resource":"arn:aws:logs:*:*:log-group:/aws/batch/job*:log-stream:*" + "Resource":"arn:aws:logs:*:*:log-group:/aws/batch/job*:log-stream:*", + "Sid":"AWSBatchPolicyStatement3" }, { "Action":[ @@ -54032,7 +75328,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSBatchPolicyStatement4" }, { "Action":"iam:PassRole", @@ -54048,7 +75345,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AWSBatchPolicyStatement5" }, { "Action":"iam:CreateServiceLinkedRole", @@ -54063,7 +75361,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSBatchPolicyStatement6" }, { "Action":[ @@ -54075,7 +75374,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSBatchPolicyStatement7" }, { "Action":[ @@ -54090,7 +75390,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSBatchPolicyStatement8" }, { "Action":[ @@ -54098,7 +75399,8 @@ aws_managed_policies_data = """ "autoscaling:DeleteLaunchConfiguration" ], "Effect":"Allow", - "Resource":"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/AWSBatch*" + "Resource":"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/AWSBatch*", + "Sid":"AWSBatchPolicyStatement9" }, { "Action":[ @@ -54111,7 +75413,8 @@ aws_managed_policies_data = """ "autoscaling:TerminateInstanceInAutoScalingGroup" ], "Effect":"Allow", - "Resource":"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/AWSBatch*" + "Resource":"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/AWSBatch*", + "Sid":"AWSBatchPolicyStatement10" }, { "Action":[ @@ -54122,7 +75425,8 @@ aws_managed_policies_data = """ "ecs:StopTask" ], "Effect":"Allow", - "Resource":"arn:aws:ecs:*:*:cluster/AWSBatch*" + "Resource":"arn:aws:ecs:*:*:cluster/AWSBatch*", + "Sid":"AWSBatchPolicyStatement11" }, { "Action":[ @@ -54131,14 +75435,16 @@ aws_managed_policies_data = """ "ecs:StopTask" ], "Effect":"Allow", - "Resource":"arn:aws:ecs:*:*:task-definition/*" + "Resource":"arn:aws:ecs:*:*:task-definition/*", + "Sid":"AWSBatchPolicyStatement12" }, { "Action":[ "ecs:StopTask" ], "Effect":"Allow", - "Resource":"arn:aws:ecs:*:*:task/*/*" + "Resource":"arn:aws:ecs:*:*:task/*/*", + "Sid":"AWSBatchPolicyStatement13" }, { "Action":[ @@ -54151,7 +75457,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AWSBatchPolicyStatement14" }, { "Action":"ec2:RunInstances", @@ -54170,7 +75477,8 @@ aws_managed_policies_data = """ "arn:aws:ec2:*:*:elastic-gpu/*", "arn:aws:elastic-inference:*:*:elastic-inference-accelerator/*", "arn:aws:resource-groups:*:*:group/*" - ] + ], + "Sid":"AWSBatchPolicyStatement15" }, { "Action":"ec2:RunInstances", @@ -54180,7 +75488,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:ec2:*:*:instance/*" + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"AWSBatchPolicyStatement16" }, { "Action":[ @@ -54198,49 +75507,132 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AWSBatchPolicyStatement17" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-18T20:05:56+00:00" + "UpdateDate":"2023-12-05T22:52:40+00:00" }, "Billing":{ "CreateDate":"2016-11-10T17:33:18+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v9", "Document":{ "Statement":[ { "Action":[ + "account:GetAccountInformation", "aws-portal:*Billing", - "aws-portal:*Usage", "aws-portal:*PaymentMethods", - "budgets:ViewBudget", + "aws-portal:*Usage", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", + "billing:PutContractInformation", + "billing:RedeemCredits", + "billing:UpdateBillingPreferences", + "billing:UpdateIAMAccessPreference", + "budgets:CreateBudgetAction", + "budgets:DeleteBudgetAction", + "budgets:DescribeBudgetActionsForBudget", + "budgets:DescribeBudgetAction", + "budgets:DescribeBudgetActionsForAccount", + "budgets:DescribeBudgetActionHistories", + "budgets:ExecuteBudgetAction", "budgets:ModifyBudget", - "ce:UpdatePreferences", - "ce:CreateReport", - "ce:UpdateReport", - "ce:DeleteReport", + "budgets:UpdateBudgetAction", + "budgets:ViewBudget", + "ce:CreateCostCategoryDefinition", "ce:CreateNotificationSubscription", - "ce:UpdateNotificationSubscription", + "ce:CreateReport", + "ce:DeleteCostCategoryDefinition", "ce:DeleteNotificationSubscription", - "cur:DescribeReportDefinitions", - "cur:PutReportDefinition", - "cur:ModifyReportDefinition", + "ce:DeleteReport", + "ce:DescribeCostCategoryDefinition", + "ce:GetCostAndUsage", + "ce:ListCostAllocationTags", + "ce:ListCostCategoryDefinitions", + "ce:ListTagsForResource", + "ce:TagResource", + "ce:UpdateCostAllocationTagsStatus", + "ce:UpdateNotificationSubscription", + "ce:UpdatePreferences", + "ce:UpdateReport", + "ce:UpdateCostCategoryDefinition", + "ce:UntagResource", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", "cur:DeleteReportDefinition", - "purchase-orders:*PurchaseOrders" + "cur:DescribeReportDefinitions", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:GetUsageReport", + "cur:ModifyReportDefinition", + "cur:PutClassicReportPreferences", + "cur:PutReportDefinition", + "cur:ValidateReportDestination", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", + "freetier:PutFreeTierAlertPreference", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", + "invoicing:PutInvoiceEmailDeliveryPreferences", + "payments:CreatePaymentInstrument", + "payments:DeletePaymentInstrument", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "payments:MakePayment", + "payments:UpdatePaymentPreferences", + "pricing:DescribeServices", + "purchase-orders:AddPurchaseOrder", + "purchase-orders:DeletePurchaseOrder", + "purchase-orders:GetPurchaseOrder", + "purchase-orders:ListPurchaseOrderInvoices", + "purchase-orders:ListPurchaseOrders", + "purchase-orders:ListTagsForResource", + "purchase-orders:ModifyPurchaseOrders", + "purchase-orders:TagResource", + "purchase-orders:UntagResource", + "purchase-orders:UpdatePurchaseOrder", + "purchase-orders:UpdatePurchaseOrderStatus", + "purchase-orders:ViewPurchaseOrders", + "support:CreateCase", + "support:AddAttachmentsToSet", + "sustainability:GetCarbonFootprintSummary", + "tax:BatchPutTaxRegistration", + "tax:DeleteTaxRegistration", + "tax:GetExemptions", + "tax:GetTaxInheritance", + "tax:GetTaxInterview", + "tax:GetTaxRegistration", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "tax:PutTaxInheritance", + "tax:PutTaxInterview", + "tax:PutTaxRegistration", + "tax:UpdateExemptions" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"VisualEditor0" } ], "Version":"2012-10-17" }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-10-05T20:37:01+00:00" + "UpdateDate":"2024-01-17T18:03:48+00:00" }, "CertificateManagerServiceRolePolicy":{ "CreateDate":"2020-06-25T17:56:49+00:00", @@ -54387,7 +75779,7 @@ aws_managed_policies_data = """ }, "CloudFrontFullAccess":{ "CreateDate":"2015-02-06T18:39:50+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -54395,12 +75787,14 @@ aws_managed_policies_data = """ "s3:ListAllMyBuckets" ], "Effect":"Allow", - "Resource":"arn:aws:s3:::*" + "Resource":"arn:aws:s3:::*", + "Sid":"cfflistbuckets" }, { "Action":[ "acm:ListCertificates", "cloudfront:*", + "cloudfront-keyvaluestore:*", "iam:ListServerCertificates", "waf:ListWebACLs", "waf:GetWebACL", @@ -54409,40 +75803,46 @@ aws_managed_policies_data = """ "kinesis:ListStreams" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"cffullaccess" }, { "Action":[ "kinesis:DescribeStream" ], "Effect":"Allow", - "Resource":"arn:aws:kinesis:*:*:*" + "Resource":"arn:aws:kinesis:*:*:*", + "Sid":"cffdescribestream" }, { "Action":[ "iam:ListRoles" ], "Effect":"Allow", - "Resource":"arn:aws:iam::*:*" + "Resource":"arn:aws:iam::*:*", + "Sid":"cfflistroles" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-09-03T20:18:42+00:00" + "UpdateDate":"2024-01-04T16:56:08+00:00" }, "CloudFrontReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:55+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "acm:ListCertificates", - "cloudfront:DescribeFunction", + "cloudfront:Describe*", "cloudfront:Get*", "cloudfront:List*", + "cloudfront-keyvaluestore:Describe*", + "cloudfront-keyvaluestore:Get*", + "cloudfront-keyvaluestore:List*", "iam:ListServerCertificates", "route53:List*", "waf:ListWebACLs", @@ -54451,14 +75851,15 @@ aws_managed_policies_data = """ "wafv2:GetWebACL" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"cfReadOnly" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-09-08T22:10:54+00:00" + "UpdateDate":"2024-01-04T16:55:27+00:00" }, "CloudHSMServiceRolePolicy":{ "CreateDate":"2017-11-06T19:12:46+00:00", @@ -54525,7 +75926,7 @@ aws_managed_policies_data = """ }, "CloudTrailServiceRolePolicy":{ "CreateDate":"2018-10-24T21:21:44+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -54548,13 +75949,52 @@ aws_managed_policies_data = """ "*" ], "Sid":"AwsOrgsAccess" + }, + { + "Action":"organizations:ListDelegatedAdministrators", + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "cloudtrail.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AwsOrgsDelegatedAdminAccess" + }, + { + "Action":"glue:DeleteTable", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:glue:*:*:catalog", + "arn:*:glue:*:*:database/aws:cloudtrail", + "arn:*:glue:*:*:table/aws:cloudtrail/*" + ], + "Sid":"DeleteTableAccess" + }, + { + "Action":"lakeformation:DeregisterResource", + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"DeregisterResourceAccess" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-10-24T21:21:44+00:00" + "UpdateDate":"2023-11-27T01:18:10+00:00" }, "CloudWatch-CrossAccountAccess":{ "CreateDate":"2019-07-23T09:59:27+00:00", @@ -54746,6 +76186,81 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-11-24T18:48:00+00:00" }, + "CloudWatchApplicationSignalsServiceRolePolicy":{ + "CreateDate":"2023-11-09T18:09:57+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "xray:GetServiceGraph" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"XRayPermission" + }, + { + "Action":[ + "logs:StartQuery", + "logs:GetQueryResults" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/appsignals/eks:*", + "arn:aws:logs:*:*:log-group:/aws/appsignals/generic:*" + ], + "Sid":"CWLogsPermission" + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"CWMetricsPermission" + }, + { + "Action":[ + "tag:GetResources" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceAccount":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"TagsPermission" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-09T18:09:57+00:00" + }, "CloudWatchAutomaticDashboardsAccess":{ "CreateDate":"2019-07-23T10:01:08+00:00", "DefaultVersionId":"v4", @@ -54807,6 +76322,46 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-04-20T13:05:40+00:00" }, + "CloudWatchCrossAccountSharingConfiguration":{ + "CreateDate":"2022-11-27T14:01:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:Link", + "oam:ListLinks" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "oam:DeleteLink", + "oam:GetLink", + "oam:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:oam:*:*:link/*" + }, + { + "Action":[ + "oam:CreateLink", + "oam:UpdateLink" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:oam:*:*:link/*", + "arn:aws:oam:*:*:sink/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-27T14:01:10+00:00" + }, "CloudWatchEventsBuiltInTargetExecutionAccess":{ "CreateDate":"2016-01-14T18:35:49+00:00", "DefaultVersionId":"v1", @@ -54833,27 +76388,88 @@ aws_managed_policies_data = """ }, "CloudWatchEventsFullAccess":{ "CreateDate":"2016-01-14T18:37:08+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { - "Action":"events:*", + "Action":[ + "events:*", + "schemas:*", + "scheduler:*", + "pipes:*" + ], "Effect":"Allow", "Resource":"*", - "Sid":"CloudWatchEventsFullAccess" + "Sid":"EventBridgeActions" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"apidestinations.events.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy", + "Sid":"IAMCreateServiceLinkedRoleForApiDestinations" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"schemas.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas", + "Sid":"IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:events!*", + "Sid":"SecretsManagerAccessForApiDestinations" }, { "Action":"iam:PassRole", "Effect":"Allow", "Resource":"arn:aws:iam::*:role/AWS_Events_Invoke_Targets", "Sid":"IAMPassRoleForCloudWatchEvents" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"scheduler.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMPassRoleAccessForScheduler" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"pipes.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"IAMPassRoleAccessForPipes" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2016-01-14T18:37:08+00:00" + "UpdateDate":"2022-12-01T17:05:05+00:00" }, "CloudWatchEventsInvocationAccess":{ "CreateDate":"2016-01-14T18:36:33+00:00", @@ -54877,28 +76493,62 @@ aws_managed_policies_data = """ }, "CloudWatchEventsReadOnlyAccess":{ "CreateDate":"2016-01-14T18:27:18+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ "events:DescribeRule", + "events:DescribeEventBus", + "events:DescribeEventSource", + "events:ListEventBuses", + "events:ListEventSources", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule", "events:TestEventPattern", - "events:DescribeEventBus" + "events:DescribeArchive", + "events:ListArchives", + "events:DescribeReplay", + "events:ListReplays", + "events:DescribeConnection", + "events:ListConnections", + "events:DescribeApiDestination", + "events:ListApiDestinations", + "events:DescribeEndpoint", + "events:ListEndpoints", + "schemas:DescribeCodeBinding", + "schemas:DescribeDiscoverer", + "schemas:DescribeRegistry", + "schemas:DescribeSchema", + "schemas:ExportSchema", + "schemas:GetCodeBindingSource", + "schemas:GetDiscoveredSchema", + "schemas:GetResourcePolicy", + "schemas:ListDiscoverers", + "schemas:ListRegistries", + "schemas:ListSchemas", + "schemas:ListSchemaVersions", + "schemas:ListTagsForResource", + "schemas:SearchSchemas", + "scheduler:GetSchedule", + "scheduler:GetScheduleGroup", + "scheduler:ListSchedules", + "scheduler:ListScheduleGroups", + "scheduler:ListTagsForResource", + "pipes:DescribePipe", + "pipes:ListPipes", + "pipes:ListTagsForResource" ], "Effect":"Allow", - "Resource":"*", - "Sid":"CloudWatchEventsReadOnlyAccess" + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2017-08-10T17:25:34+00:00" + "UpdateDate":"2022-12-01T16:29:31+00:00" }, "CloudWatchEventsServiceRolePolicy":{ "CreateDate":"2017-11-17T00:42:04+00:00", @@ -54930,7 +76580,7 @@ aws_managed_policies_data = """ }, "CloudWatchFullAccess":{ "CreateDate":"2015-02-06T18:40:00+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -54941,7 +76591,8 @@ aws_managed_policies_data = """ "sns:*", "iam:GetPolicy", "iam:GetPolicyVersion", - "iam:GetRole" + "iam:GetRole", + "oam:ListSinks" ], "Effect":"Allow", "Resource":"*" @@ -54955,13 +76606,133 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*" + }, + { + "Action":[ + "oam:ListAttachedLinks" + ], + "Effect":"Allow", + "Resource":"arn:aws:oam:*:*:sink/*" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-08-09T19:10:43+00:00" + "UpdateDate":"2022-11-27T13:23:49+00:00" + }, + "CloudWatchFullAccessV2":{ + "CreateDate":"2023-08-01T11:32:57+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "application-autoscaling:DescribeScalingPolicies", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribePolicies", + "cloudwatch:*", + "logs:*", + "sns:CreateTopic", + "sns:ListSubscriptions", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "sns:Subscribe", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "oam:ListSinks", + "rum:*", + "synthetics:*", + "xray:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchFullAccessPermissions" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"application-signals.cloudwatch.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals", + "Sid":"CloudWatchApplicationSignalsServiceLinkedRolePermissions" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"events.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*", + "Sid":"EventsServicePermissions" + }, + { + "Action":[ + "oam:ListAttachedLinks" + ], + "Effect":"Allow", + "Resource":"arn:aws:oam:*:*:sink/*", + "Sid":"OAMReadPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-05T19:36:00+00:00" + }, + "CloudWatchInternetMonitorServiceRolePolicy":{ + "CreateDate":"2022-11-27T17:46:24+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudfront:GetDistribution", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcs", + "elasticloadbalancing:DescribeLoadBalancers", + "workspaces:DescribeWorkspaceDirectories" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"logs:CreateLogGroup", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/internet-monitor/*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/internet-monitor/*:log-stream:*" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/InternetMonitor" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-07-20T04:46:37+00:00" }, "CloudWatchLambdaInsightsExecutionRolePolicy":{ "CreateDate":"2020-10-07T19:27:06+00:00", @@ -54988,28 +76759,70 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-10-07T19:27:06+00:00" }, - "CloudWatchLogsFullAccess":{ - "CreateDate":"2015-02-06T18:40:02+00:00", + "CloudWatchLogsCrossAccountSharingConfiguration":{ + "CreateDate":"2022-11-27T13:55:22+00:00", "DefaultVersionId":"v1", "Document":{ "Statement":[ { "Action":[ - "logs:*" + "logs:Link", + "oam:ListLinks" ], "Effect":"Allow", "Resource":"*" + }, + { + "Action":[ + "oam:DeleteLink", + "oam:GetLink", + "oam:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:oam:*:*:link/*" + }, + { + "Action":[ + "oam:CreateLink", + "oam:UpdateLink" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:oam:*:*:link/*", + "arn:aws:oam:*:*:sink/*" + ] } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2015-02-06T18:40:02+00:00" + "UpdateDate":"2022-11-27T13:55:22+00:00" + }, + "CloudWatchLogsFullAccess":{ + "CreateDate":"2015-02-06T18:40:02+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:*", + "cloudwatch:GenerateQuery" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchLogsFullAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-26T18:12:09+00:00" }, "CloudWatchLogsReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:03+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -55020,27 +76833,92 @@ aws_managed_policies_data = """ "logs:StartQuery", "logs:StopQuery", "logs:TestMetricFilter", - "logs:FilterLogEvents" + "logs:FilterLogEvents", + "logs:StartLiveTail", + "logs:StopLiveTail", + "cloudwatch:GenerateQuery" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CloudWatchLogsReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-01-14T19:32:45+00:00" + "UpdateDate":"2023-11-26T18:11:33+00:00" + }, + "CloudWatchNetworkMonitorServiceRolePolicy":{ + "CreateDate":"2023-12-21T18:53:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/NetworkMonitor" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PublishCw" + }, + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeVpcs", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeAny" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterfacePermission", + "ec2:RevokeSecurityGroupEgress", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/ManagedByCloudWatchNetworkMonitor":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"DeleteModifyEc2Resources" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-21T18:53:19+00:00" }, "CloudWatchReadOnlyAccess":{ "CreateDate":"2015-02-06T18:40:01+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { "Action":[ + "application-autoscaling:DescribeScalingPolicies", "autoscaling:Describe*", + "cloudwatch:BatchGet*", "cloudwatch:Describe*", + "cloudwatch:GenerateQuery", "cloudwatch:Get*", "cloudwatch:List*", "logs:Get*", @@ -55050,18 +76928,38 @@ aws_managed_policies_data = """ "logs:Describe*", "logs:TestMetricFilter", "logs:FilterLogEvents", + "logs:StartLiveTail", + "logs:StopLiveTail", + "oam:ListSinks", "sns:Get*", - "sns:List*" + "sns:List*", + "rum:BatchGet*", + "rum:Get*", + "rum:List*", + "synthetics:Describe*", + "synthetics:Get*", + "synthetics:List*", + "xray:BatchGet*", + "xray:Get*" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"CloudWatchReadOnlyAccessPermissions" + }, + { + "Action":[ + "oam:ListAttachedLinks" + ], + "Effect":"Allow", + "Resource":"arn:aws:oam:*:*:sink/*", + "Sid":"OAMReadPermissions" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-07-17T17:49:09+00:00" + "UpdateDate":"2023-12-05T19:24:15+00:00" }, "CloudWatchSyntheticsFullAccess":{ "CreateDate":"2019-11-25T17:39:46+00:00", @@ -55288,7 +77186,7 @@ aws_managed_policies_data = """ }, "CloudwatchApplicationInsightsServiceLinkedRolePolicy":{ "CreateDate":"2018-12-01T16:22:12+00:00", - "DefaultVersionId":"v19", + "DefaultVersionId":"v24", "Document":{ "Statement":[ { @@ -55344,7 +77242,8 @@ aws_managed_policies_data = """ { "Action":[ "cloudFormation:DescribeStacks", - "cloudFormation:ListStackResources" + "cloudFormation:ListStackResources", + "cloudFormation:ListStacks" ], "Effect":"Allow", "Resource":[ @@ -55451,7 +77350,8 @@ aws_managed_policies_data = """ }, { "Action":[ - "ssm:ListCommandInvocations" + "ssm:ListCommandInvocations", + "ssm:GetCommandInvocation" ], "Effect":"Allow", "Resource":[ @@ -55473,7 +77373,10 @@ aws_managed_policies_data = """ "Action":[ "ec2:DescribeInstances", "ec2:DescribeVolumes", - "ec2:DescribeVolumeStatus" + "ec2:DescribeVolumeStatus", + "ec2:DescribeVpcs", + "ec2:DescribeVpcAttribute", + "ec2:DescribeNatGateways" ], "Effect":"Allow", "Resource":[ @@ -55613,7 +77516,8 @@ aws_managed_policies_data = """ "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListNodegroups", - "fsx:DescribeFileSystems" + "fsx:DescribeFileSystems", + "fsx:DescribeVolumes" ], "Effect":"Allow", "Resource":[ @@ -55658,13 +77562,52 @@ aws_managed_policies_data = """ "arn:aws:logs:*:*:log-group:*", "arn:aws:logs:*:*:destination:AmazonCloudWatch-ApplicationInsights-LogIngestionDestination*" ] + }, + { + "Action":[ + "elasticfilesystem:DescribeFileSystems" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "route53:GetHostedZone", + "route53:GetHealthCheck", + "route53:ListHostedZones", + "route53:ListHealthChecks", + "route53:ListQueryLoggingConfigs" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "route53resolver:ListFirewallRuleGroupAssociations", + "route53resolver:GetFirewallRuleGroup", + "route53resolver:ListFirewallRuleGroups", + "route53resolver:ListResolverEndpoints", + "route53resolver:GetResolverQueryLogConfig", + "route53resolver:ListResolverQueryLogConfigs", + "route53resolver:ListResolverQueryLogConfigAssociations", + "route53resolver:GetResolverEndpoint", + "route53resolver:GetFirewallRuleGroupAssociation" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-01-25T17:51:32+00:00" + "UpdateDate":"2023-05-11T16:34:40+00:00" }, "ComprehendDataAccessRolePolicy":{ "CreateDate":"2019-03-06T22:28:15+00:00", @@ -55790,7 +77733,7 @@ aws_managed_policies_data = """ }, "ComputeOptimizerReadOnlyAccess":{ "CreateDate":"2020-03-07T00:11:02+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -55806,8 +77749,13 @@ aws_managed_policies_data = """ "compute-optimizer:GetLambdaFunctionRecommendations", "compute-optimizer:GetRecommendationPreferences", "compute-optimizer:GetEffectiveRecommendationPreferences", + "compute-optimizer:GetECSServiceRecommendations", + "compute-optimizer:GetECSServiceRecommendationProjectedMetrics", + "compute-optimizer:GetLicenseRecommendations", "ec2:DescribeInstances", "ec2:DescribeVolumes", + "ecs:ListServices", + "ecs:ListClusters", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "lambda:ListFunctions", @@ -55825,7 +77773,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-11-29T16:03:07+00:00" + "UpdateDate":"2023-08-28T19:22:58+00:00" }, "ComputeOptimizerServiceRolePolicy":{ "CreateDate":"2019-12-03T08:45:19+00:00", @@ -55888,18 +77836,24 @@ aws_managed_policies_data = """ }, "ConfigConformsServiceRolePolicy":{ "CreateDate":"2019-07-25T21:38:05+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { "Action":[ "config:PutConfigRule", - "config:DeleteConfigRule", - "config:DescribeConfigRules" + "config:DeleteConfigRule" ], "Effect":"Allow", "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*" }, + { + "Action":[ + "config:DescribeConfigRules" + ], + "Effect":"Allow", + "Resource":"*" + }, { "Action":[ "config:DescribeRemediationConfigurations", @@ -55996,7 +77950,154 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-26T00:33:20+00:00" + "UpdateDate":"2023-01-12T04:17:34+00:00" + }, + "CostOptimizationHubAdminAccess":{ + "CreateDate":"2023-12-19T00:03:51+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cost-optimization-hub:ListEnrollmentStatuses", + "cost-optimization-hub:UpdateEnrollmentStatus", + "cost-optimization-hub:GetPreferences", + "cost-optimization-hub:UpdatePreferences", + "cost-optimization-hub:GetRecommendation", + "cost-optimization-hub:ListRecommendations", + "cost-optimization-hub:ListRecommendationSummaries" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CostOptimizationHubAdminAccess" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"cost-optimization-hub.bcm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/AWSServiceRoleForCostOptimizationHub" + ], + "Sid":"AllowCreationOfServiceLinkedRoleForCostOptimizationHub" + }, + { + "Action":[ + "organizations:EnableAWSServiceAccess" + ], + "Condition":{ + "StringLike":{ + "organizations:ServicePrincipal":[ + "cost-optimization-hub.bcm.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAWSServiceAccessForCostOptimizationHub" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-19T00:03:51+00:00" + }, + "CostOptimizationHubReadOnlyAccess":{ + "CreateDate":"2023-12-13T18:04:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cost-optimization-hub:ListEnrollmentStatuses", + "cost-optimization-hub:GetPreferences", + "cost-optimization-hub:GetRecommendation", + "cost-optimization-hub:ListRecommendations", + "cost-optimization-hub:ListRecommendationSummaries" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CostOptimizationHubReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-13T18:04:15+00:00" + }, + "CostOptimizationHubServiceRolePolicy":{ + "CreateDate":"2023-11-26T08:03:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListParents", + "organizations:DescribeOrganizationalUnit" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AwsOrgsAccess" + }, + { + "Action":[ + "ce:ListCostAllocationTags" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"CostExplorerAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-26T08:03:59+00:00" + }, + "CustomerProfilesServiceLinkedRolePolicy":{ + "CreateDate":"2023-03-07T22:56:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/CustomerProfiles" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:DeleteRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/profile.amazonaws.com/AWSServiceRoleForProfile_*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-07T22:56:52+00:00" }, "DAXServiceRolePolicy":{ "CreateDate":"2018-03-05T17:51:25+00:00", @@ -56358,7 +78459,7 @@ aws_managed_policies_data = """ }, "DynamoDBReplicationServiceRolePolicy":{ "CreateDate":"2017-11-09T23:55:34+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -56376,13 +78477,16 @@ aws_managed_policies_data = """ "dynamodb:DescribeTimeToLive", "dynamodb:UpdateTimeToLive", "dynamodb:DescribeLimits", + "dynamodb:GetResourcePolicy", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:PutScalingPolicy", - "application-autoscaling:DescribeScalingPolicies" + "application-autoscaling:DescribeScalingPolicies", + "account:ListRegions" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DynamoDBActionsNeededForSteadyStateReplication" }, { "Action":[ @@ -56396,14 +78500,15 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"DynamoDBReplicationServiceRolePolicy" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-09-09T18:43:04+00:00" + "UpdateDate":"2024-01-08T20:10:36+00:00" }, "EC2FastLaunchServiceRolePolicy":{ "CreateDate":"2022-01-10T13:08:21+00:00", @@ -56640,6 +78745,92 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-12-23T19:47:15+00:00" }, + "EC2ImageBuilderLifecycleExecutionPolicy":{ + "CreateDate":"2023-11-16T23:23:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:EnableImage", + "ec2:DeregisterImage", + "ec2:EnableImageDeprecation", + "ec2:DescribeImageAttribute", + "ec2:DisableImage", + "ec2:DisableImageDeprecation" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::image/*", + "Sid":"Ec2ImagePermission" + }, + { + "Action":"ec2:DeleteSnapshot", + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"EC2DeleteSnapshotPermission" + }, + { + "Action":[ + "ec2:DeleteTags", + "ec2:CreateTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"DeprecatedBy" + }, + "StringEquals":{ + "aws:RequestTag/DeprecatedBy":"EC2 Image Builder", + "aws:ResourceTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*::image/*" + ], + "Sid":"EC2TagsPermission" + }, + { + "Action":[ + "ecr:BatchGetImage", + "ecr:BatchDeleteImage" + ], + "Condition":{ + "StringEquals":{ + "ecr:ResourceTag/LifecycleExecutionAccess":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ecr:*:*:repository/*", + "Sid":"ECRImagePermission" + }, + { + "Action":[ + "ec2:DescribeImages", + "tag:GetResources", + "imagebuilder:DeleteImage" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ImageBuilderEC2TagServicePermission" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-16T23:23:09+00:00" + }, "EC2InstanceConnect":{ "CreateDate":"2019-06-27T18:53:34+00:00", "DefaultVersionId":"v1", @@ -56790,6 +78981,25 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-12-04T22:11:28+00:00" }, + "EMRDescribeClusterPolicyForEMRWAL":{ + "CreateDate":"2023-06-15T23:30:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticmapreduce:DescribeCluster" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-15T23:30:22+00:00" + }, "Ec2ImageBuilderCrossAccountDistributionAccess":{ "CreateDate":"2020-09-30T19:22:54+00:00", "DefaultVersionId":"v1", @@ -56816,9 +79026,99 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2020-09-30T19:22:54+00:00" }, + "Ec2InstanceConnectEndpoint":{ + "CreateDate":"2023-01-24T20:19:21+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeAvailabilityZones" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:subnet/*" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "InstanceConnectEndpointId" + ] + }, + "Null":{ + "aws:RequestTag/InstanceConnectEndpointId":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/InstanceConnectEndpointId":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "InstanceConnectEndpointId" + ] + }, + "Null":{ + "aws:RequestTag/InstanceConnectEndpointId":"false" + }, + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:DeleteNetworkInterface" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/InstanceConnectEndpointId":[ + "eice-*" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-01-24T20:19:21+00:00" + }, "ElastiCacheServiceRolePolicy":{ "CreateDate":"2017-12-07T17:50:04+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -56833,6 +79133,7 @@ aws_managed_policies_data = """ "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", "ec2:ModifyNetworkInterfaceAttribute", "ec2:RevokeSecurityGroupIngress", "cloudwatch:PutMetricData", @@ -56842,18 +79143,69 @@ aws_managed_policies_data = """ "outposts:ListSites" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"ElastiCacheManagementActions" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringLike":{ + "ec2:VpceServiceName":"com.amazonaws.elasticache.serverless.*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"CreateDeleteVPCEndpoints" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/AmazonElastiCacheManaged":"true", + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"TagVPCEndpointsOnCreation" + }, + { + "Action":[ + "ec2:ModifyVpcEndpoint" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/AmazonElastiCacheManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"ModifyVpcEndpoints" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcEndpoint" + ], + "Effect":"Allow", + "NotResource":"arn:aws:ec2:*:*:vpc-endpoint/*", + "Sid":"AllowAccessToElastiCacheTaggedVpcEndpoints" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-02-06T21:27:13+00:00" + "UpdateDate":"2023-11-28T03:05:37+00:00" }, "ElasticLoadBalancingFullAccess":{ "CreateDate":"2018-09-20T20:42:07+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { @@ -56891,29 +79243,16 @@ aws_managed_policies_data = """ }, "Effect":"Allow", "Resource":"*" - } - ], - "Version":"2012-10-17" - }, - "Path":"/", - "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-08-26T18:32:13+00:00" - }, - "ElasticLoadBalancingReadOnly":{ - "CreateDate":"2018-09-20T20:17:09+00:00", - "DefaultVersionId":"v1", - "Document":{ - "Statement":[ + }, { - "Action":"elasticloadbalancing:Describe*", + "Action":"arc-zonal-shift:*", "Effect":"Allow", - "Resource":"*" + "Resource":"arn:aws:elasticloadbalancing:*:*:loadbalancer/*" }, { "Action":[ - "ec2:DescribeInstances", - "ec2:DescribeClassicLinkInstances", - "ec2:DescribeSecurityGroups" + "arc-zonal-shift:ListManagedResources", + "arc-zonal-shift:ListZonalShifts" ], "Effect":"Allow", "Resource":"*" @@ -56923,7 +79262,53 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-09-20T20:17:09+00:00" + "UpdateDate":"2022-11-29T01:45:49+00:00" + }, + "ElasticLoadBalancingReadOnly":{ + "CreateDate":"2018-09-20T20:17:09+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticloadbalancing:Describe*", + "elasticloadbalancing:Get*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Statement1" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeClassicLinkInstances", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Statement2" + }, + { + "Action":"arc-zonal-shift:GetManagedResource", + "Effect":"Allow", + "Resource":"arn:aws:elasticloadbalancing:*:*:loadbalancer/*", + "Sid":"Statement3" + }, + { + "Action":[ + "arc-zonal-shift:ListManagedResources", + "arc-zonal-shift:ListZonalShifts" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Statement4" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-26T18:15:46+00:00" }, "ElementalActivationsDownloadSoftwareAccess":{ "CreateDate":"2020-09-08T17:26:09+00:00", @@ -57068,7 +79453,7 @@ aws_managed_policies_data = """ }, "FMSServiceRolePolicy":{ "CreateDate":"2018-03-28T23:01:12+00:00", - "DefaultVersionId":"v25", + "DefaultVersionId":"v28", "Document":{ "Statement":[ { @@ -57167,9 +79552,6 @@ aws_managed_policies_data = """ { "Action":[ "config:DeleteConfigRule", - "config:DescribeComplianceByConfigRule", - "config:DescribeConfigRuleEvaluationStatus", - "config:DescribeConfigRules", "config:GetComplianceDetailsByConfigRule", "config:PutConfigRule", "config:StartConfigRulesEvaluation" @@ -57179,6 +79561,7 @@ aws_managed_policies_data = """ }, { "Action":[ + "config:DescribeComplianceByConfigRule", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:PutConfigurationRecorder", @@ -57208,6 +79591,8 @@ aws_managed_policies_data = """ "Action":[ "organizations:DescribeAccount", "organizations:DescribeOrganization", + "config:DescribeConfigRuleEvaluationStatus", + "config:DescribeConfigRules", "organizations:ListAccounts", "organizations:DescribeOrganizationalUnit", "organizations:ListChildren", @@ -57251,9 +79636,7 @@ aws_managed_policies_data = """ "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", - "ec2:UpdateSecurityGroupRuleDescriptionsIngress", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeInstances" + "ec2:UpdateSecurityGroupRuleDescriptionsIngress" ], "Effect":"Allow", "Resource":[ @@ -57262,6 +79645,14 @@ aws_managed_policies_data = """ "arn:aws:ec2:*:*:instance/*" ] }, + { + "Action":[ + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, { "Action":[ "ec2:CreateTags" @@ -57676,7 +80067,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-06-24T20:29:28+00:00" + "UpdateDate":"2023-04-21T18:33:58+00:00" }, "FSxDeleteServiceLinkedRoleAccess":{ "CreateDate":"2018-11-28T10:40:24+00:00", @@ -57857,28 +80248,69 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2018-12-18T00:59:43+00:00" }, - "Health_OrganizationsServiceRolePolicy":{ - "CreateDate":"2019-12-16T13:28:21+00:00", - "DefaultVersionId":"v2", + "GroundTruthSyntheticConsoleFullAccess":{ + "CreateDate":"2022-08-25T15:58:49+00:00", + "DefaultVersionId":"v1", "Document":{ "Statement":[ { - "Action":"organizations:ListAccounts", + "Action":[ + "sagemaker-groundtruth-synthetic:*", + "s3:ListBucket" + ], "Effect":"Allow", "Resource":"*" - }, + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-08-25T15:58:49+00:00" + }, + "GroundTruthSyntheticConsoleReadOnlyAccess":{ + "CreateDate":"2022-08-25T15:58:49+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ { - "Action":"organizations:ListAWSServiceAccessForOrganization", + "Action":[ + "sagemaker-groundtruth-synthetic:List*", + "sagemaker-groundtruth-synthetic:Get*", + "s3:ListBucket" + ], "Effect":"Allow", - "Resource":"*", - "Sid":"ListAWSServiceAccessForOrganization0" + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-08-25T15:58:49+00:00" + }, + "Health_OrganizationsServiceRolePolicy":{ + "CreateDate":"2019-12-16T13:28:21+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators", + "organizations:DescribeOrganization", + "organizations:DescribeAccount" + ], + "Effect":"Allow", + "Resource":"*" } ], "Version":"2012-10-17" }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-06-08T12:48:44+00:00" + "UpdateDate":"2023-07-19T14:34:18+00:00" }, "IAMAccessAdvisorReadOnly":{ "CreateDate":"2019-06-21T19:33:45+00:00", @@ -57969,24 +80401,27 @@ aws_managed_policies_data = """ }, "IAMAccessAnalyzerReadOnlyAccess":{ "CreateDate":"2019-12-02T17:12:53+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { "Action":[ + "access-analyzer:CheckAccessNotGranted", + "access-analyzer:CheckNoNewAccess", "access-analyzer:Get*", "access-analyzer:List*", "access-analyzer:ValidatePolicy" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"IAMAccessAnalyzerReadOnlyAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-03-16T20:37:30+00:00" + "UpdateDate":"2023-11-27T02:24:16+00:00" }, "IAMFullAccess":{ "CreateDate":"2015-02-06T18:40:38+00:00", @@ -58115,6 +80550,66 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-07-09T17:08:54+00:00" }, + "IVSFullAccess":{ + "CreateDate":"2023-12-13T21:20:21+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ivs:*", + "ivschat:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IVSFullAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-13T21:20:21+00:00" + }, + "IVSReadOnlyAccess":{ + "CreateDate":"2023-12-05T18:00:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ivs:BatchGetChannel", + "ivs:GetChannel", + "ivs:GetParticipant", + "ivs:GetPlaybackKeyPair", + "ivs:GetRecordingConfiguration", + "ivs:GetStage", + "ivs:GetStageSession", + "ivs:GetStream", + "ivs:GetStreamSession", + "ivs:ListChannels", + "ivs:ListParticipants", + "ivs:ListParticipantEvents", + "ivs:ListPlaybackKeyPairs", + "ivs:ListRecordingConfigurations", + "ivs:ListStages", + "ivs:ListStageSessions", + "ivs:ListStreamKeys", + "ivs:ListStreams", + "ivs:ListStreamSessions", + "ivs:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IVSReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-05T18:00:37+00:00" + }, "IVSRecordToS3":{ "CreateDate":"2020-12-05T00:10:43+00:00", "DefaultVersionId":"v1", @@ -58203,7 +80698,7 @@ aws_managed_policies_data = """ }, "KafkaServiceRolePolicy":{ "CreateDate":"2018-11-15T23:31:48+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -58214,12 +80709,36 @@ aws_managed_policies_data = """ "ec2:AttachNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DetachNetworkInterface", + "ec2:DescribeVpcEndpoints", "acm-pca:GetCertificateAuthorityCertificate", "secretsmanager:ListSecrets" ], "Effect":"Allow", "Resource":"*" }, + { + "Action":[ + "ec2:ModifyVpcEndpoint" + ], + "Effect":"Allow", + "Resource":"arn:*:ec2:*:*:subnet/*" + }, + { + "Action":[ + "ec2:DeleteVpcEndpoints", + "ec2:ModifyVpcEndpoint" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/AWSMSKManaged":"true" + }, + "StringLike":{ + "ec2:ResourceTag/ClusterArn":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ec2:*:*:vpc-endpoint/*" + }, { "Action":[ "secretsmanager:GetResourcePolicy", @@ -58240,7 +80759,29 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-08-26T20:40:53+00:00" + "UpdateDate":"2023-04-28T00:39:35+00:00" + }, + "KeyspacesReplicationServiceRolePolicy":{ + "CreateDate":"2023-05-02T16:15:49+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cassandra:Select", + "cassandra:SelectMultiRegionResource", + "cassandra:Modify", + "cassandra:ModifyMultiRegionResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-05-02T16:15:49+00:00" }, "LakeFormationDataAccessServiceRolePolicy":{ "CreateDate":"2019-06-20T20:46:19+00:00", @@ -58349,6 +80890,28 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-01-15T01:45:33+00:00" }, + "MediaConnectGatewayInstanceRolePolicy":{ + "CreateDate":"2023-03-22T20:43:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mediaconnect:DiscoverGatewayPollEndpoint", + "mediaconnect:PollGateway", + "mediaconnect:SubmitGatewayStateChange" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"MediaConnectGateway" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-22T20:43:25+00:00" + }, "MediaPackageServiceRolePolicy":{ "CreateDate":"2020-09-18T17:45:47+00:00", "DefaultVersionId":"v1", @@ -58628,7 +81191,7 @@ aws_managed_policies_data = """ }, "NeptuneConsoleFullAccess":{ "CreateDate":"2018-06-19T21:35:19+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -58647,7 +81210,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:rds:*:*:*" - ] + ], + "Sid":"AllowNeptuneCreate" }, { "Action":[ @@ -58716,7 +81280,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AllowManagementPermissionsForRDS" }, { "Action":[ @@ -58783,7 +81348,8 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "*" - ] + ], + "Sid":"AllowOtherDepedentPermissions" }, { "Action":"iam:PassRole", @@ -58793,7 +81359,8 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"AllowPassRoleForNeptune" }, { "Action":"iam:CreateServiceLinkedRole", @@ -58803,14 +81370,65 @@ aws_managed_policies_data = """ } }, "Effect":"Allow", - "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" + "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", + "Sid":"AllowCreateSLRForNeptune" + }, + { + "Action":[ + "neptune-graph:CreateGraph", + "neptune-graph:DeleteGraph", + "neptune-graph:GetGraph", + "neptune-graph:ListGraphs", + "neptune-graph:UpdateGraph", + "neptune-graph:ResetGraph", + "neptune-graph:CreateGraphSnapshot", + "neptune-graph:DeleteGraphSnapshot", + "neptune-graph:GetGraphSnapshot", + "neptune-graph:ListGraphSnapshots", + "neptune-graph:RestoreGraphFromSnapshot", + "neptune-graph:CreatePrivateGraphEndpoint", + "neptune-graph:GetPrivateGraphEndpoint", + "neptune-graph:ListPrivateGraphEndpoints", + "neptune-graph:DeletePrivateGraphEndpoint", + "neptune-graph:CreateGraphUsingImportTask", + "neptune-graph:GetImportTask", + "neptune-graph:ListImportTasks", + "neptune-graph:CancelImportTask" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:neptune-graph:*:*:*" + ], + "Sid":"AllowManagementPermissionsForNeptuneAnalytics" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:passedToService":"neptune-graph.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowPassRoleForNeptuneAnalytics" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"neptune-graph.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/neptune-graph.amazonaws.com/AWSServiceRoleForNeptuneGraph", + "Sid":"AllowCreateSLRForNeptuneAnalytics" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-09-02T17:25:07+00:00" + "UpdateDate":"2023-11-30T07:32:44+00:00" }, "NeptuneFullAccess":{ "CreateDate":"2018-05-30T19:17:31+00:00", @@ -58977,6 +81595,71 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2022-07-28T19:58:27+00:00" }, + "NeptuneGraphReadOnlyAccess":{ + "CreateDate":"2023-11-30T07:32:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "neptune-graph:Get*", + "neptune-graph:List*", + "neptune-graph:Read*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowReadOnlyPermissionsForNeptuneGraph" + }, + { + "Action":[ + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeAvailabilityZones" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowReadOnlyPermissionsForEC2" + }, + { + "Action":[ + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowReadOnlyPermissionsForKMS" + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowReadOnlyPermissionsForCloudwatch" + }, + { + "Action":[ + "logs:DescribeLogStreams", + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" + ], + "Sid":"AllowReadOnlyPermissionsForLogs" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-30T07:32:17+00:00" + }, "NeptuneReadOnlyAccess":{ "CreateDate":"2018-05-30T19:16:37+00:00", "DefaultVersionId":"v2", @@ -59357,9 +82040,83 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2021-09-16T20:22:54+00:00" }, + "OAMFullAccess":{ + "CreateDate":"2022-11-27T13:38:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "oam:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-27T13:38:29+00:00" + }, + "OAMReadOnlyAccess":{ + "CreateDate":"2022-11-27T13:29:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "oam:Get*", + "oam:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-27T13:29:39+00:00" + }, + "PartnerCentralAccountManagementUserRoleAssociation":{ + "CreateDate":"2023-11-10T02:03:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"partnercentral-account-management.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/PartnerCentralRoleFor*", + "Sid":"PassPartnerCentralRole" + }, + { + "Action":[ + "iam:ListRoles", + "partnercentral-account-management:AssociatePartnerUser", + "partnercentral-account-management:DisassociatePartnerUser" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"PartnerUserRoleAssociation" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-11-10T02:03:40+00:00" + }, "PowerUserAccess":{ "CreateDate":"2015-02-06T18:39:47+00:00", - "DefaultVersionId":"v4", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -59377,7 +82134,8 @@ aws_managed_policies_data = """ "iam:DeleteServiceLinkedRole", "iam:ListRoles", "organizations:DescribeOrganization", - "account:ListRegions" + "account:ListRegions", + "account:GetAccountInformation" ], "Effect":"Allow", "Resource":"*" @@ -59387,7 +82145,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-03-20T22:19:03+00:00" + "UpdateDate":"2023-07-06T22:04:00+00:00" }, "QuickSightAccessForS3StorageManagementAnalyticsReadOnly":{ "CreateDate":"2017-06-12T18:18:38+00:00", @@ -59444,9 +82202,1002 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2019-09-26T22:14:29+00:00" }, + "ROSAAmazonEBSCSIDriverOperatorPolicy":{ + "CreateDate":"2023-04-20T22:36:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "ec2:DescribeVolumesModifications" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AttachVolume", + "ec2:DetachVolume" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":[ + "ec2:DeleteVolume", + "ec2:ModifyVolume" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":[ + "ec2:CreateVolume" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"CreateSnapshotResourceTag" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:snapshot/*" + ], + "Sid":"CreateSnapshotRequestTag" + }, + { + "Action":[ + "ec2:DeleteSnapshot" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:snapshot/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateVolume", + "CreateSnapshot" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-20T22:36:00+00:00" + }, + "ROSACloudNetworkConfigOperatorPolicy":{ + "CreateDate":"2023-04-20T22:34:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceTypes", + "ec2:DescribeSubnets", + "ec2:DescribeNetworkInterfaces" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeNetworkResources" + }, + { + "Action":[ + "ec2:UnassignPrivateIpAddresses", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignIpv6Addresses", + "ec2:AssignIpv6Addresses" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"ModifyEIPs" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-20T22:34:36+00:00" + }, + "ROSAControlPlaneOperatorPolicy":{ + "CreateDate":"2023-04-24T23:02:49+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "route53:ListHostedZones" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ReadPermissions" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group*/*" + ], + "Sid":"CreateSecurityGroups" + }, + { + "Action":[ + "ec2:DeleteSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group*/*" + ], + "Sid":"DeleteSecurityGroup" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group*/*" + ], + "Sid":"SecurityGroupIngressEgress" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*" + ], + "Sid":"CreateSecurityGroupsVPCNoCondition" + }, + { + "Action":[ + "route53:ListResourceRecordSets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ListResourceRecordSets" + }, + { + "Action":[ + "route53:ChangeResourceRecordSets" + ], + "Condition":{ + "ForAllValues:StringLike":{ + "route53:ChangeResourceRecordSetsNormalizedRecordNames":[ + "*.hypershift.local" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ChangeResourceRecordSetsRestrictedRecordNames" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc-endpoint/*" + ], + "Sid":"VPCEndpointWithCondition" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group*/*" + ], + "Sid":"VPCEndpointResourceTagCondition" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:route-table/*" + ], + "Sid":"VPCEndpointNoCondition" + }, + { + "Action":[ + "ec2:ModifyVpcEndpoint", + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc-endpoint/*" + ], + "Sid":"ManageVPCEndpointWithCondition" + }, + { + "Action":[ + "ec2:ModifyVpcEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*" + ], + "Sid":"ModifyVPCEndpoingNoCondition" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateVpcEndpoint", + "CreateSecurityGroup" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc-endpoint/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"CreateTagsRestrictedActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-30T21:12:32+00:00" + }, + "ROSAImageRegistryOperatorPolicy":{ + "CreateDate":"2023-04-27T20:13:18+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:ListBucket", + "s3:ListBucketMultipartUploads" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListBuckets" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:GetBucketTagging", + "s3:GetBucketPublicAccessBlock", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetBucketLocation", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketTagging", + "s3:PutEncryptionConfiguration", + "s3:PutLifecycleConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*-image-registry-${aws:RequestedRegion}-*", + "arn:aws:s3:::*-image-registry-${aws:RequestedRegion}" + ], + "Sid":"AllowSpecificBucketActions" + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:DeleteObject", + "s3:GetObject", + "s3:ListMultipartUploadParts", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*-image-registry-${aws:RequestedRegion}-*/*", + "arn:aws:s3:::*-image-registry-${aws:RequestedRegion}/*" + ], + "Sid":"AllowSpecificObjectActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-12-12T19:53:12+00:00" + }, + "ROSAIngressOperatorPolicy":{ + "CreateDate":"2023-04-20T22:37:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticloadbalancing:DescribeLoadBalancers", + "route53:ListHostedZones", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "route53:ChangeResourceRecordSets" + ], + "Condition":{ + "ForAllValues:StringLike":{ + "route53:ChangeResourceRecordSetsNormalizedRecordNames":[ + "*.openshiftapps.com", + "*.devshift.org", + "*.openshiftusgov.com", + "*.devshiftusgov.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-20T22:37:08+00:00" + }, + "ROSAInstallerPolicy":{ + "CreateDate":"2023-06-06T21:00:31+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeRegions", + "ec2:DescribeReservedInstancesOfferings", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSecurityGroupRules", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:DescribeInstanceTypeOfferings", + "elasticloadbalancing:DescribeAccountLimits", + "elasticloadbalancing:DescribeLoadBalancers", + "iam:GetRole", + "route53:ListHostedZones", + "route53:ListResourceRecordSets", + "route53:GetAccountLimit", + "servicequotas:GetServiceQuota" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ReadPermissions" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:iam::*:role/*-ROSA-Worker-Role" + ], + "Sid":"PassRoleToEC2" + }, + { + "Action":[ + "iam:AddRoleToInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:GetInstanceProfile" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:instance-profile/rosa-service-managed-*" + ], + "Sid":"ManageInstanceProfiles" + }, + { + "Action":[ + "iam:CreateInstanceProfile", + "iam:TagInstanceProfile" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:instance-profile/rosa-service-managed-*" + ], + "Sid":"CreateInstanceProfiles" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"GetSecretValue" + }, + { + "Action":[ + "route53:ChangeResourceRecordSets" + ], + "Condition":{ + "ForAllValues:StringLike":{ + "route53:ChangeResourceRecordSetsNormalizedRecordNames":[ + "*.openshiftapps.com", + "*.devshift.org", + "*.hypershift.local", + "*.openshiftusgov.com", + "*.devshiftusgov.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Route53ManageRecords" + }, + { + "Action":[ + "route53:ChangeTagsForResource", + "route53:CreateHostedZone", + "route53:DeleteHostedZone" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Route53Manage" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "RunInstances" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"CreateTags" + }, + { + "Action":"ec2:RunInstances", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:snapshot/*" + ], + "Sid":"RunInstancesNoCondition" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"RunInstancesRestrictedRequestTag" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "StringEquals":{ + "ec2:Owner":[ + "531415883065", + "251351625822", + "210686502322" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:image/*" + ], + "Sid":"RunInstancesRedHatOwnedAMIs" + }, + { + "Action":[ + "ec2:TerminateInstances", + "ec2:GetConsoleOutput" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ManageInstancesRestrictedResourceTag" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":true + }, + "StringEquals":{ + "aws:ResourceTag/red-hat":"true" + }, + "StringLike":{ + "kms:ViaService":"ec2.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CreateGrantRestrictedResourceTag" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ManagedKMSRestrictedResourceTag" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group*/*" + ], + "Sid":"CreateSecurityGroups" + }, + { + "Action":[ + "ec2:DeleteSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group*/*" + ], + "Sid":"DeleteSecurityGroup" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group*/*" + ], + "Sid":"SecurityGroupIngressEgress" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*" + ], + "Sid":"CreateSecurityGroupsVPCNoCondition" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateSecurityGroup" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"CreateTagsRestrictedActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-06T21:00:31+00:00" + }, + "ROSAKMSProviderPolicy":{ + "CreateDate":"2023-04-27T20:10:20+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kms:Encrypt", + "kms:Decrypt", + "kms:DescribeKey" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"VolumeEncryption" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-27T20:10:20+00:00" + }, + "ROSAKubeControllerPolicy":{ + "CreateDate":"2023-04-27T20:09:29+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeLoadBalancerPolicies" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ReadPermissions" + }, + { + "Action":[ + "kms:DescribeKey" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"KMSDescribeKey" + }, + { + "Action":[ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:CreateLoadBalancerPolicy", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"LoadBalanacerManagement" + }, + { + "Action":[ + "elasticloadbalancing:CreateTargetGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"CreateTargetGroup" + }, + { + "Action":[ + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:CreateLoadBalancerListeners", + "elasticloadbalancing:DeleteLoadBalancerListeners", + "elasticloadbalancing:AttachLoadBalancerToSubnets", + "elasticloadbalancing:DetachLoadBalancerFromSubnets", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"LoadBalanacerManagementResourceTag" + }, + { + "Action":[ + "elasticloadbalancing:CreateListener" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true", + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"CreateListeners" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"CreateSecurityGroup" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*" + ], + "Sid":"CreateSecurityGroupVpc" + }, + { + "Action":[ + "elasticloadbalancing:CreateLoadBalancer" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" + ], + "Sid":"CreateLoadBalancer" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"ModifySecurityGroup" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateSecurityGroup" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"CreateTagsSecurityGroups" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-10-16T18:17:05+00:00" + }, "ROSAManageSubscription":{ "CreateDate":"2022-04-11T20:58:08+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { @@ -59457,7 +83208,8 @@ aws_managed_policies_data = """ "Condition":{ "ForAnyValue:StringEquals":{ "aws-marketplace:ProductId":[ - "34850061-abaf-402d-92df-94325c9e947f" + "34850061-abaf-402d-92df-94325c9e947f", + "bfdca560-2c78-4e64-8193-794c159e6d30" ] } }, @@ -59476,11 +83228,490 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-04-11T20:58:08+00:00" + "UpdateDate":"2023-08-04T19:59:14+00:00" + }, + "ROSANodePoolManagementPolicy":{ + "CreateDate":"2023-06-08T20:48:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ReadPermissions" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing" + ], + "Sid":"CreateServiceLinkedRole" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:iam::*:role/*-ROSA-Worker-Role" + ], + "Sid":"PassWorkerRole" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:security-group-rule/*" + ], + "Sid":"AuthorizeSecurityGroupIngressRestrictedResourceTag" + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"NetworkInterfaces" + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:vpc/*" + ], + "Sid":"NetworkInterfacesNoCondition" + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"TerminateInstances" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "RunInstances" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"CreateTags" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"CreateTagsCAPAControllerReconcileInstance" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"CreateTagsCAPAControllerReconcileVolume" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"RunInstancesRequest" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"RunInstancesNoCondition" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "StringEquals":{ + "ec2:Owner":[ + "531415883065", + "251351625822" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:image/*" + ], + "Sid":"RunInstancesRedHatAMI" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/red-hat":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ManagedKMSRestrictedResourceTag" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":true + }, + "StringEquals":{ + "aws:ResourceTag/red-hat":"true" + }, + "StringLike":{ + "kms:ViaService":"ec2.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CreateGrantRestricted" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-08T20:48:08+00:00" + }, + "ROSASRESupportPolicy":{ + "CreateDate":"2023-06-01T14:36:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAvailabilityZones", + "ec2:DescribeRegions", + "sts:DecodeAuthorizationMessage" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ReadPermissions" + }, + { + "Action":[ + "route53:GetHostedZone", + "route53:GetHostedZoneCount", + "route53:ListHostedZones", + "route53:ListHostedZonesByName", + "route53:ListResourceRecordSets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"Route53" + }, + { + "Action":[ + "iam:GetRole", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DecribeIAMRoles" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeIamInstanceProfileAssociations", + "ec2:DescribeReservedInstances", + "ec2:DescribeScheduledInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"EC2DescribeInstance" + }, + { + "Action":[ + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"VPCNetwork" + }, + { + "Action":[ + "cloudtrail:DescribeTrails", + "cloudtrail:LookupEvents" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"Cloudtrail" + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"Cloudwatch" + }, + { + "Action":[ + "ec2:DescribeVolumes", + "ec2:DescribeVolumesModifications", + "ec2:DescribeVolumeStatus" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DescribeVolumes" + }, + { + "Action":[ + "elasticloadbalancing:DescribeAccountLimits", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DescribeLoadBalancers" + }, + { + "Action":[ + "ec2:DescribeVpcEndpointConnections", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DescribeVPC" + }, + { + "Action":[ + "ec2:DescribeSecurityGroupReferences", + "ec2:DescribeSecurityGroupRules", + "ec2:DescribeSecurityGroups", + "ec2:DescribeStaleSecurityGroups" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group*/*", + "Sid":"DescribeSecurityGroups" + }, + { + "Action":"ec2:DescribeAddressesAttribute", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:elastic-ip/*", + "Sid":"DescribeAddressesAttribute" + }, + { + "Action":[ + "iam:GetInstanceProfile" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"DescribeInstance" + }, + { + "Action":"ec2:DescribeSpotFleetInstances", + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:spot-fleet-request/*", + "Sid":"DescribeSpotFleetInstances" + }, + { + "Action":"ec2:DescribeVolumeAttribute", + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"DescribeVolumeAttribute" + }, + { + "Action":[ + "ec2:RebootInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/red-hat-managed":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ManageInstanceLifecycle" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-06-01T14:36:06+00:00" + }, + "ROSAWorkerInstancePolicy":{ + "CreateDate":"2023-04-20T22:35:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeRegions" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Ec2ReadOnly" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-04-20T22:35:32+00:00" }, "ReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:48+00:00", - "DefaultVersionId":"v90", + "DefaultVersionId":"v110", "Document":{ "Statement":[ { @@ -59503,7 +83734,12 @@ aws_managed_policies_data = """ "access-analyzer:ListPolicyGenerations", "access-analyzer:ListTagsForResource", "access-analyzer:ValidatePolicy", + "account:GetAccountInformation", "account:GetAlternateContact", + "account:GetChallengeQuestions", + "account:GetContactInformation", + "account:GetRegionOptStatus", + "account:ListRegions", "acm-pca:Describe*", "acm-pca:Get*", "acm-pca:List*", @@ -59520,6 +83756,19 @@ aws_managed_policies_data = """ "amplify:ListBranches", "amplify:ListDomainAssociations", "amplify:ListJobs", + "aoss:BatchGetCollection", + "aoss:BatchGetVpcEndpoint", + "aoss:GetAccessPolicy", + "aoss:GetAccountSettings", + "aoss:GetPoliciesStats", + "aoss:GetSecurityConfig", + "aoss:GetSecurityPolicy", + "aoss:ListAccessPolicies", + "aoss:ListCollections", + "aoss:ListSecurityConfigs", + "aoss:ListSecurityPolicies", + "aoss:ListTagsForResource", + "aoss:ListVpcEndpoints", "apigateway:GET", "appconfig:GetApplication", "appconfig:GetConfiguration", @@ -59535,26 +83784,55 @@ aws_managed_policies_data = """ "appconfig:ListEnvironments", "appconfig:ListHostedConfigurationVersions", "appconfig:ListTagsForResource", + "appfabric:GetAppAuthorization", + "appfabric:GetAppBundle", + "appfabric:GetIngestion", + "appfabric:GetIngestionDestination", + "appfabric:ListAppAuthorizations", + "appfabric:ListAppBundles", + "appfabric:ListIngestionDestinations", + "appfabric:ListIngestions", + "appfabric:ListTagsForResource", + "appflow:DescribeConnector", "appflow:DescribeConnectorEntity", "appflow:DescribeConnectorFields", "appflow:DescribeConnectorProfiles", "appflow:DescribeConnectors", + "appflow:DescribeFlow", "appflow:DescribeFlowExecution", + "appflow:DescribeFlowExecutionRecords", "appflow:DescribeFlows", "appflow:ListConnectorEntities", "appflow:ListConnectorFields", + "appflow:ListConnectors", "appflow:ListFlows", "appflow:ListTagsForResource", "application-autoscaling:Describe*", + "application-autoscaling:ListTagsForResource", "applicationinsights:Describe*", "applicationinsights:List*", "appmesh:Describe*", "appmesh:List*", + "apprunner:DescribeAutoScalingConfiguration", + "apprunner:DescribeCustomDomains", + "apprunner:DescribeObservabilityConfiguration", + "apprunner:DescribeService", + "apprunner:DescribeVpcConnector", + "apprunner:DescribeVpcIngressConnection", + "apprunner:ListAutoScalingConfigurations", + "apprunner:ListConnections", + "apprunner:ListObservabilityConfigurations", + "apprunner:ListOperations", + "apprunner:ListServices", + "apprunner:ListTagsForResource", + "apprunner:ListVpcConnectors", + "apprunner:ListVpcIngressConnections", "appstream:Describe*", "appstream:List*", "appsync:Get*", "appsync:List*", "aps:DescribeAlertManagerDefinition", + "aps:DescribeLoggingConfiguration", "aps:DescribeRuleGroupsNamespace", "aps:DescribeWorkspace", "aps:GetAlertManagerSilence", @@ -59572,6 +83850,13 @@ aws_managed_policies_data = """ "aps:ListTagsForResource", "aps:ListWorkspaces", "aps:QueryMetrics", + "arc-zonal-shift:GetManagedResource", + "arc-zonal-shift:ListManagedResources", + "arc-zonal-shift:ListZonalShifts", + "artifact:GetReport", + "artifact:GetReportMetadata", + "artifact:GetTermForReport", + "artifact:ListReports", "athena:Batch*", "athena:Get*", "athena:List*", @@ -59603,6 +83888,11 @@ aws_managed_policies_data = """ "autoscaling:Describe*", "autoscaling:GetPredictiveScalingForecast", "aws-portal:View*", + "backup-gateway:GetBandwidthRateLimitSchedule", + "backup-gateway:GetGateway", + "backup-gateway:GetHypervisor", + "backup-gateway:GetHypervisorPropertyMappings", + "backup-gateway:GetVirtualMachine", "backup-gateway:ListGateways", "backup-gateway:ListHypervisors", "backup-gateway:ListTagsForResource", @@ -59612,10 +83902,48 @@ aws_managed_policies_data = """ "backup:List*", "batch:Describe*", "batch:List*", + "bedrock:GetAgent", + "bedrock:GetAgentActionGroup", + "bedrock:GetAgentAlias", + "bedrock:GetAgentKnowledgeBase", + "bedrock:GetAgentVersion", + "bedrock:GetCustomModel", + "bedrock:GetDataSource", + "bedrock:GetFoundationModel", + "bedrock:GetFoundationModelAvailability", + "bedrock:GetIngestionJob", + "bedrock:GetKnowledgeBase", + "bedrock:GetModelCustomizationJob", + "bedrock:GetModelInvocationLoggingConfiguration", + "bedrock:GetProvisionedModelThroughput", + "bedrock:GetUseCaseForModelAccess", + "bedrock:ListAgentActionGroups", + "bedrock:ListAgentAliases", + "bedrock:ListAgentKnowledgeBases", + "bedrock:ListAgents", + "bedrock:ListAgentVersions", + "bedrock:ListCustomModels", + "bedrock:ListDataSources", + "bedrock:ListFoundationModelAgreementOffers", + "bedrock:ListFoundationModels", + "bedrock:ListIngestionJobs", + "bedrock:ListKnowledgeBases", + "bedrock:ListModelCustomizationJobs", + "bedrock:ListProvisionedModelThroughputs", + "billing:GetBillingData", + "billing:GetBillingDetails", + "billing:GetBillingNotifications", + "billing:GetBillingPreferences", + "billing:GetContractInformation", + "billing:GetCredits", + "billing:GetIAMAccessPreference", + "billing:GetSellerOfRecord", + "billing:ListBillingViews", "billingconductor:ListAccountAssociations", "billingconductor:ListBillingGroupCostReports", "billingconductor:ListBillingGroups", "billingconductor:ListCustomLineItems", + "billingconductor:ListCustomLineItemVersions", "billingconductor:ListPricingPlans", "billingconductor:ListPricingPlansAssociatedWithPricingRule", "billingconductor:ListPricingRules", @@ -59623,8 +83951,10 @@ aws_managed_policies_data = """ "billingconductor:ListResourcesAssociatedToCustomLineItem", "billingconductor:ListTagsForResource", "braket:GetDevice", + "braket:GetJob", "braket:GetQuantumTask", "braket:SearchDevices", + "braket:SearchJobs", "braket:SearchQuantumTasks", "budgets:Describe*", "budgets:View*", @@ -59635,6 +83965,7 @@ aws_managed_policies_data = """ "ce:GetAnomalies", "ce:GetAnomalyMonitors", "ce:GetAnomalySubscriptions", + "ce:GetApproximateUsageRecords", "ce:GetCostAndUsage", "ce:GetCostAndUsageWithResources", "ce:GetCostCategories", @@ -59645,21 +83976,49 @@ aws_managed_policies_data = """ "ce:GetReservationPurchaseRecommendation", "ce:GetReservationUtilization", "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlanPurchaseRecommendationDetails", "ce:GetSavingsPlansCoverage", "ce:GetSavingsPlansPurchaseRecommendation", "ce:GetSavingsPlansUtilization", "ce:GetSavingsPlansUtilizationDetails", "ce:GetTags", "ce:GetUsageForecast", + "ce:ListCostAllocationTags", "ce:ListCostCategoryDefinitions", + "ce:ListSavingsPlansPurchaseRecommendationGeneration", "ce:ListTagsForResource", "chatbot:Describe*", "chatbot:Get*", + "chatbot:ListMicrosoftTeamsChannelConfigurations", + "chatbot:ListMicrosoftTeamsConfiguredTeams", + "chatbot:ListMicrosoftTeamsUserIdentities", "chime:Get*", "chime:List*", "chime:Retrieve*", "chime:Search*", "chime:Validate*", + "cleanrooms:BatchGetCollaborationAnalysisTemplate", + "cleanrooms:BatchGetSchema", + "cleanrooms:GetAnalysisTemplate", + "cleanrooms:GetCollaboration", + "cleanrooms:GetCollaborationAnalysisTemplate", + "cleanrooms:GetConfiguredTable", + "cleanrooms:GetConfiguredTableAnalysisRule", + "cleanrooms:GetConfiguredTableAssociation", + "cleanrooms:GetMembership", + "cleanrooms:GetProtectedQuery", + "cleanrooms:GetSchema", + "cleanrooms:GetSchemaAnalysisRule", + "cleanrooms:ListAnalysisTemplates", + "cleanrooms:ListCollaborationAnalysisTemplates", + "cleanrooms:ListCollaborations", + "cleanrooms:ListConfiguredTableAssociations", + "cleanrooms:ListConfiguredTables", + "cleanrooms:ListMembers", + "cleanrooms:ListMemberships", + "cleanrooms:ListProtectedQueries", + "cleanrooms:ListSchemas", + "cleanrooms:ListTagsForResource", "cloud9:Describe*", "cloud9:List*", "clouddirectory:BatchRead", @@ -59671,11 +84030,11 @@ aws_managed_policies_data = """ "cloudformation:Estimate*", "cloudformation:Get*", "cloudformation:List*", + "cloudformation:ValidateTemplate", "cloudfront:DescribeFunction", "cloudfront:Get*", "cloudfront:List*", "cloudhsm:Describe*", - "cloudhsm:Get*", "cloudhsm:List*", "cloudsearch:Describe*", "cloudsearch:List*", @@ -59684,6 +84043,7 @@ aws_managed_policies_data = """ "cloudtrail:List*", "cloudtrail:LookupEvents", "cloudwatch:Describe*", + "cloudwatch:GenerateQuery", "cloudwatch:Get*", "cloudwatch:List*", "codeartifact:DescribeDomain", @@ -59709,6 +84069,12 @@ aws_managed_policies_data = """ "codebuild:DescribeCodeCoverages", "codebuild:DescribeTestCases", "codebuild:List*", + "codecatalyst:GetBillingAuthorization", + "codecatalyst:GetConnection", + "codecatalyst:GetPendingConnection", + "codecatalyst:ListConnections", + "codecatalyst:ListIamRolesForConnection", + "codecatalyst:ListTagsForResource", "codecommit:BatchGet*", "codecommit:Describe*", "codecommit:Get*", @@ -59727,8 +84093,15 @@ aws_managed_policies_data = """ "codepipeline:List*", "codestar-connections:GetConnection", "codestar-connections:GetHost", + "codestar-connections:GetRepositoryLink", + "codestar-connections:GetRepositorySyncStatus", + "codestar-connections:GetResourceSyncStatus", + "codestar-connections:GetSyncConfiguration", "codestar-connections:ListConnections", "codestar-connections:ListHosts", + "codestar-connections:ListRepositoryLinks", + "codestar-connections:ListRepositorySyncDefinitions", + "codestar-connections:ListSyncConfigurations", "codestar-connections:ListTagsForResource", "codestar-notifications:describeNotificationRule", "codestar-notifications:listEventTypes", @@ -59741,7 +84114,10 @@ aws_managed_policies_data = """ "codestar:Verify*", "cognito-identity:Describe*", "cognito-identity:GetCredentialsForIdentity", + "cognito-identity:GetIdentityPoolAnalytics", + "cognito-identity:GetIdentityPoolDailyAnalytics", "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:GetIdentityProviderDailyAnalytics", "cognito-identity:GetOpenIdToken", "cognito-identity:GetOpenIdTokenForDeveloperIdentity", "cognito-identity:List*", @@ -59766,9 +84142,14 @@ aws_managed_policies_data = """ "compute-optimizer:GetEBSVolumeRecommendations", "compute-optimizer:GetEC2InstanceRecommendations", "compute-optimizer:GetEC2RecommendationProjectedMetrics", + "compute-optimizer:GetECSServiceRecommendationProjectedMetrics", + "compute-optimizer:GetECSServiceRecommendations", + "compute-optimizer:GetEffectiveRecommendationPreferences", "compute-optimizer:GetEnrollmentStatus", "compute-optimizer:GetEnrollmentStatusesForOrganization", "compute-optimizer:GetLambdaFunctionRecommendations", + "compute-optimizer:GetLicenseRecommendations", + "compute-optimizer:GetRecommendationPreferences", "compute-optimizer:GetRecommendationSummaries", "config:BatchGetAggregateResourceConfig", "config:BatchGetResourceConfig", @@ -59779,8 +84160,29 @@ aws_managed_policies_data = """ "config:SelectAggregateResourceConfig", "config:SelectResourceConfig", "connect:Describe*", + "connect:GetContactAttributes", + "connect:GetCurrentMetricData", + "connect:GetCurrentUserData", "connect:GetFederationToken", + "connect:GetMetricData", + "connect:GetMetricDataV2", + "connect:GetTaskTemplate", + "connect:GetTrafficDistribution", "connect:List*", + "consoleapp:GetDeviceIdentity", + "consoleapp:ListDeviceIdentities", + "consolidatedbilling:GetAccountBillingRole", + "consolidatedbilling:ListLinkedAccounts", + "cost-optimization-hub:GetPreferences", + "cost-optimization-hub:GetRecommendation", + "cost-optimization-hub:ListEnrollmentStatuses", + "cost-optimization-hub:ListRecommendations", + "cost-optimization-hub:ListRecommendationSummaries", + "cur:GetClassicReport", + "cur:GetClassicReportPreferences", + "cur:GetUsageReport", + "customer-verification:GetCustomerVerificationDetails", + "customer-verification:GetCustomerVerificationEligibility", "databrew:DescribeDataset", "databrew:DescribeJob", "databrew:DescribeJobRun", @@ -59833,14 +84235,20 @@ aws_managed_policies_data = """ "devops-guru:DescribeEventSourcesConfig", "devops-guru:DescribeFeedback", "devops-guru:DescribeInsight", + "devops-guru:DescribeOrganizationHealth", + "devops-guru:DescribeOrganizationOverview", + "devops-guru:DescribeOrganizationResourceCollectionHealth", "devops-guru:DescribeResourceCollectionHealth", "devops-guru:DescribeServiceIntegration", "devops-guru:GetCostEstimation", "devops-guru:GetResourceCollection", "devops-guru:ListAnomaliesForInsight", + "devops-guru:ListAnomalousLogGroups", "devops-guru:ListEvents", "devops-guru:ListInsights", + "devops-guru:ListMonitoredResources", "devops-guru:ListNotificationChannels", + "devops-guru:ListOrganizationInsights", "devops-guru:ListRecommendations", "devops-guru:SearchInsights", "devops-guru:StartCostEstimation", @@ -59854,14 +84262,17 @@ aws_managed_policies_data = """ "dms:Test*", "drs:DescribeJobLogItems", "drs:DescribeJobs", + "drs:DescribeLaunchConfigurationTemplates", "drs:DescribeRecoveryInstances", "drs:DescribeRecoverySnapshots", "drs:DescribeReplicationConfigurationTemplates", + "drs:DescribeSourceNetworks", "drs:DescribeSourceServers", "drs:GetFailbackReplicationConfiguration", "drs:GetLaunchConfiguration", "drs:GetReplicationConfiguration", "drs:ListExtensibleSourceServers", + "drs:ListLaunchActions", "drs:ListStagingAccounts", "drs:ListTagsForResource", "ds:Check*", @@ -59873,10 +84284,12 @@ aws_managed_policies_data = """ "dynamodb:Describe*", "dynamodb:Get*", "dynamodb:List*", + "dynamodb:PartiQLSelect", "dynamodb:Query", "dynamodb:Scan", "ec2:Describe*", "ec2:Get*", + "ec2:ListImagesInRecycleBin", "ec2:ListSnapshotsInRecycleBin", "ec2:SearchLocalGatewayRoutes", "ec2:SearchTransitGatewayRoutes", @@ -59913,6 +84326,7 @@ aws_managed_policies_data = """ "elasticbeanstalk:Retrieve*", "elasticbeanstalk:Validate*", "elasticfilesystem:Describe*", + "elasticfilesystem:ListTagsForResource", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:GetBlockPublicAccessConfiguration", @@ -59929,6 +84343,12 @@ aws_managed_policies_data = """ "emr-containers:ListManagedEndpoints", "emr-containers:ListTagsForResource", "emr-containers:ListVirtualClusters", + "emr-serverless:GetApplication", + "emr-serverless:GetDashboardForJobRun", + "emr-serverless:GetJobRun", + "emr-serverless:ListApplications", + "emr-serverless:ListJobRuns", + "emr-serverless:ListTagsForResource", "es:Describe*", "es:ESHttpGet", "es:ESHttpHead", @@ -59937,16 +84357,35 @@ aws_managed_policies_data = """ "events:Describe*", "events:List*", "events:Test*", + "evidently:GetExperiment", + "evidently:GetExperimentResults", + "evidently:GetFeature", + "evidently:GetLaunch", + "evidently:GetProject", + "evidently:GetSegment", + "evidently:ListExperiments", + "evidently:ListFeatures", + "evidently:ListLaunches", + "evidently:ListProjects", + "evidently:ListSegmentReferences", + "evidently:ListSegments", + "evidently:ListTagsForResource", + "evidently:TestSegmentPattern", "firehose:Describe*", "firehose:List*", "fis:GetAction", "fis:GetExperiment", + "fis:GetExperimentTargetAccountConfiguration", "fis:GetExperimentTemplate", + "fis:GetTargetAccountConfiguration", "fis:GetTargetResourceType", "fis:ListActions", + "fis:ListExperimentResolvedTargets", "fis:ListExperiments", + "fis:ListExperimentTargetAccountConfigurations", "fis:ListExperimentTemplates", "fis:ListTagsForResource", + "fis:ListTargetAccountConfigurations", "fis:ListTargetResourceTypes", "fms:GetAdminAccount", "fms:GetAppsList", @@ -59973,6 +84412,9 @@ aws_managed_policies_data = """ "forecast:DescribeMonitor", "forecast:DescribePredictor", "forecast:DescribePredictorBacktestExportJob", + "forecast:DescribeWhatIfAnalysis", + "forecast:DescribeWhatIfForecast", + "forecast:DescribeWhatIfForecastExport", "forecast:GetAccuracyMetrics", "forecast:ListDatasetGroups", "forecast:ListDatasetImportJobs", @@ -59985,7 +84427,11 @@ aws_managed_policies_data = """ "forecast:ListMonitors", "forecast:ListPredictorBacktestExportJobs", "forecast:ListPredictors", + "forecast:ListWhatIfAnalyses", + "forecast:ListWhatIfForecastExports", + "forecast:ListWhatIfForecasts", "forecast:QueryForecast", + "forecast:QueryWhatIfForecast", "frauddetector:BatchGetVariable", "frauddetector:DescribeDetector", "frauddetector:DescribeModelVersions", @@ -60001,6 +84447,8 @@ aws_managed_policies_data = """ "frauddetector:GetExternalModels", "frauddetector:GetKMSEncryptionKey", "frauddetector:GetLabels", + "frauddetector:GetListElements", + "frauddetector:GetListsMetadata", "frauddetector:GetModels", "frauddetector:GetModelVersion", "frauddetector:GetOutcomes", @@ -60010,6 +84458,8 @@ aws_managed_policies_data = """ "frauddetector:ListTagsForResource", "freertos:Describe*", "freertos:List*", + "freetier:GetFreeTierAlertPreference", + "freetier:GetFreeTierUsage", "fsx:Describe*", "fsx:List*", "gamelift:Describe*", @@ -60017,28 +84467,12 @@ aws_managed_policies_data = """ "gamelift:List*", "gamelift:ResolveAlias", "gamelift:Search*", - "gamesparks:GetExtension", - "gamesparks:GetExtensionVersion", - "gamesparks:GetGame", - "gamesparks:GetGameConfiguration", - "gamesparks:GetGeneratedCodeJob", - "gamesparks:GetPlayerConnectionStatus", - "gamesparks:GetSnapshot", - "gamesparks:GetStage", - "gamesparks:GetStageDeployment", - "gamesparks:ListExtensions", - "gamesparks:ListExtensionVersions", - "gamesparks:ListGames", - "gamesparks:ListGeneratedCodeJobs", - "gamesparks:ListSnapshots", - "gamesparks:ListStageDeployments", - "gamesparks:ListStages", - "gamesparks:ListTagsForResource", "glacier:Describe*", "glacier:Get*", "glacier:List*", "globalaccelerator:Describe*", "globalaccelerator:List*", + "glue:BatchGetCrawlers", "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetPartition", @@ -60092,6 +84526,7 @@ aws_managed_policies_data = """ "glue:GetWorkflowRunProperties", "glue:GetWorkflowRuns", "glue:ListCrawlers", + "glue:ListCrawls", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListMLTransforms", @@ -60102,6 +84537,12 @@ aws_managed_policies_data = """ "glue:ListWorkflows", "glue:QuerySchemaVersionMetadata", "glue:SearchTables", + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:DescribeWorkspaceConfiguration", + "grafana:ListPermissions", + "grafana:ListTagsForResource", + "grafana:ListVersions", "grafana:ListWorkspaces", "greengrass:DescribeComponent", "greengrass:Get*", @@ -60123,6 +84564,17 @@ aws_managed_policies_data = """ "guardduty:Get*", "guardduty:List*", "health:Describe*", + "healthlake:DescribeFHIRDatastore", + "healthlake:DescribeFHIRExportJob", + "healthlake:DescribeFHIRImportJob", + "healthlake:GetCapabilities", + "healthlake:ListFHIRDatastores", + "healthlake:ListFHIRExportJobs", + "healthlake:ListFHIRImportJobs", + "healthlake:ListTagsForResource", + "healthlake:ReadResource", + "healthlake:SearchWithGet", + "healthlake:SearchWithPost", "iam:Generate*", "iam:Get*", "iam:List*", @@ -60130,6 +84582,19 @@ aws_managed_policies_data = """ "identity-sync:GetSyncProfile", "identity-sync:GetSyncTarget", "identity-sync:ListSyncFilters", + "identitystore-auth:BatchGetSession", + "identitystore-auth:ListSessions", + "identitystore:DescribeGroup", + "identitystore:DescribeGroupMembership", + "identitystore:DescribeUser", + "identitystore:GetGroupId", + "identitystore:GetGroupMembershipId", + "identitystore:GetUserId", + "identitystore:IsMemberInGroups", + "identitystore:ListGroupMemberships", + "identitystore:ListGroupMembershipsForMember", + "identitystore:ListGroups", + "identitystore:ListUsers", "imagebuilder:Get*", "imagebuilder:List*", "importexport:Get*", @@ -60154,6 +84619,14 @@ aws_managed_policies_data = """ "inspector2:ListMembers", "inspector2:ListTagsForResource", "inspector2:ListUsageTotals", + "internetmonitor:GetHealthEvent", + "internetmonitor:GetMonitor", + "internetmonitor:ListHealthEvents", + "internetmonitor:ListMonitors", + "internetmonitor:ListTagsForResource", + "invoicing:GetInvoiceEmailDeliveryPreferences", + "invoicing:GetInvoicePDF", + "invoicing:ListInvoiceSummaries", "iot:Describe*", "iot:Get*", "iot:List*", @@ -60187,22 +84660,34 @@ aws_managed_policies_data = """ "iotevents:ListTagsForResource", "iotfleethub:DescribeApplication", "iotfleethub:ListApplications", - "iotroborunner:GetAction", - "iotroborunner:GetActionTemplate", - "iotroborunner:GetActivity", + "iotfleetwise:GetCampaign", + "iotfleetwise:GetDecoderManifest", + "iotfleetwise:GetFleet", + "iotfleetwise:GetLoggingOptions", + "iotfleetwise:GetModelManifest", + "iotfleetwise:GetRegisterAccountStatus", + "iotfleetwise:GetSignalCatalog", + "iotfleetwise:GetVehicle", + "iotfleetwise:GetVehicleStatus", + "iotfleetwise:ListCampaigns", + "iotfleetwise:ListDecoderManifestNetworkInterfaces", + "iotfleetwise:ListDecoderManifests", + "iotfleetwise:ListDecoderManifestSignals", + "iotfleetwise:ListFleets", + "iotfleetwise:ListFleetsForVehicle", + "iotfleetwise:ListModelManifestNodes", + "iotfleetwise:ListModelManifests", + "iotfleetwise:ListSignalCatalogNodes", + "iotfleetwise:ListSignalCatalogs", + "iotfleetwise:ListTagsForResource", + "iotfleetwise:ListVehicles", + "iotfleetwise:ListVehiclesInFleet", "iotroborunner:GetDestination", - "iotroborunner:GetDestinationRelationship", "iotroborunner:GetSite", - "iotroborunner:GetTask", "iotroborunner:GetWorker", "iotroborunner:GetWorkerFleet", - "iotroborunner:ListActions", - "iotroborunner:ListActionTemplates", - "iotroborunner:ListActivities", - "iotroborunner:ListDestinationRelationships", "iotroborunner:ListDestinations", "iotroborunner:ListSites", - "iotroborunner:ListTasks", "iotroborunner:ListWorkerFleets", "iotroborunner:ListWorkers", "iotsitewise:Describe*", @@ -60210,10 +84695,23 @@ aws_managed_policies_data = """ "iotsitewise:List*", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", + "iotwireless:GetEventConfigurationByResourceTypes", + "iotwireless:GetFuotaTask", + "iotwireless:GetLogLevelsByResourceTypes", + "iotwireless:GetMulticastGroup", + "iotwireless:GetMulticastGroupSession", + "iotwireless:GetNetworkAnalyzerConfiguration", "iotwireless:GetPartnerAccount", + "iotwireless:GetPosition", + "iotwireless:GetPositionConfiguration", + "iotwireless:GetPositionEstimate", + "iotwireless:GetResourceEventConfiguration", + "iotwireless:GetResourceLogLevel", + "iotwireless:GetResourcePosition", "iotwireless:GetServiceEndpoint", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", + "iotwireless:GetWirelessDeviceImportTask", "iotwireless:GetWirelessDeviceStatistics", "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayCertificate", @@ -60223,9 +84721,18 @@ aws_managed_policies_data = """ "iotwireless:GetWirelessGatewayTaskDefinition", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", + "iotwireless:ListDevicesForWirelessDeviceImportTask", + "iotwireless:ListEventConfigurations", + "iotwireless:ListFuotaTasks", + "iotwireless:ListMulticastGroups", + "iotwireless:ListMulticastGroupsByFuotaTask", + "iotwireless:ListNetworkAnalyzerConfigurations", "iotwireless:ListPartnerAccounts", + "iotwireless:ListPositionConfigurations", + "iotwireless:ListQueuedMessages", "iotwireless:ListServiceProfiles", "iotwireless:ListTagsForResource", + "iotwireless:ListWirelessDeviceImportTasks", "iotwireless:ListWirelessDevices", "iotwireless:ListWirelessGateways", "iotwireless:ListWirelessGatewayTaskDefinitions", @@ -60240,12 +84747,29 @@ aws_managed_policies_data = """ "ivs:ListStreams", "ivs:ListStreamSessions", "ivs:ListTagsForResource", + "ivschat:GetLoggingConfiguration", "ivschat:GetRoom", + "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "kafka:Describe*", + "kafka:DescribeCluster", + "kafka:DescribeClusterOperation", + "kafka:DescribeClusterV2", + "kafka:DescribeConfiguration", + "kafka:DescribeConfigurationRevision", "kafka:Get*", + "kafka:GetBootstrapBrokers", + "kafka:GetCompatibleKafkaVersions", "kafka:List*", + "kafka:ListClusterOperations", + "kafka:ListClusters", + "kafka:ListClustersV2", + "kafka:ListConfigurationRevisions", + "kafka:ListConfigurations", + "kafka:ListKafkaVersions", + "kafka:ListNodes", + "kafka:ListTagsForResource", "kafkaconnect:DescribeConnector", "kafkaconnect:DescribeCustomPlugin", "kafkaconnect:DescribeWorkerConfiguration", @@ -60288,8 +84812,34 @@ aws_managed_policies_data = """ "kms:Describe*", "kms:Get*", "kms:List*", + "lakeformation:DescribeResource", + "lakeformation:GetDataCellsFilter", + "lakeformation:GetDataLakeSettings", + "lakeformation:GetEffectivePermissionsForPath", + "lakeformation:GetLfTag", + "lakeformation:GetResourceLfTags", + "lakeformation:ListDataCellsFilter", + "lakeformation:ListLfTags", + "lakeformation:ListPermissions", + "lakeformation:ListResources", + "lakeformation:ListTableStorageOptimizers", + "lakeformation:SearchDatabasesByLfTags", + "lakeformation:SearchTablesByLfTags", "lambda:Get*", "lambda:List*", + "launchwizard:DescribeAdditionalNode", + "launchwizard:DescribeProvisionedApp", + "launchwizard:DescribeProvisioningEvents", + "launchwizard:DescribeSettingsSet", + "launchwizard:GetInfrastructureSuggestion", + "launchwizard:GetIpAddress", + "launchwizard:GetResourceCostEstimate", + "launchwizard:GetWorkloadAssets", + "launchwizard:ListAdditionalNodes", + "launchwizard:ListProvisionedApps", + "launchwizard:ListSettingsSets", + "launchwizard:ListWorkloadDeploymentOptions", + "launchwizard:ListWorkloads", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotChannel", @@ -60379,10 +84929,37 @@ aws_managed_policies_data = """ "logs:Describe*", "logs:FilterLogEvents", "logs:Get*", + "logs:ListAnomalies", + "logs:ListLogAnomalyDetectors", + "logs:ListLogDeliveries", + "logs:ListTagsForResource", "logs:ListTagsLogGroup", + "logs:StartLiveTail", "logs:StartQuery", + "logs:StopLiveTail", "logs:StopQuery", "logs:TestMetricFilter", + "lookoutequipment:DescribeDataIngestionJob", + "lookoutequipment:DescribeDataset", + "lookoutequipment:DescribeInferenceScheduler", + "lookoutequipment:DescribeLabel", + "lookoutequipment:DescribeLabelGroup", + "lookoutequipment:DescribeModel", + "lookoutequipment:DescribeModelVersion", + "lookoutequipment:DescribeResourcePolicy", + "lookoutequipment:DescribeRetrainingScheduler", + "lookoutequipment:ListDataIngestionJobs", + "lookoutequipment:ListDatasets", + "lookoutequipment:ListInferenceEvents", + "lookoutequipment:ListInferenceExecutions", + "lookoutequipment:ListInferenceSchedulers", + "lookoutequipment:ListLabelGroups", + "lookoutequipment:ListLabels", + "lookoutequipment:ListModels", + "lookoutequipment:ListModelVersions", + "lookoutequipment:ListRetrainingSchedulers", + "lookoutequipment:ListSensorStatistics", + "lookoutequipment:ListTagsForResource", "lookoutmetrics:Describe*", "lookoutmetrics:Get*", "lookoutmetrics:List*", @@ -60395,6 +84972,23 @@ aws_managed_policies_data = """ "lookoutvision:ListModels", "lookoutvision:ListProjects", "lookoutvision:ListTagsForResource", + "m2:GetApplication", + "m2:GetApplicationVersion", + "m2:GetBatchJobExecution", + "m2:GetDataSetDetails", + "m2:GetDataSetImportTask", + "m2:GetDeployment", + "m2:GetEnvironment", + "m2:ListApplications", + "m2:ListApplicationVersions", + "m2:ListBatchJobDefinitions", + "m2:ListBatchJobExecutions", + "m2:ListDataSetImportHistory", + "m2:ListDataSets", + "m2:ListDeployments", + "m2:ListEngineVersions", + "m2:ListEnvironments", + "m2:ListTagsForResource", "machinelearning:Describe*", "machinelearning:Get*", "macie2:BatchGetCustomDataIdentifiers", @@ -60402,8 +84996,11 @@ aws_managed_policies_data = """ "macie2:DescribeClassificationJob", "macie2:DescribeOrganizationConfiguration", "macie2:GetAdministratorAccount", + "macie2:GetAllowList", + "macie2:GetAutomatedDiscoveryConfiguration", "macie2:GetBucketStatistics", "macie2:GetClassificationExportConfiguration", + "macie2:GetClassificationScope", "macie2:GetCustomDataIdentifier", "macie2:GetFindings", "macie2:GetFindingsFilter", @@ -60412,15 +85009,24 @@ aws_managed_policies_data = """ "macie2:GetInvitationsCount", "macie2:GetMacieSession", "macie2:GetMember", + "macie2:GetResourceProfile", + "macie2:GetRevealConfiguration", + "macie2:GetSensitiveDataOccurrencesAvailability", + "macie2:GetSensitivityInspectionTemplate", "macie2:GetUsageStatistics", "macie2:GetUsageTotals", + "macie2:ListAllowLists", "macie2:ListClassificationJobs", + "macie2:ListClassificationScopes", "macie2:ListCustomDataIdentifiers", "macie2:ListFindings", "macie2:ListFindingsFilters", "macie2:ListInvitations", "macie2:ListMembers", "macie2:ListOrganizationAdminAccounts", + "macie2:ListResourceProfileArtifacts", + "macie2:ListResourceProfileDetections", + "macie2:ListSensitivityInspectionTemplates", "macie2:ListTagsForResource", "macie2:SearchResources", "managedblockchain:GetMember", @@ -60469,6 +85075,17 @@ aws_managed_policies_data = """ "mediapackage-vod:List*", "mediapackage:Describe*", "mediapackage:List*", + "mediapackagev2:GetChannel", + "mediapackagev2:GetChannelGroup", + "mediapackagev2:GetChannelPolicy", + "mediapackagev2:GetHeadObject", + "mediapackagev2:GetObject", + "mediapackagev2:GetOriginEndpoint", + "mediapackagev2:GetOriginEndpointPolicy", + "mediapackagev2:ListChannelGroups", + "mediapackagev2:ListChannels", + "mediapackagev2:ListOriginEndpoints", + "mediapackagev2:ListTagsForResource", "mediastore:DescribeContainer", "mediastore:DescribeObject", "mediastore:GetContainerPolicy", @@ -60479,23 +85096,26 @@ aws_managed_policies_data = """ "mediastore:ListContainers", "mediastore:ListItems", "mediastore:ListTagsForResource", + "memorydb:DescribeClusters", + "memorydb:DescribeParameterGroups", + "memorydb:DescribeParameters", + "memorydb:ListTags", "mgh:Describe*", "mgh:GetHomeRegion", "mgh:List*", "mgn:DescribeJobLogItems", "mgn:DescribeJobs", + "mgn:DescribeLaunchConfigurationTemplates", "mgn:DescribeReplicationConfigurationTemplates", "mgn:DescribeSourceServers", + "mgn:DescribeVcenterClients", "mgn:GetLaunchConfiguration", "mgn:GetReplicationConfiguration", + "mgn:ListApplications", + "mgn:ListSourceServerActions", + "mgn:ListTemplateActions", + "mgn:ListWaves", "mobileanalytics:Get*", - "mobilehub:Describe*", - "mobilehub:Export*", - "mobilehub:Generate*", - "mobilehub:Get*", - "mobilehub:List*", - "mobilehub:Validate*", - "mobilehub:Verify*", "mobiletargeting:Get*", "mobiletargeting:List*", "monitron:GetProject", @@ -60510,16 +85130,19 @@ aws_managed_policies_data = """ "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:DescribeRuleGroupMetadata", + "network-firewall:DescribeTLSInspectionConfiguration", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups", "network-firewall:ListTagsForResource", + "network-firewall:ListTLSInspectionConfigurations", "networkmanager:DescribeGlobalNetworks", "networkmanager:GetConnectAttachment", "networkmanager:GetConnections", "networkmanager:GetConnectPeer", "networkmanager:GetConnectPeerAssociations", "networkmanager:GetCoreNetwork", + "networkmanager:GetCoreNetworkChangeEvents", "networkmanager:GetCoreNetworkChangeSet", "networkmanager:GetCoreNetworkPolicy", "networkmanager:GetCustomerGatewayAssociations", @@ -60536,21 +85159,100 @@ aws_managed_policies_data = """ "networkmanager:GetSites", "networkmanager:GetSiteToSiteVpnAttachment", "networkmanager:GetTransitGatewayConnectPeerAssociations", + "networkmanager:GetTransitGatewayPeering", "networkmanager:GetTransitGatewayRegistrations", + "networkmanager:GetTransitGatewayRouteTableAttachment", "networkmanager:GetVpcAttachment", "networkmanager:ListAttachments", "networkmanager:ListConnectPeers", "networkmanager:ListCoreNetworkPolicyVersions", "networkmanager:ListCoreNetworks", + "networkmanager:ListPeerings", "networkmanager:ListTagsForResource", + "nimble:GetEula", + "nimble:GetFeatureMap", + "nimble:GetLaunchProfile", + "nimble:GetLaunchProfileDetails", + "nimble:GetLaunchProfileInitialization", + "nimble:GetLaunchProfileMember", + "nimble:GetStreamingImage", + "nimble:GetStreamingSession", + "nimble:GetStudio", + "nimble:GetStudioComponent", + "nimble:GetStudioMember", + "nimble:ListEulaAcceptances", + "nimble:ListEulas", + "nimble:ListLaunchProfileMembers", + "nimble:ListLaunchProfiles", + "nimble:ListStreamingImages", + "nimble:ListStreamingSessions", + "nimble:ListStudioComponents", + "nimble:ListStudioMembers", + "nimble:ListStudios", + "nimble:ListTagsForResource", + "notifications-contacts:GetEmailContact", + "notifications-contacts:ListEmailContacts", + "notifications-contacts:ListTagsForResource", + "notifications:GetEventRule", + "notifications:GetNotificationConfiguration", + "notifications:GetNotificationEvent", + "notifications:ListChannels", + "notifications:ListEventRules", + "notifications:ListNotificationConfigurations", + "notifications:ListNotificationEvents", + "notifications:ListNotificationHubs", + "notifications:ListTagsForResource", + "oam:GetLink", + "oam:GetSink", + "oam:GetSinkPolicy", + "oam:ListAttachedLinks", + "oam:ListLinks", + "oam:ListSinks", + "omics:Get*", + "omics:List*", + "one:GetDeviceConfigurationTemplate", + "one:GetDeviceInstance", + "one:GetDeviceInstanceConfiguration", + "one:GetSite", + "one:GetSiteAddress", + "one:ListDeviceConfigurationTemplates", + "one:ListDeviceInstances", + "one:ListSites", + "one:ListUsers", "opsworks-cm:Describe*", "opsworks-cm:List*", "opsworks:Describe*", "opsworks:Get*", "organizations:Describe*", "organizations:List*", + "osis:GetPipeline", + "osis:GetPipelineBlueprint", + "osis:GetPipelineChangeProgress", + "osis:ListPipelineBlueprints", + "osis:ListPipelines", + "osis:ListTagsForResource", "outposts:Get*", "outposts:List*", + "payment-cryptography:GetAlias", + "payment-cryptography:GetKey", + "payment-cryptography:GetPublicKeyCertificate", + "payment-cryptography:ListAliases", + "payment-cryptography:ListKeys", + "payment-cryptography:ListTagsForResource", + "payments:GetPaymentInstrument", + "payments:GetPaymentStatus", + "payments:ListPaymentPreferences", + "pca-connector-ad:GetConnector", + "pca-connector-ad:GetDirectoryRegistration", + "pca-connector-ad:GetServicePrincipalName", + "pca-connector-ad:GetTemplate", + "pca-connector-ad:GetTemplateGroupAccessControlEntry", + "pca-connector-ad:ListConnectors", + "pca-connector-ad:ListDirectoryRegistrations", + "pca-connector-ad:ListServicePrincipalNames", + "pca-connector-ad:ListTagsForResource", + "pca-connector-ad:ListTemplateGroupAccessControlEntries", + "pca-connector-ad:ListTemplates", "personalize:Describe*", "personalize:Get*", "personalize:List*", @@ -60560,10 +85262,19 @@ aws_managed_policies_data = """ "pi:GetResourceMetrics", "pi:ListAvailableResourceDimensions", "pi:ListAvailableResourceMetrics", + "pipes:DescribePipe", + "pipes:ListPipes", + "pipes:ListTagsForResource", "polly:Describe*", "polly:Get*", "polly:List*", "polly:SynthesizeSpeech", + "pricing:DescribeServices", + "pricing:GetAttributeValues", + "pricing:GetPriceListFileUrl", + "pricing:GetProducts", + "pricing:ListPriceLists", + "proton:GetDeployment", "proton:GetEnvironment", "proton:GetEnvironmentTemplate", "proton:GetEnvironmentTemplateVersion", @@ -60571,6 +85282,7 @@ aws_managed_policies_data = """ "proton:GetServiceInstance", "proton:GetServiceTemplate", "proton:GetServiceTemplateVersion", + "proton:ListDeployments", "proton:ListEnvironmentAccountConnections", "proton:ListEnvironments", "proton:ListEnvironmentTemplates", @@ -60578,11 +85290,17 @@ aws_managed_policies_data = """ "proton:ListServices", "proton:ListServiceTemplates", "proton:ListTagsForResource", + "purchase-orders:GetPurchaseOrder", + "purchase-orders:ListPurchaseOrderInvoices", + "purchase-orders:ListPurchaseOrders", + "purchase-orders:ViewPurchaseOrders", + "qldb:DescribeJournalKinesisStream", "qldb:DescribeJournalS3Export", "qldb:DescribeLedger", "qldb:GetBlock", "qldb:GetDigest", "qldb:GetRevision", + "qldb:ListJournalKinesisStreamsForLedger", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:ListLedgers", @@ -60610,20 +85328,40 @@ aws_managed_policies_data = """ "refactor-spaces:ListServices", "refactor-spaces:ListTagsForResource", "rekognition:CompareFaces", + "rekognition:DescribeDataset", + "rekognition:DescribeProjects", + "rekognition:DescribeProjectVersions", + "rekognition:DescribeStreamProcessor", "rekognition:Detect*", + "rekognition:GetCelebrityInfo", + "rekognition:GetCelebrityRecognition", + "rekognition:GetContentModeration", + "rekognition:GetFaceDetection", + "rekognition:GetFaceSearch", + "rekognition:GetLabelDetection", + "rekognition:GetPersonTracking", + "rekognition:GetSegmentDetection", + "rekognition:GetTextDetection", "rekognition:List*", + "rekognition:RecognizeCelebrities", "rekognition:Search*", "resiliencehub:DescribeApp", "resiliencehub:DescribeAppAssessment", + "resiliencehub:DescribeAppVersion", + "resiliencehub:DescribeAppVersionAppComponent", + "resiliencehub:DescribeAppVersionResource", "resiliencehub:DescribeAppVersionResourcesResolutionStatus", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:DescribeDraftAppVersionResourcesImportStatus", "resiliencehub:DescribeResiliencyPolicy", "resiliencehub:ListAlarmRecommendations", + "resiliencehub:ListAppAssessmentComplianceDrifts", "resiliencehub:ListAppAssessments", "resiliencehub:ListAppComponentCompliances", "resiliencehub:ListAppComponentRecommendations", + "resiliencehub:ListAppInputSources", "resiliencehub:ListApps", + "resiliencehub:ListAppVersionAppComponents", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListAppVersionResources", "resiliencehub:ListAppVersions", @@ -60634,6 +85372,15 @@ aws_managed_policies_data = """ "resiliencehub:ListTagsForResource", "resiliencehub:ListTestRecommendations", "resiliencehub:ListUnsupportedAppVersionResources", + "resource-explorer-2:BatchGetView", + "resource-explorer-2:GetDefaultView", + "resource-explorer-2:GetIndex", + "resource-explorer-2:GetView", + "resource-explorer-2:ListIndexes", + "resource-explorer-2:ListSupportedResourceTypes", + "resource-explorer-2:ListTagsForResource", + "resource-explorer-2:ListViews", + "resource-explorer-2:Search", "resource-groups:Get*", "resource-groups:List*", "resource-groups:Search*", @@ -60644,6 +85391,7 @@ aws_managed_policies_data = """ "route53-recovery-cluster:Get*", "route53-recovery-cluster:ListRoutingControls", "route53-recovery-control-config:Describe*", + "route53-recovery-control-config:GetResourcePolicy", "route53-recovery-control-config:List*", "route53-recovery-readiness:Get*", "route53-recovery-readiness:List*", @@ -60674,6 +85422,13 @@ aws_managed_policies_data = """ "s3:DescribeJob", "s3:Get*", "s3:List*", + "sagemaker-groundtruth-synthetic:GetAccountDetails", + "sagemaker-groundtruth-synthetic:GetBatch", + "sagemaker-groundtruth-synthetic:GetProject", + "sagemaker-groundtruth-synthetic:ListBatchDataTransfers", + "sagemaker-groundtruth-synthetic:ListBatchSummaries", + "sagemaker-groundtruth-synthetic:ListProjectDataTransfers", + "sagemaker-groundtruth-synthetic:ListProjectSummaries", "sagemaker:Describe*", "sagemaker:GetSearchSuggestions", "sagemaker:List*", @@ -60683,6 +85438,11 @@ aws_managed_policies_data = """ "savingsplans:DescribeSavingsPlansOfferingRates", "savingsplans:DescribeSavingsPlansOfferings", "savingsplans:ListTagsForResource", + "scheduler:GetSchedule", + "scheduler:GetScheduleGroup", + "scheduler:ListScheduleGroups", + "scheduler:ListSchedules", + "scheduler:ListTagsForResource", "schemas:Describe*", "schemas:Get*", "schemas:List*", @@ -60693,6 +85453,8 @@ aws_managed_policies_data = """ "secretsmanager:Describe*", "secretsmanager:GetResourcePolicy", "secretsmanager:List*", + "securityhub:BatchGetControlEvaluations", + "securityhub:BatchGetSecurityControls", "securityhub:BatchGetStandardsControlAssociations", "securityhub:Describe*", "securityhub:Get*", @@ -60706,6 +85468,8 @@ aws_managed_policies_data = """ "servicecatalog:List*", "servicecatalog:Scan*", "servicecatalog:Search*", + "servicediscovery:DiscoverInstances", + "servicediscovery:DiscoverInstancesRevision", "servicediscovery:Get*", "servicediscovery:List*", "servicequotas:GetAssociationForServiceQuotaTemplate", @@ -60719,6 +85483,7 @@ aws_managed_policies_data = """ "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", "servicequotas:ListServiceQuotas", "servicequotas:ListServices", + "ses:BatchGetMetricData", "ses:Describe*", "ses:Get*", "ses:List*", @@ -60793,7 +85558,17 @@ aws_managed_policies_data = """ "sts:GetAccessKeyInfo", "sts:GetCallerIdentity", "sts:GetSessionToken", + "support:DescribeAttachment", "support:DescribeCases", + "support:DescribeCommunications", + "support:DescribeServices", + "support:DescribeSeverityLevels", + "support:DescribeTrustedAdvisorCheckRefreshStatuses", + "support:DescribeTrustedAdvisorCheckResult", + "support:DescribeTrustedAdvisorChecks", + "support:DescribeTrustedAdvisorCheckSummaries", + "supportplans:GetSupportPlan", + "supportplans:GetSupportPlanUpdateStatus", "sustainability:GetCarbonFootprintSummary", "swf:Count*", "swf:Describe*", @@ -60805,19 +85580,78 @@ aws_managed_policies_data = """ "tag:DescribeReportCreation", "tag:Get*", "tax:GetExemptions", + "tax:GetTaxInheritance", + "tax:GetTaxInterview", + "tax:GetTaxRegistration", + "tax:GetTaxRegistrationDocument", + "tax:ListTaxRegistrations", + "timestream:DescribeBatchLoadTask", "timestream:DescribeDatabase", "timestream:DescribeEndpoints", "timestream:DescribeTable", + "timestream:ListBatchLoadTasks", "timestream:ListDatabases", "timestream:ListMeasures", "timestream:ListTables", "timestream:ListTagsForResource", + "tnb:GetSolFunctionInstance", + "tnb:GetSolFunctionPackage", + "tnb:GetSolFunctionPackageContent", + "tnb:GetSolFunctionPackageDescriptor", + "tnb:GetSolNetworkInstance", + "tnb:GetSolNetworkOperation", + "tnb:GetSolNetworkPackage", + "tnb:GetSolNetworkPackageContent", + "tnb:GetSolNetworkPackageDescriptor", + "tnb:ListSolFunctionInstances", + "tnb:ListSolFunctionPackages", + "tnb:ListSolNetworkInstances", + "tnb:ListSolNetworkOperations", + "tnb:ListSolNetworkPackages", + "tnb:ListTagsForResource", "transcribe:Get*", "transcribe:List*", "transfer:Describe*", "transfer:List*", "transfer:TestIdentityProvider", + "translate:DescribeTextTranslationJob", + "translate:GetParallelData", + "translate:GetTerminology", + "translate:ListParallelData", + "translate:ListTerminologies", + "translate:ListTextTranslationJobs", "trustedadvisor:Describe*", + "verifiedpermissions:GetIdentitySource", + "verifiedpermissions:GetPolicy", + "verifiedpermissions:GetPolicyStore", + "verifiedpermissions:GetPolicyTemplate", + "verifiedpermissions:GetSchema", + "verifiedpermissions:IsAuthorized", + "verifiedpermissions:IsAuthorizedWithToken", + "verifiedpermissions:ListIdentitySources", + "verifiedpermissions:ListPolicies", + "verifiedpermissions:ListPolicyStores", + "verifiedpermissions:ListPolicyTemplates", + "vpc-lattice:GetAccessLogSubscription", + "vpc-lattice:GetAuthPolicy", + "vpc-lattice:GetListener", + "vpc-lattice:GetResourcePolicy", + "vpc-lattice:GetRule", + "vpc-lattice:GetService", + "vpc-lattice:GetServiceNetwork", + "vpc-lattice:GetServiceNetworkServiceAssociation", + "vpc-lattice:GetServiceNetworkVpcAssociation", + "vpc-lattice:GetTargetGroup", + "vpc-lattice:ListAccessLogSubscriptions", + "vpc-lattice:ListListeners", + "vpc-lattice:ListRules", + "vpc-lattice:ListServiceNetworks", + "vpc-lattice:ListServiceNetworkServiceAssociations", + "vpc-lattice:ListServiceNetworkVpcAssociations", + "vpc-lattice:ListServices", + "vpc-lattice:ListTagsForResource", + "vpc-lattice:ListTargetGroups", + "vpc-lattice:ListTargets", "waf-regional:Get*", "waf-regional:List*", "waf:Get*", @@ -60826,32 +85660,101 @@ aws_managed_policies_data = """ "wafv2:Describe*", "wafv2:Get*", "wafv2:List*", + "wellarchitected:ExportLens", + "wellarchitected:GetAnswer", + "wellarchitected:GetConsolidatedReport", + "wellarchitected:GetLens", + "wellarchitected:GetLensReview", + "wellarchitected:GetLensReviewReport", + "wellarchitected:GetLensVersionDifference", + "wellarchitected:GetMilestone", + "wellarchitected:GetProfile", + "wellarchitected:GetProfileTemplate", + "wellarchitected:GetReviewTemplate", + "wellarchitected:GetReviewTemplateAnswer", + "wellarchitected:GetReviewTemplateLensReview", + "wellarchitected:GetWorkload", + "wellarchitected:ListAnswers", + "wellarchitected:ListCheckDetails", + "wellarchitected:ListCheckSummaries", + "wellarchitected:ListLenses", + "wellarchitected:ListLensReviewImprovements", + "wellarchitected:ListLensReviews", + "wellarchitected:ListLensShares", + "wellarchitected:ListMilestones", + "wellarchitected:ListNotifications", + "wellarchitected:ListProfileNotifications", + "wellarchitected:ListProfiles", + "wellarchitected:ListProfileShares", + "wellarchitected:ListReviewTemplateAnswers", + "wellarchitected:ListReviewTemplates", + "wellarchitected:ListShareInvitations", + "wellarchitected:ListTagsForResource", + "wellarchitected:ListTemplateShares", + "wellarchitected:ListWorkloads", + "wellarchitected:ListWorkloadShares", "workdocs:CheckAlias", "workdocs:Describe*", "workdocs:Get*", - "worklink:Describe*", - "worklink:List*", "workmail:Describe*", "workmail:Get*", "workmail:List*", "workmail:Search*", + "workspaces-web:GetBrowserSettings", + "workspaces-web:GetIdentityProvider", + "workspaces-web:GetNetworkSettings", + "workspaces-web:GetPortal", + "workspaces-web:GetPortalServiceProviderMetadata", + "workspaces-web:GetTrustStore", + "workspaces-web:GetUserAccessLoggingSettings", + "workspaces-web:GetUserSettings", + "workspaces-web:ListBrowserSettings", + "workspaces-web:ListIdentityProviders", + "workspaces-web:ListNetworkSettings", + "workspaces-web:ListPortals", + "workspaces-web:ListTagsForResource", + "workspaces-web:ListTrustStores", + "workspaces-web:ListUserAccessLoggingSettings", + "workspaces-web:ListUserSettings", "workspaces:Describe*", "xray:BatchGet*", "xray:Get*" ], "Effect":"Allow", + "Resource":"*", + "Sid":"ReadOnlyActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2024-01-03T15:52:00+00:00" + }, + "ResourceGroupsServiceRolePolicy":{ + "CreateDate":"2023-01-05T16:57:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "tag:GetResources", + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources" + ], + "Effect":"Allow", "Resource":"*" } ], "Version":"2012-10-17" }, - "Path":"/", + "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-29T19:19:00+00:00" + "UpdateDate":"2023-01-05T16:57:08+00:00" }, "ResourceGroupsandTagEditorFullAccess":{ "CreateDate":"2015-02-06T18:39:53+00:00", - "DefaultVersionId":"v5", + "DefaultVersionId":"v6", "Document":{ "Statement":[ { @@ -60863,7 +85766,8 @@ aws_managed_policies_data = """ "tag:UntagResources", "resource-groups:*", "cloudformation:DescribeStacks", - "cloudformation:ListStackResources" + "cloudformation:ListStackResources", + "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*" @@ -60873,11 +85777,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-10-02T23:57:57+00:00" + "UpdateDate":"2023-08-10T13:29:19+00:00" }, "ResourceGroupsandTagEditorReadOnlyAccess":{ "CreateDate":"2015-02-06T18:39:54+00:00", - "DefaultVersionId":"v2", + "DefaultVersionId":"v3", "Document":{ "Statement":[ { @@ -60889,7 +85793,8 @@ aws_managed_policies_data = """ "resource-groups:List*", "resource-groups:Search*", "cloudformation:DescribeStacks", - "cloudformation:ListStackResources" + "cloudformation:ListStackResources", + "cloudformation:ListStacks" ], "Effect":"Allow", "Resource":"*" @@ -60899,11 +85804,11 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2019-03-07T19:43:17+00:00" + "UpdateDate":"2023-08-10T13:42:58+00:00" }, "Route53RecoveryReadinessServiceRolePolicy":{ "CreateDate":"2021-07-15T16:06:21+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v5", "Document":{ "Statement":[ { @@ -60939,6 +85844,7 @@ aws_managed_policies_data = """ "lambda:GetFunctionConcurrency", "lambda:GetFunctionConfiguration", "lambda:GetProvisionedConcurrencyConfig", + "lambda:ListProvisionedConcurrencyConfigs", "lambda:ListAliases", "lambda:ListVersionsByFunction" ], @@ -61016,11 +85922,13 @@ aws_managed_policies_data = """ "dynamodb:ListGlobalTables", "dynamodb:ListTables", "ec2:DescribeAvailabilityZones", + "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId", "elasticloadbalancing:DescribeInstanceHealth", @@ -61049,7 +85957,7 @@ aws_managed_policies_data = """ }, "Path":"/aws-service-role/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-10-29T07:09:46+00:00" + "UpdateDate":"2023-02-14T18:08:46+00:00" }, "Route53ResolverServiceRolePolicy":{ "CreateDate":"2020-08-12T17:47:24+00:00", @@ -61104,7 +86012,7 @@ aws_managed_policies_data = """ }, "SecretsManagerReadWrite":{ "CreateDate":"2018-04-04T18:05:29+00:00", - "DefaultVersionId":"v3", + "DefaultVersionId":"v4", "Document":{ "Statement":[ { @@ -61115,6 +86023,8 @@ aws_managed_policies_data = """ "cloudformation:DescribeStackResource", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", + "docdb-elastic:GetCluster", + "docdb-elastic:ListClusters", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", @@ -61164,15 +86074,16 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-06-24T18:01:22+00:00" + "UpdateDate":"2023-08-29T20:42:39+00:00" }, "SecurityAudit":{ "CreateDate":"2015-02-06T18:41:01+00:00", - "DefaultVersionId":"v35", + "DefaultVersionId":"v41", "Document":{ "Statement":[ { "Action":[ + "a4b:ListSkills", "access-analyzer:GetAnalyzedResource", "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", @@ -61182,19 +86093,61 @@ aws_managed_policies_data = """ "access-analyzer:ListArchiveRules", "access-analyzer:ListFindings", "access-analyzer:ListTagsForResource", + "account:GetAlternateContact", + "account:GetRegionOptStatus", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:DescribeCertificateAuthorityAuditReport", + "acm-pca:GetPolicy", + "acm-pca:ListCertificateAuthorities", "acm-pca:ListPermissions", + "acm-pca:ListTags", "acm:Describe*", "acm:List*", + "airflow:ListEnvironments", + "appflow:ListFlows", + "appflow:ListTagsForResource", "application-autoscaling:Describe*", "appmesh:Describe*", "appmesh:List*", + "apprunner:DescribeAutoScalingConfiguration", + "apprunner:DescribeCustomDomains", + "apprunner:DescribeObservabilityConfiguration", + "apprunner:DescribeService", + "apprunner:DescribeVpcConnector", + "apprunner:DescribeVpcIngressConnection", + "apprunner:ListAutoScalingConfigurations", + "apprunner:ListConnections", + "apprunner:ListObservabilityConfigurations", + "apprunner:ListOperations", + "apprunner:ListServices", + "apprunner:ListTagsForResource", + "apprunner:ListVpcConnectors", + "apprunner:ListVpcIngressConnections", + "appsync:GetApiCache", "appsync:List*", "athena:GetWorkGroup", "athena:List*", + "auditmanager:GetAccountStatus", + "auditmanager:ListAssessmentControlInsightsByControlDomain", + "auditmanager:ListAssessmentFrameworks", + "auditmanager:ListAssessmentFrameworkShareRequests", + "auditmanager:ListAssessmentReports", + "auditmanager:ListAssessments", + "auditmanager:ListControlDomainInsights", + "auditmanager:ListControlDomainInsightsByAssessment", + "auditmanager:ListControlInsightsByControlDomain", + "auditmanager:ListControls", + "auditmanager:ListNotifications", + "auditmanager:ListTagsForResource", "autoscaling-plans:DescribeScalingPlans", "autoscaling:Describe*", + "backup:DescribeRegionSettings", + "backup:GetBackupVaultAccessPolicy", + "backup:ListBackupVaults", "batch:DescribeComputeEnvironments", "batch:DescribeJobDefinitions", + "braket:SearchJobs", + "braket:SearchQuantumTasks", "chime:List*", "cloud9:Describe*", "cloud9:ListEnvironments", @@ -61205,19 +86158,23 @@ aws_managed_policies_data = """ "cloudformation:ListStack*", "cloudfront:Get*", "cloudfront:List*", - "cloudhsm:ListHapgs", - "cloudhsm:ListHsms", - "cloudhsm:ListLunaClients", "cloudsearch:DescribeDomainEndpointOptions", "cloudsearch:DescribeDomains", "cloudsearch:DescribeServiceAccessPolicies", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", + "cloudtrail:GetTrail", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", "cloudtrail:LookupEvents", "cloudwatch:Describe*", + "cloudwatch:GetDashboard", "cloudwatch:ListTagsForResource", + "cloudwatch:ListDashboards", + "codeartifact:GetDomainPermissionsPolicy", + "codeartifact:GetRepositoryPermissionsPolicy", + "codeartifact:ListRepositories", + "codebuild:BatchGetProjects", "codebuild:ListProjects", "codecommit:BatchGetRepositories", "codecommit:GetBranch", @@ -61235,14 +86192,11 @@ aws_managed_policies_data = """ "codepipeline:ListPipelines", "codestar:Describe*", "codestar:List*", + "cognito-identity:Describe*", + "cognito-identity:GetIdentityPoolRoles", "cognito-identity:ListIdentityPools", - "cognito-idp:DescribeIdentityProvider", - "cognito-idp:DescribeResourceServer", - "cognito-idp:DescribeRiskConfiguration", - "cognito-idp:DescribeUserImportJob", - "cognito-idp:DescribeUserPool", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:DescribeUserPoolDomain", + "cognito-identity:ListTagsForResource", + "cognito-idp:Describe*", "cognito-idp:ListDevices", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", @@ -61257,12 +86211,20 @@ aws_managed_policies_data = """ "cognito-sync:List*", "comprehend:Describe*", "comprehend:List*", + "comprehendmedical:ListICD10CMInferenceJobs", + "comprehendmedical:ListPHIDetectionJobs", + "comprehendmedical:ListRxNormInferenceJobs", + "comprehendmedical:ListSNOMEDCTInferenceJobs", "config:BatchGetAggregateResourceConfig", "config:BatchGetResourceConfig", "config:Deliver*", "config:Describe*", "config:Get*", "config:List*", + "config:SelectAggregateResourceConfig", + "config:SelectResourceConfig", + "connect:ListInstances", + "dataexchange:ListDataSets", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:EvaluateExpression", @@ -61274,12 +86236,21 @@ aws_managed_policies_data = """ "datasync:List*", "dax:Describe*", "dax:ListTags", + "deepracer:ListModels", "detective:GetGraphIngestState", "detective:ListGraphs", "detective:ListMembers", + "devicefarm:ListProjects", "directconnect:Describe*", + "discovery:DescribeAgents", + "discovery:DescribeConfigurations", + "discovery:DescribeContinuousExports", + "discovery:DescribeExportConfigurations", + "discovery:DescribeExportTasks", + "discovery:DescribeImportTasks", "dms:Describe*", "dms:ListTagsForResource", + "docdb-elastic:ListClusters", "ds:DescribeDirectories", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", @@ -61291,54 +86262,69 @@ aws_managed_policies_data = """ "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayMulticastDomains", - "ec2:DescribeTransitGatewayPeeringAttachments", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTransitGateways", + "ec2:GetEbsEncryptionByDefault", + "ec2:GetImageBlockPublicAccessState", "ec2:GetManagedPrefixListAssociations", "ec2:GetManagedPrefixListEntries", + "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", + "ec2:GetNetworkInsightsAccessScopeContent", "ec2:GetTransitGatewayAttachmentPropagations", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:GetTransitGatewayPrefixListReferences", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", - "ecr-public:DescribeImageTags", + "ec2:SearchTransitGatewayRoutes", "ecr-public:DescribeImages", + "ecr-public:DescribeImageTags", "ecr-public:DescribeRegistries", "ecr-public:DescribeRepositories", "ecr-public:GetRegistryCatalogData", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", - "ecr:DescribeImageScanFindings", + "ecr-public:ListTagsForResource", + "ecr:BatchGetRepositoryScanningConfiguration", "ecr:DescribeImages", + "ecr:DescribeImageScanFindings", + "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", + "ecr:GetRegistryPolicy", + "ecr:GetRegistryScanningConfiguration", "ecr:GetRepositoryPolicy", "ecr:ListImages", "ecr:ListTagsForResource", "ecs:Describe*", "ecs:List*", "eks:DescribeCluster", + "eks:DescribeFargateProfile", "eks:DescribeNodeGroup", "eks:ListClusters", + "eks:ListFargateProfiles", "eks:ListNodeGroups", + "eks:ListUpdates", + "elastic-inference:DescribeAccelerators", "elasticache:Describe*", "elasticache:ListTagsForResource", "elasticbeanstalk:Describe*", - "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:ListTagsForResource", + "elasticfilesystem:DescribeAccountPreferences", + "elasticfilesystem:DescribeBackupPolicy", + "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticfilesystem:DescribeReplicationConfigurations", + "elasticfilesystem:DescribeTags", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", + "elastictranscoder:ListPipelines", "es:Describe*", + "es:GetCompatibleVersions", "es:ListDomainNames", "es:ListElasticsearchInstanceTypeDetails", "es:ListElasticsearchVersions", @@ -61346,28 +86332,44 @@ aws_managed_policies_data = """ "events:Describe*", "events:List*", "events:TestEventPattern", + "finspace:ListEnvironments", + "finspace:ListKxEnvironments", "firehose:Describe*", "firehose:List*", "fms:ListComplianceStatus", "fms:ListPolicies", + "forecast:ListDatasets", + "frauddetector:GetDetectors", "fsx:Describe*", "fsx:List*", "gamelift:ListBuilds", "gamelift:ListFleets", + "geo:ListMaps", "glacier:DescribeVault", "glacier:GetVaultAccessPolicy", + "glacier:GetVaultLock", "glacier:ListVaults", "globalaccelerator:Describe*", "globalaccelerator:List*", "glue:GetCrawlers", - "glue:GetDataCatalogEncryptionSettings", "glue:GetDatabases", + "glue:GetDataCatalogEncryptionSettings", "glue:GetDevEndpoints", "glue:GetJobs", + "glue:GetResourcePolicy", + "glue:GetSecurityConfigurations", + "grafana:ListWorkspaces", "greengrass:List*", "guardduty:DescribePublishingDestination", "guardduty:Get*", "guardduty:List*", + "health:DescribeAffectedEntities", + "health:DescribeEntityAggregates", + "health:DescribeEventAggregates", + "health:DescribeEvents", + "health:DescribeEventTypes", + "healthlake:ListFHIRDatastores", + "honeycode:ListTables", "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", @@ -61378,18 +86380,61 @@ aws_managed_policies_data = """ "inspector:Get*", "inspector:List*", "inspector:Preview*", + "inspector2:BatchGetAccountStatus", + "inspector2:BatchGetFreeTrialInfo", + "inspector2:DescribeOrganizationConfiguration", + "inspector2:GetConfiguration", + "inspector2:GetDelegatedAdminAccount", + "inspector2:GetFindingsReportStatus", + "inspector2:GetMember", + "inspector2:ListAccountPermissions", + "inspector2:ListCoverage", + "inspector2:ListCoverageStatistics", + "inspector2:ListDelegatedAdminAccounts", + "inspector2:ListFilters", + "inspector2:ListFindingAggregations", + "inspector2:ListFindings", + "inspector2:ListTagsForResource", + "inspector2:ListUsageTotals", "iot:Describe*", "iot:GetPolicy", "iot:GetPolicyVersion", "iot:List*", + "iotanalytics:ListChannels", + "iotevents:ListInputs", + "iotfleetwise:ListModelManifests", + "iotsitewise:DescribeGatewayCapabilityConfiguration", + "iotsitewise:ListAssetModels", + "iotsitewise:ListGateways", + "iottwinmaker:ListWorkspaces", + "kafka-cluster:Describe*", + "kafka:Describe*", + "kafka:GetBootstrapBrokers", + "kafka:GetCompatibleKafkaVersions", + "kafka:List*", + "kafkaconnect:Describe*", + "kafkaconnect:List*", + "kendra:DescribeIndex", + "kendra:ListIndices", "kinesis:DescribeLimits", "kinesis:DescribeStream", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", + "kinesis:ListShards", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:ListApplications", + "kinesisvideo:DescribeEdgeConfiguration", + "kinesisvideo:DescribeMappedResourceConfiguration", + "kinesisvideo:DescribeMediaStorageConfiguration", + "kinesisvideo:DescribeNotificationConfiguration", + "kinesisvideo:DescribeSignalingChannel", + "kinesisvideo:DescribeStream", + "kinesisvideo:ListSignalingChannels", + "kinesisvideo:ListStreams", + "kinesisvideo:ListTagsForResource", + "kinesisvideo:ListTagsForStream", "kms:Describe*", "kms:Get*", "kms:List*", @@ -61399,16 +86444,33 @@ aws_managed_policies_data = """ "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:List*", + "lex:DescribeBot", + "lex:DescribeResourcePolicy", + "lex:ListBots", "license-manager:List*", + "lightsail:GetDisks", + "lightsail:GetDiskSnapshots", "lightsail:GetInstances", "lightsail:GetLoadBalancers", "logs:Describe*", "logs:ListTagsLogGroup", + "lookoutequipment:ListDatasets", + "lookoutmetrics:ListAnomalyDetectors", + "lookoutvision:ListProjects", "machinelearning:DescribeMLModels", + "managedblockchain:ListNetworks", + "mechanicalturk:ListHITs", "mediaconnect:Describe*", "mediaconnect:List*", + "medialive:ListChannels", + "mediapackage-vod:DescribePackagingGroup", + "mediapackage-vod:ListPackagingGroups", + "mediapackage:DescribeOriginEndpoint", + "mediapackage:ListOriginEndpoints", "mediastore:GetContainerPolicy", + "mediastore:GetCorsPolicy", "mediastore:ListContainers", + "memorydb:DescribeClusters", "mq:DescribeBroker", "mq:DescribeBrokerEngineTypes", "mq:DescribeBrokerInstanceOptions", @@ -61420,13 +86482,31 @@ aws_managed_policies_data = """ "mq:ListConfigurations", "mq:ListTags", "mq:ListUsers", + "network-firewall:DescribeFirewall", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:DescribeLoggingConfiguration", + "network-firewall:DescribeResourcePolicy", + "network-firewall:DescribeRuleGroup", + "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", + "network-firewall:ListRuleGroups", + "networkmanager:DescribeGlobalNetworks", + "nimble:ListStudios", "opsworks-cm:DescribeServers", "opsworks:DescribeStacks", "organizations:Describe*", "organizations:List*", + "personalize:DescribeDatasetGroup", + "personalize:ListDatasetGroups", + "private-networks:ListNetworks", + "qldb:DescribeJournalS3Export", + "qldb:DescribeLedger", + "qldb:ListJournalS3Exports", + "qldb:ListJournalS3ExportsForLedger", + "qldb:ListLedgers", "quicksight:Describe*", "quicksight:List*", + "ram:GetResourceShares", "ram:List*", "rds:Describe*", "rds:DownloadDBLogFilePortion", @@ -61434,6 +86514,7 @@ aws_managed_policies_data = """ "redshift:Describe*", "rekognition:Describe*", "rekognition:List*", + "resource-groups:ListGroupResources", "robomaker:Describe*", "robomaker:List*", "route53:Get*", @@ -61445,6 +86526,9 @@ aws_managed_policies_data = """ "route53domains:ListTagsForDomain", "route53resolver:Get*", "route53resolver:List*", + "s3-outposts:ListEndpoints", + "s3-outposts:ListOutpostsWithS3", + "s3-outposts:ListSharedEndpoints", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", @@ -61467,24 +86551,25 @@ aws_managed_policies_data = """ "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", + "schemas:GetResourcePolicy", "schemas:ListDiscoverers", "schemas:ListRegistries", - "schemas:ListSchemaVersions", "schemas:ListSchemas", + "schemas:ListSchemaVersions", "schemas:ListTagsForResource", "sdb:DomainMetadata", "sdb:ListDomains", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", - "secretsmanager:ListSecretVersionIds", "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", "securityhub:Describe*", "securityhub:Get*", "securityhub:List*", "serverlessrepo:GetApplicationPolicy", "serverlessrepo:List*", - "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetAssociationForServiceQuotaTemplate", + "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetRequestedServiceQuotaChange", "servicequotas:GetServiceQuota", "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", @@ -61495,16 +86580,22 @@ aws_managed_policies_data = """ "servicequotas:ListServiceQuotas", "servicequotas:ListServices", "servicequotas:ListTagsForResource", + "ses:Describe*", + "ses:GetAccountSendingEnabled", "ses:GetIdentityDkimAttributes", "ses:GetIdentityPolicies", "ses:GetIdentityVerificationAttributes", + "ses:ListConfigurationSets", "ses:ListIdentities", "ses:ListIdentityPolicies", + "ses:ListReceiptRuleSets", "ses:ListVerifiedEmailAddresses", "shield:Describe*", + "shield:GetSubscriptionState", "shield:List*", "snowball:ListClusters", "snowball:ListJobs", + "sns:GetPlatformApplicationAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", @@ -61512,25 +86603,28 @@ aws_managed_policies_data = """ "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListDeadLetterSourceQueues", - "sqs:ListQueueTags", "sqs:ListQueues", + "sqs:ListQueueTags", "ssm:Describe*", "ssm:GetAutomationExecution", - "ssm:ListAssociationVersions", "ssm:ListAssociations", + "ssm:ListAssociationVersions", "ssm:ListCommands", "ssm:ListComplianceItems", "ssm:ListComplianceSummaries", "ssm:ListDocumentMetadataHistory", - "ssm:ListDocumentVersions", "ssm:ListDocuments", + "ssm:ListDocumentVersions", "ssm:ListInventoryEntries", "ssm:ListOpsMetadata", "ssm:ListResourceComplianceSummaries", "ssm:ListResourceDataSync", "ssm:ListTagsForResource", + "sso:DescribeAccountAssignmentCreationStatus", + "sso:DescribePermissionSet", "sso:DescribePermissionsPolicies", "sso:List*", + "states:DescribeStateMachine", "states:ListStateMachines", "storagegateway:DescribeBandwidthRateLimit", "storagegateway:DescribeCache", @@ -61547,12 +86641,36 @@ aws_managed_policies_data = """ "storagegateway:DescribeVTLDevices", "storagegateway:DescribeWorkingStorage", "storagegateway:List*", + "sts:GetAccessKeyInfo", "support:DescribeTrustedAdvisorCheckRefreshStatuses", "support:DescribeTrustedAdvisorCheckResult", - "support:DescribeTrustedAdvisorCheckSummaries", "support:DescribeTrustedAdvisorChecks", + "support:DescribeTrustedAdvisorCheckSummaries", + "synthetics:DescribeCanaries", + "synthetics:DescribeCanariesLastRun", + "synthetics:DescribeRuntimeVersions", + "synthetics:GetCanary", + "synthetics:GetCanaryRuns", + "synthetics:GetGroup", + "synthetics:ListAssociatedGroups", + "synthetics:ListGroupResources", + "synthetics:ListGroups", + "synthetics:ListTagsForResource", "tag:GetResources", "tag:GetTagKeys", + "transcribe:GetCallAnalyticsCategory", + "transcribe:GetMedicalVocabulary", + "transcribe:GetVocabulary", + "transcribe:GetVocabularyFilter", + "transcribe:ListCallAnalyticsCategories", + "transcribe:ListCallAnalyticsJobs", + "transcribe:ListLanguageModels", + "transcribe:ListMedicalTranscriptionJobs", + "transcribe:ListMedicalVocabularies", + "transcribe:ListTagsForResource", + "transcribe:ListTranscriptionJobs", + "transcribe:ListVocabularies", + "transcribe:ListVocabularyFilters", "transfer:Describe*", "transfer:List*", "translate:List*", @@ -61565,6 +86683,7 @@ aws_managed_policies_data = """ "waf:ListTagsForResource", "waf:ListWebACLs", "wafv2:GetWebACL", + "wafv2:GetWebACLforResource", "wafv2:ListAvailableManagedRuleGroups", "wafv2:ListIPSets", "wafv2:ListLoggingConfigurations", @@ -61580,10 +86699,12 @@ aws_managed_policies_data = """ "xray:GetGroups", "xray:GetSamplingRules", "xray:GetSamplingTargets", + "xray:GetTraceSummaries", "xray:ListTagsForResource" ], "Effect":"Allow", - "Resource":"*" + "Resource":"*", + "Sid":"BaseSecurityAuditStatement" }, { "Action":[ @@ -61592,29 +86713,127 @@ aws_managed_policies_data = """ "Effect":"Allow", "Resource":[ "arn:aws:apigateway:*::/apis", + "arn:aws:apigateway:*::/apis/*/authorizers/*", + "arn:aws:apigateway:*::/apis/*/authorizers", + "arn:aws:apigateway:*::/apis/*/cors", + "arn:aws:apigateway:*::/apis/*/deployments/*", + "arn:aws:apigateway:*::/apis/*/deployments", + "arn:aws:apigateway:*::/apis/*/exports/*", + "arn:aws:apigateway:*::/apis/*/integrations/*", + "arn:aws:apigateway:*::/apis/*/integrations", + "arn:aws:apigateway:*::/apis/*/models/*", + "arn:aws:apigateway:*::/apis/*/models", + "arn:aws:apigateway:*::/apis/*/routes/*", "arn:aws:apigateway:*::/apis/*/routes", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*", + "arn:aws:apigateway:*::/clientcertificates", "arn:aws:apigateway:*::/clientcertificates/*", + "arn:aws:apigateway:*::/domainnames", + "arn:aws:apigateway:*::/domainnames/*/apimappings", "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*/authorizers", "arn:aws:apigateway:*::/restapis/*/authorizers/*", + "arn:aws:apigateway:*::/restapis/*/authorizers", + "arn:aws:apigateway:*::/restapis/*/deployments/*", + "arn:aws:apigateway:*::/restapis/*/deployments", + "arn:aws:apigateway:*::/restapis/*/documentation/parts/*", + "arn:aws:apigateway:*::/restapis/*/documentation/parts", + "arn:aws:apigateway:*::/restapis/*/documentation/versions/*", "arn:aws:apigateway:*::/restapis/*/documentation/versions", - "arn:aws:apigateway:*::/restapis/*/resources", + "arn:aws:apigateway:*::/restapis/*/gatewayresponses/*", + "arn:aws:apigateway:*::/restapis/*/gatewayresponses", + "arn:aws:apigateway:*::/restapis/*/models/*", + "arn:aws:apigateway:*::/restapis/*/models", + "arn:aws:apigateway:*::/restapis/*/requestvalidators", + "arn:aws:apigateway:*::/restapis/*/requestvalidators/*", "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", + "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/tags/*", "arn:aws:apigateway:*::/vpclinks" - ] + ], + "Sid":"APIGatewayAccess" } ], "Version":"2012-10-17" }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2021-04-14T20:28:28+00:00" + "UpdateDate":"2023-12-14T21:45:16+00:00" + }, + "SecurityLakeServiceLinkedRole":{ + "CreateDate":"2022-11-29T14:03:33+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:ListAccounts", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"OrganizationsPolicies" + }, + { + "Action":[ + "organizations:DescribeAccount" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:organizations::*:account/o-*/*" + ], + "Sid":"DescribeOrgAccounts" + }, + { + "Action":[ + "cloudtrail:CreateServiceLinkedChannel", + "cloudtrail:DeleteServiceLinkedChannel", + "cloudtrail:GetServiceLinkedChannel", + "cloudtrail:UpdateServiceLinkedChannel" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudtrail:*:*:channel/aws-service-channel/security-lake/*", + "Sid":"AllowManagementOfServiceLinkedChannel" + }, + { + "Action":[ + "cloudtrail:ListServiceLinkedChannels" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowListServiceLinkedChannel" + }, + { + "Action":[ + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeAnyVpc" + }, + { + "Action":[ + "organizations:ListDelegatedAdministrators" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":"securitylake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ListDelegatedAdmins" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-11-29T14:03:33+00:00" }, "ServerMigrationConnector":{ "CreateDate":"2016-10-24T21:45:56+00:00", @@ -62263,7 +87482,7 @@ aws_managed_policies_data = """ }, "SupportUser":{ "CreateDate":"2016-11-10T17:21:53+00:00", - "DefaultVersionId":"v7", + "DefaultVersionId":"v8", "Document":{ "Statement":[ { @@ -62424,10 +87643,6 @@ aws_managed_policies_data = """ "logs:TestMetricFilter", "machinelearning:Describe*", "machinelearning:Get*", - "mobilehub:GetProject", - "mobilehub:List*", - "mobilehub:ValidateProject", - "mobilehub:VerifyServiceRole", "opsworks:Describe*", "rds:Describe*", "rds:ListTagsForResource", @@ -62481,7 +87696,7 @@ aws_managed_policies_data = """ }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-07-25T22:45:38+00:00" + "UpdateDate":"2023-08-25T18:40:27+00:00" }, "SystemAdministrator":{ "CreateDate":"2016-11-10T17:23:56+00:00", @@ -62776,12 +87991,13 @@ aws_managed_policies_data = """ }, "TranslateReadOnly":{ "CreateDate":"2017-11-29T18:22:00+00:00", - "DefaultVersionId":"v6", + "DefaultVersionId":"v7", "Document":{ "Statement":[ { "Action":[ "translate:TranslateText", + "translate:TranslateDocument", "translate:GetTerminology", "translate:ListTerminologies", "translate:ListTextTranslationJobs", @@ -62800,7 +88016,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2020-11-23T17:31:06+00:00" + "UpdateDate":"2023-05-24T17:19:30+00:00" }, "VMImportExportRoleForAWSConnector":{ "CreateDate":"2015-09-03T20:48:59+00:00", @@ -62835,9 +88051,150 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount":0, "UpdateDate":"2015-09-03T20:48:59+00:00" }, + "VPCLatticeFullAccess":{ + "CreateDate":"2023-03-30T02:49:02+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "vpc-lattice:*", + "acm:DescribeCertificate", + "acm:ListCertificates", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:DescribeInstances", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "elasticloadbalancing:DescribeLoadBalancers", + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams", + "logs:DescribeLogGroups", + "s3:ListAllMyBuckets", + "lambda:ListAliases", + "lambda:ListFunctions", + "lambda:ListVersionsByFunction" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:UpdateLogDelivery", + "logs:DescribeResourcePolicies" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "vpc-lattice.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"vpc-lattice.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/vpc-lattice.amazonaws.com/AWSServiceRoleForVpcLattice" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"delivery.logs.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/vpc-lattice.amazonaws.com/AWSServiceRoleForVpcLattice" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-30T02:49:02+00:00" + }, + "VPCLatticeReadOnlyAccess":{ + "CreateDate":"2023-03-30T02:47:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "vpc-lattice:Get*", + "vpc-lattice:List*", + "acm:DescribeCertificate", + "acm:ListCertificates", + "cloudwatch:GetMetricData", + "ec2:DescribeInstances", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "elasticloadbalancing:DescribeLoadBalancers", + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams", + "lambda:ListAliases", + "lambda:ListFunctions", + "lambda:ListVersionsByFunction", + "logs:DescribeLogGroups", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-30T02:47:25+00:00" + }, + "VPCLatticeServicesInvokeAccess":{ + "CreateDate":"2023-03-30T02:45:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "vpc-lattice-svcs:Invoke" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2023-03-30T02:45:07+00:00" + }, "ViewOnlyAccess":{ "CreateDate":"2016-11-10T17:20:15+00:00", - "DefaultVersionId":"v15", + "DefaultVersionId":"v17", "Document":{ "Statement":[ { @@ -62943,6 +88300,7 @@ aws_managed_policies_data = """ "ec2:DescribeRegions", "ec2:DescribeReserved*", "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshot*", "ec2:DescribeSpot*", @@ -63021,9 +88379,6 @@ aws_managed_policies_data = """ "mediaconnect:ListFlows", "mediaconnect:ListOfferings", "mediaconnect:ListReservations", - "mobilehub:ListAvailableFeatures", - "mobilehub:ListAvailableRegions", - "mobilehub:ListProjects", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetCampaigns", "mobiletargeting:GetImportJobs", @@ -63042,6 +88397,12 @@ aws_managed_policies_data = """ "redshift:DescribeClusters", "redshift:DescribeEvents", "redshift:ViewQueriesInConsole", + "resource-explorer-2:GetDefaultView", + "resource-explorer-2:GetIndex", + "resource-explorer-2:ListIndexes", + "resource-explorer-2:ListSupportedResourceTypes", + "resource-explorer-2:ListTagsForResource", + "resource-explorer-2:ListViews", "route53:Get*", "route53:List*", "route53domains:List*", @@ -63083,7 +88444,7 @@ aws_managed_policies_data = """ }, "Path":"/job-function/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2022-05-06T21:01:44+00:00" + "UpdateDate":"2023-03-06T15:59:28+00:00" }, "WAFLoggingServiceRolePolicy":{ "CreateDate":"2018-08-24T21:05:47+00:00", @@ -63177,13 +88538,14 @@ aws_managed_policies_data = """ }, "WellArchitectedConsoleReadOnlyAccess":{ "CreateDate":"2018-11-29T18:21:08+00:00", - "DefaultVersionId":"v1", + "DefaultVersionId":"v2", "Document":{ "Statement":[ { "Action":[ "wellarchitected:Get*", - "wellarchitected:List*" + "wellarchitected:List*", + "wellarchitected:ExportLens" ], "Effect":"Allow", "Resource":"*" @@ -63193,7 +88555,7 @@ aws_managed_policies_data = """ }, "Path":"/", "PermissionsBoundaryUsageCount":0, - "UpdateDate":"2018-11-29T18:21:08+00:00" + "UpdateDate":"2023-06-29T17:16:13+00:00" }, "WorkLinkServiceRolePolicy":{ "CreateDate":"2019-01-23T19:03:45+00:00",