diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8d31409f0..a1f98bfb8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,10 +3,196 @@ Moto Changelog
Unreleased
-----
- * Reduced dependency overhead.
- It is now possible to install dependencies for only specific services using:
- pip install moto[service1,service1].
- See the README for more information.
+
+
+2.0.0
+----
+Full list of PRs merged in this release:
+https://github.com/spulec/moto/pulls?q=is%3Apr+is%3Aclosed+merged%3A2020-09-07..2021-02-23
+
+ General Changes:
+ * When installing, it is now required to specify the service you want to use:
+ pip install moto[service1,service2]
+ pip install moto[all]
+
+ This will ensure that only the required dependencies are downloaded.
+ See the README for more information.
+
+ * Moved CI to Github Actions
+
+ * Moto no longer hogs the _default_mock from responses
+
+ * Internal testing is now executed using Pytest (instead of Nose)
+
+ * CORS is now enabled when running MotoServer
+
+ * AWS Lambda and Batch now support Podman as an alternative to Docker
+
+ New Services:
+ * Forecast
+ * MediaLive
+ * Support
+ * Transcribe
+
+ New Methods:
+ * Application Autoscaling
+ * delete_scaling_policy
+ * deregister_scalable_target
+ * describe_scaling_policies
+ * put_scaling_policy
+ * Batch
+ * batch_update_partition
+ * Cognito IDP
+ * admin_set_user_password
+ * EC2
+ * create_flow_logs
+ * delete_flow_logs
+ * describe_flow_logs
+ * describe_instance_type_offerings
+ * describe_vpc_endpoints
+ * EMR
+ * create_security_configuration
+ * delete_security_configuration
+ * get_security_configuration
+ * modify_cluster
+ * put_autoscaling_policy
+ * remove_auto_scaling_policy
+ * Events
+ * create_archive
+ * delete_archive
+ * describe_archive
+ * list_archives
+ * update_archive
+ * Lambda
+ * get_function_configuration
+ * get_layer_version
+ * list_layers
+ * publish_layer_version
+ * IAM
+ * associate_iam_instance_profile
+ * delete_role_permissions_boundary
+ * describe_iam_instance_profile_associations
+ * disassociate_iam_instance_profile
+ * put_role_permissions_boundary
+ * replace_iam_instance_profile_association
+ * set_default_policy_version
+ * tag_user
+ * untag_user
+ * IOT
+ * create_topic_rule
+ * delete_topic_rule
+ * disable_topic_rule
+ * enable_topic_rule
+ * get_topic_rule
+ * list_topic_rules
+ * replace_topic_rule
+ * Redshift
+ * get_cluster_credentials
+ * Route53
+ * get_change (dummy)
+ * SageMaker
+ * create_notebook_instance_lifecycle_config
+ * delete_notebook_instance_lifecycle_config
+ * describe_notebook_instance_lifecycle_config
+ * Secrets Manager
+ * tag_resource
+ * SES
+ * test_render_template
+ * update_template
+ * Step Functions
+ * get_execution_history
+ * tag_resource
+ * untag_resource
+ * update_state_machine
+
+ General Changes:
+ * ACM - import_certificate() now supports the Tags-parameter
+ * ACM - request_certificate() now supports the Tags-parameter
+ * CF - SSHIngressRule now supports CidrIp and Description
+ * CF - Now fully supports:
+ AWS::StepFunctions::StateMachine
+ * CF - Now supports creation of:
+ AWS::ApiGateway::Deployment
+ AWS::ApiGateway::Method
+ AWS::ApiGateway::Resource
+ AWS::ApiGateway::RestApi
+ AWS::Lambda::Permission
+ * CF - Now supports S3 outputs: Arn, DomainName, DualStackDomainName, RegionalDomainName, WebsiteURL
+ * CloudWatch - list_metrics() no longer returns duplicate entries
+ * CloudWatch - put_metric_alarm() now supports the Metrics and DatapointsToAlarm parameters
+ * Config - Now supports IAM (Role, Policy)
+ * Cognito - admin_initiate_auth() now supports the ADMIN_USER_PASSWORD_AUTH-flow
+ * CognitoIDP - list_users() now supports spaces in the Filter-parameter
+ * DynamoDB - GSI's now support the ProjectionType=INCLUDE parameter
+ * DynamoDB - put_item() now supports empty values (in non-key attributes)
+ * DynamoDB - update_item() now supports the ADD operation to a list (using the AttributeUpdates-parameter)
+ * DynamoDB - update_item() now supports the PUT operation to a StringSet (using the AttributeUpdates-parameter)
+ * DynamoDB - update_item() now supports ReturnValues='UPDATED_NEW'
+ * DynamoDB - update_item() now defaults to PUT if the action is not supplied
+ * DynamoDB Streams - The event name for deletions has been corrected to REMOVE (was DELETE before)
+ * EB - create()/describe_applications() now return a properly formatted ARN (that contains the application-name)
+ * EC2 - copy_snapshot() now supports the TagSpecifications-parameter
+ * EC2 - create_image() now supports the TagSpecifications-parameter
+ * EC2 - create_internet_gateway() now supports the TagSpecifications-parameter
+ * EC2 - create_nat_gateway() now supports the TagSpecification-parameter
+ * EC2 - create_network_acl() now supports the TagSpecification-parameter
+ * EC2 - create_route_table() now supports the TagSpecifications-parameter
+ * EC2 - create_subnet() now supports the TagSpecifications-parameter
+ * EC2 - create_subnet() now supports secondary CidrBlock-values
+ * EC2 - create_tags() now supports empty values
+ * EC2 - create_volume() now supports the KmsKeyId-parameter
+ * EC2 - create_vpc now supports the TagSpecifications-parameter
+ * EC2 - create_vpc_endpoint() now properly handles private_dns_enabled-parameter in CF/TF
+ * EC2 - create_vpn_endpoint() now supports the VpnGatewayId-parameter
+ * EC2 - describe_addresses() now returns Tags
+ * EC2 - describe_instances() now supports filtering by the subnet-id-attribute
+ * EC2 - describe_subnets() now supports filtering by the state-attribute
+ * ECR - list_images() now returns a proper value for the imageDigest-attribute
+ * ECS - the default cluster is now used in a variety of methods, if the Cluster-parameter is not supplied
+ * ECS - create_service() now supports the launchType-parameter
+ * ECS - delete_service() now supports the force-parameter
+ * ECS - describe_container_instances() now returns the registeredAt-attribute
+ * ECS - list_tasks now supports the filters family/service_name/desired_status
+ * ECS - register_scalable_target() now supports updates
+ * ECS - register_task_definition() now returns some attributes that were missing before
+ * ECS - run_task() now supports the tags-parameter
+ * EMR - ReleaseLabel now respects semantic versioning
+ * Events - Now supports the Go SDK
+ * Events - list_rules() now returns the EventBusName-parameter
+ * Events - put_events() now has basic input validation
+ * Glue - create_database() now returns some attributes that were missing before
+ * IAM - create_user() now returns the Tags-attribute
+ * IAM - list_roles() now supports the parameters PathPrefix/Marker/MaxItems
+ * IOT - delete_thing_group() is now idempotent
+ * Lambda - update_function_configuration() now supports the VpcConfig-parameter
+ * RDS - create_db_parameter_group() now returns the DBParameterGroupArn-attribute
+ * RDS - describe_db_instances() now returns the TagList-attribute
+ * RDS - describe_db_instances() now supports the filters-parameter
+ * RDS - describe_db_snapshots() now supports the filters-parameter
+ * Redshift - modify_cluster() now checks for invalid ClusterType/NumberOfNodes combinations
+ * ResourceGroupTagging: Now supports EC2 VPC resources
+ * ResourceGroupTagging: Now supports RDS DBInstance, DBSnapshot resources
+ * ResourceGroupTagging - get_resources() has improved support for the TagFilters-parameter
+ * S3 - copy_object() now supports copying deleted and subsequently restored objects with storage class Glacier
+ * S3 - get_object() now throws the correct error for an unknown VersionId
+ * S3 - get_object() now supports an empty Range-parameter
+ * S3 - get_object() now returns headers that were missing in some cases (ContentLength/ActualObjectSize/RangeRequested)
+ * S3 - put_object/get_object now support the ServerSideEncryption/SSEKMSKeyId/BucketKeyEnabled parameters
+ * S3 - list_object_versions now returns the object in the correct sort order (last modified time)
+ * SecretsManager - describe_secret() now returns a persistent ARN
+ * SecretsManager - get_secret_value() now requires a version to exist
+ * SecretsManager - put_secret_value() now requires a secret to exist
+ * SES - get-template() now returns the HtmlPart-attribute
+ * SNS - Support KmsMasterKeyId-attribute
+ * SNS - create_topic() no longer throws an error when creating a FIFO queue
+ * SNS - delete_topic() now also deletes the corresponding subscriptions
+ * SNS - delete_topic() now raises an appropriate exception if the supplied topic not exists
+ * Step Functions - list_executions() now supports filtering and pagination
+ * SQS - The MD5OfMessageAttributes is now computed correctly
+ * SQS - a message in the DLQ now no longer blocks other messages with that MessageGroupId
+ * SQS - create_queue() now supports the MaximumMessageSize-attribute
+ * SQS - receive_message() now supports MessageAttributeNames=["All"]
+ * SQS - send_message() now deduplicates properly using the MessageDeduplicationId
diff --git a/IMPLEMENTATION_COVERAGE.md b/IMPLEMENTATION_COVERAGE.md
index fc9454664..93db3f403 100644
--- a/IMPLEMENTATION_COVERAGE.md
+++ b/IMPLEMENTATION_COVERAGE.md
@@ -3,6 +3,7 @@
0% implemented
+- [ ] apply_archive_rule
- [ ] create_analyzer
- [ ] create_archive_rule
- [ ] delete_analyzer
@@ -170,6 +171,17 @@
- [ ] update_skill_group
+## amp
+
+0% implemented
+
+- [ ] create_workspace
+- [ ] delete_workspace
+- [ ] describe_workspace
+- [ ] list_workspaces
+- [ ] update_workspace_alias
+
+
## amplify
0% implemented
@@ -213,6 +225,36 @@
- [ ] update_webhook
+## amplifybackend
+
+0% implemented
+
+- [ ] clone_backend
+- [ ] create_backend
+- [ ] create_backend_api
+- [ ] create_backend_auth
+- [ ] create_backend_config
+- [ ] create_token
+- [ ] delete_backend
+- [ ] delete_backend_api
+- [ ] delete_backend_auth
+- [ ] delete_token
+- [ ] generate_backend_api_models
+- [ ] get_backend
+- [ ] get_backend_api
+- [ ] get_backend_api_models
+- [ ] get_backend_auth
+- [ ] get_backend_job
+- [ ] get_token
+- [ ] list_backend_jobs
+- [ ] remove_all_backends
+- [ ] remove_backend_config
+- [ ] update_backend_api
+- [ ] update_backend_auth
+- [ ] update_backend_config
+- [ ] update_backend_job
+
+
## apigateway
34% implemented
@@ -409,6 +451,7 @@
- [ ] get_vpc_links
- [ ] import_api
- [ ] reimport_api
+- [ ] reset_authorizers_cache
- [ ] tag_resource
- [ ] untag_resource
- [ ] update_api
@@ -488,6 +531,21 @@
- [ ] update_flow
+## appintegrations
+
+0% implemented
+
+- [ ] create_event_integration
+- [ ] delete_event_integration
+- [ ] get_event_integration
+- [ ] list_event_integration_associations
+- [ ] list_event_integrations
+- [ ] list_tags_for_resource
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_event_integration
+
+
## application-autoscaling
60% implemented
@@ -715,6 +773,63 @@
- [ ] update_work_group
+## auditmanager
+
+0% implemented
+
+- [ ] associate_assessment_report_evidence_folder
+- [ ] batch_associate_assessment_report_evidence
+- [ ] batch_create_delegation_by_assessment
+- [ ] batch_delete_delegation_by_assessment
+- [ ] batch_disassociate_assessment_report_evidence
+- [ ] batch_import_evidence_to_assessment_control
+- [ ] create_assessment
+- [ ] create_assessment_framework
+- [ ] create_assessment_report
+- [ ] create_control
+- [ ] delete_assessment
+- [ ] delete_assessment_framework
+- [ ] delete_assessment_report
+- [ ] delete_control
+- [ ] deregister_account
+- [ ] deregister_organization_admin_account
+- [ ] disassociate_assessment_report_evidence_folder
+- [ ] get_account_status
+- [ ] get_assessment
+- [ ] get_assessment_framework
+- [ ] get_assessment_report_url
+- [ ] get_change_logs
+- [ ] get_control
+- [ ] get_delegations
+- [ ] get_evidence
+- [ ] get_evidence_by_evidence_folder
+- [ ] get_evidence_folder
+- [ ] get_evidence_folders_by_assessment
+- [ ] get_evidence_folders_by_assessment_control
+- [ ] get_organization_admin_account
+- [ ] get_services_in_scope
+- [ ] get_settings
+- [ ] list_assessment_frameworks
+- [ ] list_assessment_reports
+- [ ] list_assessments
+- [ ] list_controls
+- [ ] list_keywords_for_data_source
+- [ ] list_notifications
+- [ ] list_tags_for_resource
+- [ ] register_account
+- [ ] register_organization_admin_account
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_assessment
+- [ ] update_assessment_control
+- [ ] update_assessment_control_set_status
+- [ ] update_assessment_framework
+- [ ] update_assessment_status
+- [ ] update_control
+- [ ] update_settings
+- [ ] validate_assessment_report_integrity
+
+
## autoscaling
42% implemented
@@ -806,6 +921,7 @@
- [ ] describe_backup_job
- [ ] describe_backup_vault
- [ ] describe_copy_job
+- [ ] describe_global_settings
- [ ] describe_protected_resource
- [ ] describe_recovery_point
- [ ] describe_region_settings
@@ -840,13 +956,14 @@
- [ ] tag_resource
- [ ] untag_resource
- [ ] update_backup_plan
+- [ ] update_global_settings
- [ ] update_recovery_point_lifecycle
- [ ] update_region_settings
## batch
-93% implemented
+78% implemented
- [ ] cancel_job
- [X] create_compute_environment
@@ -859,9 +976,12 @@
- [X] describe_job_queues
- [X] describe_jobs
- [X] list_jobs
+- [ ] list_tags_for_resource
- [X] register_job_definition
- [X] submit_job
+- [ ] tag_resource
- [X] terminate_job
+- [ ] untag_resource
- [X] update_compute_environment
- [X] update_job_queue
@@ -874,8 +994,11 @@
- [ ] create_quantum_task
- [ ] get_device
- [ ] get_quantum_task
+- [ ] list_tags_for_resource
- [ ] search_devices
- [ ] search_quantum_tasks
+- [ ] tag_resource
+- [ ] untag_resource
## budgets
@@ -883,17 +1006,25 @@
0% implemented
- [ ] create_budget
+- [ ] create_budget_action
- [ ] create_notification
- [ ] create_subscriber
- [ ] delete_budget
+- [ ] delete_budget_action
- [ ] delete_notification
- [ ] delete_subscriber
- [ ] describe_budget
+- [ ] describe_budget_action
+- [ ] describe_budget_action_histories
+- [ ] describe_budget_actions_for_account
+- [ ] describe_budget_actions_for_budget
- [ ] describe_budget_performance_history
- [ ] describe_budgets
- [ ] describe_notifications_for_budget
- [ ] describe_subscribers_for_notification
+- [ ] execute_budget_action
- [ ] update_budget
+- [ ] update_budget_action
- [ ] update_notification
- [ ] update_subscriber
@@ -902,9 +1033,16 @@
0% implemented
+- [ ] create_anomaly_monitor
+- [ ] create_anomaly_subscription
- [ ] create_cost_category_definition
+- [ ] delete_anomaly_monitor
+- [ ] delete_anomaly_subscription
- [ ] delete_cost_category_definition
- [ ] describe_cost_category_definition
+- [ ] get_anomalies
+- [ ] get_anomaly_monitors
+- [ ] get_anomaly_subscriptions
- [ ] get_cost_and_usage
- [ ] get_cost_and_usage_with_resources
- [ ] get_cost_forecast
@@ -920,6 +1058,9 @@
- [ ] get_tags
- [ ] get_usage_forecast
- [ ] list_cost_category_definitions
+- [ ] provide_anomaly_feedback
+- [ ] update_anomaly_monitor
+- [ ] update_anomaly_subscription
- [ ] update_cost_category_definition
@@ -939,25 +1080,47 @@
- [ ] batch_update_phone_number
- [ ] batch_update_user
- [ ] create_account
+- [ ] create_app_instance
+- [ ] create_app_instance_admin
+- [ ] create_app_instance_user
- [ ] create_attendee
- [ ] create_bot
+- [ ] create_channel
+- [ ] create_channel_ban
+- [ ] create_channel_membership
+- [ ] create_channel_moderator
- [ ] create_meeting
+- [ ] create_meeting_dial_out
- [ ] create_meeting_with_attendees
- [ ] create_phone_number_order
- [ ] create_proxy_session
- [ ] create_room
- [ ] create_room_membership
+- [ ] create_sip_media_application
+- [ ] create_sip_media_application_call
+- [ ] create_sip_rule
- [ ] create_user
- [ ] create_voice_connector
- [ ] create_voice_connector_group
- [ ] delete_account
+- [ ] delete_app_instance
+- [ ] delete_app_instance_admin
+- [ ] delete_app_instance_streaming_configurations
+- [ ] delete_app_instance_user
- [ ] delete_attendee
+- [ ] delete_channel
+- [ ] delete_channel_ban
+- [ ] delete_channel_membership
+- [ ] delete_channel_message
+- [ ] delete_channel_moderator
- [ ] delete_events_configuration
- [ ] delete_meeting
- [ ] delete_phone_number
- [ ] delete_proxy_session
- [ ] delete_room
- [ ] delete_room_membership
+- [ ] delete_sip_media_application
+- [ ] delete_sip_rule
- [ ] delete_voice_connector
- [ ] delete_voice_connector_emergency_calling_configuration
- [ ] delete_voice_connector_group
@@ -966,23 +1129,39 @@
- [ ] delete_voice_connector_streaming_configuration
- [ ] delete_voice_connector_termination
- [ ] delete_voice_connector_termination_credentials
+- [ ] describe_app_instance
+- [ ] describe_app_instance_admin
+- [ ] describe_app_instance_user
+- [ ] describe_channel
+- [ ] describe_channel_ban
+- [ ] describe_channel_membership
+- [ ] describe_channel_membership_for_app_instance_user
+- [ ] describe_channel_moderated_by_app_instance_user
+- [ ] describe_channel_moderator
- [ ] disassociate_phone_number_from_user
- [ ] disassociate_phone_numbers_from_voice_connector
- [ ] disassociate_phone_numbers_from_voice_connector_group
- [ ] disassociate_signin_delegate_groups_from_account
- [ ] get_account
- [ ] get_account_settings
+- [ ] get_app_instance_retention_settings
+- [ ] get_app_instance_streaming_configurations
- [ ] get_attendee
- [ ] get_bot
+- [ ] get_channel_message
- [ ] get_events_configuration
- [ ] get_global_settings
- [ ] get_meeting
+- [ ] get_messaging_session_endpoint
- [ ] get_phone_number
- [ ] get_phone_number_order
- [ ] get_phone_number_settings
- [ ] get_proxy_session
- [ ] get_retention_settings
- [ ] get_room
+- [ ] get_sip_media_application
+- [ ] get_sip_media_application_logging_configuration
+- [ ] get_sip_rule
- [ ] get_user
- [ ] get_user_settings
- [ ] get_voice_connector
@@ -996,9 +1175,19 @@
- [ ] get_voice_connector_termination_health
- [ ] invite_users
- [ ] list_accounts
+- [ ] list_app_instance_admins
+- [ ] list_app_instance_users
+- [ ] list_app_instances
- [ ] list_attendee_tags
- [ ] list_attendees
- [ ] list_bots
+- [ ] list_channel_bans
+- [ ] list_channel_memberships
+- [ ] list_channel_memberships_for_app_instance_user
+- [ ] list_channel_messages
+- [ ] list_channel_moderators
+- [ ] list_channels
+- [ ] list_channels_moderated_by_app_instance_user
- [ ] list_meeting_tags
- [ ] list_meetings
- [ ] list_phone_number_orders
@@ -1006,14 +1195,19 @@
- [ ] list_proxy_sessions
- [ ] list_room_memberships
- [ ] list_rooms
+- [ ] list_sip_media_applications
+- [ ] list_sip_rules
- [ ] list_tags_for_resource
- [ ] list_users
- [ ] list_voice_connector_groups
- [ ] list_voice_connector_termination_credentials
- [ ] list_voice_connectors
- [ ] logout_user
+- [ ] put_app_instance_retention_settings
+- [ ] put_app_instance_streaming_configurations
- [ ] put_events_configuration
- [ ] put_retention_settings
+- [ ] put_sip_media_application_logging_configuration
- [ ] put_voice_connector_emergency_calling_configuration
- [ ] put_voice_connector_logging_configuration
- [ ] put_voice_connector_origination
@@ -1021,12 +1215,14 @@
- [ ] put_voice_connector_streaming_configuration
- [ ] put_voice_connector_termination
- [ ] put_voice_connector_termination_credentials
+- [ ] redact_channel_message
- [ ] redact_conversation_message
- [ ] redact_room_message
- [ ] regenerate_security_token
- [ ] reset_personal_pin
- [ ] restore_phone_number
- [ ] search_available_phone_numbers
+- [ ] send_channel_message
- [ ] tag_attendee
- [ ] tag_meeting
- [ ] tag_resource
@@ -1035,13 +1231,20 @@
- [ ] untag_resource
- [ ] update_account
- [ ] update_account_settings
+- [ ] update_app_instance
+- [ ] update_app_instance_user
- [ ] update_bot
+- [ ] update_channel
+- [ ] update_channel_message
+- [ ] update_channel_read_marker
- [ ] update_global_settings
- [ ] update_phone_number
- [ ] update_phone_number_settings
- [ ] update_proxy_session
- [ ] update_room
- [ ] update_room_membership
+- [ ] update_sip_media_application
+- [ ] update_sip_rule
- [ ] update_user
- [ ] update_user_settings
- [ ] update_voice_connector
@@ -1211,6 +1414,7 @@
- [ ] create_field_level_encryption_config
- [ ] create_field_level_encryption_profile
- [ ] create_invalidation
+- [ ] create_key_group
- [ ] create_monitoring_subscription
- [ ] create_origin_request_policy
- [ ] create_public_key
@@ -1222,6 +1426,7 @@
- [ ] delete_distribution
- [ ] delete_field_level_encryption_config
- [ ] delete_field_level_encryption_profile
+- [ ] delete_key_group
- [ ] delete_monitoring_subscription
- [ ] delete_origin_request_policy
- [ ] delete_public_key
@@ -1238,6 +1443,8 @@
- [ ] get_field_level_encryption_profile
- [ ] get_field_level_encryption_profile_config
- [ ] get_invalidation
+- [ ] get_key_group
+- [ ] get_key_group_config
- [ ] get_monitoring_subscription
- [ ] get_origin_request_policy
- [ ] get_origin_request_policy_config
@@ -1250,12 +1457,14 @@
- [ ] list_cloud_front_origin_access_identities
- [ ] list_distributions
- [ ] list_distributions_by_cache_policy_id
+- [ ] list_distributions_by_key_group
- [ ] list_distributions_by_origin_request_policy_id
- [ ] list_distributions_by_realtime_log_config
- [ ] list_distributions_by_web_acl_id
- [ ] list_field_level_encryption_configs
- [ ] list_field_level_encryption_profiles
- [ ] list_invalidations
+- [ ] list_key_groups
- [ ] list_origin_request_policies
- [ ] list_public_keys
- [ ] list_realtime_log_configs
@@ -1268,6 +1477,7 @@
- [ ] update_distribution
- [ ] update_field_level_encryption_config
- [ ] update_field_level_encryption_profile
+- [ ] update_key_group
- [ ] update_origin_request_policy
- [ ] update_public_key
- [ ] update_realtime_log_config
@@ -1314,6 +1524,8 @@
- [ ] describe_clusters
- [ ] initialize_cluster
- [ ] list_tags
+- [ ] modify_backup_attributes
+- [ ] modify_cluster
- [ ] restore_backup
- [ ] tag_resource
- [ ] untag_resource
@@ -1451,8 +1663,11 @@
- [ ] list_packages
- [ ] list_repositories
- [ ] list_repositories_in_domain
+- [ ] list_tags_for_resource
- [ ] put_domain_permissions_policy
- [ ] put_repository_permissions_policy
+- [ ] tag_resource
+- [ ] untag_resource
- [ ] update_package_versions_status
- [ ] update_repository
@@ -1479,6 +1694,7 @@
- [ ] delete_webhook
- [ ] describe_code_coverages
- [ ] describe_test_cases
+- [ ] get_report_group_trend
- [ ] get_resource_policy
- [ ] import_source_credentials
- [ ] invalidate_project_cache
@@ -1656,7 +1872,10 @@
- [ ] list_recommendation_feedback
- [ ] list_recommendations
- [ ] list_repository_associations
+- [ ] list_tags_for_resource
- [ ] put_recommendation_feedback
+- [ ] tag_resource
+- [ ] untag_resource
## codeguruprofiler
@@ -1770,6 +1989,7 @@
- [ ] list_tags_for_resource
- [ ] tag_resource
- [ ] untag_resource
+- [ ] update_host
## codestar-notifications
@@ -1969,12 +2189,15 @@
- [ ] describe_endpoint
- [ ] describe_entities_detection_job
- [ ] describe_entity_recognizer
+- [ ] describe_events_detection_job
- [ ] describe_key_phrases_detection_job
+- [ ] describe_pii_entities_detection_job
- [ ] describe_sentiment_detection_job
- [ ] describe_topics_detection_job
- [ ] detect_dominant_language
- [ ] detect_entities
- [ ] detect_key_phrases
+- [ ] detect_pii_entities
- [ ] detect_sentiment
- [ ] detect_syntax
- [ ] list_document_classification_jobs
@@ -1983,19 +2206,25 @@
- [ ] list_endpoints
- [ ] list_entities_detection_jobs
- [ ] list_entity_recognizers
+- [ ] list_events_detection_jobs
- [ ] list_key_phrases_detection_jobs
+- [ ] list_pii_entities_detection_jobs
- [ ] list_sentiment_detection_jobs
- [ ] list_tags_for_resource
- [ ] list_topics_detection_jobs
- [ ] start_document_classification_job
- [ ] start_dominant_language_detection_job
- [ ] start_entities_detection_job
+- [ ] start_events_detection_job
- [ ] start_key_phrases_detection_job
+- [ ] start_pii_entities_detection_job
- [ ] start_sentiment_detection_job
- [ ] start_topics_detection_job
- [ ] stop_dominant_language_detection_job
- [ ] stop_entities_detection_job
+- [ ] stop_events_detection_job
- [ ] stop_key_phrases_detection_job
+- [ ] stop_pii_entities_detection_job
- [ ] stop_sentiment_detection_job
- [ ] stop_training_document_classifier
- [ ] stop_training_entity_recognizer
@@ -2039,16 +2268,18 @@
- [ ] export_auto_scaling_group_recommendations
- [ ] export_ec2_instance_recommendations
- [ ] get_auto_scaling_group_recommendations
+- [ ] get_ebs_volume_recommendations
- [ ] get_ec2_instance_recommendations
- [ ] get_ec2_recommendation_projected_metrics
- [ ] get_enrollment_status
+- [ ] get_lambda_function_recommendations
- [ ] get_recommendation_summaries
- [ ] update_enrollment_status
## config
-32% implemented
+30% implemented
- [X] batch_get_aggregate_resource_config
- [X] batch_get_resource_config
@@ -2066,6 +2297,7 @@
- [ ] delete_remediation_exceptions
- [ ] delete_resource_config
- [ ] delete_retention_configuration
+- [ ] delete_stored_query
- [ ] deliver_config_snapshot
- [ ] describe_aggregate_compliance_by_config_rules
- [X] describe_aggregation_authorizations
@@ -2105,8 +2337,10 @@
- [ ] get_organization_config_rule_detailed_status
- [X] get_organization_conformance_pack_detailed_status
- [X] get_resource_config_history
+- [ ] get_stored_query
- [X] list_aggregate_discovered_resources
- [X] list_discovered_resources
+- [ ] list_stored_queries
- [ ] list_tags_for_resource
- [X] put_aggregation_authorization
- [ ] put_config_rule
@@ -2115,12 +2349,14 @@
- [ ] put_conformance_pack
- [X] put_delivery_channel
- [X] put_evaluations
+- [ ] put_external_evaluation
- [ ] put_organization_config_rule
- [X] put_organization_conformance_pack
- [ ] put_remediation_configurations
- [ ] put_remediation_exceptions
- [ ] put_resource_config
- [ ] put_retention_configuration
+- [ ] put_stored_query
- [ ] select_aggregate_resource_config
- [ ] select_resource_config
- [ ] start_config_rules_evaluation
@@ -2135,50 +2371,115 @@
0% implemented
+- [ ] associate_approved_origin
+- [ ] associate_instance_storage_config
+- [ ] associate_lambda_function
+- [ ] associate_lex_bot
+- [ ] associate_routing_profile_queues
+- [ ] associate_security_key
+- [ ] create_contact_flow
+- [ ] create_instance
+- [ ] create_integration_association
+- [ ] create_quick_connect
+- [ ] create_routing_profile
+- [ ] create_use_case
- [ ] create_user
+- [ ] create_user_hierarchy_group
+- [ ] delete_instance
+- [ ] delete_integration_association
+- [ ] delete_quick_connect
+- [ ] delete_use_case
- [ ] delete_user
+- [ ] delete_user_hierarchy_group
+- [ ] describe_contact_flow
+- [ ] describe_instance
+- [ ] describe_instance_attribute
+- [ ] describe_instance_storage_config
+- [ ] describe_quick_connect
+- [ ] describe_routing_profile
- [ ] describe_user
- [ ] describe_user_hierarchy_group
- [ ] describe_user_hierarchy_structure
+- [ ] disassociate_approved_origin
+- [ ] disassociate_instance_storage_config
+- [ ] disassociate_lambda_function
+- [ ] disassociate_lex_bot
+- [ ] disassociate_routing_profile_queues
+- [ ] disassociate_security_key
- [ ] get_contact_attributes
- [ ] get_current_metric_data
- [ ] get_federation_token
- [ ] get_metric_data
+- [ ] list_approved_origins
- [ ] list_contact_flows
- [ ] list_hours_of_operations
+- [ ] list_instance_attributes
+- [ ] list_instance_storage_configs
+- [ ] list_instances
+- [ ] list_integration_associations
+- [ ] list_lambda_functions
+- [ ] list_lex_bots
- [ ] list_phone_numbers
+- [ ] list_prompts
- [ ] list_queues
+- [ ] list_quick_connects
+- [ ] list_routing_profile_queues
- [ ] list_routing_profiles
+- [ ] list_security_keys
- [ ] list_security_profiles
- [ ] list_tags_for_resource
+- [ ] list_use_cases
- [ ] list_user_hierarchy_groups
- [ ] list_users
- [ ] resume_contact_recording
- [ ] start_chat_contact
- [ ] start_contact_recording
- [ ] start_outbound_voice_contact
+- [ ] start_task_contact
- [ ] stop_contact
- [ ] stop_contact_recording
- [ ] suspend_contact_recording
- [ ] tag_resource
- [ ] untag_resource
- [ ] update_contact_attributes
+- [ ] update_contact_flow_content
+- [ ] update_contact_flow_name
+- [ ] update_instance_attribute
+- [ ] update_instance_storage_config
+- [ ] update_quick_connect_config
+- [ ] update_quick_connect_name
+- [ ] update_routing_profile_concurrency
+- [ ] update_routing_profile_default_outbound_queue
+- [ ] update_routing_profile_name
+- [ ] update_routing_profile_queues
- [ ] update_user_hierarchy
+- [ ] update_user_hierarchy_group_name
+- [ ] update_user_hierarchy_structure
- [ ] update_user_identity_info
- [ ] update_user_phone_config
- [ ] update_user_routing_profile
- [ ] update_user_security_profiles
+## connect-contact-lens
+
+0% implemented
+
+- [ ] list_realtime_contact_analysis_segments
+
+
## connectparticipant
0% implemented
+- [ ] complete_attachment_upload
- [ ] create_participant_connection
- [ ] disconnect_participant
+- [ ] get_attachment
- [ ] get_transcript
- [ ] send_event
- [ ] send_message
+- [ ] start_attachment_upload
## cur
@@ -2191,6 +2492,84 @@
- [ ] put_report_definition
+## customer-profiles
+
+0% implemented
+
+- [ ] add_profile_key
+- [ ] create_domain
+- [ ] create_profile
+- [ ] delete_domain
+- [ ] delete_integration
+- [ ] delete_profile
+- [ ] delete_profile_key
+- [ ] delete_profile_object
+- [ ] delete_profile_object_type
+- [ ] get_domain
+- [ ] get_integration
+- [ ] get_profile_object_type
+- [ ] get_profile_object_type_template
+- [ ] list_account_integrations
+- [ ] list_domains
+- [ ] list_integrations
+- [ ] list_profile_object_type_templates
+- [ ] list_profile_object_types
+- [ ] list_profile_objects
+- [ ] list_tags_for_resource
+- [ ] put_integration
+- [ ] put_profile_object
+- [ ] put_profile_object_type
+- [ ] search_profiles
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_domain
+- [ ] update_profile
+
+
+## databrew
+
+0% implemented
+
+- [ ] batch_delete_recipe_version
+- [ ] create_dataset
+- [ ] create_profile_job
+- [ ] create_project
+- [ ] create_recipe
+- [ ] create_recipe_job
+- [ ] create_schedule
+- [ ] delete_dataset
+- [ ] delete_job
+- [ ] delete_project
+- [ ] delete_recipe_version
+- [ ] delete_schedule
+- [ ] describe_dataset
+- [ ] describe_job
+- [ ] describe_project
+- [ ] describe_recipe
+- [ ] describe_schedule
+- [ ] list_datasets
+- [ ] list_job_runs
+- [ ] list_jobs
+- [ ] list_projects
+- [ ] list_recipe_versions
+- [ ] list_recipes
+- [ ] list_schedules
+- [ ] list_tags_for_resource
+- [ ] publish_recipe
+- [ ] send_project_session_action
+- [ ] start_job_run
+- [ ] start_project_session
+- [ ] stop_job_run
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_dataset
+- [ ] update_profile_job
+- [ ] update_project
+- [ ] update_recipe
+- [ ] update_recipe_job
+- [ ] update_schedule
+
+
## dataexchange
0% implemented
@@ -2246,7 +2625,7 @@
## datasync
-19% implemented
+18% implemented
- [X] cancel_task_execution
- [ ] create_agent
@@ -2279,6 +2658,7 @@
- [ ] untag_resource
- [ ] update_agent
- [X] update_task
+- [ ] update_task_execution
## dax
@@ -2409,6 +2789,30 @@
- [ ] update_vpce_configuration
+## devops-guru
+
+0% implemented
+
+- [ ] add_notification_channel
+- [ ] describe_account_health
+- [ ] describe_account_overview
+- [ ] describe_anomaly
+- [ ] describe_insight
+- [ ] describe_resource_collection_health
+- [ ] describe_service_integration
+- [ ] get_resource_collection
+- [ ] list_anomalies_for_insight
+- [ ] list_events
+- [ ] list_insights
+- [ ] list_notification_channels
+- [ ] list_recommendations
+- [ ] put_feedback
+- [ ] remove_notification_channel
+- [ ] search_insights
+- [ ] update_resource_collection
+- [ ] update_service_integration
+
+
## directconnect
0% implemented
@@ -2564,6 +2968,7 @@
- [ ] modify_replication_instance
- [ ] modify_replication_subnet_group
- [ ] modify_replication_task
+- [ ] move_replication_task
- [ ] reboot_replication_instance
- [ ] refresh_schemas
- [ ] reload_tables
@@ -2629,6 +3034,7 @@
- [ ] accept_shared_directory
- [ ] add_ip_routes
+- [ ] add_region
- [ ] add_tags_to_resource
- [ ] cancel_schema_extension
- [ ] connect_directory
@@ -2653,12 +3059,15 @@
- [ ] describe_domain_controllers
- [ ] describe_event_topics
- [ ] describe_ldaps_settings
+- [ ] describe_regions
- [ ] describe_shared_directories
- [ ] describe_snapshots
- [ ] describe_trusts
+- [ ] disable_client_authentication
- [ ] disable_ldaps
- [ ] disable_radius
- [ ] disable_sso
+- [ ] enable_client_authentication
- [ ] enable_ldaps
- [ ] enable_radius
- [ ] enable_sso
@@ -2673,6 +3082,7 @@
- [ ] register_event_topic
- [ ] reject_shared_directory
- [ ] remove_ip_routes
+- [ ] remove_region
- [ ] remove_tags_from_resource
- [ ] reset_user_password
- [ ] restore_from_snapshot
@@ -2688,8 +3098,9 @@
## dynamodb
-53% implemented
+44% implemented
+- [ ] batch_execute_statement
- [X] batch_get_item
- [X] batch_write_item
- [ ] create_backup
@@ -2702,15 +3113,23 @@
- [X] describe_continuous_backups
- [ ] describe_contributor_insights
- [ ] describe_endpoints
+- [ ] describe_export
- [ ] describe_global_table
- [ ] describe_global_table_settings
+- [ ] describe_kinesis_streaming_destination
- [ ] describe_limits
- [X] describe_table
- [ ] describe_table_replica_auto_scaling
- [X] describe_time_to_live
+- [ ] disable_kinesis_streaming_destination
+- [ ] enable_kinesis_streaming_destination
+- [ ] execute_statement
+- [ ] execute_transaction
+- [ ] export_table_to_point_in_time
- [X] get_item
- [ ] list_backups
- [ ] list_contributor_insights
+- [ ] list_exports
- [ ] list_global_tables
- [X] list_tables
- [X] list_tags_of_resource
@@ -2757,9 +3176,10 @@
## ec2
-28% implemented
+27% implemented
- [ ] accept_reserved_instances_exchange_quote
+- [ ] accept_transit_gateway_multicast_domain_associations
- [ ] accept_transit_gateway_peering_attachment
- [ ] accept_transit_gateway_vpc_attachment
- [ ] accept_vpc_endpoint_connections
@@ -2773,6 +3193,7 @@
- [X] associate_address
- [ ] associate_client_vpn_target_network
- [X] associate_dhcp_options
+- [ ] associate_enclave_certificate_iam_role
- [X] associate_iam_instance_profile
- [X] associate_route_table
- [ ] associate_subnet_cidr_block
@@ -2824,6 +3245,7 @@
- [X] create_nat_gateway
- [X] create_network_acl
- [X] create_network_acl_entry
+- [ ] create_network_insights_path
- [X] create_network_interface
- [ ] create_network_interface_permission
- [ ] create_placement_group
@@ -2841,6 +3263,8 @@
- [ ] create_traffic_mirror_session
- [ ] create_traffic_mirror_target
- [ ] create_transit_gateway
+- [ ] create_transit_gateway_connect
+- [ ] create_transit_gateway_connect_peer
- [ ] create_transit_gateway_multicast_domain
- [ ] create_transit_gateway_peering_attachment
- [ ] create_transit_gateway_prefix_list_reference
@@ -2875,6 +3299,8 @@
- [X] delete_nat_gateway
- [X] delete_network_acl
- [X] delete_network_acl_entry
+- [ ] delete_network_insights_analysis
+- [ ] delete_network_insights_path
- [X] delete_network_interface
- [ ] delete_network_interface_permission
- [ ] delete_placement_group
@@ -2891,6 +3317,8 @@
- [ ] delete_traffic_mirror_session
- [ ] delete_traffic_mirror_target
- [ ] delete_transit_gateway
+- [ ] delete_transit_gateway_connect
+- [ ] delete_transit_gateway_connect_peer
- [ ] delete_transit_gateway_multicast_domain
- [ ] delete_transit_gateway_peering_attachment
- [ ] delete_transit_gateway_prefix_list_reference
@@ -2972,6 +3400,8 @@
- [ ] describe_moving_addresses
- [ ] describe_nat_gateways
- [X] describe_network_acls
+- [ ] describe_network_insights_analyses
+- [ ] describe_network_insights_paths
- [ ] describe_network_interface_attribute
- [ ] describe_network_interface_permissions
- [X] describe_network_interfaces
@@ -3004,6 +3434,8 @@
- [ ] describe_traffic_mirror_sessions
- [ ] describe_traffic_mirror_targets
- [ ] describe_transit_gateway_attachments
+- [ ] describe_transit_gateway_connect_peers
+- [ ] describe_transit_gateway_connects
- [ ] describe_transit_gateway_multicast_domains
- [ ] describe_transit_gateway_peering_attachments
- [ ] describe_transit_gateway_route_tables
@@ -3039,6 +3471,7 @@
- [X] disable_vpc_classic_link_dns_support
- [X] disassociate_address
- [ ] disassociate_client_vpn_target_network
+- [ ] disassociate_enclave_certificate_iam_role
- [X] disassociate_iam_instance_profile
- [X] disassociate_route_table
- [ ] disassociate_subnet_cidr_block
@@ -3056,6 +3489,7 @@
- [ ] export_client_vpn_client_configuration
- [ ] export_image
- [ ] export_transit_gateway_routes
+- [ ] get_associated_enclave_certificate_iam_roles
- [ ] get_associated_ipv6_pool_cidrs
- [ ] get_capacity_reservation_usage
- [ ] get_coip_pool_usage
@@ -3136,6 +3570,7 @@
- [ ] register_instance_event_notification_attributes
- [ ] register_transit_gateway_multicast_group_members
- [ ] register_transit_gateway_multicast_group_sources
+- [ ] reject_transit_gateway_multicast_domain_associations
- [ ] reject_transit_gateway_peering_attachment
- [ ] reject_transit_gateway_vpc_attachment
- [ ] reject_vpc_endpoint_connections
@@ -3169,6 +3604,7 @@
- [ ] search_transit_gateway_routes
- [ ] send_diagnostic_interrupt
- [X] start_instances
+- [ ] start_network_insights_analysis
- [ ] start_vpc_endpoint_service_private_dns_verification
- [X] stop_instances
- [ ] terminate_client_vpn_connections
@@ -3190,7 +3626,7 @@
## ecr
-27% implemented
+23% implemented
- [ ] batch_check_layer_availability
- [X] batch_delete_image
@@ -3198,15 +3634,18 @@
- [ ] complete_layer_upload
- [X] create_repository
- [ ] delete_lifecycle_policy
+- [ ] delete_registry_policy
- [X] delete_repository
- [ ] delete_repository_policy
- [ ] describe_image_scan_findings
- [X] describe_images
+- [ ] describe_registry
- [X] describe_repositories
- [ ] get_authorization_token
- [ ] get_download_url_for_layer
- [ ] get_lifecycle_policy
- [ ] get_lifecycle_policy_preview
+- [ ] get_registry_policy
- [ ] get_repository_policy
- [ ] initiate_layer_upload
- [X] list_images
@@ -3215,6 +3654,8 @@
- [ ] put_image_scanning_configuration
- [ ] put_image_tag_mutability
- [ ] put_lifecycle_policy
+- [ ] put_registry_policy
+- [ ] put_replication_configuration
- [ ] set_repository_policy
- [ ] start_image_scan
- [ ] start_lifecycle_policy_preview
@@ -3223,9 +3664,35 @@
- [ ] upload_layer_part
+## ecr-public
+
+0% implemented
+
+- [ ] batch_check_layer_availability
+- [ ] batch_delete_image
+- [ ] complete_layer_upload
+- [ ] create_repository
+- [ ] delete_repository
+- [ ] delete_repository_policy
+- [ ] describe_image_tags
+- [ ] describe_images
+- [ ] describe_registries
+- [ ] describe_repositories
+- [ ] get_authorization_token
+- [ ] get_registry_catalog_data
+- [ ] get_repository_catalog_data
+- [ ] get_repository_policy
+- [ ] initiate_layer_upload
+- [ ] put_image
+- [ ] put_registry_catalog_data
+- [ ] put_repository_catalog_data
+- [ ] set_repository_policy
+- [ ] upload_layer_part
+
+
## ecs
-71% implemented
+70% implemented
- [ ] create_capacity_provider
- [X] create_cluster
@@ -3270,6 +3737,7 @@
- [ ] submit_task_state_change
- [X] tag_resource
- [X] untag_resource
+- [ ] update_capacity_provider
- [ ] update_cluster_settings
- [ ] update_container_agent
- [X] update_container_instances_state
@@ -3313,16 +3781,21 @@
0% implemented
+- [ ] create_addon
- [ ] create_cluster
- [ ] create_fargate_profile
- [ ] create_nodegroup
+- [ ] delete_addon
- [ ] delete_cluster
- [ ] delete_fargate_profile
- [ ] delete_nodegroup
+- [ ] describe_addon
+- [ ] describe_addon_versions
- [ ] describe_cluster
- [ ] describe_fargate_profile
- [ ] describe_nodegroup
- [ ] describe_update
+- [ ] list_addons
- [ ] list_clusters
- [ ] list_fargate_profiles
- [ ] list_nodegroups
@@ -3330,6 +3803,7 @@
- [ ] list_updates
- [ ] tag_resource
- [ ] untag_resource
+- [ ] update_addon
- [ ] update_cluster_config
- [ ] update_cluster_version
- [ ] update_nodegroup_config
@@ -3365,6 +3839,8 @@
- [ ] create_global_replication_group
- [ ] create_replication_group
- [ ] create_snapshot
+- [ ] create_user
+- [ ] create_user_group
- [ ] decrease_node_groups_in_global_replication_group
- [ ] decrease_replica_count
- [ ] delete_cache_cluster
@@ -3374,6 +3850,8 @@
- [ ] delete_global_replication_group
- [ ] delete_replication_group
- [ ] delete_snapshot
+- [ ] delete_user
+- [ ] delete_user_group
- [ ] describe_cache_clusters
- [ ] describe_cache_engine_versions
- [ ] describe_cache_parameter_groups
@@ -3389,6 +3867,8 @@
- [ ] describe_service_updates
- [ ] describe_snapshots
- [ ] describe_update_actions
+- [ ] describe_user_groups
+- [ ] describe_users
- [ ] disassociate_global_replication_group
- [ ] failover_global_replication_group
- [ ] increase_node_groups_in_global_replication_group
@@ -3401,6 +3881,8 @@
- [ ] modify_global_replication_group
- [ ] modify_replication_group
- [ ] modify_replication_group_shard_configuration
+- [ ] modify_user
+- [ ] modify_user_group
- [ ] purchase_reserved_cache_nodes_offering
- [ ] rebalance_slots_in_global_replication_group
- [ ] reboot_cache_cluster
@@ -3564,7 +4046,7 @@
## emr
-54% implemented
+43% implemented
- [ ] add_instance_fleet
- [X] add_instance_groups
@@ -3572,14 +4054,20 @@
- [X] add_tags
- [ ] cancel_steps
- [X] create_security_configuration
+- [ ] create_studio
+- [ ] create_studio_session_mapping
- [X] delete_security_configuration
+- [ ] delete_studio
+- [ ] delete_studio_session_mapping
- [ ] describe_cluster
- [X] describe_job_flows
- [ ] describe_notebook_execution
- [ ] describe_security_configuration
- [X] describe_step
+- [ ] describe_studio
- [ ] get_block_public_access_configuration
- [ ] get_managed_scaling_policy
+- [ ] get_studio_session_mapping
- [X] list_bootstrap_actions
- [X] list_clusters
- [ ] list_instance_fleets
@@ -3588,6 +4076,8 @@
- [ ] list_notebook_executions
- [ ] list_security_configurations
- [X] list_steps
+- [ ] list_studio_session_mappings
+- [ ] list_studios
- [X] modify_cluster
- [ ] modify_instance_fleet
- [X] modify_instance_groups
@@ -3603,6 +4093,28 @@
- [ ] start_notebook_execution
- [ ] stop_notebook_execution
- [X] terminate_job_flows
+- [ ] update_studio_session_mapping
+
+
+## emr-containers
+
+0% implemented
+
+- [ ] cancel_job_run
+- [ ] create_managed_endpoint
+- [ ] create_virtual_cluster
+- [ ] delete_managed_endpoint
+- [ ] delete_virtual_cluster
+- [ ] describe_job_run
+- [ ] describe_managed_endpoint
+- [ ] describe_virtual_cluster
+- [ ] list_job_runs
+- [ ] list_managed_endpoints
+- [ ] list_tags_for_resource
+- [ ] list_virtual_clusters
+- [ ] start_job_run
+- [ ] tag_resource
+- [ ] untag_resource
## es
@@ -3632,6 +4144,7 @@
- [ ] describe_reserved_elasticsearch_instances
- [ ] dissociate_package
- [ ] get_compatible_elasticsearch_versions
+- [ ] get_package_version_history
- [ ] get_upgrade_history
- [ ] get_upgrade_status
- [ ] list_domain_names
@@ -3645,30 +4158,38 @@
- [ ] remove_tags
- [ ] start_elasticsearch_service_software_update
- [ ] update_elasticsearch_domain_config
+- [ ] update_package
- [ ] upgrade_elasticsearch_domain
## events
-67% implemented
+65% implemented
- [ ] activate_event_source
+- [ ] cancel_replay
+- [X] create_archive
- [X] create_event_bus
- [ ] create_partner_event_source
- [ ] deactivate_event_source
+- [X] delete_archive
- [X] delete_event_bus
- [ ] delete_partner_event_source
- [X] delete_rule
+- [X] describe_archive
- [X] describe_event_bus
- [ ] describe_event_source
- [ ] describe_partner_event_source
+- [ ] describe_replay
- [X] describe_rule
- [X] disable_rule
- [X] enable_rule
+- [X] list_archives
- [X] list_event_buses
- [ ] list_event_sources
- [ ] list_partner_event_source_accounts
- [ ] list_partner_event_sources
+- [ ] list_replays
- [X] list_rule_names_by_target
- [X] list_rules
- [X] list_tags_for_resource
@@ -3680,9 +4201,11 @@
- [X] put_targets
- [X] remove_permission
- [X] remove_targets
+- [ ] start_replay
- [X] tag_resource
- [X] test_event_pattern
- [X] untag_resource
+- [X] update_archive
## firehose
@@ -3737,7 +4260,7 @@
## forecast
-17% implemented
+15% implemented
- [ ] create_dataset
- [X] create_dataset_group
@@ -3745,24 +4268,28 @@
- [ ] create_forecast
- [ ] create_forecast_export_job
- [ ] create_predictor
+- [ ] create_predictor_backtest_export_job
- [ ] delete_dataset
- [X] delete_dataset_group
- [ ] delete_dataset_import_job
- [ ] delete_forecast
- [ ] delete_forecast_export_job
- [ ] delete_predictor
+- [ ] delete_predictor_backtest_export_job
- [ ] describe_dataset
- [X] describe_dataset_group
- [ ] describe_dataset_import_job
- [ ] describe_forecast
- [ ] describe_forecast_export_job
- [ ] describe_predictor
+- [ ] describe_predictor_backtest_export_job
- [ ] get_accuracy_metrics
- [X] list_dataset_groups
- [ ] list_dataset_import_jobs
- [ ] list_datasets
- [ ] list_forecast_export_jobs
- [ ] list_forecasts
+- [ ] list_predictor_backtest_export_jobs
- [ ] list_predictors
- [ ] list_tags_for_resource
- [ ] tag_resource
@@ -3790,8 +4317,16 @@
- [ ] create_variable
- [ ] delete_detector
- [ ] delete_detector_version
+- [ ] delete_entity_type
- [ ] delete_event
+- [ ] delete_event_type
+- [ ] delete_external_model
+- [ ] delete_label
+- [ ] delete_model
+- [ ] delete_model_version
+- [ ] delete_outcome
- [ ] delete_rule
+- [ ] delete_variable
- [ ] describe_detector
- [ ] describe_model_versions
- [ ] get_detector_version
@@ -3832,6 +4367,7 @@
0% implemented
+- [ ] associate_file_system_aliases
- [ ] cancel_data_repository_task
- [ ] create_backup
- [ ] create_data_repository_task
@@ -3841,7 +4377,9 @@
- [ ] delete_file_system
- [ ] describe_backups
- [ ] describe_data_repository_tasks
+- [ ] describe_file_system_aliases
- [ ] describe_file_systems
+- [ ] disassociate_file_system_aliases
- [ ] list_tags_for_resource
- [ ] tag_resource
- [ ] untag_resource
@@ -3987,28 +4525,50 @@
0% implemented
+- [ ] add_custom_routing_endpoints
- [ ] advertise_byoip_cidr
+- [ ] allow_custom_routing_traffic
- [ ] create_accelerator
+- [ ] create_custom_routing_accelerator
+- [ ] create_custom_routing_endpoint_group
+- [ ] create_custom_routing_listener
- [ ] create_endpoint_group
- [ ] create_listener
- [ ] delete_accelerator
+- [ ] delete_custom_routing_accelerator
+- [ ] delete_custom_routing_endpoint_group
+- [ ] delete_custom_routing_listener
- [ ] delete_endpoint_group
- [ ] delete_listener
+- [ ] deny_custom_routing_traffic
- [ ] deprovision_byoip_cidr
- [ ] describe_accelerator
- [ ] describe_accelerator_attributes
+- [ ] describe_custom_routing_accelerator
+- [ ] describe_custom_routing_accelerator_attributes
+- [ ] describe_custom_routing_endpoint_group
+- [ ] describe_custom_routing_listener
- [ ] describe_endpoint_group
- [ ] describe_listener
- [ ] list_accelerators
- [ ] list_byoip_cidrs
+- [ ] list_custom_routing_accelerators
+- [ ] list_custom_routing_endpoint_groups
+- [ ] list_custom_routing_listeners
+- [ ] list_custom_routing_port_mappings
+- [ ] list_custom_routing_port_mappings_by_destination
- [ ] list_endpoint_groups
- [ ] list_listeners
- [ ] list_tags_for_resource
- [ ] provision_byoip_cidr
+- [ ] remove_custom_routing_endpoints
- [ ] tag_resource
- [ ] untag_resource
- [ ] update_accelerator
- [ ] update_accelerator_attributes
+- [ ] update_custom_routing_accelerator
+- [ ] update_custom_routing_accelerator_attributes
+- [ ] update_custom_routing_listener
- [ ] update_endpoint_group
- [ ] update_listener
- [ ] withdraw_byoip_cidr
@@ -4016,7 +4576,7 @@
## glue
-5% implemented
+4% implemented
- [ ] batch_create_partition
- [ ] batch_delete_connection
@@ -4030,7 +4590,9 @@
- [ ] batch_get_triggers
- [ ] batch_get_workflows
- [ ] batch_stop_job_run
+- [ ] batch_update_partition
- [ ] cancel_ml_task_run
+- [ ] check_schema_version_validity
- [ ] create_classifier
- [ ] create_connection
- [ ] create_crawler
@@ -4039,6 +4601,9 @@
- [ ] create_job
- [ ] create_ml_transform
- [ ] create_partition
+- [ ] create_partition_index
+- [ ] create_registry
+- [ ] create_schema
- [ ] create_script
- [ ] create_security_configuration
- [X] create_table
@@ -4055,7 +4620,11 @@
- [ ] delete_job
- [ ] delete_ml_transform
- [ ] delete_partition
+- [ ] delete_partition_index
+- [ ] delete_registry
- [ ] delete_resource_policy
+- [ ] delete_schema
+- [ ] delete_schema_versions
- [ ] delete_security_configuration
- [X] delete_table
- [ ] delete_table_version
@@ -4089,10 +4658,16 @@
- [ ] get_ml_transform
- [ ] get_ml_transforms
- [ ] get_partition
+- [ ] get_partition_indexes
- [ ] get_partitions
- [ ] get_plan
+- [ ] get_registry
- [ ] get_resource_policies
- [ ] get_resource_policy
+- [ ] get_schema
+- [ ] get_schema_by_definition
+- [ ] get_schema_version
+- [ ] get_schema_versions_diff
- [ ] get_security_configuration
- [ ] get_security_configurations
- [X] get_table
@@ -4113,11 +4688,18 @@
- [ ] list_dev_endpoints
- [ ] list_jobs
- [ ] list_ml_transforms
+- [ ] list_registries
+- [ ] list_schema_versions
+- [ ] list_schemas
- [ ] list_triggers
- [ ] list_workflows
- [ ] put_data_catalog_encryption_settings
- [ ] put_resource_policy
+- [ ] put_schema_version_metadata
- [ ] put_workflow_run_properties
+- [ ] query_schema_version_metadata
+- [ ] register_schema_version
+- [ ] remove_schema_version_metadata
- [ ] reset_job_bookmark
- [ ] resume_workflow_run
- [ ] search_tables
@@ -4147,6 +4729,8 @@
- [ ] update_job
- [ ] update_ml_transform
- [ ] update_partition
+- [ ] update_registry
+- [ ] update_schema
- [ ] update_table
- [ ] update_trigger
- [ ] update_user_defined_function
@@ -4211,6 +4795,7 @@
- [ ] get_service_role_for_account
- [ ] get_subscription_definition
- [ ] get_subscription_definition_version
+- [ ] get_thing_runtime_configuration
- [ ] list_bulk_deployment_detailed_reports
- [ ] list_bulk_deployments
- [ ] list_connector_definition_versions
@@ -4247,6 +4832,33 @@
- [ ] update_logger_definition
- [ ] update_resource_definition
- [ ] update_subscription_definition
+- [ ] update_thing_runtime_configuration
+
+
+## greengrassv2
+
+0% implemented
+
+- [ ] cancel_deployment
+- [ ] create_component_version
+- [ ] create_deployment
+- [ ] delete_component
+- [ ] delete_core_device
+- [ ] describe_component
+- [ ] get_component
+- [ ] get_component_version_artifact
+- [ ] get_core_device
+- [ ] get_deployment
+- [ ] list_component_versions
+- [ ] list_components
+- [ ] list_core_devices
+- [ ] list_deployments
+- [ ] list_effective_deployments
+- [ ] list_installed_components
+- [ ] list_tags_for_resource
+- [ ] resolve_component_candidates
+- [ ] tag_resource
+- [ ] untag_resource
## groundstation
@@ -4363,17 +4975,41 @@
- [ ] enable_health_service_access_for_organization
+## healthlake
+
+0% implemented
+
+- [ ] create_fhir_datastore
+- [ ] delete_fhir_datastore
+- [ ] describe_fhir_datastore
+- [ ] describe_fhir_export_job
+- [ ] describe_fhir_import_job
+- [ ] list_fhir_datastores
+- [ ] start_fhir_export_job
+- [ ] start_fhir_import_job
+
+
## honeycode
0% implemented
+- [ ] batch_create_table_rows
+- [ ] batch_delete_table_rows
+- [ ] batch_update_table_rows
+- [ ] batch_upsert_table_rows
+- [ ] describe_table_data_import_job
- [ ] get_screen_data
- [ ] invoke_screen_automation
+- [ ] list_table_columns
+- [ ] list_table_rows
+- [ ] list_tables
+- [ ] query_table_rows
+- [ ] start_table_data_import_job
## iam
-72% implemented
+73% implemented
- [ ] add_client_id_to_open_id_connect_provider
- [X] add_role_to_instance_profile
@@ -4495,9 +5131,9 @@
- [ ] simulate_custom_policy
- [ ] simulate_principal_policy
- [X] tag_role
-- [ ] tag_user
+- [X] tag_user
- [X] untag_role
-- [ ] untag_user
+- [X] untag_user
- [X] update_access_key
- [X] update_account_password_policy
- [ ] update_assume_role_policy
@@ -4533,12 +5169,14 @@
- [ ] cancel_image_creation
- [ ] create_component
+- [ ] create_container_recipe
- [ ] create_distribution_configuration
- [ ] create_image
- [ ] create_image_pipeline
- [ ] create_image_recipe
- [ ] create_infrastructure_configuration
- [ ] delete_component
+- [ ] delete_container_recipe
- [ ] delete_distribution_configuration
- [ ] delete_image
- [ ] delete_image_pipeline
@@ -4546,6 +5184,8 @@
- [ ] delete_infrastructure_configuration
- [ ] get_component
- [ ] get_component_policy
+- [ ] get_container_recipe
+- [ ] get_container_recipe_policy
- [ ] get_distribution_configuration
- [ ] get_image
- [ ] get_image_pipeline
@@ -4556,6 +5196,7 @@
- [ ] import_component
- [ ] list_component_build_versions
- [ ] list_components
+- [ ] list_container_recipes
- [ ] list_distribution_configurations
- [ ] list_image_build_versions
- [ ] list_image_pipeline_images
@@ -4565,6 +5206,7 @@
- [ ] list_infrastructure_configurations
- [ ] list_tags_for_resource
- [ ] put_component_policy
+- [ ] put_container_recipe_policy
- [ ] put_image_policy
- [ ] put_image_recipe_policy
- [ ] start_image_pipeline_execution
@@ -4632,7 +5274,7 @@
## iot
-30% implemented
+29% implemented
- [ ] accept_certificate_transfer
- [ ] add_thing_to_billing_group
@@ -4645,6 +5287,7 @@
- [ ] cancel_audit_mitigation_actions_task
- [ ] cancel_audit_task
- [ ] cancel_certificate_transfer
+- [ ] cancel_detect_mitigation_actions_task
- [X] cancel_job
- [X] cancel_job_execution
- [ ] clear_default_authorizer
@@ -4653,6 +5296,7 @@
- [ ] create_authorizer
- [ ] create_billing_group
- [ ] create_certificate_from_csr
+- [ ] create_custom_metric
- [ ] create_dimension
- [ ] create_domain_configuration
- [ ] create_dynamic_thing_group
@@ -4680,6 +5324,7 @@
- [ ] delete_billing_group
- [ ] delete_ca_certificate
- [X] delete_certificate
+- [ ] delete_custom_metric
- [ ] delete_dimension
- [ ] delete_domain_configuration
- [ ] delete_dynamic_thing_group
@@ -4712,7 +5357,9 @@
- [ ] describe_billing_group
- [ ] describe_ca_certificate
- [X] describe_certificate
+- [ ] describe_custom_metric
- [ ] describe_default_authorizer
+- [ ] describe_detect_mitigation_actions_task
- [ ] describe_dimension
- [ ] describe_domain_configuration
- [X] describe_endpoint
@@ -4737,6 +5384,7 @@
- [X] detach_thing_principal
- [X] disable_topic_rule
- [X] enable_topic_rule
+- [ ] get_behavior_model_training_summaries
- [ ] get_cardinality
- [ ] get_effective_policies
- [ ] get_indexing_configuration
@@ -4763,6 +5411,9 @@
- [ ] list_ca_certificates
- [X] list_certificates
- [ ] list_certificates_by_ca
+- [ ] list_custom_metrics
+- [ ] list_detect_mitigation_actions_executions
+- [ ] list_detect_mitigation_actions_tasks
- [ ] list_dimensions
- [ ] list_domain_configurations
- [ ] list_indices
@@ -4815,6 +5466,7 @@
- [ ] set_v2_logging_level
- [ ] set_v2_logging_options
- [ ] start_audit_mitigation_actions_task
+- [ ] start_detect_mitigation_actions_task
- [ ] start_on_demand_audit_task
- [ ] start_thing_registration_task
- [ ] stop_thing_registration_task
@@ -4829,6 +5481,7 @@
- [ ] update_billing_group
- [ ] update_ca_certificate
- [X] update_certificate
+- [ ] update_custom_metric
- [ ] update_dimension
- [ ] update_domain_configuration
- [ ] update_dynamic_thing_group
@@ -4950,6 +5603,25 @@
- [ ] update_pipeline
+## iotdeviceadvisor
+
+0% implemented
+
+- [ ] create_suite_definition
+- [ ] delete_suite_definition
+- [ ] get_suite_definition
+- [ ] get_suite_run
+- [ ] get_suite_run_report
+- [ ] list_suite_definitions
+- [ ] list_suite_runs
+- [ ] list_tags_for_resource
+- [ ] list_test_cases
+- [ ] start_suite_run
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_suite_definition
+
+
## iotevents
0% implemented
@@ -4982,6 +5654,20 @@
- [ ] list_detectors
+## iotfleethub
+
+0% implemented
+
+- [ ] create_application
+- [ ] delete_application
+- [ ] describe_application
+- [ ] list_applications
+- [ ] list_tags_for_resource
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_application
+
+
## iotsecuretunneling
0% implemented
@@ -5022,6 +5708,7 @@
- [ ] describe_asset_model
- [ ] describe_asset_property
- [ ] describe_dashboard
+- [ ] describe_default_encryption_configuration
- [ ] describe_gateway
- [ ] describe_gateway_capability_configuration
- [ ] describe_logging_options
@@ -5033,6 +5720,7 @@
- [ ] get_asset_property_value_history
- [ ] list_access_policies
- [ ] list_asset_models
+- [ ] list_asset_relationships
- [ ] list_assets
- [ ] list_associated_assets
- [ ] list_dashboards
@@ -5041,6 +5729,7 @@
- [ ] list_project_assets
- [ ] list_projects
- [ ] list_tags_for_resource
+- [ ] put_default_encryption_configuration
- [ ] put_logging_options
- [ ] tag_resource
- [ ] untag_resource
@@ -5096,6 +5785,63 @@
- [ ] upload_entity_definitions
+## iotwireless
+
+0% implemented
+
+- [ ] associate_aws_account_with_partner_account
+- [ ] associate_wireless_device_with_thing
+- [ ] associate_wireless_gateway_with_certificate
+- [ ] associate_wireless_gateway_with_thing
+- [ ] create_destination
+- [ ] create_device_profile
+- [ ] create_service_profile
+- [ ] create_wireless_device
+- [ ] create_wireless_gateway
+- [ ] create_wireless_gateway_task
+- [ ] create_wireless_gateway_task_definition
+- [ ] delete_destination
+- [ ] delete_device_profile
+- [ ] delete_service_profile
+- [ ] delete_wireless_device
+- [ ] delete_wireless_gateway
+- [ ] delete_wireless_gateway_task
+- [ ] delete_wireless_gateway_task_definition
+- [ ] disassociate_aws_account_from_partner_account
+- [ ] disassociate_wireless_device_from_thing
+- [ ] disassociate_wireless_gateway_from_certificate
+- [ ] disassociate_wireless_gateway_from_thing
+- [ ] get_destination
+- [ ] get_device_profile
+- [ ] get_partner_account
+- [ ] get_service_endpoint
+- [ ] get_service_profile
+- [ ] get_wireless_device
+- [ ] get_wireless_device_statistics
+- [ ] get_wireless_gateway
+- [ ] get_wireless_gateway_certificate
+- [ ] get_wireless_gateway_firmware_information
+- [ ] get_wireless_gateway_statistics
+- [ ] get_wireless_gateway_task
+- [ ] get_wireless_gateway_task_definition
+- [ ] list_destinations
+- [ ] list_device_profiles
+- [ ] list_partner_accounts
+- [ ] list_service_profiles
+- [ ] list_tags_for_resource
+- [ ] list_wireless_devices
+- [ ] list_wireless_gateway_task_definitions
+- [ ] list_wireless_gateways
+- [ ] send_data_to_wireless_device
+- [ ] tag_resource
+- [ ] test_wireless_device
+- [ ] untag_resource
+- [ ] update_destination
+- [ ] update_partner_account
+- [ ] update_wireless_device
+- [ ] update_wireless_gateway
+
+
## ivs
0% implemented
@@ -5128,6 +5874,8 @@
0% implemented
+- [ ] batch_associate_scram_secret
+- [ ] batch_disassociate_scram_secret
- [ ] create_cluster
- [ ] create_configuration
- [ ] delete_cluster
@@ -5144,6 +5892,7 @@
- [ ] list_configurations
- [ ] list_kafka_versions
- [ ] list_nodes
+- [ ] list_scram_secrets
- [ ] list_tags_for_resource
- [ ] reboot_broker
- [ ] tag_resource
@@ -5165,17 +5914,21 @@
- [ ] create_data_source
- [ ] create_faq
- [ ] create_index
+- [ ] create_thesaurus
- [ ] delete_data_source
- [ ] delete_faq
- [ ] delete_index
+- [ ] delete_thesaurus
- [ ] describe_data_source
- [ ] describe_faq
- [ ] describe_index
+- [ ] describe_thesaurus
- [ ] list_data_source_sync_jobs
- [ ] list_data_sources
- [ ] list_faqs
- [ ] list_indices
- [ ] list_tags_for_resource
+- [ ] list_thesauri
- [ ] query
- [ ] start_data_source_sync_job
- [ ] stop_data_source_sync_job
@@ -5184,6 +5937,7 @@
- [ ] untag_resource
- [ ] update_data_source
- [ ] update_index
+- [ ] update_thesaurus
## kinesis
@@ -5283,6 +6037,7 @@
- [ ] add_application_reference_data_source
- [ ] add_application_vpc_configuration
- [ ] create_application
+- [ ] create_application_presigned_url
- [ ] create_application_snapshot
- [ ] delete_application
- [ ] delete_application_cloud_watch_logging_option
@@ -5402,24 +6157,29 @@
## lambda
-48% implemented
+41% implemented
- [ ] add_layer_version_permission
- [X] add_permission
- [ ] create_alias
+- [ ] create_code_signing_config
- [X] create_event_source_mapping
- [X] create_function
- [ ] delete_alias
+- [ ] delete_code_signing_config
- [X] delete_event_source_mapping
- [X] delete_function
+- [ ] delete_function_code_signing_config
- [X] delete_function_concurrency
- [ ] delete_function_event_invoke_config
- [ ] delete_layer_version
- [ ] delete_provisioned_concurrency_config
- [ ] get_account_settings
- [ ] get_alias
+- [ ] get_code_signing_config
- [X] get_event_source_mapping
- [X] get_function
+- [ ] get_function_code_signing_config
- [X] get_function_concurrency
- [ ] get_function_configuration
- [ ] get_function_event_invoke_config
@@ -5431,9 +6191,11 @@
- [X] invoke
- [ ] invoke_async
- [ ] list_aliases
+- [ ] list_code_signing_configs
- [X] list_event_source_mappings
- [ ] list_function_event_invoke_configs
- [X] list_functions
+- [ ] list_functions_by_code_signing_config
- [ ] list_layer_versions
- [X] list_layers
- [ ] list_provisioned_concurrency_configs
@@ -5441,6 +6203,7 @@
- [X] list_versions_by_function
- [X] publish_layer_version
- [ ] publish_version
+- [ ] put_function_code_signing_config
- [X] put_function_concurrency
- [ ] put_function_event_invoke_config
- [ ] put_provisioned_concurrency_config
@@ -5449,6 +6212,7 @@
- [X] tag_resource
- [X] untag_resource
- [ ] update_alias
+- [ ] update_code_signing_config
- [X] update_event_source_mapping
- [X] update_function_code
- [X] update_function_configuration
@@ -5515,17 +6279,41 @@
0% implemented
+- [ ] accept_grant
+- [ ] check_in_license
+- [ ] checkout_borrow_license
+- [ ] checkout_license
+- [ ] create_grant
+- [ ] create_grant_version
+- [ ] create_license
- [ ] create_license_configuration
+- [ ] create_license_version
+- [ ] create_token
+- [ ] delete_grant
+- [ ] delete_license
- [ ] delete_license_configuration
+- [ ] delete_token
+- [ ] extend_license_consumption
+- [ ] get_access_token
+- [ ] get_grant
+- [ ] get_license
- [ ] get_license_configuration
+- [ ] get_license_usage
- [ ] get_service_settings
- [ ] list_associations_for_license_configuration
+- [ ] list_distributed_grants
- [ ] list_failures_for_license_configuration_operations
- [ ] list_license_configurations
- [ ] list_license_specifications_for_resource
+- [ ] list_license_versions
+- [ ] list_licenses
+- [ ] list_received_grants
+- [ ] list_received_licenses
- [ ] list_resource_inventory
- [ ] list_tags_for_resource
+- [ ] list_tokens
- [ ] list_usage_for_license_configuration
+- [ ] reject_grant
- [ ] tag_resource
- [ ] untag_resource
- [ ] update_license_configuration
@@ -5548,6 +6336,9 @@
- [ ] create_certificate
- [ ] create_cloud_formation_stack
- [ ] create_contact_method
+- [ ] create_container_service
+- [ ] create_container_service_deployment
+- [ ] create_container_service_registry_login
- [ ] create_disk
- [ ] create_disk_from_snapshot
- [ ] create_disk_snapshot
@@ -5567,6 +6358,8 @@
- [ ] delete_auto_snapshot
- [ ] delete_certificate
- [ ] delete_contact_method
+- [ ] delete_container_image
+- [ ] delete_container_service
- [ ] delete_disk
- [ ] delete_disk_snapshot
- [ ] delete_distribution
@@ -5596,6 +6389,13 @@
- [ ] get_certificates
- [ ] get_cloud_formation_stack_records
- [ ] get_contact_methods
+- [ ] get_container_api_metadata
+- [ ] get_container_images
+- [ ] get_container_log
+- [ ] get_container_service_deployments
+- [ ] get_container_service_metric_data
+- [ ] get_container_service_powers
+- [ ] get_container_services
- [ ] get_disk
- [ ] get_disk_snapshot
- [ ] get_disk_snapshots
@@ -5647,6 +6447,7 @@
- [ ] put_instance_public_ports
- [ ] reboot_instance
- [ ] reboot_relational_database
+- [ ] register_container_image
- [ ] release_static_ip
- [ ] reset_distribution_cache
- [ ] send_contact_method_verification
@@ -5658,6 +6459,7 @@
- [ ] test_alarm
- [ ] unpeer_vpc
- [ ] untag_resource
+- [ ] update_container_service
- [ ] update_distribution
- [ ] update_distribution_bundle
- [ ] update_domain_entry
@@ -5666,6 +6468,47 @@
- [ ] update_relational_database_parameters
+## location
+
+0% implemented
+
+- [ ] associate_tracker_consumer
+- [ ] batch_delete_geofence
+- [ ] batch_evaluate_geofences
+- [ ] batch_get_device_position
+- [ ] batch_put_geofence
+- [ ] batch_update_device_position
+- [ ] create_geofence_collection
+- [ ] create_map
+- [ ] create_place_index
+- [ ] create_tracker
+- [ ] delete_geofence_collection
+- [ ] delete_map
+- [ ] delete_place_index
+- [ ] delete_tracker
+- [ ] describe_geofence_collection
+- [ ] describe_map
+- [ ] describe_place_index
+- [ ] describe_tracker
+- [ ] disassociate_tracker_consumer
+- [ ] get_device_position
+- [ ] get_device_position_history
+- [ ] get_geofence
+- [ ] get_map_glyphs
+- [ ] get_map_sprites
+- [ ] get_map_style_descriptor
+- [ ] get_map_tile
+- [ ] list_geofence_collections
+- [ ] list_geofences
+- [ ] list_maps
+- [ ] list_place_indexes
+- [ ] list_tracker_consumers
+- [ ] list_trackers
+- [ ] put_geofence
+- [ ] search_place_index_for_position
+- [ ] search_place_index_for_text
+
+
## logs
40% implemented
@@ -5714,6 +6557,28 @@
- [X] untag_log_group
+## lookoutvision
+
+0% implemented
+
+- [ ] create_dataset
+- [ ] create_model
+- [ ] create_project
+- [ ] delete_dataset
+- [ ] delete_model
+- [ ] delete_project
+- [ ] describe_dataset
+- [ ] describe_model
+- [ ] describe_project
+- [ ] detect_anomalies
+- [ ] list_dataset_entries
+- [ ] list_models
+- [ ] list_projects
+- [ ] start_model
+- [ ] stop_model
+- [ ] update_dataset_entries
+
+
## machinelearning
0% implemented
@@ -5881,10 +6746,15 @@
- [ ] create_flow
- [ ] delete_flow
- [ ] describe_flow
+- [ ] describe_offering
+- [ ] describe_reservation
- [ ] grant_flow_entitlements
- [ ] list_entitlements
- [ ] list_flows
+- [ ] list_offerings
+- [ ] list_reservations
- [ ] list_tags_for_resource
+- [ ] purchase_offering
- [ ] remove_flow_output
- [ ] remove_flow_source
- [ ] remove_flow_vpc_interface
@@ -5932,9 +6802,14 @@
## medialive
-25% implemented
+21% implemented
+- [ ] accept_input_device_transfer
+- [ ] batch_delete
+- [ ] batch_start
+- [ ] batch_stop
- [ ] batch_update_schedule
+- [ ] cancel_input_device_transfer
- [X] create_channel
- [X] create_input
- [ ] create_input_security_group
@@ -5960,6 +6835,7 @@
- [ ] describe_reservation
- [ ] describe_schedule
- [X] list_channels
+- [ ] list_input_device_transfers
- [ ] list_input_devices
- [ ] list_input_security_groups
- [X] list_inputs
@@ -5969,10 +6845,12 @@
- [ ] list_reservations
- [ ] list_tags_for_resource
- [ ] purchase_offering
+- [ ] reject_input_device_transfer
- [X] start_channel
- [ ] start_multiplex
- [X] stop_channel
- [ ] stop_multiplex
+- [ ] transfer_input_device
- [X] update_channel
- [ ] update_channel_class
- [X] update_input
@@ -5987,6 +6865,7 @@
0% implemented
+- [ ] configure_logs
- [ ] create_channel
- [ ] create_harvest_job
- [ ] create_origin_endpoint
@@ -6210,6 +7089,23 @@
- [ ] update_qualification_type
+## mwaa
+
+0% implemented
+
+- [ ] create_cli_token
+- [ ] create_environment
+- [ ] create_web_login_token
+- [ ] delete_environment
+- [ ] get_environment
+- [ ] list_environments
+- [ ] list_tags_for_resource
+- [ ] publish_metrics
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_environment
+
+
## neptune
0% implemented
@@ -6222,6 +7118,7 @@
- [ ] copy_db_cluster_snapshot
- [ ] copy_db_parameter_group
- [ ] create_db_cluster
+- [ ] create_db_cluster_endpoint
- [ ] create_db_cluster_parameter_group
- [ ] create_db_cluster_snapshot
- [ ] create_db_instance
@@ -6229,12 +7126,14 @@
- [ ] create_db_subnet_group
- [ ] create_event_subscription
- [ ] delete_db_cluster
+- [ ] delete_db_cluster_endpoint
- [ ] delete_db_cluster_parameter_group
- [ ] delete_db_cluster_snapshot
- [ ] delete_db_instance
- [ ] delete_db_parameter_group
- [ ] delete_db_subnet_group
- [ ] delete_event_subscription
+- [ ] describe_db_cluster_endpoints
- [ ] describe_db_cluster_parameter_groups
- [ ] describe_db_cluster_parameters
- [ ] describe_db_cluster_snapshot_attributes
@@ -6256,6 +7155,7 @@
- [ ] failover_db_cluster
- [ ] list_tags_for_resource
- [ ] modify_db_cluster
+- [ ] modify_db_cluster_endpoint
- [ ] modify_db_cluster_parameter_group
- [ ] modify_db_cluster_snapshot_attribute
- [ ] modify_db_instance
@@ -6275,16 +7175,54 @@
- [ ] stop_db_cluster
+## network-firewall
+
+0% implemented
+
+- [ ] associate_firewall_policy
+- [ ] associate_subnets
+- [ ] create_firewall
+- [ ] create_firewall_policy
+- [ ] create_rule_group
+- [ ] delete_firewall
+- [ ] delete_firewall_policy
+- [ ] delete_resource_policy
+- [ ] delete_rule_group
+- [ ] describe_firewall
+- [ ] describe_firewall_policy
+- [ ] describe_logging_configuration
+- [ ] describe_resource_policy
+- [ ] describe_rule_group
+- [ ] disassociate_subnets
+- [ ] list_firewall_policies
+- [ ] list_firewalls
+- [ ] list_rule_groups
+- [ ] list_tags_for_resource
+- [ ] put_resource_policy
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_firewall_delete_protection
+- [ ] update_firewall_description
+- [ ] update_firewall_policy
+- [ ] update_firewall_policy_change_protection
+- [ ] update_logging_configuration
+- [ ] update_rule_group
+- [ ] update_subnet_change_protection
+
+
## networkmanager
0% implemented
- [ ] associate_customer_gateway
- [ ] associate_link
+- [ ] associate_transit_gateway_connect_peer
+- [ ] create_connection
- [ ] create_device
- [ ] create_global_network
- [ ] create_link
- [ ] create_site
+- [ ] delete_connection
- [ ] delete_device
- [ ] delete_global_network
- [ ] delete_link
@@ -6293,16 +7231,20 @@
- [ ] describe_global_networks
- [ ] disassociate_customer_gateway
- [ ] disassociate_link
+- [ ] disassociate_transit_gateway_connect_peer
+- [ ] get_connections
- [ ] get_customer_gateway_associations
- [ ] get_devices
- [ ] get_link_associations
- [ ] get_links
- [ ] get_sites
+- [ ] get_transit_gateway_connect_peer_associations
- [ ] get_transit_gateway_registrations
- [ ] list_tags_for_resource
- [ ] register_transit_gateway
- [ ] tag_resource
- [ ] untag_resource
+- [ ] update_connection
- [ ] update_device
- [ ] update_global_network
- [ ] update_link
@@ -6482,6 +7424,9 @@
- [ ] get_outpost_instance_types
- [ ] list_outposts
- [ ] list_sites
+- [ ] list_tags_for_resource
+- [ ] tag_resource
+- [ ] untag_resource
## personalize
@@ -6538,6 +7483,8 @@
0% implemented
- [ ] put_events
+- [ ] put_items
+- [ ] put_users
## personalize-runtime
@@ -7056,10 +8003,12 @@
- [ ] start_activity_stream
- [ ] start_db_cluster
- [ ] start_db_instance
+- [ ] start_db_instance_automated_backups_replication
- [ ] start_export_task
- [ ] stop_activity_stream
- [ ] stop_db_cluster
- [ ] stop_db_instance
+- [ ] stop_db_instance_automated_backups_replication
## rds-data
@@ -7172,6 +8121,21 @@
- [ ] rotate_encryption_key
+## redshift-data
+
+0% implemented
+
+- [ ] cancel_statement
+- [ ] describe_statement
+- [ ] describe_table
+- [ ] execute_statement
+- [ ] get_statement_result
+- [ ] list_databases
+- [ ] list_schemas
+- [ ] list_statements
+- [ ] list_tables
+
+
## rekognition
0% implemented
@@ -7194,6 +8158,7 @@
- [ ] detect_faces
- [ ] detect_labels
- [ ] detect_moderation_labels
+- [ ] detect_protective_equipment
- [ ] detect_text
- [ ] get_celebrity_info
- [ ] get_celebrity_recognition
@@ -7227,7 +8192,7 @@
## resource-groups
-60% implemented
+56% implemented
- [X] create_group
- [X] delete_group
@@ -7238,6 +8203,7 @@
- [ ] group_resources
- [ ] list_group_resources
- [X] list_groups
+- [ ] put_group_configuration
- [ ] search_resources
- [X] tag
- [ ] ungroup_resources
@@ -7325,30 +8291,37 @@
## route53
-12% implemented
+10% implemented
+- [ ] activate_key_signing_key
- [ ] associate_vpc_with_hosted_zone
- [ ] change_resource_record_sets
- [X] change_tags_for_resource
- [X] create_health_check
- [X] create_hosted_zone
+- [ ] create_key_signing_key
- [ ] create_query_logging_config
- [ ] create_reusable_delegation_set
- [ ] create_traffic_policy
- [ ] create_traffic_policy_instance
- [ ] create_traffic_policy_version
- [ ] create_vpc_association_authorization
+- [ ] deactivate_key_signing_key
- [X] delete_health_check
- [X] delete_hosted_zone
+- [ ] delete_key_signing_key
- [ ] delete_query_logging_config
- [ ] delete_reusable_delegation_set
- [ ] delete_traffic_policy
- [ ] delete_traffic_policy_instance
- [ ] delete_vpc_association_authorization
+- [ ] disable_hosted_zone_dnssec
- [ ] disassociate_vpc_from_hosted_zone
+- [ ] enable_hosted_zone_dnssec
- [ ] get_account_limit
- [ ] get_change
- [ ] get_checker_ip_ranges
+- [ ] get_dnssec
- [ ] get_geo_location
- [ ] get_health_check
- [ ] get_health_check_count
@@ -7436,6 +8409,7 @@
- [ ] disassociate_resolver_endpoint_ip_address
- [ ] disassociate_resolver_query_log_config
- [ ] disassociate_resolver_rule
+- [ ] get_resolver_dnssec_config
- [ ] get_resolver_endpoint
- [ ] get_resolver_query_log_config
- [ ] get_resolver_query_log_config_association
@@ -7443,6 +8417,7 @@
- [ ] get_resolver_rule
- [ ] get_resolver_rule_association
- [ ] get_resolver_rule_policy
+- [ ] list_resolver_dnssec_configs
- [ ] list_resolver_endpoint_ip_addresses
- [ ] list_resolver_endpoints
- [ ] list_resolver_query_log_config_associations
@@ -7454,13 +8429,14 @@
- [ ] put_resolver_rule_policy
- [ ] tag_resource
- [ ] untag_resource
+- [ ] update_resolver_dnssec_config
- [ ] update_resolver_endpoint
- [ ] update_resolver_rule
## s3
-26% implemented
+24% implemented
- [ ] abort_multipart_upload
- [ ] complete_multipart_upload
@@ -7471,9 +8447,11 @@
- [ ] delete_bucket_analytics_configuration
- [X] delete_bucket_cors
- [X] delete_bucket_encryption
+- [ ] delete_bucket_intelligent_tiering_configuration
- [ ] delete_bucket_inventory_configuration
- [ ] delete_bucket_lifecycle
- [ ] delete_bucket_metrics_configuration
+- [ ] delete_bucket_ownership_controls
- [X] delete_bucket_policy
- [ ] delete_bucket_replication
- [X] delete_bucket_tagging
@@ -7487,6 +8465,7 @@
- [ ] get_bucket_analytics_configuration
- [X] get_bucket_cors
- [X] get_bucket_encryption
+- [ ] get_bucket_intelligent_tiering_configuration
- [ ] get_bucket_inventory_configuration
- [ ] get_bucket_lifecycle
- [ ] get_bucket_lifecycle_configuration
@@ -7495,6 +8474,7 @@
- [ ] get_bucket_metrics_configuration
- [ ] get_bucket_notification
- [X] get_bucket_notification_configuration
+- [ ] get_bucket_ownership_controls
- [X] get_bucket_policy
- [ ] get_bucket_policy_status
- [ ] get_bucket_replication
@@ -7513,6 +8493,7 @@
- [ ] head_bucket
- [ ] head_object
- [ ] list_bucket_analytics_configurations
+- [ ] list_bucket_intelligent_tiering_configurations
- [ ] list_bucket_inventory_configurations
- [ ] list_bucket_metrics_configurations
- [ ] list_buckets
@@ -7526,6 +8507,7 @@
- [ ] put_bucket_analytics_configuration
- [X] put_bucket_cors
- [X] put_bucket_encryption
+- [ ] put_bucket_intelligent_tiering_configuration
- [ ] put_bucket_inventory_configuration
- [ ] put_bucket_lifecycle
- [ ] put_bucket_lifecycle_configuration
@@ -7533,6 +8515,7 @@
- [ ] put_bucket_metrics_configuration
- [ ] put_bucket_notification
- [X] put_bucket_notification_configuration
+- [ ] put_bucket_ownership_controls
- [ ] put_bucket_policy
- [ ] put_bucket_replication
- [ ] put_bucket_request_payment
@@ -7557,53 +8540,99 @@
0% implemented
- [ ] create_access_point
+- [ ] create_bucket
- [ ] create_job
- [ ] delete_access_point
- [ ] delete_access_point_policy
+- [ ] delete_bucket
+- [ ] delete_bucket_lifecycle_configuration
+- [ ] delete_bucket_policy
+- [ ] delete_bucket_tagging
- [ ] delete_job_tagging
- [ ] delete_public_access_block
+- [ ] delete_storage_lens_configuration
+- [ ] delete_storage_lens_configuration_tagging
- [ ] describe_job
- [ ] get_access_point
- [ ] get_access_point_policy
- [ ] get_access_point_policy_status
+- [ ] get_bucket
+- [ ] get_bucket_lifecycle_configuration
+- [ ] get_bucket_policy
+- [ ] get_bucket_tagging
- [ ] get_job_tagging
- [ ] get_public_access_block
+- [ ] get_storage_lens_configuration
+- [ ] get_storage_lens_configuration_tagging
- [ ] list_access_points
- [ ] list_jobs
+- [ ] list_regional_buckets
+- [ ] list_storage_lens_configurations
- [ ] put_access_point_policy
+- [ ] put_bucket_lifecycle_configuration
+- [ ] put_bucket_policy
+- [ ] put_bucket_tagging
- [ ] put_job_tagging
- [ ] put_public_access_block
+- [ ] put_storage_lens_configuration
+- [ ] put_storage_lens_configuration_tagging
- [ ] update_job_priority
- [ ] update_job_status
+## s3outposts
+
+0% implemented
+
+- [ ] create_endpoint
+- [ ] delete_endpoint
+- [ ] list_endpoints
+
+
## sagemaker
-13% implemented
+8% implemented
+- [ ] add_association
- [ ] add_tags
- [ ] associate_trial_component
+- [ ] create_action
- [ ] create_algorithm
- [ ] create_app
+- [ ] create_app_image_config
+- [ ] create_artifact
- [ ] create_auto_ml_job
- [ ] create_code_repository
- [ ] create_compilation_job
+- [ ] create_context
+- [ ] create_data_quality_job_definition
+- [ ] create_device_fleet
- [ ] create_domain
+- [ ] create_edge_packaging_job
- [X] create_endpoint
- [X] create_endpoint_config
- [ ] create_experiment
+- [ ] create_feature_group
- [ ] create_flow_definition
- [ ] create_human_task_ui
- [ ] create_hyper_parameter_tuning_job
+- [ ] create_image
+- [ ] create_image_version
- [ ] create_labeling_job
- [X] create_model
+- [ ] create_model_bias_job_definition
+- [ ] create_model_explainability_job_definition
- [ ] create_model_package
+- [ ] create_model_package_group
+- [ ] create_model_quality_job_definition
- [ ] create_monitoring_schedule
- [X] create_notebook_instance
- [X] create_notebook_instance_lifecycle_config
+- [ ] create_pipeline
- [ ] create_presigned_domain_url
- [ ] create_presigned_notebook_instance_url
- [ ] create_processing_job
+- [ ] create_project
- [X] create_training_job
- [ ] create_transform_job
- [ ] create_trial
@@ -7611,45 +8640,82 @@
- [ ] create_user_profile
- [ ] create_workforce
- [ ] create_workteam
+- [ ] delete_action
- [ ] delete_algorithm
- [ ] delete_app
+- [ ] delete_app_image_config
+- [ ] delete_artifact
+- [ ] delete_association
- [ ] delete_code_repository
+- [ ] delete_context
+- [ ] delete_data_quality_job_definition
+- [ ] delete_device_fleet
- [ ] delete_domain
- [X] delete_endpoint
- [X] delete_endpoint_config
- [ ] delete_experiment
+- [ ] delete_feature_group
- [ ] delete_flow_definition
- [ ] delete_human_task_ui
+- [ ] delete_image
+- [ ] delete_image_version
- [X] delete_model
+- [ ] delete_model_bias_job_definition
+- [ ] delete_model_explainability_job_definition
- [ ] delete_model_package
+- [ ] delete_model_package_group
+- [ ] delete_model_package_group_policy
+- [ ] delete_model_quality_job_definition
- [ ] delete_monitoring_schedule
- [X] delete_notebook_instance
- [X] delete_notebook_instance_lifecycle_config
+- [ ] delete_pipeline
+- [ ] delete_project
- [ ] delete_tags
- [ ] delete_trial
- [ ] delete_trial_component
- [ ] delete_user_profile
- [ ] delete_workforce
- [ ] delete_workteam
+- [ ] deregister_devices
+- [ ] describe_action
- [ ] describe_algorithm
- [ ] describe_app
+- [ ] describe_app_image_config
+- [ ] describe_artifact
- [ ] describe_auto_ml_job
- [ ] describe_code_repository
- [ ] describe_compilation_job
+- [ ] describe_context
+- [ ] describe_data_quality_job_definition
+- [ ] describe_device
+- [ ] describe_device_fleet
- [ ] describe_domain
+- [ ] describe_edge_packaging_job
- [X] describe_endpoint
- [X] describe_endpoint_config
- [ ] describe_experiment
+- [ ] describe_feature_group
- [ ] describe_flow_definition
- [ ] describe_human_task_ui
- [ ] describe_hyper_parameter_tuning_job
+- [ ] describe_image
+- [ ] describe_image_version
- [ ] describe_labeling_job
- [X] describe_model
+- [ ] describe_model_bias_job_definition
+- [ ] describe_model_explainability_job_definition
- [ ] describe_model_package
+- [ ] describe_model_package_group
+- [ ] describe_model_quality_job_definition
- [ ] describe_monitoring_schedule
- [ ] describe_notebook_instance
- [X] describe_notebook_instance_lifecycle_config
+- [ ] describe_pipeline
+- [ ] describe_pipeline_definition_for_execution
+- [ ] describe_pipeline_execution
- [ ] describe_processing_job
+- [ ] describe_project
- [ ] describe_subscribed_workteam
- [X] describe_training_job
- [ ] describe_transform_job
@@ -7658,30 +8724,56 @@
- [ ] describe_user_profile
- [ ] describe_workforce
- [ ] describe_workteam
+- [ ] disable_sagemaker_servicecatalog_portfolio
- [ ] disassociate_trial_component
+- [ ] enable_sagemaker_servicecatalog_portfolio
+- [ ] get_device_fleet_report
+- [ ] get_model_package_group_policy
+- [ ] get_sagemaker_servicecatalog_portfolio_status
- [ ] get_search_suggestions
+- [ ] list_actions
- [ ] list_algorithms
+- [ ] list_app_image_configs
- [ ] list_apps
+- [ ] list_artifacts
+- [ ] list_associations
- [ ] list_auto_ml_jobs
- [ ] list_candidates_for_auto_ml_job
- [ ] list_code_repositories
- [ ] list_compilation_jobs
+- [ ] list_contexts
+- [ ] list_data_quality_job_definitions
+- [ ] list_device_fleets
+- [ ] list_devices
- [ ] list_domains
+- [ ] list_edge_packaging_jobs
- [ ] list_endpoint_configs
- [ ] list_endpoints
- [ ] list_experiments
+- [ ] list_feature_groups
- [ ] list_flow_definitions
- [ ] list_human_task_uis
- [ ] list_hyper_parameter_tuning_jobs
+- [ ] list_image_versions
+- [ ] list_images
- [ ] list_labeling_jobs
- [ ] list_labeling_jobs_for_workteam
+- [ ] list_model_bias_job_definitions
+- [ ] list_model_explainability_job_definitions
+- [ ] list_model_package_groups
- [ ] list_model_packages
+- [ ] list_model_quality_job_definitions
- [X] list_models
- [ ] list_monitoring_executions
- [ ] list_monitoring_schedules
- [ ] list_notebook_instance_lifecycle_configs
- [ ] list_notebook_instances
+- [ ] list_pipeline_execution_steps
+- [ ] list_pipeline_executions
+- [ ] list_pipeline_parameters_for_execution
+- [ ] list_pipelines
- [ ] list_processing_jobs
+- [ ] list_projects
- [ ] list_subscribed_workteams
- [ ] list_tags
- [ ] list_training_jobs
@@ -7692,27 +8784,43 @@
- [ ] list_user_profiles
- [ ] list_workforces
- [ ] list_workteams
+- [ ] put_model_package_group_policy
+- [ ] register_devices
- [ ] render_ui_template
- [ ] search
- [ ] start_monitoring_schedule
- [X] start_notebook_instance
+- [ ] start_pipeline_execution
- [ ] stop_auto_ml_job
- [ ] stop_compilation_job
+- [ ] stop_edge_packaging_job
- [ ] stop_hyper_parameter_tuning_job
- [ ] stop_labeling_job
- [ ] stop_monitoring_schedule
- [X] stop_notebook_instance
+- [ ] stop_pipeline_execution
- [ ] stop_processing_job
- [ ] stop_training_job
- [ ] stop_transform_job
+- [ ] update_action
+- [ ] update_app_image_config
+- [ ] update_artifact
- [ ] update_code_repository
+- [ ] update_context
+- [ ] update_device_fleet
+- [ ] update_devices
- [ ] update_domain
- [ ] update_endpoint
- [ ] update_endpoint_weights_and_capacities
- [ ] update_experiment
+- [ ] update_image
+- [ ] update_model_package
- [ ] update_monitoring_schedule
- [ ] update_notebook_instance
- [ ] update_notebook_instance_lifecycle_config
+- [ ] update_pipeline
+- [ ] update_pipeline_execution
+- [ ] update_training_job
- [ ] update_trial
- [ ] update_trial_component
- [ ] update_user_profile
@@ -7731,6 +8839,23 @@
- [ ] stop_human_loop
+## sagemaker-edge
+
+0% implemented
+
+- [ ] get_device_registration
+- [ ] send_heartbeat
+
+
+## sagemaker-featurestore-runtime
+
+0% implemented
+
+- [ ] delete_record
+- [ ] get_record
+- [ ] put_record
+
+
## sagemaker-runtime
0% implemented
@@ -7743,6 +8868,7 @@
0% implemented
- [ ] create_savings_plan
+- [ ] delete_queued_savings_plan
- [ ] describe_savings_plan_rates
- [ ] describe_savings_plans
- [ ] describe_savings_plans_offering_rates
@@ -7768,6 +8894,7 @@
- [ ] describe_discoverer
- [ ] describe_registry
- [ ] describe_schema
+- [ ] export_schema
- [ ] get_code_binding_source
- [ ] get_discovered_schema
- [ ] get_resource_policy
@@ -7848,14 +8975,17 @@
- [ ] delete_members
- [ ] describe_action_targets
- [ ] describe_hub
+- [ ] describe_organization_configuration
- [ ] describe_products
- [ ] describe_standards
- [ ] describe_standards_controls
- [ ] disable_import_findings_for_product
+- [ ] disable_organization_admin_account
- [ ] disable_security_hub
- [ ] disassociate_from_master_account
- [ ] disassociate_members
- [ ] enable_import_findings_for_product
+- [ ] enable_organization_admin_account
- [ ] enable_security_hub
- [ ] get_enabled_standards
- [ ] get_findings
@@ -7868,12 +8998,14 @@
- [ ] list_enabled_products_for_import
- [ ] list_invitations
- [ ] list_members
+- [ ] list_organization_admin_accounts
- [ ] list_tags_for_resource
- [ ] tag_resource
- [ ] untag_resource
- [ ] update_action_target
- [ ] update_findings
- [ ] update_insight
+- [ ] update_organization_configuration
- [ ] update_security_hub_configuration
- [ ] update_standards_control
@@ -7916,8 +9048,11 @@
- [ ] list_service_quota_increase_requests_in_template
- [ ] list_service_quotas
- [ ] list_services
+- [ ] list_tags_for_resource
- [ ] put_service_quota_increase_request_into_template
- [ ] request_service_quota_increase
+- [ ] tag_resource
+- [ ] untag_resource
## servicecatalog
@@ -7953,6 +9088,7 @@
- [ ] describe_copy_product_status
- [ ] describe_portfolio
- [ ] describe_portfolio_share_status
+- [ ] describe_portfolio_shares
- [ ] describe_product
- [ ] describe_product_as_admin
- [ ] describe_product_view
@@ -7974,6 +9110,8 @@
- [ ] execute_provisioned_product_plan
- [ ] execute_provisioned_product_service_action
- [ ] get_aws_organizations_access_status
+- [ ] get_provisioned_product_outputs
+- [ ] import_as_provisioned_product
- [ ] list_accepted_portfolio_shares
- [ ] list_budgets_for_resource
- [ ] list_constraints_for_portfolio
@@ -8001,6 +9139,7 @@
- [ ] terminate_provisioned_product
- [ ] update_constraint
- [ ] update_portfolio
+- [ ] update_portfolio_share
- [ ] update_product
- [ ] update_provisioned_product
- [ ] update_provisioned_product_properties
@@ -8009,6 +9148,32 @@
- [ ] update_tag_option
+## servicecatalog-appregistry
+
+0% implemented
+
+- [ ] associate_attribute_group
+- [ ] associate_resource
+- [ ] create_application
+- [ ] create_attribute_group
+- [ ] delete_application
+- [ ] delete_attribute_group
+- [ ] disassociate_attribute_group
+- [ ] disassociate_resource
+- [ ] get_application
+- [ ] get_attribute_group
+- [ ] list_applications
+- [ ] list_associated_attribute_groups
+- [ ] list_associated_resources
+- [ ] list_attribute_groups
+- [ ] list_tags_for_resource
+- [ ] sync_resource
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_application
+- [ ] update_attribute_group
+
+
## servicediscovery
0% implemented
@@ -8040,7 +9205,7 @@
## ses
-23% implemented
+25% implemented
- [ ] clone_receipt_rule_set
- [X] create_configuration_set
@@ -8108,7 +9273,7 @@
- [ ] update_configuration_set_tracking_options
- [ ] update_custom_verification_email_template
- [ ] update_receipt_rule
-- [ ] update_template
+- [X] update_template
- [ ] verify_domain_dkim
- [ ] verify_domain_identity
- [X] verify_email_address
@@ -8121,6 +9286,8 @@
- [ ] create_configuration_set
- [ ] create_configuration_set_event_destination
+- [ ] create_contact
+- [ ] create_contact_list
- [ ] create_custom_verification_email_template
- [ ] create_dedicated_ip_pool
- [ ] create_deliverability_test_report
@@ -8130,6 +9297,8 @@
- [ ] create_import_job
- [ ] delete_configuration_set
- [ ] delete_configuration_set_event_destination
+- [ ] delete_contact
+- [ ] delete_contact_list
- [ ] delete_custom_verification_email_template
- [ ] delete_dedicated_ip_pool
- [ ] delete_email_identity
@@ -8140,6 +9309,8 @@
- [ ] get_blacklist_reports
- [ ] get_configuration_set
- [ ] get_configuration_set_event_destinations
+- [ ] get_contact
+- [ ] get_contact_list
- [ ] get_custom_verification_email_template
- [ ] get_dedicated_ip
- [ ] get_dedicated_ips
@@ -8153,6 +9324,8 @@
- [ ] get_import_job
- [ ] get_suppressed_destination
- [ ] list_configuration_sets
+- [ ] list_contact_lists
+- [ ] list_contacts
- [ ] list_custom_verification_email_templates
- [ ] list_dedicated_ip_pools
- [ ] list_deliverability_test_reports
@@ -8186,6 +9359,8 @@
- [ ] test_render_email_template
- [ ] untag_resource
- [ ] update_configuration_set_event_destination
+- [ ] update_contact
+- [ ] update_contact_list
- [ ] update_custom_verification_email_template
- [ ] update_email_identity_policy
- [ ] update_email_template
@@ -8200,13 +9375,17 @@
- [ ] associate_health_check
- [ ] associate_proactive_engagement_details
- [ ] create_protection
+- [ ] create_protection_group
- [ ] create_subscription
- [ ] delete_protection
+- [ ] delete_protection_group
- [ ] delete_subscription
- [ ] describe_attack
+- [ ] describe_attack_statistics
- [ ] describe_drt_access
- [ ] describe_emergency_contact_settings
- [ ] describe_protection
+- [ ] describe_protection_group
- [ ] describe_subscription
- [ ] disable_proactive_engagement
- [ ] disassociate_drt_log_bucket
@@ -8215,8 +9394,11 @@
- [ ] enable_proactive_engagement
- [ ] get_subscription_state
- [ ] list_attacks
+- [ ] list_protection_groups
- [ ] list_protections
+- [ ] list_resources_in_protection_group
- [ ] update_emergency_contact_settings
+- [ ] update_protection_group
- [ ] update_subscription
@@ -8224,15 +9406,20 @@
0% implemented
+- [ ] add_profile_permission
- [ ] cancel_signing_profile
- [ ] describe_signing_job
- [ ] get_signing_platform
- [ ] get_signing_profile
+- [ ] list_profile_permissions
- [ ] list_signing_jobs
- [ ] list_signing_platforms
- [ ] list_signing_profiles
- [ ] list_tags_for_resource
- [ ] put_signing_profile
+- [ ] remove_profile_permission
+- [ ] revoke_signature
+- [ ] revoke_signing_profile
- [ ] start_signing_job
- [ ] tag_resource
- [ ] untag_resource
@@ -8302,10 +9489,12 @@
- [ ] create_address
- [ ] create_cluster
- [ ] create_job
+- [ ] create_return_shipping_label
- [ ] describe_address
- [ ] describe_addresses
- [ ] describe_cluster
- [ ] describe_job
+- [ ] describe_return_shipping_label
- [ ] get_job_manifest
- [ ] get_job_unlock_code
- [ ] get_snowball_usage
@@ -8316,6 +9505,7 @@
- [ ] list_jobs
- [ ] update_cluster
- [ ] update_job
+- [ ] update_job_shipment_state
## sns
@@ -8385,7 +9575,7 @@
## ssm
-18% implemented
+16% implemented
- [X] add_tags_to_resource
- [ ] cancel_command
@@ -8396,6 +9586,7 @@
- [X] create_document
- [ ] create_maintenance_window
- [ ] create_ops_item
+- [ ] create_ops_metadata
- [ ] create_patch_baseline
- [ ] create_resource_data_sync
- [ ] delete_activation
@@ -8403,6 +9594,7 @@
- [X] delete_document
- [ ] delete_inventory
- [ ] delete_maintenance_window
+- [ ] delete_ops_metadata
- [X] delete_parameter
- [X] delete_parameters
- [ ] delete_patch_baseline
@@ -8458,6 +9650,7 @@
- [ ] get_maintenance_window_execution_task_invocation
- [ ] get_maintenance_window_task
- [ ] get_ops_item
+- [ ] get_ops_metadata
- [ ] get_ops_summary
- [X] get_parameter
- [X] get_parameter_history
@@ -8473,9 +9666,12 @@
- [X] list_commands
- [ ] list_compliance_items
- [ ] list_compliance_summaries
+- [ ] list_document_metadata_history
- [ ] list_document_versions
- [X] list_documents
- [ ] list_inventory_entries
+- [ ] list_ops_item_events
+- [ ] list_ops_metadata
- [ ] list_resource_compliance_summaries
- [ ] list_resource_data_sync
- [X] list_tags_for_resource
@@ -8494,6 +9690,7 @@
- [X] send_command
- [ ] start_associations_once
- [ ] start_automation_execution
+- [ ] start_change_request_execution
- [ ] start_session
- [ ] stop_automation_execution
- [ ] terminate_session
@@ -8501,11 +9698,13 @@
- [ ] update_association_status
- [X] update_document
- [X] update_document_default_version
+- [ ] update_document_metadata
- [ ] update_maintenance_window
- [ ] update_maintenance_window_target
- [ ] update_maintenance_window_task
- [ ] update_managed_instance_role
- [ ] update_ops_item
+- [ ] update_ops_metadata
- [ ] update_patch_baseline
- [ ] update_resource_data_sync
- [ ] update_service_setting
@@ -8521,6 +9720,43 @@
- [ ] logout
+## sso-admin
+
+0% implemented
+
+- [ ] attach_managed_policy_to_permission_set
+- [ ] create_account_assignment
+- [ ] create_instance_access_control_attribute_configuration
+- [ ] create_permission_set
+- [ ] delete_account_assignment
+- [ ] delete_inline_policy_from_permission_set
+- [ ] delete_instance_access_control_attribute_configuration
+- [ ] delete_permission_set
+- [ ] describe_account_assignment_creation_status
+- [ ] describe_account_assignment_deletion_status
+- [ ] describe_instance_access_control_attribute_configuration
+- [ ] describe_permission_set
+- [ ] describe_permission_set_provisioning_status
+- [ ] detach_managed_policy_from_permission_set
+- [ ] get_inline_policy_for_permission_set
+- [ ] list_account_assignment_creation_status
+- [ ] list_account_assignment_deletion_status
+- [ ] list_account_assignments
+- [ ] list_accounts_for_provisioned_permission_set
+- [ ] list_instances
+- [ ] list_managed_policies_in_permission_set
+- [ ] list_permission_set_provisioning_status
+- [ ] list_permission_sets
+- [ ] list_permission_sets_provisioned_to_account
+- [ ] list_tags_for_resource
+- [ ] provision_permission_set
+- [ ] put_inline_policy_to_permission_set
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_instance_access_control_attribute_configuration
+- [ ] update_permission_set
+
+
## sso-oidc
0% implemented
@@ -8532,7 +9768,7 @@
## stepfunctions
-54% implemented
+52% implemented
- [ ] create_activity
- [X] create_state_machine
@@ -8552,6 +9788,7 @@
- [ ] send_task_heartbeat
- [ ] send_task_success
- [X] start_execution
+- [ ] start_sync_execution
- [X] stop_execution
- [X] tag_resource
- [X] untag_resource
@@ -8592,6 +9829,7 @@
- [ ] delete_volume
- [ ] describe_availability_monitor_test
- [ ] describe_bandwidth_rate_limit
+- [ ] describe_bandwidth_rate_limit_schedule
- [ ] describe_cache
- [ ] describe_cached_iscsi_volumes
- [ ] describe_chap_credentials
@@ -8634,12 +9872,14 @@
- [ ] start_gateway
- [ ] update_automatic_tape_creation_policy
- [ ] update_bandwidth_rate_limit
+- [ ] update_bandwidth_rate_limit_schedule
- [ ] update_chap_credentials
- [ ] update_gateway_information
- [ ] update_gateway_software_now
- [ ] update_maintenance_start_time
- [ ] update_nfs_file_share
- [ ] update_smb_file_share
+- [ ] update_smb_file_share_visibility
- [ ] update_smb_security_strategy
- [ ] update_snapshot_schedule
- [ ] update_vtl_device_type
@@ -8753,6 +9993,36 @@
- [ ] start_document_text_detection
+## timestream-query
+
+0% implemented
+
+- [ ] cancel_query
+- [ ] describe_endpoints
+- [ ] query
+
+
+## timestream-write
+
+0% implemented
+
+- [ ] create_database
+- [ ] create_table
+- [ ] delete_database
+- [ ] delete_table
+- [ ] describe_database
+- [ ] describe_endpoints
+- [ ] describe_table
+- [ ] list_databases
+- [ ] list_tables
+- [ ] list_tags_for_resource
+- [ ] tag_resource
+- [ ] untag_resource
+- [ ] update_database
+- [ ] update_table
+- [ ] write_records
+
+
## transcribe
29% implemented
@@ -8816,15 +10086,20 @@
0% implemented
+- [ ] create_parallel_data
+- [ ] delete_parallel_data
- [ ] delete_terminology
- [ ] describe_text_translation_job
+- [ ] get_parallel_data
- [ ] get_terminology
- [ ] import_terminology
+- [ ] list_parallel_data
- [ ] list_terminologies
- [ ] list_text_translation_jobs
- [ ] start_text_translation_job
- [ ] stop_text_translation_job
- [ ] translate_text
+- [ ] update_parallel_data
## waf
@@ -9043,6 +10318,40 @@
- [ ] update_web_acl
+## wellarchitected
+
+0% implemented
+
+- [ ] associate_lenses
+- [ ] create_milestone
+- [ ] create_workload
+- [ ] create_workload_share
+- [ ] delete_workload
+- [ ] delete_workload_share
+- [ ] disassociate_lenses
+- [ ] get_answer
+- [ ] get_lens_review
+- [ ] get_lens_review_report
+- [ ] get_lens_version_difference
+- [ ] get_milestone
+- [ ] get_workload
+- [ ] list_answers
+- [ ] list_lens_review_improvements
+- [ ] list_lens_reviews
+- [ ] list_lenses
+- [ ] list_milestones
+- [ ] list_notifications
+- [ ] list_share_invitations
+- [ ] list_workload_shares
+- [ ] list_workloads
+- [ ] update_answer
+- [ ] update_lens_review
+- [ ] update_share_invitation
+- [ ] update_workload
+- [ ] update_workload_share
+- [ ] upgrade_lens_review
+
+
## workdocs
0% implemented
@@ -9135,19 +10444,23 @@
- [ ] associate_delegate_to_resource
- [ ] associate_member_to_group
+- [ ] cancel_mailbox_export_job
- [ ] create_alias
- [ ] create_group
+- [ ] create_organization
- [ ] create_resource
- [ ] create_user
- [ ] delete_access_control_rule
- [ ] delete_alias
- [ ] delete_group
- [ ] delete_mailbox_permissions
+- [ ] delete_organization
- [ ] delete_resource
- [ ] delete_retention_policy
- [ ] delete_user
- [ ] deregister_from_work_mail
- [ ] describe_group
+- [ ] describe_mailbox_export_job
- [ ] describe_organization
- [ ] describe_resource
- [ ] describe_user
@@ -9160,6 +10473,7 @@
- [ ] list_aliases
- [ ] list_group_members
- [ ] list_groups
+- [ ] list_mailbox_export_jobs
- [ ] list_mailbox_permissions
- [ ] list_organizations
- [ ] list_resource_delegates
@@ -9171,6 +10485,7 @@
- [ ] put_retention_policy
- [ ] register_to_work_mail
- [ ] reset_password
+- [ ] start_mailbox_export_job
- [ ] tag_resource
- [ ] untag_resource
- [ ] update_mailbox_quota
@@ -9189,12 +10504,15 @@
0% implemented
+- [ ] associate_connection_alias
- [ ] associate_ip_groups
- [ ] authorize_ip_rules
- [ ] copy_workspace_image
+- [ ] create_connection_alias
- [ ] create_ip_group
- [ ] create_tags
- [ ] create_workspaces
+- [ ] delete_connection_alias
- [ ] delete_ip_group
- [ ] delete_tags
- [ ] delete_workspace_image
@@ -9202,6 +10520,8 @@
- [ ] describe_account
- [ ] describe_account_modifications
- [ ] describe_client_properties
+- [ ] describe_connection_alias_permissions
+- [ ] describe_connection_aliases
- [ ] describe_ip_groups
- [ ] describe_tags
- [ ] describe_workspace_bundles
@@ -9211,6 +10531,7 @@
- [ ] describe_workspace_snapshots
- [ ] describe_workspaces
- [ ] describe_workspaces_connection_status
+- [ ] disassociate_connection_alias
- [ ] disassociate_ip_groups
- [ ] import_workspace_image
- [ ] list_available_management_cidr_ranges
@@ -9230,6 +10551,7 @@
- [ ] start_workspaces
- [ ] stop_workspaces
- [ ] terminate_workspaces
+- [ ] update_connection_alias_permission
- [ ] update_rules_of_ip_group
- [ ] update_workspace_image_permission
@@ -9246,6 +10568,10 @@
- [ ] get_encryption_config
- [ ] get_group
- [ ] get_groups
+- [ ] get_insight
+- [ ] get_insight_events
+- [ ] get_insight_impact_graph
+- [ ] get_insight_summaries
- [ ] get_sampling_rules
- [ ] get_sampling_statistic_summaries
- [ ] get_sampling_targets
diff --git a/moto/iam/aws_managed_policies.py b/moto/iam/aws_managed_policies.py
index a8fca28e0..8b292b456 100644
--- a/moto/iam/aws_managed_policies.py
+++ b/moto/iam/aws_managed_policies.py
@@ -5,7 +5,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-10-20T17:23:10+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -13,10 +13,18 @@ aws_managed_policies_data = """
"elasticloadbalancing:AddListenerCertificates",
"elasticloadbalancing:RemoveListenerCertificates",
"elasticloadbalancing:ModifyListener",
+ "elasticloadbalancing:DescribeListeners",
+ "elasticloadbalancing:DescribeLoadBalancers",
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingTargets",
- "xray:GetSamplingRules"
+ "xray:GetSamplingRules",
+ "logs:CreateLogDelivery",
+ "logs:GetLogDelivery",
+ "logs:UpdateLogDelivery",
+ "logs:DeleteLogDelivery",
+ "logs:ListLogDeliveries",
+ "servicediscovery:DiscoverInstances"
],
"Effect": "Allow",
"Resource": [
@@ -31,6 +39,61 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:firehose:*:*:deliverystream/amazon-apigateway-*"
+ },
+ {
+ "Action": [
+ "acm:DescribeCertificate"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:acm:*:*:certificate/*"
+ },
+ {
+ "Action": "ec2:CreateNetworkInterfacePermission",
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:network-interface/*"
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": [
+ "Owner",
+ "VpcLinkId"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:network-interface/*"
+ },
+ {
+ "Action": [
+ "ec2:ModifyNetworkInterfaceAttribute",
+ "ec2:DeleteNetworkInterface",
+ "ec2:AssignPrivateIpAddresses",
+ "ec2:CreateNetworkInterface",
+ "ec2:DeleteNetworkInterfacePermission",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeNetworkInterfaceAttribute",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeNetworkInterfacePermissions",
+ "ec2:UnassignPrivateIpAddresses",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeSecurityGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "servicediscovery:GetNamespace",
+ "Effect": "Allow",
+ "Resource": "arn:aws:servicediscovery:*:*:namespace/*"
+ },
+ {
+ "Action": "servicediscovery:GetService",
+ "Effect": "Allow",
+ "Resource": "arn:aws:servicediscovery:*:*:service/*"
}
],
"Version": "2012-10-17"
@@ -41,8 +104,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQQDZNLDBF2ULTWK6",
"PolicyName": "APIGatewayServiceRolePolicy",
- "UpdateDate": "2019-05-20T18:22:18+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-02-25T20:24:49+00:00",
+ "VersionId": "v8"
},
"AWSAccountActivityAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAccountActivityAccess",
@@ -100,7 +163,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService",
"AttachmentCount": 0,
"CreateDate": "2016-08-02T01:35:11+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -165,6 +228,13 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "*",
"Sid": "arsenal"
+ },
+ {
+ "Action": [
+ "mgh:GetHomeRegion"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -175,14 +245,40 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIA3DIL7BYQ35ISM4K",
"PolicyName": "AWSAgentlessDiscoveryService",
- "UpdateDate": "2016-08-02T01:35:11+00:00",
+ "UpdateDate": "2020-02-24T23:08:23+00:00",
+ "VersionId": "v2"
+ },
+ "AWSAppMeshEnvoyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSAppMeshEnvoyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-03T21:29:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "appmesh:StreamAggregatedResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PMG6ZGSZZ",
+ "PolicyName": "AWSAppMeshEnvoyAccess",
+ "UpdateDate": "2019-07-03T21:29:37+00:00",
"VersionId": "v1"
},
"AWSAppMeshFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-04-16T17:50:40+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -191,6 +287,49 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": [
+ "appmesh.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh"
+ },
+ {
+ "Action": [
+ "cloudformation:CreateStack",
+ "cloudformation:DeleteStack",
+ "cloudformation:DescribeStack*",
+ "cloudformation:UpdateStack"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*"
+ },
+ {
+ "Action": [
+ "acm:ListCertificates",
+ "acm:DescribeCertificate",
+ "acm-pca:DescribeCertificateAuthority",
+ "acm-pca:ListCertificateAuthorities"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "servicediscovery:ListNamespaces",
+ "servicediscovery:ListServices",
+ "servicediscovery:ListInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -201,14 +340,75 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ILVZ5BWFU",
"PolicyName": "AWSAppMeshFullAccess",
- "UpdateDate": "2019-04-16T17:50:40+00:00",
+ "UpdateDate": "2021-01-07T19:54:08+00:00",
+ "VersionId": "v6"
+ },
+ "AWSAppMeshPreviewEnvoyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSAppMeshPreviewEnvoyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-05T23:32:39+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "appmesh-preview:StreamAggregatedResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NKURE3R2M",
+ "PolicyName": "AWSAppMeshPreviewEnvoyAccess",
+ "UpdateDate": "2019-08-05T23:32:39+00:00",
"VersionId": "v1"
},
+ "AWSAppMeshPreviewServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshPreviewServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-19T19:07:00+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "servicediscovery:DiscoverInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudMapServiceDiscovery"
+ },
+ {
+ "Action": [
+ "acm:DescribeCertificate"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ACMCertificateVerification"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FAQWKJYPJ",
+ "PolicyName": "AWSAppMeshPreviewServiceRolePolicy",
+ "UpdateDate": "2019-08-21T21:06:29+00:00",
+ "VersionId": "v3"
+ },
"AWSAppMeshReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshReadOnly",
"AttachmentCount": 0,
"CreateDate": "2019-04-16T17:51:11+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -218,6 +418,32 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudformation:DescribeStack*"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*"
+ },
+ {
+ "Action": [
+ "acm:ListCertificates",
+ "acm:DescribeCertificate",
+ "acm-pca:DescribeCertificateAuthority",
+ "acm-pca:ListCertificateAuthorities"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "servicediscovery:ListNamespaces",
+ "servicediscovery:ListServices",
+ "servicediscovery:ListInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -228,14 +454,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HOPFCIWXP",
"PolicyName": "AWSAppMeshReadOnly",
- "UpdateDate": "2019-04-16T17:51:11+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2021-01-07T19:53:16+00:00",
+ "VersionId": "v5"
},
"AWSAppMeshServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-06-03T18:30:51+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -245,6 +471,14 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudMapServiceDiscovery"
+ },
+ {
+ "Action": [
+ "acm:DescribeCertificate"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ACMCertificateVerification"
}
],
"Version": "2012-10-17"
@@ -255,14 +489,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4B5IHMMEND",
"PolicyName": "AWSAppMeshServiceRolePolicy",
- "UpdateDate": "2019-06-03T18:30:51+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-09-10T22:44:43+00:00",
+ "VersionId": "v2"
},
"AWSAppSyncAdministrator": {
"Arn": "arn:aws:iam::aws:policy/AWSAppSyncAdministrator",
"AttachmentCount": 0,
"CreateDate": "2018-03-20T21:20:28+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -285,6 +519,24 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "appsync.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:DeleteServiceLinkedRole",
+ "iam:GetServiceLinkedRoleDeletionStatus"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync*"
}
],
"Version": "2012-10-17"
@@ -295,8 +547,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBYY36AJPXTTWIXCY",
"PolicyName": "AWSAppSyncAdministrator",
- "UpdateDate": "2018-03-20T21:20:28+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-11-04T19:23:49+00:00",
+ "VersionId": "v2"
},
"AWSAppSyncInvokeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess",
@@ -399,6 +651,38 @@ aws_managed_policies_data = """
"UpdateDate": "2018-03-20T21:21:06+00:00",
"VersionId": "v1"
},
+ "AWSAppSyncServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppSyncServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-01-21T19:56:53+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "xray:PutTraceSegments",
+ "xray:PutTelemetryRecords",
+ "xray:GetSamplingTargets",
+ "xray:GetSamplingRules",
+ "xray:GetSamplingStatisticSummaries"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IKBIQXBOO",
+ "PolicyName": "AWSAppSyncServiceRolePolicy",
+ "UpdateDate": "2020-01-21T19:56:53+00:00",
+ "VersionId": "v1"
+ },
"AWSApplicationAutoScalingCustomResourcePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoScalingCustomResourcePolicy",
"AttachmentCount": 0,
@@ -462,9 +746,79 @@ aws_managed_policies_data = """
"UpdateDate": "2017-10-20T19:04:06+00:00",
"VersionId": "v1"
},
+ "AWSApplicationAutoscalingCassandraTablePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-03-18T22:49:23+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "cassandra:Select",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:*:cassandra:*:*:/keyspace/system/table/*",
+ "arn:*:cassandra:*:*:/keyspace/system_schema/table/*",
+ "arn:*:cassandra:*:*:/keyspace/system_schema_mcs/table/*"
+ ]
+ },
+ {
+ "Action": [
+ "cassandra:Alter",
+ "cloudwatch:PutMetricAlarm",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:DeleteAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BOOOZAOTV",
+ "PolicyName": "AWSApplicationAutoscalingCassandraTablePolicy",
+ "UpdateDate": "2020-03-18T22:49:23+00:00",
+ "VersionId": "v1"
+ },
+ "AWSApplicationAutoscalingComprehendEndpointPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingComprehendEndpointPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-14T18:39:07+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "comprehend:UpdateEndpoint",
+ "comprehend:DescribeEndpoint",
+ "cloudwatch:PutMetricAlarm",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:DeleteAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HD4ODS6K6",
+ "PolicyName": "AWSApplicationAutoscalingComprehendEndpointPolicy",
+ "UpdateDate": "2019-11-14T18:39:07+00:00",
+ "VersionId": "v1"
+ },
"AWSApplicationAutoscalingDynamoDBTablePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingDynamoDBTablePolicy",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2017-10-20T21:34:57+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -586,6 +940,72 @@ aws_managed_policies_data = """
"UpdateDate": "2017-10-26T00:57:39+00:00",
"VersionId": "v1"
},
+ "AWSApplicationAutoscalingKafkaClusterPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingKafkaClusterPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-24T18:36:01+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "kafka:DescribeCluster",
+ "kafka:DescribeClusterOperation",
+ "kafka:UpdateBrokerStorage",
+ "cloudwatch:PutMetricAlarm",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:DeleteAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FTCIZBJA2",
+ "PolicyName": "AWSApplicationAutoscalingKafkaClusterPolicy",
+ "UpdateDate": "2020-08-24T18:36:01+00:00",
+ "VersionId": "v1"
+ },
+ "AWSApplicationAutoscalingLambdaConcurrencyPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingLambdaConcurrencyPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-10-21T20:04:17+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "lambda:PutProvisionedConcurrencyConfig",
+ "lambda:GetProvisionedConcurrencyConfig",
+ "lambda:DeleteProvisionedConcurrencyConfig",
+ "cloudwatch:PutMetricAlarm",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:DeleteAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KIR2KPJCU",
+ "PolicyName": "AWSApplicationAutoscalingLambdaConcurrencyPolicy",
+ "UpdateDate": "2019-10-21T20:04:17+00:00",
+ "VersionId": "v1"
+ },
"AWSApplicationAutoscalingRDSClusterPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingRDSClusterPolicy",
"AttachmentCount": 0,
@@ -669,7 +1089,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess",
"AttachmentCount": 0,
"CreateDate": "2016-05-11T21:38:47+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -678,6 +1098,13 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "mgh:GetHomeRegion"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -688,14 +1115,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICZIOVAGC6JPF3WHC",
"PolicyName": "AWSApplicationDiscoveryAgentAccess",
- "UpdateDate": "2016-05-11T21:38:47+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-02-24T22:26:45+00:00",
+ "VersionId": "v2"
},
"AWSApplicationDiscoveryServiceFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-05-11T21:30:50+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -730,6 +1157,20 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "migrationhub.amazonaws.com",
+ "dmsintegration.migrationhub.amazonaws.com",
+ "smsintegration.migrationhub.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -740,8 +1181,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBNJEA6ZXM2SBOPDU",
"PolicyName": "AWSApplicationDiscoveryServiceFullAccess",
- "UpdateDate": "2018-08-16T16:02:27+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-06-19T21:21:26+00:00",
+ "VersionId": "v4"
},
"AWSArtifactAccountSync": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSArtifactAccountSync",
@@ -770,6 +1211,371 @@ aws_managed_policies_data = """
"UpdateDate": "2018-04-10T23:04:33+00:00",
"VersionId": "v1"
},
+ "AWSAuditManagerAdministratorAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-11T20:02:42+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "auditmanager:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AuditManagerAccess"
+ },
+ {
+ "Action": [
+ "organizations:ListAccountsForParent",
+ "organizations:ListAccounts",
+ "organizations:DescribeOrganization",
+ "organizations:DescribeOrganizationalUnit",
+ "organizations:DescribeAccount",
+ "organizations:ListParents",
+ "organizations:ListChildren"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "OrganizationsAccess"
+ },
+ {
+ "Action": [
+ "organizations:RegisterDelegatedAdministrator",
+ "organizations:DeregisterDelegatedAdministrator",
+ "organizations:EnableAWSServiceAccess"
+ ],
+ "Condition": {
+ "StringLikeIfExists": {
+ "organizations:ServicePrincipal": [
+ "auditmanager.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowOnlyAuditManagerIntegration"
+ },
+ {
+ "Action": [
+ "iam:GetUser",
+ "iam:ListUsers",
+ "iam:ListRoles"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "IAMAccess"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "auditmanager.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*",
+ "Sid": "IAMAccessCreateSLR"
+ },
+ {
+ "Action": [
+ "iam:DeleteServiceLinkedRole",
+ "iam:UpdateRoleDescription",
+ "iam:GetServiceLinkedRoleDeletionStatus"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*",
+ "Sid": "IAMAccessManageSLR"
+ },
+ {
+ "Action": [
+ "s3:ListAllMyBuckets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "S3Access"
+ },
+ {
+ "Action": [
+ "kms:DescribeKey",
+ "kms:ListKeys",
+ "kms:ListAliases"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "KmsAccess"
+ },
+ {
+ "Action": [
+ "kms:CreateGrant"
+ ],
+ "Condition": {
+ "Bool": {
+ "kms:GrantIsForAWSResource": "true"
+ },
+ "StringLike": {
+ "kms:ViaService": "auditmanager.*.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "KmsCreateGrantAccess"
+ },
+ {
+ "Action": [
+ "sns:ListTopics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SNSAccess"
+ },
+ {
+ "Action": [
+ "events:PutRule"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "events:detail-type": "Security Hub Findings - Imported",
+ "events:source": "aws.securityhub"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CreateEventsAccess"
+ },
+ {
+ "Action": [
+ "events:DeleteRule",
+ "events:DescribeRule",
+ "events:EnableRule",
+ "events:DisableRule",
+ "events:ListTargetsByRule",
+ "events:PutTargets",
+ "events:RemoveTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver",
+ "Sid": "EventsAccess"
+ },
+ {
+ "Action": [
+ "tag:GetResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "TagAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EBAFCQQJX",
+ "PolicyName": "AWSAuditManagerAdministratorAccess",
+ "UpdateDate": "2020-12-11T20:02:42+00:00",
+ "VersionId": "v1"
+ },
+ "AWSAuditManagerServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-08T15:12:12+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "license-manager:ListLicenseConfigurations",
+ "license-manager:ListAssociationsForLicenseConfiguration",
+ "license-manager:ListUsageForLicenseConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "LicenseManagerAccess"
+ },
+ {
+ "Action": [
+ "iam:GenerateCredentialReport",
+ "iam:GetAccountSummary",
+ "iam:ListPolicies",
+ "iam:GetAccountPasswordPolicy",
+ "iam:ListUsers",
+ "iam:ListUserPolicies",
+ "iam:ListRoles",
+ "iam:ListRolePolicies",
+ "iam:ListGroups",
+ "iam:ListGroupPolicies",
+ "iam:ListEntitiesForPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "IAMAccess"
+ },
+ {
+ "Action": [
+ "ec2:DescribeInstances",
+ "ec2:DescribeFlowLogs",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeNetworkAcls",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeVpcEndpoints"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "EC2Access"
+ },
+ {
+ "Action": [
+ "cloudtrail:DescribeTrails"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudtrailAccess"
+ },
+ {
+ "Action": [
+ "config:DescribeDeliveryChannels",
+ "config:ListDiscoveredResources",
+ "config:DescribeConfigRules"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ConfigAccess"
+ },
+ {
+ "Action": [
+ "securityhub:DescribeStandards"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SecurityHubAccess"
+ },
+ {
+ "Action": [
+ "kms:ListKeys",
+ "kms:DescribeKey",
+ "kms:ListGrants"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "KMSAccess"
+ },
+ {
+ "Action": [
+ "cloudwatch:DescribeAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudwatchAccess"
+ },
+ {
+ "Action": [
+ "s3:GetLifecycleConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "S3Access"
+ },
+ {
+ "Action": [
+ "events:DescribeRule"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "EventBridgeAccess"
+ },
+ {
+ "Action": [
+ "waf:ListActivatedRulesInRuleGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "WAFAccess"
+ },
+ {
+ "Action": [
+ "guardduty:ListDetectors"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "GuardDutyAccess"
+ },
+ {
+ "Action": [
+ "route53:GetQueryLoggingConfig"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "Route53Access"
+ },
+ {
+ "Action": [
+ "organizations:DescribePolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "OrganizationsAccess"
+ },
+ {
+ "Action": [
+ "cognito-idp:DescribeUserPool"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CognitoAccess"
+ },
+ {
+ "Action": [
+ "elasticfilesystem:DescribeFileSystems"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "EFSAccess"
+ },
+ {
+ "Action": [
+ "events:PutRule"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "events:detail-type": "Security Hub Findings - Imported",
+ "events:source": "aws.securityhub"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CreateEventsAccess"
+ },
+ {
+ "Action": [
+ "events:DeleteRule",
+ "events:DescribeRule",
+ "events:EnableRule",
+ "events:DisableRule",
+ "events:ListTargetsByRule",
+ "events:PutTargets",
+ "events:RemoveTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver",
+ "Sid": "EventsAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4C5N52UWST",
+ "PolicyName": "AWSAuditManagerServiceRolePolicy",
+ "UpdateDate": "2020-12-08T15:12:12+00:00",
+ "VersionId": "v1"
+ },
"AWSAutoScalingPlansEC2AutoScalingPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy",
"AttachmentCount": 0,
@@ -800,72 +1606,11 @@ aws_managed_policies_data = """
"UpdateDate": "2018-08-23T22:46:59+00:00",
"VersionId": "v1"
},
- "AWSB9InternalServicePolicy": {
- "Arn": "arn:aws:iam::aws:policy/AWSB9InternalServicePolicy",
+ "AWSBackupFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSBackupFullAccess",
"AttachmentCount": 0,
- "CreateDate": "2018-12-13T18:48:22+00:00",
- "DefaultVersionId": "v1",
- "Document": {
- "Statement": [
- {
- "Action": [
- "ec2:CreateNetworkInterfacePermission",
- "ec2:DescribeNetworkInterfaces",
- "ec2:DeleteNetworkInterface",
- "ec2:DescribeSubnets",
- "ec2:DescribeVpcs",
- "ec2:DescribeSecurityGroups",
- "greengrass:CreateDeployment",
- "greengrass:CreateGroupVersion",
- "greengrass:CreateFunctionDefinition",
- "greengrass:CreateFunctionDefinitionVersion",
- "greengrass:GetDeploymentStatus",
- "greengrass:GetGroup",
- "greengrass:GetGroupVersion",
- "greengrass:GetCoreDefinitionVersion",
- "greengrass:GetFunctionDefinitionVersion",
- "greengrass:GetAssociatedRole",
- "lambda:CreateFunction"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "lambda:UpdateFunctionCode",
- "lambda:GetFunction",
- "lambda:UpdateFunctionConfiguration"
- ],
- "Effect": "Allow",
- "Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*"
- },
- {
- "Action": "iam:PassRole",
- "Condition": {
- "StringEqualsIfExists": {
- "iam:PassedToService": "lambda.amazonaws.com"
- }
- },
- "Effect": "Allow",
- "Resource": "*"
- }
- ],
- "Version": "2012-10-17"
- },
- "IsAttachable": true,
- "IsDefaultVersion": true,
- "Path": "/",
- "PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAIWR2IIOQ7JJGVQOPW",
- "PolicyName": "AWSB9InternalServicePolicy",
- "UpdateDate": "2018-12-13T18:48:22+00:00",
- "VersionId": "v1"
- },
- "AWSBackupAdminPolicy": {
- "Arn": "arn:aws:iam::aws:policy/AWSBackupAdminPolicy",
- "AttachmentCount": 0,
- "CreateDate": "2019-01-19T02:34:31+00:00",
- "DefaultVersionId": "v2",
+ "CreateDate": "2019-11-18T22:21:52+00:00",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -883,15 +1628,33 @@ aws_managed_policies_data = """
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
- "rds:describeDBSnapshots",
"rds:describeDBEngineVersions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
- "rds:describeDBSubnetGroups"
+ "rds:describeDBSubnetGroups",
+ "rds:describeDBClusterSnapshots",
+ "rds:describeDBClusters",
+ "rds:describeDBParameterGroups",
+ "rds:describeDBClusterParameterGroups"
],
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": [
+ "rds:DeleteDBSnapshot",
+ "rds:DeleteDBClusterSnapshot"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "backup.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"dynamodb:ListBackups",
@@ -900,6 +1663,20 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": [
+ "dynamodb:DeleteBackup"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "backup.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"elasticfilesystem:DescribeFilesystems"
@@ -911,11 +1688,34 @@ aws_managed_policies_data = """
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
- "ec2:describeAvailabilityZones"
+ "ec2:describeAvailabilityZones",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeAccountAttributes",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeImages",
+ "ec2:DescribeSubnets",
+ "ec2:DescribePlacementGroups",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInstanceTypes"
],
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": [
+ "ec2:DeleteSnapshot",
+ "ec2:DeregisterImage"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "backup.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"tag:GetTagKeys",
@@ -952,8 +1752,7 @@ aws_managed_policies_data = """
{
"Action": [
"iam:ListRoles",
- "iam:GetRole",
- "iam:GetUser"
+ "iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
@@ -971,18 +1770,81 @@ aws_managed_policies_data = """
"arn:aws:iam::*:role/*AWSBackup*"
]
},
+ {
+ "Action": "organizations:DescribeOrganization",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"kms:ListKeys",
"kms:DescribeKey",
"kms:GenerateDataKey",
- "kms:RetireGrant",
- "kms:CreateGrant",
- "kms:ListAliases",
- "kms:Decrypt"
+ "kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:CreateGrant"
+ ],
+ "Condition": {
+ "Bool": {
+ "kms:GrantIsForAWSResource": true
+ },
+ "ForAnyValue:StringEquals": {
+ "kms:EncryptionContextKeys": "aws:backup:backup-vault"
+ },
+ "StringLike": {
+ "kms:ViaService": "backup.*.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ssm:CancelCommand",
+ "ssm:GetCommandInvocation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": "fsx:DescribeFileSystems",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "fsx:DescribeBackups",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "fsx:DeleteBackup",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "backup.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:backup/*"
+ },
+ {
+ "Action": "ds:DescribeDirectories",
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -991,16 +1853,16 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAJWFPFHACTI7XN6M2C",
- "PolicyName": "AWSBackupAdminPolicy",
- "UpdateDate": "2019-03-11T22:14:30+00:00",
- "VersionId": "v2"
+ "PolicyId": "ANPAZKAPJZG4LL52EIPJX",
+ "PolicyName": "AWSBackupFullAccess",
+ "UpdateDate": "2020-11-09T16:49:24+00:00",
+ "VersionId": "v6"
},
- "AWSBackupOperatorPolicy": {
- "Arn": "arn:aws:iam::aws:policy/AWSBackupOperatorPolicy",
+ "AWSBackupOperatorAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSBackupOperatorAccess",
"AttachmentCount": 0,
- "CreateDate": "2019-01-19T02:31:55+00:00",
- "DefaultVersionId": "v2",
+ "CreateDate": "2019-11-18T22:23:17+00:00",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -1012,7 +1874,8 @@ aws_managed_policies_data = """
"backup:DeleteBackupSelection",
"backup:GetRecoveryPointRestoreMetadata",
"backup:StartBackupJob",
- "backup:StartRestoreJob"
+ "backup:StartRestoreJob",
+ "backup:StartCopyJob"
],
"Effect": "Allow",
"Resource": "*"
@@ -1026,7 +1889,11 @@ aws_managed_policies_data = """
"rds:describeDBEngineVersions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
- "rds:describeDBSubnetGroups"
+ "rds:describeDBSubnetGroups",
+ "rds:DescribeDBClusterSnapshots",
+ "rds:DescribeDBClusters",
+ "rds:DescribeDBParameterGroups",
+ "rds:DescribeDBClusterParameterGroups"
],
"Effect": "Allow",
"Resource": "*"
@@ -1050,7 +1917,15 @@ aws_managed_policies_data = """
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
- "ec2:describeAvailabilityZones"
+ "ec2:describeAvailabilityZones",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeAccountAttributes",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeImages",
+ "ec2:DescribeSubnets",
+ "ec2:DescribePlacementGroups",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInstanceTypes"
],
"Effect": "Allow",
"Resource": "*"
@@ -1091,8 +1966,7 @@ aws_managed_policies_data = """
{
"Action": [
"iam:ListRoles",
- "iam:GetRole",
- "iam:GetUser"
+ "iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
@@ -1110,15 +1984,113 @@ aws_managed_policies_data = """
"arn:aws:iam::*:role/*AWSBackup*"
]
},
+ {
+ "Action": "organizations:DescribeOrganization",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
- "kms:ListKeys",
- "kms:DescribeKey",
- "kms:GenerateDataKey",
- "kms:RetireGrant",
- "kms:CreateGrant",
- "kms:ListAliases",
- "kms:Decrypt"
+ "ssm:CancelCommand",
+ "ssm:GetCommandInvocation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": "fsx:DescribeBackups",
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:backup/*"
+ },
+ {
+ "Action": "fsx:DescribeFileSystems",
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:file-system/*"
+ },
+ {
+ "Action": "ds:DescribeDirectories",
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KHXVYMY4O",
+ "PolicyName": "AWSBackupOperatorAccess",
+ "UpdateDate": "2020-11-09T16:43:44+00:00",
+ "VersionId": "v6"
+ },
+ "AWSBackupOrganizationAdminAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSBackupOrganizationAdminAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-24T16:23:14+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "organizations:DisableAWSServiceAccess",
+ "organizations:EnableAWSServiceAccess"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "organizations:ServicePrincipal": [
+ "backup.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "organizations:AttachPolicy",
+ "organizations:ListPoliciesForTarget",
+ "organizations:ListTargetsForPolicy",
+ "organizations:DetachPolicy",
+ "organizations:DisablePolicyType",
+ "organizations:DescribePolicy",
+ "organizations:DescribeEffectivePolicy",
+ "organizations:ListPolicies",
+ "organizations:EnablePolicyType",
+ "organizations:CreatePolicy",
+ "organizations:UpdatePolicy",
+ "organizations:DeletePolicy"
+ ],
+ "Condition": {
+ "StringLikeIfExists": {
+ "organizations:PolicyType": [
+ "BACKUP_POLICY"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "organizations:ListRoots",
+ "organizations:ListParents",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:ListAccountsForParent",
+ "organizations:ListAccounts",
+ "organizations:DescribeOrganization",
+ "organizations:ListOrganizationalUnitsForParent",
+ "organizations:ListChildren",
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganizationalUnit"
],
"Effect": "Allow",
"Resource": "*"
@@ -1130,16 +2102,221 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAJ7BHZKKS47SGORCJE",
- "PolicyName": "AWSBackupOperatorPolicy",
- "UpdateDate": "2019-03-11T22:18:12+00:00",
+ "PolicyId": "ANPAZKAPJZG4E5BC3XLFS",
+ "PolicyName": "AWSBackupOrganizationAdminAccess",
+ "UpdateDate": "2020-11-24T22:09:43+00:00",
"VersionId": "v2"
},
+ "AWSBackupServiceLinkedRolePolicyForBackup": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-02T23:08:40+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elasticfilesystem:Backup",
+ "elasticfilesystem:DescribeTags"
+ ],
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
+ },
+ {
+ "Action": [
+ "tag:GetResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "StringEquals": {
+ "ec2:CreateAction": "CopySnapshot"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*::snapshot/*"
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": [
+ "AWSBackupManagedResource"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*::image/*",
+ "arn:aws:ec2:*::snapshot/*"
+ ]
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "Null": {
+ "ec2:ResourceTag/AWSBackupManagedResource": "false"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*::image/*",
+ "arn:aws:ec2:*::snapshot/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeImages",
+ "rds:DescribeDBSnapshots",
+ "rds:DescribeDBClusterSnapshots"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ec2:CopySnapshot",
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*::snapshot/*"
+ },
+ {
+ "Action": "ec2:CopyImage",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DeregisterImage",
+ "ec2:DeleteSnapshot"
+ ],
+ "Condition": {
+ "Null": {
+ "ec2:ResourceTag/AWSBackupManagedResource": "false"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "rds:AddTagsToResource",
+ "rds:CopyDBSnapshot",
+ "rds:DeleteDBSnapshot"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:rds:*:*:snapshot:awsbackup:*"
+ },
+ {
+ "Action": [
+ "rds:AddTagsToResource",
+ "rds:CopyDBClusterSnapshot",
+ "rds:DeleteDBClusterSnapshot"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*"
+ },
+ {
+ "Action": "kms:DescribeKey",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:ListGrants",
+ "kms:ReEncryptFrom",
+ "kms:GenerateDataKeyWithoutPlaintext"
+ ],
+ "Condition": {
+ "StringLike": {
+ "kms:ViaService": [
+ "ec2.*.amazonaws.com",
+ "rds.*.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "kms:CreateGrant",
+ "Condition": {
+ "Bool": {
+ "kms:GrantIsForAWSResource": "true"
+ },
+ "StringLike": {
+ "kms:ViaService": [
+ "ec2.*.amazonaws.com",
+ "rds.*.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ONJBD4ZY2",
+ "PolicyName": "AWSBackupServiceLinkedRolePolicyForBackup",
+ "UpdateDate": "2020-11-10T18:37:51+00:00",
+ "VersionId": "v2"
+ },
+ "AWSBackupServiceLinkedRolePolicyForBackupTest": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackupTest",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-12T17:37:29+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elasticfilesystem:Backup",
+ "elasticfilesystem:DescribeTags"
+ ],
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
+ },
+ {
+ "Action": [
+ "tag:GetResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KMHRZD5LV",
+ "PolicyName": "AWSBackupServiceLinkedRolePolicyForBackupTest",
+ "UpdateDate": "2020-05-12T17:37:29+00:00",
+ "VersionId": "v1"
+ },
"AWSBackupServiceRolePolicyForBackup": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup",
"AttachmentCount": 0,
"CreateDate": "2019-01-10T21:01:28+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -1165,14 +2342,19 @@ aws_managed_policies_data = """
"rds:DescribeDBSnapshots",
"rds:CreateDBSnapshot",
"rds:CopyDBSnapshot",
- "rds:DescribeDBInstances"
+ "rds:DescribeDBInstances",
+ "rds:CreateDBClusterSnapshot",
+ "rds:DescribeDBClusters",
+ "rds:DescribeDBClusterSnapshots",
+ "rds:CopyDBClusterSnapshot"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
- "rds:DeleteDBSnapshot"
+ "rds:DeleteDBSnapshot",
+ "rds:ModifyDBSnapshotAttribute"
],
"Effect": "Allow",
"Resource": [
@@ -1181,11 +2363,36 @@ aws_managed_policies_data = """
},
{
"Action": [
- "storagegateway:CreateSnapshot"
+ "rds:DeleteDBClusterSnapshot",
+ "rds:ModifyDBClusterSnapshotAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*"
+ ]
+ },
+ {
+ "Action": [
+ "storagegateway:CreateSnapshot",
+ "storagegateway:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
+ {
+ "Action": [
+ "ec2:CopySnapshot"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*::snapshot/*"
+ },
+ {
+ "Action": [
+ "ec2:CopyImage"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"ec2:CreateTags",
@@ -1196,14 +2403,66 @@ aws_managed_policies_data = """
},
{
"Action": [
- "ec2:DescribeSnapshots"
+ "ec2:CreateImage",
+ "ec2:DeregisterImage"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
- "elasticfilesystem:Backup"
+ "ec2:CreateTags"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:image/*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeTags",
+ "ec2:DescribeImages",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInstanceAttribute",
+ "ec2:DescribeInstanceCreditSpecifications",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeElasticGpus",
+ "ec2:DescribeSpotInstanceRequests"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:ModifySnapshotAttribute",
+ "ec2:ModifyImageAttribute"
+ ],
+ "Condition": {
+ "Null": {
+ "aws:ResourceTag/aws:backup:source-resource": "false"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "backup:DescribeBackupVault",
+ "backup:CopyIntoBackupVault"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:backup:*:*:backup-vault:*"
+ },
+ {
+ "Action": [
+ "backup:CopyFromBackupVault"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "elasticfilesystem:Backup",
+ "elasticfilesystem:DescribeTags"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
@@ -1236,12 +2495,70 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": [
+ "kms:GenerateDataKeyWithoutPlaintext"
+ ],
+ "Condition": {
+ "StringLike": {
+ "kms:ViaService": [
+ "ec2.*.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:kms:*:*:key/*"
+ },
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "ssm:CancelCommand",
+ "ssm:GetCommandInvocation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": "fsx:DescribeBackups",
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:backup/*"
+ },
+ {
+ "Action": "fsx:CreateBackup",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:fsx:*:*:file-system/*",
+ "arn:aws:fsx:*:*:backup/*"
+ ]
+ },
+ {
+ "Action": "fsx:DescribeFileSystems",
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:file-system/*"
+ },
+ {
+ "Action": "fsx:ListTagsForResource",
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:file-system/*"
+ },
+ {
+ "Action": "fsx:DeleteBackup",
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:backup/*"
}
],
"Version": "2012-10-17"
@@ -1252,14 +2569,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIOOYZSLZZXWFJJ5N2",
"PolicyName": "AWSBackupServiceRolePolicyForBackup",
- "UpdateDate": "2019-04-25T19:15:48+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-11-18T23:16:27+00:00",
+ "VersionId": "v8"
},
"AWSBackupServiceRolePolicyForRestores": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores",
"AttachmentCount": 0,
"CreateDate": "2019-01-12T00:23:54+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v7",
"Document": {
"Statement": [
{
@@ -1334,7 +2651,10 @@ aws_managed_policies_data = """
"rds:ListTagsForResource",
"rds:RestoreDBInstanceFromDBSnapshot",
"rds:DeleteDBInstance",
- "rds:AddTagsToResource"
+ "rds:AddTagsToResource",
+ "rds:DescribeDBClusters",
+ "rds:RestoreDBClusterFromSnapshot",
+ "rds:DeleteDBCluster"
],
"Effect": "Allow",
"Resource": "*"
@@ -1354,6 +2674,27 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": [
+ "kms:Decrypt",
+ "kms:Encrypt",
+ "kms:GenerateDataKey",
+ "kms:ReEncryptTo",
+ "kms:ReEncryptFrom"
+ ],
+ "Condition": {
+ "StringLike": {
+ "kms:ViaService": [
+ "dynamodb.*.amazonaws.com",
+ "ec2.*.amazonaws.com",
+ "elasticfilesystem.*.amazonaws.com",
+ "rds.*.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": "kms:CreateGrant",
"Condition": {
@@ -1363,6 +2704,58 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:RunInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:TerminateInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": [
+ "fsx:CreateFileSystemFromBackup"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:fsx:*:*:file-system/*",
+ "arn:aws:fsx:*:*:backup/*"
+ ]
+ },
+ {
+ "Action": "fsx:DescribeFileSystems",
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:file-system/*"
+ },
+ {
+ "Action": "fsx:DescribeBackups",
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:backup/*"
+ },
+ {
+ "Action": [
+ "fsx:DeleteFileSystem",
+ "fsx:UntagResource"
+ ],
+ "Condition": {
+ "Null": {
+ "aws:ResourceTag/aws:backup:source-resource": "false"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:file-system/*"
+ },
+ {
+ "Action": "ds:DescribeDirectories",
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -1373,8 +2766,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZCCL6F2WPVOUXZKI",
"PolicyName": "AWSBackupServiceRolePolicyForRestores",
- "UpdateDate": "2019-04-25T19:17:26+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-11-09T16:52:12+00:00",
+ "VersionId": "v7"
},
"AWSBatchFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSBatchFullAccess",
@@ -1464,7 +2857,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole",
"AttachmentCount": 0,
"CreateDate": "2016-12-06T19:36:24+00:00",
- "DefaultVersionId": "v9",
+ "DefaultVersionId": "v11",
"Document": {
"Statement": [
{
@@ -1508,6 +2901,7 @@ aws_managed_policies_data = """
"ecs:DescribeContainerInstances",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
+ "ecs:ListAccountSettings",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListTaskDefinitionFamilies",
@@ -1532,12 +2926,20 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": "ecs:TagResource",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ecs:*:*:task/*_Batch_*"
+ ]
+ },
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
+ "ec2.amazonaws.com.cn",
"ecs-tasks.amazonaws.com"
]
}
@@ -1585,19 +2987,19 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUETIXPCKASQJURFE",
"PolicyName": "AWSBatchServiceRole",
- "UpdateDate": "2018-10-30T19:00:56+00:00",
- "VersionId": "v9"
+ "UpdateDate": "2020-11-23T18:19:27+00:00",
+ "VersionId": "v11"
},
- "AWSCertificateManagerFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess",
+ "AWSBillingReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess",
"AttachmentCount": 0,
- "CreateDate": "2016-01-21T17:02:36+00:00",
+ "CreateDate": "2020-08-27T20:08:51+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
- "acm:*"
+ "aws-portal:ViewBilling"
],
"Effect": "Allow",
"Resource": "*"
@@ -1609,16 +3011,197 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LJ3OSZ5SX",
+ "PolicyName": "AWSBillingReadOnlyAccess",
+ "UpdateDate": "2020-08-27T20:08:51+00:00",
+ "VersionId": "v1"
+ },
+ "AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM": {
+ "Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-15T17:20:48+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DescribeInstanceStatus",
+ "ec2:StartInstances",
+ "ec2:StopInstances",
+ "rds:DescribeDBInstances",
+ "rds:StartDBInstance",
+ "rds:StopDBInstance"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "ssm.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ssm:StartAutomationExecution"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KIUIYBT2X",
+ "PolicyName": "AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM",
+ "UpdateDate": "2020-10-15T17:20:48+00:00",
+ "VersionId": "v1"
+ },
+ "AWSBudgetsActionsWithAWSResourceControlAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsWithAWSResourceControlAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-15T17:19:12+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "budgets:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-portal:ViewBilling"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "budgets.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-portal:ModifyBilling",
+ "ec2:DescribeInstances",
+ "iam:ListGroups",
+ "iam:ListPolicies",
+ "iam:ListRoles",
+ "iam:ListUsers",
+ "organizations:ListAccounts",
+ "organizations:ListOrganizationalUnitsForParent",
+ "organizations:ListPolicies",
+ "organizations:ListRoots",
+ "rds:DescribeDBInstances",
+ "sns:ListTopics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AHTKKGHHS",
+ "PolicyName": "AWSBudgetsActionsWithAWSResourceControlAccess",
+ "UpdateDate": "2020-10-15T17:19:12+00:00",
+ "VersionId": "v1"
+ },
+ "AWSBudgetsReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSBudgetsReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-15T17:18:28+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aws-portal:ViewBilling",
+ "budgets:ViewBudget",
+ "budgets:Describe*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EZCFS6BHW",
+ "PolicyName": "AWSBudgetsReadOnlyAccess",
+ "UpdateDate": "2020-10-15T17:18:28+00:00",
+ "VersionId": "v1"
+ },
+ "AWSCertificateManagerFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2016-01-21T17:02:36+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "acm:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "acm.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*"
+ },
+ {
+ "Action": [
+ "iam:DeleteServiceLinkedRole",
+ "iam:GetServiceLinkedRoleDeletionStatus",
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYCHABBP6VQIVBCBQ",
"PolicyName": "AWSCertificateManagerFullAccess",
- "UpdateDate": "2016-01-21T17:02:36+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-08-17T22:18:28+00:00",
+ "VersionId": "v2"
},
"AWSCertificateManagerPrivateCAAuditor": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAAuditor",
"AttachmentCount": 0,
"CreateDate": "2018-10-23T16:51:08+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -1629,6 +3212,7 @@ aws_managed_policies_data = """
"acm-pca:GetCertificateAuthorityCsr",
"acm-pca:GetCertificateAuthorityCertificate",
"acm-pca:GetCertificate",
+ "acm-pca:GetPolicy",
"acm-pca:ListPermissions",
"acm-pca:ListTags"
],
@@ -1651,8 +3235,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJW77VE4UEBJ4PEXEY",
"PolicyName": "AWSCertificateManagerPrivateCAAuditor",
- "UpdateDate": "2019-03-14T17:17:38+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-08-17T22:54:12+00:00",
+ "VersionId": "v4"
},
"AWSCertificateManagerPrivateCAFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAFullAccess",
@@ -1680,11 +3264,74 @@ aws_managed_policies_data = """
"UpdateDate": "2018-10-23T16:54:50+00:00",
"VersionId": "v1"
},
+ "AWSCertificateManagerPrivateCAPrivilegedUser": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAPrivilegedUser",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-20T17:43:13+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "acm-pca:IssueCertificate"
+ ],
+ "Condition": {
+ "StringLike": {
+ "acm-pca:TemplateArn": [
+ "arn:aws:acm-pca:::template/*CACertificate*/V*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
+ },
+ {
+ "Action": [
+ "acm-pca:IssueCertificate"
+ ],
+ "Condition": {
+ "StringNotLike": {
+ "acm-pca:TemplateArn": [
+ "arn:aws:acm-pca:::template/*CACertificate*/V*"
+ ]
+ }
+ },
+ "Effect": "Deny",
+ "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
+ },
+ {
+ "Action": [
+ "acm-pca:RevokeCertificate",
+ "acm-pca:GetCertificate",
+ "acm-pca:ListPermissions"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
+ },
+ {
+ "Action": [
+ "acm-pca:ListCertificateAuthorities"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EQ6CWU5X5",
+ "PolicyName": "AWSCertificateManagerPrivateCAPrivilegedUser",
+ "UpdateDate": "2019-06-20T17:43:13+00:00",
+ "VersionId": "v1"
+ },
"AWSCertificateManagerPrivateCAReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-10-23T16:57:04+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": {
"Action": [
@@ -1694,6 +3341,7 @@ aws_managed_policies_data = """
"acm-pca:GetCertificateAuthorityCsr",
"acm-pca:GetCertificateAuthorityCertificate",
"acm-pca:GetCertificate",
+ "acm-pca:GetPolicy",
"acm-pca:ListPermissions",
"acm-pca:ListTags"
],
@@ -1708,19 +3356,46 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQAQT3WIXOXY7TD4A",
"PolicyName": "AWSCertificateManagerPrivateCAReadOnly",
- "UpdateDate": "2019-03-14T17:17:21+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-08-17T22:54:22+00:00",
+ "VersionId": "v3"
},
"AWSCertificateManagerPrivateCAUser": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAUser",
"AttachmentCount": 0,
"CreateDate": "2018-10-23T16:53:33+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
- "acm-pca:IssueCertificate",
+ "acm-pca:IssueCertificate"
+ ],
+ "Condition": {
+ "StringLike": {
+ "acm-pca:TemplateArn": [
+ "arn:aws:acm-pca:::template/EndEntityCertificate/V*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
+ },
+ {
+ "Action": [
+ "acm-pca:IssueCertificate"
+ ],
+ "Condition": {
+ "StringNotLike": {
+ "acm-pca:TemplateArn": [
+ "arn:aws:acm-pca:::template/EndEntityCertificate/V*"
+ ]
+ }
+ },
+ "Effect": "Deny",
+ "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
+ },
+ {
+ "Action": [
"acm-pca:RevokeCertificate",
"acm-pca:GetCertificate",
"acm-pca:ListPermissions"
@@ -1744,8 +3419,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBXCSJJULLMRWSNII",
"PolicyName": "AWSCertificateManagerPrivateCAUser",
- "UpdateDate": "2019-03-14T17:17:02+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-06-20T17:42:37+00:00",
+ "VersionId": "v4"
},
"AWSCertificateManagerReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly",
@@ -1774,11 +3449,52 @@ aws_managed_policies_data = """
"UpdateDate": "2016-04-21T15:08:16+00:00",
"VersionId": "v2"
},
+ "AWSChatbotServiceLinkedRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-18T16:39:50+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sns:ListSubscriptionsByTopic",
+ "sns:ListTopics",
+ "sns:Unsubscribe",
+ "sns:Subscribe",
+ "sns:ListSubscriptions"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:PutLogEvents",
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams",
+ "logs:CreateLogGroup",
+ "logs:DescribeLogGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/chatbot/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ID4WRYKST",
+ "PolicyName": "AWSChatbotServiceLinkedRolePolicy",
+ "UpdateDate": "2019-11-18T16:39:50+00:00",
+ "VersionId": "v1"
+ },
"AWSCloud9Administrator": {
"Arn": "arn:aws:iam::aws:policy/AWSCloud9Administrator",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:17:28+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -1803,6 +3519,28 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": "ssm:StartSession",
+ "Condition": {
+ "StringEquals": {
+ "aws:CalledViaFirst": "cloud9.amazonaws.com"
+ },
+ "StringLike": {
+ "ssm:resourceTag/aws:cloud9:environment": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": [
+ "ssm:StartSession"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/*"
+ ]
}
],
"Version": "2012-10-17"
@@ -1813,14 +3551,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQ4KWP455WDTCBGWK",
"PolicyName": "AWSCloud9Administrator",
- "UpdateDate": "2017-11-30T16:17:28+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-07-29T06:28:54+00:00",
+ "VersionId": "v2"
},
"AWSCloud9EnvironmentMember": {
"Arn": "arn:aws:iam::aws:policy/AWSCloud9EnvironmentMember",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:18:28+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -1847,6 +3585,28 @@ aws_managed_policies_data = """
"Resource": [
"*"
]
+ },
+ {
+ "Action": "ssm:StartSession",
+ "Condition": {
+ "StringEquals": {
+ "aws:CalledViaFirst": "cloud9.amazonaws.com"
+ },
+ "StringLike": {
+ "ssm:resourceTag/aws:cloud9:environment": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": [
+ "ssm:StartSession"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/*"
+ ]
}
],
"Version": "2012-10-17"
@@ -1857,14 +3617,44 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI54ULAIPVT5HFTYGK",
"PolicyName": "AWSCloud9EnvironmentMember",
- "UpdateDate": "2017-11-30T16:18:28+00:00",
+ "UpdateDate": "2020-07-29T06:29:08+00:00",
+ "VersionId": "v2"
+ },
+ "AWSCloud9SSMInstanceProfile": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-14T11:40:49+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ssmmessages:CreateControlChannel",
+ "ssmmessages:CreateDataChannel",
+ "ssmmessages:OpenControlChannel",
+ "ssmmessages:OpenDataChannel",
+ "ssm:UpdateInstanceInformation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IQOSNAKW6",
+ "PolicyName": "AWSCloud9SSMInstanceProfile",
+ "UpdateDate": "2020-05-14T11:40:49+00:00",
"VersionId": "v1"
},
"AWSCloud9ServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T13:44:08+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v7",
"Document": {
"Statement": [
{
@@ -1875,6 +3665,7 @@ aws_managed_policies_data = """
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeInstances",
+ "ec2:DescribeInstanceStatus",
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
@@ -1909,7 +3700,10 @@ aws_managed_policies_data = """
}
},
"Effect": "Allow",
- "Resource": "arn:aws:ec2:*:*:instance/*"
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*",
+ "arn:aws:ec2:*:*:security-group/*"
+ ]
},
{
"Action": [
@@ -1923,6 +3717,30 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:ListInstanceProfiles",
+ "iam:GetInstanceProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:instance-profile/cloud9/*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:PassedToService": "ec2.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/service-role/AWSCloud9SSMAccessRole"
+ ]
}
],
"Version": "2012-10-17"
@@ -1933,14 +3751,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFXGCBXQIZATFZ4YG",
"PolicyName": "AWSCloud9ServiceRolePolicy",
- "UpdateDate": "2018-02-27T10:20:24+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-10-06T12:43:49+00:00",
+ "VersionId": "v7"
},
"AWSCloud9User": {
"Arn": "arn:aws:iam::aws:policy/AWSCloud9User",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:16:17+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -2007,6 +3825,28 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": "ssm:StartSession",
+ "Condition": {
+ "StringEquals": {
+ "aws:CalledViaFirst": "cloud9.amazonaws.com"
+ },
+ "StringLike": {
+ "ssm:resourceTag/aws:cloud9:environment": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": [
+ "ssm:StartSession"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/*"
+ ]
}
],
"Version": "2012-10-17"
@@ -2017,14 +3857,40 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPFGFWQF67QVARP6U",
"PolicyName": "AWSCloud9User",
- "UpdateDate": "2018-07-02T08:46:37+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-07-29T06:26:43+00:00",
+ "VersionId": "v4"
+ },
+ "AWSCloudFormationFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-26T21:50:35+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudformation:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CRR3ZS723",
+ "PolicyName": "AWSCloudFormationFullAccess",
+ "UpdateDate": "2019-07-26T21:50:35+00:00",
+ "VersionId": "v1"
},
"AWSCloudFormationReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:49+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -2034,8 +3900,7 @@ aws_managed_policies_data = """
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:ValidateTemplate",
- "cloudformation:DetectStackDrift",
- "cloudformation:DetectStackResourceDrift"
+ "cloudformation:Detect*"
],
"Effect": "Allow",
"Resource": "*"
@@ -2049,14 +3914,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWVBEE4I2POWLODLW",
"PolicyName": "AWSCloudFormationReadOnlyAccess",
- "UpdateDate": "2019-02-06T22:16:02+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-11-13T17:40:07+00:00",
+ "VersionId": "v4"
},
"AWSCloudFrontLogger": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontLogger",
"AttachmentCount": 0,
"CreateDate": "2018-06-12T20:15:23+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -2066,7 +3931,7 @@ aws_managed_policies_data = """
"logs:PutLogEvents"
],
"Effect": "Allow",
- "Resource": "arn:aws:logs:*:*:/aws/cloudfront/*"
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/cloudfront/*"
}
],
"Version": "2012-10-17"
@@ -2077,8 +3942,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIOI7RPKLCNINBTRP4",
"PolicyName": "AWSCloudFrontLogger",
- "UpdateDate": "2018-06-12T20:15:23+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-11-22T19:33:51+00:00",
+ "VersionId": "v2"
},
"AWSCloudHSMFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess",
@@ -2199,7 +4064,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T23:57:31+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -2215,6 +4080,7 @@ aws_managed_policies_data = """
"route53:UpdateHealthCheck",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
+ "ec2:DescribeInstances",
"servicediscovery:*"
],
"Effect": "Allow",
@@ -2231,8 +4097,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZPIMAQZJS3WUXUJM",
"PolicyName": "AWSCloudMapFullAccess",
- "UpdateDate": "2018-11-28T23:57:31+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-07-29T19:15:35+00:00",
+ "VersionId": "v2"
},
"AWSCloudMapReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapReadOnlyAccess",
@@ -2268,7 +4134,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapRegisterInstanceAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-29T00:04:57+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -2284,7 +4150,8 @@ aws_managed_policies_data = """
"servicediscovery:List*",
"servicediscovery:RegisterInstance",
"servicediscovery:DeregisterInstance",
- "servicediscovery:DiscoverInstances"
+ "servicediscovery:DiscoverInstances",
+ "ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": [
@@ -2300,75 +4167,19 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4P5Z5HXVWJ75WQBC",
"PolicyName": "AWSCloudMapRegisterInstanceAccess",
- "UpdateDate": "2018-11-29T00:04:57+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-07-29T17:57:24+00:00",
+ "VersionId": "v2"
},
- "AWSCloudTrailFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess",
+ "AWSCloudShellFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess",
"AttachmentCount": 0,
- "CreateDate": "2015-02-06T18:39:58+00:00",
- "DefaultVersionId": "v7",
+ "CreateDate": "2020-12-15T18:07:44+00:00",
+ "DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
- "sns:AddPermission",
- "sns:CreateTopic",
- "sns:DeleteTopic",
- "sns:ListTopics",
- "sns:SetTopicAttributes",
- "sns:GetTopicAttributes"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "s3:CreateBucket",
- "s3:DeleteBucket",
- "s3:ListAllMyBuckets",
- "s3:PutBucketPolicy",
- "s3:ListBucket",
- "s3:GetObject",
- "s3:GetBucketLocation",
- "s3:GetBucketPolicy"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": "cloudtrail:*",
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "logs:CreateLogGroup"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "iam:PassRole",
- "iam:ListRoles",
- "iam:GetRolePolicy",
- "iam:GetUser"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "kms:ListKeys",
- "kms:ListAliases"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "lambda:ListFunctions"
+ "cloudshell:*"
],
"Effect": "Allow",
"Resource": "*"
@@ -2380,16 +4191,16 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAIQNUJTQYDRJPC3BNK",
- "PolicyName": "AWSCloudTrailFullAccess",
- "UpdateDate": "2019-05-21T23:39:06+00:00",
- "VersionId": "v7"
+ "PolicyId": "ANPAZKAPJZG4HEDUXFSA3",
+ "PolicyName": "AWSCloudShellFullAccess",
+ "UpdateDate": "2020-12-15T18:07:44+00:00",
+ "VersionId": "v1"
},
"AWSCloudTrailReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:59+00:00",
- "DefaultVersionId": "v7",
+ "DefaultVersionId": "v9",
"Document": {
"Statement": [
{
@@ -2402,12 +4213,15 @@ aws_managed_policies_data = """
},
{
"Action": [
+ "cloudtrail:GetTrail",
"cloudtrail:GetTrailStatus",
"cloudtrail:DescribeTrails",
+ "cloudtrail:ListTrails",
"cloudtrail:LookupEvents",
"cloudtrail:ListTags",
"cloudtrail:ListPublicKeys",
"cloudtrail:GetEventSelectors",
+ "cloudtrail:GetInsightSelectors",
"s3:ListAllMyBuckets",
"kms:ListAliases",
"lambda:ListFunctions"
@@ -2424,14 +4238,207 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJDU7KJADWBSEQ3E7S",
"PolicyName": "AWSCloudTrailReadOnlyAccess",
- "UpdateDate": "2017-12-11T19:51:37+00:00",
- "VersionId": "v7"
+ "UpdateDate": "2019-11-20T21:06:49+00:00",
+ "VersionId": "v9"
+ },
+ "AWSCloudTrail_FullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-08T23:41:15+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sns:AddPermission",
+ "sns:CreateTopic",
+ "sns:SetTopicAttributes",
+ "sns:GetTopicAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sns:*:*:aws-cloudtrail-logs*"
+ ]
+ },
+ {
+ "Action": [
+ "sns:ListTopics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:PutBucketPolicy",
+ "s3:PutBucketPublicAccessBlock"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::aws-cloudtrail-logs*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketLocation",
+ "s3:GetBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "cloudtrail:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:aws-cloudtrail-logs*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:ListRoles",
+ "iam:GetRolePolicy",
+ "iam:GetUser"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "cloudtrail.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:CreateKey",
+ "kms:CreateAlias",
+ "kms:ListKeys",
+ "kms:ListAliases"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "lambda:ListFunctions"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "dynamodb:ListGlobalTables",
+ "dynamodb:ListTables"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CA4SIJQAM",
+ "PolicyName": "AWSCloudTrail_FullAccess",
+ "UpdateDate": "2021-02-22T19:01:00+00:00",
+ "VersionId": "v3"
+ },
+ "AWSCodeArtifactAdminAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactAdminAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-16T23:53:23+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codeartifact:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "sts:GetServiceBearerToken",
+ "Condition": {
+ "StringEquals": {
+ "sts:AWSServiceName": "codeartifact.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MBONPJNI5",
+ "PolicyName": "AWSCodeArtifactAdminAccess",
+ "UpdateDate": "2020-06-16T23:53:23+00:00",
+ "VersionId": "v1"
+ },
+ "AWSCodeArtifactReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-25T21:23:52+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codeartifact:Describe*",
+ "codeartifact:Get*",
+ "codeartifact:List*",
+ "codeartifact:ReadFromRepository"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "sts:GetServiceBearerToken",
+ "Condition": {
+ "StringEquals": {
+ "sts:AWSServiceName": "codeartifact.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PVTKOJHFB",
+ "PolicyName": "AWSCodeArtifactReadOnlyAccess",
+ "UpdateDate": "2020-06-25T21:23:52+00:00",
+ "VersionId": "v1"
},
"AWSCodeBuildAdminAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T19:04:44+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v12",
"Document": {
"Statement": [
{
@@ -2448,6 +4455,7 @@ aws_managed_policies_data = """
"ec2:DescribeSubnets",
"ecr:DescribeRepositories",
"ecr:ListImages",
+ "elasticfilesystem:DescribeFileSystems",
"events:DeleteRule",
"events:DescribeRule",
"events:DisableRule",
@@ -2477,6 +4485,89 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*"
+ },
+ {
+ "Action": [
+ "ssm:StartSession"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ecs:*:*:task/*/*"
+ },
+ {
+ "Action": [
+ "codestar-connections:CreateConnection",
+ "codestar-connections:DeleteConnection",
+ "codestar-connections:UpdateConnectionInstallation",
+ "codestar-connections:TagResource",
+ "codestar-connections:UntagResource",
+ "codestar-connections:ListConnections",
+ "codestar-connections:ListInstallationTargets",
+ "codestar-connections:ListTagsForResource",
+ "codestar-connections:GetConnection",
+ "codestar-connections:GetIndividualAccessToken",
+ "codestar-connections:GetInstallationUrl",
+ "codestar-connections:PassConnection",
+ "codestar-connections:StartOAuthHandshake",
+ "codestar-connections:UseConnection"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:codestar-connections:*:*:connection/*",
+ "Sid": "CodeStarConnectionsReadWriteAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:CreateNotificationRule",
+ "codestar-notifications:DescribeNotificationRule",
+ "codestar-notifications:UpdateNotificationRule",
+ "codestar-notifications:DeleteNotificationRule",
+ "codestar-notifications:Subscribe",
+ "codestar-notifications:Unsubscribe"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadWriteAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListEventTypes",
+ "codestar-notifications:ListTargets",
+ "codestar-notifications:ListTagsforResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsListAccess"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:SetTopicAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:codestar-notifications*",
+ "Sid": "CodeStarNotificationsSNSTopicCreateAccess"
+ },
+ {
+ "Action": [
+ "sns:ListTopics",
+ "sns:GetTopicAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SNSTopicListAccess"
+ },
+ {
+ "Action": [
+ "chatbot:DescribeSlackChannelConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsChatbotAccess"
}
],
"Version": "2012-10-17"
@@ -2487,22 +4578,28 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQJGIOIE3CD2TQXDS",
"PolicyName": "AWSCodeBuildAdminAccess",
- "UpdateDate": "2018-11-15T21:21:56+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-09-14T16:03:39+00:00",
+ "VersionId": "v12"
},
"AWSCodeBuildDeveloperAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T19:02:32+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v13",
"Document": {
"Statement": [
{
"Action": [
"codebuild:StartBuild",
"codebuild:StopBuild",
+ "codebuild:StartBuildBatch",
+ "codebuild:StopBuildBatch",
+ "codebuild:RetryBuild",
+ "codebuild:RetryBuildBatch",
"codebuild:BatchGet*",
- "codebuild:Get*",
+ "codebuild:GetResourcePolicy",
+ "codebuild:DescribeTestCases",
+ "codebuild:DescribeCodeCoverages",
"codebuild:List*",
"codecommit:GetBranch",
"codecommit:GetCommit",
@@ -2525,6 +4622,67 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*"
+ },
+ {
+ "Action": [
+ "ssm:StartSession"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ecs:*:*:task/*/*"
+ },
+ {
+ "Action": [
+ "codestar-connections:ListConnections",
+ "codestar-connections:GetConnection"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:codestar-connections:*:*:connection/*",
+ "Sid": "CodeStarConnectionsUserAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:CreateNotificationRule",
+ "codestar-notifications:DescribeNotificationRule",
+ "codestar-notifications:UpdateNotificationRule",
+ "codestar-notifications:Subscribe",
+ "codestar-notifications:Unsubscribe"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadWriteAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListEventTypes",
+ "codestar-notifications:ListTargets",
+ "codestar-notifications:ListTagsforResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsListAccess"
+ },
+ {
+ "Action": [
+ "sns:ListTopics",
+ "sns:GetTopicAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SNSTopicListAccess"
+ },
+ {
+ "Action": [
+ "chatbot:DescribeSlackChannelConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsChatbotAccess"
}
],
"Version": "2012-10-17"
@@ -2535,21 +4693,23 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIMKTMR34XSBQW45HS",
"PolicyName": "AWSCodeBuildDeveloperAccess",
- "UpdateDate": "2018-11-15T21:32:53+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-09-14T16:03:44+00:00",
+ "VersionId": "v13"
},
"AWSCodeBuildReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T19:03:41+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v11",
"Document": {
"Statement": [
{
"Action": [
"codebuild:BatchGet*",
- "codebuild:Get*",
+ "codebuild:GetResourcePolicy",
"codebuild:List*",
+ "codebuild:DescribeTestCases",
+ "codebuild:DescribeCodeCoverages",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
@@ -2561,6 +4721,38 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "codestar-connections:ListConnections",
+ "codestar-connections:GetConnection"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:codestar-connections:*:*:connection/*",
+ "Sid": "CodeStarConnectionsUserAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:DescribeNotificationRule"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsPowerUserAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListEventTypes",
+ "codestar-notifications:ListTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsListAccess"
}
],
"Version": "2012-10-17"
@@ -2571,14 +4763,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJIZZWN6557F5HVP2K",
"PolicyName": "AWSCodeBuildReadOnlyAccess",
- "UpdateDate": "2018-11-15T21:38:34+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-09-14T16:04:04+00:00",
+ "VersionId": "v11"
},
"AWSCodeCommitFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:02:19+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v9",
"Document": {
"Statement": [
{
@@ -2645,9 +4837,7 @@ aws_managed_policies_data = """
"Action": [
"iam:ListAccessKeys",
"iam:ListSSHPublicKeys",
- "iam:ListServiceSpecificCredentials",
- "iam:ListAccessKeys",
- "iam:GetSSHPublicKey"
+ "iam:ListServiceSpecificCredentials"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
@@ -2675,6 +4865,101 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMSelfManageServiceSpecificCredentials"
+ },
+ {
+ "Action": [
+ "codestar-notifications:CreateNotificationRule",
+ "codestar-notifications:DescribeNotificationRule",
+ "codestar-notifications:UpdateNotificationRule",
+ "codestar-notifications:DeleteNotificationRule",
+ "codestar-notifications:Subscribe",
+ "codestar-notifications:Unsubscribe"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadWriteAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListTargets",
+ "codestar-notifications:ListTagsforResource",
+ "codestar-notifications:ListEventTypes"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsListAccess"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:SetTopicAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:codestar-notifications*",
+ "Sid": "CodeStarNotificationsSNSTopicCreateAccess"
+ },
+ {
+ "Action": [
+ "codeguru-reviewer:AssociateRepository",
+ "codeguru-reviewer:DescribeRepositoryAssociation",
+ "codeguru-reviewer:ListRepositoryAssociations",
+ "codeguru-reviewer:DisassociateRepository",
+ "codeguru-reviewer:DescribeCodeReview",
+ "codeguru-reviewer:ListCodeReviews"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AmazonCodeGuruReviewerFullAccess"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer",
+ "Sid": "AmazonCodeGuruReviewerSLRCreation"
+ },
+ {
+ "Action": [
+ "events:PutRule",
+ "events:PutTargets",
+ "events:DeleteRule",
+ "events:RemoveTargets"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "events:ManagedBy": "codeguru-reviewer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudWatchEventsManagedRules"
+ },
+ {
+ "Action": [
+ "chatbot:DescribeSlackChannelConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsChatbotAccess"
+ },
+ {
+ "Action": [
+ "codestar-connections:ListConnections",
+ "codestar-connections:GetConnection"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:codestar-connections:*:*:connection/*",
+ "Sid": "CodeStarConnectionsReadOnlyAccess"
}
],
"Version": "2012-10-17"
@@ -2685,29 +4970,35 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4VCZ3XPIZLQ5NZV2",
"PolicyName": "AWSCodeCommitFullAccess",
- "UpdateDate": "2017-11-20T20:04:31+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-07-30T23:17:35+00:00",
+ "VersionId": "v9"
},
"AWSCodeCommitPowerUser": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:06:49+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v14",
"Document": {
"Statement": [
{
"Action": [
+ "codecommit:AssociateApprovalRuleTemplateWithRepository",
+ "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories",
+ "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories",
"codecommit:BatchGet*",
"codecommit:BatchDescribe*",
- "codecommit:Get*",
- "codecommit:List*",
"codecommit:Create*",
"codecommit:DeleteBranch",
"codecommit:DeleteFile",
"codecommit:Describe*",
+ "codecommit:DisassociateApprovalRuleTemplateFromRepository",
+ "codecommit:EvaluatePullRequestApprovalRules",
+ "codecommit:Get*",
+ "codecommit:List*",
+ "codecommit:Merge*",
+ "codecommit:OverridePullRequestApprovalRules",
"codecommit:Put*",
"codecommit:Post*",
- "codecommit:Merge*",
"codecommit:TagResource",
"codecommit:Test*",
"codecommit:UntagResource",
@@ -2772,9 +5063,7 @@ aws_managed_policies_data = """
"Action": [
"iam:ListAccessKeys",
"iam:ListSSHPublicKeys",
- "iam:ListServiceSpecificCredentials",
- "iam:ListAccessKeys",
- "iam:GetSSHPublicKey"
+ "iam:ListServiceSpecificCredentials"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
@@ -2802,6 +5091,91 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMSelfManageServiceSpecificCredentials"
+ },
+ {
+ "Action": [
+ "codestar-notifications:CreateNotificationRule",
+ "codestar-notifications:DescribeNotificationRule",
+ "codestar-notifications:UpdateNotificationRule",
+ "codestar-notifications:Subscribe",
+ "codestar-notifications:Unsubscribe"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadWriteAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListTargets",
+ "codestar-notifications:ListTagsforResource",
+ "codestar-notifications:ListEventTypes"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsListAccess"
+ },
+ {
+ "Action": [
+ "codeguru-reviewer:AssociateRepository",
+ "codeguru-reviewer:DescribeRepositoryAssociation",
+ "codeguru-reviewer:ListRepositoryAssociations",
+ "codeguru-reviewer:DisassociateRepository",
+ "codeguru-reviewer:DescribeCodeReview",
+ "codeguru-reviewer:ListCodeReviews"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AmazonCodeGuruReviewerFullAccess"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer",
+ "Sid": "AmazonCodeGuruReviewerSLRCreation"
+ },
+ {
+ "Action": [
+ "events:PutRule",
+ "events:PutTargets",
+ "events:DeleteRule",
+ "events:RemoveTargets"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "events:ManagedBy": "codeguru-reviewer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudWatchEventsManagedRules"
+ },
+ {
+ "Action": [
+ "chatbot:DescribeSlackChannelConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsChatbotAccess"
+ },
+ {
+ "Action": [
+ "codestar-connections:ListConnections",
+ "codestar-connections:GetConnection"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:codestar-connections:*:*:connection/*",
+ "Sid": "CodeStarConnectionsReadOnlyAccess"
}
],
"Version": "2012-10-17"
@@ -2812,22 +5186,23 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4UIINUVGB5SEC57G",
"PolicyName": "AWSCodeCommitPowerUser",
- "UpdateDate": "2019-05-30T19:37:08+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-07-30T23:12:48+00:00",
+ "VersionId": "v14"
},
"AWSCodeCommitReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:05:06+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"codecommit:BatchGet*",
"codecommit:BatchDescribe*",
- "codecommit:Get*",
"codecommit:Describe*",
+ "codecommit:EvaluatePullRequestApprovalRules",
+ "codecommit:Get*",
"codecommit:List*",
"codecommit:GitPull"
],
@@ -2880,6 +5255,49 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMReadOnlyConsoleAccess"
+ },
+ {
+ "Action": [
+ "codestar-connections:ListConnections",
+ "codestar-connections:GetConnection"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:codestar-connections:*:*:connection/*",
+ "Sid": "CodeStarConnectionsReadOnlyAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:DescribeNotificationRule"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadOnlyAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListEventTypes",
+ "codestar-notifications:ListTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsListAccess"
+ },
+ {
+ "Action": [
+ "codeguru-reviewer:DescribeRepositoryAssociation",
+ "codeguru-reviewer:ListRepositoryAssociations",
+ "codeguru-reviewer:DescribeCodeReview",
+ "codeguru-reviewer:ListCodeReviews"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AmazonCodeGuruReviewerReadOnlyAccess"
}
],
"Version": "2012-10-17"
@@ -2890,14 +5308,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJACNSXR7Z2VLJW3D6",
"PolicyName": "AWSCodeCommitReadOnly",
- "UpdateDate": "2019-05-15T17:26:42+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-07-30T23:08:05+00:00",
+ "VersionId": "v10"
},
"AWSCodeDeployDeployerAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-19T18:18:43+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -2910,6 +5328,50 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "codestar-notifications:CreateNotificationRule",
+ "codestar-notifications:DescribeNotificationRule",
+ "codestar-notifications:UpdateNotificationRule",
+ "codestar-notifications:Subscribe",
+ "codestar-notifications:Unsubscribe"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadWriteAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListTargets",
+ "codestar-notifications:ListTagsforResource",
+ "codestar-notifications:ListEventTypes"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsListAccess"
+ },
+ {
+ "Action": [
+ "chatbot:DescribeSlackChannelConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsChatbotAccess"
+ },
+ {
+ "Action": [
+ "sns:ListTopics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SNSTopicListAccess"
}
],
"Version": "2012-10-17"
@@ -2920,20 +5382,74 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJUWEPOMGLMVXJAPUI",
"PolicyName": "AWSCodeDeployDeployerAccess",
- "UpdateDate": "2015-05-19T18:18:43+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-04-02T16:16:11+00:00",
+ "VersionId": "v3"
},
"AWSCodeDeployFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-19T18:13:23+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": "codedeploy:*",
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "codestar-notifications:CreateNotificationRule",
+ "codestar-notifications:DescribeNotificationRule",
+ "codestar-notifications:UpdateNotificationRule",
+ "codestar-notifications:DeleteNotificationRule",
+ "codestar-notifications:Subscribe",
+ "codestar-notifications:Unsubscribe"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadWriteAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListTargets",
+ "codestar-notifications:ListTagsforResource",
+ "codestar-notifications:ListEventTypes"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsListAccess"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:SetTopicAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:codestar-notifications*",
+ "Sid": "CodeStarNotificationsSNSTopicCreateAccess"
+ },
+ {
+ "Action": [
+ "chatbot:DescribeSlackChannelConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsChatbotAccess"
+ },
+ {
+ "Action": [
+ "sns:ListTopics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SNSTopicListAccess"
}
],
"Version": "2012-10-17"
@@ -2944,14 +5460,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIONKN3TJZUKXCHXWC",
"PolicyName": "AWSCodeDeployFullAccess",
- "UpdateDate": "2015-05-19T18:13:23+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-04-02T16:14:47+00:00",
+ "VersionId": "v3"
},
"AWSCodeDeployReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-19T18:21:32+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -2962,6 +5478,29 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "codestar-notifications:DescribeNotificationRule"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsPowerUserAccess"
+ },
+ {
+ "Action": [
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListEventTypes",
+ "codestar-notifications:ListTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsListAccess"
}
],
"Version": "2012-10-17"
@@ -2972,14 +5511,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILZHHKCKB4NE7XOIQ",
"PolicyName": "AWSCodeDeployReadOnlyAccess",
- "UpdateDate": "2015-05-19T18:21:32+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-04-02T16:20:09+00:00",
+ "VersionId": "v3"
},
"AWSCodeDeployRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole",
"AttachmentCount": 0,
"CreateDate": "2015-05-04T18:05:37+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -3001,6 +5540,7 @@ aws_managed_policies_data = """
"autoscaling:SuspendProcesses",
"autoscaling:ResumeProcesses",
"autoscaling:AttachLoadBalancers",
+ "autoscaling:AttachLoadBalancerTargetGroups",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
@@ -3010,7 +5550,6 @@ aws_managed_policies_data = """
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:TerminateInstances",
- "tag:GetTags",
"tag:GetResources",
"sns:Publish",
"cloudwatch:DescribeAlarms",
@@ -3036,14 +5575,40 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ2NKMKD73QS5NBFLA",
"PolicyName": "AWSCodeDeployRole",
- "UpdateDate": "2017-09-11T19:09:51+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-05-19T17:11:39+00:00",
+ "VersionId": "v8"
+ },
+ "AWSCodeDeployRoleForCloudFormation": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForCloudFormation",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-19T17:12:52+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "lambda:InvokeFunction"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CO24UTMFH",
+ "PolicyName": "AWSCodeDeployRoleForCloudFormation",
+ "UpdateDate": "2020-05-19T17:12:52+00:00",
+ "VersionId": "v1"
},
"AWSCodeDeployRoleForECS": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T20:40:57+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -3061,7 +5626,6 @@ aws_managed_policies_data = """
"cloudwatch:DescribeAlarms",
"sns:Publish",
"s3:GetObject",
- "s3:GetObjectMetadata",
"s3:GetObjectVersion"
],
"Effect": "Allow",
@@ -3090,14 +5654,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIIL3KXEKRGEN2HFIO",
"PolicyName": "AWSCodeDeployRoleForECS",
- "UpdateDate": "2018-12-19T17:57:04+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-09-23T22:37:46+00:00",
+ "VersionId": "v3"
},
"AWSCodeDeployRoleForECSLimited": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECSLimited",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T20:42:42+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -3139,7 +5703,6 @@ aws_managed_policies_data = """
{
"Action": [
"s3:GetObject",
- "s3:GetObjectMetadata",
"s3:GetObjectVersion"
],
"Condition": {
@@ -3176,14 +5739,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6Z7L2IOXEFFOGD2M",
"PolicyName": "AWSCodeDeployRoleForECSLimited",
- "UpdateDate": "2018-12-19T18:06:16+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-09-23T22:10:29+00:00",
+ "VersionId": "v3"
},
"AWSCodeDeployRoleForLambda": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T14:05:44+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -3191,6 +5754,7 @@ aws_managed_policies_data = """
"cloudwatch:DescribeAlarms",
"lambda:UpdateAlias",
"lambda:GetAlias",
+ "lambda:GetProvisionedConcurrencyConfig",
"sns:Publish"
],
"Effect": "Allow",
@@ -3233,8 +5797,65 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJA3RQZIKNOSJ4ZQSA",
"PolicyName": "AWSCodeDeployRoleForLambda",
- "UpdateDate": "2017-12-01T22:32:58+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-12-03T19:53:10+00:00",
+ "VersionId": "v3"
+ },
+ "AWSCodeDeployRoleForLambdaLimited": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-17T17:14:14+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudwatch:DescribeAlarms",
+ "lambda:UpdateAlias",
+ "lambda:GetAlias",
+ "lambda:GetProvisionedConcurrencyConfig"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:GetObjectVersion"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::*/CodeDeploy/*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:GetObjectVersion"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "s3:ExistingObjectTag/UseWithCodeDeploy": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "lambda:InvokeFunction"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4C55RUFGEB",
+ "PolicyName": "AWSCodeDeployRoleForLambdaLimited",
+ "UpdateDate": "2020-08-17T17:14:14+00:00",
+ "VersionId": "v1"
},
"AWSCodePipelineApproverAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess",
@@ -3301,20 +5922,194 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T16:58:07+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"codepipeline:*",
+ "cloudformation:DescribeStacks",
+ "cloudformation:ListChangeSets",
+ "cloudtrail:CreateTrail",
+ "cloudtrail:DescribeTrails",
+ "cloudtrail:GetEventSelectors",
+ "cloudtrail:PutEventSelectors",
+ "cloudtrail:StartLogging",
+ "codebuild:BatchGetProjects",
+ "codebuild:CreateProject",
+ "codebuild:ListCuratedEnvironmentImages",
+ "codebuild:ListProjects",
+ "codecommit:GetBranch",
+ "codecommit:GetRepositoryTriggers",
+ "codecommit:ListBranches",
+ "codecommit:ListRepositories",
+ "codecommit:PutRepositoryTriggers",
+ "codecommit:GetReferences",
+ "codedeploy:GetApplication",
+ "codedeploy:BatchGetApplications",
+ "codedeploy:GetDeploymentGroup",
+ "codedeploy:BatchGetDeploymentGroups",
+ "codedeploy:ListApplications",
+ "codedeploy:ListDeploymentGroups",
+ "devicefarm:GetDevicePool",
+ "devicefarm:GetProject",
+ "devicefarm:ListDevicePools",
+ "devicefarm:ListProjects",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ecr:DescribeRepositories",
+ "ecr:ListImages",
+ "ecs:ListClusters",
+ "ecs:ListServices",
+ "elasticbeanstalk:DescribeApplications",
+ "elasticbeanstalk:DescribeEnvironments",
"iam:ListRoles",
- "iam:PassRole",
+ "iam:GetRole",
+ "lambda:GetFunctionConfiguration",
+ "lambda:ListFunctions",
+ "events:ListRules",
+ "events:ListTargetsByRule",
+ "events:DescribeRule",
+ "opsworks:DescribeApps",
+ "opsworks:DescribeLayers",
+ "opsworks:DescribeStacks",
+ "s3:GetBucketPolicy",
+ "s3:GetBucketVersioning",
+ "s3:GetObjectVersion",
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "sns:ListTopics",
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListTargets",
+ "codestar-notifications:ListTagsforResource",
+ "codestar-notifications:ListEventTypes",
+ "states:ListStateMachines"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
"s3:CreateBucket",
+ "s3:PutBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3::*:codepipeline-*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "events.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/service-role/cwe-role-*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "codepipeline.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "events:PutRule",
+ "events:PutTargets",
+ "events:DeleteRule",
+ "events:DisableRule",
+ "events:RemoveTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:events:*:*:rule/codepipeline-*"
+ ]
+ },
+ {
+ "Action": [
+ "codestar-notifications:CreateNotificationRule",
+ "codestar-notifications:DescribeNotificationRule",
+ "codestar-notifications:UpdateNotificationRule",
+ "codestar-notifications:DeleteNotificationRule",
+ "codestar-notifications:Subscribe",
+ "codestar-notifications:Unsubscribe"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadWriteAccess"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:SetTopicAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:codestar-notifications*",
+ "Sid": "CodeStarNotificationsSNSTopicCreateAccess"
+ },
+ {
+ "Action": [
+ "chatbot:DescribeSlackChannelConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsChatbotAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAJP5LH77KSAT2KHQGG",
+ "PolicyName": "AWSCodePipelineFullAccess",
+ "UpdateDate": "2020-05-21T22:03:13+00:00",
+ "VersionId": "v10"
+ },
+ "AWSCodePipelineReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2015-07-09T16:43:57+00:00",
+ "DefaultVersionId": "v9",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codepipeline:GetPipeline",
+ "codepipeline:GetPipelineState",
+ "codepipeline:GetPipelineExecution",
+ "codepipeline:ListPipelineExecutions",
+ "codepipeline:ListActionExecutions",
+ "codepipeline:ListActionTypes",
+ "codepipeline:ListPipelines",
+ "codepipeline:ListTagsForResource",
+ "iam:ListRoles",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
- "s3:PutBucketPolicy",
"codecommit:ListBranches",
"codecommit:ListRepositories",
"codedeploy:GetApplication",
@@ -3328,60 +6123,25 @@ aws_managed_policies_data = """
"opsworks:DescribeApps",
"opsworks:DescribeLayers",
"opsworks:DescribeStacks",
- "cloudformation:DescribeStacks",
- "cloudformation:ListChangeSets"
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListEventTypes",
+ "codestar-notifications:ListTargets"
],
"Effect": "Allow",
"Resource": "*"
- }
- ],
- "Version": "2012-10-17"
- },
- "IsAttachable": true,
- "IsDefaultVersion": true,
- "Path": "/",
- "PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAJP5LH77KSAT2KHQGG",
- "PolicyName": "AWSCodePipelineFullAccess",
- "UpdateDate": "2016-11-01T19:59:46+00:00",
- "VersionId": "v5"
- },
- "AWSCodePipelineReadOnlyAccess": {
- "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess",
- "AttachmentCount": 0,
- "CreateDate": "2015-07-09T16:43:57+00:00",
- "DefaultVersionId": "v6",
- "Document": {
- "Statement": [
+ },
{
"Action": [
- "codepipeline:GetPipeline",
- "codepipeline:GetPipelineState",
- "codepipeline:GetPipelineExecution",
- "codepipeline:ListPipelineExecutions",
- "codepipeline:ListActionTypes",
- "codepipeline:ListPipelines",
- "iam:ListRoles",
- "s3:GetBucketPolicy",
- "s3:GetObject",
- "s3:ListAllMyBuckets",
- "s3:ListBucket",
- "codecommit:ListBranches",
- "codecommit:ListRepositories",
- "codedeploy:GetApplication",
- "codedeploy:GetDeploymentGroup",
- "codedeploy:ListApplications",
- "codedeploy:ListDeploymentGroups",
- "elasticbeanstalk:DescribeApplications",
- "elasticbeanstalk:DescribeEnvironments",
- "lambda:GetFunctionConfiguration",
- "lambda:ListFunctions",
- "opsworks:DescribeApps",
- "opsworks:DescribeLayers",
- "opsworks:DescribeStacks"
+ "codestar-notifications:DescribeNotificationRule"
],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*"
+ }
+ },
"Effect": "Allow",
- "Resource": "*"
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadOnlyAccess"
}
],
"Version": "2012-10-17"
@@ -3392,8 +6152,232 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILFKZXIBOTNC5TO2Q",
"PolicyName": "AWSCodePipelineReadOnlyAccess",
- "UpdateDate": "2017-08-02T17:25:18+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-03-26T16:07:17+00:00",
+ "VersionId": "v9"
+ },
+ "AWSCodePipeline_FullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-03T22:38:28+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codepipeline:*",
+ "cloudformation:DescribeStacks",
+ "cloudformation:ListChangeSets",
+ "cloudtrail:DescribeTrails",
+ "codebuild:BatchGetProjects",
+ "codebuild:CreateProject",
+ "codebuild:ListCuratedEnvironmentImages",
+ "codebuild:ListProjects",
+ "codecommit:ListBranches",
+ "codecommit:GetReferences",
+ "codecommit:ListRepositories",
+ "codedeploy:BatchGetDeploymentGroups",
+ "codedeploy:ListApplications",
+ "codedeploy:ListDeploymentGroups",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ecr:DescribeRepositories",
+ "ecr:ListImages",
+ "ecs:ListClusters",
+ "ecs:ListServices",
+ "elasticbeanstalk:DescribeApplications",
+ "elasticbeanstalk:DescribeEnvironments",
+ "iam:ListRoles",
+ "iam:GetRole",
+ "lambda:ListFunctions",
+ "events:ListRules",
+ "events:ListTargetsByRule",
+ "events:DescribeRule",
+ "opsworks:DescribeApps",
+ "opsworks:DescribeLayers",
+ "opsworks:DescribeStacks",
+ "s3:ListAllMyBuckets",
+ "sns:ListTopics",
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListTargets",
+ "codestar-notifications:ListTagsforResource",
+ "codestar-notifications:ListEventTypes",
+ "states:ListStateMachines"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:ListBucket",
+ "s3:GetBucketPolicy",
+ "s3:GetBucketVersioning",
+ "s3:GetObjectVersion",
+ "s3:CreateBucket",
+ "s3:PutBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3::*:codepipeline-*"
+ },
+ {
+ "Action": [
+ "cloudtrail:PutEventSelectors",
+ "cloudtrail:CreateTrail",
+ "cloudtrail:GetEventSelectors",
+ "cloudtrail:StartLogging"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudtrail:*:*:trail/codepipeline-source-trail"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "events.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/service-role/cwe-role-*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "codepipeline.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "events:PutRule",
+ "events:PutTargets",
+ "events:DeleteRule",
+ "events:DisableRule",
+ "events:RemoveTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:events:*:*:rule/codepipeline-*"
+ ]
+ },
+ {
+ "Action": [
+ "codestar-notifications:CreateNotificationRule",
+ "codestar-notifications:DescribeNotificationRule",
+ "codestar-notifications:UpdateNotificationRule",
+ "codestar-notifications:DeleteNotificationRule",
+ "codestar-notifications:Subscribe",
+ "codestar-notifications:Unsubscribe"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadWriteAccess"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:SetTopicAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:codestar-notifications*",
+ "Sid": "CodeStarNotificationsSNSTopicCreateAccess"
+ },
+ {
+ "Action": [
+ "chatbot:DescribeSlackChannelConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsChatbotAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4A6ZKP3LKA",
+ "PolicyName": "AWSCodePipeline_FullAccess",
+ "UpdateDate": "2020-08-03T22:38:28+00:00",
+ "VersionId": "v1"
+ },
+ "AWSCodePipeline_ReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_ReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-03T22:25:17+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codepipeline:GetPipeline",
+ "codepipeline:GetPipelineState",
+ "codepipeline:GetPipelineExecution",
+ "codepipeline:ListPipelineExecutions",
+ "codepipeline:ListActionExecutions",
+ "codepipeline:ListActionTypes",
+ "codepipeline:ListPipelines",
+ "codepipeline:ListTagsForResource",
+ "s3:ListAllMyBuckets",
+ "codestar-notifications:ListNotificationRules",
+ "codestar-notifications:ListEventTypes",
+ "codestar-notifications:ListTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:ListBucket",
+ "s3:GetBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3::*:codepipeline-*"
+ },
+ {
+ "Action": [
+ "codestar-notifications:DescribeNotificationRule"
+ ],
+ "Condition": {
+ "StringLike": {
+ "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeStarNotificationsReadOnlyAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IGBTPGT6W",
+ "PolicyName": "AWSCodePipeline_ReadOnlyAccess",
+ "UpdateDate": "2020-08-03T22:25:17+00:00",
+ "VersionId": "v1"
},
"AWSCodeStarFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeStarFullAccess",
@@ -3438,11 +6422,70 @@ aws_managed_policies_data = """
"UpdateDate": "2018-01-10T21:54:06+00:00",
"VersionId": "v2"
},
+ "AWSCodeStarNotificationsServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-05T16:10:21+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "events:PutTargets",
+ "events:PutRule",
+ "events:DescribeRule"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:events:*:*:rule/awscodestarnotifications-*"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:CodeStarNotifications-*"
+ },
+ {
+ "Action": [
+ "codecommit:GetCommentsForPullRequest",
+ "codecommit:GetCommentsForComparedCommit",
+ "chatbot:DescribeSlackChannelConfigurations",
+ "chatbot:UpdateSlackChannelConfiguration",
+ "codecommit:GetDifferences",
+ "codepipeline:ListActionExecutions"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "codecommit:GetFile"
+ ],
+ "Condition": {
+ "StringNotEquals": {
+ "aws:ResourceTag/ExcludeFileContentFromNotifications": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BGRXOB2GH",
+ "PolicyName": "AWSCodeStarNotificationsServiceRolePolicy",
+ "UpdateDate": "2020-03-19T16:01:55+00:00",
+ "VersionId": "v4"
+ },
"AWSCodeStarServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole",
"AttachmentCount": 0,
"CreateDate": "2017-04-19T15:20:50+00:00",
- "DefaultVersionId": "v9",
+ "DefaultVersionId": "v10",
"Document": {
"Statement": [
{
@@ -3626,6 +6669,26 @@ aws_managed_policies_data = """
"*"
],
"Sid": "DescribeConfigRuleForARN"
+ },
+ {
+ "Action": [
+ "codestar-connections:UseConnection",
+ "codestar-connections:GetConnection"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ProjectCodeStarConnections"
+ },
+ {
+ "Action": "codestar-connections:PassConnection",
+ "Condition": {
+ "ForAnyValue:StringEqualsIfExists": {
+ "codestar-connections:PassedToService": "codepipeline.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ProjectCodeStarConnectionsPassConnections"
}
],
"Version": "2012-10-17"
@@ -3636,33 +6699,280 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIN6D4M2KD3NBOC4M4",
"PolicyName": "AWSCodeStarServiceRole",
- "UpdateDate": "2019-04-24T19:25:28+00:00",
- "VersionId": "v9"
+ "UpdateDate": "2021-02-15T22:25:37+00:00",
+ "VersionId": "v10"
+ },
+ "AWSCompromisedKeyQuarantine": {
+ "Arn": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantine",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-11T18:04:13+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iam:AttachGroupPolicy",
+ "iam:AttachRolePolicy",
+ "iam:AttachUserPolicy",
+ "iam:ChangePassword",
+ "iam:CreateAccessKey",
+ "iam:CreateInstanceProfile",
+ "iam:CreateLoginProfile",
+ "iam:CreateRole",
+ "iam:CreateUser",
+ "iam:DetachUserPolicy",
+ "iam:PutUserPermissionsBoundary",
+ "iam:PutUserPolicy",
+ "iam:UpdateAccessKey",
+ "iam:UpdateAccountPasswordPolicy",
+ "iam:UpdateUser",
+ "ec2:RequestSpotInstances",
+ "ec2:RunInstances",
+ "ec2:StartInstances",
+ "organizations:CreateAccount",
+ "organizations:CreateOrganization",
+ "organizations:InviteAccountToOrganization",
+ "lambda:CreateFunction",
+ "lightsail:Create*",
+ "lightsail:Start*",
+ "lightsail:Delete*",
+ "lightsail:Update*",
+ "lightsail:GetInstanceAccessDetails",
+ "lightsail:DownloadDefaultKeyPair"
+ ],
+ "Effect": "Deny",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PLD3NKX4L",
+ "PolicyName": "AWSCompromisedKeyQuarantine",
+ "UpdateDate": "2020-08-11T18:04:13+00:00",
+ "VersionId": "v1"
+ },
+ "AWSConfigMultiAccountSetupPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigMultiAccountSetupPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-17T18:03:16+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "config:PutConfigRule",
+ "config:DeleteConfigRule"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-multiaccountsetup.amazonaws.com/*"
+ },
+ {
+ "Action": [
+ "config:DescribeConfigurationRecorders"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "organizations:ListAccounts",
+ "organizations:DescribeOrganization",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:DescribeAccount"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "config:PutConformancePack",
+ "config:DeleteConformancePack",
+ "config:DescribeConformancePackStatus"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:config:*:*:conformance-pack/aws-service-conformance-pack/config-multiaccountsetup.amazonaws.com/*"
+ },
+ {
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "config-conforms.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "ssm.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4L5NAGNGTD",
+ "PolicyName": "AWSConfigMultiAccountSetupPolicy",
+ "UpdateDate": "2020-05-21T22:59:26+00:00",
+ "VersionId": "v4"
+ },
+ "AWSConfigRemediationServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigRemediationServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-18T21:21:35+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ssm:GetDocument",
+ "ssm:DescribeDocument",
+ "ssm:StartAutomationExecution"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "ssm.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BC7ZOM6NP",
+ "PolicyName": "AWSConfigRemediationServiceRolePolicy",
+ "UpdateDate": "2019-06-18T21:21:35+00:00",
+ "VersionId": "v1"
},
"AWSConfigRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRole",
"AttachmentCount": 0,
"CreateDate": "2015-04-02T17:36:23+00:00",
- "DefaultVersionId": "v25",
+ "DefaultVersionId": "v36",
"Document": {
"Statement": [
{
"Action": [
+ "acm:DescribeCertificate",
+ "acm:ListCertificates",
+ "acm:ListTagsForCertificate",
+ "application-autoscaling:DescribeScalableTargets",
+ "application-autoscaling:DescribeScalingPolicies",
+ "autoscaling:DescribeAutoScalingGroups",
+ "autoscaling:DescribeLaunchConfigurations",
+ "autoscaling:DescribeLifecycleHooks",
+ "autoscaling:DescribePolicies",
+ "autoscaling:DescribeScheduledActions",
+ "autoscaling:DescribeTags",
+ "backup:ListBackupPlans",
+ "backup:ListBackupSelections",
+ "backup:GetBackupSelection",
+ "cloudfront:ListTagsForResource",
+ "cloudformation:describeType",
+ "cloudformation:listTypes",
"cloudtrail:DescribeTrails",
- "ec2:Describe*",
- "config:Put*",
- "config:Get*",
- "config:List*",
- "config:Describe*",
- "config:BatchGet*",
- "config:Select*",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
- "s3:GetObject",
+ "cloudwatch:DescribeAlarms",
+ "codepipeline:GetPipeline",
+ "codepipeline:GetPipelineState",
+ "codepipeline:ListPipelines",
+ "config:BatchGet*",
+ "config:Describe*",
+ "config:Get*",
+ "config:List*",
+ "config:Put*",
+ "config:Select*",
+ "dax:DescribeClusters",
+ "dms:DescribeReplicationInstances",
+ "dynamodb:DescribeContinuousBackups",
+ "dynamodb:DescribeLimits",
+ "dynamodb:DescribeTable",
+ "dynamodb:ListTables",
+ "dynamodb:ListTagsOfResource",
+ "ec2:Describe*",
+ "ec2:GetEbsEncryptionByDefault",
+ "ecr:DescribeRepositories",
+ "ecr:GetLifecyclePolicy",
+ "ecr:GetRepositoryPolicy",
+ "ecr:ListTagsForResource",
+ "ecs:DescribeClusters",
+ "ecs:DescribeServices",
+ "ecs:DescribeTaskDefinition",
+ "ecs:DescribeTaskSets",
+ "ecs:ListClusters",
+ "ecs:ListServices",
+ "ecs:ListTagsForResource",
+ "ecs:ListTaskDefinitions",
+ "eks:DescribeCluster",
+ "eks:DescribeNodegroup",
+ "eks:ListClusters",
+ "eks:ListNodegroups",
+ "elasticache:DescribeCacheClusters",
+ "elasticache:DescribeReplicationGroups",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticfilesystem:DescribeLifecycleConfiguration",
+ "elasticfilesystem:DescribeMountTargets",
+ "elasticfilesystem:DescribeMountTargetSecurityGroups",
+ "elasticloadbalancing:DescribeListeners",
+ "elasticloadbalancing:DescribeLoadBalancerAttributes",
+ "elasticloadbalancing:DescribeLoadBalancerPolicies",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:DescribeRules",
+ "elasticloadbalancing:DescribeTags",
+ "elasticmapreduce:DescribeCluster",
+ "elasticmapreduce:DescribeSecurityConfiguration",
+ "elasticmapreduce:GetBlockPublicAccessConfiguration",
+ "elasticmapreduce:ListClusters",
+ "elasticmapreduce:ListInstances",
+ "es:DescribeElasticsearchDomain",
+ "es:DescribeElasticsearchDomains",
+ "es:ListDomainNames",
+ "es:ListTags",
+ "guardduty:GetDetector",
+ "guardduty:GetFindings",
+ "guardduty:GetMasterAccount",
+ "guardduty:ListDetectors",
+ "guardduty:ListFindings",
+ "iam:GenerateCredentialReport",
"iam:GetAccountAuthorizationDetails",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
+ "iam:GetCredentialReport",
"iam:GetGroup",
"iam:GetGroupPolicy",
"iam:GetPolicy",
@@ -3671,8 +6981,6 @@ aws_managed_policies_data = """
"iam:GetRolePolicy",
"iam:GetUser",
"iam:GetUserPolicy",
- "iam:GenerateCredentialReport",
- "iam:GetCredentialReport",
"iam:ListAttachedGroupPolicies",
"iam:ListAttachedRolePolicies",
"iam:ListAttachedUserPolicies",
@@ -3684,13 +6992,21 @@ aws_managed_policies_data = """
"iam:ListRolePolicies",
"iam:ListUserPolicies",
"iam:ListVirtualMFADevices",
- "elasticloadbalancing:DescribeLoadBalancers",
- "elasticloadbalancing:DescribeLoadBalancerAttributes",
- "elasticloadbalancing:DescribeLoadBalancerPolicies",
- "elasticloadbalancing:DescribeTags",
- "acm:DescribeCertificate",
- "acm:ListCertificates",
- "acm:ListTagsForCertificate",
+ "kms:DescribeKey",
+ "kms:GetKeyPolicy",
+ "kms:GetKeyRotationStatus",
+ "kms:ListKeys",
+ "kms:ListResourceTags",
+ "lambda:GetAlias",
+ "lambda:GetFunction",
+ "lambda:GetPolicy",
+ "lambda:ListAliases",
+ "lambda:ListFunctions",
+ "logs:DescribeLogGroups",
+ "organizations:DescribeOrganization",
+ "rds:DescribeDBClusters",
+ "rds:DescribeDBClusterSnapshotAttributes",
+ "rds:DescribeDBClusterSnapshots",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshotAttributes",
@@ -3698,25 +7014,6 @@ aws_managed_policies_data = """
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventSubscriptions",
"rds:ListTagsForResource",
- "rds:DescribeDBClusters",
- "s3:GetAccelerateConfiguration",
- "s3:GetBucketAcl",
- "s3:GetBucketCORS",
- "s3:GetBucketLocation",
- "s3:GetBucketLogging",
- "s3:GetBucketNotification",
- "s3:GetBucketPolicy",
- "s3:GetBucketRequestPayment",
- "s3:GetBucketTagging",
- "s3:GetBucketVersioning",
- "s3:GetBucketWebsite",
- "s3:GetLifecycleConfiguration",
- "s3:GetReplicationConfiguration",
- "s3:ListAllMyBuckets",
- "s3:ListBucket",
- "s3:GetEncryptionConfiguration",
- "s3:GetBucketPublicAccessBlock",
- "s3:GetAccountPublicAccessBlock",
"redshift:DescribeClusterParameterGroups",
"redshift:DescribeClusterParameters",
"redshift:DescribeClusterSecurityGroups",
@@ -3725,41 +7022,57 @@ aws_managed_policies_data = """
"redshift:DescribeClusters",
"redshift:DescribeEventSubscriptions",
"redshift:DescribeLoggingStatus",
- "dynamodb:DescribeLimits",
- "dynamodb:DescribeTable",
- "dynamodb:ListTables",
- "dynamodb:ListTagsOfResource",
- "cloudwatch:DescribeAlarms",
- "application-autoscaling:DescribeScalableTargets",
- "application-autoscaling:DescribeScalingPolicies",
- "autoscaling:DescribeAutoScalingGroups",
- "autoscaling:DescribeLaunchConfigurations",
- "autoscaling:DescribeLifecycleHooks",
- "autoscaling:DescribePolicies",
- "autoscaling:DescribeScheduledActions",
- "autoscaling:DescribeTags",
- "lambda:GetFunction",
- "lambda:GetPolicy",
- "lambda:ListFunctions",
- "lambda:GetAlias",
- "lambda:ListAliases",
- "waf-regional:GetWebACLForResource",
- "waf-regional:GetWebACL",
- "cloudfront:ListTagsForResource",
- "guardduty:ListDetectors",
- "guardduty:GetMasterAccount",
- "guardduty:GetDetector",
- "codepipeline:ListPipelines",
- "codepipeline:GetPipeline",
- "codepipeline:GetPipelineState",
- "kms:ListKeys",
- "kms:GetKeyRotationStatus",
- "kms:DescribeKey",
- "ssm:DescribeDocument",
- "ssm:GetDocument",
+ "s3:GetAccelerateConfiguration",
+ "s3:GetAccountPublicAccessBlock",
+ "s3:GetBucketAcl",
+ "s3:GetBucketCORS",
+ "s3:GetBucketLocation",
+ "s3:GetBucketLogging",
+ "s3:GetBucketNotification",
+ "s3:GetBucketObjectLockConfiguration",
+ "s3:GetBucketPolicy",
+ "s3:GetBucketPublicAccessBlock",
+ "s3:GetBucketRequestPayment",
+ "s3:GetBucketTagging",
+ "s3:GetBucketVersioning",
+ "s3:GetBucketWebsite",
+ "s3:GetEncryptionConfiguration",
+ "s3:GetLifecycleConfiguration",
+ "s3:GetObject",
+ "s3:GetReplicationConfiguration",
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "sagemaker:DescribeEndpointConfig",
+ "sagemaker:DescribeNotebookInstance",
+ "sagemaker:ListEndpointConfigs",
+ "sagemaker:ListNotebookInstances",
+ "secretsmanager:ListSecrets",
+ "secretsmanager:ListSecretVersionIds",
+ "securityhub:describeHub",
+ "shield:DescribeDRTAccess",
+ "shield:DescribeProtection",
+ "shield:DescribeSubscription",
+ "sns:GetTopicAttributes",
+ "sns:ListSubscriptions",
+ "sns:ListTagsForResource",
+ "sns:ListTopics",
+ "sqs:GetQueueAttributes",
+ "sqs:ListQueues",
+ "sqs:ListQueueTags",
"ssm:DescribeAutomationExecutions",
+ "ssm:DescribeDocument",
"ssm:GetAutomationExecution",
- "shield:DescribeProtection"
+ "ssm:GetDocument",
+ "storagegateway:ListGateways",
+ "storagegateway:ListVolumes",
+ "support:DescribeCases",
+ "tag:GetResources",
+ "waf:GetLoggingConfiguration",
+ "waf:GetWebACL",
+ "wafv2:GetLoggingConfiguration",
+ "waf-regional:GetLoggingConfiguration",
+ "waf-regional:GetWebACL",
+ "waf-regional:GetWebACLForResource"
],
"Effect": "Allow",
"Resource": "*"
@@ -3773,21 +7086,22 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQRXRDRGJUA33ELIO",
"PolicyName": "AWSConfigRole",
- "UpdateDate": "2019-05-13T21:29:39+00:00",
- "VersionId": "v25"
+ "UpdateDate": "2021-01-29T19:22:20+00:00",
+ "VersionId": "v36"
},
"AWSConfigRoleForOrganizations": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
"AttachmentCount": 0,
"CreateDate": "2018-03-19T22:53:01+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"organizations:ListAccounts",
"organizations:DescribeOrganization",
- "organizations:ListAWSServiceAccessForOrganization"
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:ListDelegatedAdministrators"
],
"Effect": "Allow",
"Resource": "*"
@@ -3801,8 +7115,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIEHGYAUTHXSXZAW2E",
"PolicyName": "AWSConfigRoleForOrganizations",
- "UpdateDate": "2018-03-19T22:53:01+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-11-24T20:19:13+00:00",
+ "VersionId": "v2"
},
"AWSConfigRulesExecutionRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole",
@@ -3846,27 +7160,98 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-30T23:31:46+00:00",
- "DefaultVersionId": "v11",
+ "DefaultVersionId": "v22",
"Document": {
"Statement": [
{
"Action": [
+ "acm:DescribeCertificate",
+ "acm:ListCertificates",
+ "acm:ListTagsForCertificate",
+ "application-autoscaling:DescribeScalableTargets",
+ "application-autoscaling:DescribeScalingPolicies",
+ "autoscaling:DescribeAutoScalingGroups",
+ "autoscaling:DescribeLaunchConfigurations",
+ "autoscaling:DescribeLifecycleHooks",
+ "autoscaling:DescribePolicies",
+ "autoscaling:DescribeScheduledActions",
+ "autoscaling:DescribeTags",
+ "backup:ListBackupPlans",
+ "backup:ListBackupSelections",
+ "backup:GetBackupSelection",
+ "cloudfront:ListTagsForResource",
+ "cloudformation:describeType",
+ "cloudformation:listTypes",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
- "ec2:Describe*",
- "config:Put*",
- "config:Get*",
- "config:List*",
- "config:Describe*",
- "config:BatchGet*",
- "config:Select*",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
+ "cloudwatch:DescribeAlarms",
+ "codepipeline:GetPipeline",
+ "codepipeline:GetPipelineState",
+ "codepipeline:ListPipelines",
+ "config:BatchGet*",
+ "config:Describe*",
+ "config:Get*",
+ "config:List*",
+ "config:Put*",
+ "config:Select*",
+ "dax:DescribeClusters",
+ "dms:DescribeReplicationInstances",
+ "dynamodb:DescribeContinuousBackups",
+ "dynamodb:DescribeLimits",
+ "dynamodb:DescribeTable",
+ "dynamodb:ListTables",
+ "dynamodb:ListTagsOfResource",
+ "ec2:Describe*",
+ "ec2:GetEbsEncryptionByDefault",
+ "ecr:DescribeRepositories",
+ "ecr:GetLifecyclePolicy",
+ "ecr:GetRepositoryPolicy",
+ "ecr:ListTagsForResource",
+ "ecs:DescribeClusters",
+ "ecs:DescribeServices",
+ "ecs:DescribeTaskDefinition",
+ "ecs:DescribeTaskSets",
+ "ecs:ListClusters",
+ "ecs:ListServices",
+ "ecs:ListTagsForResource",
+ "ecs:ListTaskDefinitions",
+ "eks:DescribeCluster",
+ "eks:DescribeNodegroup",
+ "eks:ListClusters",
+ "eks:ListNodegroups",
+ "elasticache:DescribeCacheClusters",
+ "elasticache:DescribeReplicationGroups",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticfilesystem:DescribeLifecycleConfiguration",
+ "elasticfilesystem:DescribeMountTargets",
+ "elasticfilesystem:DescribeMountTargetSecurityGroups",
+ "elasticloadbalancing:DescribeListeners",
+ "elasticloadbalancing:DescribeLoadBalancerAttributes",
+ "elasticloadbalancing:DescribeLoadBalancerPolicies",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:DescribeRules",
+ "elasticloadbalancing:DescribeTags",
+ "elasticmapreduce:DescribeCluster",
+ "elasticmapreduce:DescribeSecurityConfiguration",
+ "elasticmapreduce:GetBlockPublicAccessConfiguration",
+ "elasticmapreduce:ListClusters",
+ "elasticmapreduce:ListInstances",
+ "es:DescribeElasticsearchDomain",
+ "es:DescribeElasticsearchDomains",
+ "es:ListDomainNames",
+ "es:ListTags",
+ "guardduty:GetDetector",
+ "guardduty:GetFindings",
+ "guardduty:GetMasterAccount",
+ "guardduty:ListDetectors",
+ "guardduty:ListFindings",
"iam:GenerateCredentialReport",
- "iam:GetCredentialReport",
"iam:GetAccountAuthorizationDetails",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
+ "iam:GetCredentialReport",
"iam:GetGroup",
"iam:GetGroupPolicy",
"iam:GetPolicy",
@@ -3886,13 +7271,21 @@ aws_managed_policies_data = """
"iam:ListRolePolicies",
"iam:ListUserPolicies",
"iam:ListVirtualMFADevices",
- "elasticloadbalancing:DescribeLoadBalancers",
- "elasticloadbalancing:DescribeLoadBalancerAttributes",
- "elasticloadbalancing:DescribeLoadBalancerPolicies",
- "elasticloadbalancing:DescribeTags",
- "acm:DescribeCertificate",
- "acm:ListCertificates",
- "acm:ListTagsForCertificate",
+ "kms:DescribeKey",
+ "kms:GetKeyPolicy",
+ "kms:GetKeyRotationStatus",
+ "kms:ListKeys",
+ "kms:ListResourceTags",
+ "lambda:GetAlias",
+ "lambda:GetFunction",
+ "lambda:GetPolicy",
+ "lambda:ListAliases",
+ "lambda:ListFunctions",
+ "logs:DescribeLogGroups",
+ "organizations:DescribeOrganization",
+ "rds:DescribeDBClusters",
+ "rds:DescribeDBClusterSnapshotAttributes",
+ "rds:DescribeDBClusterSnapshots",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshotAttributes",
@@ -3900,25 +7293,6 @@ aws_managed_policies_data = """
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventSubscriptions",
"rds:ListTagsForResource",
- "rds:DescribeDBClusters",
- "s3:GetAccelerateConfiguration",
- "s3:GetBucketAcl",
- "s3:GetBucketCORS",
- "s3:GetBucketLocation",
- "s3:GetBucketLogging",
- "s3:GetBucketNotification",
- "s3:GetBucketPolicy",
- "s3:GetBucketRequestPayment",
- "s3:GetBucketTagging",
- "s3:GetBucketVersioning",
- "s3:GetBucketWebsite",
- "s3:GetLifecycleConfiguration",
- "s3:GetReplicationConfiguration",
- "s3:ListAllMyBuckets",
- "s3:ListBucket",
- "s3:GetEncryptionConfiguration",
- "s3:GetBucketPublicAccessBlock",
- "s3:GetAccountPublicAccessBlock",
"redshift:DescribeClusterParameterGroups",
"redshift:DescribeClusterParameters",
"redshift:DescribeClusterSecurityGroups",
@@ -3927,41 +7301,56 @@ aws_managed_policies_data = """
"redshift:DescribeClusters",
"redshift:DescribeEventSubscriptions",
"redshift:DescribeLoggingStatus",
- "dynamodb:DescribeLimits",
- "dynamodb:DescribeTable",
- "dynamodb:ListTables",
- "dynamodb:ListTagsOfResource",
- "cloudwatch:DescribeAlarms",
- "application-autoscaling:DescribeScalableTargets",
- "application-autoscaling:DescribeScalingPolicies",
- "autoscaling:DescribeAutoScalingGroups",
- "autoscaling:DescribeLaunchConfigurations",
- "autoscaling:DescribeLifecycleHooks",
- "autoscaling:DescribePolicies",
- "autoscaling:DescribeScheduledActions",
- "autoscaling:DescribeTags",
- "lambda:GetFunction",
- "lambda:GetPolicy",
- "lambda:ListFunctions",
- "lambda:GetAlias",
- "lambda:ListAliases",
- "waf-regional:GetWebACLForResource",
- "waf-regional:GetWebACL",
- "cloudfront:ListTagsForResource",
- "guardduty:ListDetectors",
- "guardduty:GetMasterAccount",
- "guardduty:GetDetector",
- "codepipeline:ListPipelines",
- "codepipeline:GetPipeline",
- "codepipeline:GetPipelineState",
- "kms:ListKeys",
- "kms:GetKeyRotationStatus",
- "kms:DescribeKey",
- "ssm:DescribeDocument",
- "ssm:GetDocument",
+ "s3:GetAccelerateConfiguration",
+ "s3:GetAccountPublicAccessBlock",
+ "s3:GetBucketAcl",
+ "s3:GetBucketCORS",
+ "s3:GetBucketLocation",
+ "s3:GetBucketLogging",
+ "s3:GetBucketNotification",
+ "s3:GetBucketObjectLockConfiguration",
+ "s3:GetBucketPolicy",
+ "s3:GetBucketPublicAccessBlock",
+ "s3:GetBucketRequestPayment",
+ "s3:GetBucketTagging",
+ "s3:GetBucketVersioning",
+ "s3:GetBucketWebsite",
+ "s3:GetEncryptionConfiguration",
+ "s3:GetLifecycleConfiguration",
+ "s3:GetReplicationConfiguration",
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "sagemaker:DescribeEndpointConfig",
+ "sagemaker:DescribeNotebookInstance",
+ "sagemaker:ListEndpointConfigs",
+ "sagemaker:ListNotebookInstances",
+ "secretsmanager:ListSecrets",
+ "secretsmanager:ListSecretVersionIds",
+ "securityhub:describeHub",
+ "shield:DescribeDRTAccess",
+ "shield:DescribeProtection",
+ "shield:DescribeSubscription",
+ "sns:GetTopicAttributes",
+ "sns:ListSubscriptions",
+ "sns:ListTagsForResource",
+ "sns:ListTopics",
+ "sqs:GetQueueAttributes",
+ "sqs:ListQueues",
+ "sqs:ListQueueTags",
"ssm:DescribeAutomationExecutions",
+ "ssm:DescribeDocument",
"ssm:GetAutomationExecution",
- "shield:DescribeProtection"
+ "ssm:GetDocument",
+ "storagegateway:ListGateways",
+ "storagegateway:ListVolumes",
+ "support:DescribeCases",
+ "tag:GetResources",
+ "waf:GetLoggingConfiguration",
+ "waf:GetWebACL",
+ "wafv2:GetLoggingConfiguration",
+ "waf-regional:GetLoggingConfiguration",
+ "waf-regional:GetWebACL",
+ "waf-regional:GetWebACLForResource"
],
"Effect": "Allow",
"Resource": "*"
@@ -3975,8 +7364,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJUCWFHNZER665LLQQ",
"PolicyName": "AWSConfigServiceRolePolicy",
- "UpdateDate": "2019-05-13T21:18:44+00:00",
- "VersionId": "v11"
+ "UpdateDate": "2021-01-29T19:19:53+00:00",
+ "VersionId": "v22"
},
"AWSConfigUserAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSConfigUserAccess",
@@ -4110,9 +7499,31 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AWSControlTowerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-05-03T18:19:11+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
+ {
+ "Action": [
+ "cloudformation:CreateStack",
+ "cloudformation:CreateStackInstances",
+ "cloudformation:CreateStackSet",
+ "cloudformation:DeleteStack",
+ "cloudformation:DeleteStackInstances",
+ "cloudformation:DeleteStackSet",
+ "cloudformation:DescribeStackInstance",
+ "cloudformation:DescribeStacks",
+ "cloudformation:DescribeStackSet",
+ "cloudformation:DescribeStackSetOperation",
+ "cloudformation:ListStackInstances",
+ "cloudformation:UpdateStack",
+ "cloudformation:UpdateStackInstances",
+ "cloudformation:UpdateStackSet"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:type/resource/AWS-IAM-Role"
+ ]
+ },
{
"Action": [
"cloudformation:CreateStack",
@@ -4135,7 +7546,8 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:cloudformation:*:*:stack/AWSControlTower*/*",
"arn:aws:cloudformation:*:*:stack/StackSet-AWSControlTower*/*",
- "arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*"
+ "arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*",
+ "arn:aws:cloudformation:*:*:stackset-target/AWSControlTower*/*"
]
},
{
@@ -4194,6 +7606,7 @@ aws_managed_policies_data = """
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListPoliciesForTarget",
+ "organizations:ListTargetsForPolicy",
"organizations:ListRoots",
"organizations:MoveAccount",
"servicecatalog:AssociatePrincipalWithPortfolio"
@@ -4218,8 +7631,33 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AWSControlTowerStackSetRole",
- "arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole"
+ "arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole",
+ "arn:aws:iam::*:role/service-role/AWSControlTowerConfigAggregatorRoleForOrganizations"
]
+ },
+ {
+ "Action": [
+ "config:DeleteConfigurationAggregator",
+ "config:PutConfigurationAggregator",
+ "config:TagResource"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:ResourceTag/aws-control-tower": "managed-by-control-tower"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "organizations:EnableAWSServiceAccess",
+ "Condition": {
+ "StringLike": {
+ "organizations:ServicePrincipal": "config.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -4230,14 +7668,390 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MW35THVLF",
"PolicyName": "AWSControlTowerServiceRolePolicy",
- "UpdateDate": "2019-05-23T19:14:24+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-11-10T21:08:05+00:00",
+ "VersionId": "v6"
+ },
+ "AWSDataExchangeFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-13T19:27:59+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "dataexchange:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "s3:GetObject",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "dataexchange.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::*aws-data-exchange*"
+ },
+ {
+ "Action": "s3:GetObject",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "dataexchange.amazonaws.com"
+ ]
+ },
+ "StringEqualsIgnoreCase": {
+ "s3:ExistingObjectTag/AWSDataExchange": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:PutObject",
+ "s3:PutObjectAcl"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "dataexchange.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::*aws-data-exchange*"
+ },
+ {
+ "Action": [
+ "s3:GetBucketLocation",
+ "s3:ListBucket",
+ "s3:ListAllMyBuckets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-marketplace:DescribeEntity",
+ "aws-marketplace:ListEntities",
+ "aws-marketplace:StartChangeSet",
+ "aws-marketplace:ListChangeSets",
+ "aws-marketplace:DescribeChangeSet",
+ "aws-marketplace:CancelChangeSet",
+ "aws-marketplace:GetAgreementApprovalRequest",
+ "aws-marketplace:ListAgreementApprovalRequests",
+ "aws-marketplace:AcceptAgreementApprovalRequest",
+ "aws-marketplace:RejectAgreementApprovalRequest",
+ "aws-marketplace:UpdateAgreementApprovalRequest"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-marketplace:Subscribe",
+ "aws-marketplace:Unsubscribe",
+ "aws-marketplace:ViewSubscriptions",
+ "aws-marketplace:GetAgreementRequest",
+ "aws-marketplace:ListAgreementRequests",
+ "aws-marketplace:CancelAgreementRequest"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:DescribeKey",
+ "kms:ListAliases",
+ "kms:ListKeys"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MPDTDB3FH",
+ "PolicyName": "AWSDataExchangeFullAccess",
+ "UpdateDate": "2021-01-19T19:42:47+00:00",
+ "VersionId": "v3"
+ },
+ "AWSDataExchangeProviderFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeProviderFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-13T19:27:55+00:00",
+ "DefaultVersionId": "v5",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "dataexchange:CreateDataSet",
+ "dataexchange:CreateRevision",
+ "dataexchange:CreateAsset",
+ "dataexchange:Get*",
+ "dataexchange:Update*",
+ "dataexchange:List*",
+ "dataexchange:Delete*",
+ "dataexchange:TagResource",
+ "dataexchange:UntagResource",
+ "tag:GetTagKeys",
+ "tag:GetTagValues"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "dataexchange:CreateJob",
+ "dataexchange:StartJob",
+ "dataexchange:CancelJob"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "dataexchange:JobType": [
+ "IMPORT_ASSETS_FROM_S3",
+ "IMPORT_ASSET_FROM_SIGNED_URL",
+ "EXPORT_ASSETS_TO_S3",
+ "EXPORT_ASSET_TO_SIGNED_URL"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "s3:GetObject",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "dataexchange.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::*aws-data-exchange*"
+ },
+ {
+ "Action": "s3:GetObject",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "dataexchange.amazonaws.com"
+ ]
+ },
+ "StringEqualsIgnoreCase": {
+ "s3:ExistingObjectTag/AWSDataExchange": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:PutObject",
+ "s3:PutObjectAcl"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "dataexchange.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::*aws-data-exchange*"
+ },
+ {
+ "Action": [
+ "s3:GetBucketLocation",
+ "s3:ListBucket",
+ "s3:ListAllMyBuckets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-marketplace:DescribeEntity",
+ "aws-marketplace:ListEntities",
+ "aws-marketplace:DescribeChangeSet",
+ "aws-marketplace:ListChangeSets",
+ "aws-marketplace:StartChangeSet",
+ "aws-marketplace:CancelChangeSet",
+ "aws-marketplace:GetAgreementApprovalRequest",
+ "aws-marketplace:ListAgreementApprovalRequests",
+ "aws-marketplace:AcceptAgreementApprovalRequest",
+ "aws-marketplace:RejectAgreementApprovalRequest",
+ "aws-marketplace:UpdateAgreementApprovalRequest"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:DescribeKey",
+ "kms:ListAliases",
+ "kms:ListKeys"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MQSUGZZPZ",
+ "PolicyName": "AWSDataExchangeProviderFullAccess",
+ "UpdateDate": "2021-01-14T21:20:09+00:00",
+ "VersionId": "v5"
+ },
+ "AWSDataExchangeReadOnly": {
+ "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeReadOnly",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-13T19:27:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "dataexchange:Get*",
+ "dataexchange:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-marketplace:ViewSubscriptions",
+ "aws-marketplace:GetAgreementRequest",
+ "aws-marketplace:ListAgreementRequests",
+ "aws-marketplace:GetAgreementApprovalRequest",
+ "aws-marketplace:ListAgreementApprovalRequests",
+ "aws-marketplace:DescribeEntity",
+ "aws-marketplace:ListEntities",
+ "aws-marketplace:DescribeChangeSet",
+ "aws-marketplace:ListChangeSets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4DQNFEZURI",
+ "PolicyName": "AWSDataExchangeReadOnly",
+ "UpdateDate": "2019-11-13T19:27:37+00:00",
+ "VersionId": "v1"
+ },
+ "AWSDataExchangeSubscriberFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeSubscriberFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-13T19:27:52+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "dataexchange:Get*",
+ "dataexchange:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "dataexchange:CreateJob",
+ "dataexchange:StartJob",
+ "dataexchange:CancelJob"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "dataexchange:JobType": [
+ "EXPORT_ASSETS_TO_S3",
+ "EXPORT_ASSET_TO_SIGNED_URL",
+ "EXPORT_REVISIONS_TO_S3"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "s3:GetObject",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "dataexchange.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::*aws-data-exchange*"
+ },
+ {
+ "Action": [
+ "s3:GetBucketLocation",
+ "s3:ListBucket",
+ "s3:ListAllMyBuckets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-marketplace:Subscribe",
+ "aws-marketplace:Unsubscribe",
+ "aws-marketplace:ViewSubscriptions",
+ "aws-marketplace:GetAgreementRequest",
+ "aws-marketplace:ListAgreementRequests",
+ "aws-marketplace:CancelAgreementRequest"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:DescribeKey",
+ "kms:ListAliases",
+ "kms:ListKeys"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MAWRW4GF7",
+ "PolicyName": "AWSDataExchangeSubscriberFullAccess",
+ "UpdateDate": "2021-02-08T23:34:25+00:00",
+ "VersionId": "v4"
},
"AWSDataLifecycleManagerServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole",
"AttachmentCount": 0,
"CreateDate": "2018-07-06T19:34:16+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -4247,7 +8061,13 @@ aws_managed_policies_data = """
"ec2:DeleteSnapshot",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
- "ec2:DescribeSnapshots"
+ "ec2:DescribeSnapshots",
+ "ec2:EnableFastSnapshotRestores",
+ "ec2:DescribeFastSnapshotRestores",
+ "ec2:DisableFastSnapshotRestores",
+ "ec2:CopySnapshot",
+ "ec2:ModifySnapshotAttribute",
+ "ec2:DescribeSnapshotAttribute"
],
"Effect": "Allow",
"Resource": "*"
@@ -4258,6 +8078,20 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
+ },
+ {
+ "Action": [
+ "events:PutRule",
+ "events:DeleteRule",
+ "events:DescribeRule",
+ "events:EnableRule",
+ "events:DisableRule",
+ "events:ListTargetsByRule",
+ "events:PutTargets",
+ "events:RemoveTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:events:*:*:rule/AwsDataLifecycleRule.managed-cwe.*"
}
],
"Version": "2012-10-17"
@@ -4268,8 +8102,62 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZRLOKFUFE7YXQOJS",
"PolicyName": "AWSDataLifecycleManagerServiceRole",
- "UpdateDate": "2019-05-29T16:44:12+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-12-11T18:15:06+00:00",
+ "VersionId": "v6"
+ },
+ "AWSDataLifecycleManagerServiceRoleForAMIManagement": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRoleForAMIManagement",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-21T19:39:41+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "ec2:CreateTags",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*::snapshot/*",
+ "arn:aws:ec2:*::image/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:DescribeImages",
+ "ec2:DescribeInstances",
+ "ec2:DescribeImageAttribute",
+ "ec2:DescribeVolumes",
+ "ec2:DescribeSnapshots"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ec2:DeleteSnapshot",
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*::snapshot/*"
+ },
+ {
+ "Action": [
+ "ec2:ResetImageAttribute",
+ "ec2:DeregisterImage",
+ "ec2:CreateImage",
+ "ec2:CopyImage",
+ "ec2:ModifyImageAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MG6O7FWSP",
+ "PolicyName": "AWSDataLifecycleManagerServiceRoleForAMIManagement",
+ "UpdateDate": "2020-10-21T19:39:41+00:00",
+ "VersionId": "v1"
},
"AWSDataPipelineRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole",
@@ -4468,7 +8356,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSDataSyncFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-18T19:40:36+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -4481,12 +8369,14 @@ aws_managed_policies_data = """
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:ModifyNetworkInterfaceAttribute",
+ "fsx:DescribeFileSystems",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"iam:GetRole",
"iam:ListRoles",
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
+ "logs:DescribeResourcePolicies",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
@@ -4516,14 +8406,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJGOHCDUQULZJKDGT4",
"PolicyName": "AWSDataSyncFullAccess",
- "UpdateDate": "2019-01-18T19:40:36+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-06-30T17:58:58+00:00",
+ "VersionId": "v3"
},
"AWSDataSyncReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDataSyncReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-18T19:18:44+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -4534,9 +8424,11 @@ aws_managed_policies_data = """
"ec2:DescribeSubnets",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
+ "fsx:DescribeFileSystems",
"iam:GetRole",
"iam:ListRoles",
"logs:DescribeLogGroups",
+ "logs:DescribeResourcePolicies",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
@@ -4552,21 +8444,20 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJRYVEZEDR7ZEAGYLY",
"PolicyName": "AWSDataSyncReadOnlyAccess",
- "UpdateDate": "2019-01-18T19:18:44+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-06-30T17:59:22+00:00",
+ "VersionId": "v3"
},
"AWSDeepLensLambdaFunctionAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSDeepLensLambdaFunctionAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T15:47:18+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
- "s3:GetObject",
- "s3:ListObjects"
+ "s3:GetObject"
],
"Effect": "Allow",
"Resource": [
@@ -4618,14 +8509,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIKIEE4PRM54V4G3ZG",
"PolicyName": "AWSDeepLensLambdaFunctionAccessPolicy",
- "UpdateDate": "2018-05-29T22:08:02+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-06-11T23:11:55+00:00",
+ "VersionId": "v4"
},
"AWSDeepLensServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepLensServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T15:46:36+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -4908,25 +8799,25 @@ aws_managed_policies_data = """
},
{
"Action": [
- "acuity:CreateStream",
- "acuity:DescribeStream",
- "acuity:DeleteStream"
+ "kinesisvideo:CreateStream",
+ "kinesisvideo:DescribeStream",
+ "kinesisvideo:DeleteStream"
],
"Effect": "Allow",
"Resource": [
- "arn:aws:acuity:*:*:stream/deeplens*/*"
+ "arn:aws:kinesisvideo:*:*:stream/deeplens*/*"
],
- "Sid": "DeepLensAcuityStreamAccess"
+ "Sid": "DeepLensKinesisVideoStreamAccess"
},
{
"Action": [
- "acuity:GetDataEndpoint"
+ "kinesisvideo:GetDataEndpoint"
],
"Effect": "Allow",
"Resource": [
"*"
],
- "Sid": "DeepLensAcuityEndpointAccess"
+ "Sid": "DeepLensKinesisVideoEndpointAccess"
}
],
"Version": "2012-10-17"
@@ -4937,14 +8828,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJK2Z2S7FPJFCYGR72",
"PolicyName": "AWSDeepLensServiceRolePolicy",
- "UpdateDate": "2018-06-07T21:25:01+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2019-09-25T19:25:06+00:00",
+ "VersionId": "v6"
},
"AWSDeepRacerCloudFormationAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSDeepRacerCloudFormationAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-02-28T21:59:49+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -4971,6 +8862,7 @@ aws_managed_policies_data = """
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
+ "ec2:CreateVpcEndpoint",
"ec2:DeleteInternetGateway",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkAcl",
@@ -4981,6 +8873,7 @@ aws_managed_policies_data = """
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVpc",
+ "ec2:DeleteVpcEndpoints",
"ec2:DescribeAddresses",
"ec2:DescribeInternetGateways",
"ec2:DescribeNatGateways",
@@ -4989,9 +8882,11 @@ aws_managed_policies_data = """
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
+ "ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:DetachInternetGateway",
"ec2:DisassociateRouteTable",
+ "ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ReleaseAddress",
"ec2:ReplaceNetworkAclAssociation",
@@ -5000,6 +8895,64 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringLikeIfExists": {
+ "iam:PassedToService": "lambda.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/service-role/AWSDeepRacerLambdaAccessRole"
+ },
+ {
+ "Action": [
+ "lambda:CreateFunction",
+ "lambda:GetFunction",
+ "lambda:DeleteFunction",
+ "lambda:TagResource",
+ "lambda:UpdateFunctionCode"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:function:*DeepRacer*",
+ "arn:aws:lambda:*:*:function:*Deepracer*",
+ "arn:aws:lambda:*:*:function:*deepracer*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:PutBucketPolicy",
+ "s3:CreateBucket",
+ "s3:ListBucket",
+ "s3:GetBucketAcl",
+ "s3:DeleteBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*DeepRacer*",
+ "arn:aws:s3:::*Deepracer*",
+ "arn:aws:s3:::*deepracer*"
+ ]
+ },
+ {
+ "Action": [
+ "robomaker:CreateSimulationApplication",
+ "robomaker:CreateSimulationApplicationVersion",
+ "robomaker:DeleteSimulationApplication",
+ "robomaker:DescribeSimulationApplication",
+ "robomaker:ListSimulationApplications",
+ "robomaker:TagResource",
+ "robomaker:UpdateSimulationApplication"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:robomaker:*:*:/createSimulationApplication",
+ "arn:aws:robomaker:*:*:simulation-application/deepracer*"
+ ]
}
],
"Version": "2012-10-17"
@@ -5010,7 +8963,58 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYG7FM75UF5CW5ICS",
"PolicyName": "AWSDeepRacerCloudFormationAccessPolicy",
- "UpdateDate": "2019-02-28T21:59:49+00:00",
+ "UpdateDate": "2019-06-14T17:02:04+00:00",
+ "VersionId": "v2"
+ },
+ "AWSDeepRacerFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-05T22:03:10+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:ListAllMyBuckets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:DeleteObject",
+ "s3:DeleteObjectVersion",
+ "s3:GetBucketPolicy",
+ "s3:PutBucketPolicy",
+ "s3:ListBucket",
+ "s3:GetBucketAcl",
+ "s3:GetObject",
+ "s3:GetObjectVersion",
+ "s3:GetObjectAcl",
+ "s3:GetBucketLocation"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*DeepRacer*",
+ "arn:aws:s3:::*Deepracer*",
+ "arn:aws:s3:::*deepracer*",
+ "arn:aws:s3:::dr-*",
+ "arn:aws:s3:::*DeepRacer*/*",
+ "arn:aws:s3:::*Deepracer*/*",
+ "arn:aws:s3:::*deepracer*/*",
+ "arn:aws:s3:::dr-*/*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JFTOPTVBM",
+ "PolicyName": "AWSDeepRacerFullAccess",
+ "UpdateDate": "2020-10-05T22:03:10+00:00",
"VersionId": "v1"
},
"AWSDeepRacerRoboMakerAccessPolicy": {
@@ -5110,7 +9114,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-02-28T21:58:09+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -5124,7 +9128,6 @@ aws_managed_policies_data = """
"Action": [
"robomaker:*",
"sagemaker:*",
- "sts:*",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
@@ -5249,8 +9252,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJTUAQLIAVBJ7LZ32S",
"PolicyName": "AWSDeepRacerServiceRolePolicy",
- "UpdateDate": "2019-04-06T04:08:05+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-06-12T20:55:34+00:00",
+ "VersionId": "v3"
},
"AWSDenyAll": {
"Arn": "arn:aws:iam::aws:policy/AWSDenyAll",
@@ -5336,12 +9339,13 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:08+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"directconnect:Describe*",
+ "directconnect:List*",
"ec2:DescribeVpnGateways",
"ec2:DescribeTransitGateways"
],
@@ -5357,14 +9361,44 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI23HZ27SI6FQMGNQ2",
"PolicyName": "AWSDirectConnectReadOnlyAccess",
- "UpdateDate": "2019-04-30T15:23:18+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-05-18T18:48:22+00:00",
+ "VersionId": "v4"
+ },
+ "AWSDirectConnectServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSDirectConnectServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-01-14T18:35:27+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:ListSecretVersionIds",
+ "secretsmanager:GetSecretValue"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:secretsmanager:*:*:secret:*directconnect*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4O7743JCTQ",
+ "PolicyName": "AWSDirectConnectServiceRolePolicy",
+ "UpdateDate": "2021-01-14T18:35:27+00:00",
+ "VersionId": "v1"
},
"AWSDirectoryServiceFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:11+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -5415,10 +9449,8 @@ aws_managed_policies_data = """
"organizations:DisableAWSServiceAccess"
],
"Condition": {
- "ForAllValues:StringLike": {
- "organizations:ServicePrincipal": [
- "ds.amazonaws.com"
- ]
+ "StringEquals": {
+ "organizations:ServicePrincipal": "ds.amazonaws.com"
}
},
"Effect": "Allow",
@@ -5444,8 +9476,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINAW5ANUWTH3R4ANI",
"PolicyName": "AWSDirectoryServiceFullAccess",
- "UpdateDate": "2019-02-05T20:29:43+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-11-24T23:24:10+00:00",
+ "VersionId": "v5"
},
"AWSDirectoryServiceReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess",
@@ -5541,7 +9573,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2FleetServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-03-21T00:08:55+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -5597,6 +9629,20 @@ aws_managed_policies_data = """
"arn:aws:ec2:*:*:spot-instances-request/*"
]
},
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:CreateAction": "RunInstances"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:volume/*"
+ ]
+ },
{
"Action": [
"ec2:TerminateInstances"
@@ -5618,14 +9664,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJCL355O4TC27CPKVC",
"PolicyName": "AWSEC2FleetServiceRolePolicy",
- "UpdateDate": "2018-04-19T21:37:07+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-05-04T20:10:31+00:00",
+ "VersionId": "v3"
},
"AWSEC2SpotFleetServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-10-23T19:13:06+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -5665,7 +9711,9 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
- "arn:aws:ec2:*:*:spot-instances-request/*"
+ "arn:aws:ec2:*:*:spot-instances-request/*",
+ "arn:aws:ec2:*:*:spot-fleet-request/*",
+ "arn:aws:ec2:*:*:volume/*"
]
},
{
@@ -5679,6 +9727,24 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/*"
+ ]
+ },
+ {
+ "Action": [
+ "elasticloadbalancing:RegisterTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:elasticloadbalancing:*:*:*/*"
+ ]
}
],
"Version": "2012-10-17"
@@ -5689,12 +9755,12 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILWCVTZD57EMYWMBO",
"PolicyName": "AWSEC2SpotFleetServiceRolePolicy",
- "UpdateDate": "2018-03-28T19:04:33+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-03-16T19:16:21+00:00",
+ "VersionId": "v4"
},
"AWSEC2SpotServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2017-09-18T18:51:54+00:00",
"DefaultVersionId": "v4",
"Document": {
@@ -5904,7 +9970,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:18+00:00",
- "DefaultVersionId": "v7",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -5981,6 +10047,20 @@ aws_managed_policies_data = """
"arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*"
]
},
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*"
+ ]
+ },
{
"Action": [
"iam:AttachRolePolicy"
@@ -5994,7 +10074,7 @@ aws_managed_policies_data = """
}
},
"Effect": "Allow",
- "Resource": "*"
+ "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk*"
}
],
"Version": "2012-10-17"
@@ -6005,31 +10085,39 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZYX2YLLBW2LJVUFW",
"PolicyName": "AWSElasticBeanstalkFullAccess",
- "UpdateDate": "2018-02-23T19:36:01+00:00",
- "VersionId": "v7"
+ "UpdateDate": "2019-07-10T19:27:59+00:00",
+ "VersionId": "v8"
},
"AWSElasticBeanstalkMaintenance": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkMaintenance",
"AttachmentCount": 0,
"CreateDate": "2019-01-11T23:22:52+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
- "Statement": {
- "Action": [
- "cloudformation:CreateChangeSet",
- "cloudformation:DescribeChangeSet",
- "cloudformation:ExecuteChangeSet",
- "cloudformation:DeleteChangeSet",
- "cloudformation:ListChangeSets",
- "cloudformation:DescribeStacks"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:cloudformation:*:*:stack/awseb-*",
- "arn:aws:cloudformation:*:*:stack/eb-*"
- ],
- "Sid": "AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks"
- },
+ "Statement": [
+ {
+ "Action": [
+ "cloudformation:CreateChangeSet",
+ "cloudformation:DescribeChangeSet",
+ "cloudformation:ExecuteChangeSet",
+ "cloudformation:DeleteChangeSet",
+ "cloudformation:ListChangeSets",
+ "cloudformation:DescribeStacks"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/awseb-*",
+ "arn:aws:cloudformation:*:*:stack/eb-*"
+ ],
+ "Sid": "AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks"
+ },
+ {
+ "Action": "elasticloadbalancing:DescribeLoadBalancers",
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowElasticBeanstalkStacksUpdateExecuteSuccessfully"
+ }
+ ],
"Version": "2012-10-17"
},
"IsAttachable": true,
@@ -6038,8 +10126,207 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQPH22XGBH2VV2LSW",
"PolicyName": "AWSElasticBeanstalkMaintenance",
- "UpdateDate": "2019-01-11T23:22:52+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-06-04T17:48:27+00:00",
+ "VersionId": "v2"
+ },
+ "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkManagedUpdatesServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-21T22:35:06+00:00",
+ "DefaultVersionId": "v5",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringLikeIfExists": {
+ "iam:PassedToService": [
+ "elasticbeanstalk.amazonaws.com",
+ "ec2.amazonaws.com",
+ "autoscaling.amazonaws.com",
+ "elasticloadbalancing.amazonaws.com",
+ "ecs.amazonaws.com",
+ "cloudformation.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowPassRoleToElasticBeanstalkAndDownstreamServices"
+ },
+ {
+ "Action": [
+ "ec2:releaseAddress",
+ "ec2:allocateAddress",
+ "ec2:DisassociateAddress",
+ "ec2:AssociateAddress"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SingleInstanceAPIs"
+ },
+ {
+ "Action": [
+ "ecs:RegisterTaskDefinition",
+ "ecs:DeRegisterTaskDefinition",
+ "ecs:List*",
+ "ecs:Describe*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ECS"
+ },
+ {
+ "Action": [
+ "elasticbeanstalk:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ElasticBeanstalkAPIs"
+ },
+ {
+ "Action": [
+ "cloudformation:Describe*",
+ "cloudformation:List*",
+ "ec2:Describe*",
+ "autoscaling:Describe*",
+ "elasticloadbalancing:Describe*",
+ "logs:DescribeLogGroups",
+ "sns:GetTopicAttributes",
+ "sns:ListSubscriptionsByTopic"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ReadOnlyAPIs"
+ },
+ {
+ "Action": [
+ "autoscaling:AttachInstances",
+ "autoscaling:CreateAutoScalingGroup",
+ "autoscaling:CreateLaunchConfiguration",
+ "autoscaling:DeleteAutoScalingGroup",
+ "autoscaling:DeleteLaunchConfiguration",
+ "autoscaling:DeleteScheduledAction",
+ "autoscaling:DetachInstances",
+ "autoscaling:PutNotificationConfiguration",
+ "autoscaling:PutScalingPolicy",
+ "autoscaling:PutScheduledUpdateGroupAction",
+ "autoscaling:ResumeProcesses",
+ "autoscaling:SuspendProcesses",
+ "autoscaling:TerminateInstanceInAutoScalingGroup",
+ "autoscaling:UpdateAutoScalingGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*",
+ "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*",
+ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*",
+ "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*"
+ ],
+ "Sid": "ASG"
+ },
+ {
+ "Action": [
+ "cloudformation:CreateStack",
+ "cloudformation:CancelUpdateStack",
+ "cloudformation:DeleteStack",
+ "cloudformation:GetTemplate",
+ "cloudformation:UpdateStack"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/awseb-e-*",
+ "arn:aws:cloudformation:*:*:stack/eb-*"
+ ],
+ "Sid": "CFN"
+ },
+ {
+ "Action": [
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:cloudformation:stack-id": [
+ "arn:aws:cloudformation:*:*:stack/awseb-e-*",
+ "arn:aws:cloudformation:*:*:stack/eb-*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*",
+ "Sid": "EC2"
+ },
+ {
+ "Action": [
+ "s3:DeleteObject",
+ "s3:GetObject",
+ "s3:GetObjectAcl",
+ "s3:GetObjectVersion",
+ "s3:GetObjectVersionAcl",
+ "s3:PutObject",
+ "s3:PutObjectAcl",
+ "s3:PutObjectVersionAcl"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::elasticbeanstalk-*/*",
+ "Sid": "S3Obj"
+ },
+ {
+ "Action": [
+ "s3:GetBucketLocation",
+ "s3:GetBucketPolicy",
+ "s3:ListBucket",
+ "s3:PutBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::elasticbeanstalk-*",
+ "Sid": "S3Bucket"
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup",
+ "logs:DeleteLogGroup",
+ "logs:PutRetentionPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*",
+ "Sid": "CWL"
+ },
+ {
+ "Action": [
+ "elasticloadbalancing:RegisterTargets",
+ "elasticloadbalancing:DeRegisterTargets",
+ "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
+ "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*",
+ "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*"
+ ],
+ "Sid": "ELB"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*",
+ "Sid": "SNS"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HVFNJB4NR",
+ "PolicyName": "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy",
+ "UpdateDate": "2020-12-11T18:21:32+00:00",
+ "VersionId": "v5"
},
"AWSElasticBeanstalkMulticontainerDocker": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker",
@@ -6077,6 +10364,106 @@ aws_managed_policies_data = """
"UpdateDate": "2016-06-06T23:45:37+00:00",
"VersionId": "v2"
},
+ "AWSElasticBeanstalkReadOnly": {
+ "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnly",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-01-22T19:02:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "acm:ListCertificates",
+ "autoscaling:DescribeAccountLimits",
+ "autoscaling:DescribeAutoScalingGroups",
+ "autoscaling:DescribeAutoScalingInstances",
+ "autoscaling:DescribeLaunchConfigurations",
+ "autoscaling:DescribePolicies",
+ "autoscaling:DescribeLoadBalancers",
+ "autoscaling:DescribeNotificationConfigurations",
+ "autoscaling:DescribeScalingActivities",
+ "autoscaling:DescribeScheduledActions",
+ "cloudformation:DescribeStackResource",
+ "cloudformation:DescribeStackResources",
+ "cloudformation:DescribeStacks",
+ "cloudformation:GetTemplate",
+ "cloudformation:ListStackResources",
+ "cloudformation:ListStacks",
+ "cloudformation:ValidateTemplate",
+ "cloudtrail:LookupEvents",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:GetMetricStatistics",
+ "cloudwatch:ListMetrics",
+ "ec2:DescribeAccountAttributes",
+ "ec2:DescribeAddresses",
+ "ec2:DescribeImages",
+ "ec2:DescribeInstanceAttribute",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInstanceStatus",
+ "ec2:DescribeKeyPairs",
+ "ec2:DescribeLaunchTemplateVersions",
+ "ec2:DescribeLaunchTemplates",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeSpotInstanceRequests",
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "elasticbeanstalk:Check*",
+ "elasticbeanstalk:Describe*",
+ "elasticbeanstalk:List*",
+ "elasticbeanstalk:RequestEnvironmentInfo",
+ "elasticbeanstalk:RetrieveEnvironmentInfo",
+ "elasticloadbalancing:DescribeInstanceHealth",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:DescribeSSLPolicies",
+ "elasticloadbalancing:DescribeTargetGroups",
+ "elasticloadbalancing:DescribeTargetHealth",
+ "iam:GetRole",
+ "iam:ListAttachedRolePolicies",
+ "iam:ListInstanceProfiles",
+ "iam:ListRolePolicies",
+ "iam:ListRoles",
+ "iam:ListServerCertificates",
+ "rds:DescribeDBEngineVersions",
+ "rds:DescribeDBInstances",
+ "rds:DescribeOrderableDBInstanceOptions",
+ "rds:DescribeDBSnapshots",
+ "s3:ListAllMyBuckets",
+ "sns:ListSubscriptionsByTopic",
+ "sns:ListTopics",
+ "sqs:ListQueues"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowAPIs"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:GetObjectAcl",
+ "s3:GetObjectVersion",
+ "s3:GetObjectVersionAcl",
+ "s3:GetBucketLocation",
+ "s3:GetBucketPolicy",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::elasticbeanstalk-*",
+ "Sid": "AllowS3"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BYFSOYIWH",
+ "PolicyName": "AWSElasticBeanstalkReadOnly",
+ "UpdateDate": "2021-01-22T19:02:37+00:00",
+ "VersionId": "v1"
+ },
"AWSElasticBeanstalkReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess",
"AttachmentCount": 0,
@@ -6125,11 +10512,409 @@ aws_managed_policies_data = """
"UpdateDate": "2015-02-06T18:40:19+00:00",
"VersionId": "v1"
},
+ "AWSElasticBeanstalkRoleCWL": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCWL",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-05T21:49:06+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "logs:CreateLogGroup",
+ "logs:DeleteLogGroup",
+ "logs:PutRetentionPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*",
+ "Sid": "AllowCWL"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4G4S2QMTW3",
+ "PolicyName": "AWSElasticBeanstalkRoleCWL",
+ "UpdateDate": "2020-06-05T21:49:06+00:00",
+ "VersionId": "v1"
+ },
+ "AWSElasticBeanstalkRoleCore": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCore",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-05T21:48:24+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/awseb-e-*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*",
+ "Sid": "TerminateInstances"
+ },
+ {
+ "Action": [
+ "ec2:ReleaseAddress",
+ "ec2:AllocateAddress",
+ "ec2:DisassociateAddress",
+ "ec2:AssociateAddress",
+ "ec2:CreateTags",
+ "ec2:DeleteTags",
+ "ec2:CreateSecurityGroup",
+ "ec2:DeleteSecurityGroup",
+ "ec2:AuthorizeSecurityGroup*",
+ "ec2:RevokeSecurityGroup*",
+ "ec2:CreateLaunchTemplate*",
+ "ec2:DeleteLaunchTemplate*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "EC2"
+ },
+ {
+ "Action": "ec2:RunInstances",
+ "Condition": {
+ "ArnLike": {
+ "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "LTRunInstances"
+ },
+ {
+ "Action": [
+ "autoscaling:AttachInstances",
+ "autoscaling:*LoadBalancer*",
+ "autoscaling:*AutoScalingGroup",
+ "autoscaling:*LaunchConfiguration",
+ "autoscaling:DeleteScheduledAction",
+ "autoscaling:DetachInstances",
+ "autoscaling:PutNotificationConfiguration",
+ "autoscaling:PutScalingPolicy",
+ "autoscaling:PutScheduledUpdateGroupAction",
+ "autoscaling:ResumeProcesses",
+ "autoscaling:SuspendProcesses",
+ "autoscaling:*Tags"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*",
+ "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*"
+ ],
+ "Sid": "ASG"
+ },
+ {
+ "Action": [
+ "autoscaling:DeletePolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "ASGPolicy"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "elasticbeanstalk.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*"
+ ],
+ "Sid": "EBSLR"
+ },
+ {
+ "Action": [
+ "s3:Delete*",
+ "s3:Get*",
+ "s3:Put*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::elasticbeanstalk-*/*",
+ "arn:aws:s3:::elasticbeanstalk-env-resources-*/*"
+ ],
+ "Sid": "S3Obj"
+ },
+ {
+ "Action": [
+ "s3:GetBucket*",
+ "s3:ListBucket",
+ "s3:PutBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::elasticbeanstalk-*",
+ "Sid": "S3Bucket"
+ },
+ {
+ "Action": [
+ "cloudformation:CreateStack",
+ "cloudformation:DeleteStack",
+ "cloudformation:GetTemplate",
+ "cloudformation:ListStackResources",
+ "cloudformation:UpdateStack",
+ "cloudformation:ContinueUpdateRollback",
+ "cloudformation:CancelUpdateStack"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stack/awseb-e-*",
+ "Sid": "CFN"
+ },
+ {
+ "Action": [
+ "cloudwatch:PutMetricAlarm",
+ "cloudwatch:DeleteAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudwatch:*:*:alarm:awseb-*",
+ "Sid": "CloudWatch"
+ },
+ {
+ "Action": [
+ "elasticloadbalancing:Create*",
+ "elasticloadbalancing:Delete*",
+ "elasticloadbalancing:Modify*",
+ "elasticloadbalancing:RegisterTargets",
+ "elasticloadbalancing:DeRegisterTargets",
+ "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
+ "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
+ "elasticloadbalancing:*Tags",
+ "elasticloadbalancing:ConfigureHealthCheck",
+ "elasticloadbalancing:SetRulePriorities",
+ "elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/awseb-*/*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/awseb-*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener/awseb-*",
+ "arn:aws:elasticloadbalancing:*:*:listener/app/awseb-*",
+ "arn:aws:elasticloadbalancing:*:*:listener/net/awseb-*",
+ "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*"
+ ],
+ "Sid": "ELB"
+ },
+ {
+ "Action": [
+ "autoscaling:Describe*",
+ "cloudformation:Describe*",
+ "logs:Describe*",
+ "ec2:Describe*",
+ "ecs:Describe*",
+ "ecs:List*",
+ "elasticloadbalancing:Describe*",
+ "rds:Describe*",
+ "sns:List*",
+ "iam:List*",
+ "acm:Describe*",
+ "acm:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ListAPIs"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "elasticbeanstalk.amazonaws.com",
+ "ec2.amazonaws.com",
+ "autoscaling.amazonaws.com",
+ "elasticloadbalancing.amazonaws.com",
+ "ecs.amazonaws.com",
+ "cloudformation.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk-*",
+ "Sid": "AllowPassRole"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OXQ5DMW6K",
+ "PolicyName": "AWSElasticBeanstalkRoleCore",
+ "UpdateDate": "2020-09-09T20:31:14+00:00",
+ "VersionId": "v2"
+ },
+ "AWSElasticBeanstalkRoleECS": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleECS",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-05T21:47:27+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ecs:CreateCluster",
+ "ecs:DeleteCluster",
+ "ecs:RegisterTaskDefinition",
+ "ecs:DeRegisterTaskDefinition"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "AllowECS"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ORP4E3ZEZ",
+ "PolicyName": "AWSElasticBeanstalkRoleECS",
+ "UpdateDate": "2020-06-05T21:47:27+00:00",
+ "VersionId": "v1"
+ },
+ "AWSElasticBeanstalkRoleRDS": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleRDS",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-05T21:46:55+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "rds:CreateDBSecurityGroup",
+ "rds:DeleteDBSecurityGroup",
+ "rds:AuthorizeDBSecurityGroupIngress",
+ "rds:CreateDBInstance",
+ "rds:ModifyDBInstance",
+ "rds:DeleteDBInstance"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:rds:*:*:secgrp:awseb-e-*",
+ "arn:aws:rds:*:*:db:*"
+ ],
+ "Sid": "AllowRDS"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4G5JWEESE4",
+ "PolicyName": "AWSElasticBeanstalkRoleRDS",
+ "UpdateDate": "2020-06-05T21:46:55+00:00",
+ "VersionId": "v1"
+ },
+ "AWSElasticBeanstalkRoleSNS": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleSNS",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-05T21:46:22+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:SetTopicAttributes",
+ "sns:DeleteTopic"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*"
+ ],
+ "Sid": "AllowBeanstalkManageSNS"
+ },
+ {
+ "Action": [
+ "sns:GetTopicAttributes",
+ "sns:Subscribe",
+ "sns:Unsubscribe",
+ "sns:Publish"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowSNSPublish"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PARPZJ2UZ",
+ "PolicyName": "AWSElasticBeanstalkRoleSNS",
+ "UpdateDate": "2020-06-05T21:46:22+00:00",
+ "VersionId": "v1"
+ },
+ "AWSElasticBeanstalkRoleWorkerTier": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleWorkerTier",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-05T21:43:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sqs:TagQueue",
+ "sqs:DeleteQueue",
+ "sqs:GetQueueAttributes",
+ "sqs:CreateQueue"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sqs:*:*:awseb-e-*",
+ "Sid": "AllowSQS"
+ },
+ {
+ "Action": [
+ "dynamodb:CreateTable",
+ "dynamodb:TagResource",
+ "dynamodb:DescribeTable",
+ "dynamodb:DeleteTable"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:dynamodb:*:*:table/awseb-e-*",
+ "Sid": "AllowDDB"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LTO4NS2Z5",
+ "PolicyName": "AWSElasticBeanstalkRoleWorkerTier",
+ "UpdateDate": "2020-06-05T21:43:37+00:00",
+ "VersionId": "v1"
+ },
"AWSElasticBeanstalkService": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService",
"AttachmentCount": 0,
"CreateDate": "2016-04-11T20:27:23+00:00",
- "DefaultVersionId": "v15",
+ "DefaultVersionId": "v16",
"Document": {
"Statement": [
{
@@ -6256,13 +11041,9 @@ aws_managed_policies_data = """
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeOrderableDBInstanceOptions",
- "s3:CopyObject",
"s3:GetObject",
"s3:GetObjectAcl",
- "s3:GetObjectMetadata",
"s3:ListBucket",
- "s3:listBuckets",
- "s3:ListObjects",
"sns:CreateTopic",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic",
@@ -6290,14 +11071,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKQ5SN74ZQ4WASXBM",
"PolicyName": "AWSElasticBeanstalkService",
- "UpdateDate": "2019-02-05T17:46:21+00:00",
- "VersionId": "v15"
+ "UpdateDate": "2019-06-14T23:18:46+00:00",
+ "VersionId": "v16"
},
"AWSElasticBeanstalkServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-09-13T23:46:37+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -6329,6 +11110,7 @@ aws_managed_policies_data = """
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
+ "lambda:GetFunction",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sns:Publish"
@@ -6341,12 +11123,15 @@ aws_managed_policies_data = """
},
{
"Action": [
- "logs:DescribeLogStreams",
"logs:CreateLogStream",
+ "logs:DescribeLogGroups",
+ "logs:DescribeLogStreams",
+ "logs:DeleteLogGroup",
"logs:PutLogEvents"
],
"Effect": "Allow",
- "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*"
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*",
+ "Sid": "AllowOperationsOnHealthStreamingLogs"
}
],
"Version": "2012-10-17"
@@ -6357,14 +11142,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIID62QSI3OSIPQXTM",
"PolicyName": "AWSElasticBeanstalkServiceRolePolicy",
- "UpdateDate": "2018-04-09T22:06:23+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2019-06-06T21:59:51+00:00",
+ "VersionId": "v6"
},
"AWSElasticBeanstalkWebTier": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier",
"AttachmentCount": 0,
"CreateDate": "2016-02-08T23:08:54+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v7",
"Document": {
"Statement": [
{
@@ -6404,6 +11189,17 @@ aws_managed_policies_data = """
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
],
"Sid": "CloudWatchLogsAccess"
+ },
+ {
+ "Action": [
+ "elasticbeanstalk:PutInstanceStatistics"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:elasticbeanstalk:*:*:application/*",
+ "arn:aws:elasticbeanstalk:*:*:environment/*"
+ ],
+ "Sid": "ElasticBeanstalkHealthAccess"
}
],
"Version": "2012-10-17"
@@ -6414,14 +11210,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUF4325SJYOREKW3A",
"PolicyName": "AWSElasticBeanstalkWebTier",
- "UpdateDate": "2019-03-01T00:04:49+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-09-09T19:38:36+00:00",
+ "VersionId": "v7"
},
"AWSElasticBeanstalkWorkerTier": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier",
"AttachmentCount": 0,
"CreateDate": "2016-02-08T23:12:02+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -6495,6 +11291,17 @@ aws_managed_policies_data = """
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
],
"Sid": "CloudWatchLogsAccess"
+ },
+ {
+ "Action": [
+ "elasticbeanstalk:PutInstanceStatistics"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:elasticbeanstalk:*:*:application/*",
+ "arn:aws:elasticbeanstalk:*:*:environment/*"
+ ],
+ "Sid": "ElasticBeanstalkHealthAccess"
}
],
"Version": "2012-10-17"
@@ -6505,14 +11312,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQDLBRSJVKVF4JMSK",
"PolicyName": "AWSElasticBeanstalkWorkerTier",
- "UpdateDate": "2019-03-01T00:07:00+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2020-09-09T19:53:40+00:00",
+ "VersionId": "v6"
},
"AWSElasticLoadBalancingClassicServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingClassicServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-09-19T22:36:18+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -6529,7 +11336,6 @@ aws_managed_policies_data = """
"ec2:CreateSecurityGroup",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
- "ec2:ModifyNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AssociateAddress",
@@ -6552,19 +11358,20 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUMWW3QP7DPZPNVU4",
"PolicyName": "AWSElasticLoadBalancingClassicServiceRolePolicy",
- "UpdateDate": "2017-09-19T22:36:18+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-10-07T23:04:27+00:00",
+ "VersionId": "v2"
},
"AWSElasticLoadBalancingServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2017-09-19T22:19:04+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAddresses",
+ "ec2:DescribeCoipPools",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
@@ -6577,8 +11384,9 @@ aws_managed_policies_data = """
"ec2:CreateSecurityGroup",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
- "ec2:ModifyNetworkInterface",
+ "ec2:GetCoipPoolUsage",
"ec2:ModifyNetworkInterfaceAttribute",
+ "ec2:AllocateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
@@ -6586,12 +11394,14 @@ aws_managed_policies_data = """
"ec2:DetachNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:AssignIpv6Addresses",
+ "ec2:ReleaseAddress",
"ec2:UnassignIpv6Addresses",
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
- "logs:ListLogDeliveries"
+ "logs:ListLogDeliveries",
+ "outposts:GetOutpostInstanceTypes"
],
"Effect": "Allow",
"Resource": "*"
@@ -6605,22 +11415,21 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIMHWGGSRHLOQUICJQ",
"PolicyName": "AWSElasticLoadBalancingServiceRolePolicy",
- "UpdateDate": "2019-03-18T21:51:14+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-05-19T16:40:28+00:00",
+ "VersionId": "v6"
},
"AWSElementalMediaConvertFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-06-25T19:25:35+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"mediaconvert:*",
"s3:ListAllMyBuckets",
- "s3:ListBucket",
- "s3:ListObjects"
+ "s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
@@ -6648,14 +11457,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXDREOCL6LV7RBJWC",
"PolicyName": "AWSElementalMediaConvertFullAccess",
- "UpdateDate": "2018-06-25T19:25:35+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-06-10T22:52:25+00:00",
+ "VersionId": "v2"
},
"AWSElementalMediaConvertReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-06-25T19:25:14+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -6664,8 +11473,7 @@ aws_managed_policies_data = """
"mediaconvert:List*",
"mediaconvert:DescribeEndpoints",
"s3:ListAllMyBuckets",
- "s3:ListBucket",
- "s3:ListObjects"
+ "s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
@@ -6679,7 +11487,54 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJSXYOBSLJN3JEDO42",
"PolicyName": "AWSElementalMediaConvertReadOnly",
- "UpdateDate": "2018-06-25T19:25:14+00:00",
+ "UpdateDate": "2019-06-10T22:52:18+00:00",
+ "VersionId": "v2"
+ },
+ "AWSElementalMediaLiveFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-07-08T17:07:14+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": {
+ "Action": "medialive:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4K5KSJBKUE",
+ "PolicyName": "AWSElementalMediaLiveFullAccess",
+ "UpdateDate": "2020-07-08T17:07:14+00:00",
+ "VersionId": "v1"
+ },
+ "AWSElementalMediaLiveReadOnly": {
+ "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveReadOnly",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-07-08T16:38:07+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": {
+ "Action": [
+ "medialive:List*",
+ "medialive:Describe*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4L7DTGZPRO",
+ "PolicyName": "AWSElementalMediaLiveReadOnly",
+ "UpdateDate": "2020-07-08T16:38:07+00:00",
"VersionId": "v1"
},
"AWSElementalMediaPackageFullAccess": {
@@ -6913,17 +11768,107 @@ aws_managed_policies_data = """
"UpdateDate": "2018-05-09T21:05:29+00:00",
"VersionId": "v1"
},
+ "AWSForWordPressPluginPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-10-30T00:27:46+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "polly:SynthesizeSpeech",
+ "polly:DescribeVoices",
+ "translate:TranslateText"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "Permissions1"
+ },
+ {
+ "Action": [
+ "s3:ListBucket",
+ "s3:GetBucketAcl",
+ "s3:GetBucketPolicy",
+ "s3:PutObject",
+ "s3:DeleteObject",
+ "s3:CreateBucket",
+ "s3:PutObjectAcl"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::audio_for_wordpress*",
+ "arn:aws:s3:::audio-for-wordpress*"
+ ],
+ "Sid": "Permissions2"
+ },
+ {
+ "Action": [
+ "acm:AddTagsToCertificate",
+ "acm:DescribeCertificate",
+ "acm:RequestCertificate",
+ "cloudformation:CreateStack",
+ "cloudfront:ListDistributions"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:RequestedRegion": "us-east-1"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "Permissions3"
+ },
+ {
+ "Action": [
+ "acm:DeleteCertificate",
+ "cloudformation:DeleteStack",
+ "cloudformation:DescribeStackEvents",
+ "cloudformation:DescribeStackResources",
+ "cloudformation:UpdateStack",
+ "cloudfront:CreateDistribution",
+ "cloudfront:CreateInvalidation",
+ "cloudfront:DeleteDistribution",
+ "cloudfront:GetDistribution",
+ "cloudfront:GetInvalidation",
+ "cloudfront:TagResource",
+ "cloudfront:UpdateDistribution"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:ResourceTag/createdBy": "AWSForWordPressPlugin"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "Permissions4"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KEKYXDWNJ",
+ "PolicyName": "AWSForWordPressPluginPolicy",
+ "UpdateDate": "2020-01-20T23:20:47+00:00",
+ "VersionId": "v2"
+ },
"AWSGlobalAcceleratorSLRPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-04-05T19:39:13+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInternetGateways",
+ "ec2:DescribeSubnets",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface"
],
@@ -6970,8 +11915,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EJ5ZEQR2C",
"PolicyName": "AWSGlobalAcceleratorSLRPolicy",
- "UpdateDate": "2019-04-05T19:39:13+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-10-14T21:05:22+00:00",
+ "VersionId": "v4"
},
"AWSGlueConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess",
@@ -7162,7 +12107,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleSageMakerNotebookFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-10-05T17:52:35+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -7202,7 +12147,6 @@ aws_managed_policies_data = """
"kms:ListAliases",
"kms:DescribeKey",
"sagemaker:ListNotebookInstances",
- "sagemaker:ListNotebookInstanceLifecycleConfigs",
"cloudformation:ListStacks",
"cloudwatch:GetMetricData",
"cloudwatch:ListDashboards"
@@ -7256,10 +12200,7 @@ aws_managed_policies_data = """
"sagemaker:CreateNotebookInstance",
"sagemaker:DeleteNotebookInstance",
"sagemaker:DescribeNotebookInstance",
- "sagemaker:DescribeNotebookInstanceLifecycleConfig",
- "sagemaker:DeleteNotebookInstanceLifecycleConfig",
"sagemaker:StartNotebookInstance",
- "sagemaker:CreateNotebookInstanceLifecycleConfig",
"sagemaker:StopNotebookInstance",
"sagemaker:UpdateNotebookInstance",
"sagemaker:ListTags"
@@ -7267,6 +12208,16 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*"
},
+ {
+ "Action": [
+ "sagemaker:DescribeNotebookInstanceLifecycleConfig",
+ "sagemaker:CreateNotebookInstanceLifecycleConfig",
+ "sagemaker:DeleteNotebookInstanceLifecycleConfig",
+ "sagemaker:ListNotebookInstanceLifecycleConfigs"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/aws-glue-*"
+ },
{
"Action": [
"ec2:RunInstances"
@@ -7382,14 +12333,219 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJELFOHJC42QS3ZSYY",
"PolicyName": "AWSGlueConsoleSageMakerNotebookFullAccess",
- "UpdateDate": "2018-10-05T17:52:35+00:00",
+ "UpdateDate": "2019-09-26T17:14:11+00:00",
+ "VersionId": "v2"
+ },
+ "AWSGlueDataBrewServiceRole": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueDataBrewServiceRole",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-04T21:26:50+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "glue:GetDatabases",
+ "glue:GetPartitions",
+ "glue:GetTable",
+ "glue:GetTables",
+ "glue:GetConnection"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:ListBucket",
+ "s3:GetObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::databrew-public-datasets-*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:DescribeVpcEndpoints",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcAttribute",
+ "ec2:CreateNetworkInterface"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": "ec2:DeleteNetworkInterface",
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/aws-glue-service-resource": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CreateTags",
+ "ec2:DeleteTags"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": [
+ "aws-glue-service-resource"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:network-interface/*",
+ "arn:aws:ec2:*:*:security-group/*"
+ ]
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:/aws-glue-databrew/*"
+ ]
+ },
+ {
+ "Action": [
+ "lakeformation:GetDataAccess"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HSXDEANHC",
+ "PolicyName": "AWSGlueDataBrewServiceRole",
+ "UpdateDate": "2020-12-04T21:26:50+00:00",
+ "VersionId": "v1"
+ },
+ "AWSGlueSchemaRegistryFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-20T00:19:00+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "glue:CreateRegistry",
+ "glue:UpdateRegistry",
+ "glue:DeleteRegistry",
+ "glue:GetRegistry",
+ "glue:ListRegistries",
+ "glue:CreateSchema",
+ "glue:UpdateSchema",
+ "glue:DeleteSchema",
+ "glue:GetSchema",
+ "glue:ListSchemas",
+ "glue:RegisterSchemaVersion",
+ "glue:DeleteSchemaVersions",
+ "glue:GetSchemaByDefinition",
+ "glue:GetSchemaVersion",
+ "glue:GetSchemaVersionsDiff",
+ "glue:ListSchemaVersions",
+ "glue:CheckSchemaVersionValidity",
+ "glue:PutSchemaVersionMetadata",
+ "glue:RemoveSchemaVersionMetadata",
+ "glue:QuerySchemaVersionMetadata"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "AWSGlueSchemaRegistryFullAccess"
+ },
+ {
+ "Action": [
+ "glue:GetTags",
+ "glue:TagResource",
+ "glue:UnTagResource"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:schema/*",
+ "arn:aws:glue:*:*:registry/*"
+ ],
+ "Sid": "AWSGlueSchemaRegistryTagsFullAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4H2OHGXA4A",
+ "PolicyName": "AWSGlueSchemaRegistryFullAccess",
+ "UpdateDate": "2020-11-20T00:19:00+00:00",
+ "VersionId": "v1"
+ },
+ "AWSGlueSchemaRegistryReadonlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryReadonlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-20T00:20:06+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "glue:GetRegistry",
+ "glue:ListRegistries",
+ "glue:GetSchema",
+ "glue:ListSchemas",
+ "glue:GetSchemaByDefinition",
+ "glue:GetSchemaVersion",
+ "glue:ListSchemaVersions",
+ "glue:GetSchemaVersionsDiff",
+ "glue:CheckSchemaVersionValidity",
+ "glue:QuerySchemaVersionMetadata",
+ "glue:GetTags"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "AWSGlueSchemaRegistryReadonlyAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4B2SFYL4LZ",
+ "PolicyName": "AWSGlueSchemaRegistryReadonlyAccess",
+ "UpdateDate": "2020-11-20T00:20:06+00:00",
"VersionId": "v1"
},
"AWSGlueServiceNotebookRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceNotebookRole",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T13:37:42+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -7410,11 +12566,6 @@ aws_managed_policies_data = """
"glue:UpdateDatabase",
"glue:UpdatePartition",
"glue:UpdateTable",
- "glue:CreateBookmark",
- "glue:GetBookmark",
- "glue:UpdateBookmark",
- "glue:GetMetric",
- "glue:PutMetric",
"glue:CreateConnection",
"glue:CreateJob",
"glue:DeleteConnection",
@@ -7496,8 +12647,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIMRC6VZUHJYCTKWFI",
"PolicyName": "AWSGlueServiceNotebookRole",
- "UpdateDate": "2017-08-17T18:08:29+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-10-07T18:05:54+00:00",
+ "VersionId": "v3"
},
"AWSGlueServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole",
@@ -7604,6 +12755,130 @@ aws_managed_policies_data = """
"UpdateDate": "2018-06-25T18:23:09+00:00",
"VersionId": "v4"
},
+ "AWSGrafanaAccountAdministrator": {
+ "Arn": "arn:aws:iam::aws:policy/AWSGrafanaAccountAdministrator",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-23T00:20:38+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iam:ListRoles"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AWSGrafanaOrganizationAdmin"
+ },
+ {
+ "Action": "iam:GetRole",
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*",
+ "Sid": "GrafanaIAMGetRolePermission"
+ },
+ {
+ "Action": [
+ "grafana:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:grafana:*:*:/workspaces*",
+ "Sid": "AWSGrafanaPermissions"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringLike": {
+ "iam:PassedToService": "grafana.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*",
+ "Sid": "GrafanaIAMPassRolePermission"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "sso.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO",
+ "Sid": "SSOSLRPermission"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KHVCM25DH",
+ "PolicyName": "AWSGrafanaAccountAdministrator",
+ "UpdateDate": "2021-02-23T00:20:38+00:00",
+ "VersionId": "v1"
+ },
+ "AWSGrafanaConsoleReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSGrafanaConsoleReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-23T00:10:40+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "grafana:DescribeWorkspace",
+ "grafana:ListPermissions",
+ "grafana:ListWorkspaces"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:grafana:*:*:/workspaces*",
+ "Sid": "AWSGrafanaConsoleReadOnlyAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OHSWBMKNF",
+ "PolicyName": "AWSGrafanaConsoleReadOnlyAccess",
+ "UpdateDate": "2021-02-23T00:10:40+00:00",
+ "VersionId": "v1"
+ },
+ "AWSGrafanaWorkspacePermissionManagement": {
+ "Arn": "arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagement",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-23T00:15:54+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "grafana:DescribeWorkspace",
+ "grafana:UpdatePermissions",
+ "grafana:ListPermissions",
+ "grafana:ListWorkspaces"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:grafana:*:*:/workspaces*",
+ "Sid": "AWSGrafanaPermissions"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4G37QQNGZW",
+ "PolicyName": "AWSGrafanaWorkspacePermissionManagement",
+ "UpdateDate": "2021-02-23T00:15:54+00:00",
+ "VersionId": "v1"
+ },
"AWSGreengrassFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSGreengrassFullAccess",
"AttachmentCount": 0,
@@ -7769,13 +13044,40 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSHealthFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-06T12:30:31+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
- "health:*"
+ "organizations:EnableAWSServiceAccess",
+ "organizations:DisableAWSServiceAccess"
],
+ "Condition": {
+ "StringEquals": {
+ "organizations:ServicePrincipal": "health.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "health:*",
+ "organizations:ListAccounts",
+ "organizations:ListParents",
+ "organizations:DescribeAccount",
+ "organizations:ListDelegatedAdministrators"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "health.amazonaws.com"
+ }
+ },
"Effect": "Allow",
"Resource": "*"
}
@@ -7788,19 +13090,19 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3CUMPCPEUPCSXC4Y",
"PolicyName": "AWSHealthFullAccess",
- "UpdateDate": "2016-12-06T12:30:31+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-11-16T18:11:34+00:00",
+ "VersionId": "v3"
},
- "AWSIQFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/AWSIQFullAccess",
+ "AWSIQContractServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQContractServiceRolePolicy",
"AttachmentCount": 0,
- "CreateDate": "2019-04-04T23:13:42+00:00",
+ "CreateDate": "2019-08-22T19:28:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
- "iq:*"
+ "aws-marketplace:Subscribe"
],
"Effect": "Allow",
"Resource": "*"
@@ -7810,11 +13112,252 @@ aws_managed_policies_data = """
},
"IsAttachable": true,
"IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4E26ATDUIP",
+ "PolicyName": "AWSIQContractServiceRolePolicy",
+ "UpdateDate": "2019-08-22T19:28:39+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIQFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSIQFullAccess",
+ "AttachmentCount": 1,
+ "CreateDate": "2019-04-04T23:13:42+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iq:*",
+ "iq-permission:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "permission.iq.amazonaws.com",
+ "contract.iq.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4P4TAHETXT",
"PolicyName": "AWSIQFullAccess",
- "UpdateDate": "2019-04-04T23:13:42+00:00",
+ "UpdateDate": "2019-09-25T20:22:34+00:00",
+ "VersionId": "v2"
+ },
+ "AWSIQPermissionServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQPermissionServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-22T19:36:29+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iam:DeleteRole",
+ "iam:ListAttachedRolePolicies"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/AWSIQPermission-*"
+ },
+ {
+ "Action": [
+ "iam:AttachRolePolicy"
+ ],
+ "Condition": {
+ "ArnEquals": {
+ "iam:PolicyARN": "arn:aws:iam::aws:policy/AWSDenyAll"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/AWSIQPermission-*"
+ },
+ {
+ "Action": [
+ "iam:DetachRolePolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/AWSIQPermission-*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4J77DMGFZ5",
+ "PolicyName": "AWSIQPermissionServiceRolePolicy",
+ "UpdateDate": "2019-08-22T19:36:29+00:00",
+ "VersionId": "v1"
+ },
+ "AWSImageBuilderFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSImageBuilderFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-20T18:25:12+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "imagebuilder:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sns:ListTopics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sns:Publish"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:*imagebuilder*"
+ },
+ {
+ "Action": [
+ "license-manager:ListLicenseConfigurations",
+ "license-manager:ListLicenseSpecificationsForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder"
+ },
+ {
+ "Action": [
+ "iam:GetInstanceProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:instance-profile/*imagebuilder*"
+ },
+ {
+ "Action": [
+ "iam:ListInstanceProfiles",
+ "iam:ListRoles"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "ec2.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:instance-profile/*imagebuilder*",
+ "arn:aws:iam::*:role/*imagebuilder*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketLocation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3::*:*imagebuilder*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "imagebuilder.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder"
+ },
+ {
+ "Action": [
+ "ec2:DescribeImages",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeRegions",
+ "ec2:DescribeVolumes",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeKeyPairs",
+ "ec2:DescribeSecurityGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EO4HCSNZH",
+ "PolicyName": "AWSImageBuilderFullAccess",
+ "UpdateDate": "2019-12-20T18:25:12+00:00",
+ "VersionId": "v1"
+ },
+ "AWSImageBuilderReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSImageBuilderReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-19T22:29:23+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "imagebuilder:Get*",
+ "imagebuilder:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OD5TC5BXP",
+ "PolicyName": "AWSImageBuilderReadOnlyAccess",
+ "UpdateDate": "2019-12-19T22:29:23+00:00",
"VersionId": "v1"
},
"AWSImportExportFullAccess": {
@@ -7983,7 +13526,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSIoTConfigAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-27T21:52:07+00:00",
- "DefaultVersionId": "v8",
+ "DefaultVersionId": "v9",
"Document": {
"Statement": [
{
@@ -8031,7 +13574,6 @@ aws_managed_policies_data = """
"iot:DescribeAuthorizer",
"iot:DescribeCACertificate",
"iot:DescribeCertificate",
- "iot:DescribeCertificateTag",
"iot:DescribeDefaultAuthorizer",
"iot:DescribeEndpoint",
"iot:DescribeEventConfigurations",
@@ -8108,7 +13650,6 @@ aws_managed_policies_data = """
"iot:UpdateAuthorizer",
"iot:UpdateCACertificate",
"iot:UpdateCertificate",
- "iot:UpdateCertificateTag",
"iot:UpdateEventConfigurations",
"iot:UpdateIndexingConfiguration",
"iot:UpdateRoleAlias",
@@ -8154,14 +13695,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWWGD4LM4EMXNRL7I",
"PolicyName": "AWSIoTConfigAccess",
- "UpdateDate": "2018-10-01T17:22:32+00:00",
- "VersionId": "v8"
+ "UpdateDate": "2019-09-27T20:48:00+00:00",
+ "VersionId": "v9"
},
"AWSIoTConfigReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-27T21:52:31+00:00",
- "DefaultVersionId": "v7",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -8169,7 +13710,6 @@ aws_managed_policies_data = """
"iot:DescribeAuthorizer",
"iot:DescribeCACertificate",
"iot:DescribeCertificate",
- "iot:DescribeCertificateTag",
"iot:DescribeDefaultAuthorizer",
"iot:DescribeEndpoint",
"iot:DescribeEventConfigurations",
@@ -8250,8 +13790,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHENEMXGX4XMFOIOI",
"PolicyName": "AWSIoTConfigReadOnlyAccess",
- "UpdateDate": "2018-07-18T21:22:11+00:00",
- "VersionId": "v7"
+ "UpdateDate": "2019-09-27T20:52:40+00:00",
+ "VersionId": "v8"
},
"AWSIoTDataAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTDataAccess",
@@ -8285,11 +13825,40 @@ aws_managed_policies_data = """
"UpdateDate": "2017-11-16T18:24:11+00:00",
"VersionId": "v2"
},
+ "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-07T17:55:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iot:ListPrincipalThings",
+ "iot:AddThingToThingGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HEHG3RV6B",
+ "PolicyName": "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction",
+ "UpdateDate": "2019-08-07T17:55:37+00:00",
+ "VersionId": "v1"
+ },
"AWSIoTDeviceDefenderAudit": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAudit",
"AttachmentCount": 0,
"CreateDate": "2018-07-18T21:17:40+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -8303,12 +13872,17 @@ aws_managed_policies_data = """
"iot:ListPolicies",
"iot:GetPolicy",
"iot:GetEffectivePolicies",
+ "iot:ListRoleAliases",
+ "iot:DescribeRoleAlias",
"cognito-identity:GetIdentityPoolRoles",
"iam:ListRolePolicies",
"iam:ListAttachedRolePolicies",
+ "iam:GetRole",
"iam:GetPolicy",
"iam:GetPolicyVersion",
- "iam:GetRolePolicy"
+ "iam:GetRolePolicy",
+ "iam:GenerateServiceLastAccessedDetails",
+ "iam:GetServiceLastAccessedDetails"
],
"Effect": "Allow",
"Resource": [
@@ -8324,9 +13898,577 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKUN6OAGIHZ66TRKO",
"PolicyName": "AWSIoTDeviceDefenderAudit",
- "UpdateDate": "2018-07-18T21:17:40+00:00",
+ "UpdateDate": "2019-11-25T23:52:43+00:00",
+ "VersionId": "v3"
+ },
+ "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-07T17:04:07+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iot:SetV2LoggingOptions"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "iot.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4G34KP2NLZ",
+ "PolicyName": "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction",
+ "UpdateDate": "2019-08-07T17:04:07+00:00",
"VersionId": "v1"
},
+ "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-07T17:04:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sns:Publish"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GZL2FL6JV",
+ "PolicyName": "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction",
+ "UpdateDate": "2019-08-07T17:04:37+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-07T17:04:57+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iot:CreatePolicyVersion"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HN4VCIBCR",
+ "PolicyName": "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction",
+ "UpdateDate": "2019-08-07T17:04:57+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTDeviceDefenderUpdateCACertMitigationAction": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateCACertMitigationAction",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-07T17:05:49+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iot:UpdateCACertificate"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KLBGET6KX",
+ "PolicyName": "AWSIoTDeviceDefenderUpdateCACertMitigationAction",
+ "UpdateDate": "2019-08-07T17:05:49+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-07T17:06:00+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iot:UpdateCertificate"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KB4AHFGEB",
+ "PolicyName": "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction",
+ "UpdateDate": "2019-08-07T17:06:00+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTDeviceTesterForFreeRTOSFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForFreeRTOSFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-02-12T20:33:53+00:00",
+ "DefaultVersionId": "v5",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "iot.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/idt-*",
+ "Sid": "VisualEditor0"
+ },
+ {
+ "Action": [
+ "iot:DeleteThing",
+ "iot:AttachThingPrincipal",
+ "iot:DeleteCertificate",
+ "iot:GetRegistrationCode",
+ "iot:CreatePolicy",
+ "iot:UpdateCACertificate",
+ "s3:ListBucket",
+ "iot:DescribeEndpoint",
+ "iot:CreateOTAUpdate",
+ "iot:CreateStream",
+ "signer:ListSigningJobs",
+ "acm:ListCertificates",
+ "iot:CreateKeysAndCertificate",
+ "iot:UpdateCertificate",
+ "iot:CreateCertificateFromCsr",
+ "iot:DetachThingPrincipal",
+ "iot:RegisterCACertificate",
+ "iot:CreateThing",
+ "freertos:ListHardwarePlatforms",
+ "iam:ListRoles",
+ "iot:RegisterCertificate",
+ "iot:DeleteCACertificate",
+ "signer:PutSigningProfile",
+ "s3:ListAllMyBuckets",
+ "signer:ListSigningPlatforms",
+ "iot-device-tester:SendMetrics",
+ "iot-device-tester:SupportedVersion",
+ "iot-device-tester:LatestIdt",
+ "iot-device-tester:CheckVersion",
+ "iot-device-tester:DownloadTestSuite"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "VisualEditor1"
+ },
+ {
+ "Action": [
+ "iam:GetRole",
+ "signer:StartSigningJob",
+ "acm:GetCertificate",
+ "signer:DescribeSigningJob",
+ "s3:CreateBucket",
+ "execute-api:Invoke",
+ "s3:DeleteBucket",
+ "s3:PutBucketVersioning",
+ "signer:CancelSigningProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics",
+ "arn:aws:signer:*:*:/signing-profiles/*",
+ "arn:aws:signer:*:*:/signing-jobs/*",
+ "arn:aws:iam::*:role/idt-*",
+ "arn:aws:acm:*:*:certificate/*",
+ "arn:aws:s3:::idt-*",
+ "arn:aws:s3:::afr-ota*"
+ ],
+ "Sid": "VisualEditor2"
+ },
+ {
+ "Action": [
+ "iot:DeleteStream",
+ "iot:DeleteCertificate",
+ "iot:AttachPolicy",
+ "iot:DetachPolicy",
+ "iot:DeletePolicy",
+ "s3:ListBucketVersions",
+ "iot:UpdateCertificate",
+ "iot:GetOTAUpdate",
+ "iot:DeleteOTAUpdate",
+ "iot:DescribeJobExecution"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::afr-ota*",
+ "arn:aws:iot:*:*:thinggroup/idt*",
+ "arn:aws:iam::*:role/idt-*"
+ ],
+ "Sid": "VisualEditor3"
+ },
+ {
+ "Action": [
+ "iot:DeleteCertificate",
+ "iot:AttachPolicy",
+ "iot:DetachPolicy",
+ "s3:DeleteObjectVersion",
+ "iot:DeleteOTAUpdate",
+ "s3:PutObject",
+ "s3:GetObject",
+ "iot:DeleteStream",
+ "iot:DeletePolicy",
+ "s3:DeleteObject",
+ "iot:UpdateCertificate",
+ "iot:GetOTAUpdate",
+ "s3:GetObjectVersion",
+ "iot:DescribeJobExecution"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::afr-ota*/*",
+ "arn:aws:s3:::idt-*/*",
+ "arn:aws:iot:*:*:policy/idt*",
+ "arn:aws:iam::*:role/idt-*",
+ "arn:aws:iot:*:*:otaupdate/idt*",
+ "arn:aws:iot:*:*:thing/idt*",
+ "arn:aws:iot:*:*:cert/*",
+ "arn:aws:iot:*:*:job/*",
+ "arn:aws:iot:*:*:stream/*"
+ ],
+ "Sid": "VisualEditor4"
+ },
+ {
+ "Action": [
+ "s3:PutObject",
+ "s3:GetObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::afr-ota*/*",
+ "arn:aws:s3:::idt-*/*"
+ ],
+ "Sid": "VisualEditor5"
+ },
+ {
+ "Action": [
+ "iot:CancelJobExecution"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:job/*",
+ "arn:aws:iot:*:*:thing/idt*"
+ ],
+ "Sid": "VisualEditor6"
+ },
+ {
+ "Action": [
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:ResourceTag/Owner": "IoTDeviceTester"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ],
+ "Sid": "VisualEditor7"
+ },
+ {
+ "Action": [
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:DeleteSecurityGroup"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:ResourceTag/Owner": "IoTDeviceTester"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:security-group/*"
+ ],
+ "Sid": "VisualEditor8"
+ },
+ {
+ "Action": [
+ "ec2:RunInstances"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:RequestTag/Owner": "IoTDeviceTester"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ],
+ "Sid": "VisualEditor9"
+ },
+ {
+ "Action": [
+ "ec2:RunInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:image/*",
+ "arn:aws:ec2:*:*:security-group/*",
+ "arn:aws:ec2:*:*:volume/*",
+ "arn:aws:ec2:*:*:key-pair/*",
+ "arn:aws:ec2:*:*:placement-group/*",
+ "arn:aws:ec2:*:*:snapshot/*",
+ "arn:aws:ec2:*:*:network-interface/*",
+ "arn:aws:ec2:*:*:subnet/*"
+ ],
+ "Sid": "VisualEditor10"
+ },
+ {
+ "Action": [
+ "ec2:CreateSecurityGroup"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:RequestTag/Owner": "IoTDeviceTester"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:security-group/*"
+ ],
+ "Sid": "VisualEditor11"
+ },
+ {
+ "Action": [
+ "ec2:DescribeInstances",
+ "ec2:DescribeSecurityGroups",
+ "ssm:DescribeParameters",
+ "ssm:GetParameters"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "VisualEditor12"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:TagKeys": [
+ "Owner"
+ ],
+ "ec2:CreateAction": [
+ "RunInstances",
+ "CreateSecurityGroup"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:security-group/*",
+ "arn:aws:ec2:*:*:instance/*"
+ ],
+ "Sid": "VisualEditor13"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ADNJ2YUUH",
+ "PolicyName": "AWSIoTDeviceTesterForFreeRTOSFullAccess",
+ "UpdateDate": "2020-12-15T18:03:46+00:00",
+ "VersionId": "v5"
+ },
+ "AWSIoTDeviceTesterForGreengrassFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForGreengrassFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-02-20T21:21:27+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "iot.amazonaws.com",
+ "lambda.amazonaws.com",
+ "greengrass.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/idt-*",
+ "Sid": "VisualEditor1"
+ },
+ {
+ "Action": [
+ "lambda:CreateFunction",
+ "iot:DeleteCertificate",
+ "lambda:DeleteFunction",
+ "execute-api:Invoke",
+ "iot:UpdateCertificate"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics",
+ "arn:aws:lambda:*:*:function:idt-*",
+ "arn:aws:iot:*:*:cert/*"
+ ],
+ "Sid": "VisualEditor2"
+ },
+ {
+ "Action": [
+ "iot:CreateThing",
+ "iot:DeleteThing"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:thing/idt-*",
+ "arn:aws:iot:*:*:cert/*"
+ ],
+ "Sid": "VisualEditor3"
+ },
+ {
+ "Action": [
+ "iot:AttachPolicy",
+ "iot:DetachPolicy",
+ "iot:DeletePolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:policy/idt-*",
+ "arn:aws:iot:*:*:cert/*"
+ ],
+ "Sid": "VisualEditor4"
+ },
+ {
+ "Action": [
+ "iot:CreateJob",
+ "iot:DescribeJob",
+ "iot:DescribeJobExecution",
+ "iot:DeleteJob"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:thing/idt-*",
+ "arn:aws:iot:*:*:job/*"
+ ],
+ "Sid": "VisualEditor5"
+ },
+ {
+ "Action": [
+ "iot:DescribeEndpoint",
+ "greengrass:*",
+ "iam:ListAttachedRolePolicies",
+ "iot:CreatePolicy",
+ "iot:GetThingShadow",
+ "iot:CreateKeysAndCertificate",
+ "iot:ListThings",
+ "iot:UpdateThingShadow",
+ "iot:CreateCertificateFromCsr",
+ "iot-device-tester:SendMetrics",
+ "iot-device-tester:SupportedVersion",
+ "iot-device-tester:LatestIdt",
+ "iot-device-tester:CheckVersion",
+ "iot-device-tester:DownloadTestSuite"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "VisualEditor6"
+ },
+ {
+ "Action": [
+ "iot:DetachThingPrincipal",
+ "iot:AttachThingPrincipal"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:thing/idt-*",
+ "arn:aws:iot:*:*:cert/*"
+ ],
+ "Sid": "VisualEditor7"
+ },
+ {
+ "Action": [
+ "s3:PutObject",
+ "s3:DeleteObjectVersion",
+ "s3:ListBucketVersions",
+ "s3:CreateBucket",
+ "s3:DeleteObject",
+ "s3:DeleteBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::idt*",
+ "Sid": "VisualEditor8"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ORKVZSPY7",
+ "PolicyName": "AWSIoTDeviceTesterForGreengrassFullAccess",
+ "UpdateDate": "2020-06-25T17:01:56+00:00",
+ "VersionId": "v4"
+ },
"AWSIoTEventsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTEventsFullAccess",
"AttachmentCount": 0,
@@ -8357,14 +14499,13 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSIoTEventsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-10T22:50:08+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"iotevents:Describe*",
- "iotevents:List*",
- "iotevents:Get*"
+ "iotevents:List*"
],
"Effect": "Allow",
"Resource": "*"
@@ -8378,7 +14519,72 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYJFNAR7CN5JW52PG",
"PolicyName": "AWSIoTEventsReadOnlyAccess",
- "UpdateDate": "2019-01-10T22:50:08+00:00",
+ "UpdateDate": "2019-09-23T17:22:04+00:00",
+ "VersionId": "v2"
+ },
+ "AWSIoTFleetHubFederationAccess": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTFleetHubFederationAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-15T08:08:05+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iot:DescribeIndex",
+ "iot:DescribeThingGroup",
+ "iot:GetBucketsAggregation",
+ "iot:GetCardinality",
+ "iot:GetIndexingConfiguration",
+ "iot:GetPercentiles",
+ "iot:GetStatistics",
+ "iot:SearchIndex",
+ "iot:CreateFleetMetric",
+ "iot:ListFleetMetrics",
+ "iot:DeleteFleetMetric",
+ "iot:DescribeFleetMetric",
+ "iot:UpdateFleetMetric",
+ "iotfleethub:ListDashboards",
+ "iotfleethub:DescribeDashboard",
+ "iotfleethub:DescribeApplication",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:GetMetricData",
+ "cloudwatch:ListMetrics",
+ "sns:ListTopics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:DeleteTopic",
+ "sns:ListSubscriptionsByTopic",
+ "sns:Subscribe",
+ "sns:Unsubscribe"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:iotfleethub*"
+ },
+ {
+ "Action": [
+ "cloudwatch:PutMetricAlarm",
+ "cloudwatch:DeleteAlarms",
+ "cloudwatch:DescribeAlarmHistory"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudwatch:*:*:iotfleethub*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4H4EGQA254",
+ "PolicyName": "AWSIoTFleetHubFederationAccess",
+ "UpdateDate": "2020-12-15T08:08:05+00:00",
"VersionId": "v1"
},
"AWSIoTFullAccess": {
@@ -8622,6 +14828,108 @@ aws_managed_policies_data = """
"UpdateDate": "2018-12-04T20:53:39+00:00",
"VersionId": "v1"
},
+ "AWSIoTSiteWiseMonitorPortalAccess": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTSiteWiseMonitorPortalAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-19T20:01:21+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iotsitewise:CreateProject",
+ "iotsitewise:DescribeProject",
+ "iotsitewise:UpdateProject",
+ "iotsitewise:DeleteProject",
+ "iotsitewise:ListProjects",
+ "iotsitewise:BatchAssociateProjectAssets",
+ "iotsitewise:BatchDisassociateProjectAssets",
+ "iotsitewise:ListProjectAssets",
+ "iotsitewise:CreateDashboard",
+ "iotsitewise:DescribeDashboard",
+ "iotsitewise:UpdateDashboard",
+ "iotsitewise:DeleteDashboard",
+ "iotsitewise:ListDashboards",
+ "iotsitewise:CreateAccessPolicy",
+ "iotsitewise:DescribeAccessPolicy",
+ "iotsitewise:UpdateAccessPolicy",
+ "iotsitewise:DeleteAccessPolicy",
+ "iotsitewise:ListAccessPolicies",
+ "iotsitewise:DescribeAsset",
+ "iotsitewise:ListAssets",
+ "iotsitewise:ListAssociatedAssets",
+ "iotsitewise:DescribeAssetProperty",
+ "iotsitewise:GetAssetPropertyValue",
+ "iotsitewise:GetAssetPropertyValueHistory",
+ "iotsitewise:GetAssetPropertyAggregates",
+ "sso-directory:DescribeUsers"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4E6CZDALWJ",
+ "PolicyName": "AWSIoTSiteWiseMonitorPortalAccess",
+ "UpdateDate": "2020-05-19T20:01:21+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTSiteWiseMonitorServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTSiteWiseMonitorServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-14T00:59:10+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iotsitewise:CreateProject",
+ "iotsitewise:DescribeProject",
+ "iotsitewise:UpdateProject",
+ "iotsitewise:DeleteProject",
+ "iotsitewise:ListProjects",
+ "iotsitewise:BatchAssociateProjectAssets",
+ "iotsitewise:BatchDisassociateProjectAssets",
+ "iotsitewise:ListProjectAssets",
+ "iotsitewise:CreateDashboard",
+ "iotsitewise:DescribeDashboard",
+ "iotsitewise:UpdateDashboard",
+ "iotsitewise:DeleteDashboard",
+ "iotsitewise:ListDashboards",
+ "iotsitewise:CreateAccessPolicy",
+ "iotsitewise:DescribeAccessPolicy",
+ "iotsitewise:UpdateAccessPolicy",
+ "iotsitewise:DeleteAccessPolicy",
+ "iotsitewise:ListAccessPolicies",
+ "iotsitewise:DescribeAsset",
+ "iotsitewise:ListAssets",
+ "iotsitewise:ListAssociatedAssets",
+ "iotsitewise:DescribeAssetProperty",
+ "iotsitewise:GetAssetPropertyValue",
+ "iotsitewise:GetAssetPropertyValueHistory",
+ "iotsitewise:GetAssetPropertyAggregates",
+ "sso-directory:DescribeUsers"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CR556M6Y5",
+ "PolicyName": "AWSIoTSiteWiseMonitorServiceRolePolicy",
+ "UpdateDate": "2019-12-13T22:19:25+00:00",
+ "VersionId": "v2"
+ },
"AWSIoTSiteWiseReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseReadOnlyAccess",
"AttachmentCount": 0,
@@ -8654,12 +14962,13 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration",
"AttachmentCount": 0,
"CreateDate": "2017-12-01T20:21:52+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"iot:AddThingToThingGroup",
+ "iot:AttachPolicy",
"iot:AttachPrincipalPolicy",
"iot:AttachThingPrincipal",
"iot:CreateCertificateFromCsr",
@@ -8669,11 +14978,14 @@ aws_managed_policies_data = """
"iot:DescribeThing",
"iot:DescribeThingGroup",
"iot:DescribeThingType",
+ "iot:DetachPolicy",
"iot:DetachThingPrincipal",
"iot:GetPolicy",
+ "iot:ListAttachedPolicies",
"iot:ListPolicyPrincipals",
"iot:ListPrincipalPolicies",
"iot:ListPrincipalThings",
+ "iot:ListTargetsForPolicy",
"iot:ListThingGroupsForThing",
"iot:ListThingPrincipals",
"iot:RegisterCertificate",
@@ -8681,7 +14993,10 @@ aws_managed_policies_data = """
"iot:RemoveThingFromThingGroup",
"iot:UpdateCertificate",
"iot:UpdateThing",
- "iot:UpdateThingGroupsForThing"
+ "iot:UpdateThingGroupsForThing",
+ "iot:AddThingToBillingGroup",
+ "iot:DescribeBillingGroup",
+ "iot:RemoveThingFromBillingGroup"
],
"Effect": "Allow",
"Resource": [
@@ -8697,7 +15012,172 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3YQXTC5XAEVTJNEU",
"PolicyName": "AWSIoTThingsRegistration",
- "UpdateDate": "2017-12-01T20:21:52+00:00",
+ "UpdateDate": "2020-10-05T19:20:12+00:00",
+ "VersionId": "v3"
+ },
+ "AWSIoTWirelessDataAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessDataAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-15T15:31:39+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iotwireless:SendDataToWirelessDevice"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HH6GBXNUO",
+ "PolicyName": "AWSIoTWirelessDataAccess",
+ "UpdateDate": "2020-12-15T15:31:39+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTWirelessFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-15T15:27:57+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iotwireless:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4L5RZVVSRQ",
+ "PolicyName": "AWSIoTWirelessFullAccess",
+ "UpdateDate": "2020-12-15T15:27:57+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTWirelessFullPublishAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullPublishAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-15T15:29:59+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iot:DescribeEndpoint",
+ "iot:Publish"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JSRC2FZ22",
+ "PolicyName": "AWSIoTWirelessFullPublishAccess",
+ "UpdateDate": "2020-12-15T15:29:59+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTWirelessGatewayCertManager": {
+ "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessGatewayCertManager",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-15T15:30:48+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iot:CreateKeysAndCertificate",
+ "iot:DescribeCertificate",
+ "iot:ListCertificates"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "IoTWirelessGatewayCertManager"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4O6BH33Y6U",
+ "PolicyName": "AWSIoTWirelessGatewayCertManager",
+ "UpdateDate": "2020-12-15T15:30:48+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTWirelessLogging": {
+ "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessLogging",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-15T15:32:40+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:DescribeLogGroups",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/iotwireless*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4L3X44AIHR",
+ "PolicyName": "AWSIoTWirelessLogging",
+ "UpdateDate": "2020-12-15T15:32:40+00:00",
+ "VersionId": "v1"
+ },
+ "AWSIoTWirelessReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-15T15:28:56+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iotwireless:List*",
+ "iotwireless:Get*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FJYYSL3ZA",
+ "PolicyName": "AWSIoTWirelessReadOnlyAccess",
+ "UpdateDate": "2020-12-15T15:28:56+00:00",
"VersionId": "v1"
},
"AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy": {
@@ -8769,9 +15249,144 @@ aws_managed_policies_data = """
"UpdateDate": "2017-03-07T00:55:11+00:00",
"VersionId": "v2"
},
+ "AWSLakeFormationCrossAccountManager": {
+ "Arn": "arn:aws:iam::aws:policy/AWSLakeFormationCrossAccountManager",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-04T20:59:46+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ram:CreateResourceShare"
+ ],
+ "Condition": {
+ "StringLikeIfExists": {
+ "ram:RequestedResourceType": [
+ "glue:Table",
+ "glue:Database",
+ "glue:Catalog"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ram:UpdateResourceShare",
+ "ram:DeleteResourceShare"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ram:ResourceShareName": [
+ "LakeFormation*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "glue:PutResourcePolicy",
+ "glue:DeleteResourcePolicy",
+ "organizations:DescribeOrganization",
+ "organizations:DescribeAccount",
+ "ram:Get*",
+ "ram:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "organizations:ListRoots",
+ "organizations:ListAccountsForParent",
+ "organizations:ListOrganizationalUnitsForParent"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HPT7Y7QL3",
+ "PolicyName": "AWSLakeFormationCrossAccountManager",
+ "UpdateDate": "2020-12-07T23:11:36+00:00",
+ "VersionId": "v3"
+ },
+ "AWSLakeFormationDataAdmin": {
+ "Arn": "arn:aws:iam::aws:policy/AWSLakeFormationDataAdmin",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-08T17:33:44+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "lakeformation:*",
+ "cloudtrail:DescribeTrails",
+ "cloudtrail:LookupEvents",
+ "glue:GetDatabase",
+ "glue:GetDatabases",
+ "glue:CreateDatabase",
+ "glue:UpdateDatabase",
+ "glue:DeleteDatabase",
+ "glue:GetConnections",
+ "glue:SearchTables",
+ "glue:GetTable",
+ "glue:CreateTable",
+ "glue:UpdateTable",
+ "glue:DeleteTable",
+ "glue:GetTableVersions",
+ "glue:GetPartitions",
+ "glue:GetTables",
+ "glue:GetWorkflow",
+ "glue:ListWorkflows",
+ "glue:BatchGetWorkflows",
+ "glue:DeleteWorkflow",
+ "glue:GetWorkflowRuns",
+ "glue:StartWorkflowRun",
+ "glue:GetWorkflow",
+ "s3:ListBucket",
+ "s3:GetBucketLocation",
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketAcl",
+ "iam:ListUsers",
+ "iam:ListRoles",
+ "iam:GetRole",
+ "iam:GetRolePolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "lakeformation:PutDataLakeSettings"
+ ],
+ "Effect": "Deny",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OWCH3ENIA",
+ "PolicyName": "AWSLakeFormationDataAdmin",
+ "UpdateDate": "2019-12-16T22:41:40+00:00",
+ "VersionId": "v2"
+ },
"AWSLambdaBasicExecutionRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
- "AttachmentCount": 2,
+ "AttachmentCount": 0,
"CreateDate": "2015-04-09T15:03:43+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -8833,14 +15448,16 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-06T00:37:27+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
- "ec2:DeleteNetworkInterface"
+ "ec2:DeleteNetworkInterface",
+ "ec2:AssignPrivateIpAddresses",
+ "ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": "*"
@@ -8854,8 +15471,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJXAW2Q3KPTURUT2QC",
"PolicyName": "AWSLambdaENIManagementAccess",
- "UpdateDate": "2016-12-06T00:37:27+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-10-01T20:07:26+00:00",
+ "VersionId": "v2"
},
"AWSLambdaExecute": {
"Arn": "arn:aws:iam::aws:policy/AWSLambdaExecute",
@@ -9039,6 +15656,42 @@ aws_managed_policies_data = """
"UpdateDate": "2018-11-19T20:09:24+00:00",
"VersionId": "v2"
},
+ "AWSLambdaMSKExecutionRole": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaMSKExecutionRole",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-11T17:35:05+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "kafka:DescribeCluster",
+ "kafka:GetBootstrapBrokers",
+ "ec2:CreateNetworkInterface",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeVpcs",
+ "ec2:DeleteNetworkInterface",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeSecurityGroups",
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FHMXOHIS5",
+ "PolicyName": "AWSLambdaMSKExecutionRole",
+ "UpdateDate": "2020-08-11T17:35:05+00:00",
+ "VersionId": "v1"
+ },
"AWSLambdaReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess",
"AttachmentCount": 0,
@@ -9173,7 +15826,7 @@ aws_managed_policies_data = """
},
"AWSLambdaRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaRole",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2015-02-06T18:41:28+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -9234,7 +15887,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole",
"AttachmentCount": 0,
"CreateDate": "2016-02-11T23:15:26+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -9244,7 +15897,9 @@ aws_managed_policies_data = """
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
- "ec2:DeleteNetworkInterface"
+ "ec2:DeleteNetworkInterface",
+ "ec2:AssignPrivateIpAddresses",
+ "ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": "*"
@@ -9258,14 +15913,137 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJVTME3YLVNL72YR2K",
"PolicyName": "AWSLambdaVPCAccessExecutionRole",
- "UpdateDate": "2016-02-11T23:15:26+00:00",
+ "UpdateDate": "2020-10-15T22:53:03+00:00",
+ "VersionId": "v2"
+ },
+ "AWSLambda_FullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSLambda_FullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-17T21:14:08+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudformation:DescribeStacks",
+ "cloudformation:ListStackResources",
+ "cloudwatch:ListMetrics",
+ "cloudwatch:GetMetricData",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "kms:ListAliases",
+ "iam:GetPolicy",
+ "iam:GetPolicyVersion",
+ "iam:GetRole",
+ "iam:GetRolePolicy",
+ "iam:ListAttachedRolePolicies",
+ "iam:ListRolePolicies",
+ "iam:ListRoles",
+ "lambda:*",
+ "logs:DescribeLogGroups",
+ "states:DescribeStateMachine",
+ "states:ListStateMachines",
+ "tag:GetResources",
+ "xray:GetTraceSummaries",
+ "xray:BatchGetTraces"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "lambda.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:DescribeLogStreams",
+ "logs:GetLogEvents",
+ "logs:FilterLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OXQPYWZ5D",
+ "PolicyName": "AWSLambda_FullAccess",
+ "UpdateDate": "2020-11-17T21:14:08+00:00",
+ "VersionId": "v1"
+ },
+ "AWSLambda_ReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-17T21:10:32+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudformation:DescribeStacks",
+ "cloudformation:ListStackResources",
+ "cloudwatch:GetMetricData",
+ "cloudwatch:ListMetrics",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "kms:ListAliases",
+ "iam:GetPolicy",
+ "iam:GetPolicyVersion",
+ "iam:GetRole",
+ "iam:GetRolePolicy",
+ "iam:ListAttachedRolePolicies",
+ "iam:ListRolePolicies",
+ "iam:ListRoles",
+ "logs:DescribeLogGroups",
+ "lambda:Get*",
+ "lambda:List*",
+ "states:DescribeStateMachine",
+ "states:ListStateMachines",
+ "tag:GetResources",
+ "xray:GetTraceSummaries",
+ "xray:BatchGetTraces"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:DescribeLogStreams",
+ "logs:GetLogEvents",
+ "logs:FilterLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IERNVMNPE",
+ "PolicyName": "AWSLambda_ReadOnlyAccess",
+ "UpdateDate": "2020-11-17T21:10:32+00:00",
"VersionId": "v1"
},
"AWSLicenseManagerMasterAccountRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T19:03:51+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -9392,6 +16170,67 @@ aws_managed_policies_data = """
"*"
],
"Sid": "RAMPermissions3"
+ },
+ {
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "IAMGetRoles"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "cloudformation.amazonaws.com",
+ "glue.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/LicenseManagerServiceResourceDataSyncRole*"
+ ],
+ "Sid": "IAMPassRoles"
+ },
+ {
+ "Action": [
+ "cloudformation:UpdateStack",
+ "cloudformation:CreateStack",
+ "cloudformation:DeleteStack",
+ "cloudformation:DescribeStacks"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*"
+ ],
+ "Sid": "CloudformationPermission"
+ },
+ {
+ "Action": [
+ "glue:CreateTable",
+ "glue:UpdateTable",
+ "glue:DeleteTable",
+ "glue:UpdateJob",
+ "glue:UpdateCrawler"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:catalog",
+ "arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler",
+ "arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob",
+ "arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*",
+ "arn:aws:glue:*:*:table/license_manager_resource_sync/*",
+ "arn:aws:glue:*:*:database/license_manager_resource_inventory_db",
+ "arn:aws:glue:*:*:database/license_manager_resource_sync"
+ ],
+ "Sid": "GlueUpdatePermissions"
}
],
"Version": "2012-10-17"
@@ -9402,19 +16241,20 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIJE2NOZW2BDEHYUH2",
"PolicyName": "AWSLicenseManagerMasterAccountRolePolicy",
- "UpdateDate": "2018-11-26T19:03:51+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-08-29T22:56:41+00:00",
+ "VersionId": "v3"
},
"AWSLicenseManagerMemberAccountRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMemberAccountRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T19:04:32+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
- "license-manager:UpdateLicenseSpecificationsForResource"
+ "license-manager:UpdateLicenseSpecificationsForResource",
+ "license-manager:GetLicenseConfiguration"
],
"Effect": "Allow",
"Resource": [
@@ -9458,14 +16298,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZTYEY2LEGBYAVUY4",
"PolicyName": "AWSLicenseManagerMemberAccountRolePolicy",
- "UpdateDate": "2018-11-26T19:04:32+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-11-15T22:09:32+00:00",
+ "VersionId": "v2"
},
"AWSLicenseManagerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T19:02:53+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -9553,6 +16393,20 @@ aws_managed_policies_data = """
"*"
],
"Sid": "OrganizationPermissions"
+ },
+ {
+ "Action": [
+ "license-manager:GetServiceSettings",
+ "license-manager:GetLicense*",
+ "license-manager:UpdateLicenseSpecificationsForResource",
+ "license-manager:ListUsageForLicenseConfiguration",
+ "license-manager:ListDistributedGrants"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "LicenseManagerPermissions"
}
],
"Version": "2012-10-17"
@@ -9563,7 +16417,43 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIM7JPETWHTYNBQSZE",
"PolicyName": "AWSLicenseManagerServiceRolePolicy",
- "UpdateDate": "2018-11-26T19:02:53+00:00",
+ "UpdateDate": "2020-12-03T08:38:18+00:00",
+ "VersionId": "v3"
+ },
+ "AWSMarketplaceAmiIngestion": {
+ "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceAmiIngestion",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-25T20:55:10+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:ModifySnapshotAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:us-east-1::snapshot/snap-*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeImageAttribute",
+ "ec2:DescribeImages",
+ "ec2:DescribeSnapshotAttribute",
+ "ec2:ModifyImageAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AV3OZYWEM",
+ "PolicyName": "AWSMarketplaceAmiIngestion",
+ "UpdateDate": "2020-09-25T20:55:10+00:00",
"VersionId": "v1"
},
"AWSMarketplaceFullAccess": {
@@ -9812,11 +16702,47 @@ aws_managed_policies_data = """
"UpdateDate": "2018-08-08T21:11:59+00:00",
"VersionId": "v2"
},
+ "AWSMarketplaceLicenseManagementServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceLicenseManagementServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-03T08:33:40+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "organizations:DescribeOrganization",
+ "license-manager:ListReceivedGrants",
+ "license-manager:ListDistributedGrants",
+ "license-manager:GetGrant",
+ "license-manager:CreateGrant",
+ "license-manager:CreateGrantVersion",
+ "license-manager:DeleteGrant",
+ "license-manager:AcceptGrant"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "AllowLicenseManagerActions"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4DTCV6FSO7",
+ "PolicyName": "AWSMarketplaceLicenseManagementServiceRolePolicy",
+ "UpdateDate": "2020-12-03T08:33:40+00:00",
+ "VersionId": "v1"
+ },
"AWSMarketplaceManageSubscriptions": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:32+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -9827,6 +16753,15 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-marketplace:CreatePrivateMarketplaceRequests",
+ "aws-marketplace:ListPrivateMarketplaceRequests",
+ "aws-marketplace:DescribePrivateMarketplaceRequests"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -9837,8 +16772,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJRDW2WIFN7QLUAKBQ",
"PolicyName": "AWSMarketplaceManageSubscriptions",
- "UpdateDate": "2015-02-06T18:40:32+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-10-28T21:49:43+00:00",
+ "VersionId": "v2"
},
"AWSMarketplaceMeteringFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess",
@@ -9866,11 +16801,68 @@ aws_managed_policies_data = """
"UpdateDate": "2016-03-17T22:39:22+00:00",
"VersionId": "v1"
},
+ "AWSMarketplaceMeteringRegisterUsage": {
+ "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-21T01:17:54+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aws-marketplace:RegisterUsage"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OIHJX73MZ",
+ "PolicyName": "AWSMarketplaceMeteringRegisterUsage",
+ "UpdateDate": "2019-11-21T01:17:54+00:00",
+ "VersionId": "v1"
+ },
+ "AWSMarketplaceProcurementSystemAdminFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceProcurementSystemAdminFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-25T13:07:47+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aws-marketplace:PutProcurementSystemConfiguration",
+ "aws-marketplace:DescribeProcurementSystemConfiguration",
+ "organizations:Describe*",
+ "organizations:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FIYNR3TC4",
+ "PolicyName": "AWSMarketplaceProcurementSystemAdminFullAccess",
+ "UpdateDate": "2019-06-25T13:07:47+00:00",
+ "VersionId": "v1"
+ },
"AWSMarketplaceRead-only": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceRead-only",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:31+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -9899,6 +16891,14 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-marketplace:ListPrivateMarketplaceRequests",
+ "aws-marketplace:DescribePrivateMarketplaceRequests"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -9909,14 +16909,175 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJOOM6LETKURTJ3XZ2",
"PolicyName": "AWSMarketplaceRead-only",
- "UpdateDate": "2018-07-31T23:24:24+00:00",
+ "UpdateDate": "2019-10-28T21:51:31+00:00",
+ "VersionId": "v3"
+ },
+ "AWSMarketplaceSellerFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-02T20:40:09+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aws-marketplace-management:uploadFiles",
+ "aws-marketplace-management:viewMarketing",
+ "aws-marketplace-management:viewReports",
+ "aws-marketplace-management:viewSupport",
+ "aws-marketplace-management:viewSettings",
+ "aws-marketplace:ListChangeSets",
+ "aws-marketplace:DescribeChangeSet",
+ "aws-marketplace:StartChangeSet",
+ "aws-marketplace:CancelChangeSet",
+ "aws-marketplace:ListEntities",
+ "aws-marketplace:DescribeEntity",
+ "aws-marketplace:ListTasks",
+ "aws-marketplace:DescribeTask",
+ "aws-marketplace:UpdateTask",
+ "aws-marketplace:CompleteTask",
+ "ec2:DescribeImages",
+ "ec2:DescribeSnapshots",
+ "ec2:ModifyImageAttribute",
+ "ec2:ModifySnapshotAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "aws-marketplace:SearchAgreements",
+ "aws-marketplace:DescribeAgreement",
+ "aws-marketplace:GetAgreementTerms"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws-marketplace:AgreementType": [
+ "PurchaseAgreement"
+ ]
+ },
+ "StringEquals": {
+ "aws-marketplace:PartyType": "Proposer"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:GetRole",
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "assets.marketplace.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JF7OFUANW",
+ "PolicyName": "AWSMarketplaceSellerFullAccess",
+ "UpdateDate": "2020-10-09T22:23:38+00:00",
+ "VersionId": "v4"
+ },
+ "AWSMarketplaceSellerProductsFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-02T21:06:25+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aws-marketplace:ListChangeSets",
+ "aws-marketplace:DescribeChangeSet",
+ "aws-marketplace:StartChangeSet",
+ "aws-marketplace:CancelChangeSet",
+ "aws-marketplace:ListEntities",
+ "aws-marketplace:DescribeEntity",
+ "aws-marketplace:ListTasks",
+ "aws-marketplace:DescribeTask",
+ "aws-marketplace:UpdateTask",
+ "aws-marketplace:CompleteTask",
+ "ec2:DescribeImages",
+ "ec2:DescribeSnapshots",
+ "ec2:ModifyImageAttribute",
+ "ec2:ModifySnapshotAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:GetRole",
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "assets.marketplace.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4DS2YFEG4N",
+ "PolicyName": "AWSMarketplaceSellerProductsFullAccess",
+ "UpdateDate": "2020-10-09T22:22:38+00:00",
+ "VersionId": "v3"
+ },
+ "AWSMarketplaceSellerProductsReadOnly": {
+ "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsReadOnly",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-02T21:40:47+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aws-marketplace:ListChangeSets",
+ "aws-marketplace:DescribeChangeSet",
+ "aws-marketplace:ListEntities",
+ "aws-marketplace:DescribeEntity",
+ "aws-marketplace:ListTasks",
+ "aws-marketplace:DescribeTask",
+ "ec2:DescribeImages",
+ "ec2:DescribeSnapshots"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4K5Y2Q5F7D",
+ "PolicyName": "AWSMarketplaceSellerProductsReadOnly",
+ "UpdateDate": "2020-03-05T23:11:53+00:00",
"VersionId": "v2"
},
"AWSMigrationHubDMSAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDMSAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T14:00:06+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -9946,7 +17107,8 @@ aws_managed_policies_data = """
},
{
"Action": [
- "mgh:ListMigrationTasks"
+ "mgh:ListMigrationTasks",
+ "mgh:GetHomeRegion"
],
"Effect": "Allow",
"Resource": "*"
@@ -9960,14 +17122,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUQB56VA4JHLN7G2W",
"PolicyName": "AWSMigrationHubDMSAccess",
- "UpdateDate": "2017-08-14T14:00:06+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-10-07T17:51:53+00:00",
+ "VersionId": "v2"
},
"AWSMigrationHubDiscoveryAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDiscoveryAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T13:30:51+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -9979,6 +17141,41 @@ aws_managed_policies_data = """
"Resource": [
"*"
]
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": "aws:migrationhub:source-id"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*",
+ "arn:aws:ec2:*:*:image/*",
+ "arn:aws:ec2:*:*:volume/*"
+ ]
+ },
+ {
+ "Action": "dms:AddTagsToResource",
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": "aws:migrationhub:source-id"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:dms:*:*:endpoint:*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:DescribeInstanceAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
}
],
"Version": "2012-10-17"
@@ -9989,14 +17186,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAITRMRLSV7JAL6YIGG",
"PolicyName": "AWSMigrationHubDiscoveryAccess",
- "UpdateDate": "2017-08-14T13:30:51+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-08-06T17:34:42+00:00",
+ "VersionId": "v3"
},
"AWSMigrationHubFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMigrationHubFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T14:02:54+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -10031,6 +17228,20 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "migrationhub.amazonaws.com",
+ "dmsintegration.migrationhub.amazonaws.com",
+ "smsintegration.migrationhub.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -10041,14 +17252,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ4A2SZKHUYHDYIGOK",
"PolicyName": "AWSMigrationHubFullAccess",
- "UpdateDate": "2018-08-16T20:29:37+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-06-19T21:14:41+00:00",
+ "VersionId": "v4"
},
"AWSMigrationHubSMSAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubSMSAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T13:57:54+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -10078,7 +17289,8 @@ aws_managed_policies_data = """
},
{
"Action": [
- "mgh:ListMigrationTasks"
+ "mgh:ListMigrationTasks",
+ "mgh:GetHomeRegion"
],
"Effect": "Allow",
"Resource": "*"
@@ -10092,23 +17304,20 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWQYYT6TSVIRJO4TY",
"PolicyName": "AWSMigrationHubSMSAccess",
- "UpdateDate": "2017-08-14T13:57:54+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-10-07T18:01:22+00:00",
+ "VersionId": "v2"
},
"AWSMobileHub_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-01-05T19:56:01+00:00",
- "DefaultVersionId": "v13",
+ "DefaultVersionId": "v14",
"Document": {
"Statement": [
{
"Action": [
"apigateway:GET",
- "apigateway:GetRestApis",
- "apigateway:GetResources",
"apigateway:POST",
- "apigateway:TestInvokeMethod",
"cloudfront:GetDistribution",
"devicefarm:CreateProject",
"devicefarm:ListJobs",
@@ -10133,26 +17342,7 @@ aws_managed_policies_data = """
"lex:GetBots",
"lex:GetBotAlias",
"lex:GetBotAliases",
- "mobilehub:CreateProject",
- "mobilehub:DeleteProject",
- "mobilehub:UpdateProject",
- "mobilehub:ExportProject",
- "mobilehub:ImportProject",
- "mobilehub:SynchronizeProject",
- "mobilehub:GenerateProjectParameters",
- "mobilehub:GetProject",
- "mobilehub:GetProjectSnapshot",
- "mobilehub:ListProjectSnapshots",
- "mobilehub:DeleteProjectSnapshot",
- "mobilehub:ListAvailableConnectors",
- "mobilehub:ListAvailableFeatures",
- "mobilehub:ListAvailableRegions",
- "mobilehub:ListProjects",
- "mobilehub:ValidateProject",
- "mobilehub:VerifyServiceRole",
- "mobilehub:DescribeBundle",
- "mobilehub:ExportBundle",
- "mobilehub:ListBundles"
+ "mobilehub:*"
],
"Effect": "Allow",
"Resource": "*"
@@ -10187,8 +17377,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIJLU43R6AGRBK76DM",
"PolicyName": "AWSMobileHub_FullAccess",
- "UpdateDate": "2018-02-05T23:44:29+00:00",
- "VersionId": "v13"
+ "UpdateDate": "2019-12-19T23:15:52+00:00",
+ "VersionId": "v14"
},
"AWSMobileHub_ReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly",
@@ -10249,11 +17439,168 @@ aws_managed_policies_data = """
"UpdateDate": "2018-07-23T21:59:05+00:00",
"VersionId": "v10"
},
+ "AWSNetworkFirewallServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkFirewallServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-17T17:17:26+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ec2:CreateVpcEndpoint",
+ "ec2:DescribeVpcEndpoints"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:RequestTag/AWSNetworkFirewallManaged": "true",
+ "ec2:CreateAction": "CreateVpcEndpoint"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
+ },
+ {
+ "Action": [
+ "ec2:DeleteVpcEndpoints"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:ResourceTag/AWSNetworkFirewallManaged": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4DF6QQZAL3",
+ "PolicyName": "AWSNetworkFirewallServiceRolePolicy",
+ "UpdateDate": "2020-11-17T17:17:26+00:00",
+ "VersionId": "v1"
+ },
+ "AWSNetworkManagerFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T17:37:58+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "networkmanager:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "networkmanager.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ARXJ4NU7I",
+ "PolicyName": "AWSNetworkManagerFullAccess",
+ "UpdateDate": "2019-12-03T17:37:58+00:00",
+ "VersionId": "v1"
+ },
+ "AWSNetworkManagerReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T17:35:05+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "networkmanager:Describe*",
+ "networkmanager:Get*",
+ "networkmanager:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LZFJOS62Z",
+ "PolicyName": "AWSNetworkManagerReadOnlyAccess",
+ "UpdateDate": "2019-12-03T17:35:05+00:00",
+ "VersionId": "v1"
+ },
+ "AWSNetworkManagerServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkManagerServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T14:03:35+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "directconnect:DescribeConnections",
+ "directconnect:DescribeDirectConnectGatewayAttachments",
+ "directconnect:DescribeLocations",
+ "directconnect:DescribeVirtualInterfaces",
+ "ec2:DescribeCustomerGateways",
+ "ec2:DescribeTransitGatewayAttachments",
+ "ec2:DescribeTransitGatewayRouteTables",
+ "ec2:DescribeTransitGateways",
+ "ec2:DescribeVpnConnections",
+ "ec2:GetTransitGatewayRouteTableAssociations",
+ "ec2:SearchTransitGatewayRoutes",
+ "ec2:DescribeTransitGatewayPeeringAttachments",
+ "ec2:DescribeTransitGatewayConnects",
+ "ec2:DescribeTransitGatewayConnectPeers"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4B346KOB7I",
+ "PolicyName": "AWSNetworkManagerServiceRolePolicy",
+ "UpdateDate": "2020-12-10T12:06:22+00:00",
+ "VersionId": "v3"
+ },
"AWSOpsWorksCMInstanceProfileRole": {
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole",
"AttachmentCount": 0,
"CreateDate": "2016-11-24T09:48:22+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -10278,6 +17625,16 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::aws-opsworks-cm-*"
+ },
+ {
+ "Action": "acm:GetCertificate",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "secretsmanager:GetSecretValue",
+ "Effect": "Allow",
+ "Resource": "arn:aws:secretsmanager:*:*:aws-opsworks-cm-secrets-*"
}
],
"Version": "2012-10-17"
@@ -10288,14 +17645,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICSU3OSHCURP2WIZW",
"PolicyName": "AWSOpsWorksCMInstanceProfileRole",
- "UpdateDate": "2017-11-03T12:01:32+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2021-01-12T09:37:42+00:00",
+ "VersionId": "v4"
},
"AWSOpsWorksCMServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole",
"AttachmentCount": 0,
"CreateDate": "2016-11-24T09:49:46+00:00",
- "DefaultVersionId": "v8",
+ "DefaultVersionId": "v13",
"Document": {
"Statement": [
{
@@ -10304,17 +17661,27 @@ aws_managed_policies_data = """
"s3:DeleteObject",
"s3:DeleteBucket",
"s3:GetObject",
- "s3:HeadBucket",
"s3:ListBucket",
- "s3:ListObjects",
"s3:PutBucketPolicy",
- "s3:PutObject"
+ "s3:PutObject",
+ "s3:GetBucketTagging",
+ "s3:PutBucketTagging"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-opsworks-cm-*"
]
},
+ {
+ "Action": [
+ "tag:UntagResources",
+ "tag:TagResources"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
{
"Action": [
"ssm:DescribeInstanceInformation",
@@ -10429,6 +17796,35 @@ aws_managed_policies_data = """
"arn:aws:iam::*:role/aws-opsworks-cm-*",
"arn:aws:iam::*:role/service-role/aws-opsworks-cm-*"
]
+ },
+ {
+ "Action": [
+ "acm:DeleteCertificate",
+ "acm:ImportCertificate"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "secretsmanager:CreateSecret",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:UpdateSecret",
+ "secretsmanager:DeleteSecret",
+ "secretsmanager:TagResource",
+ "secretsmanager:UntagResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:secretsmanager:*:*:aws-opsworks-cm-secrets-*"
+ },
+ {
+ "Action": "ec2:DeleteTags",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*",
+ "arn:aws:ec2:*:*:elastic-ip/*",
+ "arn:aws:ec2:*:*:security-group/*"
+ ]
}
],
"Version": "2012-10-17"
@@ -10439,8 +17835,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6I6MPGJE62URSHCO",
"PolicyName": "AWSOpsWorksCMServiceRole",
- "UpdateDate": "2019-02-21T15:15:07+00:00",
- "VersionId": "v8"
+ "UpdateDate": "2021-01-06T15:08:35+00:00",
+ "VersionId": "v13"
},
"AWSOpsWorksCloudWatchLogs": {
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs",
@@ -10544,17 +17940,59 @@ aws_managed_policies_data = """
"UpdateDate": "2016-06-03T14:23:15+00:00",
"VersionId": "v1"
},
- "AWSOpsWorksRegisterCLI": {
- "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI",
+ "AWSOpsWorksRegisterCLI_EC2": {
+ "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_EC2",
"AttachmentCount": 0,
- "CreateDate": "2015-02-06T18:40:49+00:00",
+ "CreateDate": "2019-06-18T15:56:17+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "opsworks:AssignInstance",
+ "opsworks:CreateLayer",
+ "opsworks:DeregisterInstance",
+ "opsworks:DescribeInstances",
+ "opsworks:DescribeStackProvisioningParameters",
+ "opsworks:DescribeStacks",
+ "opsworks:UnassignInstance"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:DescribeInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NCE3CMCRC",
+ "PolicyName": "AWSOpsWorksRegisterCLI_EC2",
+ "UpdateDate": "2019-06-18T15:56:17+00:00",
+ "VersionId": "v1"
+ },
+ "AWSOpsWorksRegisterCLI_OnPremises": {
+ "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_OnPremises",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-18T15:33:16+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"opsworks:AssignInstance",
- "opsworks:CreateStack",
"opsworks:CreateLayer",
"opsworks:DeregisterInstance",
"opsworks:DescribeInstances",
@@ -10578,17 +18016,36 @@ aws_managed_policies_data = """
},
{
"Action": [
- "iam:AddUserToGroup",
- "iam:CreateAccessKey",
"iam:CreateGroup",
- "iam:CreateUser",
- "iam:ListInstanceProfiles",
- "iam:PassRole",
- "iam:PutUserPolicy"
+ "iam:AddUserToGroup"
],
"Effect": "Allow",
"Resource": [
- "*"
+ "arn:aws:iam::*:group/AWS/OpsWorks/OpsWorks-*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:CreateUser",
+ "iam:CreateAccessKey"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:AttachUserPolicy"
+ ],
+ "Condition": {
+ "ArnEquals": {
+ "iam:PolicyARN": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*"
]
}
],
@@ -10598,9 +18055,9 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAJ3AB5ZBFPCQGTVDU4",
- "PolicyName": "AWSOpsWorksRegisterCLI",
- "UpdateDate": "2015-02-06T18:40:49+00:00",
+ "PolicyId": "ANPAZKAPJZG4EZJ5DYEPG",
+ "PolicyName": "AWSOpsWorksRegisterCLI_OnPremises",
+ "UpdateDate": "2019-06-18T15:33:16+00:00",
"VersionId": "v1"
},
"AWSOpsWorksRole": {
@@ -10647,6 +18104,60 @@ aws_managed_policies_data = """
"UpdateDate": "2015-02-06T18:41:27+00:00",
"VersionId": "v1"
},
+ "AWSOpsWorks_FullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSOpsWorks_FullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-01-22T16:29:08+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudwatch:GetMetricStatistics",
+ "ec2:DescribeAccountAttributes",
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeInstances",
+ "ec2:DescribeKeyPairs",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "elasticloadbalancing:DescribeInstanceHealth",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "iam:GetRolePolicy",
+ "iam:ListInstanceProfiles",
+ "iam:ListRoles",
+ "iam:ListUsers",
+ "opsworks:*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "opsworks.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4D626GOURR",
+ "PolicyName": "AWSOpsWorks_FullAccess",
+ "UpdateDate": "2021-01-22T16:29:08+00:00",
+ "VersionId": "v1"
+ },
"AWSOrganizationsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
"AttachmentCount": 0,
@@ -10700,7 +18211,7 @@ aws_managed_policies_data = """
},
"AWSOrganizationsServiceTrustPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2017-10-10T23:04:07+00:00",
"DefaultVersionId": "v2",
"Document": {
@@ -10735,6 +18246,507 @@ aws_managed_policies_data = """
"UpdateDate": "2017-11-01T06:01:18+00:00",
"VersionId": "v2"
},
+ "AWSOutpostsServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOutpostsServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-09T22:55:56+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",
+ "ec2:CreateNetworkInterface",
+ "ec2:CreateSecurityGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NM7FW2RO7",
+ "PolicyName": "AWSOutpostsServiceRolePolicy",
+ "UpdateDate": "2020-11-09T22:55:56+00:00",
+ "VersionId": "v1"
+ },
+ "AWSPanoramaApplianceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T13:13:18+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*",
+ "Sid": "PanoramaDeviceCreateLogStream"
+ },
+ {
+ "Action": "logs:CreateLogGroup",
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*",
+ "Sid": "PanoramaDeviceCreateLogGroup"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CWIHTBB4Y",
+ "PolicyName": "AWSPanoramaApplianceRolePolicy",
+ "UpdateDate": "2020-12-01T13:13:18+00:00",
+ "VersionId": "v1"
+ },
+ "AWSPanoramaFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSPanoramaFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T13:12:47+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "panorama:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IAPULBSWQ",
+ "PolicyName": "AWSPanoramaFullAccess",
+ "UpdateDate": "2020-12-01T13:12:47+00:00",
+ "VersionId": "v1"
+ },
+ "AWSPanoramaGreengrassGroupRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaGreengrassGroupRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T13:10:22+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:ListBucket",
+ "s3:GetBucket*",
+ "s3:GetObject",
+ "s3:PutObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*aws-panorama*"
+ ],
+ "Sid": "PanoramaS3Access"
+ },
+ {
+ "Action": "cloudwatch:PutDashboard",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudwatch::*:dashboard/panorama*"
+ ],
+ "Sid": "PanoramaCLoudWatchPutDashboard"
+ },
+ {
+ "Action": "cloudwatch:PutMetricData",
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "PanoramaCloudWatchPutMetricData"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents",
+ "logs:CreateLogGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*",
+ "Sid": "PanoramaGreenGrassCloudWatchAccess"
+ },
+ {
+ "Action": [
+ "panorama:*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "PanoramaAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IRCPXKCEG",
+ "PolicyName": "AWSPanoramaGreengrassGroupRolePolicy",
+ "UpdateDate": "2021-01-06T19:30:35+00:00",
+ "VersionId": "v2"
+ },
+ "AWSPanoramaSageMakerRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaSageMakerRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T13:13:54+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:PutObject",
+ "s3:GetBucket*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*aws-panorama*"
+ ],
+ "Sid": "PanoramaSageMakerS3Access"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4O23KYQMI2",
+ "PolicyName": "AWSPanoramaSageMakerRolePolicy",
+ "UpdateDate": "2020-12-01T13:13:54+00:00",
+ "VersionId": "v1"
+ },
+ "AWSPanoramaServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T13:14:43+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iot:CreateThing",
+ "iot:DeleteThing",
+ "iot:DeleteThingShadow",
+ "iot:DescribeThing",
+ "iot:GetThingShadow",
+ "iot:UpdateThing",
+ "iot:UpdateThingShadow"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:thing/panorama*"
+ ],
+ "Sid": "PanoramaIoTThingAccess"
+ },
+ {
+ "Action": [
+ "iot:AttachThingPrincipal",
+ "iot:DetachThingPrincipal",
+ "iot:UpdateCertificate",
+ "iot:DeleteCertificate",
+ "iot:AttachPrincipalPolicy",
+ "iot:DetachPrincipalPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:thing/panorama*",
+ "arn:aws:iot:*:*:cert/*"
+ ],
+ "Sid": "PanoramaIoTCertificateAccess"
+ },
+ {
+ "Action": [
+ "iot:CreateKeysAndCertificate",
+ "iot:CreatePolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "PanoramaIoTCreateCertificateAndPolicyAccess"
+ },
+ {
+ "Action": [
+ "iot:CreatePolicyVersion"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:policy/panorama*"
+ ],
+ "Sid": "PanoramaIoTCreatePolicyVersionAccess"
+ },
+ {
+ "Action": [
+ "iot:DescribeJobExecution",
+ "iot:CreateJob",
+ "iot:DeleteJob"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:job/panorama*",
+ "arn:aws:iot:*:*:thing/panorama*"
+ ],
+ "Sid": "PanoramaIoTJobAccess"
+ },
+ {
+ "Action": [
+ "iot:DescribeEndpoint"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "PanoramaIoTEndpointAccess"
+ },
+ {
+ "Action": [
+ "panorama:Describe*",
+ "panorama:List*",
+ "panorama:Get*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "PanoramaAccess"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:PutObject",
+ "s3:DeleteObject",
+ "s3:DeleteBucket",
+ "s3:ListBucket",
+ "s3:GetBucket*",
+ "s3:CreateBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*aws-panorama*"
+ ],
+ "Sid": "PanoramaS3Access"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "sagemaker.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/AWSPanoramaSageMakerRole",
+ "arn:aws:iam::*:role/service-role/AWSPanoramaSageMakerRole"
+ ],
+ "Sid": "PanoramaIAMPassSageMakerRoleAccess"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "greengrass.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/AWSPanoramaGreengrassGroupRole",
+ "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassGroupRole",
+ "arn:aws:iam::*:role/AWSPanoramaGreengrassRole",
+ "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassRole"
+ ],
+ "Sid": "PanoramaIAMPassGreengrassRoleAccess"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEqualsIfExists": {
+ "iam:PassedToService": "iot.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/AWSPanoramaApplianceRole",
+ "arn:aws:iam::*:role/service-role/AWSPanoramaApplianceRole"
+ ],
+ "Sid": "PanoramaIAMPassIoTRoleAccess"
+ },
+ {
+ "Action": [
+ "greengrass:AssociateRoleToGroup",
+ "greengrass:AssociateServiceRoleToAccount",
+ "greengrass:CreateResourceDefinition",
+ "greengrass:CreateResourceDefinitionVersion",
+ "greengrass:CreateCoreDefinition",
+ "greengrass:CreateCoreDefinitionVersion",
+ "greengrass:CreateDeployment",
+ "greengrass:CreateFunctionDefinition",
+ "greengrass:CreateFunctionDefinitionVersion",
+ "greengrass:CreateGroup",
+ "greengrass:CreateGroupCertificateAuthority",
+ "greengrass:CreateGroupVersion",
+ "greengrass:CreateLoggerDefinition",
+ "greengrass:CreateLoggerDefinitionVersion",
+ "greengrass:CreateSubscriptionDefinition",
+ "greengrass:CreateSubscriptionDefinitionVersion",
+ "greengrass:DeleteCoreDefinition",
+ "greengrass:DeleteFunctionDefinition",
+ "greengrass:DeleteResourceDefinition",
+ "greengrass:DeleteGroup",
+ "greengrass:DeleteLoggerDefinition",
+ "greengrass:DeleteSubscriptionDefinition",
+ "greengrass:DisassociateRoleFromGroup",
+ "greengrass:DisassociateServiceRoleFromAccount",
+ "greengrass:GetAssociatedRole",
+ "greengrass:GetConnectivityInfo",
+ "greengrass:GetCoreDefinition",
+ "greengrass:GetCoreDefinitionVersion",
+ "greengrass:GetDeploymentStatus",
+ "greengrass:GetDeviceDefinition",
+ "greengrass:GetDeviceDefinitionVersion",
+ "greengrass:GetFunctionDefinition",
+ "greengrass:GetFunctionDefinitionVersion",
+ "greengrass:GetGroup",
+ "greengrass:GetGroupCertificateAuthority",
+ "greengrass:GetGroupCertificateConfiguration",
+ "greengrass:GetGroupVersion",
+ "greengrass:GetLoggerDefinition",
+ "greengrass:GetLoggerDefinitionVersion",
+ "greengrass:GetResourceDefinition",
+ "greengrass:GetServiceRoleForAccount",
+ "greengrass:GetSubscriptionDefinition",
+ "greengrass:GetSubscriptionDefinitionVersion",
+ "greengrass:ListCoreDefinitionVersions",
+ "greengrass:ListCoreDefinitions",
+ "greengrass:ListDeployments",
+ "greengrass:ListDeviceDefinitionVersions",
+ "greengrass:ListDeviceDefinitions",
+ "greengrass:ListFunctionDefinitionVersions",
+ "greengrass:ListFunctionDefinitions",
+ "greengrass:ListGroupCertificateAuthorities",
+ "greengrass:ListGroupVersions",
+ "greengrass:ListGroups",
+ "greengrass:ListLoggerDefinitionVersions",
+ "greengrass:ListLoggerDefinitions",
+ "greengrass:ListSubscriptionDefinitionVersions",
+ "greengrass:ListSubscriptionDefinitions",
+ "greengrass:ResetDeployments",
+ "greengrass:UpdateConnectivityInfo",
+ "greengrass:UpdateCoreDefinition",
+ "greengrass:UpdateDeviceDefinition",
+ "greengrass:UpdateFunctionDefinition",
+ "greengrass:UpdateGroup",
+ "greengrass:UpdateGroupCertificateConfiguration",
+ "greengrass:UpdateLoggerDefinition",
+ "greengrass:UpdateSubscriptionDefinition",
+ "greengrass:UpdateResourceDefinition"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "PanoramaGreenGrassAccess"
+ },
+ {
+ "Action": [
+ "lambda:GetFunction",
+ "lambda:GetFunctionConfiguration",
+ "lambda:ListFunctions",
+ "lambda:ListVersionsByFunction"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:function:*"
+ ],
+ "Sid": "PanoramaLambdaUsersFunctionAccess"
+ },
+ {
+ "Action": [
+ "sagemaker:CreateTrainingJob",
+ "sagemaker:StopTrainingJob",
+ "sagemaker:CreateCompilationJob",
+ "sagemaker:DescribeCompilationJob",
+ "sagemaker:StopCompilationJob"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sagemaker:*:*:training-job/panorama*",
+ "arn:aws:sagemaker:*:*:compilation-job/panorama*"
+ ],
+ "Sid": "PanoramaSageMakerWriteAccess"
+ },
+ {
+ "Action": [
+ "sagemaker:ListCompilationJobs"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "PanoramaSageMakerListAccess"
+ },
+ {
+ "Action": [
+ "sagemaker:DescribeTrainingJob"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sagemaker:*:*:training-job/*"
+ ],
+ "Sid": "PanoramaSageMakerReadAccess"
+ },
+ {
+ "Action": [
+ "iot:AttachPolicy",
+ "iot:CreateRoleAlias"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:policy/panorama*",
+ "arn:aws:iot:*:*:rolealias/panorama*"
+ ],
+ "Sid": "PanoramaCWLogsAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4G7G35B6C5",
+ "PolicyName": "AWSPanoramaServiceRolePolicy",
+ "UpdateDate": "2020-12-01T13:14:43+00:00",
+ "VersionId": "v1"
+ },
"AWSPriceListServiceFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess",
"AttachmentCount": 0,
@@ -10765,27 +18777,43 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceAdminFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T16:32:32+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:CreatePrivateMarketplace",
- "aws-marketplace:CreatePrivateMarketplaceProfile",
- "aws-marketplace:UpdatePrivateMarketplaceProfile",
"aws-marketplace:StartPrivateMarketplace",
"aws-marketplace:StopPrivateMarketplace",
+ "aws-marketplace:DescribePrivateMarketplaceStatus",
"aws-marketplace:AssociateProductsWithPrivateMarketplace",
"aws-marketplace:DisassociateProductsFromPrivateMarketplace",
- "aws-marketplace:DescribePrivateMarketplaceProfile",
- "aws-marketplace:DescribePrivateMarketplaceStatus",
"aws-marketplace:ListPrivateMarketplaceProducts",
- "aws-marketplace:DescribePrivateMarketplaceProducts"
+ "aws-marketplace:DescribePrivateMarketplaceProducts",
+ "aws-marketplace:ListPrivateMarketplaceRequests",
+ "aws-marketplace:DescribePrivateMarketplaceRequests",
+ "aws-marketplace:UpdatePrivateMarketplaceSettings",
+ "aws-marketplace:DescribePrivateMarketplaceSettings",
+ "aws-marketplace:CreatePrivateMarketplaceProfile",
+ "aws-marketplace:UpdatePrivateMarketplaceProfile",
+ "aws-marketplace:DescribePrivateMarketplaceProfile"
],
"Effect": "Allow",
"Resource": [
"*"
]
+ },
+ {
+ "Action": [
+ "aws-marketplace:ListEntities",
+ "aws-marketplace:DescribeEntity",
+ "aws-marketplace:StartChangeSet",
+ "aws-marketplace:ListChangeSets",
+ "aws-marketplace:DescribeChangeSet",
+ "aws-marketplace:CancelChangeSet"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -10796,7 +18824,208 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6VRZDDCYDOVCOCEI",
"PolicyName": "AWSPrivateMarketplaceAdminFullAccess",
- "UpdateDate": "2018-11-27T16:32:32+00:00",
+ "UpdateDate": "2020-12-03T15:12:31+00:00",
+ "VersionId": "v3"
+ },
+ "AWSPrivateMarketplaceRequests": {
+ "Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceRequests",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-10-28T21:44:03+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aws-marketplace:CreatePrivateMarketplaceRequests",
+ "aws-marketplace:ListPrivateMarketplaceRequests",
+ "aws-marketplace:DescribePrivateMarketplaceRequests"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AV6W3DAIW",
+ "PolicyName": "AWSPrivateMarketplaceRequests",
+ "UpdateDate": "2019-10-28T21:44:03+00:00",
+ "VersionId": "v1"
+ },
+ "AWSProtonDeveloperAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSProtonDeveloperAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-17T19:02:08+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "proton:ListServiceTemplates",
+ "proton:ListServiceTemplateMajorVersions",
+ "proton:ListServiceTemplateMinorVersions",
+ "proton:ListServices",
+ "proton:ListServiceInstances",
+ "proton:ListEnvironments",
+ "proton:GetServiceTemplate",
+ "proton:GetServiceTemplateMajorVersion",
+ "proton:GetServiceTemplateMinorVersion",
+ "proton:GetService",
+ "proton:GetServiceInstance",
+ "proton:GetEnvironment",
+ "proton:CreateService",
+ "proton:UpdateService",
+ "proton:UpdateServiceInstance",
+ "proton:UpdateServicePipeline",
+ "proton:DeleteService",
+ "codestar-connections:ListConnections"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "codestar-connections:PassConnection"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "codestar-connections:PassedToService": "proton.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:codestar-connections:*:*:connection/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FWOFPRNSU",
+ "PolicyName": "AWSProtonDeveloperAccess",
+ "UpdateDate": "2021-02-17T19:02:08+00:00",
+ "VersionId": "v1"
+ },
+ "AWSProtonFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSProtonFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-17T19:07:18+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "proton:*",
+ "codestar-connections:ListConnections",
+ "kms:ListAliases",
+ "kms:DescribeKey"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:CreateGrant"
+ ],
+ "Condition": {
+ "StringLike": {
+ "kms:ViaService": "proton.*.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "proton.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "codestar-connections:PassConnection"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "codestar-connections:PassedToService": "proton.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:codestar-connections:*:*:connection/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IOK6P734E",
+ "PolicyName": "AWSProtonFullAccess",
+ "UpdateDate": "2021-02-17T19:07:18+00:00",
+ "VersionId": "v1"
+ },
+ "AWSProtonReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSProtonReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-17T19:09:12+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": {
+ "Action": [
+ "proton:List*",
+ "proton:Get*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4DW2EHEZB3",
+ "PolicyName": "AWSProtonReadOnlyAccess",
+ "UpdateDate": "2021-02-17T19:09:12+00:00",
+ "VersionId": "v1"
+ },
+ "AWSPurchaseOrdersServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSPurchaseOrdersServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-06T18:15:47+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aws-portal:*Billing",
+ "awsbillingconsole:*Billing",
+ "purchase-orders:*PurchaseOrders"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KQXTYO5FP",
+ "PolicyName": "AWSPurchaseOrdersServiceRolePolicy",
+ "UpdateDate": "2020-05-06T18:15:47+00:00",
"VersionId": "v1"
},
"AWSQuickSightDescribeRDS": {
@@ -10851,6 +19080,60 @@ aws_managed_policies_data = """
"UpdateDate": "2015-11-10T23:25:01+00:00",
"VersionId": "v1"
},
+ "AWSQuickSightElasticsearchPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-09T17:27:19+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "es:ESHttpGet"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:es:*:*:domain/*/",
+ "arn:aws:es:*:*:domain/*/_cluster/settings",
+ "arn:aws:es:*:*:domain/*/_cat/indices"
+ ]
+ },
+ {
+ "Action": "es:ListDomainNames",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "es:DescribeElasticsearchDomain"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:es:*:*:domain/*"
+ ]
+ },
+ {
+ "Action": [
+ "es:ESHttpPost",
+ "es:ESHttpGet"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:es:*:*:domain/*/_opendistro/_sql"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BLUM3JVIN",
+ "PolicyName": "AWSQuickSightElasticsearchPolicy",
+ "UpdateDate": "2020-10-15T17:09:55+00:00",
+ "VersionId": "v2"
+ },
"AWSQuickSightIoTAnalyticsAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess",
"AttachmentCount": 0,
@@ -10905,11 +19188,83 @@ aws_managed_policies_data = """
"UpdateDate": "2015-11-10T23:25:07+00:00",
"VersionId": "v1"
},
+ "AWSQuickSightSageMakerPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-01-17T17:18:13+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sagemaker:DescribeTransformJob",
+ "sagemaker:StopTransformJob",
+ "sagemaker:CreateTransformJob"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*"
+ },
+ {
+ "Action": "sagemaker:ListModels",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "s3:GetObject",
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::quicksight-ml.*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MCLBVDT2I",
+ "PolicyName": "AWSQuickSightSageMakerPolicy",
+ "UpdateDate": "2020-01-17T17:18:13+00:00",
+ "VersionId": "v1"
+ },
+ "AWSQuickSightTimestreamPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-30T21:47:03+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "timestream:Select",
+ "timestream:CancelQuery",
+ "timestream:ListTables",
+ "timestream:ListDatabases",
+ "timestream:ListMeasures",
+ "timestream:DescribeTable",
+ "timestream:DescribeDatabase",
+ "timestream:SelectValues",
+ "timestream:DescribeEndpoints"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CFKVDHQJH",
+ "PolicyName": "AWSQuickSightTimestreamPolicy",
+ "UpdateDate": "2020-09-30T21:47:03+00:00",
+ "VersionId": "v1"
+ },
"AWSQuicksightAthenaAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-09T02:31:03+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v9",
"Document": {
"Statement": [
{
@@ -10930,7 +19285,16 @@ aws_managed_policies_data = """
"athena:ListQueryExecutions",
"athena:RunQuery",
"athena:StartQueryExecution",
- "athena:StopQueryExecution"
+ "athena:StopQueryExecution",
+ "athena:ListWorkGroups",
+ "athena:ListEngineVersions",
+ "athena:GetWorkGroup",
+ "athena:GetDataCatalog",
+ "athena:GetDatabase",
+ "athena:GetTableMetadata",
+ "athena:ListDataCatalogs",
+ "athena:ListDatabases",
+ "athena:ListTableMetadata"
],
"Effect": "Allow",
"Resource": [
@@ -10979,6 +19343,15 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:s3:::aws-athena-query-results-*"
]
+ },
+ {
+ "Action": [
+ "lakeformation:GetDataAccess"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
}
],
"Version": "2012-10-17"
@@ -10989,8 +19362,94 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4JB77JXFQXDWNRPM",
"PolicyName": "AWSQuicksightAthenaAccess",
- "UpdateDate": "2018-08-07T20:24:55+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2021-01-29T02:07:58+00:00",
+ "VersionId": "v9"
+ },
+ "AWSResourceAccessManagerFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-04T17:28:22+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ram:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FYRGF63DP",
+ "PolicyName": "AWSResourceAccessManagerFullAccess",
+ "UpdateDate": "2019-06-04T17:28:22+00:00",
+ "VersionId": "v1"
+ },
+ "AWSResourceAccessManagerReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-09T20:58:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ram:Get*",
+ "ram:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BQV2LHYJY",
+ "PolicyName": "AWSResourceAccessManagerReadOnlyAccess",
+ "UpdateDate": "2019-12-09T20:58:37+00:00",
+ "VersionId": "v1"
+ },
+ "AWSResourceAccessManagerResourceShareParticipantAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerResourceShareParticipantAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-09T20:41:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ram:AcceptResourceShareInvitation",
+ "ram:GetResourcePolicies",
+ "ram:GetResourceShareInvitations",
+ "ram:GetResourceShares",
+ "ram:ListPendingInvitationResources",
+ "ram:ListPrincipals",
+ "ram:ListResources",
+ "ram:RejectResourceShareInvitation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LIFEGGUIU",
+ "PolicyName": "AWSResourceAccessManagerResourceShareParticipantAccess",
+ "UpdateDate": "2019-12-09T20:41:37+00:00",
+ "VersionId": "v1"
},
"AWSResourceAccessManagerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy",
@@ -11105,66 +19564,19 @@ aws_managed_policies_data = """
"UpdateDate": "2019-02-05T17:56:25+00:00",
"VersionId": "v2"
},
- "AWSRoboMakerFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/AWSRoboMakerFullAccess",
- "AttachmentCount": 0,
- "CreateDate": "2018-11-26T05:28:10+00:00",
- "DefaultVersionId": "v1",
- "Document": {
- "Statement": [
- {
- "Action": [
- "s3:GetObject",
- "robomaker:*"
- ],
- "Effect": "Allow",
- "Resource": "*",
- "Sid": "VisualEditor0"
- },
- {
- "Action": "iam:CreateServiceLinkedRole",
- "Condition": {
- "StringEquals": {
- "iam:AWSServiceName": "robomaker.amazonaws.com"
- }
- },
- "Effect": "Allow",
- "Resource": "*"
- }
- ],
- "Version": "2012-10-17"
- },
- "IsAttachable": true,
- "IsDefaultVersion": true,
- "Path": "/",
- "PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAIG7WQVUX3AGSKGBAO",
- "PolicyName": "AWSRoboMakerFullAccess",
- "UpdateDate": "2018-11-26T05:28:10+00:00",
- "VersionId": "v1"
- },
"AWSRoboMakerReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSRoboMakerReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T05:30:50+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
- "robomaker:ListDeploymentJobs",
- "robomaker:BatchDescribeSimulationJob",
- "robomaker:DescribeFleet",
- "robomaker:DescribeSimulationApplication",
- "robomaker:DescribeRobotApplication",
- "robomaker:ListFleets",
- "robomaker:ListSimulationJobs",
- "robomaker:DescribeDeploymentJob",
- "robomaker:DescribeSimulationJob",
- "robomaker:DescribeRobot",
- "robomaker:ListRobots",
- "robomaker:ListRobotApplications",
- "robomaker:ListSimulationApplications"
+ "robomaker:List*",
+ "robomaker:BatchDescribe*",
+ "robomaker:Describe*",
+ "robomaker:Get*"
],
"Effect": "Allow",
"Resource": "*",
@@ -11179,14 +19591,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXFHP2ALXXGGECYJI",
"PolicyName": "AWSRoboMakerReadOnlyAccess",
- "UpdateDate": "2018-11-26T05:30:50+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-08-28T23:10:18+00:00",
+ "VersionId": "v2"
},
"AWSRoboMakerServicePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSRoboMakerServicePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T06:30:08+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -11207,11 +19619,23 @@ aws_managed_policies_data = """
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetAssociatedRole",
- "lambda:CreateFunction"
+ "lambda:CreateFunction",
+ "robomaker:CreateSimulationJob",
+ "robomaker:CancelSimulationJob"
],
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": [
+ "robomaker:TagResource"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:robomaker:*:*:/createsimulationjob",
+ "arn:aws:robomaker:*:*:simulation-job/*"
+ ]
+ },
{
"Action": [
"lambda:UpdateFunctionCode",
@@ -11230,8 +19654,11 @@ aws_managed_policies_data = """
{
"Action": "iam:PassRole",
"Condition": {
- "StringEqualsIfExists": {
- "iam:PassedToService": "lambda.amazonaws.com"
+ "StringEquals": {
+ "iam:PassedToService": [
+ "lambda.amazonaws.com",
+ "robomaker.amazonaws.com"
+ ]
}
},
"Effect": "Allow",
@@ -11246,8 +19673,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYLVVUUQMAEEZ3ZNY",
"PolicyName": "AWSRoboMakerServicePolicy",
- "UpdateDate": "2019-04-04T22:15:35+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-08-04T20:38:08+00:00",
+ "VersionId": "v5"
},
"AWSRoboMakerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSRoboMakerServiceRolePolicy",
@@ -11310,16 +19737,61 @@ aws_managed_policies_data = """
"UpdateDate": "2018-11-26T05:33:19+00:00",
"VersionId": "v1"
},
- "AWSSSODirectoryAdministrator": {
- "Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator",
+ "AWSRoboMaker_FullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSRoboMaker_FullAccess",
"AttachmentCount": 0,
- "CreateDate": "2018-10-31T23:54:00+00:00",
+ "CreateDate": "2020-09-10T18:34:18+00:00",
"DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "robomaker:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "s3:GetObject",
+ "Condition": {
+ "StringEquals": {
+ "aws:CalledViaFirst": "robomaker.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "robomaker.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FACURHLCA",
+ "PolicyName": "AWSRoboMaker_FullAccess",
+ "UpdateDate": "2020-09-10T18:34:18+00:00",
+ "VersionId": "v1"
+ },
+ "AWSSSODirectoryAdministrator": {
+ "Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator",
+ "AttachmentCount": 0,
+ "CreateDate": "2018-10-31T23:54:00+00:00",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
- "sso-directory:*"
+ "sso-directory:*",
+ "sso:ListDirectoryAssociations"
],
"Effect": "Allow",
"Resource": "*",
@@ -11334,21 +19806,22 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI2TCZRD7WRD5D2E2Q",
"PolicyName": "AWSSSODirectoryAdministrator",
- "UpdateDate": "2018-10-31T23:54:00+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-08-18T17:17:40+00:00",
+ "VersionId": "v2"
},
"AWSSSODirectoryReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-10-31T23:49:32+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"sso-directory:Search*",
"sso-directory:Describe*",
- "sso-directory:List*"
+ "sso-directory:List*",
+ "sso-directory:Get*"
],
"Effect": "Allow",
"Resource": "*",
@@ -11363,8 +19836,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJDPMQELJXZD2NC6JG",
"PolicyName": "AWSSSODirectoryReadOnly",
- "UpdateDate": "2018-10-31T23:49:32+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-11-26T22:37:16+00:00",
+ "VersionId": "v2"
},
"AWSSSOMasterAccountAdministrator": {
"Arn": "arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator",
@@ -11467,7 +19940,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSSSOReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-06-27T20:24:34+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -11483,23 +19956,9 @@ aws_managed_policies_data = """
"organizations:ListRoots",
"organizations:ListAccountsForParent",
"organizations:ListOrganizationalUnitsForParent",
- "sso:DescribePermissionsPolicies",
- "sso:GetApplicationTemplate",
- "sso:GetApplicationInstance",
- "sso:GetPermissionSet",
- "sso:GetProfile",
- "sso:GetPermissionsPolicy",
- "sso:GetSSOStatus",
- "sso:GetSSOConfiguration",
- "sso:GetTrust",
- "sso:ListPermissionSets",
- "sso:ListDirectoryAssociations",
- "sso:ListProfiles",
- "sso:ListApplicationInstances",
- "sso:ListApplicationInstanceCertificates",
- "sso:ListApplicationTemplates",
- "sso:ListApplications",
- "sso:ListProfileAssociations",
+ "sso:Describe*",
+ "sso:Get*",
+ "sso:List*",
"sso:Search*",
"sso-directory:DescribeDirectory"
],
@@ -11516,43 +19975,60 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBSMEEZXFDMKMY43I",
"PolicyName": "AWSSSOReadOnly",
- "UpdateDate": "2018-12-19T20:17:58+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-09-10T21:26:29+00:00",
+ "VersionId": "v6"
},
"AWSSSOServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-12-05T18:36:15+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v13",
"Document": {
"Statement": [
{
"Action": [
"iam:AttachRolePolicy",
"iam:CreateRole",
- "iam:DeleteRole",
- "iam:DeleteRolePolicy",
- "iam:DetachRolePolicy",
- "iam:GetRole",
- "iam:ListRolePolicies",
"iam:PutRolePolicy",
- "iam:ListAttachedRolePolicies",
- "iam:UpdateRole"
+ "iam:UpdateRole",
+ "iam:UpdateRoleDescription",
+ "iam:UpdateAssumeRolePolicy"
],
+ "Condition": {
+ "StringNotEquals": {
+ "aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}"
+ }
+ },
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*"
- ]
+ ],
+ "Sid": "IAMRoleProvisioningActions"
},
{
"Action": [
+ "iam:GetRole",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": [
"*"
],
- "Sid": "ListRolesInTheAccount"
+ "Sid": "IAMRoleReadActions"
+ },
+ {
+ "Action": [
+ "iam:DeleteRole",
+ "iam:DeleteRolePolicy",
+ "iam:DetachRolePolicy",
+ "iam:ListRolePolicies",
+ "iam:ListAttachedRolePolicies"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*"
+ ],
+ "Sid": "IAMRoleCleanupActions"
},
{
"Action": [
@@ -11565,19 +20041,34 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO"
],
- "Sid": "AllowDeletionOfServiceLinkedRoleForSSO"
+ "Sid": "IAMSLRCleanupActions"
},
{
"Action": [
"iam:CreateSAMLProvider",
- "iam:GetSAMLProvider",
- "iam:UpdateSAMLProvider",
- "iam:DeleteSAMLProvider"
+ "iam:UpdateSAMLProvider"
+ ],
+ "Condition": {
+ "StringNotEquals": {
+ "aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:saml-provider/AWSSSO_*"
+ ],
+ "Sid": "IAMSAMLProviderProvisioningActions"
+ },
+ {
+ "Action": [
+ "iam:DeleteSAMLProvider",
+ "iam:GetSAMLProvider"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:saml-provider/AWSSSO_*"
- ]
+ ],
+ "Sid": "IAMSAMLProviderCleanupActions"
},
{
"Action": [
@@ -11599,6 +20090,30 @@ aws_managed_policies_data = """
"*"
],
"Sid": "AllowUnauthAppForDirectory"
+ },
+ {
+ "Action": [
+ "ds:DescribeDirectories",
+ "ds:DescribeTrusts"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "AllowDescribeForDirectory"
+ },
+ {
+ "Action": [
+ "identitystore:DescribeUser",
+ "identitystore:DescribeGroup",
+ "identitystore:ListGroups",
+ "identitystore:ListUsers"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "AllowDescribeAndListOperationsOnIdentitySource"
}
],
"Version": "2012-10-17"
@@ -11609,8 +20124,59 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIJ52KSWOD4GI54XP2",
"PolicyName": "AWSSSOServiceRolePolicy",
- "UpdateDate": "2019-05-15T20:45:42+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-11-19T00:02:00+00:00",
+ "VersionId": "v13"
+ },
+ "AWSSavingsPlansFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-06T22:45:18+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "savingsplans:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NDDOS76AO",
+ "PolicyName": "AWSSavingsPlansFullAccess",
+ "UpdateDate": "2019-11-06T22:45:18+00:00",
+ "VersionId": "v1"
+ },
+ "AWSSavingsPlansReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-06T22:45:10+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "savingsplans:Describe*",
+ "savingsplans:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OQ26WIHJ5",
+ "PolicyName": "AWSSavingsPlansReadOnlyAccess",
+ "UpdateDate": "2019-11-06T22:45:10+00:00",
+ "VersionId": "v1"
},
"AWSSecurityHubFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess",
@@ -11650,13 +20216,14 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSSecurityHubReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T01:34:29+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"securityhub:Get*",
- "securityhub:List*"
+ "securityhub:List*",
+ "securityhub:Describe*"
],
"Effect": "Allow",
"Resource": "*"
@@ -11670,14 +20237,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIEBAQNOFUCLFJ3UHG",
"PolicyName": "AWSSecurityHubReadOnlyAccess",
- "UpdateDate": "2018-11-28T01:34:29+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-06-25T22:45:52+00:00",
+ "VersionId": "v2"
},
"AWSSecurityHubServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T23:47:51+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v7",
"Document": {
"Statement": [
{
@@ -11686,12 +20253,19 @@ aws_managed_policies_data = """
"cloudtrail:GetTrailStatus",
"cloudtrail:GetEventSelectors",
"cloudwatch:DescribeAlarms",
+ "cloudwatch:DescribeAlarmsForMetric",
"logs:DescribeMetricFilters",
"sns:ListSubscriptionsByTopic",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus",
"config:DescribeConfigRules",
- "config:BatchGetResourceConfig"
+ "config:BatchGetResourceConfig",
+ "config:SelectResourceConfig",
+ "iam:GenerateCredentialReport",
+ "iam:GetCredentialReport",
+ "organizations:ListAccounts",
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
@@ -11700,7 +20274,8 @@ aws_managed_policies_data = """
"Action": [
"config:PutConfigRule",
"config:DeleteConfigRule",
- "config:GetComplianceDetailsByConfigRule"
+ "config:GetComplianceDetailsByConfigRule",
+ "config:DescribeConfigRuleEvaluationStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*"
@@ -11714,8 +20289,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQPCESDDYDLLSOGYO",
"PolicyName": "AWSSecurityHubServiceRolePolicy",
- "UpdateDate": "2018-11-27T23:47:51+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-09-21T19:59:01+00:00",
+ "VersionId": "v7"
},
"AWSServiceCatalogAdminFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminFullAccess",
@@ -11804,11 +20379,149 @@ aws_managed_policies_data = """
"UpdateDate": "2019-02-06T01:57:54+00:00",
"VersionId": "v5"
},
+ "AWSServiceCatalogAdminReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-10-25T18:53:38+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudformation:DescribeStackEvents",
+ "cloudformation:DescribeStacks",
+ "cloudformation:DescribeChangeSet",
+ "cloudformation:ListChangeSets",
+ "cloudformation:ListStackResources",
+ "cloudformation:DescribeStackSet",
+ "cloudformation:DescribeStackInstance",
+ "cloudformation:DescribeStackSetOperation",
+ "cloudformation:ListStackInstances",
+ "cloudformation:ListStackSetOperations",
+ "cloudformation:ListStackSetOperationResults"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/SC-*",
+ "arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
+ "arn:aws:cloudformation:*:*:changeSet/SC-*",
+ "arn:aws:cloudformation:*:*:stackset/SC-*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:GetTemplateSummary",
+ "iam:GetGroup",
+ "iam:GetRole",
+ "iam:GetUser",
+ "iam:ListGroups",
+ "iam:ListRoles",
+ "iam:ListUsers",
+ "servicecatalog:Get*",
+ "servicecatalog:List*",
+ "servicecatalog:Describe*",
+ "servicecatalog:ScanProvisionedProducts",
+ "servicecatalog:Search*",
+ "ssm:DescribeDocument",
+ "ssm:GetAutomationExecution",
+ "ssm:ListDocuments",
+ "ssm:ListDocumentVersions",
+ "config:DescribeConfigurationRecorders",
+ "config:DescribeConfigurationRecorderStatus"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MC6ZR7YFX",
+ "PolicyName": "AWSServiceCatalogAdminReadOnlyAccess",
+ "UpdateDate": "2019-10-25T18:53:38+00:00",
+ "VersionId": "v1"
+ },
+ "AWSServiceCatalogAppRegistryFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-12T22:25:58+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudformation:DescribeStacks",
+ "servicecatalog:CreateApplication",
+ "servicecatalog:GetApplication",
+ "servicecatalog:UpdateApplication",
+ "servicecatalog:DeleteApplication",
+ "servicecatalog:ListApplications",
+ "servicecatalog:AssociateResource",
+ "servicecatalog:DisassociateResource",
+ "servicecatalog:ListAssociatedResources",
+ "servicecatalog:AssociateAttributeGroup",
+ "servicecatalog:DisassociateAttributeGroup",
+ "servicecatalog:ListAssociatedAttributeGroups",
+ "servicecatalog:CreateAttributeGroup",
+ "servicecatalog:UpdateAttributeGroup",
+ "servicecatalog:DeleteAttributeGroup",
+ "servicecatalog:GetAttributeGroup",
+ "servicecatalog:ListAttributeGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4N2G3EPAYN",
+ "PolicyName": "AWSServiceCatalogAppRegistryFullAccess",
+ "UpdateDate": "2020-11-12T22:25:58+00:00",
+ "VersionId": "v1"
+ },
+ "AWSServiceCatalogAppRegistryReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-12T22:34:32+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "servicecatalog:GetApplication",
+ "servicecatalog:ListApplications",
+ "servicecatalog:ListAssociatedResources",
+ "servicecatalog:ListAssociatedAttributeGroups",
+ "servicecatalog:GetAttributeGroup",
+ "servicecatalog:ListAttributeGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4M3SSCJCST",
+ "PolicyName": "AWSServiceCatalogAppRegistryReadOnlyAccess",
+ "UpdateDate": "2020-11-12T22:34:32+00:00",
+ "VersionId": "v1"
+ },
"AWSServiceCatalogEndUserFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-02-15T17:22:32+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v7",
"Document": {
"Statement": [
{
@@ -11870,6 +20583,7 @@ aws_managed_policies_data = """
"servicecatalog:DescribeProvisionedProduct",
"servicecatalog:DescribeRecord",
"servicecatalog:ListRecordHistory",
+ "servicecatalog:ListStackInstancesForProvisionedProduct",
"servicecatalog:ScanProvisionedProducts",
"servicecatalog:TerminateProvisionedProduct",
"servicecatalog:UpdateProvisionedProduct",
@@ -11880,7 +20594,8 @@ aws_managed_policies_data = """
"servicecatalog:DeleteProvisionedProductPlan",
"servicecatalog:ListProvisionedProductPlans",
"servicecatalog:ListServiceActionsForProvisioningArtifact",
- "servicecatalog:ExecuteProvisionedProductServiceAction"
+ "servicecatalog:ExecuteProvisionedProductServiceAction",
+ "servicecatalog:DescribeServiceActionExecutionParameters"
],
"Condition": {
"StringEquals": {
@@ -11899,9 +20614,326 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJTLLC4DGDMTZB54M4",
"PolicyName": "AWSServiceCatalogEndUserFullAccess",
- "UpdateDate": "2019-02-06T02:00:22+00:00",
+ "UpdateDate": "2019-07-10T20:30:52+00:00",
+ "VersionId": "v7"
+ },
+ "AWSServiceCatalogEndUserReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-10-25T18:49:34+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudformation:DescribeStackEvents",
+ "cloudformation:DescribeStacks",
+ "cloudformation:DescribeChangeSet",
+ "cloudformation:ListChangeSets",
+ "cloudformation:DescribeStackSet",
+ "cloudformation:DescribeStackInstance",
+ "cloudformation:DescribeStackSetOperation",
+ "cloudformation:ListStackInstances",
+ "cloudformation:ListStackResources",
+ "cloudformation:ListStackSetOperations",
+ "cloudformation:ListStackSetOperationResults"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/SC-*",
+ "arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
+ "arn:aws:cloudformation:*:*:changeSet/SC-*",
+ "arn:aws:cloudformation:*:*:stackset/SC-*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:GetTemplateSummary",
+ "servicecatalog:DescribeProduct",
+ "servicecatalog:DescribeProductView",
+ "servicecatalog:DescribeProvisioningParameters",
+ "servicecatalog:ListLaunchPaths",
+ "servicecatalog:SearchProducts",
+ "ssm:DescribeDocument",
+ "ssm:GetAutomationExecution",
+ "config:DescribeConfigurationRecorders",
+ "config:DescribeConfigurationRecorderStatus"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "servicecatalog:DescribeProvisionedProduct",
+ "servicecatalog:DescribeRecord",
+ "servicecatalog:ListRecordHistory",
+ "servicecatalog:ListStackInstancesForProvisionedProduct",
+ "servicecatalog:ScanProvisionedProducts",
+ "servicecatalog:SearchProvisionedProducts",
+ "servicecatalog:DescribeProvisionedProductPlan",
+ "servicecatalog:ListProvisionedProductPlans",
+ "servicecatalog:ListServiceActionsForProvisioningArtifact",
+ "servicecatalog:DescribeServiceActionExecutionParameters"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "servicecatalog:userLevel": "self"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IWYKXJJED",
+ "PolicyName": "AWSServiceCatalogEndUserReadOnlyAccess",
+ "UpdateDate": "2019-10-25T18:49:34+00:00",
+ "VersionId": "v1"
+ },
+ "AWSServiceRoleForAmazonEKSNodegroup": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-07T01:34:26+00:00",
+ "DefaultVersionId": "v5",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:RevokeSecurityGroupIngress",
+ "ec2:AuthorizeSecurityGroupEgress",
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:DescribeInstances",
+ "ec2:RevokeSecurityGroupEgress",
+ "ec2:DeleteSecurityGroup"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/eks": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SharedSecurityGroupRelatedPermissions"
+ },
+ {
+ "Action": [
+ "ec2:RevokeSecurityGroupIngress",
+ "ec2:AuthorizeSecurityGroupEgress",
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:DescribeInstances",
+ "ec2:RevokeSecurityGroupEgress",
+ "ec2:DeleteSecurityGroup"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/eks:nodegroup-name": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "EKSCreatedSecurityGroupRelatedPermissions"
+ },
+ {
+ "Action": [
+ "ec2:DeleteLaunchTemplate",
+ "ec2:CreateLaunchTemplateVersion"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/eks:nodegroup-name": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "LaunchTemplateRelatedPermissions"
+ },
+ {
+ "Action": [
+ "autoscaling:UpdateAutoScalingGroup",
+ "autoscaling:DeleteAutoScalingGroup",
+ "autoscaling:TerminateInstanceInAutoScalingGroup",
+ "autoscaling:CompleteLifecycleAction",
+ "autoscaling:PutLifecycleHook",
+ "autoscaling:PutNotificationConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*",
+ "Sid": "AutoscalingRelatedPermissions"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "autoscaling.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowAutoscalingToCreateSLR"
+ },
+ {
+ "Action": [
+ "autoscaling:CreateOrUpdateTags",
+ "autoscaling:CreateAutoScalingGroup"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:TagKeys": [
+ "eks",
+ "eks:cluster-name",
+ "eks:nodegroup-name"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowASGCreationByEKS"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "autoscaling.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowPassRoleToAutoscaling"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEqualsIfExists": {
+ "iam:PassedToService": [
+ "ec2.amazonaws.com",
+ "ec2.amazonaws.com.cn"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowPassRoleToEC2"
+ },
+ {
+ "Action": [
+ "iam:GetRole",
+ "ec2:CreateLaunchTemplate",
+ "ec2:DescribeInstances",
+ "iam:GetInstanceProfile",
+ "ec2:DescribeLaunchTemplates",
+ "autoscaling:DescribeAutoScalingGroups",
+ "ec2:CreateSecurityGroup",
+ "ec2:DescribeLaunchTemplateVersions",
+ "ec2:RunInstances",
+ "ec2:DescribeSecurityGroups",
+ "ec2:GetConsoleOutput",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeSubnets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "PermissionsToManageResourcesForNodegroups"
+ },
+ {
+ "Action": [
+ "iam:CreateInstanceProfile",
+ "iam:DeleteInstanceProfile",
+ "iam:RemoveRoleFromInstanceProfile",
+ "iam:AddRoleToInstanceProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:instance-profile/eks-*",
+ "Sid": "PermissionsToCreateAndManageInstanceProfiles"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags",
+ "ec2:DeleteTags"
+ ],
+ "Condition": {
+ "ForAnyValue:StringLike": {
+ "aws:TagKeys": [
+ "eks",
+ "eks:cluster-name",
+ "eks:nodegroup-name",
+ "kubernetes.io/cluster/*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "PermissionsToManageEKSAndKubernetesTags"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KH2AAMJJG",
+ "PolicyName": "AWSServiceRoleForAmazonEKSNodegroup",
+ "UpdateDate": "2020-08-31T19:07:38+00:00",
"VersionId": "v5"
},
+ "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-01T09:49:01+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ssm:CreateOpsItem"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4M4BX2KX5V",
+ "PolicyName": "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy",
+ "UpdateDate": "2020-10-01T09:49:01+00:00",
+ "VersionId": "v1"
+ },
+ "AWSServiceRoleForCodeGuru-Profiler": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeGuru-Profiler",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-26T22:04:26+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sns:Publish"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowSNSPublishToSendNotifications"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GNVXVLNQT",
+ "PolicyName": "AWSServiceRoleForCodeGuru-Profiler",
+ "UpdateDate": "2020-06-26T22:04:26+00:00",
+ "VersionId": "v1"
+ },
"AWSServiceRoleForEC2ScheduledInstances": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForEC2ScheduledInstances",
"AttachmentCount": 0,
@@ -11949,76 +20981,257 @@ aws_managed_policies_data = """
"UpdateDate": "2017-10-12T18:31:55+00:00",
"VersionId": "v1"
},
- "AWSServiceRoleForIoTSiteWise": {
- "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise",
+ "AWSServiceRoleForImageBuilder": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder",
"AttachmentCount": 0,
- "CreateDate": "2018-11-14T19:19:17+00:00",
- "DefaultVersionId": "v3",
+ "CreateDate": "2019-11-29T22:02:13+00:00",
+ "DefaultVersionId": "v12",
"Document": {
"Statement": [
{
- "Action": "iotanalytics:ExecuteQuery",
+ "Action": [
+ "ec2:RunInstances"
+ ],
"Effect": "Allow",
- "Resource": "arn:aws:iotanalytics:*:*:datastore-index/*"
+ "Resource": [
+ "arn:aws:ec2:*::image/*",
+ "arn:aws:ec2:*::snapshot/*",
+ "arn:aws:ec2:*:*:subnet/*",
+ "arn:aws:ec2:*:*:network-interface/*",
+ "arn:aws:ec2:*:*:security-group/*",
+ "arn:aws:ec2:*:*:key-pair/*"
+ ]
},
{
"Action": [
- "greengrass:CreateCoreDefinitionVersion",
- "greengrass:CreateDeployment",
- "greengrass:CreateFunctionDefinition",
- "greengrass:CreateFunctionDefinitionVersion",
- "greengrass:CreateGroupVersion",
- "greengrass:CreateLoggerDefinition",
- "greengrass:CreateLoggerDefinitionVersion",
- "greengrass:CreateResourceDefinition",
- "greengrass:CreateResourceDefinitionVersion",
- "greengrass:GetAssociatedRole",
- "greengrass:GetCoreDefinition",
- "greengrass:GetCoreDefinitionVersion",
- "greengrass:GetDeploymentStatus",
- "greengrass:GetFunctionDefinition",
- "greengrass:GetFunctionDefinitionVersion",
- "greengrass:GetGroup",
- "greengrass:GetGroupVersion",
- "greengrass:GetLoggerDefinition",
- "greengrass:GetLoggerDefinitionVersion",
- "greengrass:GetResourceDefinition",
- "greengrass:GetResourceDefinitionVersion",
- "greengrass:ListCoreDefinitions",
- "greengrass:UpdateCoreDefinition",
- "greengrass:UpdateFunctionDefinition",
- "greengrass:UpdateLoggerDefinition",
- "greengrass:UpdateResourceDefinition"
+ "ec2:RunInstances"
],
+ "Condition": {
+ "StringEquals": {
+ "aws:RequestTag/CreatedBy": "EC2 Image Builder"
+ }
+ },
"Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "lambda:CreateAlias",
- "lambda:CreateFunction",
- "lambda:GetFunction",
- "lambda:ListVersionsByFunction",
- "lambda:UpdateFunctionCode",
- "lambda:PublishVersion",
- "lambda:UpdateAlias"
- ],
- "Effect": "Allow",
- "Resource": "arn:aws:lambda:*:*:function:AWSIoTSiteWise*"
- },
- {
- "Action": [
- "iot:GetThingShadow",
- "iot:UpdateThingShadow"
- ],
- "Effect": "Allow",
- "Resource": "*"
+ "Resource": [
+ "arn:aws:ec2:*:*:volume/*",
+ "arn:aws:ec2:*:*:instance/*"
+ ]
},
{
"Action": "iam:PassRole",
"Condition": {
- "StringLikeIfExists": {
- "iam:PassedToService": "lambda.amazonaws.com"
+ "StringEquals": {
+ "iam:PassedToService": [
+ "ec2.amazonaws.com",
+ "ec2.amazonaws.com.cn"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:StopInstances",
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "ec2:ResourceTag/CreatedBy": "EC2 Image Builder"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CopyImage",
+ "ec2:CreateImage",
+ "ec2:CreateLaunchTemplate",
+ "ec2:DeregisterImage",
+ "ec2:DescribeImages",
+ "ec2:DescribeInstanceAttribute",
+ "ec2:DescribeInstanceStatus",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInstanceTypeOfferings",
+ "ec2:DescribeInstanceTypes",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeTags",
+ "ec2:ModifyImageAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:ModifySnapshotAttribute"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "ec2:ResourceTag/CreatedBy": "EC2 Image Builder"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*::snapshot/*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*::image/*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:RequestTag/CreatedBy": "EC2 Image Builder"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "license-manager:UpdateLicenseSpecificationsForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sns:Publish"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ssm:ListCommands",
+ "ssm:ListCommandInvocations",
+ "ssm:AddTagsToResource",
+ "ssm:DescribeInstanceInformation",
+ "ssm:GetAutomationExecution",
+ "ssm:StopAutomationExecution",
+ "ssm:ListInventoryEntries",
+ "ssm:SendAutomationSignal",
+ "ssm:DescribeInstanceAssociationsStatus"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/AWS-RunPowerShellScript",
+ "arn:aws:ssm:*:*:document/AWS-RunShellScript",
+ "arn:aws:ssm:*:*:document/AWSEC2-RunSysprep",
+ "arn:aws:s3:::*"
+ ]
+ },
+ {
+ "Action": [
+ "ssm:SendCommand"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "ssm:resourceTag/CreatedBy": [
+ "EC2 Image Builder"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": "ssm:StartAutomationExecution",
+ "Effect": "Allow",
+ "Resource": "arn:aws:ssm:*:*:automation-definition/ImageBuilder*"
+ },
+ {
+ "Action": [
+ "ssm:CreateAssociation",
+ "ssm:DeleteAssociation"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory",
+ "arn:aws:ssm:*:*:association/*",
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": [
+ "kms:Encrypt",
+ "kms:Decrypt",
+ "kms:ReEncryptFrom",
+ "kms:ReEncryptTo",
+ "kms:GenerateDataKeyWithoutPlaintext",
+ "kms:DescribeKey"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "kms:EncryptionContextKeys": [
+ "aws:ebs:id"
+ ]
+ },
+ "StringLike": {
+ "kms:ViaService": [
+ "ec2.*.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "kms:CreateGrant",
+ "Condition": {
+ "Bool": {
+ "kms:GrantIsForAWSResource": true
+ },
+ "StringLike": {
+ "kms:ViaService": [
+ "ec2.*.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "sts:AssumeRole",
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*"
+ },
+ {
+ "Action": [
+ "ec2:CreateLaunchTemplateVersion",
+ "ec2:DescribeLaunchTemplates",
+ "ec2:ModifyLaunchTemplate"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "ssm.amazonaws.com"
}
},
"Effect": "Allow",
@@ -12031,62 +21244,458 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NE22WISEW",
+ "PolicyName": "AWSServiceRoleForImageBuilder",
+ "UpdateDate": "2020-12-04T23:27:05+00:00",
+ "VersionId": "v12"
+ },
+ "AWSServiceRoleForIoTSiteWise": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise",
+ "AttachmentCount": 0,
+ "CreateDate": "2018-11-14T19:19:17+00:00",
+ "DefaultVersionId": "v7",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "greengrass:GetAssociatedRole",
+ "greengrass:GetCoreDefinition",
+ "greengrass:GetCoreDefinitionVersion",
+ "greengrass:GetGroup",
+ "greengrass:GetGroupVersion"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup",
+ "logs:DescribeLogGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJGQU4DZIQP6HLYQPE",
"PolicyName": "AWSServiceRoleForIoTSiteWise",
- "UpdateDate": "2019-02-11T20:49:09+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-04-25T02:15:01+00:00",
+ "VersionId": "v7"
+ },
+ "AWSServiceRoleForLogDeliveryPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForLogDeliveryPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-10-04T17:31:19+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "firehose:PutRecord",
+ "firehose:PutRecordBatch",
+ "firehose:ListTagsForDeliveryStream"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "firehose:ResourceTag/LogDeliveryEnabled": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EMA7ANTDG",
+ "PolicyName": "AWSServiceRoleForLogDeliveryPolicy",
+ "UpdateDate": "2020-07-27T19:38:52+00:00",
+ "VersionId": "v2"
+ },
+ "AWSServiceRoleForMonitronPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForMonitronPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-02T19:06:08+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sso:GetManagedApplicationInstance",
+ "sso:GetProfile",
+ "sso:ListProfiles",
+ "sso:AssociateProfile",
+ "sso:ListDirectoryAssociations",
+ "sso-directory:DescribeUsers",
+ "sso-directory:SearchUsers"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NYRIH2RCH",
+ "PolicyName": "AWSServiceRoleForMonitronPolicy",
+ "UpdateDate": "2020-12-02T19:06:08+00:00",
+ "VersionId": "v1"
+ },
+ "AWSServiceRoleForSMS": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForSMS",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-06T18:39:29+00:00",
+ "DefaultVersionId": "v10",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudformation:CreateChangeSet",
+ "cloudformation:CreateStack"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "cloudformation:ResourceTypes": [
+ "AWS::EC2::Instance",
+ "AWS::ApplicationInsights::Application",
+ "AWS::ResourceGroups::Group"
+ ]
+ },
+ "Null": {
+ "cloudformation:ResourceTypes": "false"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
+ },
+ {
+ "Action": [
+ "cloudformation:DeleteStack",
+ "cloudformation:ExecuteChangeSet",
+ "cloudformation:DeleteChangeSet",
+ "cloudformation:DescribeChangeSet",
+ "cloudformation:DescribeStacks",
+ "cloudformation:DescribeStackEvents",
+ "cloudformation:DescribeStackResource",
+ "cloudformation:DescribeStackResources",
+ "cloudformation:GetTemplate"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
+ },
+ {
+ "Action": [
+ "cloudformation:ValidateTemplate",
+ "s3:ListAllMyBuckets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:DeleteBucket",
+ "s3:DeleteObject",
+ "s3:GetBucketAcl",
+ "s3:GetBucketLocation",
+ "s3:GetObject",
+ "s3:ListBucket",
+ "s3:PutObject",
+ "s3:PutObjectAcl",
+ "s3:PutLifecycleConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::sms-app-*"
+ },
+ {
+ "Action": [
+ "sms:CreateReplicationJob",
+ "sms:DeleteReplicationJob",
+ "sms:GetReplicationJobs",
+ "sms:GetReplicationRuns",
+ "sms:GetServers",
+ "sms:ImportServerCatalog",
+ "sms:StartOnDemandReplicationRun",
+ "sms:UpdateReplicationJob"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*::document/AWS-RunRemoteScript",
+ "arn:aws:s3:::sms-app-*"
+ ]
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Condition": {
+ "StringEquals": {
+ "ssm:resourceTag/UseForSMSApplicationValidation": [
+ "true"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": [
+ "ssm:CancelCommand",
+ "ssm:GetCommandInvocation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "StringEquals": {
+ "ec2:CreateAction": "CopySnapshot"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:snapshot/*"
+ },
+ {
+ "Action": "ec2:CopySnapshot",
+ "Condition": {
+ "StringLike": {
+ "aws:RequestTag/SMSJobId": [
+ "sms-*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:snapshot/*"
+ },
+ {
+ "Action": [
+ "ec2:ModifySnapshotAttribute",
+ "ec2:DeleteSnapshot"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/SMSJobId": [
+ "sms-*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:snapshot/*"
+ },
+ {
+ "Action": [
+ "ec2:CopyImage",
+ "ec2:DescribeImages",
+ "ec2:DescribeInstances",
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeSnapshotAttribute",
+ "ec2:DeregisterImage",
+ "ec2:ImportImage",
+ "ec2:DescribeImportImageTasks",
+ "ec2:GetEbsEncryptionByDefault"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:GetRole",
+ "iam:GetInstanceProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DisassociateIamInstanceProfile",
+ "ec2:AssociateIamInstanceProfile",
+ "ec2:ReplaceIamInstanceProfileAssociation"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "ec2.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEqualsIfExists": {
+ "iam:PassedToService": "cloudformation.amazonaws.com"
+ },
+ "StringLike": {
+ "iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:RunInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags",
+ "ec2:DeleteTags"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": [
+ "ec2:ModifyInstanceAttribute",
+ "ec2:StopInstances",
+ "ec2:StartInstances",
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "applicationinsights:Describe*",
+ "applicationinsights:List*",
+ "cloudformation:ListStackResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "applicationinsights:CreateApplication",
+ "applicationinsights:CreateComponent",
+ "applicationinsights:UpdateApplication",
+ "applicationinsights:DeleteApplication",
+ "applicationinsights:UpdateComponentConfiguration",
+ "applicationinsights:DeleteComponent"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*"
+ },
+ {
+ "Action": [
+ "resource-groups:CreateGroup",
+ "resource-groups:GetGroup",
+ "resource-groups:UpdateGroup",
+ "resource-groups:DeleteGroup"
+ ],
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:resource-groups:*:*:group/sms-app-*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "application-insights.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OSYRD2VJZ",
+ "PolicyName": "AWSServiceRoleForSMS",
+ "UpdateDate": "2020-10-15T17:28:13+00:00",
+ "VersionId": "v10"
},
"AWSShieldDRTAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2018-06-05T22:29:39+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"cloudfront:List*",
- "elasticloadbalancing:List*",
"route53:List*",
- "cloudfront:Describe*",
"elasticloadbalancing:Describe*",
- "route53:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudfront:GetDistribution*",
"globalaccelerator:ListAccelerators",
- "globalaccelerator:DescribeAccelerator"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:elasticloadbalancing:*:*:*",
- "arn:aws:cloudfront::*:*",
- "arn:aws:route53:::hostedzone/*",
- "arn:aws:cloudwatch:*:*:*:*",
- "arn:aws:globalaccelerator::*:*"
- ],
- "Sid": "DRTAccessProtectedResources"
- },
- {
- "Action": [
- "waf:*",
- "waf-regional:*"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:waf:*",
- "arn:aws:waf-regional:*"
- ],
- "Sid": "DRTManageMitigations"
- },
- {
- "Action": [
- "shield:*"
+ "globalaccelerator:DescribeAccelerator",
+ "ec2:DescribeRegions",
+ "ec2:DescribeAddresses"
],
"Effect": "Allow",
"Resource": "*",
- "Sid": "DRTManageProtections"
+ "Sid": "SRTAccessProtectedResources"
+ },
+ {
+ "Action": [
+ "shield:*",
+ "waf:*",
+ "wafv2:*",
+ "waf-regional:*",
+ "elasticloadbalancing:SetWebACL",
+ "cloudfront:UpdateDistribution",
+ "apigateway:SetWebACL"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SRTManageProtections"
}
],
"Version": "2012-10-17"
@@ -12097,8 +21706,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWNCSZ4PARLO37VVY",
"PolicyName": "AWSShieldDRTAccessPolicy",
- "UpdateDate": "2019-02-11T17:08:57+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-12-15T17:28:15+00:00",
+ "VersionId": "v6"
},
"AWSStepFunctionsConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess",
@@ -12264,6 +21873,32 @@ aws_managed_policies_data = """
"UpdateDate": "2015-02-06T18:41:10+00:00",
"VersionId": "v1"
},
+ "AWSStorageGatewayServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSStorageGatewayServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-17T19:03:19+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "fsx:ListTagsForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:fsx:*:*:backup/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4E4ZEKWU2U",
+ "PolicyName": "AWSStorageGatewayServiceRolePolicy",
+ "UpdateDate": "2021-02-17T19:03:19+00:00",
+ "VersionId": "v1"
+ },
"AWSSupportAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSSupportAccess",
"AttachmentCount": 0,
@@ -12294,7 +21929,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2018-04-19T18:04:44+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v14",
"Document": {
"Statement": [
{
@@ -12304,10 +21939,30 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": [
"arn:aws:apigateway:*::/account",
+ "arn:aws:apigateway:*::/apis",
+ "arn:aws:apigateway:*::/apis/*",
+ "arn:aws:apigateway:*::/apis/*/authorizers",
+ "arn:aws:apigateway:*::/apis/*/authorizers/*",
+ "arn:aws:apigateway:*::/apis/*/deployments",
+ "arn:aws:apigateway:*::/apis/*/deployments/*",
+ "arn:aws:apigateway:*::/apis/*/integrations",
+ "arn:aws:apigateway:*::/apis/*/integrations/*",
+ "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses",
+ "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*",
+ "arn:aws:apigateway:*::/apis/*/models",
+ "arn:aws:apigateway:*::/apis/*/models/*",
+ "arn:aws:apigateway:*::/apis/*/routes",
+ "arn:aws:apigateway:*::/apis/*/routes/*",
+ "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses",
+ "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*",
+ "arn:aws:apigateway:*::/apis/*/stages",
+ "arn:aws:apigateway:*::/apis/*/stages/*",
"arn:aws:apigateway:*::/clientcertificates",
"arn:aws:apigateway:*::/clientcertificates/*",
"arn:aws:apigateway:*::/domainnames",
"arn:aws:apigateway:*::/domainnames/*",
+ "arn:aws:apigateway:*::/domainnames/*/apimappings",
+ "arn:aws:apigateway:*::/domainnames/*/apimappings/*",
"arn:aws:apigateway:*::/domainnames/*/basepathmappings",
"arn:aws:apigateway:*::/domainnames/*/basepathmappings/*",
"arn:aws:apigateway:*::/restapis",
@@ -12350,6 +22005,10 @@ aws_managed_policies_data = """
"a4b:searchProfiles",
"a4b:searchRooms",
"a4b:searchSkillGroups",
+ "access-analyzer:getFinding",
+ "access-analyzer:listAnalyzers",
+ "access-analyzer:listArchiveRules",
+ "access-analyzer:listFindings",
"acm-pca:describeCertificateAuthority",
"acm-pca:describeCertificateAuthorityAuditReport",
"acm-pca:getCertificate",
@@ -12361,9 +22020,27 @@ aws_managed_policies_data = """
"acm:getCertificate",
"acm:listCertificates",
"acm:listTagsForCertificate",
+ "amplify:getApp",
+ "amplify:getBranch",
+ "amplify:getDomainAssociation",
+ "amplify:getJob",
+ "amplify:getWebhook",
+ "amplify:listApps",
+ "amplify:listWebhooks",
"application-autoscaling:describeScalableTargets",
"application-autoscaling:describeScalingActivities",
"application-autoscaling:describeScalingPolicies",
+ "application-autoscaling:describeScheduledActions",
+ "appmesh:describeMesh",
+ "appmesh:describeRoute",
+ "appmesh:describeVirtualNode",
+ "appmesh:describeVirtualRouter",
+ "appmesh:describeVirtualService",
+ "appmesh:listMeshes",
+ "appmesh:listRoutes",
+ "appmesh:listVirtualNodes",
+ "appmesh:listVirtualRouters",
+ "appmesh:listVirtualServices",
"appstream:describeDirectoryConfigs",
"appstream:describeFleets",
"appstream:describeImageBuilders",
@@ -12388,8 +22065,11 @@ aws_managed_policies_data = """
"athena:batchGetQueryExecution",
"athena:getNamedQuery",
"athena:getQueryExecution",
+ "athena:getWorkGroup",
"athena:listNamedQueries",
"athena:listQueryExecutions",
+ "athena:listTagsForResource",
+ "athena:listWorkGroups",
"autoscaling-plans:describeScalingPlanResources",
"autoscaling-plans:describeScalingPlans",
"autoscaling-plans:getScalingPlanResourceForecastData",
@@ -12399,10 +22079,10 @@ aws_managed_policies_data = """
"autoscaling:describeAutoScalingInstances",
"autoscaling:describeAutoScalingNotificationTypes",
"autoscaling:describeLaunchConfigurations",
- "autoscaling:describeLifecycleHooks",
"autoscaling:describeLifecycleHookTypes",
- "autoscaling:describeLoadBalancers",
+ "autoscaling:describeLifecycleHooks",
"autoscaling:describeLoadBalancerTargetGroups",
+ "autoscaling:describeLoadBalancers",
"autoscaling:describeMetricCollectionTypes",
"autoscaling:describeNotificationConfigurations",
"autoscaling:describePolicies",
@@ -12411,11 +22091,45 @@ aws_managed_policies_data = """
"autoscaling:describeScheduledActions",
"autoscaling:describeTags",
"autoscaling:describeTerminationPolicyTypes",
+ "backup:describeBackupJob",
+ "backup:describeBackupVault",
+ "backup:describeProtectedResource",
+ "backup:describeRecoveryPoint",
+ "backup:describeRestoreJob",
+ "backup:getBackupPlan",
+ "backup:getBackupPlanFromJSON",
+ "backup:getBackupPlanFromTemplate",
+ "backup:getBackupSelection",
+ "backup:getBackupVaultAccessPolicy",
+ "backup:getBackupVaultNotifications",
+ "backup:getRecoveryPointRestoreMetadata",
+ "backup:getSupportedResourceTypes",
+ "backup:listBackupJobs",
+ "backup:listBackupPlanTemplates",
+ "backup:listBackupPlanVersions",
+ "backup:listBackupPlans",
+ "backup:listBackupSelections",
+ "backup:listBackupVaults",
+ "backup:listProtectedResources",
+ "backup:listRecoveryPointsByBackupVault",
+ "backup:listRecoveryPointsByResource",
+ "backup:listRestoreJobs",
+ "backup:listTags",
"batch:describeComputeEnvironments",
"batch:describeJobDefinitions",
"batch:describeJobQueues",
"batch:describeJobs",
"batch:listJobs",
+ "braket:getDevice",
+ "braket:getQuantumTask",
+ "braket:searchDevices",
+ "braket:searchQuantumTasks",
+ "budgets:viewBudget",
+ "ce:getCostAndUsage",
+ "ce:getDimensionValues",
+ "ce:getReservationCoverage",
+ "ce:getReservationUtilization",
+ "ce:getTags",
"cloud9:describeEnvironmentMemberships",
"cloud9:describeEnvironments",
"cloud9:listEnvironments",
@@ -12427,9 +22141,9 @@ aws_managed_policies_data = """
"cloudformation:describeStackInstance",
"cloudformation:describeStackResource",
"cloudformation:describeStackResources",
- "cloudformation:describeStacks",
"cloudformation:describeStackSet",
"cloudformation:describeStackSetOperation",
+ "cloudformation:describeStacks",
"cloudformation:estimateTemplateCost",
"cloudformation:getStackPolicy",
"cloudformation:getTemplate",
@@ -12439,10 +22153,10 @@ aws_managed_policies_data = """
"cloudformation:listImports",
"cloudformation:listStackInstances",
"cloudformation:listStackResources",
- "cloudformation:listStacks",
"cloudformation:listStackSetOperationResults",
"cloudformation:listStackSetOperations",
"cloudformation:listStackSets",
+ "cloudformation:listStacks",
"cloudfront:getCloudFrontOriginAccessIdentity",
"cloudfront:getCloudFrontOriginAccessIdentityConfig",
"cloudfront:getDistribution",
@@ -12468,9 +22182,12 @@ aws_managed_policies_data = """
"cloudsearch:listDomainNames",
"cloudtrail:describeTrails",
"cloudtrail:getEventSelectors",
+ "cloudtrail:getInsightSelectors",
+ "cloudtrail:getTrail",
"cloudtrail:getTrailStatus",
"cloudtrail:listPublicKeys",
"cloudtrail:listTags",
+ "cloudtrail:listTrails",
"cloudtrail:lookupEvents",
"cloudwatch:describeAlarmHistory",
"cloudwatch:describeAlarms",
@@ -12480,19 +22197,39 @@ aws_managed_policies_data = """
"cloudwatch:getMetricStatistics",
"cloudwatch:listDashboards",
"cloudwatch:listMetrics",
+ "codeartifact:describeDomain",
+ "codeartifact:describePackageVersion",
+ "codeartifact:describeRepository",
+ "codeartifact:getDomainPermissionsPolicy",
+ "codeartifact:getRepositoryEndPoint",
+ "codeartifact:getRepositoryPermissionsPolicy",
+ "codeartifact:listDomains",
+ "codeartifact:listPackageVersionAssets",
+ "codeartifact:listPackageVersions",
+ "codeartifact:listPackages",
+ "codeartifact:listRepositories",
+ "codeartifact:listRepositoriesInDomain",
+ "codebuild:batchGetBuildBatches",
"codebuild:batchGetBuilds",
"codebuild:batchGetProjects",
+ "codebuild:listBuildBatches",
+ "codebuild:listBuildBatchesForProject",
"codebuild:listBuilds",
"codebuild:listBuildsForProject",
"codebuild:listCuratedEnvironmentImages",
"codebuild:listProjects",
+ "codebuild:listSourceCredentials",
"codecommit:batchGetRepositories",
"codecommit:getBranch",
"codecommit:getRepository",
"codecommit:getRepositoryTriggers",
"codecommit:listBranches",
"codecommit:listRepositories",
+ "codedeploy:batchGetApplicationRevisions",
"codedeploy:batchGetApplications",
+ "codedeploy:batchGetDeploymentGroups",
+ "codedeploy:batchGetDeploymentInstances",
+ "codedeploy:batchGetDeploymentTargets",
"codedeploy:batchGetDeployments",
"codedeploy:batchGetOnPremisesInstances",
"codedeploy:getApplication",
@@ -12501,20 +22238,26 @@ aws_managed_policies_data = """
"codedeploy:getDeploymentConfig",
"codedeploy:getDeploymentGroup",
"codedeploy:getDeploymentInstance",
+ "codedeploy:getDeploymentTarget",
"codedeploy:getOnPremisesInstance",
"codedeploy:listApplicationRevisions",
"codedeploy:listApplications",
"codedeploy:listDeploymentConfigs",
"codedeploy:listDeploymentGroups",
"codedeploy:listDeploymentInstances",
+ "codedeploy:listDeploymentTargets",
"codedeploy:listDeployments",
+ "codedeploy:listGitHubAccountTokenNames",
"codedeploy:listOnPremisesInstances",
"codepipeline:getJobDetails",
"codepipeline:getPipeline",
"codepipeline:getPipelineExecution",
"codepipeline:getPipelineState",
+ "codepipeline:listActionExecutions",
"codepipeline:listActionTypes",
+ "codepipeline:listPipelineExecutions",
"codepipeline:listPipelines",
+ "codepipeline:listWebhooks",
"codestar:describeProject",
"codestar:listProjects",
"codestar:listResources",
@@ -12549,25 +22292,69 @@ aws_managed_policies_data = """
"cognito-sync:getIdentityPoolConfiguration",
"cognito-sync:listDatasets",
"cognito-sync:listIdentityPoolUsage",
+ "compute-optimizer:getAutoScalingGroupRecommendations",
+ "compute-optimizer:getEC2InstanceRecommendations",
+ "compute-optimizer:getEC2RecommendationProjectedMetrics",
+ "compute-optimizer:getEnrollmentStatus",
+ "compute-optimizer:getRecommendationSummaries",
"config:describeConfigRuleEvaluationStatus",
"config:describeConfigRules",
- "config:describeConfigurationRecorders",
"config:describeConfigurationRecorderStatus",
- "config:describeDeliveryChannels",
+ "config:describeConfigurationRecorders",
"config:describeDeliveryChannelStatus",
+ "config:describeDeliveryChannels",
"config:getResourceConfigHistory",
"config:listDiscoveredResources",
+ "connect:describeUser",
+ "connect:getCurrentMetricData",
+ "connect:getMetricData",
+ "connect:listRoutingProfiles",
+ "connect:listSecurityProfiles",
+ "connect:listUsers",
+ "controltower:describeAccountFactoryConfig",
+ "controltower:describeCoreService",
+ "controltower:describeGuardrail",
+ "controltower:describeGuardrailForTarget",
+ "controltower:describeManagedAccount",
+ "controltower:describeSingleSignOn",
+ "controltower:getAvailableUpdates",
+ "controltower:getHomeRegion",
+ "controltower:getLandingZoneStatus",
+ "controltower:listDirectoryGroups",
+ "controltower:listGuardrailViolations",
+ "controltower:listGuardrailsForTarget",
+ "controltower:listManagedAccounts",
+ "controltower:listManagedAccountsForGuardrail",
+ "controltower:listManagedAccountsForParent",
+ "controltower:listManagedOrganizationalUnits",
+ "controltower:listManagedOrganizationalUnitsForGuardrail",
"datapipeline:describeObjects",
"datapipeline:describePipelines",
"datapipeline:getPipelineDefinition",
"datapipeline:listPipelines",
"datapipeline:queryObjects",
+ "datasync:describeAgent",
+ "datasync:describeLocationEfs",
+ "datasync:describeLocationFsxWindows",
+ "datasync:describeLocationNfs",
+ "datasync:describeLocationS3",
+ "datasync:describeLocationSmb",
+ "datasync:describeTask",
+ "datasync:describeTaskExecution",
+ "datasync:listAgents",
+ "datasync:listLocations",
+ "datasync:listTaskExecutions",
+ "datasync:listTasks",
"dax:describeClusters",
"dax:describeDefaultParameters",
"dax:describeEvents",
"dax:describeParameterGroups",
"dax:describeParameters",
"dax:describeSubnetGroups",
+ "detective:getMembers",
+ "detective:listGraphs",
+ "detective:listInvitations",
+ "detective:listMembers",
"devicefarm:getAccountSettings",
"devicefarm:getDevice",
"devicefarm:getDevicePool",
@@ -12578,6 +22365,8 @@ aws_managed_policies_data = """
"devicefarm:getRun",
"devicefarm:getSuite",
"devicefarm:getTest",
+ "devicefarm:getTestGridProject",
+ "devicefarm:getTestGridSession",
"devicefarm:getUpload",
"devicefarm:listArtifacts",
"devicefarm:listDevicePools",
@@ -12588,6 +22377,10 @@ aws_managed_policies_data = """
"devicefarm:listRuns",
"devicefarm:listSamples",
"devicefarm:listSuites",
+ "devicefarm:listTestGridProjects",
+ "devicefarm:listTestGridSessionActions",
+ "devicefarm:listTestGridSessionArtifacts",
+ "devicefarm:listTestGridSessions",
"devicefarm:listTests",
"devicefarm:listUniqueProblems",
"devicefarm:listUploads",
@@ -12601,8 +22394,8 @@ aws_managed_policies_data = """
"dlm:getLifecyclePolicy",
"dms:describeAccountAttributes",
"dms:describeConnections",
- "dms:describeEndpoints",
"dms:describeEndpointTypes",
+ "dms:describeEndpoints",
"dms:describeOrderableReplicationInstances",
"dms:describeRefreshSchemasStatus",
"dms:describeReplicationInstances",
@@ -12637,29 +22430,47 @@ aws_managed_policies_data = """
"ec2:describeAvailabilityZones",
"ec2:describeBundleTasks",
"ec2:describeByoipCidrs",
+ "ec2:describeCapacityReservations",
"ec2:describeClassicLinkInstances",
+ "ec2:describeClientVpnAuthorizationRules",
+ "ec2:describeClientVpnConnections",
+ "ec2:describeClientVpnEndpoints",
+ "ec2:describeClientVpnRoutes",
+ "ec2:describeClientVpnTargetNetworks",
+ "ec2:describeCoipPools",
"ec2:describeConversionTasks",
"ec2:describeCustomerGateways",
"ec2:describeDhcpOptions",
"ec2:describeElasticGpus",
+ "ec2:describeExportImageTasks",
"ec2:describeExportTasks",
+ "ec2:describeFastSnapshotRestores",
+ "ec2:describeFleetHistory",
+ "ec2:describeFleetInstances",
+ "ec2:describeFleets",
"ec2:describeFlowLogs",
"ec2:describeHostReservationOfferings",
"ec2:describeHostReservations",
"ec2:describeHosts",
- "ec2:describeIdentityIdFormat",
"ec2:describeIdFormat",
+ "ec2:describeIdentityIdFormat",
"ec2:describeImageAttribute",
"ec2:describeImages",
"ec2:describeImportImageTasks",
"ec2:describeImportSnapshotTasks",
"ec2:describeInstanceAttribute",
- "ec2:describeInstances",
"ec2:describeInstanceStatus",
+ "ec2:describeInstances",
"ec2:describeInternetGateways",
"ec2:describeKeyPairs",
- "ec2:describeLaunchTemplates",
"ec2:describeLaunchTemplateVersions",
+ "ec2:describeLaunchTemplates",
+ "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations",
+ "ec2:describeLocalGatewayRouteTableVpcAssociations",
+ "ec2:describeLocalGatewayRouteTables",
+ "ec2:describeLocalGatewayVirtualInterfaceGroups",
+ "ec2:describeLocalGatewayVirtualInterfaces",
+ "ec2:describeLocalGateways",
"ec2:describeMovingAddresses",
"ec2:describeNatGateways",
"ec2:describeNetworkAcls",
@@ -12686,27 +22497,39 @@ aws_managed_policies_data = """
"ec2:describeSpotPriceHistory",
"ec2:describeSubnets",
"ec2:describeTags",
+ "ec2:describeTrafficMirrorFilters",
+ "ec2:describeTrafficMirrorSessions",
+ "ec2:describeTrafficMirrorTargets",
+ "ec2:describeTransitGatewayAttachments",
+ "ec2:describeTransitGatewayRouteTables",
+ "ec2:describeTransitGatewayVpcAttachments",
+ "ec2:describeTransitGateways",
"ec2:describeVolumeAttribute",
+ "ec2:describeVolumeStatus",
"ec2:describeVolumes",
"ec2:describeVolumesModifications",
- "ec2:describeVolumeStatus",
"ec2:describeVpcAttribute",
"ec2:describeVpcClassicLink",
"ec2:describeVpcClassicLinkDnsSupport",
"ec2:describeVpcEndpointConnectionNotifications",
"ec2:describeVpcEndpointConnections",
- "ec2:describeVpcEndpoints",
"ec2:describeVpcEndpointServiceConfigurations",
"ec2:describeVpcEndpointServicePermissions",
"ec2:describeVpcEndpointServices",
+ "ec2:describeVpcEndpoints",
"ec2:describeVpcPeeringConnections",
"ec2:describeVpcs",
"ec2:describeVpnConnections",
"ec2:describeVpnGateways",
+ "ec2:getCoipPoolUsage",
"ec2:getConsoleScreenshot",
"ec2:getReservedInstancesExchangeQuote",
+ "ec2:getTransitGatewayAttachmentPropagations",
+ "ec2:getTransitGatewayRouteTableAssociations",
+ "ec2:getTransitGatewayRouteTablePropagations",
"ec2:modifyReservedInstances",
"ec2:purchaseReservedInstancesOffering",
+ "ec2:searchLocalGatewayRoutes",
"ecr:batchCheckLayerAvailability",
"ecr:describeImages",
"ecr:describeRepositories",
@@ -12723,7 +22546,13 @@ aws_managed_policies_data = """
"ecs:listTaskDefinitions",
"ecs:listTasks",
"eks:describeCluster",
+ "eks:describeFargateProfile",
+ "eks:describeNodegroup",
+ "eks:describeUpdate",
"eks:listClusters",
+ "eks:listFargateProfiles",
+ "eks:listNodegroups",
+ "eks:listUpdates",
"elasticache:describeCacheClusters",
"elasticache:describeCacheEngineVersions",
"elasticache:describeCacheParameterGroups",
@@ -12739,8 +22568,8 @@ aws_managed_policies_data = """
"elasticache:listAllowedNodeTypeModifications",
"elasticache:listTagsForResource",
"elasticbeanstalk:checkDNSAvailability",
- "elasticbeanstalk:describeApplications",
"elasticbeanstalk:describeApplicationVersions",
+ "elasticbeanstalk:describeApplications",
"elasticbeanstalk:describeConfigurationOptions",
"elasticbeanstalk:describeConfigurationSettings",
"elasticbeanstalk:describeEnvironmentHealth",
@@ -12754,10 +22583,14 @@ aws_managed_policies_data = """
"elasticbeanstalk:listAvailableSolutionStacks",
"elasticbeanstalk:listPlatformVersions",
"elasticbeanstalk:validateConfigurationSettings",
+ "elasticfilesystem:describeAccessPoints",
+ "elasticfilesystem:describeFileSystemPolicy",
"elasticfilesystem:describeFileSystems",
- "elasticfilesystem:describeMountTargets",
+ "elasticfilesystem:describeLifecycleConfiguration",
"elasticfilesystem:describeMountTargetSecurityGroups",
+ "elasticfilesystem:describeMountTargets",
"elasticfilesystem:describeTags",
+ "elasticfilesystem:listTagsForResource",
"elasticloadbalancing:describeInstanceHealth",
"elasticloadbalancing:describeListenerCertificates",
"elasticloadbalancing:describeListeners",
@@ -12799,6 +22632,30 @@ aws_managed_policies_data = """
"events:testEventPattern",
"firehose:describeDeliveryStream",
"firehose:listDeliveryStreams",
+ "fms:getAdminAccount",
+ "fms:getComplianceDetail",
+ "fms:getNotificationChannel",
+ "fms:getPolicy",
+ "fms:getProtectionStatus",
+ "fms:listComplianceStatus",
+ "fms:listMemberAccounts",
+ "fms:listPolicies",
+ "forecast:describeDataset",
+ "forecast:describeDatasetGroup",
+ "forecast:describeDatasetImportJob",
+ "forecast:describeForecast",
+ "forecast:describeForecastExportJob",
+ "forecast:describePredictor",
+ "forecast:getAccuracyMetrics",
+ "forecast:listDatasetGroups",
+ "forecast:listDatasetImportJobs",
+ "forecast:listDatasets",
+ "forecast:listForecastExportJobs",
+ "forecast:listForecasts",
+ "forecast:listPredictors",
+ "fsx:describeBackups",
+ "fsx:describeFileSystems",
+ "fsx:listTagsForResource",
"glacier:describeJob",
"glacier:describeVault",
"glacier:getDataRetrievalPolicy",
@@ -12808,6 +22665,13 @@ aws_managed_policies_data = """
"glacier:listJobs",
"glacier:listTagsForVault",
"glacier:listVaults",
+ "globalaccelerator:describeAccelerator",
+ "globalaccelerator:describeAcceleratorAttributes",
+ "globalaccelerator:describeEndpointGroup",
+ "globalaccelerator:describeListener",
+ "globalaccelerator:listAccelerators",
+ "globalaccelerator:listEndpointGroups",
+ "globalaccelerator:listListeners",
"glue:batchGetPartition",
"glue:getCatalogImportStatus",
"glue:getClassifier",
@@ -12828,8 +22692,8 @@ aws_managed_policies_data = """
"glue:getPartition",
"glue:getPartitions",
"glue:getTable",
- "glue:getTables",
"glue:getTableVersions",
+ "glue:getTables",
"glue:getTrigger",
"glue:getTriggers",
"glue:getUserDefinedFunction",
@@ -12851,41 +22715,41 @@ aws_managed_policies_data = """
"greengrass:getServiceRoleForAccount",
"greengrass:getSubscriptionDefinition",
"greengrass:getSubscriptionDefinitionVersion",
- "greengrass:listCoreDefinitions",
"greengrass:listCoreDefinitionVersions",
+ "greengrass:listCoreDefinitions",
"greengrass:listDeployments",
- "greengrass:listDeviceDefinitions",
"greengrass:listDeviceDefinitionVersions",
- "greengrass:listFunctionDefinitions",
+ "greengrass:listDeviceDefinitions",
"greengrass:listFunctionDefinitionVersions",
- "greengrass:listGroups",
+ "greengrass:listFunctionDefinitions",
"greengrass:listGroupVersions",
- "greengrass:listLoggerDefinitions",
+ "greengrass:listGroups",
"greengrass:listLoggerDefinitionVersions",
- "greengrass:listResourceDefinitions",
+ "greengrass:listLoggerDefinitions",
"greengrass:listResourceDefinitionVersions",
- "greengrass:listSubscriptionDefinitions",
+ "greengrass:listResourceDefinitions",
"greengrass:listSubscriptionDefinitionVersions",
+ "greengrass:listSubscriptionDefinitions",
"guardduty:getDetector",
"guardduty:getFindings",
"guardduty:getFindingsStatistics",
- "guardduty:getInvitationsCount",
"guardduty:getIPSet",
+ "guardduty:getInvitationsCount",
"guardduty:getMasterAccount",
"guardduty:getMembers",
"guardduty:getThreatIntelSet",
"guardduty:listDetectors",
"guardduty:listFindings",
- "guardduty:listInvitations",
"guardduty:listIPSets",
+ "guardduty:listInvitations",
"guardduty:listMembers",
"guardduty:listThreatIntelSets",
"health:describeAffectedEntities",
"health:describeEntityAggregates",
"health:describeEventAggregates",
"health:describeEventDetails",
- "health:describeEvents",
"health:describeEventTypes",
+ "health:describeEvents",
"iam:getAccessKeyLastUsed",
"iam:getAccountAuthorizationDetails",
"iam:getAccountPasswordPolicy",
@@ -12903,8 +22767,8 @@ aws_managed_policies_data = """
"iam:getRole",
"iam:getRolePolicy",
"iam:getSAMLProvider",
- "iam:getServerCertificate",
"iam:getSSHPublicKey",
+ "iam:getServerCertificate",
"iam:getUser",
"iam:getUserPolicy",
"iam:listAccessKeys",
@@ -12925,14 +22789,33 @@ aws_managed_policies_data = """
"iam:listRolePolicies",
"iam:listRoles",
"iam:listSAMLProviders",
+ "iam:listSSHPublicKeys",
"iam:listServerCertificates",
"iam:listSigningCertificates",
- "iam:listSSHPublicKeys",
"iam:listUserPolicies",
"iam:listUsers",
"iam:listVirtualMFADevices",
"iam:simulateCustomPolicy",
"iam:simulatePrincipalPolicy",
+ "imagebuilder:getComponent",
+ "imagebuilder:getComponentPolicy",
+ "imagebuilder:getDistributionConfiguration",
+ "imagebuilder:getImage",
+ "imagebuilder:getImagePipeline",
+ "imagebuilder:getImagePolicy",
+ "imagebuilder:getImageRecipe",
+ "imagebuilder:getImageRecipePolicy",
+ "imagebuilder:getInfrastructureConfiguration",
+ "imagebuilder:listComponentBuildVersions",
+ "imagebuilder:listComponents",
+ "imagebuilder:listDistributionConfigurations",
+ "imagebuilder:listImageBuildVersions",
+ "imagebuilder:listImagePipelineImages",
+ "imagebuilder:listImagePipelines",
+ "imagebuilder:listImageRecipes",
+ "imagebuilder:listImages",
+ "imagebuilder:listInfrastructureConfigurations",
+ "imagebuilder:listTagsForResource",
"importexport:getStatus",
"importexport:listJobs",
"inspector:describeAssessmentRuns",
@@ -12958,6 +22841,7 @@ aws_managed_policies_data = """
"iot:describeJobExecution",
"iot:describeThing",
"iot:describeThingGroup",
+ "iot:describeTunnel",
"iot:getEffectivePolicies",
"iot:getIndexingConfiguration",
"iot:getLoggingOptions",
@@ -12985,14 +22869,48 @@ aws_managed_policies_data = """
"iot:listThingGroupsForThing",
"iot:listThingPrincipals",
"iot:listThingRegistrationTasks",
- "iot:listThings",
"iot:listThingTypes",
+ "iot:listThings",
"iot:listTopicRules",
+ "iot:listTunnels",
"iot:listV2LoggingLevels",
+ "iotevents:describeDetector",
+ "iotevents:describeDetectorModel",
+ "iotevents:describeInput",
+ "iotevents:describeLoggingOptions",
+ "iotevents:listDetectorModelVersions",
+ "iotevents:listDetectorModels",
+ "iotevents:listDetectors",
+ "iotevents:listInputs",
+ "iotsitewise:describeAccessPolicy",
+ "iotsitewise:describeAsset",
+ "iotsitewise:describeAssetModel",
+ "iotsitewise:describeAssetProperty",
+ "iotsitewise:describeDashboard",
+ "iotsitewise:describeGateway",
+ "iotsitewise:describeGatewayCapabilityConfiguration",
+ "iotsitewise:describeLoggingOptions",
+ "iotsitewise:describePortal",
+ "iotsitewise:describeProject",
+ "iotsitewise:listAccessPolicies",
+ "iotsitewise:listAssetModels",
+ "iotsitewise:listAssociatedAssets",
+ "iotsitewise:listDashboards",
+ "iotsitewise:listGateways",
+ "iotsitewise:listPortals",
+ "iotsitewise:listProjectAssets",
+ "iotsitewise:listProjects",
"kafka:describeCluster",
"kafka:getBootstrapBrokers",
"kafka:listClusters",
"kafka:listNodes",
+ "kendra:describeDataSource",
+ "kendra:describeFaq",
+ "kendra:describeIndex",
+ "kendra:getDataSourceSyncJobHistory",
+ "kendra:listDataSources",
+ "kendra:listFaqs",
+ "kendra:listIndices",
"kinesis:describeStream",
"kinesis:listStreams",
"kinesis:listTagsForStream",
@@ -13011,41 +22929,60 @@ aws_managed_policies_data = """
"lambda:getAlias",
"lambda:getEventSourceMapping",
"lambda:getFunction",
+ "lambda:getFunctionConcurrency",
"lambda:getFunctionConfiguration",
+ "lambda:getFunctionEventInvokeConfig",
+ "lambda:getLayerVersion",
+ "lambda:getLayerVersionPolicy",
"lambda:getPolicy",
+ "lambda:getProvisionedConcurrencyConfig",
"lambda:listAliases",
"lambda:listEventSourceMappings",
+ "lambda:listFunctionEventInvokeConfigs",
"lambda:listFunctions",
+ "lambda:listLayerVersions",
+ "lambda:listLayers",
+ "lambda:listProvisionedConcurrencyConfigs",
"lambda:listVersionsByFunction",
+ "launchwizard:describeProvisionedApp",
+ "launchwizard:describeProvisioningEvents",
+ "launchwizard:listProvisionedApps",
"lex:getBot",
"lex:getBotAlias",
"lex:getBotAliases",
"lex:getBotChannelAssociation",
"lex:getBotChannelAssociations",
- "lex:getBots",
"lex:getBotVersions",
+ "lex:getBots",
"lex:getBuiltinIntent",
"lex:getBuiltinIntents",
"lex:getBuiltinSlotTypes",
"lex:getIntent",
- "lex:getIntents",
"lex:getIntentVersions",
+ "lex:getIntents",
"lex:getSlotType",
- "lex:getSlotTypes",
"lex:getSlotTypeVersions",
+ "lex:getSlotTypes",
+ "license-manager:getLicenseConfiguration",
+ "license-manager:getServiceSettings",
+ "license-manager:listAssociationsForLicenseConfiguration",
+ "license-manager:listFailuresForLicenseConfigurationOperations",
+ "license-manager:listLicenseConfigurations",
+ "license-manager:listLicenseSpecificationsForResource",
+ "license-manager:listResourceInventory",
+ "license-manager:listUsageForLicenseConfiguration",
"lightsail:getActiveNames",
"lightsail:getBlueprints",
"lightsail:getBundles",
"lightsail:getDomain",
"lightsail:getDomains",
"lightsail:getInstance",
- "lightsail:getInstanceAccessDetails",
"lightsail:getInstanceMetricData",
"lightsail:getInstancePortStates",
- "lightsail:getInstances",
"lightsail:getInstanceSnapshot",
"lightsail:getInstanceSnapshots",
"lightsail:getInstanceState",
+ "lightsail:getInstances",
"lightsail:getKeyPair",
"lightsail:getKeyPairs",
"lightsail:getOperation",
@@ -13059,6 +22996,7 @@ aws_managed_policies_data = """
"logs:describeLogGroups",
"logs:describeLogStreams",
"logs:describeMetricFilters",
+ "logs:describeQueries",
"logs:describeSubscriptionFilters",
"logs:testMetricFilter",
"machinelearning:describeBatchPredictions",
@@ -13069,46 +23007,74 @@ aws_managed_policies_data = """
"machinelearning:getDataSource",
"machinelearning:getEvaluation",
"machinelearning:getMLModel",
+ "managedblockchain:getMember",
+ "managedblockchain:getNetwork",
+ "managedblockchain:getNode",
+ "managedblockchain:listMembers",
+ "managedblockchain:listNetworks",
+ "managedblockchain:listNodes",
"mediaconvert:describeEndpoints",
"mediaconvert:getJob",
"mediaconvert:getJobTemplate",
"mediaconvert:getPreset",
"mediaconvert:getQueue",
- "mediaconvert:listJobs",
"mediaconvert:listJobTemplates",
+ "mediaconvert:listJobs",
"medialive:describeChannel",
"medialive:describeInput",
+ "medialive:describeInputDevice",
"medialive:describeInputSecurityGroup",
+ "medialive:describeMultiplex",
"medialive:describeOffering",
"medialive:describeReservation",
"medialive:describeSchedule",
"medialive:listChannels",
- "medialive:listInputs",
+ "medialive:listInputDevices",
"medialive:listInputSecurityGroups",
+ "medialive:listInputs",
+ "medialive:listMultiplexes",
"medialive:listOfferings",
+ "medialive:listReservations",
"mediapackage:describeChannel",
"mediapackage:describeOriginEndpoint",
"mediapackage:listChannels",
"mediapackage:listOriginEndpoints",
"mediastore:describeContainer",
+ "mediastore:describeObject",
"mediastore:getContainerPolicy",
+ "mediastore:getCorsPolicy",
"mediastore:listContainers",
+ "mediastore:listItems",
+ "mediatailor:getPlaybackConfiguration",
+ "mediatailor:listPlaybackConfigurations",
+ "mobiletargeting:getAdmChannel",
"mobiletargeting:getApnsChannel",
+ "mobiletargeting:getApnsSandboxChannel",
+ "mobiletargeting:getApnsVoipChannel",
+ "mobiletargeting:getApnsVoipSandboxChannel",
+ "mobiletargeting:getApp",
"mobiletargeting:getApplicationSettings",
+ "mobiletargeting:getApps",
+ "mobiletargeting:getBaiduChannel",
"mobiletargeting:getCampaign",
"mobiletargeting:getCampaignActivities",
- "mobiletargeting:getCampaigns",
"mobiletargeting:getCampaignVersion",
"mobiletargeting:getCampaignVersions",
+ "mobiletargeting:getCampaigns",
+ "mobiletargeting:getEmailChannel",
"mobiletargeting:getEndpoint",
+ "mobiletargeting:getEventStream",
+ "mobiletargeting:getExportJob",
+ "mobiletargeting:getExportJobs",
"mobiletargeting:getGcmChannel",
"mobiletargeting:getImportJob",
"mobiletargeting:getImportJobs",
"mobiletargeting:getSegment",
"mobiletargeting:getSegmentImportJobs",
- "mobiletargeting:getSegments",
"mobiletargeting:getSegmentVersion",
"mobiletargeting:getSegmentVersions",
+ "mobiletargeting:getSegments",
+ "mobiletargeting:getSmsChannel",
"mq:describeBroker",
"mq:describeConfiguration",
"mq:describeConfigurationRevision",
@@ -13117,6 +23083,13 @@ aws_managed_policies_data = """
"mq:listConfigurationRevisions",
"mq:listConfigurations",
"mq:listUsers",
+ "networkmanager:describeGlobalNetworks",
+ "networkmanager:getCustomerGatewayAssociations",
+ "networkmanager:getDevices",
+ "networkmanager:getLinkAssociations",
+ "networkmanager:getLinks",
+ "networkmanager:getSites",
+ "networkmanager:getTransitGatewayRegistrations",
"opsworks-cm:describeAccountAttributes",
"opsworks-cm:describeBackups",
"opsworks-cm:describeEvents",
@@ -13138,21 +23111,66 @@ aws_managed_policies_data = """
"opsworks:describeRdsDbInstances",
"opsworks:describeServiceErrors",
"opsworks:describeStackProvisioningParameters",
- "opsworks:describeStacks",
"opsworks:describeStackSummary",
+ "opsworks:describeStacks",
"opsworks:describeTimeBasedAutoScaling",
"opsworks:describeUserProfiles",
"opsworks:describeVolumes",
"opsworks:getHostnameSuggestion",
+ "outposts:getOutpost",
+ "outposts:getOutpostInstanceTypes",
+ "outposts:listOutposts",
+ "outposts:listSites",
+ "personalize:describeAlgorithm",
+ "personalize:describeCampaign",
+ "personalize:describeDataset",
+ "personalize:describeDatasetGroup",
+ "personalize:describeDatasetImportJob",
+ "personalize:describeEventTracker",
+ "personalize:describeFeatureTransformation",
+ "personalize:describeRecipe",
+ "personalize:describeSchema",
+ "personalize:describeSolution",
+ "personalize:describeSolutionVersion",
+ "personalize:listCampaigns",
+ "personalize:listDatasetGroups",
+ "personalize:listDatasetImportJobs",
+ "personalize:listDatasets",
+ "personalize:listEventTrackers",
+ "personalize:listRecipes",
+ "personalize:listSchemas",
+ "personalize:listSolutionVersions",
+ "personalize:listSolutions",
"polly:describeVoices",
"polly:getLexicon",
"polly:listLexicons",
+ "pricing:describeServices",
+ "pricing:getAttributeValues",
+ "pricing:getProducts",
+ "quicksight:describeDashboard",
+ "quicksight:describeDashboardPermissions",
+ "quicksight:describeGroup",
+ "quicksight:describeIAMPolicyAssignment",
+ "quicksight:describeTemplate",
+ "quicksight:describeTemplateAlias",
+ "quicksight:describeTemplatePermissions",
+ "quicksight:describeUser",
+ "quicksight:listDashboards",
+ "quicksight:listGroupMemberships",
+ "quicksight:listGroups",
+ "quicksight:listIAMPolicyAssignments",
+ "quicksight:listIAMPolicyAssignmentsForUser",
+ "quicksight:listTemplateAliases",
+ "quicksight:listTemplateVersions",
+ "quicksight:listTemplates",
+ "quicksight:listUserGroups",
+ "quicksight:listUsers",
"rds:describeAccountAttributes",
"rds:describeCertificates",
"rds:describeDBClusterParameterGroups",
"rds:describeDBClusterParameters",
- "rds:describeDBClusters",
"rds:describeDBClusterSnapshots",
+ "rds:describeDBClusters",
"rds:describeDBEngineVersions",
"rds:describeDBInstances",
"rds:describeDBParameterGroups",
@@ -13164,8 +23182,8 @@ aws_managed_policies_data = """
"rds:describeEngineDefaultClusterParameters",
"rds:describeEngineDefaultParameters",
"rds:describeEventCategories",
- "rds:describeEvents",
"rds:describeEventSubscriptions",
+ "rds:describeEvents",
"rds:describeOptionGroupOptions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
@@ -13175,15 +23193,15 @@ aws_managed_policies_data = """
"rds:listTagsForResource",
"redshift:describeClusterParameterGroups",
"redshift:describeClusterParameters",
- "redshift:describeClusters",
"redshift:describeClusterSecurityGroups",
"redshift:describeClusterSnapshots",
"redshift:describeClusterSubnetGroups",
"redshift:describeClusterVersions",
+ "redshift:describeClusters",
"redshift:describeDefaultClusterParameters",
"redshift:describeEventCategories",
- "redshift:describeEvents",
"redshift:describeEventSubscriptions",
+ "redshift:describeEvents",
"redshift:describeHsmClientCertificates",
"redshift:describeHsmConfigurations",
"redshift:describeLoggingStatus",
@@ -13192,12 +23210,21 @@ aws_managed_policies_data = """
"redshift:describeReservedNodes",
"redshift:describeResize",
"redshift:describeSnapshotCopyGrants",
+ "redshift:describeStorage",
"redshift:describeTableRestoreStatus",
"redshift:describeTags",
"rekognition:listCollections",
"rekognition:listFaces",
+ "resource-groups:getGroup",
+ "resource-groups:getGroupQuery",
+ "resource-groups:getTags",
+ "resource-groups:listGroupResources",
+ "resource-groups:listGroups",
+ "resource-groups:searchResources",
+ "robomaker:batchDescribeSimulationJob",
"robomaker:describeDeploymentJob",
"robomaker:describeFleet",
+ "robomaker:describeRobot",
"robomaker:describeRobotApplication",
"robomaker:describeSimulationApplication",
"robomaker:describeSimulationJob",
@@ -13264,33 +23291,79 @@ aws_managed_policies_data = """
"s3:getLifecycleConfiguration",
"s3:getMetricsConfiguration",
"s3:getReplicationConfiguration",
- "s3:headBucket",
"s3:listAllMyBuckets",
+ "s3:listBucket",
"s3:listBucketMultipartUploads",
+ "sagemaker:describeAlgorithm",
+ "sagemaker:describeApp",
+ "sagemaker:describeAutoMLJob",
+ "sagemaker:describeCompilationJob",
+ "sagemaker:describeDomain",
"sagemaker:describeEndpoint",
"sagemaker:describeEndpointConfig",
+ "sagemaker:describeExperiment",
+ "sagemaker:describeHumanTaskUi",
"sagemaker:describeHyperParameterTuningJob",
+ "sagemaker:describeLabelingJob",
"sagemaker:describeModel",
+ "sagemaker:describeModelPackage",
+ "sagemaker:describeMonitoringSchedule",
"sagemaker:describeNotebookInstance",
"sagemaker:describeNotebookInstanceLifecycleConfig",
+ "sagemaker:describeProcessingJob",
+ "sagemaker:describeSubscribedWorkteam",
"sagemaker:describeTrainingJob",
"sagemaker:describeTransformJob",
+ "sagemaker:describeTrial",
+ "sagemaker:describeTrialComponent",
+ "sagemaker:describeUserProfile",
+ "sagemaker:describeWorkteam",
+ "sagemaker:listAlgorithms",
+ "sagemaker:listApps",
+ "sagemaker:listAutoMLJobs",
+ "sagemaker:listCandidatesForAutoMLJob",
+ "sagemaker:listCodeRepositories",
+ "sagemaker:listCompilationJobs",
+ "sagemaker:listDomains",
"sagemaker:listEndpointConfigs",
"sagemaker:listEndpoints",
+ "sagemaker:listExperiments",
+ "sagemaker:listFlowDefinitions",
+ "sagemaker:listHumanTaskUis",
"sagemaker:listHyperParameterTuningJobs",
+ "sagemaker:listLabelingJobs",
+ "sagemaker:listLabelingJobsForWorkteam",
+ "sagemaker:listModelPackages",
"sagemaker:listModels",
+ "sagemaker:listMonitoringExecutions",
+ "sagemaker:listMonitoringSchedules",
"sagemaker:listNotebookInstanceLifecycleConfigs",
"sagemaker:listNotebookInstances",
+ "sagemaker:listProcessingJobs",
+ "sagemaker:listSubscribedWorkteams",
"sagemaker:listTags",
"sagemaker:listTrainingJobs",
"sagemaker:listTrainingJobsForHyperParameterTuningJob",
"sagemaker:listTransformJobs",
+ "sagemaker:listTrialComponents",
+ "sagemaker:listTrials",
+ "sagemaker:listUserProfiles",
+ "sagemaker:listWorkteams",
"sdb:domainMetadata",
"sdb:listDomains",
"secretsmanager:describeSecret",
"secretsmanager:getResourcePolicy",
- "secretsmanager:listSecrets",
"secretsmanager:listSecretVersionIds",
+ "secretsmanager:listSecrets",
+ "securityhub:getEnabledStandards",
+ "securityhub:getFindings",
+ "securityhub:getInsightResults",
+ "securityhub:getInsights",
+ "securityhub:getMasterAccount",
+ "securityhub:getMembers",
+ "securityhub:listEnabledProductsForImport",
+ "securityhub:listInvitations",
+ "securityhub:listMembers",
"servicecatalog:describeConstraint",
"servicecatalog:describePortfolio",
"servicecatalog:describeProduct",
@@ -13310,9 +23383,31 @@ aws_managed_policies_data = """
"servicecatalog:listRecordHistory",
"servicecatalog:scanProvisionedProducts",
"servicecatalog:searchProducts",
+ "servicequotas:getAWSDefaultServiceQuota",
+ "servicequotas:getAssociationForServiceQuotaTemplate",
+ "servicequotas:getRequestedServiceQuotaChange",
+ "servicequotas:getServiceQuota",
+ "servicequotas:getServiceQuotaIncreaseRequestFromTemplate",
+ "servicequotas:listAWSDefaultServiceQuotas",
+ "servicequotas:listRequestedServiceQuotaChangeHistory",
+ "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota",
+ "servicequotas:listServiceQuotaIncreaseRequestsInTemplate",
+ "servicequotas:listServiceQuotas",
+ "servicequotas:listServices",
"ses:describeActiveReceiptRuleSet",
"ses:describeReceiptRule",
"ses:describeReceiptRuleSet",
+ "ses:getAccount",
+ "ses:getBlacklistReports",
+ "ses:getConfigurationSet",
+ "ses:getConfigurationSetEventDestinations",
+ "ses:getDedicatedIp",
+ "ses:getDedicatedIps",
+ "ses:getDeliverabilityDashboardOptions",
+ "ses:getDeliverabilityTestReport",
+ "ses:getDomainDeliverabilityCampaign",
+ "ses:getDomainStatisticsReport",
+ "ses:getEmailIdentity",
"ses:getIdentityDkimAttributes",
"ses:getIdentityMailFromDomainAttributes",
"ses:getIdentityNotificationAttributes",
@@ -13320,16 +23415,23 @@ aws_managed_policies_data = """
"ses:getIdentityVerificationAttributes",
"ses:getSendQuota",
"ses:getSendStatistics",
+ "ses:listConfigurationSets",
+ "ses:listDedicatedIpPools",
+ "ses:listDeliverabilityTestReports",
+ "ses:listDomainDeliverabilityCampaigns",
+ "ses:listEmailIdentities",
"ses:listIdentities",
"ses:listIdentityPolicies",
"ses:listReceiptFilters",
"ses:listReceiptRuleSets",
+ "ses:listTagsForResource",
"ses:listVerifiedEmailAddresses",
"shield:describeAttack",
"shield:describeProtection",
"shield:describeSubscription",
"shield:listAttacks",
"shield:listProtections",
+ "sms-voice:getConfigurationSetEventDestinations",
"sms:getConnectors",
"sms:getReplicationJobs",
"sms:getReplicationRuns",
@@ -13357,7 +23459,10 @@ aws_managed_policies_data = """
"sqs:listQueues",
"ssm:describeActivations",
"ssm:describeAssociation",
+ "ssm:describeAssociationExecutionTargets",
+ "ssm:describeAssociationExecutions",
"ssm:describeAutomationExecutions",
+ "ssm:describeAutomationStepExecutions",
"ssm:describeAvailablePatches",
"ssm:describeDocument",
"ssm:describeDocumentPermission",
@@ -13365,43 +23470,54 @@ aws_managed_policies_data = """
"ssm:describeEffectivePatchesForPatchBaseline",
"ssm:describeInstanceAssociationsStatus",
"ssm:describeInstanceInformation",
- "ssm:describeInstancePatches",
"ssm:describeInstancePatchStates",
"ssm:describeInstancePatchStatesForPatchGroup",
- "ssm:describeMaintenanceWindowExecutions",
+ "ssm:describeInstancePatches",
+ "ssm:describeInventoryDeletions",
"ssm:describeMaintenanceWindowExecutionTaskInvocations",
"ssm:describeMaintenanceWindowExecutionTasks",
- "ssm:describeMaintenanceWindows",
+ "ssm:describeMaintenanceWindowExecutions",
+ "ssm:describeMaintenanceWindowSchedule",
"ssm:describeMaintenanceWindowTargets",
"ssm:describeMaintenanceWindowTasks",
+ "ssm:describeMaintenanceWindows",
+ "ssm:describeMaintenanceWindowsForTarget",
"ssm:describeParameters",
"ssm:describePatchBaselines",
- "ssm:describePatchGroups",
"ssm:describePatchGroupState",
+ "ssm:describePatchGroups",
+ "ssm:describePatchProperties",
+ "ssm:describeSessions",
"ssm:getAutomationExecution",
"ssm:getCommandInvocation",
+ "ssm:getConnectionStatus",
"ssm:getDefaultPatchBaseline",
"ssm:getDeployablePatchSnapshotForInstance",
- "ssm:getDocument",
- "ssm:getInventory",
"ssm:getInventorySchema",
"ssm:getMaintenanceWindow",
"ssm:getMaintenanceWindowExecution",
"ssm:getMaintenanceWindowExecutionTask",
- "ssm:getParameterHistory",
- "ssm:getParameters",
+ "ssm:getMaintenanceWindowExecutionTaskInvocation",
+ "ssm:getMaintenanceWindowTask",
"ssm:getPatchBaseline",
"ssm:getPatchBaselineForPatchGroup",
+ "ssm:getServiceSetting",
+ "ssm:labelParameterVersion",
+ "ssm:listAssociationVersions",
"ssm:listAssociations",
"ssm:listCommandInvocations",
"ssm:listCommands",
- "ssm:listDocuments",
+ "ssm:listComplianceItems",
+ "ssm:listComplianceSummaries",
"ssm:listDocumentVersions",
- "ssm:listInventoryEntries",
+ "ssm:listDocuments",
+ "ssm:listResourceComplianceSummaries",
+ "ssm:listResourceDataSync",
"ssm:listTagsForResource",
"states:describeActivity",
"states:describeExecution",
"states:describeStateMachine",
+ "states:describeStateMachineForExecution",
"states:getExecutionHistory",
"states:listActivities",
"states:listExecutions",
@@ -13430,6 +23546,10 @@ aws_managed_policies_data = """
"storagegateway:listVolumeInitiators",
"storagegateway:listVolumeRecoveryPoints",
"storagegateway:listVolumes",
+ "swf:countClosedWorkflowExecutions",
+ "swf:countOpenWorkflowExecutions",
+ "swf:countPendingActivityTasks",
+ "swf:countPendingDecisionTasks",
"swf:describeActivityType",
"swf:describeDomain",
"swf:describeWorkflowExecution",
@@ -13474,12 +23594,60 @@ aws_managed_policies_data = """
"waf:listSqlInjectionMatchSets",
"waf:listWebACLs",
"waf:listXssMatchSets",
+ "wafv2:checkCapacity",
+ "wafv2:describeManagedRuleGroup",
+ "wafv2:getIPSet",
+ "wafv2:getLoggingConfiguration",
+ "wafv2:getPermissionPolicy",
+ "wafv2:getRateBasedStatementManagedKeys",
+ "wafv2:getRegexPatternSet",
+ "wafv2:getRuleGroup",
+ "wafv2:getSampledRequests",
+ "wafv2:getWebACL",
+ "wafv2:getWebACLForResource",
+ "wafv2:listAvailableManagedRuleGroups",
+ "wafv2:listIPSets",
+ "wafv2:listLoggingConfigurations",
+ "wafv2:listRegexPatternSets",
+ "wafv2:listResourcesForWebACL",
+ "wafv2:listRuleGroups",
+ "wafv2:listTagsForResource",
+ "wafv2:listWebACLs",
"workdocs:checkAlias",
"workdocs:describeAvailableDirectories",
"workdocs:describeInstances",
+ "worklink:describeAuditStreamConfiguration",
+ "worklink:describeCompanyNetworkConfiguration",
+ "worklink:describeDevice",
+ "worklink:describeDevicePolicyConfiguration",
+ "worklink:describeDomain",
+ "worklink:describeFleetMetadata",
+ "worklink:describeIdentityProviderConfiguration",
+ "worklink:describeWebsiteCertificateAuthority",
+ "worklink:listDevices",
+ "worklink:listDomains",
+ "worklink:listFleets",
+ "worklink:listWebsiteAuthorizationProviders",
+ "worklink:listWebsiteCertificateAuthorities",
+ "workmail:describeGroup",
+ "workmail:describeOrganization",
+ "workmail:describeResource",
+ "workmail:describeUser",
+ "workmail:listAliases",
+ "workmail:listGroupMembers",
+ "workmail:listGroups",
+ "workmail:listMailboxPermissions",
+ "workmail:listOrganizations",
+ "workmail:listResourceDelegates",
+ "workmail:listResources",
+ "workmail:listUsers",
+ "workspaces:describeAccount",
+ "workspaces:describeAccountModifications",
+ "workspaces:describeIpGroups",
"workspaces:describeTags",
"workspaces:describeWorkspaceBundles",
"workspaces:describeWorkspaceDirectories",
+ "workspaces:describeWorkspaceImages",
"workspaces:describeWorkspaces",
"workspaces:describeWorkspacesConnectionStatus"
],
@@ -13491,15 +23659,1395 @@ aws_managed_policies_data = """
],
"Version": "2012-10-17"
},
- "IsAttachable": false,
+ "IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7W6266ELXF5MISDS",
"PolicyName": "AWSSupportServiceRolePolicy",
- "UpdateDate": "2019-02-06T18:06:11+00:00",
+ "UpdateDate": "2021-01-28T20:00:15+00:00",
+ "VersionId": "v14"
+ },
+ "AWSSystemsManagerAccountDiscoveryServicePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-10-24T17:21:05+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization",
+ "organizations:ListAccounts",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:ListChildren",
+ "organizations:ListParents",
+ "organizations:ListDelegatedServicesForAccount",
+ "organizations:ListDelegatedAdministrators"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BPDSHIWK5",
+ "PolicyName": "AWSSystemsManagerAccountDiscoveryServicePolicy",
+ "UpdateDate": "2020-05-27T18:04:51+00:00",
+ "VersionId": "v2"
+ },
+ "AWSSystemsManagerChangeManagementServicePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerChangeManagementServicePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-07T22:21:57+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ssm:CreateAssociation",
+ "ssm:DeleteAssociation",
+ "ssm:CreateOpsItem",
+ "ssm:GetOpsItem",
+ "ssm:UpdateOpsItem",
+ "ssm:StartAutomationExecution",
+ "ssm:StopAutomationExecution",
+ "ssm:GetAutomationExecution",
+ "ssm:GetCalendarState",
+ "ssm:GetDocument"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudwatch:DescribeAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "sso:ListDirectoryAssociations"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "sso-directory:DescribeUsers",
+ "sso-directory:IsMemberInGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": "iam:GetGroup",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "ssm.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MZTL6DXTC",
+ "PolicyName": "AWSSystemsManagerChangeManagementServicePolicy",
+ "UpdateDate": "2020-12-07T22:21:57+00:00",
+ "VersionId": "v1"
+ },
+ "AWSThinkboxAWSPortalAdminPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-27T19:41:02+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:AttachInternetGateway",
+ "ec2:AssociateAddress",
+ "ec2:AssociateRouteTable",
+ "ec2:AllocateAddress",
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:CreateFleet",
+ "ec2:CreateLaunchTemplate",
+ "ec2:CreateInternetGateway",
+ "ec2:CreateNatGateway",
+ "ec2:CreatePlacementGroup",
+ "ec2:CreateRoute",
+ "ec2:CreateRouteTable",
+ "ec2:CreateSecurityGroup",
+ "ec2:CreateSubnet",
+ "ec2:CreateVpc",
+ "ec2:CreateVpcEndpoint",
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeAddresses",
+ "ec2:DescribeFleets",
+ "ec2:DescribeFleetHistory",
+ "ec2:DescribeFleetInstances",
+ "ec2:DescribeImages",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInternetGateways",
+ "ec2:DescribeLaunchTemplates",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeNatGateways",
+ "ec2:DescribeTags",
+ "ec2:DescribeKeyPairs",
+ "ec2:DescribePlacementGroups",
+ "ec2:DescribeInstanceTypeOfferings",
+ "ec2:DescribeRegions",
+ "ec2:DescribeSpotFleetRequestHistory",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSpotFleetInstances",
+ "ec2:DescribeSpotFleetRequests",
+ "ec2:DescribeSpotPriceHistory",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeVpcEndpoints",
+ "ec2:GetConsoleOutput",
+ "ec2:ImportKeyPair",
+ "ec2:ReleaseAddress",
+ "ec2:RequestSpotFleet",
+ "ec2:CancelSpotFleetRequests",
+ "ec2:DisassociateAddress",
+ "ec2:DeleteFleets",
+ "ec2:DeleteLaunchTemplate",
+ "ec2:DeleteVpc",
+ "ec2:DeletePlacementGroup",
+ "ec2:DeleteVpcEndpoints",
+ "ec2:DeleteInternetGateway",
+ "ec2:DeleteSecurityGroup",
+ "ec2:RevokeSecurityGroupIngress",
+ "ec2:DeleteRoute",
+ "ec2:DeleteRouteTable",
+ "ec2:DisassociateRouteTable",
+ "ec2:DeleteSubnet",
+ "ec2:DeleteNatGateway",
+ "ec2:DetachInternetGateway",
+ "ec2:ModifyInstanceAttribute",
+ "ec2:ModifyFleet",
+ "ec2:ModifySpotFleetRequest",
+ "ec2:ModifyVpcAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ec2:RunInstances",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:subnet/*",
+ "arn:aws:ec2:*:*:key-pair/*",
+ "arn:aws:ec2:*::snapshot/*",
+ "arn:aws:ec2:*:*:launch-template/*",
+ "arn:aws:ec2:*:*:volume/*",
+ "arn:aws:ec2:*:*:security-group/*",
+ "arn:aws:ec2:*:*:placement-group/*",
+ "arn:aws:ec2:*:*:network-interface/*",
+ "arn:aws:ec2:*::image/*"
+ ]
+ },
+ {
+ "Action": "ec2:RunInstances",
+ "Condition": {
+ "StringLike": {
+ "ec2:InstanceProfile": "arn:aws:iam::*:instance-profile/AWSPortal*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": "ec2:TerminateInstances",
+ "Condition": {
+ "StringEquals": {
+ "ec2:ResourceTag/aws:cloudformation:logical-id": "ReverseForwarder"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ec2:TerminateInstances",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ec2:TerminateInstances",
+ "Condition": {
+ "StringLike": {
+ "ec2:PlacementGroup": "*DeadlinePlacementGroup*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:PlacementGroup": "*DeadlinePlacementGroup*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:CreateAction": "RunInstances"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags",
+ "ec2:DeleteTags"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:subnet/*",
+ "arn:aws:ec2:*:*:security-group/*",
+ "arn:aws:ec2:*:*:internet-gateway/*",
+ "arn:aws:ec2:*:*:route-table/*",
+ "arn:aws:ec2:*:*:volume/*",
+ "arn:aws:ec2:*:*:vpc/*",
+ "arn:aws:ec2:*:*:natgateway/*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:GetUser"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:GetInstanceProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:instance-profile/AWSPortal*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:GetPolicy",
+ "iam:ListEntitiesForPolicy",
+ "iam:ListPolicyVersions"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:policy/AWSPortal*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:GetRole",
+ "iam:GetRolePolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/AWSPortal*",
+ "arn:aws:iam::*:role/DeadlineSpot*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "ec2.amazonaws.com",
+ "ec2fleet.amazonaws.com",
+ "spot.amazonaws.com",
+ "spotfleet.amazonaws.com",
+ "cloudformation.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/AWSPortal*",
+ "arn:aws:iam::*:role/DeadlineSpot*"
+ ]
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "ec2fleet.amazonaws.com",
+ "spot.amazonaws.com",
+ "spotfleet.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/*"
+ },
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:GetBucketLocation",
+ "s3:GetBucketLogging",
+ "s3:GetBucketVersioning",
+ "s3:PutBucketAcl",
+ "s3:PutBucketCORS",
+ "s3:PutBucketVersioning",
+ "s3:GetBucketAcl",
+ "s3:GetObject",
+ "s3:PutBucketLogging",
+ "s3:PutBucketTagging",
+ "s3:PutObject",
+ "s3:ListBucket",
+ "s3:ListBucketVersions",
+ "s3:PutEncryptionConfiguration",
+ "s3:PutLifecycleConfiguration",
+ "s3:DeleteBucket",
+ "s3:DeleteObject",
+ "s3:DeleteBucketPolicy",
+ "s3:DeleteObjectVersion"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3::*:awsportal*",
+ "arn:aws:s3::*:stack*",
+ "arn:aws:s3::*:aws-portal-cache*",
+ "arn:aws:s3::*:logs-for-aws-portal-cache*",
+ "arn:aws:s3::*:logs-for-stack*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:ListAllMyBuckets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "dynamodb:Scan"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
+ },
+ {
+ "Action": [
+ "cloudformation:CreateStack",
+ "cloudformation:DescribeStackEvents",
+ "cloudformation:DescribeStackResources",
+ "cloudformation:DeleteStack",
+ "cloudformation:DeleteChangeSet",
+ "cloudformation:ListStackResources",
+ "cloudformation:CreateChangeSet",
+ "cloudformation:DescribeChangeSet",
+ "cloudformation:ExecuteChangeSet",
+ "cloudformation:UpdateTerminationProtection"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/stack*/*",
+ "arn:aws:cloudformation:*:*:stack/Deadline*/*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:EstimateTemplateCost",
+ "cloudformation:DescribeStacks"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:DescribeLogStreams",
+ "logs:GetLogEvents",
+ "logs:PutRetentionPolicy",
+ "logs:DeleteRetentionPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/thinkbox*"
+ },
+ {
+ "Action": [
+ "logs:DescribeLogGroups",
+ "logs:CreateLogGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:Encrypt",
+ "kms:GenerateDataKey"
+ ],
+ "Condition": {
+ "StringLike": {
+ "kms:ViaService": [
+ "s3.*.amazonaws.com",
+ "secretsmanager.*.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "secretsmanager:CreateSecret"
+ ],
+ "Condition": {
+ "StringLike": {
+ "secretsmanager:Name": [
+ "rcs-tls-pw*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "secretsmanager:DeleteSecret",
+ "secretsmanager:UpdateSecret",
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:TagResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BVM3T5TP2",
+ "PolicyName": "AWSThinkboxAWSPortalAdminPolicy",
+ "UpdateDate": "2020-08-20T17:16:03+00:00",
"VersionId": "v4"
},
+ "AWSThinkboxAWSPortalGatewayPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalGatewayPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-27T19:05:00+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "logs:PutLogEvents",
+ "logs:DescribeLogStreams",
+ "logs:DescribeLogGroups",
+ "logs:CreateLogStream"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:/thinkbox*"
+ ]
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:PutObject",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::aws-portal-cache*"
+ ]
+ },
+ {
+ "Action": "dynamodb:Scan",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:ListBucket",
+ "s3:GetObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::stack*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:PutObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::stack*/gateway_certs/*"
+ ]
+ },
+ {
+ "Action": [
+ "secretsmanager:GetSecretValue"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw-stack*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FP27FM4BH",
+ "PolicyName": "AWSThinkboxAWSPortalGatewayPolicy",
+ "UpdateDate": "2020-06-30T16:02:07+00:00",
+ "VersionId": "v2"
+ },
+ "AWSThinkboxAWSPortalWorkerPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalWorkerPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-27T19:15:05+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DescribeTags"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:ResourceTag/DeadlineRole": "DeadlineRenderNode"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:PutObject",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::aws-portal-cache*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:GetObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::stack*/gateway_certs/*"
+ ]
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents",
+ "logs:DescribeLogStreams",
+ "logs:DescribeLogGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:/thinkbox*"
+ ]
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "sqs:SendMessage",
+ "sqs:GetQueueUrl"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sqs:*:*:DeadlineAWS*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PI3G53MMS",
+ "PolicyName": "AWSThinkboxAWSPortalWorkerPolicy",
+ "UpdateDate": "2020-12-07T23:27:47+00:00",
+ "VersionId": "v4"
+ },
+ "AWSThinkboxAssetServerPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAssetServerPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-27T19:18:53+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "logs:DescribeLogGroups",
+ "logs:DescribeLogStreams",
+ "logs:GetLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:/thinkbox*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:PutObject",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::aws-portal-cache*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KDWZE3HCT",
+ "PolicyName": "AWSThinkboxAssetServerPolicy",
+ "UpdateDate": "2020-05-27T19:18:53+00:00",
+ "VersionId": "v1"
+ },
+ "AWSThinkboxDeadlineResourceTrackerAccessPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAccessPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-27T19:25:05+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "dynamodb:ListStreams"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "dynamodb:BatchWriteItem",
+ "dynamodb:DeleteItem",
+ "dynamodb:DescribeStream",
+ "dynamodb:DescribeTable",
+ "dynamodb:GetItem",
+ "dynamodb:GetRecords",
+ "dynamodb:GetShardIterator",
+ "dynamodb:PutItem",
+ "dynamodb:Scan",
+ "dynamodb:UpdateItem",
+ "dynamodb:UpdateTable"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*",
+ "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*",
+ "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CancelSpotFleetRequests",
+ "ec2:DeleteFleets",
+ "ec2:DescribeFleetInstances",
+ "ec2:DescribeFleets",
+ "ec2:DescribeInstances",
+ "ec2:DescribeSpotFleetInstances",
+ "ec2:DescribeSpotFleetRequests"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:RebootInstances",
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/DeadlineTrackedAWSResource": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": [
+ "events:PutEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:events:*:*:event-bus/default"
+ ]
+ },
+ {
+ "Action": [
+ "lambda:InvokeFunction"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*"
+ ]
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:/aws/lambda/DeadlineResourceTracker*"
+ ]
+ },
+ {
+ "Action": [
+ "sqs:DeleteMessage",
+ "sqs:GetQueueAttributes",
+ "sqs:ReceiveMessage"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sqs:*:*:DeadlineAWSComputeNodeStateMessageQueue*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OUKJ73IOS",
+ "PolicyName": "AWSThinkboxDeadlineResourceTrackerAccessPolicy",
+ "UpdateDate": "2020-05-27T19:25:05+00:00",
+ "VersionId": "v1"
+ },
+ "AWSThinkboxDeadlineResourceTrackerAdminPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAdminPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-27T19:29:09+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "application-autoscaling:DeleteScalingPolicy",
+ "application-autoscaling:DeregisterScalableTarget",
+ "application-autoscaling:DescribeScalableTargets",
+ "application-autoscaling:DescribeScalingPolicies",
+ "application-autoscaling:PutScalingPolicy",
+ "application-autoscaling:RegisterScalableTarget"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:ListStacks"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:CreateStack",
+ "cloudformation:DeleteStack",
+ "cloudformation:UpdateStack",
+ "cloudformation:DescribeStacks",
+ "cloudformation:UpdateTerminationProtection"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/DeadlineResourceTracker*"
+ ]
+ },
+ {
+ "Action": [
+ "dynamodb:CreateTable",
+ "dynamodb:DeleteTable",
+ "dynamodb:DescribeTable",
+ "dynamodb:ListTagsOfResource",
+ "dynamodb:TagResource",
+ "dynamodb:UntagResource"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*",
+ "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*",
+ "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
+ ]
+ },
+ {
+ "Action": [
+ "dynamodb:BatchWriteItem",
+ "dynamodb:Scan"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
+ ]
+ },
+ {
+ "Action": [
+ "events:DeleteRule",
+ "events:DescribeRule",
+ "events:PutRule",
+ "events:PutTargets",
+ "events:RemoveTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:events:*:*:rule/DeadlineResourceTracker*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:GetRole",
+ "iam:ListAttachedRolePolicies"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/DeadlineResourceTracker*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:GetUser"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "dynamodb.application-autoscaling.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "lambda.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/DeadlineResourceTrackerAccess*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "application-autoscaling.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable"
+ ]
+ },
+ {
+ "Action": [
+ "lambda:GetEventSourceMapping"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "lambda:CreateEventSourceMapping",
+ "lambda:DeleteEventSourceMapping"
+ ],
+ "Condition": {
+ "StringLike": {
+ "lambda:FunctionArn": [
+ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "lambda:AddPermission",
+ "lambda:RemovePermission"
+ ],
+ "Condition": {
+ "StringLike": {
+ "lambda:Principal": "events.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*"
+ ]
+ },
+ {
+ "Action": [
+ "lambda:CreateFunction",
+ "lambda:DeleteFunction",
+ "lambda:GetFunction",
+ "lambda:GetFunctionConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:GetObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*/deadline_aws_resource_tracker-*.zip",
+ "arn:aws:s3:::*/DeadlineAWSResourceTrackerTemplate-*.yaml"
+ ]
+ },
+ {
+ "Action": [
+ "sqs:CreateQueue",
+ "sqs:DeleteQueue",
+ "sqs:GetQueueAttributes",
+ "sqs:ListQueueTags",
+ "sqs:TagQueue",
+ "sqs:UntagQueue"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*",
+ "arn:aws:sqs:*:*:DeadlineResourceTracker*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FKWWNUOP2",
+ "PolicyName": "AWSThinkboxDeadlineResourceTrackerAdminPolicy",
+ "UpdateDate": "2020-10-06T19:06:57+00:00",
+ "VersionId": "v2"
+ },
+ "AWSThinkboxDeadlineSpotEventPluginAdminPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginAdminPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-27T19:38:34+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:CancelSpotFleetRequests",
+ "ec2:DescribeSpotFleetInstances",
+ "ec2:DescribeSpotFleetRequests",
+ "ec2:ModifySpotFleetRequest",
+ "ec2:RequestSpotFleet"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:CreateAction": "RunInstances"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:RunInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "spot.amazonaws.com",
+ "spotfleet.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:GetInstanceProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:instance-profile/*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role",
+ "arn:aws:iam::*:role/DeadlineSpot*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:GetUser"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:PassedToService": "ec2.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role",
+ "arn:aws:iam::*:role/DeadlineSpot*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MNSGMZZZZ",
+ "PolicyName": "AWSThinkboxDeadlineSpotEventPluginAdminPolicy",
+ "UpdateDate": "2020-05-27T19:38:34+00:00",
+ "VersionId": "v1"
+ },
+ "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginWorkerPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-27T19:35:00+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DescribeInstances",
+ "ec2:DescribeTags"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:ResourceTag/DeadlineTrackedAWSResource": "SpotEventPlugin"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:ResourceTag/DeadlineResourceTracker": "SpotEventPlugin"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": [
+ "sqs:GetQueueUrl",
+ "sqs:SendMessage"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JS2KSV4B2",
+ "PolicyName": "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy",
+ "UpdateDate": "2020-12-07T23:31:31+00:00",
+ "VersionId": "v2"
+ },
+ "AWSTransferConsoleFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSTransferConsoleFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-14T19:33:25+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "transfer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "acm:ListCertificates",
+ "ec2:DescribeAddresses",
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeVpcEndpoints",
+ "health:DescribeEventAggregates",
+ "iam:GetPolicyVersion",
+ "iam:ListPolicies",
+ "iam:ListRoles",
+ "route53:ListHostedZones",
+ "s3:ListAllMyBuckets",
+ "transfer:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KYSTLCO3J",
+ "PolicyName": "AWSTransferConsoleFullAccess",
+ "UpdateDate": "2020-12-14T19:33:25+00:00",
+ "VersionId": "v1"
+ },
+ "AWSTransferFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSTransferFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-14T19:37:23+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "transfer:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "transfer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeVpcEndpoints",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeAddresses"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KGELFKPYK",
+ "PolicyName": "AWSTransferFullAccess",
+ "UpdateDate": "2020-12-14T19:37:23+00:00",
+ "VersionId": "v1"
+ },
"AWSTransferLoggingAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess",
"AttachmentCount": 0,
@@ -13529,11 +25077,76 @@ aws_managed_policies_data = """
"UpdateDate": "2019-01-14T15:32:50+00:00",
"VersionId": "v1"
},
+ "AWSTransferReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSTransferReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-27T17:54:51+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "transfer:DescribeUser",
+ "transfer:DescribeServer",
+ "transfer:ListUsers",
+ "transfer:ListServers",
+ "transfer:TestIdentityProvider",
+ "transfer:ListTagsForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ITRAALBSI",
+ "PolicyName": "AWSTransferReadOnlyAccess",
+ "UpdateDate": "2020-08-27T17:54:51+00:00",
+ "VersionId": "v1"
+ },
+ "AWSTrustedAdvisorReportingServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorReportingServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-19T17:41:13+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "organizations:DescribeOrganization",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:ListAccounts",
+ "organizations:ListAccountsForParent",
+ "organizations:ListOrganizationalUnitsForParent",
+ "organizations:ListChildren",
+ "organizations:ListParents",
+ "organizations:DescribeOrganizationalUnit",
+ "organizations:DescribeAccount"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NCBYW5OGK",
+ "PolicyName": "AWSTrustedAdvisorReportingServiceRolePolicy",
+ "UpdateDate": "2020-09-11T21:36:48+00:00",
+ "VersionId": "v2"
+ },
"AWSTrustedAdvisorServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2018-02-22T21:24:25+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -13563,6 +25176,7 @@ aws_managed_policies_data = """
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:DescribeLaunchTemplateVersions",
+ "elasticloadbalancing:DescribeAccountLimits",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
@@ -13610,11 +25224,12 @@ aws_managed_policies_data = """
"s3:GetBucketVersioning",
"s3:GetBucketPublicAccessBlock",
"s3:ListBucket",
- "s3:ListObjects",
"s3:ListAllMyBuckets",
"ses:GetSendQuota",
"sqs:ListQueues",
- "cloudwatch:GetMetricStatistics"
+ "cloudwatch:GetMetricStatistics",
+ "ce:GetReservationPurchaseRecommendation",
+ "ce:GetSavingsPlansPurchaseRecommendation"
],
"Effect": "Allow",
"Resource": "*"
@@ -13628,8 +25243,38 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJH4QJ2WMHBOB47BUE",
"PolicyName": "AWSTrustedAdvisorServiceRolePolicy",
- "UpdateDate": "2019-01-22T19:58:36+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2020-04-08T16:15:31+00:00",
+ "VersionId": "v8"
+ },
+ "AWSVPCS2SVpnServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCS2SVpnServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-08-06T14:13:58+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "acm:ExportCertificate",
+ "acm:DescribeCertificate",
+ "acm:ListCertificates",
+ "acm-pca:DescribeCertificateAuthority"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "0"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ENV7ZVNT6",
+ "PolicyName": "AWSVPCS2SVpnServiceRolePolicy",
+ "UpdateDate": "2019-08-06T14:13:58+00:00",
+ "VersionId": "v1"
},
"AWSVPCTransitGatewayServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCTransitGatewayServiceRolePolicy",
@@ -13662,18 +25307,104 @@ aws_managed_policies_data = """
"UpdateDate": "2018-11-26T16:21:17+00:00",
"VersionId": "v1"
},
+ "AWSWAFConsoleFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-04-06T18:38:38+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "apigateway:GET",
+ "apigateway:SetWebACL",
+ "cloudfront:ListDistributions",
+ "cloudfront:ListDistributionsByWebACLId",
+ "cloudfront:UpdateDistribution",
+ "cloudwatch:GetMetricData",
+ "cloudwatch:GetMetricStatistics",
+ "cloudwatch:ListMetrics",
+ "ec2:DescribeRegions",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:SetWebACL",
+ "appsync:ListGraphqlApis",
+ "appsync:SetWebACL",
+ "waf-regional:*",
+ "waf:*",
+ "wafv2:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AZOTQ7KAT",
+ "PolicyName": "AWSWAFConsoleFullAccess",
+ "UpdateDate": "2020-10-01T20:13:57+00:00",
+ "VersionId": "v2"
+ },
+ "AWSWAFConsoleReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-04-06T18:43:24+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "apigateway:GET",
+ "cloudfront:ListDistributions",
+ "cloudfront:ListDistributionsByWebACLId",
+ "cloudwatch:GetMetricData",
+ "cloudwatch:GetMetricStatistics",
+ "cloudwatch:ListMetrics",
+ "ec2:DescribeRegions",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "appsync:ListGraphqlApis",
+ "waf-regional:Get*",
+ "waf-regional:List*",
+ "waf:Get*",
+ "waf:List*",
+ "wafv2:Describe*",
+ "wafv2:Get*",
+ "wafv2:List*",
+ "wafv2:CheckCapacity"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NCJLTIT64",
+ "PolicyName": "AWSWAFConsoleReadOnlyAccess",
+ "UpdateDate": "2020-10-01T20:13:54+00:00",
+ "VersionId": "v3"
+ },
"AWSWAFFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSWAFFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-06T20:44:00+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"waf:*",
"waf-regional:*",
- "elasticloadbalancing:SetWebACL"
+ "wafv2:*",
+ "elasticloadbalancing:SetWebACL",
+ "apigateway:SetWebACL",
+ "appsync:SetWebACL"
],
"Effect": "Allow",
"Resource": "*"
@@ -13687,14 +25418,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJMIKIAFXZEGOLRH7C",
"PolicyName": "AWSWAFFullAccess",
- "UpdateDate": "2016-12-07T21:33:25+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-10-01T20:13:54+00:00",
+ "VersionId": "v5"
},
"AWSWAFReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-06T20:43:45+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -13702,7 +25433,11 @@ aws_managed_policies_data = """
"waf:Get*",
"waf:List*",
"waf-regional:Get*",
- "waf-regional:List*"
+ "waf-regional:List*",
+ "wafv2:Get*",
+ "wafv2:List*",
+ "wafv2:Describe*",
+ "wafv2:CheckCapacity"
],
"Effect": "Allow",
"Resource": "*"
@@ -13716,8 +25451,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINZVDMX2SBF7EU2OC",
"PolicyName": "AWSWAFReadOnlyAccess",
- "UpdateDate": "2016-12-07T21:30:54+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-06-22T22:38:54+00:00",
+ "VersionId": "v4"
},
"AWSXRayDaemonWriteAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess",
@@ -13783,7 +25518,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T18:27:02+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -13797,7 +25532,12 @@ aws_managed_policies_data = """
"xray:GetTraceSummaries",
"xray:GetGroups",
"xray:GetGroup",
- "xray:GetTimeSeriesServiceStatistics"
+ "xray:ListTagsForResource",
+ "xray:GetTimeSeriesServiceStatistics",
+ "xray:GetInsightSummaries",
+ "xray:GetInsight",
+ "xray:GetInsightEvents",
+ "xray:GetInsightImpactGraph"
],
"Effect": "Allow",
"Resource": [
@@ -13813,8 +25553,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIH4OFXWPS6ZX6OPGQ",
"PolicyName": "AWSXrayReadOnlyAccess",
- "UpdateDate": "2019-04-30T18:11:46+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-09-03T22:19:40+00:00",
+ "VersionId": "v5"
},
"AWSXrayWriteOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess",
@@ -13848,9 +25588,485 @@ aws_managed_policies_data = """
"UpdateDate": "2018-08-28T23:03:04+00:00",
"VersionId": "v2"
},
+ "AWS_ConfigRole": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-15T20:30:30+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "acm:DescribeCertificate",
+ "acm:ListCertificates",
+ "acm:ListTagsForCertificate",
+ "application-autoscaling:DescribeScalableTargets",
+ "application-autoscaling:DescribeScalingPolicies",
+ "autoscaling:DescribeAutoScalingGroups",
+ "autoscaling:DescribeLaunchConfigurations",
+ "autoscaling:DescribeLifecycleHooks",
+ "autoscaling:DescribePolicies",
+ "autoscaling:DescribeScheduledActions",
+ "autoscaling:DescribeTags",
+ "backup:ListBackupPlans",
+ "backup:ListBackupSelections",
+ "backup:GetBackupSelection",
+ "cloudfront:ListTagsForResource",
+ "cloudformation:DescribeType",
+ "cloudformation:ListTypes",
+ "cloudtrail:DescribeTrails",
+ "cloudtrail:GetEventSelectors",
+ "cloudtrail:GetTrailStatus",
+ "cloudtrail:ListTags",
+ "cloudwatch:DescribeAlarms",
+ "codepipeline:GetPipeline",
+ "codepipeline:GetPipelineState",
+ "codepipeline:ListPipelines",
+ "config:BatchGet*",
+ "config:Describe*",
+ "config:Get*",
+ "config:List*",
+ "config:Put*",
+ "config:Select*",
+ "dax:DescribeClusters",
+ "dms:DescribeReplicationInstances",
+ "dynamodb:DescribeContinuousBackups",
+ "dynamodb:DescribeLimits",
+ "dynamodb:DescribeTable",
+ "dynamodb:ListTables",
+ "dynamodb:ListTagsOfResource",
+ "ec2:Describe*",
+ "ec2:GetEbsEncryptionByDefault",
+ "ecr:DescribeRepositories",
+ "ecr:GetLifecyclePolicy",
+ "ecr:GetRepositoryPolicy",
+ "ecr:ListTagsForResource",
+ "ecs:DescribeClusters",
+ "ecs:DescribeServices",
+ "ecs:DescribeTaskDefinition",
+ "ecs:DescribeTaskSets",
+ "ecs:ListClusters",
+ "ecs:ListServices",
+ "ecs:ListTagsForResource",
+ "ecs:ListTaskDefinitions",
+ "eks:DescribeCluster",
+ "eks:DescribeNodegroup",
+ "eks:ListClusters",
+ "eks:ListNodegroups",
+ "elasticache:DescribeCacheClusters",
+ "elasticache:DescribeReplicationGroups",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticfilesystem:DescribeLifecycleConfiguration",
+ "elasticfilesystem:DescribeMountTargets",
+ "elasticfilesystem:DescribeMountTargetSecurityGroups",
+ "elasticloadbalancing:DescribeListeners",
+ "elasticloadbalancing:DescribeLoadBalancerAttributes",
+ "elasticloadbalancing:DescribeLoadBalancerPolicies",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:DescribeRules",
+ "elasticloadbalancing:DescribeTags",
+ "elasticmapreduce:DescribeCluster",
+ "elasticmapreduce:DescribeSecurityConfiguration",
+ "elasticmapreduce:GetBlockPublicAccessConfiguration",
+ "elasticmapreduce:ListClusters",
+ "elasticmapreduce:ListInstances",
+ "es:DescribeElasticsearchDomain",
+ "es:DescribeElasticsearchDomains",
+ "es:ListDomainNames",
+ "es:ListTags",
+ "guardduty:GetDetector",
+ "guardduty:GetFindings",
+ "guardduty:GetMasterAccount",
+ "guardduty:ListDetectors",
+ "guardduty:ListFindings",
+ "iam:GenerateCredentialReport",
+ "iam:GetAccountAuthorizationDetails",
+ "iam:GetAccountPasswordPolicy",
+ "iam:GetAccountSummary",
+ "iam:GetCredentialReport",
+ "iam:GetGroup",
+ "iam:GetGroupPolicy",
+ "iam:GetPolicy",
+ "iam:GetPolicyVersion",
+ "iam:GetRole",
+ "iam:GetRolePolicy",
+ "iam:GetUser",
+ "iam:GetUserPolicy",
+ "iam:ListAttachedGroupPolicies",
+ "iam:ListAttachedRolePolicies",
+ "iam:ListAttachedUserPolicies",
+ "iam:ListEntitiesForPolicy",
+ "iam:ListGroupPolicies",
+ "iam:ListGroupsForUser",
+ "iam:ListInstanceProfilesForRole",
+ "iam:ListPolicyVersions",
+ "iam:ListRolePolicies",
+ "iam:ListUserPolicies",
+ "iam:ListVirtualMFADevices",
+ "kms:DescribeKey",
+ "kms:GetKeyPolicy",
+ "kms:GetKeyRotationStatus",
+ "kms:ListKeys",
+ "kms:ListResourceTags",
+ "lambda:GetAlias",
+ "lambda:GetFunction",
+ "lambda:GetPolicy",
+ "lambda:ListAliases",
+ "lambda:ListFunctions",
+ "logs:DescribeLogGroups",
+ "organizations:DescribeOrganization",
+ "rds:DescribeDBClusters",
+ "rds:DescribeDBClusterSnapshotAttributes",
+ "rds:DescribeDBClusterSnapshots",
+ "rds:DescribeDBInstances",
+ "rds:DescribeDBSecurityGroups",
+ "rds:DescribeDBSnapshotAttributes",
+ "rds:DescribeDBSnapshots",
+ "rds:DescribeDBSubnetGroups",
+ "rds:DescribeEventSubscriptions",
+ "rds:ListTagsForResource",
+ "redshift:DescribeClusterParameterGroups",
+ "redshift:DescribeClusterParameters",
+ "redshift:DescribeClusterSecurityGroups",
+ "redshift:DescribeClusterSnapshots",
+ "redshift:DescribeClusterSubnetGroups",
+ "redshift:DescribeClusters",
+ "redshift:DescribeEventSubscriptions",
+ "redshift:DescribeLoggingStatus",
+ "s3:GetAccelerateConfiguration",
+ "s3:GetAccountPublicAccessBlock",
+ "s3:GetBucketAcl",
+ "s3:GetBucketCORS",
+ "s3:GetBucketLocation",
+ "s3:GetBucketLogging",
+ "s3:GetBucketNotification",
+ "s3:GetBucketObjectLockConfiguration",
+ "s3:GetBucketPolicy",
+ "s3:GetBucketPublicAccessBlock",
+ "s3:GetBucketRequestPayment",
+ "s3:GetBucketTagging",
+ "s3:GetBucketVersioning",
+ "s3:GetBucketWebsite",
+ "s3:GetEncryptionConfiguration",
+ "s3:GetLifecycleConfiguration",
+ "s3:GetReplicationConfiguration",
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "sagemaker:DescribeEndpointConfig",
+ "sagemaker:DescribeNotebookInstance",
+ "sagemaker:ListEndpointConfigs",
+ "sagemaker:ListNotebookInstances",
+ "secretsmanager:ListSecrets",
+ "secretsmanager:ListSecretVersionIds",
+ "securityhub:describeHub",
+ "shield:DescribeDRTAccess",
+ "shield:DescribeProtection",
+ "shield:DescribeSubscription",
+ "sns:GetTopicAttributes",
+ "sns:ListSubscriptions",
+ "sns:ListTagsForResource",
+ "sns:ListTopics",
+ "sqs:GetQueueAttributes",
+ "sqs:ListQueues",
+ "sqs:ListQueueTags",
+ "ssm:DescribeAutomationExecutions",
+ "ssm:DescribeDocument",
+ "ssm:GetAutomationExecution",
+ "ssm:GetDocument",
+ "storagegateway:ListGateways",
+ "storagegateway:ListVolumes",
+ "support:DescribeCases",
+ "tag:GetResources",
+ "waf:GetLoggingConfiguration",
+ "waf:GetWebACL",
+ "wafv2:GetLoggingConfiguration",
+ "waf-regional:GetLoggingConfiguration",
+ "waf-regional:GetWebACL",
+ "waf-regional:GetWebACLForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PP7QZ4FBG",
+ "PolicyName": "AWS_ConfigRole",
+ "UpdateDate": "2021-01-29T19:24:13+00:00",
+ "VersionId": "v3"
+ },
+ "AWS_Config_Role": {
+ "Arn": "arn:aws:iam::aws:policy/AWS_Config_Role",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-07-23T19:03:40+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "acm:DescribeCertificate",
+ "acm:ListCertificates",
+ "acm:ListTagsForCertificate",
+ "application-autoscaling:DescribeScalableTargets",
+ "application-autoscaling:DescribeScalingPolicies",
+ "autoscaling:DescribeAutoScalingGroups",
+ "autoscaling:DescribeLaunchConfigurations",
+ "autoscaling:DescribeLifecycleHooks",
+ "autoscaling:DescribePolicies",
+ "autoscaling:DescribeScheduledActions",
+ "autoscaling:DescribeTags",
+ "backup:ListBackupPlans",
+ "backup:ListBackupSelections",
+ "backup:GetBackupSelection",
+ "cloudfront:ListTagsForResource",
+ "cloudformation:describeType",
+ "cloudformation:listTypes",
+ "cloudtrail:DescribeTrails",
+ "cloudtrail:GetEventSelectors",
+ "cloudtrail:GetTrailStatus",
+ "cloudtrail:ListTags",
+ "cloudwatch:DescribeAlarms",
+ "codepipeline:GetPipeline",
+ "codepipeline:GetPipelineState",
+ "codepipeline:ListPipelines",
+ "config:BatchGet*",
+ "config:Describe*",
+ "config:Get*",
+ "config:List*",
+ "config:Put*",
+ "config:Select*",
+ "dax:DescribeClusters",
+ "dms:DescribeReplicationInstances",
+ "dynamodb:DescribeContinuousBackups",
+ "dynamodb:DescribeLimits",
+ "dynamodb:DescribeTable",
+ "dynamodb:ListTables",
+ "dynamodb:ListTagsOfResource",
+ "ec2:Describe*",
+ "ec2:GetEbsEncryptionByDefault",
+ "eks:DescribeCluster",
+ "eks:ListClusters",
+ "elasticache:DescribeCacheClusters",
+ "elasticache:DescribeReplicationGroups",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticloadbalancing:DescribeListeners",
+ "elasticloadbalancing:DescribeLoadBalancerAttributes",
+ "elasticloadbalancing:DescribeLoadBalancerPolicies",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "elasticloadbalancing:DescribeRules",
+ "elasticloadbalancing:DescribeTags",
+ "elasticmapreduce:DescribeCluster",
+ "elasticmapreduce:DescribeSecurityConfiguration",
+ "elasticmapreduce:GetBlockPublicAccessConfiguration",
+ "elasticmapreduce:ListClusters",
+ "elasticmapreduce:ListInstances",
+ "es:DescribeElasticsearchDomain",
+ "es:DescribeElasticsearchDomains",
+ "es:ListDomainNames",
+ "es:ListTags",
+ "guardduty:GetDetector",
+ "guardduty:GetFindings",
+ "guardduty:GetMasterAccount",
+ "guardduty:ListDetectors",
+ "guardduty:ListFindings",
+ "iam:GenerateCredentialReport",
+ "iam:GetAccountAuthorizationDetails",
+ "iam:GetAccountPasswordPolicy",
+ "iam:GetAccountSummary",
+ "iam:GetCredentialReport",
+ "iam:GetGroup",
+ "iam:GetGroupPolicy",
+ "iam:GetPolicy",
+ "iam:GetPolicyVersion",
+ "iam:GetRole",
+ "iam:GetRolePolicy",
+ "iam:GetUser",
+ "iam:GetUserPolicy",
+ "iam:ListAttachedGroupPolicies",
+ "iam:ListAttachedRolePolicies",
+ "iam:ListAttachedUserPolicies",
+ "iam:ListEntitiesForPolicy",
+ "iam:ListGroupPolicies",
+ "iam:ListGroupsForUser",
+ "iam:ListInstanceProfilesForRole",
+ "iam:ListPolicyVersions",
+ "iam:ListRolePolicies",
+ "iam:ListUserPolicies",
+ "iam:ListVirtualMFADevices",
+ "kms:DescribeKey",
+ "kms:GetKeyPolicy",
+ "kms:GetKeyRotationStatus",
+ "kms:ListKeys",
+ "kms:ListResourceTags",
+ "lambda:GetAlias",
+ "lambda:GetFunction",
+ "lambda:GetPolicy",
+ "lambda:ListAliases",
+ "lambda:ListFunctions",
+ "logs:DescribeLogGroups",
+ "organizations:DescribeOrganization",
+ "rds:DescribeDBClusters",
+ "rds:DescribeDBClusterSnapshotAttributes",
+ "rds:DescribeDBClusterSnapshots",
+ "rds:DescribeDBInstances",
+ "rds:DescribeDBSecurityGroups",
+ "rds:DescribeDBSnapshotAttributes",
+ "rds:DescribeDBSnapshots",
+ "rds:DescribeDBSubnetGroups",
+ "rds:DescribeEventSubscriptions",
+ "rds:ListTagsForResource",
+ "redshift:DescribeClusterParameterGroups",
+ "redshift:DescribeClusterParameters",
+ "redshift:DescribeClusterSecurityGroups",
+ "redshift:DescribeClusterSnapshots",
+ "redshift:DescribeClusterSubnetGroups",
+ "redshift:DescribeClusters",
+ "redshift:DescribeEventSubscriptions",
+ "redshift:DescribeLoggingStatus",
+ "s3:GetAccelerateConfiguration",
+ "s3:GetAccountPublicAccessBlock",
+ "s3:GetBucketAcl",
+ "s3:GetBucketCORS",
+ "s3:GetBucketLocation",
+ "s3:GetBucketLogging",
+ "s3:GetBucketNotification",
+ "s3:GetBucketObjectLockConfiguration",
+ "s3:GetBucketPolicy",
+ "s3:GetBucketPublicAccessBlock",
+ "s3:GetBucketRequestPayment",
+ "s3:GetBucketTagging",
+ "s3:GetBucketVersioning",
+ "s3:GetBucketWebsite",
+ "s3:GetEncryptionConfiguration",
+ "s3:GetLifecycleConfiguration",
+ "s3:GetReplicationConfiguration",
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "sagemaker:DescribeEndpointConfig",
+ "sagemaker:DescribeNotebookInstance",
+ "sagemaker:ListEndpointConfigs",
+ "sagemaker:ListNotebookInstances",
+ "secretsmanager:ListSecrets",
+ "secretsmanager:ListSecretVersionIds",
+ "securityhub:describeHub",
+ "shield:DescribeDRTAccess",
+ "shield:DescribeProtection",
+ "shield:DescribeSubscription",
+ "sns:GetTopicAttributes",
+ "sns:ListSubscriptions",
+ "sns:ListTagsForResource",
+ "sns:ListTopics",
+ "sqs:GetQueueAttributes",
+ "sqs:ListQueues",
+ "sqs:ListQueueTags",
+ "ssm:DescribeAutomationExecutions",
+ "ssm:DescribeDocument",
+ "ssm:GetAutomationExecution",
+ "ssm:GetDocument",
+ "storagegateway:ListGateways",
+ "storagegateway:ListVolumes",
+ "support:DescribeCases",
+ "waf:GetLoggingConfiguration",
+ "waf:GetWebACL",
+ "wafv2:GetLoggingConfiguration",
+ "waf-regional:GetLoggingConfiguration",
+ "waf-regional:GetWebACL",
+ "waf-regional:GetWebACLForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4L4CLM3T52",
+ "PolicyName": "AWS_Config_Role",
+ "UpdateDate": "2020-07-23T19:03:40+00:00",
+ "VersionId": "v1"
+ },
+ "AccessAnalyzerServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-02T17:13:10+00:00",
+ "DefaultVersionId": "v5",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DescribeAddresses",
+ "ec2:DescribeByoipCidrs",
+ "ec2:DescribeVpcEndpoints",
+ "ec2:DescribeVpcs",
+ "iam:GetRole",
+ "iam:ListRoles",
+ "kms:DescribeKey",
+ "kms:GetKeyPolicy",
+ "kms:ListGrants",
+ "kms:ListKeyPolicies",
+ "kms:ListKeys",
+ "lambda:GetLayerVersionPolicy",
+ "lambda:GetPolicy",
+ "lambda:ListAliases",
+ "lambda:ListFunctions",
+ "lambda:ListLayers",
+ "lambda:ListLayerVersions",
+ "lambda:ListVersionsByFunction",
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization",
+ "organizations:DescribeOrganizationalUnit",
+ "organizations:ListAccounts",
+ "organizations:ListAccountsForParent",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:ListChildren",
+ "organizations:ListDelegatedAdministrators",
+ "organizations:ListOrganizationalUnitsForParent",
+ "organizations:ListParents",
+ "organizations:ListRoots",
+ "s3:GetAccessPoint",
+ "s3:GetAccessPointPolicy",
+ "s3:GetAccessPointPolicyStatus",
+ "s3:GetAccountPublicAccessBlock",
+ "s3:GetBucketAcl",
+ "s3:GetBucketLocation",
+ "s3:GetBucketPolicyStatus",
+ "s3:GetBucketPolicy",
+ "s3:GetBucketPublicAccessBlock",
+ "s3:ListAccessPoints",
+ "s3:ListAllMyBuckets",
+ "sns:GetTopicAttributes",
+ "sns:ListTopics",
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:GetResourcePolicy",
+ "secretsmanager:ListSecrets",
+ "sqs:GetQueueAttributes",
+ "sqs:ListQueues"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CAIXDDRI2",
+ "PolicyName": "AccessAnalyzerServiceRolePolicy",
+ "UpdateDate": "2020-11-24T20:58:37+00:00",
+ "VersionId": "v5"
+ },
"AdministratorAccess": {
"Arn": "arn:aws:iam::aws:policy/AdministratorAccess",
- "AttachmentCount": 1,
+ "AttachmentCount": 7,
"CreateDate": "2015-02-06T18:39:46+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -13872,6 +26088,616 @@ aws_managed_policies_data = """
"UpdateDate": "2015-02-06T18:39:46+00:00",
"VersionId": "v1"
},
+ "AdministratorAccess-AWSElasticBeanstalk": {
+ "Arn": "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-01-22T19:36:54+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "acm:Describe*",
+ "acm:List*",
+ "autoscaling:Describe*",
+ "cloudformation:Describe*",
+ "cloudformation:Estimate*",
+ "cloudformation:Get*",
+ "cloudformation:List*",
+ "cloudformation:Validate*",
+ "cloudtrail:LookupEvents",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:GetMetricStatistics",
+ "cloudwatch:ListMetrics",
+ "codecommit:Get*",
+ "codecommit:UploadArchive",
+ "ec2:AllocateAddress",
+ "ec2:AssociateAddress",
+ "ec2:AuthorizeSecurityGroup*",
+ "ec2:CreateLaunchTemplate*",
+ "ec2:CreateSecurityGroup",
+ "ec2:CreateTags",
+ "ec2:DeleteLaunchTemplate*",
+ "ec2:DeleteSecurityGroup",
+ "ec2:DeleteTags",
+ "ec2:Describe*",
+ "ec2:DisassociateAddress",
+ "ec2:ReleaseAddress",
+ "ec2:RevokeSecurityGroup*",
+ "ecs:CreateCluster",
+ "ecs:DeRegisterTaskDefinition",
+ "ecs:Describe*",
+ "ecs:List*",
+ "ecs:RegisterTaskDefinition",
+ "elasticbeanstalk:*",
+ "elasticloadbalancing:Describe*",
+ "iam:GetRole",
+ "iam:ListAttachedRolePolicies",
+ "iam:ListInstanceProfiles",
+ "iam:ListRolePolicies",
+ "iam:ListRoles",
+ "iam:ListServerCertificates",
+ "logs:Describe*",
+ "rds:Describe*",
+ "s3:ListAllMyBuckets",
+ "sns:ListSubscriptionsByTopic",
+ "sns:ListTopics",
+ "sqs:ListQueues"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "autoscaling:*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*",
+ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*",
+ "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*",
+ "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:CancelUpdateStack",
+ "cloudformation:ContinueUpdateRollback",
+ "cloudformation:CreateStack",
+ "cloudformation:DeleteStack",
+ "cloudformation:GetTemplate",
+ "cloudformation:ListStackResources",
+ "cloudformation:SignalResource",
+ "cloudformation:TagResource",
+ "cloudformation:UntagResource",
+ "cloudformation:UpdateStack"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/awseb-*",
+ "arn:aws:cloudformation:*:*:stack/eb-*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudwatch:DeleteAlarms",
+ "cloudwatch:PutMetricAlarm"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudwatch:*:*:alarm:awseb-*",
+ "arn:aws:cloudwatch:*:*:alarm:eb-*"
+ ]
+ },
+ {
+ "Action": [
+ "codebuild:BatchGetBuilds",
+ "codebuild:CreateProject",
+ "codebuild:DeleteProject",
+ "codebuild:StartBuild"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:codebuild:*:*:project/Elastic-Beanstalk-*"
+ },
+ {
+ "Action": [
+ "dynamodb:CreateTable",
+ "dynamodb:DeleteTable",
+ "dynamodb:DescribeTable",
+ "dynamodb:TagResource"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:dynamodb:*:*:table/awseb-e-*",
+ "arn:aws:dynamodb:*:*:table/eb-*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:RebootInstances",
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:cloudformation:stack-id": [
+ "arn:aws:cloudformation:*:*:stack/awseb-e-*",
+ "arn:aws:cloudformation:*:*:stack/eb-*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": "ec2:RunInstances",
+ "Condition": {
+ "ArnLike": {
+ "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ecs:DeleteCluster"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ecs:*:*:cluster/awseb-*"
+ },
+ {
+ "Action": [
+ "elasticloadbalancing:*Rule",
+ "elasticloadbalancing:*Tags",
+ "elasticloadbalancing:SetRulePriorities",
+ "elasticloadbalancing:SetSecurityGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*"
+ ]
+ },
+ {
+ "Action": [
+ "elasticloadbalancing:*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*",
+ "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*",
+ "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener/awseb-*",
+ "arn:aws:elasticloadbalancing:*:*:listener/eb-*",
+ "arn:aws:elasticloadbalancing:*:*:listener/*/awseb-*/*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener/*/eb-*/*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*",
+ "arn:aws:elasticloadbalancing:*:*:listener-rule/app/eb-*/*/*/*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:AddRoleToInstanceProfile",
+ "iam:CreateInstanceProfile",
+ "iam:CreateRole"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-elasticbeanstalk*",
+ "arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:AttachRolePolicy"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:PolicyArn": [
+ "arn:aws:iam::aws:policy/AWSElasticBeanstalk*",
+ "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "elasticbeanstalk.amazonaws.com",
+ "ec2.amazonaws.com",
+ "autoscaling.amazonaws.com",
+ "elasticloadbalancing.amazonaws.com",
+ "ecs.amazonaws.com",
+ "cloudformation.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": [
+ "autoscaling.amazonaws.com",
+ "elasticbeanstalk.amazonaws.com",
+ "elasticloadbalancing.amazonaws.com",
+ "managedupdates.elasticbeanstalk.amazonaws.com",
+ "maintenance.elasticbeanstalk.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*",
+ "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*",
+ "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*",
+ "arn:aws:iam::*:role/aws-service-role/managedupdates.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*",
+ "arn:aws:iam::*:role/aws-service-role/maintenance.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*"
+ ]
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup",
+ "logs:DeleteLogGroup",
+ "logs:PutRetentionPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*"
+ },
+ {
+ "Action": [
+ "rds:*DBSubnetGroup",
+ "rds:AuthorizeDBSecurityGroupIngress",
+ "rds:CreateDBInstance",
+ "rds:CreateDBSecurityGroup",
+ "rds:DeleteDBInstance",
+ "rds:DeleteDBSecurityGroup",
+ "rds:ModifyDBInstance",
+ "rds:RestoreDBInstanceFromDBSnapshot"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:rds:*:*:db:*",
+ "arn:aws:rds:*:*:secgrp:awseb-e-*",
+ "arn:aws:rds:*:*:secgrp:eb-*",
+ "arn:aws:rds:*:*:snapshot:*",
+ "arn:aws:rds:*:*:subgrp:awseb-e-*",
+ "arn:aws:rds:*:*:subgrp:eb-*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:Delete*",
+ "s3:Get*",
+ "s3:Put*"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::elasticbeanstalk-*/*"
+ },
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:GetBucket*",
+ "s3:ListBucket",
+ "s3:PutBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::elasticbeanstalk-*"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:DeleteTopic",
+ "sns:GetTopicAttributes",
+ "sns:Publish",
+ "sns:SetTopicAttributes",
+ "sns:Subscribe",
+ "sns:Unsubscribe"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*"
+ },
+ {
+ "Action": [
+ "sqs:*QueueAttributes",
+ "sqs:CreateQueue",
+ "sqs:DeleteQueue",
+ "sqs:SendMessage",
+ "sqs:TagQueue"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sqs:*:*:awseb-e-*",
+ "arn:aws:sqs:*:*:eb-*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AX52KWGWY",
+ "PolicyName": "AdministratorAccess-AWSElasticBeanstalk",
+ "UpdateDate": "2021-01-22T19:36:54+00:00",
+ "VersionId": "v1"
+ },
+ "AdministratorAccess-Amplify": {
+ "Arn": "arn:aws:iam::aws:policy/AdministratorAccess-Amplify",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T19:03:08+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudformation:CreateChangeSet",
+ "cloudformation:CreateStack",
+ "cloudformation:DeleteStack",
+ "cloudformation:DescribeChangeSet",
+ "cloudformation:DescribeStackEvents",
+ "cloudformation:DescribeStackResource",
+ "cloudformation:DescribeStackResources",
+ "cloudformation:DescribeStacks",
+ "cloudformation:ExecuteChangeSet",
+ "cloudformation:GetTemplate",
+ "cloudformation:UpdateStack"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/amplify-*"
+ ],
+ "Sid": "CLICloudformationPolicy"
+ },
+ {
+ "Action": [
+ "iam:CreateRole",
+ "iam:ListRoleTags",
+ "iam:TagRole",
+ "iam:AttachRolePolicy",
+ "iam:CreatePolicy",
+ "iam:DeletePolicy",
+ "iam:DeleteRole",
+ "iam:DeleteRolePolicy",
+ "iam:DetachRolePolicy",
+ "iam:PutRolePolicy",
+ "iam:UpdateRole",
+ "iam:GetRole",
+ "iam:GetPolicy",
+ "iam:GetRolePolicy",
+ "iam:PassRole",
+ "iam:ListPolicyVersions",
+ "appsync:CreateApiKey",
+ "appsync:CreateDataSource",
+ "appsync:CreateFunction",
+ "appsync:CreateResolver",
+ "appsync:CreateType",
+ "appsync:DeleteApiKey",
+ "appsync:DeleteDataSource",
+ "appsync:DeleteFunction",
+ "appsync:DeleteResolver",
+ "appsync:DeleteType",
+ "appsync:GetDataSource",
+ "appsync:GetFunction",
+ "appsync:GetIntrospectionSchema",
+ "appsync:GetResolver",
+ "appsync:GetSchemaCreationStatus",
+ "appsync:GetType",
+ "appsync:GraphQL",
+ "appsync:ListApiKeys",
+ "appsync:ListDataSources",
+ "appsync:ListFunctions",
+ "appsync:ListGraphqlApis",
+ "appsync:ListResolvers",
+ "appsync:ListResolversByFunction",
+ "appsync:ListTypes",
+ "appsync:StartSchemaCreation",
+ "appsync:UpdateApiKey",
+ "appsync:UpdateDataSource",
+ "appsync:UpdateFunction",
+ "appsync:UpdateResolver",
+ "appsync:UpdateType",
+ "appsync:TagResource",
+ "appsync:CreateGraphqlApi",
+ "appsync:DeleteGraphqlApi",
+ "appsync:GetGraphqlApi",
+ "appsync:ListTagsForResource",
+ "appsync:UpdateGraphqlApi",
+ "apigateway:DELETE",
+ "apigateway:GET",
+ "apigateway:PATCH",
+ "apigateway:POST",
+ "apigateway:PUT",
+ "cognito-idp:CreateUserPool",
+ "cognito-identity:CreateIdentityPool",
+ "cognito-identity:DeleteIdentityPool",
+ "cognito-identity:DescribeIdentity",
+ "cognito-identity:DescribeIdentityPool",
+ "cognito-identity:SetIdentityPoolRoles",
+ "cognito-identity:GetIdentityPoolRoles",
+ "cognito-identity:UpdateIdentityPool",
+ "cognito-idp:CreateUserPoolClient",
+ "cognito-idp:DeleteGroup",
+ "cognito-idp:DeleteUserPool",
+ "cognito-idp:DeleteUserPoolClient",
+ "cognito-idp:DescribeUserPool",
+ "cognito-idp:DescribeUserPoolClient",
+ "cognito-idp:ListTagsForResource",
+ "cognito-idp:ListUserPoolClients",
+ "cognito-idp:UpdateUserPoolClient",
+ "cognito-idp:CreateGroup",
+ "cognito-idp:DeleteGroup",
+ "cognito-identity:TagResource",
+ "cognito-idp:TagResource",
+ "cognito-idp:UpdateUserPool",
+ "lambda:AddPermission",
+ "lambda:CreateFunction",
+ "lambda:DeleteFunction",
+ "lambda:GetFunction",
+ "lambda:GetFunctionConfiguration",
+ "lambda:InvokeAsync",
+ "lambda:InvokeFunction",
+ "lambda:RemovePermission",
+ "lambda:UpdateFunctionCode",
+ "lambda:UpdateFunctionConfiguration",
+ "lambda:ListTags",
+ "lambda:TagResource",
+ "lambda:UntagResource",
+ "lambda:DeleteFunction",
+ "lambda:AddLayerVersionPermission",
+ "lambda:CreateEventSourceMapping",
+ "lambda:DeleteEventSourceMapping",
+ "lambda:DeleteLayerVersion",
+ "lambda:GetEventSourceMapping",
+ "lambda:GetLayerVersion",
+ "lambda:ListEventSourceMappings",
+ "lambda:ListLayerVersions",
+ "lambda:PublishLayerVersion",
+ "lambda:RemoveLayerVersionPermission",
+ "dynamodb:CreateTable",
+ "dynamodb:DeleteItem",
+ "dynamodb:DeleteTable",
+ "dynamodb:DescribeContinuousBackups",
+ "dynamodb:DescribeTable",
+ "dynamodb:DescribeTimeToLive",
+ "dynamodb:ListStreams",
+ "dynamodb:PutItem",
+ "dynamodb:TagResource",
+ "dynamodb:ListTagsOfResource",
+ "dynamodb:UpdateContinuousBackups",
+ "dynamodb:UpdateItem",
+ "dynamodb:UpdateTable",
+ "dynamodb:UpdateTimeToLive",
+ "s3:CreateBucket",
+ "s3:ListBucket",
+ "s3:PutBucketAcl",
+ "s3:PutBucketCORS",
+ "s3:PutBucketNotification",
+ "s3:PutBucketPolicy",
+ "s3:PutBucketWebsite",
+ "s3:PutObjectAcl",
+ "cloudfront:CreateCloudFrontOriginAccessIdentity",
+ "cloudfront:CreateDistribution",
+ "cloudfront:DeleteCloudFrontOriginAccessIdentity",
+ "cloudfront:DeleteDistribution",
+ "cloudfront:GetCloudFrontOriginAccessIdentity",
+ "cloudfront:GetCloudFrontOriginAccessIdentityConfig",
+ "cloudfront:GetDistribution",
+ "cloudfront:GetDistributionConfig",
+ "cloudfront:TagResource",
+ "cloudfront:UntagResource",
+ "cloudfront:UpdateCloudFrontOriginAccessIdentity",
+ "cloudfront:UpdateDistribution",
+ "events:DeleteRule",
+ "events:DescribeRule",
+ "events:ListRuleNamesByTarget",
+ "events:PutRule",
+ "events:PutTargets",
+ "events:RemoveTargets",
+ "mobiletargeting:GetApp",
+ "kinesis:AddTagsToStream",
+ "kinesis:CreateStream",
+ "kinesis:DeleteStream",
+ "kinesis:DescribeStream",
+ "kinesis:PutRecords"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "cloudformation.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CLIManageviaCFNPolicy"
+ },
+ {
+ "Action": [
+ "appsync:GetIntrospectionSchema",
+ "appsync:GraphQL",
+ "appsync:UpdateApiKey",
+ "appsync:ListApiKeys",
+ "s3:PutObject",
+ "s3:GetObject",
+ "s3:ListBucket",
+ "s3:ListBucketVersions",
+ "s3:DeleteBucket",
+ "s3:DeleteBucketPolicy",
+ "s3:DeleteBucketWebsite",
+ "s3:DeleteObject",
+ "s3:GetBucketLocation",
+ "s3:ListAllMyBuckets",
+ "sts:AssumeRole",
+ "iam:PutRolePolicy",
+ "iam:CreatePolicy",
+ "iam:AttachRolePolicy",
+ "mobiletargeting:*",
+ "amplify:CreateApp",
+ "amplify:CreateBackendEnvironment",
+ "amplify:GetApp",
+ "amplify:GetBackendEnvironment",
+ "amplify:ListApps",
+ "amplify:ListBackendEnvironments",
+ "amplify:CreateBranch",
+ "amplify:GetBranch",
+ "amplify:UpdateApp",
+ "amplify:ListBranches",
+ "amplify:ListDomainAssociations",
+ "amplify:DeleteBranch",
+ "amplify:DeleteApp",
+ "amplify:DeleteBackendEnvironment",
+ "amplifybackend:*",
+ "cognito-idp:AdminAddUserToGroup",
+ "cognito-idp:AdminCreateUser",
+ "cognito-idp:CreateGroup",
+ "cognito-idp:DeleteGroup",
+ "cognito-idp:DeleteUser",
+ "cognito-idp:ListUsers",
+ "cognito-idp:AdminGetUser",
+ "cognito-idp:ListUsersInGroup",
+ "cognito-idp:AdminDisableUser",
+ "cognito-idp:AdminRemoveUserFromGroup",
+ "cognito-idp:AdminResetUserPassword",
+ "cognito-idp:AdminListGroupsForUser",
+ "cognito-idp:ListGroups",
+ "cognito-idp:AdminDeleteUser",
+ "cognito-idp:AdminListUserAuthEvents",
+ "cognito-idp:AdminDeleteUser",
+ "cognito-idp:AdminConfirmSignUp",
+ "cognito-idp:AdminEnableUser",
+ "cognito-idp:AdminUpdateUserAttributes",
+ "cognito-idp:DescribeIdentityProvider"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CLISDKCalls"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AML23RALR",
+ "PolicyName": "AdministratorAccess-Amplify",
+ "UpdateDate": "2021-01-13T22:36:27+00:00",
+ "VersionId": "v2"
+ },
"AlexaForBusinessDeviceSetup": {
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
"AttachmentCount": 0,
@@ -13915,7 +26741,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:47:09+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -13955,13 +26781,13 @@ aws_managed_policies_data = """
"secretsmanager:UpdateSecret"
],
"Effect": "Allow",
- "Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*"
+ "Resource": "arn:aws:secretsmanager:*:*:secret:A4B*"
},
{
"Action": "secretsmanager:CreateSecret",
"Condition": {
"StringLike": {
- "secretsmanager:Name": "A4BNetworkProfile*"
+ "secretsmanager:Name": "A4B*"
}
},
"Effect": "Allow",
@@ -13976,8 +26802,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILUT3JGG7WRIMVNH2",
"PolicyName": "AlexaForBusinessFullAccess",
- "UpdateDate": "2019-05-20T21:32:33+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-07-01T21:01:55+00:00",
+ "VersionId": "v5"
},
"AlexaForBusinessGatewayExecution": {
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution",
@@ -14028,6 +26854,113 @@ aws_managed_policies_data = """
"UpdateDate": "2017-11-30T16:47:19+00:00",
"VersionId": "v1"
},
+ "AlexaForBusinessLifesizeDelegatedAccessPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessLifesizeDelegatedAccessPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-04T19:46:56+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "a4b:DisassociateDeviceFromRoom",
+ "a4b:DeleteDevice",
+ "a4b:UpdateDevice",
+ "a4b:GetDevice"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL"
+ ]
+ },
+ {
+ "Action": [
+ "a4b:RegisterAVSDevice"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "a4b:amazonId": [
+ "A2IWO7UEGWV4TL"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "a4b:SearchDevices"
+ ],
+ "Condition": {
+ "ForAllValues:StringLike": {
+ "a4b:filters_deviceType": [
+ "*A2IWO7UEGWV4TL"
+ ]
+ },
+ "Null": {
+ "a4b:filters_deviceType": "false"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "a4b:AssociateDeviceWithRoom"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL",
+ "arn:aws:a4b:us-east-1:*:room/*"
+ ]
+ },
+ {
+ "Action": [
+ "a4b:GetRoom",
+ "a4b:GetAddressBook",
+ "a4b:SearchRooms",
+ "a4b:CreateContact",
+ "a4b:CreateRoom",
+ "a4b:UpdateContact",
+ "a4b:ListConferenceProviders",
+ "a4b:DeleteRoom",
+ "a4b:CreateAddressBook",
+ "a4b:DisassociateContactFromAddressBook",
+ "a4b:CreateConferenceProvider",
+ "a4b:PutConferencePreference",
+ "a4b:DeleteAddressBook",
+ "a4b:AssociateContactWithAddressBook",
+ "a4b:DeleteContact",
+ "a4b:SearchProfiles",
+ "a4b:UpdateProfile",
+ "a4b:GetContact"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:DescribeKey"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:kms:*:*:key/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HXQBRRIQV",
+ "PolicyName": "AlexaForBusinessLifesizeDelegatedAccessPolicy",
+ "UpdateDate": "2020-06-12T20:31:59+00:00",
+ "VersionId": "v2"
+ },
"AlexaForBusinessNetworkProfileServicePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AlexaForBusinessNetworkProfileServicePolicy",
"AttachmentCount": 0,
@@ -14070,18 +27003,103 @@ aws_managed_policies_data = """
"UpdateDate": "2019-04-05T21:57:56+00:00",
"VersionId": "v2"
},
+ "AlexaForBusinessPolyDelegatedAccessPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessPolyDelegatedAccessPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-10-16T19:48:45+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "a4b:DisassociateDeviceFromRoom",
+ "a4b:DeleteDevice",
+ "a4b:UpdateDevice",
+ "a4b:GetDevice"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92",
+ "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD"
+ ]
+ },
+ {
+ "Action": [
+ "a4b:RegisterAVSDevice"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "a4b:amazonId": [
+ "A238TWV36W3S92",
+ "A1FUZ1SC53VJXD"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "a4b:SearchDevices"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "a4b:AssociateDeviceWithRoom"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92",
+ "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD",
+ "arn:aws:a4b:us-east-1:*:room/*"
+ ]
+ },
+ {
+ "Action": [
+ "a4b:GetRoom",
+ "a4b:SearchRooms",
+ "a4b:CreateRoom",
+ "a4b:GetProfile",
+ "a4b:SearchSkillGroups",
+ "a4b:DisassociateSkillGroupFromRoom",
+ "a4b:AssociateSkillGroupWithRoom",
+ "a4b:GetSkillGroup",
+ "a4b:SearchProfiles",
+ "a4b:GetAddressBook",
+ "a4b:UpdateRoom"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FIHC2UP5Z",
+ "PolicyName": "AlexaForBusinessPolyDelegatedAccessPolicy",
+ "UpdateDate": "2019-10-16T19:48:45+00:00",
+ "VersionId": "v1"
+ },
"AlexaForBusinessReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:47:12+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"a4b:Get*",
"a4b:List*",
- "a4b:Describe*",
"a4b:Search*"
],
"Effect": "Allow",
@@ -14096,12 +27114,12 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI6BKSTB4XMLPBFFJ2",
"PolicyName": "AlexaForBusinessReadOnlyAccess",
- "UpdateDate": "2018-06-25T23:52:33+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-11-20T00:25:33+00:00",
+ "VersionId": "v3"
},
"AmazonAPIGatewayAdministrator": {
"Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator",
- "AttachmentCount": 1,
+ "AttachmentCount": 0,
"CreateDate": "2015-07-09T17:34:45+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -14154,7 +27172,7 @@ aws_managed_policies_data = """
},
"AmazonAPIGatewayPushToCloudWatchLogs": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs",
- "AttachmentCount": 1,
+ "AttachmentCount": 0,
"CreateDate": "2015-11-11T23:41:46+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -14184,11 +27202,165 @@ aws_managed_policies_data = """
"UpdateDate": "2015-11-11T23:41:46+00:00",
"VersionId": "v1"
},
+ "AmazonAppFlowFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonAppFlowFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-02T23:30:14+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "appflow:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:ListRoles",
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ListRolesForRedshift"
+ },
+ {
+ "Action": [
+ "kms:ListKeys",
+ "kms:DescribeKey",
+ "kms:ListAliases"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "KMSListAccess"
+ },
+ {
+ "Action": [
+ "kms:CreateGrant"
+ ],
+ "Condition": {
+ "Bool": {
+ "kms:GrantIsForAWSResource": "true"
+ },
+ "StringLike": {
+ "kms:ViaService": "appflow.*.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "KMSGrantAccess"
+ },
+ {
+ "Action": [
+ "kms:ListGrants"
+ ],
+ "Condition": {
+ "StringLike": {
+ "kms:ViaService": "appflow.*.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "KMSListGrantAccess"
+ },
+ {
+ "Action": [
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "s3:GetBucketLocation",
+ "s3:GetBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "S3ReadAccess"
+ },
+ {
+ "Action": [
+ "s3:PutBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::appflow-*",
+ "Sid": "S3PutBucketPolicyAccess"
+ },
+ {
+ "Action": "secretsmanager:CreateSecret",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "appflow.amazonaws.com"
+ ]
+ },
+ "StringLike": {
+ "secretsmanager:Name": "appflow!*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SecretsManagerCreateSecretAccess"
+ },
+ {
+ "Action": [
+ "secretsmanager:PutResourcePolicy"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "appflow.amazonaws.com"
+ ]
+ },
+ "StringEqualsIgnoreCase": {
+ "secretsmanager:ResourceTag/aws:secretsmanager:owningService": "appflow"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SecretsManagerPutResourcePolicyAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PGBU2ALC4",
+ "PolicyName": "AmazonAppFlowFullAccess",
+ "UpdateDate": "2020-12-07T22:49:15+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonAppFlowReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonAppFlowReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-02T23:26:51+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "appflow:DescribeConnectors",
+ "appflow:DescribeConnectorProfiles",
+ "appflow:DescribeFlows",
+ "appflow:DescribeFlowExecution",
+ "appflow:DescribeConnectorFields",
+ "appflow:ListConnectorFields",
+ "appflow:ListTagsForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CCGEQPIQI",
+ "PolicyName": "AmazonAppFlowReadOnlyAccess",
+ "UpdateDate": "2020-06-02T23:26:51+00:00",
+ "VersionId": "v1"
+ },
"AmazonAppStreamFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:09+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -14204,7 +27376,10 @@ aws_managed_policies_data = """
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
- "application-autoscaling:RegisterScalableTarget"
+ "application-autoscaling:RegisterScalableTarget",
+ "application-autoscaling:DescribeScheduledActions",
+ "application-autoscaling:PutScheduledAction",
+ "application-autoscaling:DeleteScheduledAction"
],
"Effect": "Allow",
"Resource": "*"
@@ -14224,7 +27399,8 @@ aws_managed_policies_data = """
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
- "ec2:DescribeVpcs"
+ "ec2:DescribeVpcs",
+ "ec2:DescribeVpcEndpoints"
],
"Effect": "Allow",
"Resource": "*"
@@ -14263,8 +27439,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLZZXU2YQVGL4QDNC",
"PolicyName": "AmazonAppStreamFullAccess",
- "UpdateDate": "2018-09-10T17:29:25+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-08-28T17:24:35+00:00",
+ "VersionId": "v6"
},
"AmazonAppStreamReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess",
@@ -14298,7 +27474,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-19T04:17:37+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -14314,7 +27490,9 @@ aws_managed_policies_data = """
"ec2:DisassociateAddress",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
- "s3:ListAllMyBuckets"
+ "ec2:DescribeVpcEndpoints",
+ "s3:ListAllMyBuckets",
+ "ds:DescribeDirectories"
],
"Effect": "Allow",
"Resource": "*"
@@ -14328,6 +27506,7 @@ aws_managed_policies_data = """
"s3:DeleteObject",
"s3:GetObjectVersion",
"s3:DeleteObjectVersion",
+ "s3:GetBucketPolicy",
"s3:PutBucketPolicy",
"s3:PutEncryptionConfiguration"
],
@@ -14347,14 +27526,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAISBRZ7LMMCBYEF3SE",
"PolicyName": "AmazonAppStreamServiceAccess",
- "UpdateDate": "2019-01-17T20:22:45+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2020-06-26T16:33:54+00:00",
+ "VersionId": "v8"
},
"AmazonAthenaFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-30T16:46:01+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -14450,6 +27629,15 @@ aws_managed_policies_data = """
"Resource": [
"*"
]
+ },
+ {
+ "Action": [
+ "lakeformation:GetDataAccess"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
}
],
"Version": "2012-10-17"
@@ -14460,19 +27648,73 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPJMLMD4C7RYZ6XCK",
"PolicyName": "AmazonAthenaFullAccess",
- "UpdateDate": "2019-02-19T00:13:03+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2019-08-08T17:52:27+00:00",
+ "VersionId": "v6"
},
- "AmazonChimeFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/AmazonChimeFullAccess",
+ "AmazonAugmentedAIFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIFullAccess",
"AttachmentCount": 0,
- "CreateDate": "2017-11-01T22:15:43+00:00",
+ "CreateDate": "2019-12-03T16:21:56+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
- "chime:*"
+ "sagemaker:*HumanLoop",
+ "sagemaker:*HumanLoops",
+ "sagemaker:*FlowDefinition",
+ "sagemaker:*FlowDefinitions",
+ "sagemaker:*HumanTaskUi",
+ "sagemaker:*HumanTaskUis"
+ ],
+ "Condition": {
+ "StringEqualsIfExists": {
+ "sagemaker:WorkteamType": [
+ "private-crowd",
+ "vendor-crowd"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "sagemaker.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HJOEBWQWI",
+ "PolicyName": "AmazonAugmentedAIFullAccess",
+ "UpdateDate": "2019-12-03T16:21:56+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonAugmentedAIHumanLoopFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIHumanLoopFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T16:20:47+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sagemaker:*HumanLoop",
+ "sagemaker:*HumanLoops"
],
"Effect": "Allow",
"Resource": "*"
@@ -14484,55 +27726,345 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4DLDNVPZG4",
+ "PolicyName": "AmazonAugmentedAIHumanLoopFullAccess",
+ "UpdateDate": "2019-12-03T16:20:47+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonAugmentedAIIntegratedAPIAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIIntegratedAPIAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-04-22T20:47:32+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sagemaker:*HumanLoop",
+ "sagemaker:*HumanLoops",
+ "sagemaker:*FlowDefinition",
+ "sagemaker:*FlowDefinitions",
+ "sagemaker:*HumanTaskUi",
+ "sagemaker:*HumanTaskUis"
+ ],
+ "Condition": {
+ "StringEqualsIfExists": {
+ "sagemaker:WorkteamType": [
+ "private-crowd",
+ "vendor-crowd"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "textract:AnalyzeDocument"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "rekognition:DetectModerationLabels"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "sagemaker.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4A7KC4RFTV",
+ "PolicyName": "AmazonAugmentedAIIntegratedAPIAccess",
+ "UpdateDate": "2020-04-22T20:47:32+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonBraketFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonBraketFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-06T20:12:37+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:PutObject",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::amazon-braket-*"
+ },
+ {
+ "Action": [
+ "logs:Describe*",
+ "logs:Get*",
+ "logs:List*",
+ "logs:StartQuery",
+ "logs:StopQuery",
+ "logs:TestMetricFilter",
+ "logs:FilterLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/braket:*"
+ },
+ {
+ "Action": [
+ "iam:ListRoles",
+ "iam:ListRolePolicies",
+ "iam:GetRole",
+ "iam:GetRolePolicy",
+ "iam:ListAttachedRolePolicies"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sagemaker:ListNotebookInstances"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sagemaker:CreatePresignedNotebookInstanceUrl",
+ "sagemaker:CreateNotebookInstance",
+ "sagemaker:DeleteNotebookInstance",
+ "sagemaker:DescribeNotebookInstance",
+ "sagemaker:StartNotebookInstance",
+ "sagemaker:StopNotebookInstance",
+ "sagemaker:UpdateNotebookInstance",
+ "sagemaker:ListTags",
+ "sagemaker:AddTags",
+ "sagemaker:DeleteTags"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sagemaker:*:*:notebook-instance/amazon-braket-*"
+ },
+ {
+ "Action": [
+ "sagemaker:DescribeNotebookInstanceLifecycleConfig",
+ "sagemaker:CreateNotebookInstanceLifecycleConfig",
+ "sagemaker:DeleteNotebookInstanceLifecycleConfig",
+ "sagemaker:ListNotebookInstanceLifecycleConfigs",
+ "sagemaker:UpdateNotebookInstanceLifecycleConfig"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/amazon-braket-*"
+ },
+ {
+ "Action": "braket:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "braket.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/braket.amazonaws.com/AWSServiceRoleForAmazonBraket*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:PassedToService": [
+ "sagemaker.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/service-role/AmazonBraketServiceSageMakerNotebookRole*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HUAKO7NZO",
+ "PolicyName": "AmazonBraketFullAccess",
+ "UpdateDate": "2021-02-18T07:48:38+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonBraketServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonBraketServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-04T17:12:23+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:PutObject",
+ "s3:GetObject",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::amazon-braket-*"
+ },
+ {
+ "Action": [
+ "logs:PutLogEvents",
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams",
+ "logs:CreateLogGroup",
+ "logs:DescribeLogGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/braket:*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NIYU42I3S",
+ "PolicyName": "AmazonBraketServiceRolePolicy",
+ "UpdateDate": "2020-08-06T20:10:42+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonChimeFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonChimeFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2017-11-01T22:15:43+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "chime:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:ListBucket",
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketAcl",
+ "s3:GetBucketLocation",
+ "s3:GetBucketLogging",
+ "s3:GetBucketVersioning",
+ "s3:GetBucketWebsite"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogDelivery",
+ "logs:DeleteLogDelivery",
+ "logs:GetLogDelivery",
+ "logs:ListLogDeliveries",
+ "logs:DescribeResourcePolicies",
+ "logs:PutResourcePolicy",
+ "logs:CreateLogGroup",
+ "logs:DescribeLogGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:GetTopicAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*"
+ ]
+ },
+ {
+ "Action": [
+ "sqs:GetQueueAttributes",
+ "sqs:CreateQueue"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*"
+ ]
+ },
+ {
+ "Action": [
+ "kinesis:ListStreams"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kinesis:DescribeStream"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:kinesis:*:*:stream/chime-chat-*",
+ "arn:aws:kinesis:*:*:stream/chime-messaging-*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:GetEncryptionConfiguration",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::chime-chat-*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUJFSAKUERNORYRWO",
"PolicyName": "AmazonChimeFullAccess",
- "UpdateDate": "2017-11-01T22:15:43+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-12-14T21:00:52+00:00",
+ "VersionId": "v3"
},
"AmazonChimeReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonChimeReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-11-01T22:04:17+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
- "chime:ListAccounts",
- "chime:GetAccount",
- "chime:GetAccountSettings",
- "chime:ListUsers",
- "chime:GetUser",
- "chime:GetUserByEmail",
- "chime:ListDomains",
- "chime:GetDomain",
- "chime:ListGroups",
- "chime:ListDirectories",
- "chime:ListCDRBucket",
- "chime:GetCDRBucket",
- "chime:ListDelegates",
- "chime:GetAccountResource",
- "chime:ValidateDelegate",
- "chime:ListAccountUsageReportData",
- "chime:GetUserActivityReportData",
- "chime:GetGlobalSettings",
- "chime:GetPhoneNumber",
- "chime:GetPhoneNumberOrder",
- "chime:GetUserSettings",
- "chime:GetVoiceConnector",
- "chime:GetVoiceConnectorOrigination",
- "chime:GetVoiceConnectorTermination",
- "chime:GetVoiceConnectorTerminationHealth",
- "chime:ListPhoneNumberOrders",
- "chime:ListPhoneNumbers",
- "chime:ListVoiceConnectorTerminationCredentials",
- "chime:ListVoiceConnectors",
- "chime:SearchAvailablePhoneNumbers",
- "chime:GetTelephonyLimits",
- "chime:ListCallingRegions",
- "chime:GetBot",
- "chime:ListBots",
- "chime:GetEventsConfiguration"
+ "chime:List*",
+ "chime:Get*",
+ "chime:Describe*",
+ "chime:SearchAvailablePhoneNumbers"
],
"Effect": "Allow",
"Resource": "*"
@@ -14546,14 +28078,91 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLBFZZFABRXVWRTCI",
"PolicyName": "AmazonChimeReadOnly",
- "UpdateDate": "2019-05-13T20:34:08+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-12-14T20:53:57+00:00",
+ "VersionId": "v10"
+ },
+ "AmazonChimeSDK": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonChimeSDK",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-02-04T21:53:37+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "chime:CreateMeeting",
+ "chime:CreateMeetingWithAttendees",
+ "chime:DeleteMeeting",
+ "chime:GetMeeting",
+ "chime:ListMeetings",
+ "chime:CreateAttendee",
+ "chime:BatchCreateAttendee",
+ "chime:DeleteAttendee",
+ "chime:GetAttendee",
+ "chime:ListAttendees",
+ "chime:ListAttendeeTags",
+ "chime:ListMeetingTags",
+ "chime:ListTagsForResource",
+ "chime:TagAttendee",
+ "chime:TagMeeting",
+ "chime:TagResource",
+ "chime:UntagAttendee",
+ "chime:UntagMeeting",
+ "chime:UntagResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ACM6EA4B7",
+ "PolicyName": "AmazonChimeSDK",
+ "UpdateDate": "2020-09-18T21:07:30+00:00",
+ "VersionId": "v3"
+ },
+ "AmazonChimeServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-09-30T22:25:06+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "chime.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NA5XMV3PI",
+ "PolicyName": "AmazonChimeServiceRolePolicy",
+ "UpdateDate": "2019-09-30T22:25:06+00:00",
+ "VersionId": "v1"
},
"AmazonChimeUserManagement": {
"Arn": "arn:aws:iam::aws:policy/AmazonChimeUserManagement",
"AttachmentCount": 0,
"CreateDate": "2017-11-01T22:17:26+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -14566,6 +28175,7 @@ aws_managed_policies_data = """
"chime:GetUser",
"chime:GetUserByEmail",
"chime:InviteUsers",
+ "chime:InviteUsersFromProvider",
"chime:SuspendUsers",
"chime:ActivateUsers",
"chime:UpdateUserLicenses",
@@ -14591,7 +28201,10 @@ aws_managed_policies_data = """
"chime:GetPhoneNumber",
"chime:ListPhoneNumbers",
"chime:GetUserSettings",
- "chime:UpdateUserSettings"
+ "chime:UpdateUserSettings",
+ "chime:CreateUser",
+ "chime:AssociateSigninDelegateGroupsWithAccount",
+ "chime:DisassociateSigninDelegateGroupsFromAccount"
],
"Effect": "Allow",
"Resource": "*"
@@ -14605,8 +28218,36 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJGLHVUHNMQPSDGSOO",
"PolicyName": "AmazonChimeUserManagement",
- "UpdateDate": "2019-03-18T12:17:58+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-02-18T19:26:10+00:00",
+ "VersionId": "v8"
+ },
+ "AmazonChimeVoiceConnectorServiceLinkedRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeVoiceConnectorServiceLinkedRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-09-30T22:16:42+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "chime:GetVoiceConnector*"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GP44ZBY4P",
+ "PolicyName": "AmazonChimeVoiceConnectorServiceLinkedRolePolicy",
+ "UpdateDate": "2019-09-30T22:16:42+00:00",
+ "VersionId": "v1"
},
"AmazonCloudDirectoryFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess",
@@ -14667,6 +28308,351 @@ aws_managed_policies_data = """
"UpdateDate": "2017-02-28T23:42:06+00:00",
"VersionId": "v1"
},
+ "AmazonCodeGuruProfilerAgentAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerAgentAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-05T22:11:56+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codeguru-profiler:ConfigureAgent",
+ "codeguru-profiler:PostAgentProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NJEGTVMFC",
+ "PolicyName": "AmazonCodeGuruProfilerAgentAccess",
+ "UpdateDate": "2021-02-05T22:11:56+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonCodeGuruProfilerFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T10:13:27+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codeguru-profiler:*",
+ "iam:ListRoles",
+ "iam:ListUsers",
+ "sns:ListTopics",
+ "codeguru:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "codeguru-profiler.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*AWSServiceRoleForCodeGuruProfiler*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FVCBNS424",
+ "PolicyName": "AmazonCodeGuruProfilerFullAccess",
+ "UpdateDate": "2020-07-15T03:23:08+00:00",
+ "VersionId": "v4"
+ },
+ "AmazonCodeGuruProfilerReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T10:30:15+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codeguru:Get*",
+ "codeguru-profiler:BatchGet*",
+ "codeguru-profiler:Describe*",
+ "codeguru-profiler:Get*",
+ "codeguru-profiler:List*",
+ "iam:ListRoles",
+ "iam:ListUsers"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LUSUINUHE",
+ "PolicyName": "AmazonCodeGuruProfilerReadOnlyAccess",
+ "UpdateDate": "2020-06-27T23:52:52+00:00",
+ "VersionId": "v3"
+ },
+ "AmazonCodeGuruReviewerFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T08:33:47+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codeguru-reviewer:*",
+ "codeguru:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AmazonCodeGuruReviewerFullAccess"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer",
+ "Sid": "AmazonCodeGuruReviewerSLRCreation"
+ },
+ {
+ "Action": [
+ "iam:DeleteServiceLinkedRole",
+ "iam:GetServiceLinkedRoleDeletionStatus"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer",
+ "Sid": "AmazonCodeGuruReviewerSLRDeletion"
+ },
+ {
+ "Action": [
+ "codecommit:ListRepositories"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeCommitAccess"
+ },
+ {
+ "Action": [
+ "codecommit:TagResource",
+ "codecommit:UntagResource"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": "codeguru-reviewer"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeCommitTagManagement"
+ },
+ {
+ "Action": [
+ "codestar-connections:TagResource",
+ "codestar-connections:UntagResource",
+ "codestar-connections:ListTagsForResource"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": "codeguru-reviewer"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeConnectTagManagement"
+ },
+ {
+ "Action": [
+ "codestar-connections:UseConnection",
+ "codestar-connections:ListConnections",
+ "codestar-connections:PassConnection"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "codestar-connections:ProviderAction": [
+ "ListRepositories",
+ "ListOwners"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CodeConnectManagedRules"
+ },
+ {
+ "Action": [
+ "events:PutRule",
+ "events:PutTargets",
+ "events:DeleteRule",
+ "events:RemoveTargets"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "events:ManagedBy": "codeguru-reviewer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudWatchEventsManagedRules"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ENLFBTHWM",
+ "PolicyName": "AmazonCodeGuruReviewerFullAccess",
+ "UpdateDate": "2020-08-29T04:16:08+00:00",
+ "VersionId": "v3"
+ },
+ "AmazonCodeGuruReviewerReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T08:48:24+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codeguru:Get*",
+ "codeguru-reviewer:List*",
+ "codeguru-reviewer:Describe*",
+ "codeguru-reviewer:Get*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AmazonCodeGuruReviewerReadOnlyAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FOJ4PYG77",
+ "PolicyName": "AmazonCodeGuruReviewerReadOnlyAccess",
+ "UpdateDate": "2020-08-29T04:15:32+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonCodeGuruReviewerServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCodeGuruReviewerServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T05:31:12+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "codecommit:GetRepository",
+ "codecommit:GetBranch",
+ "codecommit:DescribePullRequestEvents",
+ "codecommit:GetCommentsForPullRequest",
+ "codecommit:GetDifferences",
+ "codecommit:GetPullRequest",
+ "codecommit:ListPullRequests",
+ "codecommit:PostCommentForPullRequest",
+ "codecommit:GitPull",
+ "codecommit:UntagResource"
+ ],
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/codeguru-reviewer": "enabled"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AccessCodeGuruReviewerEnabledRepositories"
+ },
+ {
+ "Action": [
+ "codestar-connections:UseConnection"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "codestar-connections:ProviderAction": [
+ "ListBranches",
+ "GetBranch",
+ "ListRepositories",
+ "ListOwners",
+ "ListPullRequests",
+ "GetPullRequest",
+ "ListPullRequestComments",
+ "ListPullRequestCommits",
+ "ListCommitFiles",
+ "ListBranchCommits",
+ "CreatePullRequestDiffComment",
+ "GitPull"
+ ]
+ },
+ "Null": {
+ "aws:ResourceTag/codeguru-reviewer": "false"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AccessCodeGuruReviewerEnabledConnections"
+ },
+ {
+ "Action": [
+ "events:DeleteRule",
+ "events:RemoveTargets"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "events:ManagedBy": "codeguru-reviewer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudWatchEventsResourceCleanup"
+ },
+ {
+ "Action": [
+ "s3:GetObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::codeguru-reviewer-*",
+ "arn:aws:s3:::codeguru-reviewer-*/*"
+ ],
+ "Sid": "AllowGuruS3GetObject"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NJY3GAUD2",
+ "PolicyName": "AmazonCodeGuruReviewerServiceRolePolicy",
+ "UpdateDate": "2020-11-27T15:09:46+00:00",
+ "VersionId": "v4"
+ },
"AmazonCognitoDeveloperAuthenticatedIdentities": {
"Arn": "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities",
"AttachmentCount": 0,
@@ -14730,11 +28716,37 @@ aws_managed_policies_data = """
"UpdateDate": "2019-03-21T21:32:25+00:00",
"VersionId": "v1"
},
+ "AmazonCognitoIdpServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-26T22:30:20+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cognito-idp:Describe*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LEUDXVZDR",
+ "PolicyName": "AmazonCognitoIdpServiceRolePolicy",
+ "UpdateDate": "2020-06-26T22:30:20+00:00",
+ "VersionId": "v1"
+ },
"AmazonCognitoPowerUser": {
"Arn": "arn:aws:iam::aws:policy/AmazonCognitoPowerUser",
"AttachmentCount": 0,
"CreateDate": "2015-03-24T17:14:56+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -14744,7 +28756,20 @@ aws_managed_policies_data = """
"cognito-sync:*",
"iam:ListRoles",
"iam:ListOpenIdConnectProviders",
- "sns:ListPlatformApplications"
+ "sns:ListPlatformApplications",
+ "iam:GetRole",
+ "iam:ListOpenIDConnectProviders",
+ "iam:ListRoles",
+ "iam:ListSAMLProviders",
+ "iam:GetSAMLProvider",
+ "kinesis:ListStreams",
+ "lambda:GetPolicy",
+ "lambda:ListFunctions",
+ "sns:ListPlatformApplications",
+ "ses:ListIdentities",
+ "ses:GetIdentityVerificationAttributes",
+ "mobiletargeting:GetApps",
+ "acm:ListCertificates"
],
"Effect": "Allow",
"Resource": "*"
@@ -14753,7 +28778,10 @@ aws_managed_policies_data = """
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
- "iam:AWSServiceName": "email.cognito-idp.amazonaws.com"
+ "iam:AWSServiceName": [
+ "cognito-idp.amazonaws.com",
+ "email.cognito-idp.amazonaws.com"
+ ]
}
},
"Effect": "Allow",
@@ -14765,7 +28793,10 @@ aws_managed_policies_data = """
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
- "Resource": "arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*"
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp*",
+ "arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*"
+ ]
}
],
"Version": "2012-10-17"
@@ -14776,14 +28807,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKW5H2HNCPGCYGR6Y",
"PolicyName": "AmazonCognitoPowerUser",
- "UpdateDate": "2019-03-29T22:06:46+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2021-01-12T16:56:15+00:00",
+ "VersionId": "v5"
},
"AmazonCognitoReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonCognitoReadOnly",
"AttachmentCount": 0,
"CreateDate": "2015-03-24T17:06:46+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -14792,9 +28823,10 @@ aws_managed_policies_data = """
"cognito-identity:Get*",
"cognito-identity:List*",
"cognito-idp:Describe*",
- "cognito-idp:AdminGetUser",
+ "cognito-idp:AdminGet*",
"cognito-idp:AdminList*",
"cognito-idp:List*",
+ "cognito-idp:Get*",
"cognito-sync:Describe*",
"cognito-sync:Get*",
"cognito-sync:List*",
@@ -14814,76 +28846,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBFTRZD2GQGJHSVQK",
"PolicyName": "AmazonCognitoReadOnly",
- "UpdateDate": "2019-02-16T00:18:11+00:00",
- "VersionId": "v3"
- },
- "AmazonConnectFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/AmazonConnectFullAccess",
- "AttachmentCount": 0,
- "CreateDate": "2018-10-17T20:59:39+00:00",
- "DefaultVersionId": "v2",
- "Document": {
- "Statement": [
- {
- "Action": [
- "connect:*",
- "ds:CreateAlias",
- "ds:AuthorizeApplication",
- "ds:CreateIdentityPoolDirectory",
- "ds:DeleteDirectory",
- "ds:DescribeDirectories",
- "ds:UnauthorizeApplication",
- "firehose:DescribeDeliveryStream",
- "firehose:ListDeliveryStreams",
- "kinesis:DescribeStream",
- "kinesis:ListStreams",
- "kms:DescribeKey",
- "kms:CreateGrant",
- "kms:ListAliases",
- "lex:GetBots",
- "logs:CreateLogGroup",
- "s3:CreateBucket",
- "s3:GetBucketLocation",
- "s3:ListAllMyBuckets"
- ],
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": "iam:CreateServiceLinkedRole",
- "Condition": {
- "StringEquals": {
- "iam:AWSServiceName": "connect.amazonaws.com"
- }
- },
- "Effect": "Allow",
- "Resource": "*"
- },
- {
- "Action": [
- "iam:DeleteServiceLinkedRole",
- "iam:PutRolePolicy"
- ],
- "Effect": "Allow",
- "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*"
- }
- ],
- "Version": "2012-10-17"
- },
- "IsAttachable": true,
- "IsDefaultVersion": true,
- "Path": "/",
- "PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAIPZZCFFD55NYGBAJI",
- "PolicyName": "AmazonConnectFullAccess",
- "UpdateDate": "2018-10-17T22:28:01+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-08-01T19:21:04+00:00",
+ "VersionId": "v4"
},
"AmazonConnectReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonConnectReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-10-17T21:00:44+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -14910,14 +28880,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIVZMH7VU6YYKRY6ZU",
"PolicyName": "AmazonConnectReadOnlyAccess",
- "UpdateDate": "2018-10-17T21:00:44+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-11-06T22:10:18+00:00",
+ "VersionId": "v3"
},
"AmazonConnectServiceLinkedRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-09-07T00:21:43+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -14935,6 +28905,40 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:GetObjectAcl",
+ "s3:PutObject",
+ "s3:PutObjectAcl",
+ "s3:DeleteObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::amazon-connect-*/*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:GetBucketLocation",
+ "s3:GetBucketAcl"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::amazon-connect-*"
+ ]
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:/aws/connect/*:*"
+ ]
}
],
"Version": "2012-10-17"
@@ -14945,8 +28949,82 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6R6FMTSRUJSKI72Y",
"PolicyName": "AmazonConnectServiceLinkedRolePolicy",
- "UpdateDate": "2018-09-25T21:29:18+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-10-08T01:40:01+00:00",
+ "VersionId": "v3"
+ },
+ "AmazonConnect_FullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonConnect_FullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-20T19:54:21+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "connect:*",
+ "ds:CreateAlias",
+ "ds:AuthorizeApplication",
+ "ds:CreateIdentityPoolDirectory",
+ "ds:DeleteDirectory",
+ "ds:DescribeDirectories",
+ "ds:UnauthorizeApplication",
+ "firehose:DescribeDeliveryStream",
+ "firehose:ListDeliveryStreams",
+ "kinesis:DescribeStream",
+ "kinesis:ListStreams",
+ "kms:DescribeKey",
+ "kms:ListAliases",
+ "lex:GetBots",
+ "logs:CreateLogGroup",
+ "s3:GetBucketLocation",
+ "s3:ListAllMyBuckets",
+ "lambda:ListFunctions",
+ "ds:CheckAlias"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:GetBucketAcl"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::amazon-connect-*"
+ },
+ {
+ "Action": [
+ "servicequotas:GetServiceQuota"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:servicequotas:*:*:connect/*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "connect.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:DeleteServiceLinkedRole",
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JXAE7KLRO",
+ "PolicyName": "AmazonConnect_FullAccess",
+ "UpdateDate": "2020-11-20T19:54:21+00:00",
+ "VersionId": "v1"
},
"AmazonDMSCloudWatchLogsRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole",
@@ -15021,7 +29099,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role",
"AttachmentCount": 0,
"CreateDate": "2016-04-20T17:05:56+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -15036,6 +29114,11 @@ aws_managed_policies_data = """
"s3:GetObjectVersion",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy",
+ "s3:GetBucketAcl",
+ "s3:PutBucketVersioning",
+ "s3:GetBucketVersioning",
+ "s3:PutLifecycleConfiguration",
+ "s3:GetLifecycleConfiguration",
"s3:DeleteBucketPolicy"
],
"Effect": "Allow",
@@ -15050,8 +29133,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3CCUQ4U5WNC5F6B6",
"PolicyName": "AmazonDMSRedshiftS3Role",
- "UpdateDate": "2016-04-20T17:05:56+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-07-08T18:19:14+00:00",
+ "VersionId": "v3"
},
"AmazonDMSVPCManagementRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole",
@@ -15124,11 +29207,267 @@ aws_managed_policies_data = """
"UpdateDate": "2015-09-02T00:09:20+00:00",
"VersionId": "v1"
},
+ "AmazonDetectiveFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonDetectiveFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-04-30T17:57:15+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "detective:*",
+ "organizations:DescribeOrganization",
+ "organizations:ListAccounts"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "guardduty:ArchiveFindings"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:guardduty:*:*:detector/*"
+ },
+ {
+ "Action": [
+ "guardduty:ListDetectors"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IRLX3QVOO",
+ "PolicyName": "AmazonDetectiveFullAccess",
+ "UpdateDate": "2020-10-21T22:07:28+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonDevOpsGuruFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T16:38:12+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "devops-guru:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "DevOpsGuruFullAccess"
+ },
+ {
+ "Action": [
+ "cloudformation:DescribeStacks",
+ "cloudformation:ListStacks"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudFormationListStacksAccess"
+ },
+ {
+ "Action": [
+ "cloudwatch:GetMetricData"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudWatchGetMetricDataAccess"
+ },
+ {
+ "Action": [
+ "sns:ListTopics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SnsListTopicsAccess"
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:GetTopicAttributes",
+ "sns:SetTopicAttributes",
+ "sns:Publish"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sns:*:*:DevOps-Guru-*",
+ "Sid": "SnsTopicOperations"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "devops-guru.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru",
+ "Sid": "DevOpsGuruSlrCreation"
+ },
+ {
+ "Action": [
+ "iam:DeleteServiceLinkedRole",
+ "iam:GetServiceLinkedRoleDeletionStatus"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru",
+ "Sid": "DevOpsGuruSlrDeletion"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BQEAUGTMM",
+ "PolicyName": "AmazonDevOpsGuruFullAccess",
+ "UpdateDate": "2020-12-01T16:38:12+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonDevOpsGuruReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T16:34:40+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "devops-guru:DescribeAccountHealth",
+ "devops-guru:DescribeAccountOverview",
+ "devops-guru:DescribeAnomaly",
+ "devops-guru:DescribeInsight",
+ "devops-guru:DescribeResourceCollectionHealth",
+ "devops-guru:DescribeServiceIntegration",
+ "devops-guru:GetResourceCollection",
+ "devops-guru:ListAnomaliesForInsight",
+ "devops-guru:ListEvents",
+ "devops-guru:ListInsights",
+ "devops-guru:ListNotificationChannels",
+ "devops-guru:ListRecommendations",
+ "devops-guru:SearchInsights"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "DevOpsGuruReadOnlyAccess"
+ },
+ {
+ "Action": [
+ "cloudformation:DescribeStacks",
+ "cloudformation:ListStacks"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudFormationListStacksAccess"
+ },
+ {
+ "Action": [
+ "cloudwatch:GetMetricData"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudWatchGetMetricDataAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JK4QO3QK6",
+ "PolicyName": "AmazonDevOpsGuruReadOnlyAccess",
+ "UpdateDate": "2020-12-01T16:34:40+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonDevOpsGuruServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T10:24:42+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudtrail:LookupEvents",
+ "cloudwatch:GetMetricData",
+ "cloudwatch:ListMetrics",
+ "cloudwatch:DescribeAnomalyDetectors",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:ListDashboards",
+ "cloudwatch:GetDashboard",
+ "cloudformation:GetTemplate",
+ "cloudformation:ListStacks",
+ "cloudformation:ListStackResources",
+ "cloudformation:DescribeStacks",
+ "cloudformation:ListImports",
+ "codedeploy:BatchGetDeployments",
+ "codedeploy:GetDeploymentGroup",
+ "codedeploy:ListDeployments",
+ "config:DescribeConfigurationRecorderStatus",
+ "config:GetResourceConfigHistory",
+ "events:ListRuleNamesByTarget",
+ "xray:GetServiceGraph"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "events:PutTargets",
+ "events:PutRule"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:events:*:*:rule/DevOps-Guru-managed-*",
+ "Sid": "AllowPutTargetsOnASpecificRule"
+ },
+ {
+ "Action": [
+ "ssm:CreateOpsItem"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowCreateOpsItem"
+ },
+ {
+ "Action": [
+ "ssm:GetOpsItem",
+ "ssm:UpdateOpsItem"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowAccessOpsItem"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LOGPH224B",
+ "PolicyName": "AmazonDevOpsGuruServiceRolePolicy",
+ "UpdateDate": "2020-12-01T10:24:42+00:00",
+ "VersionId": "v1"
+ },
"AmazonDocDBConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDocDBConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-09T20:37:28+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -15254,7 +29593,6 @@ aws_managed_policies_data = """
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
- "kms:ListKeysForService",
"kms:ListRetirableGrants",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
@@ -15286,8 +29624,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHV6VMSNDDHJ3ESNI",
"PolicyName": "AmazonDocDBConsoleFullAccess",
- "UpdateDate": "2019-01-09T20:37:28+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-10-21T18:57:02+00:00",
+ "VersionId": "v2"
},
"AmazonDocDBFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDocDBFullAccess",
@@ -15503,9 +29841,9 @@ aws_managed_policies_data = """
},
"AmazonDynamoDBFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess",
- "AttachmentCount": 0,
+ "AttachmentCount": 2,
"CreateDate": "2015-02-06T18:40:11+00:00",
- "DefaultVersionId": "v9",
+ "DefaultVersionId": "v15",
"Document": {
"Statement": [
{
@@ -15526,6 +29864,7 @@ aws_managed_policies_data = """
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
+ "cloudwatch:GetMetricData",
"datapipeline:ActivatePipeline",
"datapipeline:CreatePipeline",
"datapipeline:DeletePipeline",
@@ -15540,6 +29879,8 @@ aws_managed_policies_data = """
"ec2:DescribeSecurityGroups",
"iam:GetRole",
"iam:ListRoles",
+ "kms:DescribeKey",
+ "kms:ListAliases",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptions",
@@ -15561,11 +29902,19 @@ aws_managed_policies_data = """
"resource-groups:GetGroupQuery",
"resource-groups:DeleteGroup",
"resource-groups:CreateGroup",
- "tag:GetResources"
+ "tag:GetResources",
+ "kinesis:ListStreams",
+ "kinesis:DescribeStream",
+ "kinesis:DescribeStreamSummary"
],
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": "cloudwatch:GetInsightRuleReport",
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*"
+ },
{
"Action": [
"iam:PassRole"
@@ -15574,6 +29923,7 @@ aws_managed_policies_data = """
"StringLike": {
"iam:PassedToService": [
"application-autoscaling.amazonaws.com",
+ "application-autoscaling.amazonaws.com.cn",
"dax.amazonaws.com"
]
}
@@ -15590,7 +29940,9 @@ aws_managed_policies_data = """
"iam:AWSServiceName": [
"replication.dynamodb.amazonaws.com",
"dax.amazonaws.com",
- "dynamodb.application-autoscaling.amazonaws.com"
+ "dynamodb.application-autoscaling.amazonaws.com",
+ "contributorinsights.dynamodb.amazonaws.com",
+ "kinesisreplication.dynamodb.amazonaws.com"
]
}
},
@@ -15606,8 +29958,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINUGF2JSOSUY76KYA",
"PolicyName": "AmazonDynamoDBFullAccess",
- "UpdateDate": "2019-05-08T21:20:48+00:00",
- "VersionId": "v9"
+ "UpdateDate": "2021-01-29T17:38:30+00:00",
+ "VersionId": "v15"
},
"AmazonDynamoDBFullAccesswithDataPipeline": {
"Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline",
@@ -15712,7 +30064,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:12+00:00",
- "DefaultVersionId": "v8",
+ "DefaultVersionId": "v13",
"Document": {
"Statement": [
{
@@ -15725,6 +30077,7 @@ aws_managed_policies_data = """
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
+ "cloudwatch:GetMetricData",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
@@ -15736,6 +30089,7 @@ aws_managed_policies_data = """
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
+ "dynamodb:PartiQLSelect",
"dax:Describe*",
"dax:List*",
"dax:GetItem",
@@ -15747,6 +30101,8 @@ aws_managed_policies_data = """
"ec2:DescribeSecurityGroups",
"iam:GetRole",
"iam:ListRoles",
+ "kms:DescribeKey",
+ "kms:ListAliases",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"lambda:ListFunctions",
@@ -15756,10 +30112,18 @@ aws_managed_policies_data = """
"resource-groups:ListGroupResources",
"resource-groups:GetGroup",
"resource-groups:GetGroupQuery",
- "tag:GetResources"
+ "tag:GetResources",
+ "kinesis:ListStreams",
+ "kinesis:DescribeStream",
+ "kinesis:DescribeStreamSummary"
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": "cloudwatch:GetInsightRuleReport",
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*"
}
],
"Version": "2012-10-17"
@@ -15770,14 +30134,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIY2XFNA232XJ6J7X2",
"PolicyName": "AmazonDynamoDBReadOnlyAccess",
- "UpdateDate": "2019-05-08T21:15:48+00:00",
- "VersionId": "v8"
+ "UpdateDate": "2021-01-27T01:01:47+00:00",
+ "VersionId": "v13"
},
"AmazonEC2ContainerRegistryFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-12-21T17:06:48+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -15787,6 +30151,20 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "replication.ecr.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -15797,14 +30175,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIESRL7KD7IIVF6V4W",
"PolicyName": "AmazonEC2ContainerRegistryFullAccess",
- "UpdateDate": "2017-11-10T17:54:49+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-12-05T00:04:19+00:00",
+ "VersionId": "v3"
},
"AmazonEC2ContainerRegistryPowerUser": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser",
"AttachmentCount": 0,
"CreateDate": "2015-12-21T17:05:33+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -15817,6 +30195,10 @@ aws_managed_policies_data = """
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
+ "ecr:GetLifecyclePolicy",
+ "ecr:GetLifecyclePolicyPreview",
+ "ecr:ListTagsForResource",
+ "ecr:DescribeImageScanFindings",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
@@ -15834,14 +30216,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJDNE5PIHROIBGGDDW",
"PolicyName": "AmazonEC2ContainerRegistryPowerUser",
- "UpdateDate": "2016-10-11T22:28:07+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-12-10T20:48:08+00:00",
+ "VersionId": "v3"
},
"AmazonEC2ContainerRegistryReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
"AttachmentCount": 0,
"CreateDate": "2015-12-21T17:04:15+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -15853,7 +30235,11 @@ aws_managed_policies_data = """
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
- "ecr:BatchGetImage"
+ "ecr:BatchGetImage",
+ "ecr:GetLifecyclePolicy",
+ "ecr:GetLifecyclePolicyPreview",
+ "ecr:ListTagsForResource",
+ "ecr:DescribeImageScanFindings"
],
"Effect": "Allow",
"Resource": "*"
@@ -15867,8 +30253,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFYZPA37OOHVIH7KQ",
"PolicyName": "AmazonEC2ContainerRegistryReadOnly",
- "UpdateDate": "2016-10-11T22:08:43+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-12-10T20:56:32+00:00",
+ "VersionId": "v3"
},
"AmazonEC2ContainerServiceAutoscaleRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole",
@@ -15949,51 +30335,6 @@ aws_managed_policies_data = """
"UpdateDate": "2018-05-22T19:13:11+00:00",
"VersionId": "v2"
},
- "AmazonEC2ContainerServiceFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess",
- "AttachmentCount": 0,
- "CreateDate": "2015-04-24T16:54:35+00:00",
- "DefaultVersionId": "v4",
- "Document": {
- "Statement": [
- {
- "Action": [
- "autoscaling:Describe*",
- "autoscaling:UpdateAutoScalingGroup",
- "cloudformation:CreateStack",
- "cloudformation:DeleteStack",
- "cloudformation:DescribeStack*",
- "cloudformation:UpdateStack",
- "cloudwatch:GetMetricStatistics",
- "ec2:Describe*",
- "elasticloadbalancing:*",
- "ecs:*",
- "events:DescribeRule",
- "events:DeleteRule",
- "events:ListRuleNamesByTarget",
- "events:ListTargetsByRule",
- "events:PutRule",
- "events:PutTargets",
- "events:RemoveTargets",
- "iam:ListInstanceProfiles",
- "iam:ListRoles",
- "iam:PassRole"
- ],
- "Effect": "Allow",
- "Resource": "*"
- }
- ],
- "Version": "2012-10-17"
- },
- "IsAttachable": true,
- "IsDefaultVersion": true,
- "Path": "/",
- "PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAJALOYVTPDZEMIACSM",
- "PolicyName": "AmazonEC2ContainerServiceFullAccess",
- "UpdateDate": "2017-06-08T00:18:56+00:00",
- "VersionId": "v4"
- },
"AmazonEC2ContainerServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole",
"AttachmentCount": 0,
@@ -16028,13 +30369,14 @@ aws_managed_policies_data = """
},
"AmazonEC2ContainerServiceforEC2Role": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2015-03-19T18:45:18+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
+ "ec2:DescribeTags",
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
@@ -16062,8 +30404,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLYJCVHC7TQHCSQDS",
"PolicyName": "AmazonEC2ContainerServiceforEC2Role",
- "UpdateDate": "2017-05-17T23:09:13+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2019-06-13T19:11:37+00:00",
+ "VersionId": "v6"
},
"AmazonEC2FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess",
@@ -16164,17 +30506,158 @@ aws_managed_policies_data = """
"UpdateDate": "2015-02-06T18:40:17+00:00",
"VersionId": "v1"
},
- "AmazonEC2ReportsAccess": {
- "Arn": "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess",
+ "AmazonEC2RolePolicyForLaunchWizard": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonEC2RolePolicyForLaunchWizard",
"AttachmentCount": 0,
- "CreateDate": "2015-02-06T18:40:16+00:00",
- "DefaultVersionId": "v1",
+ "CreateDate": "2019-11-13T08:05:53+00:00",
+ "DefaultVersionId": "v7",
"Document": {
"Statement": [
{
- "Action": "ec2-reports:*",
+ "Action": [
+ "ec2:AttachVolume",
+ "ec2:RebootInstances",
+ "ec2:StartInstances",
+ "ec2:StopInstances"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/LaunchWizardResourceGroupID": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:volume/*",
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:ReplaceRoute"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/LaunchWizardApplicationType": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:route-table/*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeAddresses",
+ "ec2:AssociateAddress",
+ "ec2:DescribeInstances",
+ "ec2:DescribeImages",
+ "ec2:DescribeRegions",
+ "ec2:DescribeVolumes",
+ "ec2:DescribeRouteTables",
+ "ec2:ModifyInstanceAttribute",
+ "cloudwatch:GetMetricStatistics",
+ "cloudwatch:PutMetricData",
+ "ssm:GetCommandInvocation"
+ ],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags",
+ "ec2:CreateVolume"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": [
+ "LaunchWizardResourceGroupID",
+ "LaunchWizardApplicationType"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:ListBucket",
+ "s3:PutObject",
+ "s3:PutObjectTagging",
+ "s3:GetBucketLocation",
+ "logs:PutLogEvents",
+ "logs:DescribeLogGroups",
+ "logs:DescribeLogStreams"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:*",
+ "arn:aws:s3:::launchwizard*",
+ "arn:aws:s3:::aws-sap-data-provider/config.properties"
+ ]
+ },
+ {
+ "Action": "logs:Create*",
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:*"
+ },
+ {
+ "Action": [
+ "ec2:Describe*",
+ "cloudformation:DescribeStackResources",
+ "cloudformation:SignalResource",
+ "cloudformation:DescribeStackResource",
+ "cloudformation:DescribeStacks"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": "LaunchWizardResourceGroupID"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "dynamodb:BatchGetItem",
+ "dynamodb:PutItem",
+ "sqs:ReceiveMessage",
+ "sqs:SendMessage",
+ "dynamodb:Scan",
+ "s3:ListBucket",
+ "dynamodb:Query",
+ "dynamodb:UpdateItem",
+ "dynamodb:DeleteTable",
+ "dynamodb:CreateTable",
+ "s3:GetObject",
+ "dynamodb:DescribeTable",
+ "s3:GetBucketLocation",
+ "dynamodb:UpdateTable"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::launchwizard*",
+ "arn:aws:dynamodb:*:*:table/LaunchWizard*",
+ "arn:aws:sqs:*:*:LaunchWizard*"
+ ]
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Condition": {
+ "StringLike": {
+ "ssm:resourceTag/LaunchWizardApplicationType": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": [
+ "ssm:SendCommand",
+ "ssm:GetDocument"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/AWSSAP-InstallBackint"
+ ]
}
],
"Version": "2012-10-17"
@@ -16183,10 +30666,10 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAIU6NBZVF2PCRW36ZW",
- "PolicyName": "AmazonEC2ReportsAccess",
- "UpdateDate": "2015-02-06T18:40:16+00:00",
- "VersionId": "v1"
+ "PolicyId": "ANPAZKAPJZG4CBGI56NFS",
+ "PolicyName": "AmazonEC2RolePolicyForLaunchWizard",
+ "UpdateDate": "2020-10-09T22:28:01+00:00",
+ "VersionId": "v7"
},
"AmazonEC2RoleforAWSCodeDeploy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy",
@@ -16216,6 +30699,48 @@ aws_managed_policies_data = """
"UpdateDate": "2017-03-20T17:14:10+00:00",
"VersionId": "v2"
},
+ "AmazonEC2RoleforAWSCodeDeployLimited": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeployLimited",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-24T17:55:18+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:GetObjectVersion",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::*/CodeDeploy/*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:GetObjectVersion",
+ "s3:ListBucket"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "s3:ExistingObjectTag/UseWithCodeDeploy": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NN2A7WC6C",
+ "PolicyName": "AmazonEC2RoleforAWSCodeDeployLimited",
+ "UpdateDate": "2020-08-24T17:55:18+00:00",
+ "VersionId": "v1"
+ },
"AmazonEC2RoleforDataPipelineRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole",
"AttachmentCount": 0,
@@ -16416,62 +30941,11 @@ aws_managed_policies_data = """
"UpdateDate": "2019-02-18T19:17:03+00:00",
"VersionId": "v3"
},
- "AmazonEC2SpotFleetRole": {
- "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole",
- "AttachmentCount": 0,
- "CreateDate": "2015-05-18T23:28:05+00:00",
- "DefaultVersionId": "v4",
- "Document": {
- "Statement": [
- {
- "Action": [
- "ec2:DescribeImages",
- "ec2:DescribeSubnets",
- "ec2:RequestSpotInstances",
- "ec2:TerminateInstances",
- "ec2:DescribeInstanceStatus",
- "iam:PassRole"
- ],
- "Effect": "Allow",
- "Resource": [
- "*"
- ]
- },
- {
- "Action": [
- "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
- ],
- "Effect": "Allow",
- "Resource": [
- "arn:aws:elasticloadbalancing:*:*:loadbalancer/*"
- ]
- },
- {
- "Action": [
- "elasticloadbalancing:RegisterTargets"
- ],
- "Effect": "Allow",
- "Resource": [
- "*"
- ]
- }
- ],
- "Version": "2012-10-17"
- },
- "IsAttachable": true,
- "IsDefaultVersion": true,
- "Path": "/service-role/",
- "PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAIMRTKHWK7ESSNETSW",
- "PolicyName": "AmazonEC2SpotFleetRole",
- "UpdateDate": "2017-11-07T19:14:10+00:00",
- "VersionId": "v4"
- },
"AmazonEC2SpotFleetTaggingRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole",
"AttachmentCount": 0,
"CreateDate": "2017-06-29T18:19:29+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -16481,7 +30955,8 @@ aws_managed_policies_data = """
"ec2:RequestSpotInstances",
"ec2:TerminateInstances",
"ec2:DescribeInstanceStatus",
- "ec2:CreateTags"
+ "ec2:CreateTags",
+ "ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
@@ -16518,7 +30993,7 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": [
- "*"
+ "arn:aws:elasticloadbalancing:*:*:*/*"
]
}
],
@@ -16530,14 +31005,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5U6UMLCEYLX5OLC4",
"PolicyName": "AmazonEC2SpotFleetTaggingRole",
- "UpdateDate": "2017-11-17T22:51:17+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-04-23T19:30:49+00:00",
+ "VersionId": "v5"
},
"AmazonECSServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2017-10-14T01:18:58+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -16570,6 +31045,50 @@ aws_managed_policies_data = """
"Resource": "*",
"Sid": "ECSTaskManagement"
},
+ {
+ "Action": [
+ "autoscaling:Describe*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AutoScaling"
+ },
+ {
+ "Action": [
+ "autoscaling:DeletePolicy",
+ "autoscaling:PutScalingPolicy",
+ "autoscaling:SetInstanceProtection",
+ "autoscaling:UpdateAutoScalingGroup"
+ ],
+ "Condition": {
+ "Null": {
+ "autoscaling:ResourceTag/AmazonECSManaged": "false"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AutoScalingManagement"
+ },
+ {
+ "Action": [
+ "autoscaling-plans:CreateScalingPlan",
+ "autoscaling-plans:DeleteScalingPlan",
+ "autoscaling-plans:DescribeScalingPlans"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AutoScalingPlanManagement"
+ },
+ {
+ "Action": [
+ "cloudwatch:DeleteAlarms",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:PutMetricAlarm"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudwatch:*:*:alarm:*",
+ "Sid": "CWAlarmManagement"
+ },
{
"Action": [
"ec2:CreateTags"
@@ -16577,6 +31096,45 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*",
"Sid": "ECSTagging"
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup",
+ "logs:DescribeLogGroups",
+ "logs:PutRetentionPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*",
+ "Sid": "CWLogGroupManagement"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*",
+ "Sid": "CWLogStreamManagement"
+ },
+ {
+ "Action": [
+ "ssm:DescribeSessions"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ExecuteCommandSessionManagement"
+ },
+ {
+ "Action": [
+ "ssm:StartSession"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ecs:*:*:task/*",
+ "arn:aws:ssm:*:*:document/AmazonECS-ExecuteInteractiveCommand"
+ ],
+ "Sid": "ExecuteCommand"
}
],
"Version": "2012-10-17"
@@ -16587,12 +31145,12 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIVUWKCAI7URU4WUEI",
"PolicyName": "AmazonECSServiceRolePolicy",
- "UpdateDate": "2018-10-18T23:18:18+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2021-01-13T20:04:13+00:00",
+ "VersionId": "v8"
},
"AmazonECSTaskExecutionRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2017-11-16T18:48:22+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -16625,7 +31183,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonECS_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-07T21:36:54+00:00",
- "DefaultVersionId": "v15",
+ "DefaultVersionId": "v19",
"Document": {
"Statement": [
{
@@ -16637,44 +31195,47 @@ aws_managed_policies_data = """
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
- "autoscaling:UpdateAutoScalingGroup",
+ "appmesh:DescribeVirtualGateway",
+ "appmesh:DescribeVirtualNode",
+ "appmesh:ListMeshes",
+ "appmesh:ListVirtualGateways",
+ "appmesh:ListVirtualNodes",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:Describe*",
+ "autoscaling:UpdateAutoScalingGroup",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStack*",
"cloudformation:UpdateStack",
- "cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms",
+ "cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm",
+ "codedeploy:BatchGetApplicationRevisions",
+ "codedeploy:BatchGetApplications",
+ "codedeploy:BatchGetDeploymentGroups",
+ "codedeploy:BatchGetDeployments",
+ "codedeploy:ContinueDeployment",
"codedeploy:CreateApplication",
"codedeploy:CreateDeployment",
"codedeploy:CreateDeploymentGroup",
"codedeploy:GetApplication",
+ "codedeploy:GetApplicationRevision",
"codedeploy:GetDeployment",
+ "codedeploy:GetDeploymentConfig",
"codedeploy:GetDeploymentGroup",
+ "codedeploy:GetDeploymentTarget",
+ "codedeploy:ListApplicationRevisions",
"codedeploy:ListApplications",
+ "codedeploy:ListDeploymentConfigs",
"codedeploy:ListDeploymentGroups",
"codedeploy:ListDeployments",
- "codedeploy:StopDeployment",
- "codedeploy:GetDeploymentTarget",
"codedeploy:ListDeploymentTargets",
- "codedeploy:GetDeploymentConfig",
- "codedeploy:GetApplicationRevision",
"codedeploy:RegisterApplicationRevision",
- "codedeploy:BatchGetApplicationRevisions",
- "codedeploy:BatchGetDeploymentGroups",
- "codedeploy:BatchGetDeployments",
- "codedeploy:BatchGetApplications",
- "codedeploy:ListApplicationRevisions",
- "codedeploy:ListDeploymentConfigs",
- "codedeploy:ContinueDeployment",
- "sns:ListTopics",
- "lambda:ListFunctions",
+ "codedeploy:StopDeployment",
"ec2:AssociateRouteTable",
"ec2:AttachInternetGateway",
"ec2:AuthorizeSecurityGroupIngress",
@@ -16694,8 +31255,11 @@ aws_managed_policies_data = """
"ec2:DisassociateRouteTable",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
- "ec2:RunInstances",
"ec2:RequestSpotFleet",
+ "ec2:RunInstances",
+ "ecs:*",
+ "elasticfilesystem:DescribeAccessPoints",
+ "elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateRule",
@@ -16708,34 +31272,36 @@ aws_managed_policies_data = """
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTargetGroups",
- "ecs:*",
- "events:DescribeRule",
"events:DeleteRule",
+ "events:DescribeRule",
"events:ListRuleNamesByTarget",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
+ "fsx:DescribeFileSystems",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfiles",
"iam:ListRoles",
+ "lambda:ListFunctions",
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"logs:FilterLogEvents",
- "route53:GetHostedZone",
- "route53:ListHostedZonesByName",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:GetHealthCheck",
+ "route53:GetHostedZone",
+ "route53:ListHostedZonesByName",
"servicediscovery:CreatePrivateDnsNamespace",
"servicediscovery:CreateService",
+ "servicediscovery:DeleteService",
"servicediscovery:GetNamespace",
"servicediscovery:GetOperation",
"servicediscovery:GetService",
"servicediscovery:ListNamespaces",
"servicediscovery:ListServices",
"servicediscovery:UpdateService",
- "servicediscovery:DeleteService"
+ "sns:ListTopics"
],
"Effect": "Allow",
"Resource": [
@@ -16744,9 +31310,9 @@ aws_managed_policies_data = """
},
{
"Action": [
- "ssm:GetParametersByPath",
+ "ssm:GetParameter",
"ssm:GetParameters",
- "ssm:GetParameter"
+ "ssm:GetParametersByPath"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/aws/service/ecs*"
@@ -16815,11 +31381,11 @@ aws_managed_policies_data = """
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
+ "autoscaling.amazonaws.com",
"ecs.amazonaws.com",
- "spot.amazonaws.com",
- "spotfleet.amazonaws.com",
"ecs.application-autoscaling.amazonaws.com",
- "autoscaling.amazonaws.com"
+ "spot.amazonaws.com",
+ "spotfleet.amazonaws.com"
]
}
},
@@ -16835,14 +31401,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7S7AN6YQPTJC7IFS",
"PolicyName": "AmazonECS_FullAccess",
- "UpdateDate": "2019-02-04T18:44:48+00:00",
- "VersionId": "v15"
+ "UpdateDate": "2020-10-12T21:02:23+00:00",
+ "VersionId": "v19"
},
"AmazonEKSClusterPolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-27T21:06:14+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -16866,6 +31432,7 @@ aws_managed_policies_data = """
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
+ "ec2:DescribeNetworkInterfaces",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume",
@@ -16925,14 +31492,77 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIBTLDQMIC6UOIGFWA",
"PolicyName": "AmazonEKSClusterPolicy",
- "UpdateDate": "2019-05-22T22:04:46+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-02-21T20:10:11+00:00",
+ "VersionId": "v4"
+ },
+ "AmazonEKSFargatePodExecutionRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-22T04:34:29+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ecr:GetAuthorizationToken",
+ "ecr:BatchCheckLayerAvailability",
+ "ecr:GetDownloadUrlForLayer",
+ "ecr:BatchGetImage"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FJRXZH7YQ",
+ "PolicyName": "AmazonEKSFargatePodExecutionRolePolicy",
+ "UpdateDate": "2019-11-22T04:34:29+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonEKSForFargateServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-22T04:36:25+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:CreateNetworkInterface",
+ "ec2:CreateNetworkInterfacePermission",
+ "ec2:DeleteNetworkInterface",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeDhcpOptions",
+ "ec2:DescribeRouteTables"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JAUTVFICB",
+ "PolicyName": "AmazonEKSForFargateServiceRolePolicy",
+ "UpdateDate": "2019-11-22T04:36:25+00:00",
+ "VersionId": "v1"
},
"AmazonEKSServicePolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-27T21:08:21+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -16942,11 +31572,13 @@ aws_managed_policies_data = """
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
+ "ec2:DetachNetworkInterface",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
- "iam:ListAttachedRolePolicies"
+ "iam:ListAttachedRolePolicies",
+ "eks:UpdateClusterVersion"
],
"Effect": "Allow",
"Resource": "*"
@@ -16984,6 +31616,16 @@ aws_managed_policies_data = """
"Action": "logs:PutLogEvents",
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "eks.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -16994,8 +31636,160 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFCNXU6HPGCIVXYDI",
"PolicyName": "AmazonEKSServicePolicy",
- "UpdateDate": "2019-02-26T21:01:48+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-05-27T19:27:03+00:00",
+ "VersionId": "v6"
+ },
+ "AmazonEKSServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-02-21T20:10:47+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:CreateNetworkInterface",
+ "ec2:DeleteNetworkInterface",
+ "ec2:DetachNetworkInterface",
+ "ec2:ModifyNetworkInterfaceAttribute",
+ "ec2:DescribeInstances",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ec2:CreateNetworkInterfacePermission",
+ "iam:ListAttachedRolePolicies",
+ "ec2:CreateSecurityGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DeleteSecurityGroup",
+ "ec2:RevokeSecurityGroupIngress",
+ "ec2:AuthorizeSecurityGroupIngress"
+ ],
+ "Condition": {
+ "ForAnyValue:StringLike": {
+ "ec2:ResourceTag/Name": "eks-cluster-sg*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:security-group/*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags",
+ "ec2:DeleteTags"
+ ],
+ "Condition": {
+ "ForAnyValue:StringLike": {
+ "aws:TagKeys": [
+ "kubernetes.io/cluster/*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:vpc/*",
+ "arn:aws:ec2:*:*:subnet/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CreateTags",
+ "ec2:DeleteTags"
+ ],
+ "Condition": {
+ "ForAnyValue:StringLike": {
+ "aws:RequestTag/Name": "eks-cluster-sg*",
+ "aws:TagKeys": [
+ "kubernetes.io/cluster/*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:security-group/*"
+ ]
+ },
+ {
+ "Action": "route53:AssociateVPCWithHostedZone",
+ "Effect": "Allow",
+ "Resource": "arn:aws:route53:::hostedzone/*"
+ },
+ {
+ "Action": "logs:CreateLogGroup",
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:DescribeLogStreams"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*"
+ },
+ {
+ "Action": "logs:PutLogEvents",
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KZBLSP26Y",
+ "PolicyName": "AmazonEKSServiceRolePolicy",
+ "UpdateDate": "2020-05-27T19:30:19+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonEKSVPCResourceController": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-12T00:55:34+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "ec2:CreateNetworkInterfacePermission",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "ec2:ResourceTag/eks:eni:owner": "eks-vpc-resource-controller"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateNetworkInterface",
+ "ec2:DetachNetworkInterface",
+ "ec2:ModifyNetworkInterfaceAttribute",
+ "ec2:DeleteNetworkInterface",
+ "ec2:AttachNetworkInterface",
+ "ec2:UnassignPrivateIpAddresses",
+ "ec2:AssignPrivateIpAddresses"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PBOFT2NNA",
+ "PolicyName": "AmazonEKSVPCResourceController",
+ "UpdateDate": "2020-08-12T00:55:34+00:00",
+ "VersionId": "v1"
},
"AmazonEKSWorkerNodePolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
@@ -17034,7 +31828,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
"AttachmentCount": 0,
"CreateDate": "2018-05-27T21:07:42+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -17044,9 +31838,12 @@ aws_managed_policies_data = """
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
+ "ec2:DescribeTags",
"ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeInstanceTypes",
"ec2:DetachNetworkInterface",
- "ec2:ModifyNetworkInterfaceAttribute"
+ "ec2:ModifyNetworkInterfaceAttribute",
+ "ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": "*"
@@ -17069,20 +31866,22 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWLAS474LDBXNNTM4",
"PolicyName": "AmazonEKS_CNI_Policy",
- "UpdateDate": "2018-05-31T22:16:00+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-04-20T20:52:01+00:00",
+ "VersionId": "v4"
},
"AmazonEMRCleanupPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRCleanupPolicy",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2017-09-26T23:54:19+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
+ "ec2:DescribeLaunchTemplates",
"ec2:DescribeSpotInstanceRequests",
+ "ec2:DeleteLaunchTemplate",
"ec2:ModifyInstanceAttribute",
"ec2:TerminateInstances",
"ec2:CancelSpotInstanceRequests",
@@ -17091,7 +31890,9 @@ aws_managed_policies_data = """
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
- "ec2:DeleteVolume"
+ "ec2:DeleteVolume",
+ "ec2:DescribePlacementGroups",
+ "ec2:DeletePlacementGroup"
],
"Effect": "Allow",
"Resource": "*"
@@ -17105,7 +31906,38 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4YEZURRMKACW56EA",
"PolicyName": "AmazonEMRCleanupPolicy",
- "UpdateDate": "2017-09-26T23:54:19+00:00",
+ "UpdateDate": "2020-09-29T21:11:54+00:00",
+ "VersionId": "v3"
+ },
+ "AmazonEMRContainersServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRContainersServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-09T00:38:19+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "eks:DescribeCluster",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeSecurityGroups",
+ "elasticloadbalancing:DescribeInstanceHealth",
+ "elasticloadbalancing:DescribeLoadBalancers"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4P24YZ52G4",
+ "PolicyName": "AmazonEMRContainersServiceRolePolicy",
+ "UpdateDate": "2020-12-09T00:38:19+00:00",
"VersionId": "v1"
},
"AmazonESCognitoAccess": {
@@ -17268,15 +32100,202 @@ aws_managed_policies_data = """
"UpdateDate": "2015-02-06T18:40:21+00:00",
"VersionId": "v1"
},
- "AmazonElasticFileSystemFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess",
+ "AmazonElasticContainerRegistryPublicFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess",
"AttachmentCount": 0,
- "CreateDate": "2015-05-27T16:22:28+00:00",
- "DefaultVersionId": "v3",
+ "CreateDate": "2020-12-01T17:25:52+00:00",
+ "DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
+ "ecr-public:*",
+ "sts:GetServiceBearerToken"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4F2SFMTI3G",
+ "PolicyName": "AmazonElasticContainerRegistryPublicFullAccess",
+ "UpdateDate": "2020-12-01T17:25:52+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonElasticContainerRegistryPublicPowerUser": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicPowerUser",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T16:16:54+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ecr-public:GetAuthorizationToken",
+ "sts:GetServiceBearerToken",
+ "ecr-public:BatchCheckLayerAvailability",
+ "ecr-public:GetRepositoryPolicy",
+ "ecr-public:DescribeRepositories",
+ "ecr-public:DescribeRegistries",
+ "ecr-public:DescribeImages",
+ "ecr-public:DescribeImageTags",
+ "ecr-public:GetRepositoryCatalogData",
+ "ecr-public:GetRegistryCatalogData",
+ "ecr-public:InitiateLayerUpload",
+ "ecr-public:UploadLayerPart",
+ "ecr-public:CompleteLayerUpload",
+ "ecr-public:PutImage"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4P6F7N3OP7",
+ "PolicyName": "AmazonElasticContainerRegistryPublicPowerUser",
+ "UpdateDate": "2020-12-01T16:16:54+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonElasticContainerRegistryPublicReadOnly": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T17:27:04+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ecr-public:GetAuthorizationToken",
+ "sts:GetServiceBearerToken",
+ "ecr-public:BatchCheckLayerAvailability",
+ "ecr-public:GetRepositoryPolicy",
+ "ecr-public:DescribeRepositories",
+ "ecr-public:DescribeRegistries",
+ "ecr-public:DescribeImages",
+ "ecr-public:DescribeImageTags",
+ "ecr-public:GetRepositoryCatalogData",
+ "ecr-public:GetRegistryCatalogData"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AD7UYLF25",
+ "PolicyName": "AmazonElasticContainerRegistryPublicReadOnly",
+ "UpdateDate": "2020-12-01T17:27:04+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonElasticFileSystemClientFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-01-13T16:27:00+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elasticfilesystem:ClientMount",
+ "elasticfilesystem:ClientRootAccess",
+ "elasticfilesystem:ClientWrite",
+ "elasticfilesystem:DescribeMountTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KAMR2MLDF",
+ "PolicyName": "AmazonElasticFileSystemClientFullAccess",
+ "UpdateDate": "2020-01-13T16:27:00+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonElasticFileSystemClientReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-01-13T16:24:36+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elasticfilesystem:ClientMount",
+ "elasticfilesystem:DescribeMountTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LBXR6UPYS",
+ "PolicyName": "AmazonElasticFileSystemClientReadOnlyAccess",
+ "UpdateDate": "2020-01-13T16:24:36+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonElasticFileSystemClientReadWriteAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-01-13T16:21:55+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elasticfilesystem:ClientMount",
+ "elasticfilesystem:ClientWrite",
+ "elasticfilesystem:DescribeMountTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4H74P6RBOF",
+ "PolicyName": "AmazonElasticFileSystemClientReadWriteAccess",
+ "UpdateDate": "2020-01-13T16:21:55+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonElasticFileSystemFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2015-05-27T16:22:28+00:00",
+ "DefaultVersionId": "v6",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudwatch:DescribeAlarmsForMetric",
+ "cloudwatch:GetMetricData",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeAvailabilityZones",
@@ -17287,12 +32306,50 @@ aws_managed_policies_data = """
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
- "elasticfilesystem:*",
+ "elasticfilesystem:CreateFileSystem",
+ "elasticfilesystem:CreateMountTarget",
+ "elasticfilesystem:CreateTags",
+ "elasticfilesystem:CreateAccessPoint",
+ "elasticfilesystem:DeleteFileSystem",
+ "elasticfilesystem:DeleteMountTarget",
+ "elasticfilesystem:DeleteTags",
+ "elasticfilesystem:DeleteAccessPoint",
+ "elasticfilesystem:DeleteFileSystemPolicy",
+ "elasticfilesystem:DescribeBackupPolicy",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticfilesystem:DescribeFileSystemPolicy",
+ "elasticfilesystem:DescribeLifecycleConfiguration",
+ "elasticfilesystem:DescribeMountTargets",
+ "elasticfilesystem:DescribeMountTargetSecurityGroups",
+ "elasticfilesystem:DescribeTags",
+ "elasticfilesystem:DescribeAccessPoints",
+ "elasticfilesystem:ModifyMountTargetSecurityGroups",
+ "elasticfilesystem:PutBackupPolicy",
+ "elasticfilesystem:PutLifecycleConfiguration",
+ "elasticfilesystem:PutFileSystemPolicy",
+ "elasticfilesystem:UpdateFileSystem",
+ "elasticfilesystem:TagResource",
+ "elasticfilesystem:UntagResource",
+ "elasticfilesystem:ListTagsForResource",
+ "elasticfilesystem:Backup",
+ "elasticfilesystem:Restore",
"kms:DescribeKey",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": [
+ "elasticfilesystem.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -17303,18 +32360,20 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKXTMNVQGIDNCKPBC",
"PolicyName": "AmazonElasticFileSystemFullAccess",
- "UpdateDate": "2017-08-14T10:18:34+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-07-16T16:46:23+00:00",
+ "VersionId": "v6"
},
"AmazonElasticFileSystemReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-27T16:25:25+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
+ "cloudwatch:DescribeAlarmsForMetric",
+ "cloudwatch:GetMetricData",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
@@ -17322,7 +32381,15 @@ aws_managed_policies_data = """
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
- "elasticfilesystem:Describe*",
+ "elasticfilesystem:DescribeBackupPolicy",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticfilesystem:DescribeFileSystemPolicy",
+ "elasticfilesystem:DescribeLifecycleConfiguration",
+ "elasticfilesystem:DescribeMountTargets",
+ "elasticfilesystem:DescribeMountTargetSecurityGroups",
+ "elasticfilesystem:DescribeTags",
+ "elasticfilesystem:DescribeAccessPoints",
+ "elasticfilesystem:ListTagsForResource",
"kms:ListAliases"
],
"Effect": "Allow",
@@ -17337,9 +32404,185 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPN5S4NE5JJOKVC4Y",
"PolicyName": "AmazonElasticFileSystemReadOnlyAccess",
- "UpdateDate": "2017-08-14T10:09:49+00:00",
+ "UpdateDate": "2020-07-16T16:46:50+00:00",
+ "VersionId": "v5"
+ },
+ "AmazonElasticFileSystemServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-05T16:52:41+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "backup-storage:MountCapsule",
+ "ec2:CreateNetworkInterface",
+ "ec2:DeleteNetworkInterface",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeNetworkInterfaceAttribute",
+ "ec2:ModifyNetworkInterfaceAttribute",
+ "tag:GetResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:DescribeKey"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:kms:*:*:key/*"
+ },
+ {
+ "Action": [
+ "backup:CreateBackupVault",
+ "backup:PutBackupVaultAccessPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:backup:*:*:backup-vault:aws/efs/automatic-backup-vault"
+ ]
+ },
+ {
+ "Action": [
+ "backup:CreateBackupPlan",
+ "backup:CreateBackupSelection"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:backup:*:*:backup-plan:*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": [
+ "backup.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:PassedToService": "backup.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FXCJYWBN7",
+ "PolicyName": "AmazonElasticFileSystemServiceRolePolicy",
+ "UpdateDate": "2020-07-16T19:27:41+00:00",
"VersionId": "v3"
},
+ "AmazonElasticFileSystemsUtils": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-29T15:16:47+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ssm:DescribeAssociation",
+ "ssm:GetDeployablePatchSnapshotForInstance",
+ "ssm:GetDocument",
+ "ssm:DescribeDocument",
+ "ssm:GetManifest",
+ "ssm:GetParameter",
+ "ssm:GetParameters",
+ "ssm:ListAssociations",
+ "ssm:ListInstanceAssociations",
+ "ssm:PutInventory",
+ "ssm:PutComplianceItems",
+ "ssm:PutConfigurePackageResult",
+ "ssm:UpdateAssociationStatus",
+ "ssm:UpdateInstanceAssociationStatus",
+ "ssm:UpdateInstanceInformation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ssmmessages:CreateControlChannel",
+ "ssmmessages:CreateDataChannel",
+ "ssmmessages:OpenControlChannel",
+ "ssmmessages:OpenDataChannel"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2messages:AcknowledgeMessage",
+ "ec2messages:DeleteMessage",
+ "ec2messages:FailMessage",
+ "ec2messages:GetEndpoint",
+ "ec2messages:GetMessages",
+ "ec2messages:SendReply"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "elasticfilesystem:DescribeMountTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeAvailabilityZones"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:PutLogEvents",
+ "logs:DescribeLogStreams",
+ "logs:DescribeLogGroups",
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "logs:PutRetentionPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KVOAQRKXW",
+ "PolicyName": "AmazonElasticFileSystemsUtils",
+ "UpdateDate": "2020-09-29T15:16:47+00:00",
+ "VersionId": "v1"
+ },
"AmazonElasticMapReduceEditorsRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceEditorsRole",
"AttachmentCount": 0,
@@ -17398,7 +32641,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:22+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v7",
"Document": {
"Statement": [
{
@@ -17442,10 +32685,7 @@ aws_managed_policies_data = """
"iam:PassRole",
"kms:List*",
"s3:*",
- "sdb:*",
- "support:CreateCase",
- "support:DescribeServices",
- "support:DescribeSeverityLevels"
+ "sdb:*"
],
"Effect": "Allow",
"Resource": "*"
@@ -17472,20 +32712,55 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZP5JFP3AMSGINBB2",
"PolicyName": "AmazonElasticMapReduceFullAccess",
- "UpdateDate": "2018-01-23T19:40:00+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2019-10-11T15:19:30+00:00",
+ "VersionId": "v7"
+ },
+ "AmazonElasticMapReducePlacementGroupPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReducePlacementGroupPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-29T00:37:08+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DeletePlacementGroup",
+ "ec2:DescribePlacementGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreatePlacementGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:placement-group/EMR_*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LC2KU77YD",
+ "PolicyName": "AmazonElasticMapReducePlacementGroupPolicy",
+ "UpdateDate": "2020-09-29T00:37:08+00:00",
+ "VersionId": "v1"
},
"AmazonElasticMapReduceReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:23+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
+ "elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:ViewEventsFromAllClustersInConsole",
"s3:GetObject",
"s3:ListAllMyBuckets",
@@ -17505,14 +32780,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIHP6NH2S6GYFCOINC",
"PolicyName": "AmazonElasticMapReduceReadOnlyAccess",
- "UpdateDate": "2017-05-22T23:00:19+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-07-29T23:14:09+00:00",
+ "VersionId": "v3"
},
"AmazonElasticMapReduceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2015-02-06T18:41:20+00:00",
- "DefaultVersionId": "v9",
+ "DefaultVersionId": "v10",
"Document": {
"Statement": [
{
@@ -17520,9 +32795,12 @@ aws_managed_policies_data = """
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotInstanceRequests",
+ "ec2:CreateFleet",
+ "ec2:CreateLaunchTemplate",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
+ "ec2:DeleteLaunchTemplate",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DeleteTags",
@@ -17533,6 +32811,7 @@ aws_managed_policies_data = """
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
+ "ec2:DescribeLaunchTemplates",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
@@ -17603,12 +32882,12 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIDI2BQT2LKXZG36TW",
"PolicyName": "AmazonElasticMapReduceRole",
- "UpdateDate": "2017-12-12T00:47:45+00:00",
- "VersionId": "v9"
+ "UpdateDate": "2020-06-24T22:24:20+00:00",
+ "VersionId": "v10"
},
"AmazonElasticMapReduceforAutoScalingRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2016-11-18T01:09:10+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -17636,7 +32915,7 @@ aws_managed_policies_data = """
},
"AmazonElasticMapReduceforEC2Role": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2015-02-06T18:41:21+00:00",
"DefaultVersionId": "v3",
"Document": {
@@ -17709,14 +32988,15 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:26+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
- "s3:Put*",
"s3:Get*",
+ "s3:PutObject",
+ "s3:PutObjectAcl",
"s3:*MultipartUpload*"
],
"Effect": "Allow",
@@ -17734,20 +33014,6 @@ aws_managed_policies_data = """
"*"
],
"Sid": "2"
- },
- {
- "Action": [
- "s3:*Policy*",
- "sns:*Permission*",
- "sns:*Delete*",
- "s3:*Delete*",
- "sns:*Remove*"
- ],
- "Effect": "Deny",
- "Resource": [
- "*"
- ],
- "Sid": "3"
}
],
"Version": "2012-10-17"
@@ -17758,14 +33024,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNW3WMKVXFJ2KPIQ2",
"PolicyName": "AmazonElasticTranscoderRole",
- "UpdateDate": "2015-02-06T18:41:26+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-06-13T22:48:22+00:00",
+ "VersionId": "v2"
},
"AmazonElasticTranscoder_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-04-27T18:59:35+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -17773,7 +33039,6 @@ aws_managed_policies_data = """
"elastictranscoder:*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
- "s3:ListObjects",
"iam:ListRoles",
"sns:ListTopics"
],
@@ -17803,14 +33068,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICFT6XVF3RSR4E7JG",
"PolicyName": "AmazonElasticTranscoder_FullAccess",
- "UpdateDate": "2018-04-27T18:59:35+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-06-10T22:51:51+00:00",
+ "VersionId": "v2"
},
"AmazonElasticTranscoder_JobsSubmitter": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_JobsSubmitter",
"AttachmentCount": 0,
"CreateDate": "2018-06-07T21:12:16+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -17821,7 +33086,6 @@ aws_managed_policies_data = """
"elastictranscoder:*Preset",
"s3:ListAllMyBuckets",
"s3:ListBucket",
- "s3:ListObjects",
"iam:ListRoles",
"sns:ListTopics"
],
@@ -17837,14 +33101,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7AUMMRQOVZRI734S",
"PolicyName": "AmazonElasticTranscoder_JobsSubmitter",
- "UpdateDate": "2018-06-07T21:12:16+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-06-10T22:49:34+00:00",
+ "VersionId": "v2"
},
"AmazonElasticTranscoder_ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_ReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-06-07T21:09:56+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -17853,7 +33117,6 @@ aws_managed_policies_data = """
"elastictranscoder:List*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
- "s3:ListObjects",
"iam:ListRoles",
"sns:ListTopics"
],
@@ -17869,14 +33132,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3R3CR6KVEWD4DPFY",
"PolicyName": "AmazonElasticTranscoder_ReadOnlyAccess",
- "UpdateDate": "2018-06-07T21:09:56+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-06-10T22:48:32+00:00",
+ "VersionId": "v2"
},
"AmazonElasticsearchServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-07-07T00:15:31+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -17887,7 +33150,9 @@ aws_managed_policies_data = """
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
- "ec2:DescribeVpcs"
+ "ec2:DescribeVpcs",
+ "elasticloadbalancing:AddListenerCertificates",
+ "elasticloadbalancing:RemoveListenerCertificates"
],
"Effect": "Allow",
"Resource": "*",
@@ -17902,18 +33167,310 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFEWZPHXKLCVHEUIC",
"PolicyName": "AmazonElasticsearchServiceRolePolicy",
- "UpdateDate": "2018-02-08T21:38:27+00:00",
+ "UpdateDate": "2020-08-31T10:30:23+00:00",
+ "VersionId": "v3"
+ },
+ "AmazonEventBridgeApiDestinationsServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-11T20:52:05+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "secretsmanager:CreateSecret",
+ "secretsmanager:UpdateSecret",
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:DeleteSecret",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:PutSecretValue"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:secretsmanager:*:*:secret:events!connection/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GHQV22EVJ",
+ "PolicyName": "AmazonEventBridgeApiDestinationsServiceRolePolicy",
+ "UpdateDate": "2021-02-11T20:52:05+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonEventBridgeFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-11T14:08:55+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "events:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringLike": {
+ "iam:PassedToService": "events.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BUM4GCASI",
+ "PolicyName": "AmazonEventBridgeFullAccess",
+ "UpdateDate": "2019-07-11T14:08:55+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonEventBridgeReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-11T13:59:07+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "events:DescribeRule",
+ "events:DescribeEventBus",
+ "events:DescribeEventSource",
+ "events:ListEventBuses",
+ "events:ListEventSources",
+ "events:ListRuleNamesByTarget",
+ "events:ListRules",
+ "events:ListTargetsByRule",
+ "events:TestEventPattern",
+ "events:DescribeArchive",
+ "events:ListArchives",
+ "events:DescribeReplay",
+ "events:ListReplays"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BDMP3LZME",
+ "PolicyName": "AmazonEventBridgeReadOnlyAccess",
+ "UpdateDate": "2020-11-06T03:15:41+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonEventBridgeSchemasFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-28T23:12:53+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "schemas:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AmazonEventBridgeSchemasFullAccess"
+ },
+ {
+ "Action": [
+ "events:PutRule",
+ "events:PutTargets",
+ "events:EnableRule",
+ "events:DisableRule",
+ "events:DeleteRule",
+ "events:RemoveTargets",
+ "events:ListTargetsByRule"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:events:*:*:rule/*Schemas*",
+ "Sid": "AmazonEventBridgeManageRule"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas",
+ "Sid": "IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JF3KP3V5J",
+ "PolicyName": "AmazonEventBridgeSchemasFullAccess",
+ "UpdateDate": "2019-11-28T23:12:53+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonEventBridgeSchemasReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-28T23:05:57+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "schemas:ListDiscoverers",
+ "schemas:DescribeDiscoverer",
+ "schemas:ListRegistries",
+ "schemas:DescribeRegistry",
+ "schemas:SearchSchemas",
+ "schemas:ListSchemas",
+ "schemas:ListSchemaVersions",
+ "schemas:DescribeSchema",
+ "schemas:GetDiscoveredSchema",
+ "schemas:DescribeCodeBinding",
+ "schemas:GetCodeBindingSource",
+ "schemas:ListTagsForResource",
+ "schemas:GetResourcePolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AmazonEventBridgeSchemasReadOnlyAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JK7CLVFIU",
+ "PolicyName": "AmazonEventBridgeSchemasReadOnlyAccess",
+ "UpdateDate": "2020-05-01T00:50:53+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonEventBridgeSchemasServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeSchemasServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-27T01:10:40+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "events:PutRule",
+ "events:PutTargets",
+ "events:EnableRule",
+ "events:DisableRule",
+ "events:DeleteRule",
+ "events:RemoveTargets",
+ "events:ListTargetsByRule"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:events:*:*:rule/*Schemas-*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GZI6BHNDI",
+ "PolicyName": "AmazonEventBridgeSchemasServiceRolePolicy",
+ "UpdateDate": "2019-11-27T01:10:40+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonFISServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFISServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-21T21:18:19+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "events:PutRule",
+ "events:DeleteRule",
+ "events:DescribeRule",
+ "events:PutTargets",
+ "events:RemoveTargets"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "events:ManagedBy": "fis.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "EventBridge"
+ },
+ {
+ "Action": [
+ "tag:GetResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "Tagging"
+ },
+ {
+ "Action": [
+ "cloudwatch:DescribeAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudWatch"
+ },
+ {
+ "Action": [
+ "ec2:DescribeInstances",
+ "iam:GetUser",
+ "iam:GetRole",
+ "iam:ListUsers",
+ "iam:ListRoles",
+ "rds:DescribeDBClusters",
+ "rds:DescribeDBInstances",
+ "ecs:DescribeClusters",
+ "eks:DescribeNodegroup"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "DescribeUserResources"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JLZR2TQJD",
+ "PolicyName": "AmazonFISServiceRolePolicy",
+ "UpdateDate": "2021-01-18T15:40:47+00:00",
"VersionId": "v2"
},
"AmazonFSxConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T16:36:05+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
+ "cloudwatch:DescribeAlarms",
"ds:DescribeDirectories",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeSecurityGroups",
@@ -17921,7 +33478,7 @@ aws_managed_policies_data = """
"ec2:DescribeVpcs",
"fsx:*",
"kms:ListAliases",
- "s3:HeadBucket"
+ "s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
@@ -17959,18 +33516,19 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAITDDJ23Y5UZ2WCZRQ",
"PolicyName": "AmazonFSxConsoleFullAccess",
- "UpdateDate": "2018-11-28T16:36:05+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-01-21T16:42:58+00:00",
+ "VersionId": "v3"
},
"AmazonFSxConsoleReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T16:35:24+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
+ "cloudwatch:DescribeAlarms",
"ds:DescribeDirectories",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeSecurityGroups",
@@ -17992,8 +33550,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQUISIZNHGLA6YQFM",
"PolicyName": "AmazonFSxConsoleReadOnlyAccess",
- "UpdateDate": "2018-11-28T16:35:24+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-09-10T13:17:59+00:00",
+ "VersionId": "v2"
},
"AmazonFSxFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonFSxFullAccess",
@@ -18077,21 +33635,24 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFSxServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T10:38:37+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"ds:AuthorizeApplication",
+ "ds:GetAuthorizedApplicationDetails",
"ds:UnauthorizeApplication",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
+ "ec2:DescribeAddresses",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
+ "ec2:DisassociateAddress",
"route53:AssociateVPCWithHostedZone"
],
"Effect": "Allow",
@@ -18106,8 +33667,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIVQ24YKVRBV5IYQ5G",
"PolicyName": "AmazonFSxServiceRolePolicy",
- "UpdateDate": "2018-11-28T10:38:37+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-11-12T20:19:45+00:00",
+ "VersionId": "v3"
},
"AmazonForecastFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonForecastFullAccess",
@@ -18147,6 +33708,67 @@ aws_managed_policies_data = """
"UpdateDate": "2019-01-18T01:52:29+00:00",
"VersionId": "v1"
},
+ "AmazonFraudDetectorFullAccessPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonFraudDetectorFullAccessPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T22:46:26+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "frauddetector:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sagemaker:ListEndpoints",
+ "sagemaker:DescribeEndpoint"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketLocation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:ListRoles"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "frauddetector.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AAPDEABT6",
+ "PolicyName": "AmazonFraudDetectorFullAccessPolicy",
+ "UpdateDate": "2019-12-03T22:46:26+00:00",
+ "VersionId": "v1"
+ },
"AmazonFreeRTOSFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonFreeRTOSFullAccess",
"AttachmentCount": 0,
@@ -18177,7 +33799,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonFreeRTOSOTAUpdate",
"AttachmentCount": 0,
"CreateDate": "2018-08-27T22:43:07+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -18201,6 +33823,7 @@ aws_managed_policies_data = """
},
{
"Action": [
+ "s3:ListBucketVersions",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
@@ -18210,7 +33833,8 @@ aws_managed_policies_data = """
},
{
"Action": [
- "iot:DeleteJob"
+ "iot:DeleteJob",
+ "iot:DescribeJob"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:*:*:job/AFR_OTA*"
@@ -18239,8 +33863,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINC2TXHAYDOK3SWMU",
"PolicyName": "AmazonFreeRTOSOTAUpdate",
- "UpdateDate": "2018-08-27T22:43:07+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-12-18T17:47:30+00:00",
+ "VersionId": "v3"
},
"AmazonGlacierFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonGlacierFullAccess",
@@ -18307,7 +33931,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T22:31:30+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -18324,6 +33948,19 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "organizations:EnableAWSServiceAccess",
+ "organizations:RegisterDelegatedAdministrator",
+ "organizations:ListDelegatedAdministrators",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:DescribeOrganizationalUnit",
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -18334,23 +33971,35 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIKUTKSN4KC63VDQUM",
"PolicyName": "AmazonGuardDutyFullAccess",
- "UpdateDate": "2017-11-28T22:31:30+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2021-02-16T23:39:53+00:00",
+ "VersionId": "v2"
},
"AmazonGuardDutyReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T22:29:40+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
+ "guardduty:Describe*",
"guardduty:Get*",
"guardduty:List*"
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "organizations:ListDelegatedAdministrators",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:DescribeOrganizationalUnit",
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -18361,20 +34010,30 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIVMCEDV336RWUSNHG",
"PolicyName": "AmazonGuardDutyReadOnlyAccess",
- "UpdateDate": "2018-04-25T21:07:17+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2021-02-16T23:37:57+00:00",
+ "VersionId": "v3"
},
"AmazonGuardDutyServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T20:12:59+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
- "ec2:DescribeImages"
+ "ec2:DescribeImages",
+ "organizations:ListAccounts",
+ "organizations:DescribeAccount",
+ "s3:GetBucketPublicAccessBlock",
+ "s3:GetEncryptionConfiguration",
+ "s3:GetBucketTagging",
+ "s3:GetAccountPublicAccessBlock",
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketAcl",
+ "s3:GetBucketPolicy",
+ "s3:GetBucketPolicyStatus"
],
"Effect": "Allow",
"Resource": "*"
@@ -18388,9 +34047,285 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIHZREZOWNSSA6FWQO",
"PolicyName": "AmazonGuardDutyServiceRolePolicy",
- "UpdateDate": "2017-11-28T20:12:59+00:00",
+ "UpdateDate": "2020-05-14T20:25:50+00:00",
+ "VersionId": "v3"
+ },
+ "AmazonHealthLakeFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-17T01:07:05+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "healthlake:*",
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "s3:GetBucketLocation",
+ "iam:ListRoles"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "healthlake.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OMJS7NARX",
+ "PolicyName": "AmazonHealthLakeFullAccess",
+ "UpdateDate": "2021-02-17T01:07:05+00:00",
"VersionId": "v1"
},
+ "AmazonHealthLakeReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-17T02:43:31+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "healthlake:ListFHIRDatastores",
+ "healthlake:DescribeFHIRDatastore",
+ "healthlake:DescribeFHIRImportJob",
+ "healthlake:DescribeFHIRExportJob",
+ "healthlake:GetCapabilities",
+ "healthlake:ReadResource",
+ "healthlake:SearchWithGet",
+ "healthlake:SearchWithPost"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MIFB6JFLV",
+ "PolicyName": "AmazonHealthLakeReadOnlyAccess",
+ "UpdateDate": "2021-02-17T02:43:31+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonHoneycodeFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-24T20:28:11+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "honeycode:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ECUH6WAX6",
+ "PolicyName": "AmazonHoneycodeFullAccess",
+ "UpdateDate": "2020-06-24T20:28:11+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonHoneycodeReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-24T20:28:16+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "honeycode:List*",
+ "honeycode:Get*",
+ "honeycode:Describe*",
+ "honeycode:Query*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CRFGMHZ3B",
+ "PolicyName": "AmazonHoneycodeReadOnlyAccess",
+ "UpdateDate": "2020-12-01T17:27:53+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonHoneycodeServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonHoneycodeServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-18T18:03:08+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sso:GetManagedApplicationInstance"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4COQCKOKUQ",
+ "PolicyName": "AmazonHoneycodeServiceRolePolicy",
+ "UpdateDate": "2020-11-18T18:03:08+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonHoneycodeTeamAssociationFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-24T20:28:27+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "honeycode:ListTeamAssociations",
+ "honeycode:ApproveTeamAssociation",
+ "honeycode:RejectTeamAssociation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JH4KLR35J",
+ "PolicyName": "AmazonHoneycodeTeamAssociationFullAccess",
+ "UpdateDate": "2020-06-24T20:28:27+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonHoneycodeTeamAssociationReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-24T20:27:46+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "honeycode:ListTeamAssociations"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KRI4FOLPG",
+ "PolicyName": "AmazonHoneycodeTeamAssociationReadOnlyAccess",
+ "UpdateDate": "2020-06-24T20:27:46+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonHoneycodeWorkbookFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-24T20:28:46+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "honeycode:GetScreenData",
+ "honeycode:InvokeScreenAutomation",
+ "honeycode:BatchCreateTableRows",
+ "honeycode:BatchDeleteTableRows",
+ "honeycode:BatchUpdateTableRows",
+ "honeycode:BatchUpsertTableRows",
+ "honeycode:DescribeTableDataImportJob",
+ "honeycode:ListTableColumns",
+ "honeycode:ListTableRows",
+ "honeycode:ListTables",
+ "honeycode:QueryTableRows",
+ "honeycode:StartTableDataImportJob"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OQLA2WKSW",
+ "PolicyName": "AmazonHoneycodeWorkbookFullAccess",
+ "UpdateDate": "2020-12-01T17:30:06+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonHoneycodeWorkbookReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-24T20:28:07+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "honeycode:GetScreenData",
+ "honeycode:DescribeTableDataImportJob",
+ "honeycode:ListTableColumns",
+ "honeycode:ListTableRows",
+ "honeycode:ListTables",
+ "honeycode:QueryTableRows"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GUHKYOSNH",
+ "PolicyName": "AmazonHoneycodeWorkbookReadOnlyAccess",
+ "UpdateDate": "2020-12-01T17:32:49+00:00",
+ "VersionId": "v2"
+ },
"AmazonInspectorFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonInspectorFullAccess",
"AttachmentCount": 0,
@@ -18450,7 +34385,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-07T17:08:01+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -18458,7 +34393,6 @@ aws_managed_policies_data = """
"inspector:Describe*",
"inspector:Get*",
"inspector:List*",
- "inspector:LocalizeText",
"inspector:Preview*",
"ec2:DescribeInstances",
"ec2:DescribeTags",
@@ -18478,14 +34412,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJXQNTHTEJ2JFRN2SE",
"PolicyName": "AmazonInspectorReadOnlyAccess",
- "UpdateDate": "2017-09-12T16:53:06+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-10-01T15:17:54+00:00",
+ "VersionId": "v4"
},
"AmazonInspectorServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspectorServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-21T15:48:27+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -18515,6 +34449,16 @@ aws_managed_policies_data = """
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
+ "ec2:DescribeManagedPrefixLists",
+ "ec2:GetManagedPrefixListEntries",
+ "ec2:DescribeVpcEndpointServiceConfigurations",
+ "ec2:DescribeTransitGateways",
+ "ec2:DescribeTransitGatewayAttachments",
+ "ec2:DescribeTransitGatewayVpcAttachments",
+ "ec2:DescribeTransitGatewayRouteTables",
+ "ec2:SearchTransitGatewayRoutes",
+ "ec2:DescribeTransitGatewayPeeringAttachments",
+ "ec2:GetTransitGatewayRouteTablePropagations",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
@@ -18535,8 +34479,223 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKBMSBWLU2TGXHHUQ",
"PolicyName": "AmazonInspectorServiceRolePolicy",
- "UpdateDate": "2018-05-10T18:36:01+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-09-11T17:12:02+00:00",
+ "VersionId": "v5"
+ },
+ "AmazonKendraFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonKendraFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T16:15:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "kendra.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:ListRoles"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSubnets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:ListKeys",
+ "kms:ListAliases",
+ "kms:DescribeKey"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketLocation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "secretsmanager:ListSecrets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudwatch:GetMetricData"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "secretsmanager:CreateSecret",
+ "secretsmanager:DescribeSecret"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:secretsmanager:*:*:secret:AmazonKendra-*"
+ },
+ {
+ "Action": "kendra:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BK2ALV3AM",
+ "PolicyName": "AmazonKendraFullAccess",
+ "UpdateDate": "2019-12-03T16:15:37+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonKendraReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonKendraReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T16:13:45+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "kendra:Describe*",
+ "kendra:List*",
+ "kendra:Query"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4POKTT2LDN",
+ "PolicyName": "AmazonKendraReadOnlyAccess",
+ "UpdateDate": "2019-12-03T16:13:45+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonKeyspacesFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-04-23T17:06:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cassandra:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "application-autoscaling:DeleteScalingPolicy",
+ "application-autoscaling:DeleteScheduledAction",
+ "application-autoscaling:DeregisterScalableTarget",
+ "application-autoscaling:DescribeScalableTargets",
+ "application-autoscaling:DescribeScalingActivities",
+ "application-autoscaling:DescribeScalingPolicies",
+ "application-autoscaling:DescribeScheduledActions",
+ "application-autoscaling:PutScheduledAction",
+ "application-autoscaling:PutScalingPolicy",
+ "application-autoscaling:RegisterScalableTarget"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudwatch:DeleteAlarms",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:PutMetricAlarm"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HMS72N6JG",
+ "PolicyName": "AmazonKeyspacesFullAccess",
+ "UpdateDate": "2020-04-23T17:06:37+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonKeyspacesReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-04-23T17:07:14+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cassandra:Select"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "application-autoscaling:DescribeScalableTargets",
+ "application-autoscaling:DescribeScalingActivities",
+ "application-autoscaling:DescribeScalingPolicies",
+ "application-autoscaling:DescribeScheduledActions",
+ "cloudwatch:DescribeAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LHLFMFIPN",
+ "PolicyName": "AmazonKeyspacesReadOnlyAccess",
+ "UpdateDate": "2020-04-23T17:07:14+00:00",
+ "VersionId": "v1"
},
"AmazonKinesisAnalyticsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess",
@@ -18830,11 +34989,628 @@ aws_managed_policies_data = """
"UpdateDate": "2017-12-01T23:14:32+00:00",
"VersionId": "v1"
},
+ "AmazonLambdaRolePolicyForLaunchWizardSAP": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonLambdaRolePolicyForLaunchWizardSAP",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-03-30T20:25:12+00:00",
+ "DefaultVersionId": "v5",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:CreateRoute",
+ "ec2:DeleteRoute"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/LaunchWizardApplicationType": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:route-table/*"
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Condition": {
+ "ForAllValues:StringLike": {
+ "aws:TagKeys": "LaunchWizard*"
+ },
+ "StringLike": {
+ "ec2:ResourceTag/LaunchWizardApplicationType": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ssm:GetParameter"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:ssm:*:*:parameter/LaunchWizard*"
+ },
+ {
+ "Action": [
+ "ssm:GetDocument",
+ "ssm:sendCommand"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*:*:document/AWS-RunShellScript"
+ ]
+ },
+ {
+ "Action": [
+ "ssm:SendCommand"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ssm:resourceTag/LaunchWizardApplicationType": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*"
+ ]
+ },
+ {
+ "Action": [
+ "ssm:ListCommands",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeInstances",
+ "ec2:DescribeTags",
+ "ec2:DescribeInstanceAttribute",
+ "ec2:ModifyInstanceAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:ListBucket",
+ "s3:ListBucketVersions",
+ "s3:GetObject",
+ "s3:GetObjectVersion",
+ "s3:GetObjectVersionAcl",
+ "s3:PutObject",
+ "s3:PutObjectTagging",
+ "s3:DeleteObject",
+ "s3:DeleteObjectVersion",
+ "s3:DeleteBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::launchwizard*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NMJOHL3TN",
+ "PolicyName": "AmazonLambdaRolePolicyForLaunchWizardSAP",
+ "UpdateDate": "2020-12-04T16:00:56+00:00",
+ "VersionId": "v5"
+ },
+ "AmazonLaunchWizard_Fullaccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonLaunchWizard_Fullaccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-06T17:47:30+00:00",
+ "DefaultVersionId": "v8",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "applicationinsights:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "resource-groups:List*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "route53:ChangeResourceRecordSets",
+ "route53:GetChange",
+ "route53:ListResourceRecordSets",
+ "route53:ListHostedZones",
+ "route53:ListHostedZonesByName"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "s3:GetBucketLocation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:ListKeys",
+ "kms:ListAliases"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudwatch:List*",
+ "cloudwatch:Get*",
+ "cloudwatch:Describe*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateInternetGateway",
+ "ec2:CreateNatGateway",
+ "ec2:CreateVpc",
+ "ec2:CreateKeyPair",
+ "ec2:CreateRoute",
+ "ec2:CreateRouteTable",
+ "ec2:CreateSubnet"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:AllocateAddress",
+ "ec2:AllocateHosts",
+ "ec2:AssignPrivateIpAddresses",
+ "ec2:AssociateAddress",
+ "ec2:CreateDhcpOptions",
+ "ec2:CreateEgressOnlyInternetGateway",
+ "ec2:CreateNetworkInterface",
+ "ec2:CreateVolume",
+ "ec2:CreateVpcEndpoint",
+ "ec2:CreateTags",
+ "ec2:DeleteTags",
+ "ec2:RunInstances",
+ "ec2:StartInstances",
+ "ec2:ModifyInstanceAttribute",
+ "ec2:ModifySubnetAttribute",
+ "ec2:ModifyVolumeAttribute",
+ "ec2:ModifyVpcAttribute",
+ "ec2:AssociateDhcpOptions",
+ "ec2:AssociateSubnetCidrBlock",
+ "ec2:AttachInternetGateway",
+ "ec2:AttachNetworkInterface",
+ "ec2:AttachVolume",
+ "ec2:DeleteDhcpOptions",
+ "ec2:DeleteInternetGateway",
+ "ec2:DeleteKeyPair",
+ "ec2:DeleteNatGateway",
+ "ec2:DeleteSecurityGroup",
+ "ec2:DeleteVolume",
+ "ec2:DeleteVpc",
+ "ec2:DetachInternetGateway",
+ "ec2:DetachVolume",
+ "ec2:DeleteSnapshot",
+ "ec2:AssociateRouteTable",
+ "ec2:AssociateVpcCidrBlock",
+ "ec2:DeleteNetworkAcl",
+ "ec2:DeleteNetworkInterface",
+ "ec2:DeleteNetworkInterfacePermission",
+ "ec2:DeleteRoute",
+ "ec2:DeleteRouteTable",
+ "ec2:DeleteSubnet",
+ "ec2:DetachNetworkInterface",
+ "ec2:DisassociateAddress",
+ "ec2:DisassociateVpcCidrBlock",
+ "ec2:GetLaunchTemplateData",
+ "ec2:ModifyNetworkInterfaceAttribute",
+ "ec2:ModifyVolume",
+ "ec2:AuthorizeSecurityGroupEgress",
+ "ec2:GetConsoleOutput",
+ "ec2:GetPasswordData",
+ "ec2:ReleaseAddress",
+ "ec2:ReplaceRoute",
+ "ec2:ReplaceRouteTableAssociation",
+ "ec2:RevokeSecurityGroupEgress",
+ "ec2:RevokeSecurityGroupIngress",
+ "ec2:DisassociateIamInstanceProfile",
+ "ec2:DisassociateRouteTable",
+ "ec2:DisassociateSubnetCidrBlock",
+ "elasticfilesystem:DeleteFileSystem",
+ "elasticfilesystem:DeleteMountTarget",
+ "ds:AddIpRoutes",
+ "ds:CreateComputer",
+ "ds:CreateMicrosoftAD",
+ "ds:DeleteDirectory"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": "launchwizard.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudformation:DescribeStack*",
+ "cloudformation:Get*",
+ "cloudformation:ListStacks",
+ "cloudformation:SignalResource",
+ "cloudformation:DeleteStack"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stack/LaunchWizard*/*",
+ "arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:StopInstances",
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:CreateInstanceProfile",
+ "iam:DeleteInstanceProfile",
+ "iam:RemoveRoleFromInstanceProfile",
+ "iam:AddRoleToInstanceProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
+ "arn:aws:iam::*:instance-profile/LaunchWizard*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEqualsIfExists": {
+ "iam:PassedToService": [
+ "lambda.amazonaws.com",
+ "ec2.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
+ "arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard*",
+ "arn:aws:iam::*:instance-profile/LaunchWizard*"
+ ]
+ },
+ {
+ "Action": [
+ "autoscaling:AttachInstances",
+ "autoscaling:CreateAutoScalingGroup",
+ "autoscaling:CreateLaunchConfiguration",
+ "autoscaling:DeleteAutoScalingGroup",
+ "autoscaling:DeleteLaunchConfiguration",
+ "autoscaling:UpdateAutoScalingGroup",
+ "logs:CreateLogStream",
+ "logs:DeleteLogGroup",
+ "logs:DeleteLogStream",
+ "logs:DescribeLog*",
+ "logs:PutLogEvents",
+ "resource-groups:CreateGroup",
+ "resource-groups:DeleteGroup",
+ "sns:ListSubscriptionsByTopic",
+ "sns:Publish",
+ "ssm:DeleteDocument",
+ "ssm:DeleteParameter*",
+ "ssm:DescribeDocument*",
+ "ssm:GetDocument",
+ "ssm:PutParameter"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:resource-groups:*:*:group/LaunchWizard*",
+ "arn:aws:sns:*:*:*",
+ "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*",
+ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*",
+ "arn:aws:ssm:*:*:parameter/LaunchWizard*",
+ "arn:aws:ssm:*:*:document/LaunchWizard*",
+ "arn:aws:logs:*:*:log-group:*:*:*",
+ "arn:aws:logs:*:*:log-group:LaunchWizard*"
+ ]
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Condition": {
+ "ForAllValues:StringLike": {
+ "aws:TagKeys": "LaunchWizard*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:DeleteLogStream",
+ "logs:GetLogEvents",
+ "logs:PutLogEvents",
+ "ssm:AddTagsToResource",
+ "ssm:DescribeDocument",
+ "ssm:GetDocument",
+ "ssm:ListTagsForResource",
+ "ssm:RemoveTagsFromResource"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:*:*:*",
+ "arn:aws:logs:*:*:log-group:LaunchWizard*",
+ "arn:aws:ssm:*:*:parameter/LaunchWizard*",
+ "arn:aws:ssm:*:*:document/LaunchWizard*"
+ ]
+ },
+ {
+ "Action": [
+ "autoscaling:Describe*",
+ "cloudformation:DescribeAccountLimits",
+ "cloudformation:DescribeStackDriftDetectionStatus",
+ "cloudformation:List*",
+ "ds:Describe*",
+ "ds:ListAuthorizedApplications",
+ "ec2:Describe*",
+ "ec2:Get*",
+ "iam:GetRole",
+ "iam:GetRolePolicy",
+ "iam:GetUser",
+ "iam:GetPolicyVersion",
+ "iam:GetPolicy",
+ "iam:List*",
+ "logs:CreateLogGroup",
+ "logs:GetLogDelivery",
+ "logs:GetLogRecord",
+ "logs:ListLogDeliveries",
+ "resource-groups:Get*",
+ "resource-groups:List*",
+ "servicequotas:GetServiceQuota",
+ "servicequotas:ListServiceQuotas",
+ "sns:ListSubscriptions",
+ "sns:ListTopics",
+ "ssm:CreateDocument",
+ "ssm:DescribeAutomation*",
+ "ssm:DescribeInstanceInformation",
+ "ssm:DescribeParameters",
+ "ssm:GetAutomationExecution",
+ "ssm:GetCommandInvocation",
+ "ssm:GetParameter*",
+ "ssm:GetConnectionStatus",
+ "ssm:ListCommand*",
+ "ssm:ListDocument*",
+ "ssm:ListInstanceAssociations",
+ "ssm:SendAutomationSignal",
+ "ssm:StartAutomationExecution",
+ "ssm:StopAutomationExecution",
+ "tag:Get*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "logs:GetLog*",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:*:*:*",
+ "arn:aws:logs:*:*:log-group:LaunchWizard*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:List*",
+ "cloudformation:Describe*"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stack/LaunchWizard*/"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "autoscaling.amazonaws.com",
+ "application-insights.amazonaws.com",
+ "events.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "launchwizard:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sqs:TagQueue",
+ "sqs:GetQueueUrl",
+ "sqs:AddPermission",
+ "sqs:ListQueues",
+ "sqs:DeleteQueue",
+ "sqs:GetQueueAttributes",
+ "sqs:ListQueueTags",
+ "sqs:CreateQueue",
+ "sqs:SetQueueAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sqs:*:*:LaunchWizard*"
+ },
+ {
+ "Action": [
+ "cloudwatch:PutMetricAlarm",
+ "iam:GetInstanceProfile",
+ "cloudwatch:DeleteAlarms",
+ "cloudwatch:DescribeAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudwatch:*:*:alarm:LaunchWizard*",
+ "arn:aws:iam::*:instance-profile/LaunchWizard*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:CreateStack",
+ "route53:ListHostedZones",
+ "ec2:CreateSecurityGroup",
+ "ec2:AuthorizeSecurityGroupIngress",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticfilesystem:CreateFileSystem",
+ "elasticfilesystem:CreateMountTarget",
+ "elasticfilesystem:DescribeMountTargets",
+ "elasticfilesystem:DescribeMountTargetSecurityGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:PutObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::launchwizard*",
+ "arn:aws:s3:::launchwizard*/*",
+ "arn:aws:s3:::aws-sap-data-provider/config.properties"
+ ]
+ },
+ {
+ "Action": "cloudformation:TagResource",
+ "Condition": {
+ "ForAllValues:StringLike": {
+ "aws:TagKeys": "LaunchWizard*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:PutBucketVersioning",
+ "s3:DeleteBucket",
+ "lambda:CreateFunction",
+ "lambda:DeleteFunction",
+ "lambda:GetFunction",
+ "lambda:GetFunctionConfiguration",
+ "lambda:InvokeFunction"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:function:LaunchWizard*",
+ "arn:aws:s3:::launchwizard*"
+ ]
+ },
+ {
+ "Action": [
+ "dynamodb:CreateTable",
+ "dynamodb:DescribeTable",
+ "dynamodb:DeleteTable"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:dynamodb:*:*:table/LaunchWizard*"
+ },
+ {
+ "Action": [
+ "secretsmanager:CreateSecret",
+ "secretsmanager:DeleteSecret",
+ "secretsmanager:TagResource",
+ "secretsmanager:UntagResource",
+ "secretsmanager:PutResourcePolicy",
+ "secretsmanager:DeleteResourcePolicy",
+ "secretsmanager:ListSecretVersionIds"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:secretsmanager:*:*:secret:LaunchWizard*"
+ },
+ {
+ "Action": [
+ "secretsmanager:GetRandomPassword",
+ "secretsmanager:ListSecrets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ssm:CreateOpsMetadata"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ssm:DeleteOpsMetadata",
+ "Effect": "Allow",
+ "Resource": "arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ABPQ7BLC2",
+ "PolicyName": "AmazonLaunchWizard_Fullaccess",
+ "UpdateDate": "2021-02-12T17:06:05+00:00",
+ "VersionId": "v8"
+ },
+ "AmazonLexChannelsAccess": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexChannelsAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-01-13T20:12:46+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "lex:ListBots"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HVR6S6UVL",
+ "PolicyName": "AmazonLexChannelsAccess",
+ "UpdateDate": "2021-01-13T20:12:46+00:00",
+ "VersionId": "v1"
+ },
"AmazonLexFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLexFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-04-11T23:20:36+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -18855,6 +35631,11 @@ aws_managed_policies_data = """
"*"
]
},
+ {
+ "Action": "kendra:ListIndices",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"lambda:AddPermission",
@@ -18941,6 +35722,22 @@ aws_managed_policies_data = """
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
]
},
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:PassedToService": [
+ "lex.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
+ ]
+ },
{
"Action": [
"iam:DetachRolePolicy"
@@ -18964,8 +35761,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJVLXDHKVC23HRTKSI",
"PolicyName": "AmazonLexFullAccess",
- "UpdateDate": "2017-11-15T23:55:07+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-05-29T15:21:00+00:00",
+ "VersionId": "v6"
},
"AmazonLexReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonLexReadOnly",
@@ -19013,13 +35810,16 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly",
"AttachmentCount": 0,
"CreateDate": "2017-04-11T23:06:24+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"lex:PostContent",
- "lex:PostText"
+ "lex:PostText",
+ "lex:PutSession",
+ "lex:GetSession",
+ "lex:DeleteSession"
],
"Effect": "Allow",
"Resource": "*"
@@ -19033,14 +35833,140 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJVZGB5CM3N6YWJHBE",
"PolicyName": "AmazonLexRunBotsOnly",
- "UpdateDate": "2017-04-11T23:06:24+00:00",
+ "UpdateDate": "2020-05-12T19:26:15+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonLexV2BotPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-01-13T20:10:29+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "polly:SynthesizeSpeech"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4DXFCYFGBA",
+ "PolicyName": "AmazonLexV2BotPolicy",
+ "UpdateDate": "2021-01-13T20:10:29+00:00",
"VersionId": "v1"
},
+ "AmazonMCSFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonMCSFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T13:45:25+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "application-autoscaling:DeleteScalingPolicy",
+ "application-autoscaling:DeregisterScalableTarget",
+ "application-autoscaling:DescribeScalableTargets",
+ "application-autoscaling:DescribeScalingActivities",
+ "application-autoscaling:DescribeScalingPolicies",
+ "application-autoscaling:PutScalingPolicy",
+ "application-autoscaling:RegisterScalableTarget",
+ "application-autoscaling:PutScheduledAction",
+ "application-autoscaling:DeleteScheduledAction",
+ "application-autoscaling:DescribeScheduledActions"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cassandra:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudwatch:DeleteAlarms",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:PutMetricAlarm"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4K6JRQY7NV",
+ "PolicyName": "AmazonMCSFullAccess",
+ "UpdateDate": "2020-04-17T19:19:29+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonMCSReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonMCSReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T13:46:21+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cassandra:Select"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "application-autoscaling:DescribeScalableTargets",
+ "application-autoscaling:DescribeScalingActivities",
+ "application-autoscaling:DescribeScalingPolicies",
+ "application-autoscaling:DescribeScheduledActions",
+ "cloudwatch:DescribeAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4F6NKMXCNS",
+ "PolicyName": "AmazonMCSReadOnlyAccess",
+ "UpdateDate": "2020-04-17T19:21:34+00:00",
+ "VersionId": "v2"
+ },
"AmazonMQApiFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMQApiFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-12-18T20:31:31+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -19070,6 +35996,16 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*"
]
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "mq.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -19080,8 +36016,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4CMO533EBV3L2GW4",
"PolicyName": "AmazonMQApiFullAccess",
- "UpdateDate": "2018-12-18T20:31:31+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-11-04T16:45:35+00:00",
+ "VersionId": "v2"
},
"AmazonMQApiReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMQApiReadOnlyAccess",
@@ -19118,7 +36054,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonMQFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T15:28:29+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -19151,6 +36087,16 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*"
]
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "mq.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -19161,8 +36107,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLKBROJNQYDDXOOGG",
"PolicyName": "AmazonMQFullAccess",
- "UpdateDate": "2018-12-18T20:33:17+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-11-04T16:34:09+00:00",
+ "VersionId": "v5"
},
"AmazonMQReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMQReadOnlyAccess",
@@ -19195,11 +36141,99 @@ aws_managed_policies_data = """
"UpdateDate": "2017-11-28T19:02:03+00:00",
"VersionId": "v2"
},
+ "AmazonMQServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMQServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-04T16:07:17+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DescribeVpcEndpoints"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateVpcEndpoint"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:vpc/*",
+ "arn:aws:ec2:*:*:subnet/*",
+ "arn:aws:ec2:*:*:security-group/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CreateVpcEndpoint"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:RequestTag/AMQManaged": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:vpc-endpoint/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:CreateAction": "CreateVpcEndpoint"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
+ },
+ {
+ "Action": [
+ "ec2:DeleteVpcEndpoints"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:ResourceTag/AMQManaged": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
+ },
+ {
+ "Action": [
+ "logs:PutLogEvents",
+ "logs:DescribeLogStreams",
+ "logs:DescribeLogGroups",
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:/aws/amazonmq/*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LFY3JJDI6",
+ "PolicyName": "AmazonMQServiceRolePolicy",
+ "UpdateDate": "2020-11-04T16:07:17+00:00",
+ "VersionId": "v1"
+ },
"AmazonMSKFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMSKFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-14T22:07:52+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -19209,7 +36243,17 @@ aws_managed_policies_data = """
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"kms:DescribeKey",
- "kms:CreateGrant"
+ "kms:CreateGrant",
+ "logs:CreateLogDelivery",
+ "logs:GetLogDelivery",
+ "logs:UpdateLogDelivery",
+ "logs:DeleteLogDelivery",
+ "logs:ListLogDeliveries",
+ "S3:GetBucketPolicy",
+ "logs:PutResourcePolicy",
+ "logs:DescribeResourcePolicies",
+ "logs:DescribeLogGroups",
+ "firehose:TagDeliveryStream"
],
"Effect": "Allow",
"Resource": "*"
@@ -19231,6 +36275,16 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "delivery.logs.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery*"
}
],
"Version": "2012-10-17"
@@ -19241,8 +36295,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJERQQQTWI5OMENTQE",
"PolicyName": "AmazonMSKFullAccess",
- "UpdateDate": "2019-01-14T22:07:52+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-03-14T00:45:51+00:00",
+ "VersionId": "v3"
},
"AmazonMSKReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMSKReadOnlyAccess",
@@ -19277,6 +36331,100 @@ aws_managed_policies_data = """
"UpdateDate": "2019-01-14T22:28:45+00:00",
"VersionId": "v1"
},
+ "AmazonMWAAServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMWAAServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-24T14:13:41+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "logs:DescribeLogGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:airflow-*:*"
+ },
+ {
+ "Action": [
+ "ec2:AttachNetworkInterface",
+ "ec2:CreateNetworkInterface",
+ "ec2:CreateNetworkInterfacePermission",
+ "ec2:DeleteNetworkInterface",
+ "ec2:DeleteNetworkInterfacePermission",
+ "ec2:DescribeDhcpOptions",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcEndpoints",
+ "ec2:DescribeVpcs",
+ "ec2:DetachNetworkInterface"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ec2:CreateVpcEndpoint",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:TagKeys": "AmazonMWAAManaged"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
+ },
+ {
+ "Action": [
+ "ec2:ModifyVpcEndpoint",
+ "ec2:DeleteVpcEndpoints"
+ ],
+ "Condition": {
+ "Null": {
+ "aws:ResourceTag/AmazonMWAAManaged": false
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
+ },
+ {
+ "Action": [
+ "ec2:CreateVpcEndpoint",
+ "ec2:ModifyVpcEndpoint"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:vpc/*",
+ "arn:aws:ec2:*:*:security-group/*",
+ "arn:aws:ec2:*:*:subnet/*"
+ ]
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:TagKeys": "AmazonMWAAManaged"
+ },
+ "StringEquals": {
+ "ec2:CreateAction": "CreateVpcEndpoint"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JU5RBMG7W",
+ "PolicyName": "AmazonMWAAServiceRolePolicy",
+ "UpdateDate": "2020-11-24T14:13:41+00:00",
+ "VersionId": "v1"
+ },
"AmazonMachineLearningBatchPredictionsAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess",
"AttachmentCount": 0,
@@ -19443,10 +36591,10 @@ aws_managed_policies_data = """
"UpdateDate": "2015-04-09T17:44:06+00:00",
"VersionId": "v1"
},
- "AmazonMachineLearningRoleforRedshiftDataSource": {
- "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource",
+ "AmazonMachineLearningRoleforRedshiftDataSourceV3": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSourceV3",
"AttachmentCount": 0,
- "CreateDate": "2015-04-09T17:05:26+00:00",
+ "CreateDate": "2020-06-24T18:00:09+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
@@ -19462,15 +36610,21 @@ aws_managed_policies_data = """
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"redshift:ModifyCluster",
- "redshift:RevokeClusterSecurityGroupIngress",
- "s3:GetBucketLocation",
- "s3:GetBucketPolicy",
- "s3:GetObject",
- "s3:PutBucketPolicy",
- "s3:PutObject"
+ "redshift:RevokeClusterSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:PutBucketPolicy",
+ "s3:GetBucketLocation",
+ "s3:GetBucketPolicy",
+ "s3:GetObject",
+ "s3:PutObject"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::amazon-machine-learning*"
}
],
"Version": "2012-10-17"
@@ -19479,21 +36633,22 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAIQ5UDYYMNN42BM4AK",
- "PolicyName": "AmazonMachineLearningRoleforRedshiftDataSource",
- "UpdateDate": "2015-04-09T17:05:26+00:00",
+ "PolicyId": "ANPAZKAPJZG4DIXIZO4E2",
+ "PolicyName": "AmazonMachineLearningRoleforRedshiftDataSourceV3",
+ "UpdateDate": "2020-06-24T18:00:09+00:00",
"VersionId": "v1"
},
"AmazonMacieFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMacieFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T14:54:30+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
- "macie:*"
+ "macie:*",
+ "macie2:*"
],
"Effect": "Allow",
"Resource": "*"
@@ -19517,8 +36672,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJJF2N5FR6S5TZN5OA",
"PolicyName": "AmazonMacieFullAccess",
- "UpdateDate": "2018-06-28T15:54:57+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-05-13T19:05:16+00:00",
+ "VersionId": "v3"
},
"AmazonMacieHandshakeRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieHandshakeRole",
@@ -19580,7 +36735,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMacieServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-06-19T22:17:38+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -19591,8 +36746,26 @@ aws_managed_policies_data = """
"cloudtrail:ListTags",
"cloudtrail:LookupEvents",
"iam:ListAccountAliases",
- "s3:Get*",
- "s3:List*"
+ "organizations:DescribeAccount",
+ "organizations:ListAccounts",
+ "s3:GetAccountPublicAccessBlock",
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketAcl",
+ "s3:GetBucketLocation",
+ "s3:GetBucketLogging",
+ "s3:GetBucketPolicy",
+ "s3:GetBucketPolicyStatus",
+ "s3:GetBucketPublicAccessBlock",
+ "s3:GetBucketTagging",
+ "s3:GetBucketVersioning",
+ "s3:GetBucketWebsite",
+ "s3:GetEncryptionConfiguration",
+ "s3:GetLifecycleConfiguration",
+ "s3:GetReplicationConfiguration",
+ "s3:ListBucket",
+ "s3:GetObject",
+ "s3:GetObjectAcl",
+ "s3:GetObjectTagging"
],
"Effect": "Allow",
"Resource": "*"
@@ -19619,7 +36792,6 @@ aws_managed_policies_data = """
"s3:DeleteObjectTagging",
"s3:DeleteObjectVersion",
"s3:DeleteObjectVersionTagging",
- "s3:DeleteReplicationConfiguration",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
@@ -19638,14 +36810,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPLHONRH2HP2H6TNQ",
"PolicyName": "AmazonMacieServiceRolePolicy",
- "UpdateDate": "2018-06-19T22:17:38+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-07-17T21:31:07+00:00",
+ "VersionId": "v4"
},
"AmazonMacieSetupRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieSetupRole",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T14:53:34+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -19685,7 +36857,6 @@ aws_managed_policies_data = """
"s3:DeleteObjectTagging",
"s3:DeleteObjectVersion",
"s3:DeleteObjectVersionTagging",
- "s3:DeleteReplicationConfiguration",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
@@ -19704,8 +36875,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5DC6UBVKND7ADSKA",
"PolicyName": "AmazonMacieSetupRole",
- "UpdateDate": "2017-08-14T14:53:34+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-09-27T18:41:21+00:00",
+ "VersionId": "v2"
},
"AmazonManagedBlockchainConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainConsoleFullAccess",
@@ -19797,74 +36968,41 @@ aws_managed_policies_data = """
"UpdateDate": "2019-04-30T18:17:31+00:00",
"VersionId": "v1"
},
- "AmazonMechanicalTurkCrowdFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkCrowdFullAccess",
+ "AmazonManagedBlockchainServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonManagedBlockchainServiceRolePolicy",
"AttachmentCount": 0,
- "CreateDate": "2017-10-05T18:07:21+00:00",
- "DefaultVersionId": "v2",
- "Document": {
- "Statement": [
- {
- "Action": [
- "crowd:*"
- ],
- "Effect": "Allow",
- "Resource": [
- "*"
- ],
- "Sid": "CrowdApiFullAccess"
- },
- {
- "Action": [
- "iam:PassRole"
- ],
- "Condition": {
- "StringEquals": {
- "iam:PassedToService": "crowd.amazonaws.com"
- }
- },
- "Effect": "Allow",
- "Resource": "*"
- }
- ],
- "Version": "2012-10-17"
- },
- "IsAttachable": true,
- "IsDefaultVersion": true,
- "Path": "/",
- "PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAIPM7C67S54NPAHQ4Q",
- "PolicyName": "AmazonMechanicalTurkCrowdFullAccess",
- "UpdateDate": "2018-09-28T21:08:53+00:00",
- "VersionId": "v2"
- },
- "AmazonMechanicalTurkCrowdReadOnlyAccess": {
- "Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkCrowdReadOnlyAccess",
- "AttachmentCount": 0,
- "CreateDate": "2017-10-05T18:10:56+00:00",
+ "CreateDate": "2020-01-17T19:51:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
- "crowd:GetTask"
+ "logs:CreateLogGroup"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents",
+ "logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
- "*"
- ],
- "Sid": "CrowdApiReadOnlyAccess"
+ "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*:log-stream:*"
+ ]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
- "Path": "/",
+ "Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAID5UNRAAANDGAW4CY",
- "PolicyName": "AmazonMechanicalTurkCrowdReadOnlyAccess",
- "UpdateDate": "2017-10-05T18:10:56+00:00",
+ "PolicyId": "ANPAZKAPJZG4MMO7477QN",
+ "PolicyName": "AmazonManagedBlockchainServiceRolePolicy",
+ "UpdateDate": "2020-01-17T19:51:28+00:00",
"VersionId": "v1"
},
"AmazonMechanicalTurkFullAccess": {
@@ -19899,13 +37037,12 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly",
"AttachmentCount": 0,
"CreateDate": "2015-12-11T19:08:28+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"mechanicalturk:Get*",
- "mechanicalturk:Search*",
"mechanicalturk:List*"
],
"Effect": "Allow",
@@ -19922,8 +37059,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIO5IY3G3WXSX5PPRM",
"PolicyName": "AmazonMechanicalTurkReadOnly",
- "UpdateDate": "2017-02-27T21:45:50+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-09-25T21:06:26+00:00",
+ "VersionId": "v3"
},
"AmazonMobileAnalyticsFinancialReportAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess",
@@ -20024,6 +37161,77 @@ aws_managed_policies_data = """
"UpdateDate": "2015-02-06T18:40:37+00:00",
"VersionId": "v1"
},
+ "AmazonMonitronFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonMonitronFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-02T22:40:28+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "monitron.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "monitron:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:ListKeys",
+ "kms:DescribeKey",
+ "kms:ListAliases"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "kms:CreateGrant",
+ "Condition": {
+ "Bool": {
+ "kms:GrantIsForAWSResource": true
+ },
+ "StringLike": {
+ "kms:ViaService": [
+ "monitron.*.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization",
+ "ds:DescribeDirectories",
+ "ds:DescribeTrusts"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AWSSSOPermissions"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MHDVZEITQ",
+ "PolicyName": "AmazonMonitronFullAccess",
+ "UpdateDate": "2020-12-02T22:40:28+00:00",
+ "VersionId": "v1"
+ },
"AmazonPersonalizeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonPersonalizeFullAccess",
"AttachmentCount": 0,
@@ -20144,28 +37352,295 @@ aws_managed_policies_data = """
"UpdateDate": "2018-07-17T16:41:07+00:00",
"VersionId": "v2"
},
- "AmazonRDSBetaServiceRolePolicy": {
- "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSBetaServiceRolePolicy",
+ "AmazonPrometheusConsoleFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusConsoleFullAccess",
"AttachmentCount": 0,
- "CreateDate": "2018-05-02T19:41:04+00:00",
- "DefaultVersionId": "v3",
+ "CreateDate": "2020-12-15T18:11:10+00:00",
+ "DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
+ "aps:CreateWorkspace",
+ "aps:DescribeWorkspace",
+ "aps:UpdateWorkspaceAlias",
+ "aps:DeleteWorkspace",
+ "aps:ListWorkspaces"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4P7IR2JZ6H",
+ "PolicyName": "AmazonPrometheusConsoleFullAccess",
+ "UpdateDate": "2020-12-15T18:11:10+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonPrometheusFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-15T18:10:46+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aps:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4POZK2DGLM",
+ "PolicyName": "AmazonPrometheusFullAccess",
+ "UpdateDate": "2020-12-15T18:10:46+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonPrometheusQueryAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusQueryAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-19T01:02:58+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aps:GetLabels",
+ "aps:GetMetricMetadata",
+ "aps:GetSeries",
+ "aps:QueryMetrics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GQ2MT4E46",
+ "PolicyName": "AmazonPrometheusQueryAccess",
+ "UpdateDate": "2020-12-19T01:02:58+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonPrometheusRemoteWriteAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-19T01:04:32+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "aps:RemoteWrite"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JHMXH2L3T",
+ "PolicyName": "AmazonPrometheusRemoteWriteAccess",
+ "UpdateDate": "2020-12-19T01:04:32+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonQLDBConsoleFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonQLDBConsoleFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-09-05T18:24:20+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "qldb:CreateLedger",
+ "qldb:UpdateLedger",
+ "qldb:DeleteLedger",
+ "qldb:ListLedgers",
+ "qldb:DescribeLedger",
+ "qldb:ExportJournalToS3",
+ "qldb:ListJournalS3Exports",
+ "qldb:ListJournalS3ExportsForLedger",
+ "qldb:DescribeJournalS3Export",
+ "qldb:CancelJournalKinesisStream",
+ "qldb:DescribeJournalKinesisStream",
+ "qldb:ListJournalKinesisStreamsForLedger",
+ "qldb:StreamJournalToKinesis",
+ "qldb:GetBlock",
+ "qldb:GetDigest",
+ "qldb:GetRevision",
+ "qldb:GetBlock",
+ "qldb:TagResource",
+ "qldb:UntagResource",
+ "qldb:ListTagsForResource",
+ "qldb:SendCommand",
+ "qldb:ExecuteStatement",
+ "qldb:ShowCatalog",
+ "qldb:InsertSampleData"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "dbqms:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kinesis:ListStreams",
+ "kinesis:DescribeStream"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4H2DEHAFRU",
+ "PolicyName": "AmazonQLDBConsoleFullAccess",
+ "UpdateDate": "2020-05-19T17:45:54+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonQLDBFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonQLDBFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-09-05T18:23:32+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "qldb:CreateLedger",
+ "qldb:UpdateLedger",
+ "qldb:DeleteLedger",
+ "qldb:ListLedgers",
+ "qldb:DescribeLedger",
+ "qldb:ExportJournalToS3",
+ "qldb:ListJournalS3Exports",
+ "qldb:ListJournalS3ExportsForLedger",
+ "qldb:DescribeJournalS3Export",
+ "qldb:CancelJournalKinesisStream",
+ "qldb:DescribeJournalKinesisStream",
+ "qldb:ListJournalKinesisStreamsForLedger",
+ "qldb:StreamJournalToKinesis",
+ "qldb:GetBlock",
+ "qldb:GetDigest",
+ "qldb:GetRevision",
+ "qldb:GetBlock",
+ "qldb:TagResource",
+ "qldb:UntagResource",
+ "qldb:ListTagsForResource",
+ "qldb:SendCommand"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HHBBWGE2J",
+ "PolicyName": "AmazonQLDBFullAccess",
+ "UpdateDate": "2020-05-19T17:47:10+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonQLDBReadOnly": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonQLDBReadOnly",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-09-05T18:19:24+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "qldb:ListLedgers",
+ "qldb:DescribeLedger",
+ "qldb:ListJournalS3Exports",
+ "qldb:ListJournalS3ExportsForLedger",
+ "qldb:DescribeJournalS3Export",
+ "qldb:DescribeJournalKinesisStream",
+ "qldb:ListJournalKinesisStreamsForLedger",
+ "qldb:GetBlock",
+ "qldb:GetDigest",
+ "qldb:GetRevision",
+ "qldb:GetBlock",
+ "qldb:ListTagsForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IC74JOQJR",
+ "PolicyName": "AmazonQLDBReadOnly",
+ "UpdateDate": "2020-05-19T17:47:55+00:00",
+ "VersionId": "v2"
+ },
+ "AmazonRDSBetaServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSBetaServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2018-05-02T19:41:04+00:00",
+ "DefaultVersionId": "v5",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:AllocateAddress",
+ "ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
+ "ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
+ "ec2:DescribeCoipPools",
"ec2:DescribeInternetGateways",
+ "ec2:DescribeLocalGatewayRouteTables",
+ "ec2:DescribeLocalGatewayRouteTableVpcAssociations",
+ "ec2:DescribeLocalGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
+ "ec2:DisassociateAddress",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVpcEndpoint",
+ "ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateVpcEndpoint",
"ec2:DescribeVpcEndpoints",
@@ -20200,6 +37675,18 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*"
]
+ },
+ {
+ "Action": [
+ "cloudwatch:PutMetricData"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "cloudwatch:namespace": "AWS/RDS"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -20210,14 +37697,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ36CJAE6OYAR4YEK4",
"PolicyName": "AmazonRDSBetaServiceRolePolicy",
- "UpdateDate": "2018-07-05T18:29:48+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-11-18T22:40:34+00:00",
+ "VersionId": "v5"
},
"AmazonRDSDataFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-20T21:29:36+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -20244,7 +37731,6 @@ aws_managed_policies_data = """
"dbqms:DescribeQueryHistory",
"dbqms:UpdateQueryHistory",
"dbqms:DeleteQueryHistory",
- "dbqms:DescribeQueryHistory",
"rds-data:ExecuteSql",
"rds-data:ExecuteStatement",
"rds-data:BatchExecuteStatement",
@@ -20269,8 +37755,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5HUMNZCSW4IC74T6",
"PolicyName": "AmazonRDSDataFullAccess",
- "UpdateDate": "2019-05-30T17:11:26+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-11-20T21:58:46+00:00",
+ "VersionId": "v3"
},
"AmazonRDSDirectoryServiceAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess",
@@ -20348,7 +37834,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonRDSFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:52+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -20367,16 +37853,22 @@ aws_managed_policies_data = """
"cloudwatch:DeleteAlarms",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
+ "ec2:DescribeCoipPools",
"ec2:DescribeInternetGateways",
+ "ec2:DescribeLocalGatewayRouteTables",
+ "ec2:DescribeLocalGatewayRouteTableVpcAssociations",
+ "ec2:DescribeLocalGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
+ "ec2:GetCoipPoolUsage",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish",
"logs:DescribeLogStreams",
- "logs:GetLogEvents"
+ "logs:GetLogEvents",
+ "outposts:GetOutpostInstanceTypes"
],
"Effect": "Allow",
"Resource": "*"
@@ -20408,30 +37900,46 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3R4QMOG6Q5A4VWVG",
"PolicyName": "AmazonRDSFullAccess",
- "UpdateDate": "2018-04-09T17:42:48+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-11-24T19:30:26+00:00",
+ "VersionId": "v8"
},
"AmazonRDSPreviewServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSPreviewServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-31T18:02:00+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
+ "rds:CrossRegionCommunication"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:AllocateAddress",
+ "ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
+ "ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
+ "ec2:DescribeCoipPools",
"ec2:DescribeInternetGateways",
+ "ec2:DescribeLocalGatewayRouteTables",
+ "ec2:DescribeLocalGatewayRouteTableVpcAssociations",
+ "ec2:DescribeLocalGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
+ "ec2:DisassociateAddress",
"ec2:ModifyNetworkInterfaceAttribute",
+ "ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
@@ -20463,6 +37971,18 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*"
]
+ },
+ {
+ "Action": [
+ "cloudwatch:PutMetricData"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "cloudwatch:namespace": "AWS/RDS"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -20473,8 +37993,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZHJJBU3675JOUEMQ",
"PolicyName": "AmazonRDSPreviewServiceRolePolicy",
- "UpdateDate": "2018-05-31T18:02:00+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-11-19T19:54:51+00:00",
+ "VersionId": "v4"
},
"AmazonRDSReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess",
@@ -20523,24 +38043,40 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-01-08T18:17:46+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v9",
"Document": {
"Statement": [
{
"Action": [
+ "rds:CrossRegionCommunication"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:AllocateAddress",
+ "ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
+ "ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
+ "ec2:DescribeCoipPools",
"ec2:DescribeInternetGateways",
+ "ec2:DescribeLocalGatewayRouteTables",
+ "ec2:DescribeLocalGatewayRouteTableVpcAssociations",
+ "ec2:DescribeLocalGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
+ "ec2:DisassociateAddress",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVpcEndpoint",
+ "ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateVpcEndpoint",
"ec2:DescribeVpcEndpoints",
@@ -20597,6 +38133,18 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:kinesis:*:*:stream/aws-rds-das-*"
]
+ },
+ {
+ "Action": [
+ "cloudwatch:PutMetricData"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "cloudwatch:namespace": "AWS/RDS"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -20607,14 +38155,90 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPEU5ZOBJWKWHUIBA",
"PolicyName": "AmazonRDSServiceRolePolicy",
- "UpdateDate": "2019-04-16T20:12:27+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-11-21T00:08:24+00:00",
+ "VersionId": "v9"
+ },
+ "AmazonRedshiftDataFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-09T19:23:55+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "redshift-data:ExecuteStatement",
+ "redshift-data:CancelStatement",
+ "redshift-data:ListStatements",
+ "redshift-data:GetStatementResult",
+ "redshift-data:DescribeStatement",
+ "redshift-data:ListDatabases",
+ "redshift-data:ListSchemas",
+ "redshift-data:ListTables",
+ "redshift-data:DescribeTable"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "DataAPIPermissions"
+ },
+ {
+ "Action": [
+ "secretsmanager:GetSecretValue"
+ ],
+ "Condition": {
+ "StringLike": {
+ "secretsmanager:ResourceTag/RedshiftDataFullAccess": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SecretsManagerPermissions"
+ },
+ {
+ "Action": "redshift:GetClusterCredentials",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:redshift:*:*:dbname:*/*",
+ "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user"
+ ],
+ "Sid": "GetCredentialsForAPIUser"
+ },
+ {
+ "Action": "redshift:CreateClusterUser",
+ "Effect": "Deny",
+ "Resource": [
+ "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user"
+ ],
+ "Sid": "DenyCreateAPIUser"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "redshift-data.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/redshift-data.amazonaws.com/AWSServiceRoleForRedshift",
+ "Sid": "ServiceLinkedRole"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PX5LA5SG6",
+ "PolicyName": "AmazonRedshiftDataFullAccess",
+ "UpdateDate": "2020-09-09T19:23:55+00:00",
+ "VersionId": "v1"
},
"AmazonRedshiftFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:50+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -20635,7 +38259,12 @@ aws_managed_policies_data = """
"cloudwatch:List*",
"cloudwatch:PutMetricAlarm",
"cloudwatch:EnableAlarmActions",
- "cloudwatch:DisableAlarmActions"
+ "cloudwatch:DisableAlarmActions",
+ "tag:GetResources",
+ "tag:UntagResources",
+ "tag:GetTagValues",
+ "tag:GetTagKeys",
+ "tag:TagResources"
],
"Effect": "Allow",
"Resource": "*"
@@ -20649,6 +38278,45 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift"
+ },
+ {
+ "Action": [
+ "redshift-data:ExecuteStatement",
+ "redshift-data:CancelStatement",
+ "redshift-data:ListStatements",
+ "redshift-data:GetStatementResult",
+ "redshift-data:DescribeStatement",
+ "redshift-data:ListDatabases",
+ "redshift-data:ListSchemas",
+ "redshift-data:ListTables",
+ "redshift-data:DescribeTable"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "DataAPIPermissions"
+ },
+ {
+ "Action": [
+ "secretsmanager:ListSecrets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SecretsManagerListPermissions"
+ },
+ {
+ "Action": [
+ "secretsmanager:CreateSecret",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:TagResource"
+ ],
+ "Condition": {
+ "StringLike": {
+ "secretsmanager:ResourceTag/RedshiftDataFullAccess": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SecretsManagerCreateGetPermissions"
}
],
"Version": "2012-10-17"
@@ -20659,14 +38327,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAISEKCHH4YDB46B5ZO",
"PolicyName": "AmazonRedshiftFullAccess",
- "UpdateDate": "2017-09-19T18:27:44+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-09-09T19:51:19+00:00",
+ "VersionId": "v4"
},
"AmazonRedshiftQueryEditor": {
"Arn": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditor",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2018-10-04T22:50:32+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -20689,6 +38357,57 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "redshift-data:ExecuteStatement",
+ "redshift-data:ListDatabases",
+ "redshift-data:ListSchemas",
+ "redshift-data:ListTables",
+ "redshift-data:DescribeTable"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "DataAPIPermissions"
+ },
+ {
+ "Action": [
+ "redshift-data:GetStatementResult",
+ "redshift-data:CancelStatement",
+ "redshift-data:DescribeStatement",
+ "redshift-data:ListStatements"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "redshift-data:statement-owner-iam-userid": "${aws:userid}"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "DataAPIIAMSessionPermissionsRestriction"
+ },
+ {
+ "Action": [
+ "secretsmanager:ListSecrets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SecretsManagerListPermissions"
+ },
+ {
+ "Action": [
+ "secretsmanager:CreateSecret",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:TagResource"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "secretsmanager:ResourceTag/RedshiftQueryOwner": "${aws:userid}"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:secretsmanager:*:*:secret:*",
+ "Sid": "SecretsManagerCreateGetPermissions"
}
],
"Version": "2012-10-17"
@@ -20699,8 +38418,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINVFHHP7CWVHTGBGM",
"PolicyName": "AmazonRedshiftQueryEditor",
- "UpdateDate": "2018-10-04T22:50:32+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2021-02-16T19:33:45+00:00",
+ "VersionId": "v4"
},
"AmazonRedshiftReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess",
@@ -20743,9 +38462,9 @@ aws_managed_policies_data = """
},
"AmazonRedshiftServiceLinkedRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRedshiftServiceLinkedRolePolicy",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2017-09-18T19:19:45+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -20758,7 +38477,11 @@ aws_managed_policies_data = """
"ec2:DisassociateAddress",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
- "ec2:ModifyNetworkInterfaceAttribute"
+ "ec2:ModifyNetworkInterfaceAttribute",
+ "ec2:CreateVpcEndpoint",
+ "ec2:DeleteVpcEndpoints",
+ "ec2:DescribeVpcEndpoints",
+ "ec2:ModifyVpcEndpoint"
],
"Effect": "Allow",
"Resource": "*"
@@ -20772,7 +38495,56 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPY2VXNRUYOY3SRZS",
"PolicyName": "AmazonRedshiftServiceLinkedRolePolicy",
- "UpdateDate": "2017-09-25T21:20:15+00:00",
+ "UpdateDate": "2020-09-15T20:44:31+00:00",
+ "VersionId": "v3"
+ },
+ "AmazonRekognitionCustomLabelsFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonRekognitionCustomLabelsFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-01-08T19:18:34+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:ListBucket",
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketAcl",
+ "s3:GetBucketLocation",
+ "s3:GetObject",
+ "s3:GetObjectAcl",
+ "s3:GetObjectTagging",
+ "s3:GetObjectVersion",
+ "s3:PutObject"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::*custom-labels*"
+ },
+ {
+ "Action": [
+ "rekognition:CreateProject",
+ "rekognition:CreateProjectVersion",
+ "rekognition:StartProjectVersion",
+ "rekognition:StopProjectVersion",
+ "rekognition:DescribeProjects",
+ "rekognition:DescribeProjectVersions",
+ "rekognition:DetectCustomLabels",
+ "rekognition:DeleteProject",
+ "rekognition:DeleteProjectVersion"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OJEQDEQQQ",
+ "PolicyName": "AmazonRekognitionCustomLabelsFullAccess",
+ "UpdateDate": "2020-04-17T17:26:10+00:00",
"VersionId": "v2"
},
"AmazonRekognitionFullAccess": {
@@ -20805,7 +38577,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-30T14:58:06+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -20827,8 +38599,14 @@ aws_managed_policies_data = """
"rekognition:GetPersonTracking",
"rekognition:GetCelebrityRecognition",
"rekognition:GetFaceSearch",
+ "rekognition:GetTextDetection",
+ "rekognition:GetSegmentDetection",
"rekognition:DescribeStreamProcessor",
- "rekognition:ListStreamProcessors"
+ "rekognition:ListStreamProcessors",
+ "rekognition:DescribeProjects",
+ "rekognition:DescribeProjectVersions",
+ "rekognition:DetectCustomLabels",
+ "rekognition:DetectProtectiveEquipment"
],
"Effect": "Allow",
"Resource": "*"
@@ -20842,8 +38620,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILWSUHXUY4ES43SA4",
"PolicyName": "AmazonRekognitionReadOnlyAccess",
- "UpdateDate": "2017-12-06T23:28:39+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-10-15T22:07:44+00:00",
+ "VersionId": "v6"
},
"AmazonRekognitionServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonRekognitionServiceRole",
@@ -21130,7 +38908,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-05-30T18:10:50+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -21143,7 +38921,8 @@ aws_managed_policies_data = """
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeSecurityGroups",
- "ec2:DescribeVpcs"
+ "ec2:DescribeVpcs",
+ "ec2:DescribeAvailabilityZones"
],
"Effect": "Allow",
"Resource": [
@@ -21159,21 +38938,21 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MZN2MQCY3",
"PolicyName": "AmazonRoute53ResolverFullAccess",
- "UpdateDate": "2019-05-30T18:10:50+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-07-17T19:03:27+00:00",
+ "VersionId": "v2"
},
"AmazonRoute53ResolverReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-05-30T18:11:31+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"route53resolver:Get*",
"route53resolver:List*",
- "ec2:DescribeNetworkInterface",
+ "ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
@@ -21192,12 +38971,12 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CARVKYCWY",
"PolicyName": "AmazonRoute53ResolverReadOnlyAccess",
- "UpdateDate": "2019-05-30T18:11:31+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-09-27T16:37:48+00:00",
+ "VersionId": "v2"
},
"AmazonS3FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonS3FullAccess",
- "AttachmentCount": 0,
+ "AttachmentCount": 3,
"CreateDate": "2015-02-06T18:40:58+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -21219,9 +38998,116 @@ aws_managed_policies_data = """
"UpdateDate": "2015-02-06T18:40:58+00:00",
"VersionId": "v1"
},
+ "AmazonS3OutpostsFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-02T17:26:30+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "s3-outposts:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "datasync:ListTasks",
+ "datasync:ListLocations",
+ "datasync:DescribeTask",
+ "datasync:DescribeLocation*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeNetworkInterfaces"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "outposts:ListOutposts",
+ "outposts:GetOutpost"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BKMLUXKOR",
+ "PolicyName": "AmazonS3OutpostsFullAccess",
+ "UpdateDate": "2020-10-02T17:26:30+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonS3OutpostsReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-02T18:55:58+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3-outposts:Get*",
+ "s3-outposts:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "datasync:ListTasks",
+ "datasync:ListLocations",
+ "datasync:DescribeTask",
+ "datasync:DescribeLocation*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeNetworkInterfaces"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "outposts:ListOutposts",
+ "outposts:GetOutpost"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PJ2AX4CUB",
+ "PolicyName": "AmazonS3OutpostsReadOnlyAccess",
+ "UpdateDate": "2020-10-02T18:55:58+00:00",
+ "VersionId": "v1"
+ },
"AmazonS3ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
- "AttachmentCount": 0,
+ "AttachmentCount": 2,
"CreateDate": "2015-02-06T18:40:59+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -21386,7 +39272,7 @@ aws_managed_policies_data = """
},
"AmazonSQSFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSQSFullAccess",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2015-02-06T18:41:07+00:00",
"DefaultVersionId": "v1",
"Document": {
@@ -21572,7 +39458,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonSSMFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-29T17:39:47+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -21605,6 +39491,16 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*"
+ },
+ {
+ "Action": [
+ "ssmmessages:CreateControlChannel",
+ "ssmmessages:CreateDataChannel",
+ "ssmmessages:OpenControlChannel",
+ "ssmmessages:OpenDataChannel"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -21615,14 +39511,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJA7V6HI4ISQFMDYAG",
"PolicyName": "AmazonSSMFullAccess",
- "UpdateDate": "2018-07-23T22:53:18+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-11-20T20:08:56+00:00",
+ "VersionId": "v4"
},
"AmazonSSMMaintenanceWindowRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T15:57:54+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -21636,8 +39532,7 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": [
"*"
- ],
- "Sid": "Stmt1477803259000"
+ ]
},
{
"Action": [
@@ -21647,8 +39542,7 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:lambda:*:*:function:SSM*",
"arn:aws:lambda:*:*:function:*:SSM*"
- ],
- "Sid": "Stmt1477803259001"
+ ]
},
{
"Action": [
@@ -21659,8 +39553,26 @@ aws_managed_policies_data = """
"Resource": [
"arn:aws:states:*:*:stateMachine:SSM*",
"arn:aws:states:*:*:execution:SSM*"
+ ]
+ },
+ {
+ "Action": [
+ "resource-groups:ListGroups",
+ "resource-groups:ListGroupResources"
],
- "Sid": "Stmt1477803259002"
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "tag:GetResources"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
}
],
"Version": "2012-10-17"
@@ -21671,8 +39583,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJV3JNYSTZ47VOXYME",
"PolicyName": "AmazonSSMMaintenanceWindowRole",
- "UpdateDate": "2017-08-09T20:49:14+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2019-07-27T00:16:05+00:00",
+ "VersionId": "v3"
},
"AmazonSSMManagedInstanceCore": {
"Arn": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
@@ -21736,6 +39648,45 @@ aws_managed_policies_data = """
"UpdateDate": "2019-05-23T16:54:21+00:00",
"VersionId": "v2"
},
+ "AmazonSSMPatchAssociation": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-13T16:00:42+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "ssm:DescribeEffectivePatchesForPatchBaseline",
+ "Effect": "Allow",
+ "Resource": "arn:aws:ssm:*:*:patchbaseline/*"
+ },
+ {
+ "Action": "ssm:GetPatchBaseline",
+ "Effect": "Allow",
+ "Resource": "arn:aws:ssm:*:*:patchbaseline/*"
+ },
+ {
+ "Action": "tag:GetResources",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ssm:DescribePatchBaselines",
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EWLEL5ZX7",
+ "PolicyName": "AmazonSSMPatchAssociation",
+ "UpdateDate": "2020-05-13T16:00:42+00:00",
+ "VersionId": "v1"
+ },
"AmazonSSMReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess",
"AttachmentCount": 0,
@@ -21768,7 +39719,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-13T19:20:08+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v11",
"Document": {
"Statement": [
{
@@ -21780,7 +39731,9 @@ aws_managed_policies_data = """
"ssm:SendCommand",
"ssm:GetAutomationExecution",
"ssm:GetParameters",
- "ssm:StartAutomationExecution"
+ "ssm:StartAutomationExecution",
+ "ssm:ListTagsForResource",
+ "ssm:GetCalendarState"
],
"Effect": "Allow",
"Resource": [
@@ -21822,7 +39775,18 @@ aws_managed_policies_data = """
{
"Action": [
"resource-groups:ListGroups",
- "resource-groups:ListGroupResources"
+ "resource-groups:ListGroupResources",
+ "resource-groups:GetGroupQuery"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:DescribeStacks",
+ "cloudformation:ListStackResources"
],
"Effect": "Allow",
"Resource": [
@@ -21838,6 +39802,47 @@ aws_managed_policies_data = """
"*"
]
},
+ {
+ "Action": [
+ "config:SelectResourceConfig"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "compute-optimizer:GetEC2InstanceRecommendations"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "support:DescribeTrustedAdvisorChecks",
+ "support:DescribeTrustedAdvisorCheckSummaries",
+ "support:DescribeTrustedAdvisorCheckResult",
+ "support:DescribeCases"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "config:DescribeComplianceByConfigRule",
+ "config:DescribeComplianceByResource",
+ "config:DescribeRemediationConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
{
"Action": "iam:PassRole",
"Condition": {
@@ -21849,6 +39854,34 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": "organizations:DescribeOrganization",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "cloudformation:ListStackSets",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudformation:ListStackInstances",
+ "cloudformation:DescribeStackSetOperation",
+ "cloudformation:DeleteStackSet"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*"
+ },
+ {
+ "Action": "cloudformation:DeleteStackInstances",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*",
+ "arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-SSM*:*",
+ "arn:aws:cloudformation:*:*:type/resource/*"
+ ]
}
],
"Version": "2012-10-17"
@@ -21859,14 +39892,562 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXJ26NUGBA3TCV7EC",
"PolicyName": "AmazonSSMServiceRolePolicy",
- "UpdateDate": "2018-07-25T22:14:20+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2021-01-05T23:57:10+00:00",
+ "VersionId": "v11"
+ },
+ "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-27T18:48:07+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "apigateway:GET",
+ "apigateway:POST",
+ "apigateway:PUT",
+ "apigateway:PATCH",
+ "apigateway:DELETE"
+ ],
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/sagemaker:launch-source": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "apigateway:POST"
+ ],
+ "Condition": {
+ "ForAnyValue:StringLike": {
+ "aws:TagKeys": [
+ "sagemaker:launch-source"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "apigateway:PATCH"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:apigateway:*::/account"
+ ]
+ },
+ {
+ "Action": [
+ "cloudformation:CreateStack",
+ "cloudformation:UpdateStack",
+ "cloudformation:DeleteStack"
+ ],
+ "Condition": {
+ "ArnLikeIfExists": {
+ "cloudformation:RoleArn": [
+ "arn:aws:sts::*:assumed-role/AmazonSageMakerServiceCatalog*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stack/SC-*"
+ },
+ {
+ "Action": [
+ "cloudformation:DescribeStackEvents",
+ "cloudformation:DescribeStacks"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stack/SC-*"
+ },
+ {
+ "Action": [
+ "cloudformation:GetTemplateSummary",
+ "cloudformation:ValidateTemplate"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "codebuild:CreateProject",
+ "codebuild:DeleteProject",
+ "codebuild:UpdateProject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:codebuild:*:*:project/sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "codecommit:CreateCommit",
+ "codecommit:CreateRepository",
+ "codecommit:DeleteRepository",
+ "codecommit:GetRepository",
+ "codecommit:TagResource"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:codecommit:*:*:sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "codecommit:ListRepositories"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "codepipeline:CreatePipeline",
+ "codepipeline:DeletePipeline",
+ "codepipeline:GetPipeline",
+ "codepipeline:GetPipelineState",
+ "codepipeline:StartPipelineExecution",
+ "codepipeline:TagResource",
+ "codepipeline:UpdatePipeline"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:codepipeline:*:*:sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "cognito-idp:CreateUserPool"
+ ],
+ "Condition": {
+ "ForAnyValue:StringLike": {
+ "aws:TagKeys": [
+ "sagemaker:launch-source"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cognito-idp:CreateGroup",
+ "cognito-idp:CreateUserPoolDomain",
+ "cognito-idp:CreateUserPoolClient",
+ "cognito-idp:DeleteGroup",
+ "cognito-idp:DeleteUserPool",
+ "cognito-idp:DeleteUserPoolClient",
+ "cognito-idp:DeleteUserPoolDomain",
+ "cognito-idp:DescribeUserPool",
+ "cognito-idp:DescribeUserPoolClient",
+ "cognito-idp:UpdateUserPool",
+ "cognito-idp:UpdateUserPoolClient"
+ ],
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/sagemaker:launch-source": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ecr:CreateRepository",
+ "ecr:DeleteRepository"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ecr:*:*:repository/sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "events:DescribeRule",
+ "events:DeleteRule",
+ "events:DisableRule",
+ "events:EnableRule",
+ "events:PutRule",
+ "events:PutTargets",
+ "events:RemoveTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:events:*:*:rule/sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "firehose:CreateDeliveryStream",
+ "firehose:DeleteDeliveryStream",
+ "firehose:DescribeDeliveryStream",
+ "firehose:StartDeliveryStreamEncryption",
+ "firehose:StopDeliveryStreamEncryption",
+ "firehose:UpdateDestination"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*"
+ },
+ {
+ "Action": [
+ "glue:CreateDatabase",
+ "glue:DeleteDatabase"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:catalog",
+ "arn:aws:glue:*:*:database/sagemaker-*",
+ "arn:aws:glue:*:*:table/sagemaker-*",
+ "arn:aws:glue:*:*:userDefinedFunction/sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "glue:CreateClassifier",
+ "glue:DeleteClassifier",
+ "glue:DeleteCrawler",
+ "glue:DeleteJob",
+ "glue:DeleteTrigger",
+ "glue:DeleteWorkflow",
+ "glue:StopCrawler"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "glue:CreateWorkflow"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:workflow/sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "glue:CreateJob"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:job/sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "glue:CreateCrawler",
+ "glue:GetCrawler"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:crawler/sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "glue:CreateTrigger",
+ "glue:GetTrigger"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:trigger/sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalog*"
+ ]
+ },
+ {
+ "Action": [
+ "lambda:AddPermission",
+ "lambda:CreateFunction",
+ "lambda:DeleteFunction",
+ "lambda:GetFunction",
+ "lambda:GetFunctionConfiguration",
+ "lambda:InvokeFunction",
+ "lambda:RemovePermission"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:function:sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:DeleteLogGroup",
+ "logs:DeleteLogStream",
+ "logs:DescribeLogGroups",
+ "logs:DescribeLogStreams",
+ "logs:PutRetentionPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:logs:*:*:log-group:/aws/apigateway/AccessLogs/*",
+ "arn:aws:logs:*:*:log-group::log-stream:*"
+ ]
+ },
+ {
+ "Action": "s3:GetObject",
+ "Condition": {
+ "StringEquals": {
+ "s3:ExistingObjectTag/servicecatalog:provisioning": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "s3:GetObject",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::sagemaker-*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:DeleteBucket",
+ "s3:DeleteBucketPolicy",
+ "s3:GetBucketPolicy",
+ "s3:PutBucketAcl",
+ "s3:PutBucketNotification",
+ "s3:PutBucketPolicy",
+ "s3:PutBucketPublicAccessBlock",
+ "s3:PutBucketLogging",
+ "s3:PutEncryptionConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::sagemaker-*"
+ },
+ {
+ "Action": [
+ "sagemaker:CreateEndpoint",
+ "sagemaker:CreateEndpointConfig",
+ "sagemaker:CreateModel",
+ "sagemaker:CreateWorkteam",
+ "sagemaker:DeleteEndpoint",
+ "sagemaker:DeleteEndpointConfig",
+ "sagemaker:DeleteModel",
+ "sagemaker:DeleteWorkteam",
+ "sagemaker:DescribeModel",
+ "sagemaker:DescribeEndpointConfig",
+ "sagemaker:DescribeEndpoint",
+ "sagemaker:DescribeWorkteam"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sagemaker:*:*:*"
+ ]
+ },
+ {
+ "Action": [
+ "states:CreateStateMachine",
+ "states:DeleteStateMachine",
+ "states:UpdateStateMachine"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:states:*:*:stateMachine:sagemaker-*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NAOSKQH4V",
+ "PolicyName": "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy",
+ "UpdateDate": "2020-11-27T18:48:07+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonSageMakerCoreServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerCoreServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-21T21:40:47+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:CreateNetworkInterface",
+ "ec2:DeleteNetworkInterface",
+ "ec2:DeleteNetworkInterfacePermission"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:CreateNetworkInterfacePermission"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "ec2:AuthorizedService": "sagemaker.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeDhcpOptions",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MMWQCSNKX",
+ "PolicyName": "AmazonSageMakerCoreServiceRolePolicy",
+ "UpdateDate": "2020-12-21T21:40:47+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonSageMakerEdgeDeviceFleetPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerEdgeDeviceFleetPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-08T16:17:22+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:PutObject",
+ "s3:GetBucketLocation"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*SageMaker*",
+ "arn:aws:s3:::*Sagemaker*",
+ "arn:aws:s3:::*sagemaker*"
+ ],
+ "Sid": "DeviceS3Access"
+ },
+ {
+ "Action": [
+ "sagemaker:SendHeartbeat",
+ "sagemaker:GetDeviceRegistration"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "SageMakerEdgeApis"
+ },
+ {
+ "Action": [
+ "iot:CreateRoleAlias",
+ "iot:DescribeRoleAlias",
+ "iot:UpdateRoleAlias",
+ "iot:ListTagsForResource",
+ "iot:TagResource"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iot:*:*:rolealias/SageMakerEdge*"
+ ],
+ "Sid": "CreateIoTRoleAlias"
+ },
+ {
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/*SageMaker*",
+ "arn:aws:iam::*:role/*Sagemaker*",
+ "arn:aws:iam::*:role/*sagemaker*"
+ ],
+ "Sid": "CreateIoTRoleAliasIamPermissionsGetRole"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEqualsIfExists": {
+ "iam:PassedToService": [
+ "iot.amazonaws.com",
+ "credentials.iot.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/*SageMaker*",
+ "arn:aws:iam::*:role/*Sagemaker*",
+ "arn:aws:iam::*:role/*sagemaker*"
+ ],
+ "Sid": "CreateIoTRoleAliasIamPermissionsPassRole"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CPENAJLBT",
+ "PolicyName": "AmazonSageMakerEdgeDeviceFleetPolicy",
+ "UpdateDate": "2020-12-08T16:17:22+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonSageMakerFeatureStoreAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFeatureStoreAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-01T16:24:05+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:PutObject",
+ "s3:GetBucketAcl"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*SageMaker*",
+ "arn:aws:s3:::*Sagemaker*",
+ "arn:aws:s3:::*sagemaker*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FO5MQNGJU",
+ "PolicyName": "AmazonSageMakerFeatureStoreAccess",
+ "UpdateDate": "2020-12-01T16:24:05+00:00",
+ "VersionId": "v1"
},
"AmazonSageMakerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T13:07:59+00:00",
- "DefaultVersionId": "v11",
+ "DefaultVersionId": "v18",
"Document": {
"Statement": [
{
@@ -21874,8 +40455,41 @@ aws_managed_policies_data = """
"sagemaker:*"
],
"Effect": "Allow",
+ "NotResource": [
+ "arn:aws:sagemaker:*:*:domain/*",
+ "arn:aws:sagemaker:*:*:user-profile/*",
+ "arn:aws:sagemaker:*:*:app/*",
+ "arn:aws:sagemaker:*:*:flow-definition/*"
+ ]
+ },
+ {
+ "Action": [
+ "sagemaker:CreatePresignedDomainUrl",
+ "sagemaker:DescribeDomain",
+ "sagemaker:ListDomains",
+ "sagemaker:DescribeUserProfile",
+ "sagemaker:ListUserProfiles",
+ "sagemaker:*App",
+ "sagemaker:ListApps"
+ ],
+ "Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": "sagemaker:*",
+ "Condition": {
+ "StringEqualsIfExists": {
+ "sagemaker:WorkteamType": [
+ "private-crowd",
+ "vendor-crowd"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sagemaker:*:*:flow-definition/*"
+ ]
+ },
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
@@ -21889,6 +40503,7 @@ aws_managed_policies_data = """
"application-autoscaling:PutScheduledAction",
"application-autoscaling:RegisterScalableTarget",
"aws-marketplace:ViewSubscriptions",
+ "cloudformation:GetTemplateSummary",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
@@ -21899,8 +40514,7 @@ aws_managed_policies_data = """
"codecommit:BatchGetRepositories",
"codecommit:CreateRepository",
"codecommit:GetRepository",
- "codecommit:ListBranches",
- "codecommit:ListRepositories",
+ "codecommit:List*",
"cognito-idp:AdminAddUserToGroup",
"cognito-idp:AdminCreateUser",
"cognito-idp:AdminDeleteUser",
@@ -21913,12 +40527,7 @@ aws_managed_policies_data = """
"cognito-idp:CreateUserPoolDomain",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
- "cognito-idp:ListGroups",
- "cognito-idp:ListIdentityProviders",
- "cognito-idp:ListUserPoolClients",
- "cognito-idp:ListUserPools",
- "cognito-idp:ListUsers",
- "cognito-idp:ListUsersInGroup",
+ "cognito-idp:List*",
"cognito-idp:UpdateUserPool",
"cognito-idp:UpdateUserPoolClient",
"ec2:CreateNetworkInterface",
@@ -21936,30 +40545,53 @@ aws_managed_policies_data = """
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CreateRepository",
+ "ecr:Describe*",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
- "ecr:Describe*",
+ "ecr:StartImageScan",
"elastic-inference:Connect",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticfilesystem:DescribeMountTargets",
+ "fsx:DescribeFileSystems",
"glue:CreateJob",
"glue:DeleteJob",
- "glue:GetJob",
- "glue:GetJobRun",
- "glue:GetJobRuns",
- "glue:GetJobs",
+ "glue:GetJob*",
+ "glue:GetTable*",
+ "glue:GetWorkflowRun",
"glue:ResetJobBookmark",
"glue:StartJobRun",
+ "glue:StartWorkflowRun",
"glue:UpdateJob",
"groundtruthlabeling:*",
"iam:ListRoles",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:ListFunctions",
+ "logs:CreateLogDelivery",
"logs:CreateLogGroup",
"logs:CreateLogStream",
- "logs:DescribeLogStreams",
+ "logs:DeleteLogDelivery",
+ "logs:Describe*",
+ "logs:GetLogDelivery",
"logs:GetLogEvents",
+ "logs:ListLogDeliveries",
"logs:PutLogEvents",
- "sns:ListTopics"
+ "logs:PutResourcePolicy",
+ "logs:UpdateLogDelivery",
+ "robomaker:CreateSimulationApplication",
+ "robomaker:DescribeSimulationApplication",
+ "robomaker:DeleteSimulationApplication",
+ "robomaker:CreateSimulationJob",
+ "robomaker:DescribeSimulationJob",
+ "robomaker:CancelSimulationJob",
+ "secretsmanager:ListSecrets",
+ "servicecatalog:Describe*",
+ "servicecatalog:List*",
+ "servicecatalog:ScanProvisionedProducts",
+ "servicecatalog:SearchProducts",
+ "servicecatalog:SearchProvisionedProducts",
+ "sns:ListTopics",
+ "tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
@@ -21976,7 +40608,9 @@ aws_managed_policies_data = """
"ecr:PutImage"
],
"Effect": "Allow",
- "Resource": "arn:aws:ecr:*:*:repository/*sagemaker*"
+ "Resource": [
+ "arn:aws:ecr:*:*:repository/*sagemaker*"
+ ]
},
{
"Action": [
@@ -21992,10 +40626,28 @@ aws_managed_policies_data = """
},
{
"Action": [
- "secretsmanager:ListSecrets"
+ "codebuild:BatchGetBuilds",
+ "codebuild:StartBuild"
],
"Effect": "Allow",
- "Resource": "*"
+ "Resource": [
+ "arn:aws:codebuild:*:*:project/sagemaker*",
+ "arn:aws:codebuild:*:*:build/*"
+ ]
+ },
+ {
+ "Action": [
+ "states:DescribeExecution",
+ "states:GetExecutionHistory",
+ "states:StartExecution",
+ "states:StopExecution",
+ "states:UpdateStateMachine"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:states:*:*:statemachine:*sagemaker*",
+ "arn:aws:states:*:*:execution:*sagemaker*:*"
+ ]
},
{
"Action": [
@@ -22023,31 +40675,30 @@ aws_managed_policies_data = """
},
{
"Action": [
- "robomaker:CreateSimulationApplication",
- "robomaker:DescribeSimulationApplication",
- "robomaker:DeleteSimulationApplication"
+ "servicecatalog:ProvisionProduct"
],
"Effect": "Allow",
- "Resource": [
- "*"
- ]
+ "Resource": "*"
},
{
"Action": [
- "robomaker:CreateSimulationJob",
- "robomaker:DescribeSimulationJob",
- "robomaker:CancelSimulationJob"
+ "servicecatalog:TerminateProvisionedProduct",
+ "servicecatalog:UpdateProvisionedProduct"
],
+ "Condition": {
+ "StringEquals": {
+ "servicecatalog:userLevel": "self"
+ }
+ },
"Effect": "Allow",
- "Resource": [
- "*"
- ]
+ "Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
- "s3:DeleteObject"
+ "s3:DeleteObject",
+ "s3:AbortMultipartUpload"
],
"Effect": "Allow",
"Resource": [
@@ -22059,11 +40710,13 @@ aws_managed_policies_data = """
},
{
"Action": [
- "s3:CreateBucket",
- "s3:GetBucketLocation",
- "s3:ListBucket",
- "s3:ListAllMyBuckets"
+ "s3:GetObject"
],
+ "Condition": {
+ "StringEqualsIgnoreCase": {
+ "s3:ExistingObjectTag/SageMaker": "true"
+ }
+ },
"Effect": "Allow",
"Resource": "*"
},
@@ -22072,13 +40725,25 @@ aws_managed_policies_data = """
"s3:GetObject"
],
"Condition": {
- "StringEqualsIgnoreCase": {
- "s3:ExistingObjectTag/SageMaker": "true"
+ "StringEquals": {
+ "s3:ExistingObjectTag/servicecatalog:provisioning": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:GetBucketLocation",
+ "s3:ListBucket",
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketCors",
+ "s3:PutBucketCors"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"lambda:InvokeFunction"
@@ -22132,12 +40797,102 @@ aws_managed_policies_data = """
"iam:PassedToService": [
"sagemaker.amazonaws.com",
"glue.amazonaws.com",
- "robomaker.amazonaws.com"
+ "robomaker.amazonaws.com",
+ "states.amazonaws.com"
]
}
},
"Effect": "Allow",
- "Resource": "*"
+ "Resource": "arn:aws:iam::*:role/*"
+ },
+ {
+ "Action": [
+ "athena:ListDataCatalogs",
+ "athena:ListDatabases",
+ "athena:ListTableMetadata",
+ "athena:GetQueryExecution",
+ "athena:GetQueryResults",
+ "athena:StartQueryExecution",
+ "athena:StopQueryExecution"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "glue:CreateTable"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:table/*/sagemaker_tmp_*",
+ "arn:aws:glue:*:*:table/sagemaker_featurestore/*",
+ "arn:aws:glue:*:*:catalog",
+ "arn:aws:glue:*:*:database/*"
+ ]
+ },
+ {
+ "Action": [
+ "glue:DeleteTable"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:table/*/sagemaker_tmp_*",
+ "arn:aws:glue:*:*:catalog",
+ "arn:aws:glue:*:*:database/*"
+ ]
+ },
+ {
+ "Action": [
+ "glue:GetDatabases",
+ "glue:GetTable",
+ "glue:GetTables"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:table/*",
+ "arn:aws:glue:*:*:catalog",
+ "arn:aws:glue:*:*:database/*"
+ ]
+ },
+ {
+ "Action": [
+ "glue:CreateDatabase",
+ "glue:GetDatabase"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:glue:*:*:catalog",
+ "arn:aws:glue:*:*:database/sagemaker_featurestore",
+ "arn:aws:glue:*:*:database/sagemaker_processing",
+ "arn:aws:glue:*:*:database/default",
+ "arn:aws:glue:*:*:database/sagemaker_data_wrangler"
+ ]
+ },
+ {
+ "Action": [
+ "redshift-data:ExecuteStatement",
+ "redshift-data:DescribeStatement",
+ "redshift-data:CancelStatement",
+ "redshift-data:GetStatementResult",
+ "redshift-data:ListSchemas",
+ "redshift-data:ListTables"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "redshift:GetClusterCredentials"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*",
+ "arn:aws:redshift:*:*:dbname:*"
+ ]
}
],
"Version": "2012-10-17"
@@ -22148,16 +40903,310 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZ5IWYMXO5QDB4QOG",
"PolicyName": "AmazonSageMakerFullAccess",
- "UpdateDate": "2019-05-09T04:44:05+00:00",
- "VersionId": "v11"
+ "UpdateDate": "2020-12-01T16:31:19+00:00",
+ "VersionId": "v18"
+ },
+ "AmazonSageMakerGroundTruthExecution": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerGroundTruthExecution",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-07-09T19:30:20+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "lambda:InvokeFunction"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:function:*GtRecipe*",
+ "arn:aws:lambda:*:*:function:*LabelingFunction*",
+ "arn:aws:lambda:*:*:function:*SageMaker*",
+ "arn:aws:lambda:*:*:function:*sagemaker*",
+ "arn:aws:lambda:*:*:function:*Sagemaker*"
+ ],
+ "Sid": "CustomLabelingJobs"
+ },
+ {
+ "Action": [
+ "s3:AbortMultipartUpload",
+ "s3:GetObject",
+ "s3:PutObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*GroundTruth*",
+ "arn:aws:s3:::*Groundtruth*",
+ "arn:aws:s3:::*groundtruth*",
+ "arn:aws:s3:::*SageMaker*",
+ "arn:aws:s3:::*Sagemaker*",
+ "arn:aws:s3:::*sagemaker*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:GetObject"
+ ],
+ "Condition": {
+ "StringEqualsIgnoreCase": {
+ "s3:ExistingObjectTag/SageMaker": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetBucketLocation",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudwatch:PutMetricData",
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "logs:DescribeLogStreams",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudWatch"
+ },
+ {
+ "Action": [
+ "sqs:CreateQueue",
+ "sqs:DeleteMessage",
+ "sqs:GetQueueAttributes",
+ "sqs:GetQueueUrl",
+ "sqs:ReceiveMessage",
+ "sqs:SendMessage",
+ "sqs:SendMessageBatch",
+ "sqs:SetQueueAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:sqs:*:*:*GroundTruth*",
+ "Sid": "StreamingQueue"
+ },
+ {
+ "Action": "sns:Subscribe",
+ "Condition": {
+ "StringEquals": {
+ "sns:Protocol": "sqs"
+ },
+ "StringLike": {
+ "sns:Endpoint": "arn:aws:sqs:*:*:*GroundTruth*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sns:*:*:*GroundTruth*",
+ "arn:aws:sns:*:*:*Groundtruth*",
+ "arn:aws:sns:*:*:*groundTruth*",
+ "arn:aws:sns:*:*:*groundtruth*",
+ "arn:aws:sns:*:*:*SageMaker*",
+ "arn:aws:sns:*:*:*Sagemaker*",
+ "arn:aws:sns:*:*:*sageMaker*",
+ "arn:aws:sns:*:*:*sagemaker*"
+ ],
+ "Sid": "StreamingTopicSubscribe"
+ },
+ {
+ "Action": [
+ "sns:Publish"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:sns:*:*:*GroundTruth*",
+ "arn:aws:sns:*:*:*Groundtruth*",
+ "arn:aws:sns:*:*:*groundTruth*",
+ "arn:aws:sns:*:*:*groundtruth*",
+ "arn:aws:sns:*:*:*SageMaker*",
+ "arn:aws:sns:*:*:*Sagemaker*",
+ "arn:aws:sns:*:*:*sageMaker*",
+ "arn:aws:sns:*:*:*sagemaker*"
+ ],
+ "Sid": "StreamingTopic"
+ },
+ {
+ "Action": [
+ "sns:Unsubscribe"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "StreamingTopicUnsubscribe"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FYNFSJXO3",
+ "PolicyName": "AmazonSageMakerGroundTruthExecution",
+ "UpdateDate": "2020-07-09T19:30:20+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonSageMakerMechanicalTurkAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerMechanicalTurkAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T16:19:36+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sagemaker:*FlowDefinition",
+ "sagemaker:*FlowDefinitions"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AYDBKMMDV",
+ "PolicyName": "AmazonSageMakerMechanicalTurkAccess",
+ "UpdateDate": "2019-12-03T16:19:36+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonSageMakerNotebooksServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerNotebooksServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-10-18T20:27:37+00:00",
+ "DefaultVersionId": "v5",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "elasticfilesystem:CreateFileSystem",
+ "Condition": {
+ "StringLike": {
+ "aws:RequestTag/ManagedByAmazonSageMakerResource": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "elasticfilesystem:CreateMountTarget",
+ "elasticfilesystem:DeleteFileSystem",
+ "elasticfilesystem:DeleteMountTarget"
+ ],
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/ManagedByAmazonSageMakerResource": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticfilesystem:DescribeMountTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:network-interface/*",
+ "arn:aws:ec2:*:*:security-group/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CreateNetworkInterface",
+ "ec2:CreateSecurityGroup",
+ "ec2:DeleteNetworkInterface",
+ "ec2:DescribeDhcpOptions",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeVpcs",
+ "ec2:ModifyNetworkInterfaceAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:AuthorizeSecurityGroupEgress",
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:CreateNetworkInterfacePermission",
+ "ec2:DeleteNetworkInterfacePermission",
+ "ec2:DeleteSecurityGroup",
+ "ec2:RevokeSecurityGroupEgress",
+ "ec2:RevokeSecurityGroupIngress"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/ManagedByAmazonSageMakerResource": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sso:CreateManagedApplicationInstance",
+ "sso:DeleteManagedApplicationInstance",
+ "sso:GetManagedApplicationInstance"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sagemaker:CreateUserProfile",
+ "sagemaker:DescribeUserProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MYB7OEJED",
+ "PolicyName": "AmazonSageMakerNotebooksServiceRolePolicy",
+ "UpdateDate": "2020-08-28T22:39:39+00:00",
+ "VersionId": "v5"
},
"AmazonSageMakerReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonSageMakerReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T13:07:09+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v9",
"Document": {
"Statement": [
+ {
+ "Action": [
+ "sagemaker:Describe*",
+ "sagemaker:List*",
+ "sagemaker:BatchGetMetrics",
+ "sagemaker:GetDeviceRegistration",
+ "sagemaker:GetDeviceFleetReport",
+ "sagemaker:GetSearchSuggestions",
+ "sagemaker:GetRecord",
+ "sagemaker:Search"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"application-autoscaling:DescribeScalableTargets",
@@ -22165,7 +41214,6 @@ aws_managed_policies_data = """
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"aws-marketplace:ViewSubscriptions",
- "aws-marketplace:ViewSubscriptions",
"cloudwatch:DescribeAlarms",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
@@ -22175,11 +41223,7 @@ aws_managed_policies_data = """
"cognito-idp:ListUserPools",
"cognito-idp:ListUsers",
"cognito-idp:ListUsersInGroup",
- "ecr:Describe*",
- "sagemaker:Describe*",
- "sagemaker:GetSearchSuggestions",
- "sagemaker:List*",
- "sagemaker:Search"
+ "ecr:Describe*"
],
"Effect": "Allow",
"Resource": "*"
@@ -22193,8 +41237,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJTZ2FTFCQ6CFLQA2O",
"PolicyName": "AmazonSageMakerReadOnly",
- "UpdateDate": "2019-01-04T22:22:07+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2020-12-08T16:17:08+00:00",
+ "VersionId": "v9"
},
"AmazonSumerianFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSumerianFullAccess",
@@ -22274,6 +41318,161 @@ aws_managed_policies_data = """
"UpdateDate": "2018-11-28T19:12:16+00:00",
"VersionId": "v1"
},
+ "AmazonTimestreamConsoleFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamConsoleFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-30T21:47:18+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "timestream:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:DescribeKey",
+ "kms:ListKeys",
+ "kms:ListAliases"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:CreateGrant"
+ ],
+ "Condition": {
+ "Bool": {
+ "kms:GrantIsForAWSResource": true
+ },
+ "ForAnyValue:StringEquals": {
+ "kms:EncryptionContextKeys": "aws:timestream:database-name"
+ },
+ "StringLike": {
+ "kms:ViaService": "timestream.*.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "dbqms:CreateFavoriteQuery",
+ "dbqms:DescribeFavoriteQueries",
+ "dbqms:UpdateFavoriteQuery",
+ "dbqms:DeleteFavoriteQueries",
+ "dbqms:GetQueryString",
+ "dbqms:CreateQueryHistory",
+ "dbqms:DescribeQueryHistory",
+ "dbqms:UpdateQueryHistory",
+ "dbqms:DeleteQueryHistory",
+ "dbqms:DescribeQueryHistory"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AZJLUKMAZ",
+ "PolicyName": "AmazonTimestreamConsoleFullAccess",
+ "UpdateDate": "2020-09-30T21:47:18+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonTimestreamFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-30T21:47:14+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "timestream:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:DescribeKey"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:CreateGrant"
+ ],
+ "Condition": {
+ "Bool": {
+ "kms:GrantIsForAWSResource": true
+ },
+ "ForAnyValue:StringEquals": {
+ "kms:EncryptionContextKeys": "aws:timestream:database-name"
+ },
+ "StringLike": {
+ "kms:ViaService": "timestream.*.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CGYUJBH4V",
+ "PolicyName": "AmazonTimestreamFullAccess",
+ "UpdateDate": "2020-09-30T21:47:14+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonTimestreamReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-30T21:47:08+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "timestream:CancelQuery",
+ "timestream:DescribeDatabase",
+ "timestream:DescribeEndpoints",
+ "timestream:DescribeTable",
+ "timestream:ListDatabases",
+ "timestream:ListMeasures",
+ "timestream:ListTables",
+ "timestream:ListTagsForResource",
+ "timestream:Select",
+ "timestream:SelectValues"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4I7VUQXAEJ",
+ "PolicyName": "AmazonTimestreamReadOnlyAccess",
+ "UpdateDate": "2020-09-30T21:47:08+00:00",
+ "VersionId": "v1"
+ },
"AmazonTranscribeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonTranscribeFullAccess",
"AttachmentCount": 0,
@@ -22340,7 +41539,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonVPCCrossAccountNetworkInterfaceOperations",
"AttachmentCount": 0,
"CreateDate": "2017-07-18T20:47:16+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -22366,6 +41565,7 @@ aws_managed_policies_data = """
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeAvailabilityZones",
+ "ec2:DescribeRegions",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
@@ -22393,8 +41593,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ53Y4ZY5OHP4CNRJC",
"PolicyName": "AmazonVPCCrossAccountNetworkInterfaceOperations",
- "UpdateDate": "2019-01-07T19:16:23+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-06-16T14:16:49+00:00",
+ "VersionId": "v4"
},
"AmazonVPCFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonVPCFullAccess",
@@ -22621,11 +41821,69 @@ aws_managed_policies_data = """
"UpdateDate": "2018-03-07T18:34:42+00:00",
"VersionId": "v6"
},
+ "AmazonWorkDocsFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-04-16T23:05:11+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "workdocs:*",
+ "ds:DescribeDirectories",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSubnets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GTERAZYCR",
+ "PolicyName": "AmazonWorkDocsFullAccess",
+ "UpdateDate": "2020-04-16T23:05:11+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonWorkDocsReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-01-08T23:49:59+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "workdocs:Describe*",
+ "ds:DescribeDirectories",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSubnets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EDG6WGO5A",
+ "PolicyName": "AmazonWorkDocsReadOnlyAccess",
+ "UpdateDate": "2020-01-08T23:49:59+00:00",
+ "VersionId": "v1"
+ },
"AmazonWorkLinkFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-23T18:52:09+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -22633,7 +41891,7 @@ aws_managed_policies_data = """
"worklink:*"
],
"Effect": "Allow",
- "Resource": "arn:aws:worklink:*"
+ "Resource": "arn:aws:worklink:*:*:*"
}
],
"Version": "2012-10-17"
@@ -22644,23 +41902,24 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJM4ITL7TEVURHCQSY",
"PolicyName": "AmazonWorkLinkFullAccess",
- "UpdateDate": "2019-01-23T18:52:09+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-09-23T18:37:42+00:00",
+ "VersionId": "v2"
},
"AmazonWorkLinkReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkReadOnly",
"AttachmentCount": 0,
"CreateDate": "2019-01-23T19:07:10+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"worklink:Describe*",
- "worklink:List*"
+ "worklink:List*",
+ "worklink:Search*"
],
"Effect": "Allow",
- "Resource": "arn:aws:worklink:*"
+ "Resource": "arn:aws:worklink:*:*:*"
}
],
"Version": "2012-10-17"
@@ -22671,14 +41930,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIANQMFGU4EUUZKFQ4",
"PolicyName": "AmazonWorkLinkReadOnly",
- "UpdateDate": "2019-01-23T19:07:10+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-09-23T18:37:21+00:00",
+ "VersionId": "v3"
},
"AmazonWorkLinkServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkLinkServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-03-18T18:00:16+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -22699,6 +41958,15 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:kinesis:*:*:stream/AmazonWorkLink-*"
+ },
+ {
+ "Action": [
+ "elasticloadbalancing:ModifyListener",
+ "elasticloadbalancing:AddListenerCertificates",
+ "elasticloadbalancing:RemoveListenerCertificates"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -22709,8 +41977,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINJJP6CO7ATFCV4CU",
"PolicyName": "AmazonWorkLinkServiceRolePolicy",
- "UpdateDate": "2019-03-18T18:00:16+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-02-07T20:48:49+00:00",
+ "VersionId": "v2"
},
"AmazonWorkMailEventsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkMailEventsServiceRolePolicy",
@@ -22744,7 +42012,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:41+00:00",
- "DefaultVersionId": "v6",
+ "DefaultVersionId": "v10",
"Document": {
"Statement": [
{
@@ -22754,11 +42022,8 @@ aws_managed_policies_data = """
"ds:CreateAlias",
"ds:CreateDirectory",
"ds:CreateIdentityPoolDirectory",
- "ds:CreateDomain",
- "ds:DeleteAlias",
"ds:DeleteDirectory",
"ds:DescribeDirectories",
- "ds:ExtendDirectory",
"ds:GetDirectoryLimits",
"ds:ListAuthorizedApplications",
"ds:UnauthorizeApplication",
@@ -22773,7 +42038,6 @@ aws_managed_policies_data = """
"ec2:DeleteSubnet",
"ec2:DeleteVpc",
"ec2:DescribeAvailabilityZones",
- "ec2:DescribeDomains",
"ec2:DescribeRouteTables",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
@@ -22785,6 +42049,7 @@ aws_managed_policies_data = """
"route53:ChangeResourceRecordSets",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
+ "route53:GetHostedZone",
"route53domains:CheckDomainAvailability",
"route53domains:ListDomains",
"ses:*",
@@ -22792,7 +42057,8 @@ aws_managed_policies_data = """
"iam:ListRoles",
"logs:DescribeLogGroups",
"logs:CreateLogGroup",
- "logs:PutRetentionPolicy"
+ "logs:PutRetentionPolicy",
+ "cloudwatch:GetMetricData"
],
"Effect": "Allow",
"Resource": "*"
@@ -22834,14 +42100,66 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQVKNMT7SVATQ4AUY",
"PolicyName": "AmazonWorkMailFullAccess",
- "UpdateDate": "2019-05-13T15:21:29+00:00",
- "VersionId": "v6"
+ "UpdateDate": "2020-12-21T14:13:40+00:00",
+ "VersionId": "v10"
+ },
+ "AmazonWorkMailMessageFlowFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-02-11T11:08:35+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "workmailmessageflow:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ORQUVJL66",
+ "PolicyName": "AmazonWorkMailMessageFlowFullAccess",
+ "UpdateDate": "2021-02-11T11:08:35+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonWorkMailMessageFlowReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2021-01-28T12:40:08+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "workmailmessageflow:Get*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4M6UETQLYG",
+ "PolicyName": "AmazonWorkMailMessageFlowReadOnlyAccess",
+ "UpdateDate": "2021-01-28T12:40:08+00:00",
+ "VersionId": "v1"
},
"AmazonWorkMailReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:42+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -22854,7 +42172,8 @@ aws_managed_policies_data = """
"workmail:Search*",
"lambda:ListFunctions",
"iam:ListRoles",
- "logs:DescribeLogGroups"
+ "logs:DescribeLogGroups",
+ "cloudwatch:GetMetricData"
],
"Effect": "Allow",
"Resource": "*"
@@ -22868,8 +42187,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHF7J65E2QFKCWAJM",
"PolicyName": "AmazonWorkMailReadOnlyAccess",
- "UpdateDate": "2019-05-13T15:12:46+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-07-25T08:24:50+00:00",
+ "VersionId": "v4"
},
"AmazonWorkSpacesAdmin": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin",
@@ -22937,6 +42256,62 @@ aws_managed_policies_data = """
"UpdateDate": "2015-04-09T14:03:18+00:00",
"VersionId": "v1"
},
+ "AmazonWorkSpacesSelfServiceAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-27T19:22:52+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "workspaces:RebootWorkspaces",
+ "workspaces:RebuildWorkspaces",
+ "workspaces:ModifyWorkspaceProperties"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MLHUSTJAF",
+ "PolicyName": "AmazonWorkSpacesSelfServiceAccess",
+ "UpdateDate": "2019-06-27T19:22:52+00:00",
+ "VersionId": "v1"
+ },
+ "AmazonWorkSpacesServiceAccess": {
+ "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-27T19:19:09+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:CreateNetworkInterface",
+ "ec2:DeleteNetworkInterface",
+ "ec2:DescribeNetworkInterfaces"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4KRXBM753F",
+ "PolicyName": "AmazonWorkSpacesServiceAccess",
+ "UpdateDate": "2020-03-18T23:32:10+00:00",
+ "VersionId": "v2"
+ },
"AmazonZocaloFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonZocaloFullAccess",
"AttachmentCount": 0,
@@ -23397,9 +42772,9 @@ aws_managed_policies_data = """
},
"AutoScalingServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy",
- "AttachmentCount": 0,
+ "AttachmentCount": 1,
"CreateDate": "2018-01-08T23:10:55+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -23414,6 +42789,8 @@ aws_managed_policies_data = """
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
+ "ec2:StartInstances",
+ "ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
@@ -23473,6 +42850,23 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSManagement"
+ },
+ {
+ "Action": [
+ "events:PutRule",
+ "events:PutTargets",
+ "events:RemoveTargets",
+ "events:DeleteRule",
+ "events:DescribeRule"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "events:ManagedBy": "autoscaling.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "EventBridgeRuleManagement"
}
],
"Version": "2012-10-17"
@@ -23483,27 +42877,123 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIC5D2V7MRWBMHGD7G",
"PolicyName": "AutoScalingServiceRolePolicy",
- "UpdateDate": "2018-10-31T18:19:10+00:00",
+ "UpdateDate": "2021-02-05T01:37:46+00:00",
+ "VersionId": "v4"
+ },
+ "AwsGlueDataBrewFullAccessPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/AwsGlueDataBrewFullAccessPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-11T16:51:39+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "databrew:*",
+ "glue:GetDatabases",
+ "glue:GetPartitions",
+ "glue:GetTable",
+ "glue:GetTables",
+ "glue:GetDataCatalogEncryptionSettings",
+ "dataexchange:ListDataSets",
+ "dataexchange:ListDataSetRevisions",
+ "dataexchange:ListRevisionAssets",
+ "dataexchange:CreateJob",
+ "dataexchange:StartJob",
+ "dataexchange:GetJob",
+ "kms:DescribeKey",
+ "kms:ListKeys",
+ "kms:ListAliases",
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketCORS",
+ "s3:GetBucketLocation",
+ "s3:GetEncryptionConfiguration",
+ "sts:GetCallerIdentity",
+ "cloudtrail:LookupEvents",
+ "iam:ListRoles",
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:ListBucket",
+ "s3:GetObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::databrew-public-datasets-*"
+ ]
+ },
+ {
+ "Action": [
+ "kms:GenerateDataKey"
+ ],
+ "Condition": {
+ "StringLike": {
+ "kms:ViaService": "s3.*.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "databrew.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ACNRIK7M3",
+ "PolicyName": "AwsGlueDataBrewFullAccessPolicy",
+ "UpdateDate": "2020-11-12T23:04:55+00:00",
"VersionId": "v2"
},
"Billing": {
"Arn": "arn:aws:iam::aws:policy/job-function/Billing",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:33:18+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"aws-portal:*Billing",
- "awsbillingconsole:*Billing",
"aws-portal:*Usage",
- "awsbillingconsole:*Usage",
"aws-portal:*PaymentMethods",
- "awsbillingconsole:*PaymentMethods",
"budgets:ViewBudget",
"budgets:ModifyBudget",
- "cur:*"
+ "ce:UpdatePreferences",
+ "ce:CreateReport",
+ "ce:UpdateReport",
+ "ce:DeleteReport",
+ "ce:CreateNotificationSubscription",
+ "ce:UpdateNotificationSubscription",
+ "ce:DeleteNotificationSubscription",
+ "cur:DescribeReportDefinitions",
+ "cur:PutReportDefinition",
+ "cur:ModifyReportDefinition",
+ "cur:DeleteReportDefinition",
+ "purchase-orders:*PurchaseOrders"
],
"Effect": "Allow",
"Resource": "*"
@@ -23517,14 +43007,67 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFTHXT6FFMIRT7ZEA",
"PolicyName": "Billing",
- "UpdateDate": "2018-02-06T23:46:37+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-10-05T20:37:01+00:00",
+ "VersionId": "v5"
+ },
+ "CertificateManagerServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/CertificateManagerServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-25T17:56:49+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "acm-pca:IssueCertificate",
+ "acm-pca:GetCertificate"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4G2T4BX7CL",
+ "PolicyName": "CertificateManagerServiceRolePolicy",
+ "UpdateDate": "2020-06-25T17:56:49+00:00",
+ "VersionId": "v1"
+ },
+ "ClientVPNServiceConnectionsRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceConnectionsRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-12T19:48:06+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "lambda:InvokeFunction"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:lambda:*:*:function:AWSClientVPN-*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PG4VWZTEZ",
+ "PolicyName": "ClientVPNServiceConnectionsRolePolicy",
+ "UpdateDate": "2020-08-12T19:48:06+00:00",
+ "VersionId": "v1"
},
"ClientVPNServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-12-10T21:20:25+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -23541,14 +43084,15 @@ aws_managed_policies_data = """
"ds:AuthorizeApplication",
"ds:DescribeDirectories",
"ds:GetDirectoryLimits",
- "ds:ListAuthorizedApplications",
"ds:UnauthorizeApplication",
"logs:DescribeLogStreams",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"acm:GetCertificate",
- "acm:DescribeCertificate"
+ "acm:DescribeCertificate",
+ "iam:GetSAMLProvider",
+ "lambda:GetFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "*"
@@ -23562,14 +43106,93 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI2SV25KUCYQYS5N74",
"PolicyName": "ClientVPNServiceRolePolicy",
- "UpdateDate": "2019-01-16T22:22:28+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-08-12T19:39:34+00:00",
+ "VersionId": "v5"
+ },
+ "CloudFormationStackSetsOrgAdminServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgAdminServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-10T00:20:05+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "organizations:List*",
+ "organizations:Describe*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "AllowsAWSOrganizationsReadAPIs"
+ },
+ {
+ "Action": "sts:AssumeRole",
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/stacksets-exec-*",
+ "Sid": "AllowAssumeRoleInMemberAccounts"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JEQ3CDBDV",
+ "PolicyName": "CloudFormationStackSetsOrgAdminServiceRolePolicy",
+ "UpdateDate": "2019-12-10T00:20:05+00:00",
+ "VersionId": "v1"
+ },
+ "CloudFormationStackSetsOrgMemberServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-09T23:52:37+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iam:CreateRole",
+ "iam:DeleteRole",
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/stacksets-exec-*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:DetachRolePolicy",
+ "iam:AttachRolePolicy"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PolicyARN": "arn:aws:iam::aws:policy/AdministratorAccess"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/stacksets-exec-*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LHV6H6QDU",
+ "PolicyName": "CloudFormationStackSetsOrgMemberServiceRolePolicy",
+ "UpdateDate": "2019-12-09T23:52:37+00:00",
+ "VersionId": "v1"
},
"CloudFrontFullAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudFrontFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:50+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -23585,10 +43208,27 @@ aws_managed_policies_data = """
"cloudfront:*",
"iam:ListServerCertificates",
"waf:ListWebACLs",
- "waf:GetWebACL"
+ "waf:GetWebACL",
+ "wafv2:ListWebACLs",
+ "wafv2:GetWebACL",
+ "kinesis:ListStreams"
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "kinesis:DescribeStream"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:kinesis:*:*:*"
+ },
+ {
+ "Action": [
+ "iam:ListRoles"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:*"
}
],
"Version": "2012-10-17"
@@ -23599,14 +43239,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPRV52SH6HDCCFY6U",
"PolicyName": "CloudFrontFullAccess",
- "UpdateDate": "2016-01-21T17:03:57+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-09-03T20:18:42+00:00",
+ "VersionId": "v6"
},
"CloudFrontReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:55+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -23617,7 +43257,9 @@ aws_managed_policies_data = """
"iam:ListServerCertificates",
"route53:List*",
"waf:ListWebACLs",
- "waf:GetWebACL"
+ "waf:GetWebACL",
+ "wafv2:ListWebACLs",
+ "wafv2:GetWebACL"
],
"Effect": "Allow",
"Resource": "*"
@@ -23631,8 +43273,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJJZMNYOTZCNQP36LG",
"PolicyName": "CloudFrontReadOnlyAccess",
- "UpdateDate": "2016-01-21T17:03:28+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-02-19T19:49:16+00:00",
+ "VersionId": "v4"
},
"CloudHSMServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudHSMServiceRolePolicy",
@@ -23758,6 +43400,34 @@ aws_managed_policies_data = """
"UpdateDate": "2018-10-24T21:21:44+00:00",
"VersionId": "v1"
},
+ "CloudWatch-CrossAccountAccess": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudWatch-CrossAccountAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-23T09:59:27+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sts:AssumeRole"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/CloudWatch-CrossAccountSharing*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4OV6AFDA5J",
+ "PolicyName": "CloudWatch-CrossAccountAccess",
+ "UpdateDate": "2019-07-23T09:59:27+00:00",
+ "VersionId": "v1"
+ },
"CloudWatchActionsEC2Access": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access",
"AttachmentCount": 0,
@@ -23832,12 +43502,13 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy",
"AttachmentCount": 0,
"CreateDate": "2018-03-07T01:06:44+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
+ "ec2:DescribeVolumes",
"ec2:DescribeTags",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
@@ -23864,9 +43535,141 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIGOPKN7KRDAKTLG4I",
"PolicyName": "CloudWatchAgentServerPolicy",
- "UpdateDate": "2018-03-07T01:06:44+00:00",
+ "UpdateDate": "2019-10-17T23:08:51+00:00",
+ "VersionId": "v2"
+ },
+ "CloudWatchApplicationInsightsFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-24T18:44:14+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "applicationinsights:*",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "application-insights.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MSQN23AKX",
+ "PolicyName": "CloudWatchApplicationInsightsFullAccess",
+ "UpdateDate": "2020-11-24T18:44:14+00:00",
"VersionId": "v1"
},
+ "CloudWatchApplicationInsightsReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-24T18:48:00+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "applicationinsights:Describe*",
+ "applicationinsights:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AX4TJYLSI",
+ "PolicyName": "CloudWatchApplicationInsightsReadOnlyAccess",
+ "UpdateDate": "2020-11-24T18:48:00+00:00",
+ "VersionId": "v1"
+ },
+ "CloudWatchAutomaticDashboardsAccess": {
+ "Arn": "arn:aws:iam::aws:policy/CloudWatchAutomaticDashboardsAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-23T10:01:08+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "autoscaling:DescribeAutoScalingGroups",
+ "cloudfront:GetDistribution",
+ "cloudfront:ListDistributions",
+ "dynamodb:DescribeTable",
+ "dynamodb:ListTables",
+ "ec2:DescribeInstances",
+ "ec2:DescribeVolumes",
+ "ecs:DescribeClusters",
+ "ecs:DescribeContainerInstances",
+ "ecs:ListClusters",
+ "ecs:ListContainerInstances",
+ "ecs:ListServices",
+ "elasticache:DescribeCacheClusters",
+ "elasticbeanstalk:DescribeEnvironments",
+ "elasticfilesystem:DescribeFileSystems",
+ "elasticloadbalancing:DescribeLoadBalancers",
+ "kinesis:DescribeStream",
+ "kinesis:ListStreams",
+ "lambda:GetFunction",
+ "lambda:ListFunctions",
+ "rds:DescribeDBClusters",
+ "rds:DescribeDBInstances",
+ "resource-groups:ListGroupResources",
+ "resource-groups:ListGroups",
+ "route53:GetHealthCheck",
+ "route53:ListHealthChecks",
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "sns:ListTopics",
+ "sqs:GetQueueAttributes",
+ "sqs:GetQueueUrl",
+ "sqs:ListQueues",
+ "tag:GetResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "apigateway:GET"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:apigateway:*::/restapis*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JFCXGSE2Q",
+ "PolicyName": "CloudWatchAutomaticDashboardsAccess",
+ "UpdateDate": "2020-12-18T17:48:20+00:00",
+ "VersionId": "v3"
+ },
"CloudWatchEventsBuiltInTargetExecutionAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess",
"AttachmentCount": 0,
@@ -24065,6 +43868,38 @@ aws_managed_policies_data = """
"UpdateDate": "2018-08-09T19:10:43+00:00",
"VersionId": "v3"
},
+ "CloudWatchLambdaInsightsExecutionRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-10-07T19:27:06+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "logs:CreateLogGroup",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda-insights:*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EDWWYYDS6",
+ "PolicyName": "CloudWatchLambdaInsightsExecutionRolePolicy",
+ "UpdateDate": "2020-10-07T19:27:06+00:00",
+ "VersionId": "v1"
+ },
"CloudWatchLogsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
"AttachmentCount": 0,
@@ -24127,7 +43962,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:01+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -24138,6 +43973,8 @@ aws_managed_policies_data = """
"cloudwatch:List*",
"logs:Get*",
"logs:List*",
+ "logs:StartQuery",
+ "logs:StopQuery",
"logs:Describe*",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
@@ -24156,14 +43993,215 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJN23PDQP7SZQAE3QE",
"PolicyName": "CloudWatchReadOnlyAccess",
- "UpdateDate": "2018-05-10T21:40:42+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-07-17T17:49:09+00:00",
+ "VersionId": "v4"
+ },
+ "CloudWatchSyntheticsFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-25T17:39:46+00:00",
+ "DefaultVersionId": "v5",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "synthetics:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:CreateBucket",
+ "s3:PutBucketEncryption",
+ "s3:PutEncryptionConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::cw-syn-results-*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:ListRoles",
+ "s3:ListAllMyBuckets",
+ "s3:GetBucketLocation",
+ "xray:GetTraceSummaries",
+ "xray:BatchGetTraces",
+ "apigateway:GET"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetObject",
+ "s3:ListBucket"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::cw-syn-*"
+ },
+ {
+ "Action": [
+ "s3:GetObjectVersion"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::aws-synthetics-library-*"
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "lambda.amazonaws.com",
+ "synthetics.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudwatch:GetMetricData",
+ "cloudwatch:GetMetricStatistics"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudwatch:PutMetricAlarm",
+ "cloudwatch:DeleteAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudwatch:*:*:alarm:Synthetics-*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudwatch:DescribeAlarms"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:cloudwatch:*:*:alarm:*"
+ ]
+ },
+ {
+ "Action": [
+ "lambda:CreateFunction",
+ "lambda:AddPermission",
+ "lambda:PublishVersion",
+ "lambda:UpdateFunctionConfiguration",
+ "lambda:GetFunctionConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:function:cwsyn-*"
+ ]
+ },
+ {
+ "Action": [
+ "lambda:GetLayerVersionByArn",
+ "lambda:GetLayerVersion",
+ "lambda:PublishLayerVersion"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:lambda:*:*:layer:cwsyn-*",
+ "arn:aws:lambda:*:*:layer:Synthetics:*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeSecurityGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "sns:ListTopics"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "sns:CreateTopic",
+ "sns:Subscribe",
+ "sns:ListSubscriptionsByTopic"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:*:sns:*:*:Synthetics-*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MAGQWEZP4",
+ "PolicyName": "CloudWatchSyntheticsFullAccess",
+ "UpdateDate": "2021-01-27T20:12:41+00:00",
+ "VersionId": "v5"
+ },
+ "CloudWatchSyntheticsReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-25T17:45:40+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "synthetics:Describe*",
+ "synthetics:Get*",
+ "synthetics:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4C7XDT2FFB",
+ "PolicyName": "CloudWatchSyntheticsReadOnlyAccess",
+ "UpdateDate": "2020-03-06T19:26:01+00:00",
+ "VersionId": "v2"
},
"CloudwatchApplicationInsightsServiceLinkedRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-12-01T16:22:12+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v12",
"Document": {
"Statement": [
{
@@ -24173,7 +44211,10 @@ aws_managed_policies_data = """
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
- "cloudwatch:DeleteAlarms"
+ "cloudwatch:DeleteAlarms",
+ "cloudwatch:PutAnomalyDetector",
+ "cloudwatch:DeleteAnomalyDetector",
+ "cloudwatch:DescribeAnomalyDetectors"
],
"Effect": "Allow",
"Resource": [
@@ -24182,6 +44223,7 @@ aws_managed_policies_data = """
},
{
"Action": [
+ "logs:FilterLogEvents",
"logs:GetLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups"
@@ -24204,7 +44246,8 @@ aws_managed_policies_data = """
"Action": [
"cloudFormation:CreateStack",
"cloudFormation:UpdateStack",
- "cloudFormation:DeleteStack"
+ "cloudFormation:DeleteStack",
+ "cloudFormation:DescribeStackResources"
],
"Effect": "Allow",
"Resource": [
@@ -24265,7 +44308,9 @@ aws_managed_policies_data = """
"Action": [
"ssm:PutParameter",
"ssm:DeleteParameter",
- "ssm:AddTagsToResource"
+ "ssm:AddTagsToResource",
+ "ssm:RemoveTagsFromResource",
+ "ssm:GetParameters"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-ApplicationInsights-*"
@@ -24302,7 +44347,122 @@ aws_managed_policies_data = """
},
{
"Action": [
- "ec2:DescribeInstances"
+ "ssm:ListCommandInvocations"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*",
+ "arn:aws:ssm:*:*:document/AWSEC2-CheckPerformanceCounterSets",
+ "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage",
+ "arn:aws:ssm:*:*:document/AWSEC2-DetectWorkload"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:DescribeInstances",
+ "ec2:DescribeVolumes",
+ "ec2:DescribeVolumeStatus"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "rds:DescribeDBInstances",
+ "rds:DescribeDBClusters"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "lambda:GetFunctionConfiguration",
+ "lambda:ListEventSourceMappings"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "events:PutRule",
+ "events:PutTargets",
+ "events:RemoveTargets",
+ "events:DeleteRule"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:events:*:*:rule/AmazonCloudWatch-ApplicationInsights-*"
+ ]
+ },
+ {
+ "Action": [
+ "xray:GetServiceGraph",
+ "xray:GetTraceSummaries",
+ "xray:GetTimeSeriesServiceStatistics",
+ "xray:GetTraceGraph"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "dynamodb:DescribeTable",
+ "dynamodb:DescribeContributorInsights",
+ "dynamodb:DescribeTimeToLive"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "application-autoscaling:DescribeScalableTargets"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "s3:GetMetricsConfiguration",
+ "s3:GetReplicationConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "states:DescribeExecution",
+ "states:DescribeStateMachine",
+ "states:GetExecutionHistory"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "apigateway:GET"
],
"Effect": "Allow",
"Resource": [
@@ -24318,8 +44478,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJH3SHQERZRQMQOQ44",
"PolicyName": "CloudwatchApplicationInsightsServiceLinkedRolePolicy",
- "UpdateDate": "2019-05-24T18:26:41+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2021-01-19T20:27:15+00:00",
+ "VersionId": "v12"
},
"ComprehendDataAccessRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/ComprehendDataAccessRolePolicy",
@@ -24411,7 +44571,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/ComprehendReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T18:10:19+00:00",
- "DefaultVersionId": "v5",
+ "DefaultVersionId": "v7",
"Document": {
"Statement": [
{
@@ -24422,10 +44582,12 @@ aws_managed_policies_data = """
"comprehend:BatchDetectEntities",
"comprehend:DetectKeyPhrases",
"comprehend:BatchDetectKeyPhrases",
+ "comprehend:DetectPiiEntities",
"comprehend:DetectSentiment",
"comprehend:BatchDetectSentiment",
"comprehend:DetectSyntax",
"comprehend:BatchDetectSyntax",
+ "comprehend:ClassifyDocument",
"comprehend:DescribeTopicsDetectionJob",
"comprehend:ListTopicsDetectionJobs",
"comprehend:DescribeDominantLanguageDetectionJob",
@@ -24434,6 +44596,8 @@ aws_managed_policies_data = """
"comprehend:ListEntitiesDetectionJobs",
"comprehend:DescribeKeyPhrasesDetectionJob",
"comprehend:ListKeyPhrasesDetectionJobs",
+ "comprehend:DescribePiiEntitiesDetectionJob",
+ "comprehend:ListPiiEntitiesDetectionJobs",
"comprehend:DescribeSentimentDetectionJob",
"comprehend:ListSentimentDetectionJobs",
"comprehend:DescribeDocumentClassifier",
@@ -24441,7 +44605,10 @@ aws_managed_policies_data = """
"comprehend:DescribeDocumentClassificationJob",
"comprehend:ListDocumentClassificationJobs",
"comprehend:DescribeEntityRecognizer",
- "comprehend:ListEntityRecognizers"
+ "comprehend:ListEntityRecognizers",
+ "comprehend:ListTagsForResource",
+ "comprehend:DescribeEndpoint",
+ "comprehend:ListEndpoints"
],
"Effect": "Allow",
"Resource": "*"
@@ -24455,8 +44622,204 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJIUV5K2YCHQBBAH7G",
"PolicyName": "ComprehendReadOnly",
- "UpdateDate": "2018-11-20T01:54:51+00:00",
- "VersionId": "v5"
+ "UpdateDate": "2020-09-17T19:01:28+00:00",
+ "VersionId": "v7"
+ },
+ "ComputeOptimizerReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ComputeOptimizerReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-03-07T00:11:02+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "compute-optimizer:DescribeRecommendationExportJobs",
+ "compute-optimizer:GetEnrollmentStatus",
+ "compute-optimizer:GetRecommendationSummaries",
+ "compute-optimizer:GetEC2InstanceRecommendations",
+ "compute-optimizer:GetEC2RecommendationProjectedMetrics",
+ "compute-optimizer:GetAutoScalingGroupRecommendations",
+ "compute-optimizer:GetEBSVolumeRecommendations",
+ "compute-optimizer:GetLambdaFunctionRecommendations",
+ "ec2:DescribeInstances",
+ "ec2:DescribeVolumes",
+ "autoscaling:DescribeAutoScalingGroups",
+ "lambda:ListFunctions",
+ "lambda:ListProvisionedConcurrencyConfigs",
+ "cloudwatch:GetMetricData",
+ "organizations:ListAccounts",
+ "organizations:DescribeOrganization",
+ "organizations:DescribeAccount"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FI27MEARJ",
+ "PolicyName": "ComputeOptimizerReadOnlyAccess",
+ "UpdateDate": "2020-12-23T18:00:54+00:00",
+ "VersionId": "v3"
+ },
+ "ComputeOptimizerServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-03T08:45:19+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "compute-optimizer:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ComputeOptimizerFullAccess"
+ },
+ {
+ "Action": [
+ "organizations:DescribeOrganization",
+ "organizations:ListAccounts",
+ "organizations:ListAWSServiceAccessForOrganization"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "AwsOrgsAccess"
+ },
+ {
+ "Action": [
+ "cloudwatch:GetMetricData"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "CloudWatchAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4HPOQZNRNJ",
+ "PolicyName": "ComputeOptimizerServiceRolePolicy",
+ "UpdateDate": "2019-12-03T08:45:19+00:00",
+ "VersionId": "v1"
+ },
+ "ConfigConformsServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-25T21:38:05+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "config:PutConfigRule",
+ "config:DeleteConfigRule",
+ "config:DescribeConfigRules"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*"
+ },
+ {
+ "Action": [
+ "config:DescribeRemediationConfigurations",
+ "config:DeleteRemediationConfiguration",
+ "config:PutRemediationConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.amazonaws.com*"
+ },
+ {
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/*"
+ },
+ {
+ "Action": [
+ "iam:GetRole"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": "remediation.config.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "ssm.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ssm:DescribeDocument",
+ "ssm:GetDocument"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:PutObject",
+ "s3:PutObjectAcl",
+ "s3:GetObject",
+ "s3:GetBucketAcl"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::awsconfigconforms*"
+ },
+ {
+ "Action": [
+ "cloudformation:CreateStack",
+ "cloudformation:DeleteStack",
+ "cloudformation:DescribeStackEvents",
+ "cloudformation:DescribeStackResource",
+ "cloudformation:DescribeStackResources",
+ "cloudformation:DescribeStacks",
+ "cloudformation:GetStackPolicy",
+ "cloudformation:SetStackPolicy",
+ "cloudformation:UpdateStack",
+ "cloudformation:UpdateTerminationProtection",
+ "cloudformation:ValidateTemplate",
+ "cloudformation:ListStackResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudformation:*:*:stack/awsconfigconforms-*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4BCH3IIJPN",
+ "PolicyName": "ConfigConformsServiceRolePolicy",
+ "UpdateDate": "2019-11-13T18:29:21+00:00",
+ "VersionId": "v4"
},
"DAXServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/DAXServiceRolePolicy",
@@ -24499,7 +44862,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/job-function/DataScientist",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:28:48+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -24527,6 +44890,7 @@ aws_managed_policies_data = """
"elasticmapreduce:*",
"es:*",
"firehose:*",
+ "fsx:DescribeFileSystems",
"iam:GetInstanceProfile",
"iam:GetRole",
"iam:GetPolicy",
@@ -24552,8 +44916,7 @@ aws_managed_policies_data = """
"s3:CreateBucket",
"sns:CreateTopic",
"sns:Get*",
- "sns:List*",
- "sagemaker:*"
+ "sns:List*"
],
"Effect": "Allow",
"Resource": "*"
@@ -24565,6 +44928,7 @@ aws_managed_policies_data = """
"s3:Get*",
"s3:List*",
"s3:PutAccelerateConfiguration",
+ "s3:PutBucketCors",
"s3:PutBucketLogging",
"s3:PutBucketNotification",
"s3:PutBucketTagging",
@@ -24611,6 +44975,47 @@ aws_managed_policies_data = """
},
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "sagemaker:*"
+ ],
+ "Effect": "Allow",
+ "NotResource": [
+ "arn:aws:sagemaker:*:*:domain/*",
+ "arn:aws:sagemaker:*:*:user-profile/*",
+ "arn:aws:sagemaker:*:*:app/*",
+ "arn:aws:sagemaker:*:*:flow-definition/*"
+ ]
+ },
+ {
+ "Action": [
+ "sagemaker:CreatePresignedDomainUrl",
+ "sagemaker:DescribeDomain",
+ "sagemaker:ListDomains",
+ "sagemaker:DescribeUserProfile",
+ "sagemaker:ListUserProfiles",
+ "sagemaker:*App",
+ "sagemaker:ListApps"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "sagemaker:*FlowDefinition",
+ "sagemaker:*FlowDefinitions"
+ ],
+ "Condition": {
+ "StringEqualsIfExists": {
+ "sagemaker:WorkteamType": [
+ "private-crowd",
+ "vendor-crowd"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -24621,8 +45026,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5YHI2BQW7EQFYDXS",
"PolicyName": "DataScientist",
- "UpdateDate": "2019-01-18T19:26:23+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-12-03T16:48:34+00:00",
+ "VersionId": "v5"
},
"DatabaseAdministrator": {
"Arn": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator",
@@ -24737,11 +45142,83 @@ aws_managed_policies_data = """
"UpdateDate": "2019-01-08T00:48:02+00:00",
"VersionId": "v2"
},
+ "DynamoDBCloudWatchContributorInsightsServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-15T21:13:58+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "cloudwatch:DeleteInsightRules",
+ "cloudwatch:PutInsightRule"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*"
+ },
+ {
+ "Action": [
+ "cloudwatch:DescribeInsightRules"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4G4VWJTRGV",
+ "PolicyName": "DynamoDBCloudWatchContributorInsightsServiceRolePolicy",
+ "UpdateDate": "2019-11-15T21:13:58+00:00",
+ "VersionId": "v1"
+ },
+ "DynamoDBKinesisReplicationServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-12T00:43:25+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "kms:GenerateDataKey",
+ "Condition": {
+ "StringLike": {
+ "kms:ViaService": "kinesis.*.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kinesis:PutRecord",
+ "kinesis:PutRecords",
+ "kinesis:DescribeStream"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4A745YPIYL",
+ "PolicyName": "DynamoDBKinesisReplicationServiceRolePolicy",
+ "UpdateDate": "2020-11-12T00:43:25+00:00",
+ "VersionId": "v1"
+ },
"DynamoDBReplicationServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-09T23:55:34+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -24751,11 +45228,14 @@ aws_managed_policies_data = """
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable",
+ "dynamodb:UpdateTable",
"dynamodb:Scan",
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:DescribeTimeToLive",
+ "dynamodb:UpdateTimeToLive",
+ "dynamodb:DescribeLimits",
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:PutScalingPolicy",
@@ -24787,14 +45267,296 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJCUNRXL4BWASNJED2",
"PolicyName": "DynamoDBReplicationServiceRolePolicy",
- "UpdateDate": "2018-07-02T21:48:12+00:00",
+ "UpdateDate": "2020-09-09T18:43:04+00:00",
+ "VersionId": "v6"
+ },
+ "EC2FleetTimeShiftableServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/EC2FleetTimeShiftableServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-23T19:47:15+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DescribeImages",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeInstances",
+ "ec2:RunInstances",
+ "ec2:CreateFleet"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "iam:PassRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": [
+ "ec2.amazonaws.com",
+ "ec2.amazonaws.com.cn"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*",
+ "arn:aws:ec2:*:*:spot-instances-request/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:TerminateInstances"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:ec2:fleet-id": "*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IU3TFNWBH",
+ "PolicyName": "EC2FleetTimeShiftableServiceRolePolicy",
+ "UpdateDate": "2019-12-23T19:47:15+00:00",
+ "VersionId": "v1"
+ },
+ "EC2InstanceConnect": {
+ "Arn": "arn:aws:iam::aws:policy/EC2InstanceConnect",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-27T18:53:34+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ec2:DescribeInstances",
+ "ec2-instance-connect:SendSSHPublicKey"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "EC2InstanceConnect"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PBRCMEYY5",
+ "PolicyName": "EC2InstanceConnect",
+ "UpdateDate": "2019-06-27T18:53:34+00:00",
+ "VersionId": "v1"
+ },
+ "EC2InstanceProfileForImageBuilder": {
+ "Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-01T19:08:23+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "imagebuilder:GetComponent"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:Decrypt"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "imagebuilder.amazonaws.com"
+ ],
+ "kms:EncryptionContextKeys": "aws:imagebuilder:arn"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetObject"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::ec2imagebuilder*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EJC2UPLYL",
+ "PolicyName": "EC2InstanceProfileForImageBuilder",
+ "UpdateDate": "2020-08-27T16:40:50+00:00",
"VersionId": "v3"
},
+ "EC2InstanceProfileForImageBuilderECRContainerBuilds": {
+ "Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-11T19:48:15+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "imagebuilder:GetComponent",
+ "imagebuilder:GetContainerRecipe",
+ "ecr:GetAuthorizationToken",
+ "ecr:BatchGetImage",
+ "ecr:InitiateLayerUpload",
+ "ecr:UploadLayerPart",
+ "ecr:CompleteLayerUpload",
+ "ecr:BatchCheckLayerAvailability",
+ "ecr:GetDownloadUrlForLayer",
+ "ecr:PutImage"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "kms:Decrypt"
+ ],
+ "Condition": {
+ "ForAnyValue:StringEquals": {
+ "aws:CalledVia": [
+ "imagebuilder.amazonaws.com"
+ ],
+ "kms:EncryptionContextKeys": "aws:imagebuilder:arn"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "s3:GetObject"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::ec2imagebuilder*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "logs:PutLogEvents"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4C32QNC6KD",
+ "PolicyName": "EC2InstanceProfileForImageBuilderECRContainerBuilds",
+ "UpdateDate": "2020-12-11T19:48:15+00:00",
+ "VersionId": "v1"
+ },
+ "ECRReplicationServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-04T22:11:28+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "ecr:CreateRepository",
+ "ecr:ReplicateImage"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NS3XDKIDR",
+ "PolicyName": "ECRReplicationServiceRolePolicy",
+ "UpdateDate": "2020-12-04T22:11:28+00:00",
+ "VersionId": "v1"
+ },
+ "Ec2ImageBuilderCrossAccountDistributionAccess": {
+ "Arn": "arn:aws:iam::aws:policy/Ec2ImageBuilderCrossAccountDistributionAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-30T19:22:54+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "ec2:CreateTags",
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*::image/*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeImages",
+ "ec2:CopyImage",
+ "ec2:ModifyImageAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4PHZOLIXKT",
+ "PolicyName": "Ec2ImageBuilderCrossAccountDistributionAccess",
+ "UpdateDate": "2020-09-30T19:22:54+00:00",
+ "VersionId": "v1"
+ },
"ElastiCacheServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-12-07T17:50:04+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -24810,7 +45572,12 @@ aws_managed_policies_data = """
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
- "ec2:RevokeSecurityGroupIngress"
+ "ec2:RevokeSecurityGroupIngress",
+ "cloudwatch:PutMetricData",
+ "outposts:GetOutpost",
+ "outposts:GetOutpostInstanceTypes",
+ "outposts:ListOutposts",
+ "outposts:ListSites"
],
"Effect": "Allow",
"Resource": "*"
@@ -24824,14 +45591,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIML5LIBUZBVCSF7PI",
"PolicyName": "ElastiCacheServiceRolePolicy",
- "UpdateDate": "2017-12-07T17:50:04+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-02-06T21:27:13+00:00",
+ "VersionId": "v3"
},
"ElasticLoadBalancingFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-09-20T20:42:07+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -24852,6 +45619,8 @@ aws_managed_policies_data = """
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeRouteTables",
+ "ec2:DescribeCoipPools",
+ "ec2:GetCoipPoolUsage",
"cognito-idp:DescribeUserPoolClient"
],
"Effect": "Allow",
@@ -24876,8 +45645,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIDPMLA3IUIOQCISJ4",
"PolicyName": "ElasticLoadBalancingFullAccess",
- "UpdateDate": "2019-03-25T21:33:12+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-12-04T20:01:39+00:00",
+ "VersionId": "v5"
},
"ElasticLoadBalancingReadOnly": {
"Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingReadOnly",
@@ -24912,11 +45681,201 @@ aws_managed_policies_data = """
"UpdateDate": "2018-09-20T20:17:09+00:00",
"VersionId": "v1"
},
+ "ElementalActivationsDownloadSoftwareAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ElementalActivationsDownloadSoftwareAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-08T17:26:09+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elemental-activations:Get*",
+ "elemental-activations:Download*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IQVGBB6WY",
+ "PolicyName": "ElementalActivationsDownloadSoftwareAccess",
+ "UpdateDate": "2020-09-08T17:26:09+00:00",
+ "VersionId": "v1"
+ },
+ "ElementalActivationsFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ElementalActivationsFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-06-04T21:00:13+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elemental-activations:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IYX6A6CKJ",
+ "PolicyName": "ElementalActivationsFullAccess",
+ "UpdateDate": "2020-06-04T21:00:13+00:00",
+ "VersionId": "v1"
+ },
+ "ElementalActivationsGenerateLicenses": {
+ "Arn": "arn:aws:iam::aws:policy/ElementalActivationsGenerateLicenses",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-28T18:28:58+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elemental-activations:Get*",
+ "elemental-activations:GenerateLicenses",
+ "elemental-activations:StartFileUpload",
+ "elemental-activations:CompleteFileUpload"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LVMPXPYYJ",
+ "PolicyName": "ElementalActivationsGenerateLicenses",
+ "UpdateDate": "2020-08-28T18:28:58+00:00",
+ "VersionId": "v1"
+ },
+ "ElementalActivationsReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ElementalActivationsReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-28T16:51:01+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elemental-activations:Get*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JBRIPMTYG",
+ "PolicyName": "ElementalActivationsReadOnlyAccess",
+ "UpdateDate": "2020-08-28T16:51:01+00:00",
+ "VersionId": "v1"
+ },
+ "ElementalAppliancesSoftwareFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-07-31T16:28:53+00:00",
+ "DefaultVersionId": "v4",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elemental-appliances-software:*",
+ "elemental-activations:CompleteAccountRegistration"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4DHARJPIR5",
+ "PolicyName": "ElementalAppliancesSoftwareFullAccess",
+ "UpdateDate": "2021-02-05T21:01:25+00:00",
+ "VersionId": "v4"
+ },
+ "ElementalAppliancesSoftwareReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-04-01T22:31:09+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elemental-appliances-software:List*",
+ "elemental-appliances-software:Get*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4CLKYU5WOM",
+ "PolicyName": "ElementalAppliancesSoftwareReadOnlyAccess",
+ "UpdateDate": "2020-04-01T22:31:09+00:00",
+ "VersionId": "v1"
+ },
+ "ElementalSupportCenterFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ElementalSupportCenterFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-25T18:08:30+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "elemental-support-cases:*",
+ "elemental-support-content:*",
+ "elemental-activations:CompleteAccountRegistration"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ECPR57WVQ",
+ "PolicyName": "ElementalSupportCenterFullAccess",
+ "UpdateDate": "2021-02-05T21:02:54+00:00",
+ "VersionId": "v2"
+ },
"FMSServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/FMSServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-03-28T23:01:12+00:00",
- "DefaultVersionId": "v7",
+ "DefaultVersionId": "v17",
"Document": {
"Statement": [
{
@@ -24935,7 +45894,8 @@ aws_managed_policies_data = """
"waf-regional:AssociateWebACL",
"waf-regional:DisassociateWebACL",
"elasticloadbalancing:SetWebACL",
- "apigateway:SetWebACL"
+ "apigateway:SetWebACL",
+ "elasticloadbalancing:SetSecurityGroups"
],
"Effect": "Allow",
"Resource": [
@@ -24947,6 +45907,19 @@ aws_managed_policies_data = """
"arn:aws:apigateway:*::/restapis/*/stages/*"
]
},
+ {
+ "Action": [
+ "wafv2:PutLoggingConfiguration",
+ "wafv2:GetLoggingConfiguration",
+ "wafv2:ListLoggingConfigurations",
+ "wafv2:DeleteLoggingConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:wafv2:*:*:regional/webacl/*",
+ "arn:aws:wafv2:*:*:global/webacl/*"
+ ]
+ },
{
"Action": [
"waf:CreateWebACL",
@@ -24960,6 +45933,13 @@ aws_managed_policies_data = """
"arn:aws:waf-regional:*"
]
},
+ {
+ "Action": [
+ "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"waf:PutPermissionPolicy",
@@ -24981,7 +45961,8 @@ aws_managed_policies_data = """
"Action": [
"cloudfront:GetDistribution",
"cloudfront:UpdateDistribution",
- "cloudfront:ListDistributionsByWebACLId"
+ "cloudfront:ListDistributionsByWebACLId",
+ "cloudfront:ListDistributions"
],
"Effect": "Allow",
"Resource": "*"
@@ -25009,7 +45990,9 @@ aws_managed_policies_data = """
"config:DescribeDeliveryChannels",
"config:DescribeDeliveryChannelStatus",
"config:GetComplianceSummaryByConfigRule",
- "config:GetDiscoveredResourceCounts"
+ "config:GetDiscoveredResourceCounts",
+ "config:PutEvaluations",
+ "config:SelectResourceConfig"
],
"Effect": "Allow",
"Resource": "*"
@@ -25028,7 +46011,13 @@ aws_managed_policies_data = """
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
- "organizations:ListAccounts"
+ "organizations:ListAccounts",
+ "organizations:DescribeOrganizationalUnit",
+ "organizations:ListChildren",
+ "organizations:ListRoots",
+ "organizations:ListParents",
+ "organizations:ListOrganizationalUnitsForParent",
+ "organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": [
@@ -25053,6 +46042,313 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:AuthorizeSecurityGroupEgress",
+ "ec2:AuthorizeSecurityGroupIngress",
+ "ec2:DeleteSecurityGroup",
+ "ec2:RevokeSecurityGroupEgress",
+ "ec2:RevokeSecurityGroupIngress",
+ "ec2:UpdateSecurityGroupRuleDescriptionsEgress",
+ "ec2:UpdateSecurityGroupRuleDescriptionsIngress",
+ "ec2:DescribeNetworkInterfaceAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:network-interface/*",
+ "arn:aws:ec2:*:*:security-group/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:security-group/*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:CreateSecurityGroup",
+ "ec2:DescribeSecurityGroupReferences",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeStaleSecurityGroups",
+ "ec2:DescribeNetworkInterfaces",
+ "ec2:ModifyNetworkInterfaceAttribute",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeVpcPeeringConnections"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": [
+ "wafv2:TagResource",
+ "wafv2:ListResourcesForWebACL",
+ "wafv2:AssociateWebACL",
+ "wafv2:ListTagsForResource",
+ "wafv2:UntagResource",
+ "wafv2:GetWebACL",
+ "wafv2:DisassociateFirewallManager",
+ "wafv2:DeleteWebACL",
+ "wafv2:DisassociateWebACL"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:wafv2:*:*:global/webacl/*",
+ "arn:aws:wafv2:*:*:regional/webacl/*"
+ ]
+ },
+ {
+ "Action": [
+ "wafv2:UpdateWebACL",
+ "wafv2:CreateWebACL",
+ "wafv2:DeleteFirewallManagerRuleGroups",
+ "wafv2:PutFirewallManagerRuleGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:wafv2:*:*:global/webacl/*",
+ "arn:aws:wafv2:*:*:regional/webacl/*",
+ "arn:aws:wafv2:*:*:global/rulegroup/*",
+ "arn:aws:wafv2:*:*:regional/rulegroup/*",
+ "arn:aws:wafv2:*:*:global/managedruleset/*",
+ "arn:aws:wafv2:*:*:regional/managedruleset/*",
+ "arn:aws:wafv2:*:*:global/ipset/*",
+ "arn:aws:wafv2:*:*:regional/ipset/*",
+ "arn:aws:wafv2:*:*:global/regexpatternset/*",
+ "arn:aws:wafv2:*:*:regional/regexpatternset/*"
+ ]
+ },
+ {
+ "Action": [
+ "wafv2:PutPermissionPolicy",
+ "wafv2:GetPermissionPolicy",
+ "wafv2:DeletePermissionPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:wafv2:*:*:global/rulegroup/*",
+ "arn:aws:wafv2:*:*:regional/rulegroup/*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudfront:ListTagsForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "wafv2:GetWebACLForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:wafv2:*:*:regional/webacl/*"
+ ]
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": [
+ "Name",
+ "FMManaged"
+ ]
+ },
+ "StringEquals": {
+ "ec2:CreateAction": "CreateRouteTable"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:route-table/*"
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": [
+ "Name",
+ "FMManaged"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:subnet/*"
+ ]
+ },
+ {
+ "Action": "ec2:DeleteRouteTable",
+ "Condition": {
+ "StringEquals": {
+ "ec2:ResourceTag/FMManaged": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:route-table/*"
+ },
+ {
+ "Action": [
+ "ec2:AssociateRouteTable",
+ "ec2:CreateSubnet",
+ "ec2:CreateRouteTable",
+ "ec2:DeleteSubnet",
+ "ec2:DisassociateRouteTable",
+ "ec2:ReplaceRouteTableAssociation"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeInternetGateways",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeTags",
+ "ec2:DescribeVpcEndpoints"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ram:TagResource"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": [
+ "Name",
+ "FMManaged"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ram:*:*:resource-share/*"
+ ]
+ },
+ {
+ "Action": [
+ "ram:AssociateResourceShare",
+ "ram:UpdateResourceShare",
+ "ram:DeleteResourceShare"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:ResourceTag/FMManaged": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ram:*:*:resource-share/*"
+ },
+ {
+ "Action": "ram:CreateResourceShare",
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": [
+ "Name",
+ "FMManaged"
+ ]
+ },
+ "StringEquals": {
+ "aws:RequestTag/FMManaged": [
+ "true"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ram:GetResourceShareAssociations",
+ "ram:GetResourceShares"
+ ],
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ram"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": [
+ "network-firewall.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:GetRole",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "network-firewall:TagResource"
+ ],
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": [
+ "Name",
+ "FMManaged"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "network-firewall:AssociateSubnets",
+ "network-firewall:CreateFirewall",
+ "network-firewall:CreateFirewallPolicy",
+ "network-firewall:DisassociateSubnets",
+ "network-firewall:UpdateFirewallDeleteProtection",
+ "network-firewall:UpdateFirewallPolicy",
+ "network-firewall:UpdateFirewallPolicyChangeProtection",
+ "network-firewall:UpdateSubnetChangeProtection",
+ "network-firewall:AssociateFirewallPolicy",
+ "network-firewall:DescribeFirewall",
+ "network-firewall:DescribeFirewallPolicy",
+ "network-firewall:DescribeRuleGroup",
+ "network-firewall:ListFirewallPolicies",
+ "network-firewall:ListFirewalls",
+ "network-firewall:ListRuleGroups",
+ "network-firewall:PutResourcePolicy",
+ "network-firewall:DescribeResourcePolicy",
+ "network-firewall:DeleteResourcePolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "network-firewall:DeleteFirewallPolicy",
+ "network-firewall:DeleteFirewall"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "aws:ResourceTag/FMManaged": "true"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "logs:ListLogDeliveries"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -25063,8 +46359,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI62NTGYJB446ACUEA",
"PolicyName": "FMSServiceRolePolicy",
- "UpdateDate": "2019-03-08T18:02:51+00:00",
- "VersionId": "v7"
+ "UpdateDate": "2020-11-17T17:35:16+00:00",
+ "VersionId": "v17"
},
"FSxDeleteServiceLinkedRoleAccess": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/FSxDeleteServiceLinkedRoleAccess",
@@ -25094,17 +46390,69 @@ aws_managed_policies_data = """
"UpdateDate": "2018-11-28T10:40:24+00:00",
"VersionId": "v1"
},
- "GlobalAcceleratorFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess",
+ "GameLiftGameServerGroupPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/GameLiftGameServerGroupPolicy",
"AttachmentCount": 0,
- "CreateDate": "2018-11-27T02:44:44+00:00",
- "DefaultVersionId": "v1",
+ "CreateDate": "2020-04-03T23:12:19+00:00",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
+ {
+ "Action": "ec2:TerminateInstances",
+ "Condition": {
+ "StringEquals": {
+ "ec2:ResourceTag/GameLift": "GameServerGroups"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
- "globalaccelerator:*"
+ "autoscaling:CompleteLifecycleAction",
+ "autoscaling:ResumeProcesses",
+ "autoscaling:EnterStandby",
+ "autoscaling:SetInstanceProtection",
+ "autoscaling:UpdateAutoScalingGroup",
+ "autoscaling:SuspendProcesses",
+ "autoscaling:DetachInstances"
],
+ "Condition": {
+ "StringEquals": {
+ "aws:ResourceTag/GameLift": "GameServerGroups"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeImages",
+ "ec2:DescribeInstances",
+ "autoscaling:DescribeAutoScalingGroups",
+ "ec2:DescribeLaunchTemplateVersions",
+ "ec2:DescribeSubnets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "sns:Publish",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:*:sns:*:*:ActivatingLifecycleHookTopic-*",
+ "arn:*:sns:*:*:TerminatingLifecycleHookTopic-*"
+ ]
+ },
+ {
+ "Action": [
+ "cloudwatch:PutMetricData"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "cloudwatch:namespace": "AWS/GameLift"
+ }
+ },
"Effect": "Allow",
"Resource": "*"
}
@@ -25115,10 +46463,62 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JTX4JYBF6",
+ "PolicyName": "GameLiftGameServerGroupPolicy",
+ "UpdateDate": "2020-05-13T17:27:43+00:00",
+ "VersionId": "v3"
+ },
+ "GlobalAcceleratorFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2018-11-27T02:44:44+00:00",
+ "DefaultVersionId": "v6",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "globalaccelerator:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "elasticloadbalancing:DescribeLoadBalancers",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeAddresses",
+ "ec2:DescribeInstances",
+ "ec2:DescribeInternetGateways",
+ "ec2:DescribeRegions",
+ "ec2:DescribeSubnets"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "globalaccelerator.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:iam::*:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ3NSRQKPB42BCNRT6",
"PolicyName": "GlobalAcceleratorFullAccess",
- "UpdateDate": "2018-11-27T02:44:44+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-12-04T19:17:26+00:00",
+ "VersionId": "v6"
},
"GlobalAcceleratorReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorReadOnlyAccess",
@@ -25176,15 +46576,185 @@ aws_managed_policies_data = """
"UpdateDate": "2018-12-18T00:59:43+00:00",
"VersionId": "v2"
},
- "IAMFullAccess": {
- "Arn": "arn:aws:iam::aws:policy/IAMFullAccess",
+ "Health_OrganizationsServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/Health_OrganizationsServiceRolePolicy",
"AttachmentCount": 0,
- "CreateDate": "2015-02-06T18:40:38+00:00",
+ "CreateDate": "2019-12-16T13:28:21+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "organizations:ListAccounts",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "organizations:ListAWSServiceAccessForOrganization",
+ "Effect": "Allow",
+ "Resource": "*",
+ "Sid": "ListAWSServiceAccessForOrganization0"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4EZKGOJYHQ",
+ "PolicyName": "Health_OrganizationsServiceRolePolicy",
+ "UpdateDate": "2020-06-08T12:48:44+00:00",
+ "VersionId": "v2"
+ },
+ "IAMAccessAdvisorReadOnly": {
+ "Arn": "arn:aws:iam::aws:policy/IAMAccessAdvisorReadOnly",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-21T19:33:45+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
- "Action": "iam:*",
+ "Action": [
+ "iam:ListRoles",
+ "iam:ListUsers",
+ "iam:ListGroups",
+ "iam:ListPolicies",
+ "iam:ListPoliciesGrantingServiceAccess",
+ "iam:GenerateServiceLastAccessedDetails",
+ "iam:GenerateOrganizationsAccessReport",
+ "iam:GenerateCredentialReport",
+ "iam:GetRole",
+ "iam:GetPolicy",
+ "iam:GetServiceLastAccessedDetails",
+ "iam:GetServiceLastAccessedDetailsWithEntities",
+ "iam:GetOrganizationsAccessReport",
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization",
+ "organizations:DescribeOrganizationalUnit",
+ "organizations:DescribePolicy",
+ "organizations:ListChildren",
+ "organizations:ListParents",
+ "organizations:ListPoliciesForTarget",
+ "organizations:ListRoots",
+ "organizations:ListPolicies",
+ "organizations:ListTargetsForPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FNDX5PG6Z",
+ "PolicyName": "IAMAccessAdvisorReadOnly",
+ "UpdateDate": "2019-06-21T19:33:45+00:00",
+ "VersionId": "v1"
+ },
+ "IAMAccessAnalyzerFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-02T17:12:40+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "access-analyzer:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:CreateServiceLinkedRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "access-analyzer.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization",
+ "organizations:DescribeOrganizationalUnit",
+ "organizations:ListAccounts",
+ "organizations:ListAccountsForParent",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:ListChildren",
+ "organizations:ListDelegatedAdministrators",
+ "organizations:ListOrganizationalUnitsForParent",
+ "organizations:ListParents",
+ "organizations:ListRoots"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4MAZGHIYZN",
+ "PolicyName": "IAMAccessAnalyzerFullAccess",
+ "UpdateDate": "2019-12-02T17:12:40+00:00",
+ "VersionId": "v1"
+ },
+ "IAMAccessAnalyzerReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-12-02T17:12:53+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "access-analyzer:Get*",
+ "access-analyzer:List*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GY4R3GAPM",
+ "PolicyName": "IAMAccessAnalyzerReadOnlyAccess",
+ "UpdateDate": "2019-12-02T17:12:53+00:00",
+ "VersionId": "v1"
+ },
+ "IAMFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/IAMFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2015-02-06T18:40:38+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "iam:*",
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization",
+ "organizations:DescribeOrganizationalUnit",
+ "organizations:DescribePolicy",
+ "organizations:ListChildren",
+ "organizations:ListParents",
+ "organizations:ListPoliciesForTarget",
+ "organizations:ListRoots",
+ "organizations:ListPolicies",
+ "organizations:ListTargetsForPolicy"
+ ],
"Effect": "Allow",
"Resource": "*"
}
@@ -25197,8 +46767,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI7XKCFMBPM3QQRRVQ",
"PolicyName": "IAMFullAccess",
- "UpdateDate": "2015-02-06T18:40:38+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-06-21T19:40:00+00:00",
+ "VersionId": "v2"
},
"IAMReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/IAMReadOnlyAccess",
@@ -25263,7 +46833,7 @@ aws_managed_policies_data = """
},
"IAMUserChangePassword": {
"Arn": "arn:aws:iam::aws:policy/IAMUserChangePassword",
- "AttachmentCount": 1,
+ "AttachmentCount": 0,
"CreateDate": "2016-11-15T00:25:16+00:00",
"DefaultVersionId": "v2",
"Document": {
@@ -25326,11 +46896,39 @@ aws_managed_policies_data = """
"UpdateDate": "2015-07-09T17:08:54+00:00",
"VersionId": "v1"
},
+ "IVSRecordToS3": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/IVSRecordToS3",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-12-05T00:10:43+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:PutObject"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::AWSIVS_*/ivs/*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4M65NGVKOJ",
+ "PolicyName": "IVSRecordToS3",
+ "UpdateDate": "2020-12-05T00:10:43+00:00",
+ "VersionId": "v1"
+ },
"KafkaServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-15T23:31:48+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -25341,10 +46939,26 @@ aws_managed_policies_data = """
"ec2:AttachNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DetachNetworkInterface",
- "acm-pca:GetCertificateAuthorityCertificate"
+ "acm-pca:GetCertificateAuthorityCertificate",
+ "secretsmanager:ListSecrets"
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "secretsmanager:GetResourcePolicy",
+ "secretsmanager:PutResourcePolicy",
+ "secretsmanager:DeleteResourcePolicy",
+ "secretsmanager:DescribeSecret"
+ ],
+ "Condition": {
+ "ArnLike": {
+ "secretsmanager:SecretId": "arn:*:secretsmanager:*:*:secret:AmazonMSK_*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -25355,14 +46969,42 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJUXPRZ76MAP2EVQJU",
"PolicyName": "KafkaServiceRolePolicy",
- "UpdateDate": "2019-05-23T19:58:58+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-08-26T20:40:53+00:00",
+ "VersionId": "v3"
},
- "LexBotPolicy": {
- "Arn": "arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy",
+ "LakeFormationDataAccessServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy",
"AttachmentCount": 0,
- "CreateDate": "2017-02-17T22:18:13+00:00",
+ "CreateDate": "2019-06-20T20:46:19+00:00",
"DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "s3:ListAllMyBuckets"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:s3:::*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4N342E3KHW",
+ "PolicyName": "LakeFormationDataAccessServiceRolePolicy",
+ "UpdateDate": "2019-06-20T20:46:19+00:00",
+ "VersionId": "v1"
+ },
+ "LexBotPolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2017-02-17T22:18:13+00:00",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -25373,6 +47015,15 @@ aws_managed_policies_data = """
"Resource": [
"*"
]
+ },
+ {
+ "Action": [
+ "comprehend:DetectSentiment"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
}
],
"Version": "2012-10-17"
@@ -25383,8 +47034,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJJ3NZRBBQKSESXXJC",
"PolicyName": "LexBotPolicy",
- "UpdateDate": "2017-02-17T22:18:13+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-11-13T22:29:16+00:00",
+ "VersionId": "v2"
},
"LexChannelPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy",
@@ -25449,11 +47100,209 @@ aws_managed_policies_data = """
"UpdateDate": "2018-09-28T16:35:54+00:00",
"VersionId": "v1"
},
+ "MediaPackageServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/MediaPackageServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-09-18T17:45:47+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "logs:PutLogEvents",
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*:log-stream:*"
+ },
+ {
+ "Action": [
+ "logs:CreateLogStream",
+ "logs:CreateLogGroup",
+ "logs:DescribeLogGroups",
+ "logs:DescribeLogStreams"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4GXH4HDK6N",
+ "PolicyName": "MediaPackageServiceRolePolicy",
+ "UpdateDate": "2020-09-18T17:45:47+00:00",
+ "VersionId": "v1"
+ },
+ "MigrationHubDMSAccessServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubDMSAccessServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-12T17:50:39+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "mgh:CreateProgressUpdateStream",
+ "Effect": "Allow",
+ "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS"
+ },
+ {
+ "Action": [
+ "mgh:DescribeMigrationTask",
+ "mgh:AssociateDiscoveredResource",
+ "mgh:ListDiscoveredResources",
+ "mgh:ImportMigrationTask",
+ "mgh:ListCreatedArtifacts",
+ "mgh:DisassociateDiscoveredResource",
+ "mgh:AssociateCreatedArtifact",
+ "mgh:NotifyMigrationTaskState",
+ "mgh:DisassociateCreatedArtifact",
+ "mgh:PutResourceAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/migrationTask/*"
+ },
+ {
+ "Action": [
+ "mgh:ListMigrationTasks",
+ "mgh:NotifyApplicationState",
+ "mgh:DescribeApplicationState",
+ "mgh:GetHomeRegion"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IV7DIZ555",
+ "PolicyName": "MigrationHubDMSAccessServiceRolePolicy",
+ "UpdateDate": "2019-10-07T17:57:44+00:00",
+ "VersionId": "v2"
+ },
+ "MigrationHubSMSAccessServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubSMSAccessServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-12T18:30:28+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "mgh:CreateProgressUpdateStream",
+ "Effect": "Allow",
+ "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS"
+ },
+ {
+ "Action": [
+ "mgh:DescribeMigrationTask",
+ "mgh:AssociateDiscoveredResource",
+ "mgh:ListDiscoveredResources",
+ "mgh:ImportMigrationTask",
+ "mgh:ListCreatedArtifacts",
+ "mgh:DisassociateDiscoveredResource",
+ "mgh:AssociateCreatedArtifact",
+ "mgh:NotifyMigrationTaskState",
+ "mgh:DisassociateCreatedArtifact",
+ "mgh:PutResourceAttributes"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/migrationTask/*"
+ },
+ {
+ "Action": [
+ "mgh:ListMigrationTasks",
+ "mgh:NotifyApplicationState",
+ "mgh:DescribeApplicationState",
+ "mgh:GetHomeRegion"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4JCW2B2IGB",
+ "PolicyName": "MigrationHubSMSAccessServiceRolePolicy",
+ "UpdateDate": "2019-10-07T18:02:22+00:00",
+ "VersionId": "v2"
+ },
+ "MigrationHubServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-12T17:22:16+00:00",
+ "DefaultVersionId": "v3",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "discovery:ListConfigurations",
+ "discovery:DescribeConfigurations"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ },
+ {
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": "aws:migrationhub:source-id"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ec2:*:*:instance/*",
+ "arn:aws:ec2:*:*:image/*",
+ "arn:aws:ec2:*:*:volume/*"
+ ]
+ },
+ {
+ "Action": "dms:AddTagsToResource",
+ "Condition": {
+ "ForAllValues:StringEquals": {
+ "aws:TagKeys": "aws:migrationhub:source-id"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:dms:*:*:endpoint:*"
+ ]
+ },
+ {
+ "Action": [
+ "ec2:DescribeInstanceAttribute"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ]
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4NWLJ3LLW3",
+ "PolicyName": "MigrationHubServiceRolePolicy",
+ "UpdateDate": "2020-08-06T18:08:46+00:00",
+ "VersionId": "v3"
+ },
"NeptuneConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/NeptuneConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-06-19T21:35:19+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -25463,12 +47312,15 @@ aws_managed_policies_data = """
],
"Condition": {
"StringEquals": {
- "rds:DatabaseEngine": "graphdb"
+ "rds:DatabaseEngine": [
+ "graphdb",
+ "neptune"
+ ]
}
},
"Effect": "Allow",
"Resource": [
- "arn:aws:rds:*"
+ "arn:aws:rds:*:*:*"
]
},
{
@@ -25592,7 +47444,6 @@ aws_managed_policies_data = """
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"iam:ListRoles",
- "iam:PassRole",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
@@ -25608,6 +47459,16 @@ aws_managed_policies_data = """
"*"
]
},
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:passedToService": "rds.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
@@ -25627,14 +47488,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWTD4ELX2KRNICUVQ",
"PolicyName": "NeptuneConsoleFullAccess",
- "UpdateDate": "2018-11-06T21:19:54+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-09-02T17:25:07+00:00",
+ "VersionId": "v4"
},
"NeptuneFullAccess": {
"Arn": "arn:aws:iam::aws:policy/NeptuneFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-05-30T19:17:31+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -25644,12 +47505,15 @@ aws_managed_policies_data = """
],
"Condition": {
"StringEquals": {
- "rds:DatabaseEngine": "graphdb"
+ "rds:DatabaseEngine": [
+ "graphdb",
+ "neptune"
+ ]
}
},
"Effect": "Allow",
"Resource": [
- "arn:aws:rds:*"
+ "arn:aws:rds:*:*:*"
]
},
{
@@ -25731,7 +47595,6 @@ aws_managed_policies_data = """
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
- "iam:PassRole",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
@@ -25747,6 +47610,16 @@ aws_managed_policies_data = """
"*"
]
},
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:passedToService": "rds.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
@@ -25766,8 +47639,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXSDEYRCNJRC6ITFK",
"PolicyName": "NeptuneFullAccess",
- "UpdateDate": "2018-11-06T21:21:19+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-09-02T17:24:56+00:00",
+ "VersionId": "v5"
},
"NeptuneReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/NeptuneReadOnlyAccess",
@@ -25860,7 +47733,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/job-function/NetworkAdministrator",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:31:35+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v8",
"Document": {
"Statement": [
{
@@ -25878,6 +47751,9 @@ aws_managed_policies_data = """
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AttachVpnGateway",
+ "ec2:CreateCarrierGateway",
+ "ec2:DeleteCarrierGateway",
+ "ec2:DescribeCarrierGateways",
"ec2:CreateCustomerGateway",
"ec2:CreateDefaultSubnet",
"ec2:CreateDefaultVpc",
@@ -26046,7 +47922,7 @@ aws_managed_policies_data = """
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
- "s3:GetBucketWebsiteConfiguration"
+ "s3:GetBucketWebsite"
],
"Effect": "Allow",
"Resource": [
@@ -26061,6 +47937,58 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/flow-logs-*"
+ },
+ {
+ "Action": [
+ "networkmanager:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:AcceptTransitGatewayVpcAttachment",
+ "ec2:AssociateTransitGatewayRouteTable",
+ "ec2:CreateTransitGateway",
+ "ec2:CreateTransitGatewayRoute",
+ "ec2:CreateTransitGatewayRouteTable",
+ "ec2:CreateTransitGatewayVpcAttachment",
+ "ec2:DeleteTransitGateway",
+ "ec2:DeleteTransitGatewayRoute",
+ "ec2:DeleteTransitGatewayRouteTable",
+ "ec2:DeleteTransitGatewayVpcAttachment",
+ "ec2:DescribeTransitGatewayAttachments",
+ "ec2:DescribeTransitGatewayRouteTables",
+ "ec2:DescribeTransitGatewayVpcAttachments",
+ "ec2:DescribeTransitGateways",
+ "ec2:DisableTransitGatewayRouteTablePropagation",
+ "ec2:DisassociateTransitGatewayRouteTable",
+ "ec2:EnableTransitGatewayRouteTablePropagation",
+ "ec2:ExportTransitGatewayRoutes",
+ "ec2:GetTransitGatewayAttachmentPropagations",
+ "ec2:GetTransitGatewayRouteTableAssociations",
+ "ec2:GetTransitGatewayRouteTablePropagations",
+ "ec2:ModifyTransitGatewayVpcAttachment",
+ "ec2:RejectTransitGatewayVpcAttachment",
+ "ec2:ReplaceTransitGatewayRoute",
+ "ec2:SearchTransitGatewayRoutes"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringLike": {
+ "iam:AWSServiceName": [
+ "transitgateway.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
}
],
"Version": "2012-10-17"
@@ -26071,8 +47999,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPNMADZFJCVPJVZA2",
"PolicyName": "NetworkAdministrator",
- "UpdateDate": "2018-12-13T19:43:41+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2020-09-24T23:55:10+00:00",
+ "VersionId": "v8"
},
"PowerUserAccess": {
"Arn": "arn:aws:iam::aws:policy/PowerUserAccess",
@@ -26117,13 +48045,12 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-06-12T18:18:38+00:00",
- "DefaultVersionId": "v3",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
- "s3:GetObject",
- "s3:GetObjectMetadata"
+ "s3:GetObject"
],
"Effect": "Allow",
"Resource": [
@@ -26148,26 +48075,25 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFWG3L3WDMR4I7ZJW",
"PolicyName": "QuickSightAccessForS3StorageManagementAnalyticsReadOnly",
- "UpdateDate": "2017-07-21T00:02:14+00:00",
- "VersionId": "v3"
+ "UpdateDate": "2019-10-08T23:53:11+00:00",
+ "VersionId": "v4"
},
"RDSCloudHsmAuthorizationRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:29+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudhsm:CreateLunaClient",
- "cloudhsm:GetClientConfiguration",
"cloudhsm:DeleteLunaClient",
- "cloudhsm:DescribeLunaClient",
- "cloudhsm:ModifyLunaClient",
"cloudhsm:DescribeHapg",
+ "cloudhsm:DescribeLunaClient",
+ "cloudhsm:GetConfig",
"cloudhsm:ModifyHapg",
- "cloudhsm:GetConfig"
+ "cloudhsm:ModifyLunaClient"
],
"Effect": "Allow",
"Resource": "*"
@@ -26181,22 +48107,30 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWKFXRLQG2ROKKXLE",
"PolicyName": "RDSCloudHsmAuthorizationRole",
- "UpdateDate": "2015-02-06T18:41:29+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2019-09-26T22:14:29+00:00",
+ "VersionId": "v2"
},
"ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/ReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:48+00:00",
- "DefaultVersionId": "v50",
+ "DefaultVersionId": "v73",
"Document": {
"Statement": [
{
"Action": [
"a4b:Get*",
"a4b:List*",
- "a4b:Describe*",
"a4b:Search*",
+ "access-analyzer:GetAnalyzedResource",
+ "access-analyzer:GetAnalyzer",
+ "access-analyzer:GetArchiveRule",
+ "access-analyzer:GetFinding",
+ "access-analyzer:ListAnalyzedResources",
+ "access-analyzer:ListAnalyzers",
+ "access-analyzer:ListArchiveRules",
+ "access-analyzer:ListFindings",
+ "access-analyzer:ListTagsForResource",
"acm:Describe*",
"acm:Get*",
"acm:List*",
@@ -26213,6 +48147,8 @@ aws_managed_policies_data = """
"amplify:ListJobs",
"apigateway:GET",
"application-autoscaling:Describe*",
+ "applicationinsights:Describe*",
+ "applicationinsights:List*",
"appmesh:Describe*",
"appmesh:List*",
"appstream:Describe*",
@@ -26226,8 +48162,26 @@ aws_managed_policies_data = """
"athena:List*",
"athena:Batch*",
"athena:Get*",
+ "aws-portal:View*",
+ "backup:Describe*",
+ "backup:Get*",
+ "backup:List*",
"batch:List*",
"batch:Describe*",
+ "braket:GetDevice",
+ "braket:GetQuantumTask",
+ "braket:SearchDevices",
+ "braket:SearchQuantumTasks",
+ "budgets:Describe*",
+ "budgets:View*",
+ "cassandra:Select",
+ "chatbot:Describe*",
+ "chatbot:Get*",
+ "chime:Get*",
+ "chime:List*",
+ "chime:Retrieve*",
+ "chime:Search*",
+ "chime:Validate*",
"cloud9:Describe*",
"cloud9:List*",
"clouddirectory:List*",
@@ -26239,7 +48193,6 @@ aws_managed_policies_data = """
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:Estimate*",
- "cloudformation:Preview*",
"cloudfront:Get*",
"cloudfront:List*",
"cloudhsm:List*",
@@ -26254,7 +48207,25 @@ aws_managed_policies_data = """
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
+ "codeartifact:DescribeDomain",
+ "codeartifact:DescribePackageVersion",
+ "codeartifact:DescribeRepository",
+ "codeartifact:GetAuthorizationToken",
+ "codeartifact:GetDomainPermissionsPolicy",
+ "codeartifact:GetPackageVersionAsset",
+ "codeartifact:GetPackageVersionReadme",
+ "codeartifact:GetRepositoryEndpoint",
+ "codeartifact:GetRepositoryPermissionsPolicy",
+ "codeartifact:ListDomains",
+ "codeartifact:ListPackages",
+ "codeartifact:ListPackageVersionAssets",
+ "codeartifact:ListPackageVersionDependencies",
+ "codeartifact:ListPackageVersions",
+ "codeartifact:ListRepositories",
+ "codeartifact:ListRepositoriesInDomain",
"codebuild:BatchGet*",
+ "codebuild:DescribeCodeCoverages",
+ "codebuild:DescribeTestCases",
"codebuild:List*",
"codecommit:BatchGet*",
"codecommit:Describe*",
@@ -26264,14 +48235,36 @@ aws_managed_policies_data = """
"codedeploy:BatchGet*",
"codedeploy:Get*",
"codedeploy:List*",
+ "codeguru-profiler:Describe*",
+ "codeguru-profiler:Get*",
+ "codeguru-profiler:List*",
+ "codeguru-reviewer:Describe*",
+ "codeguru-reviewer:Get*",
+ "codeguru-reviewer:List*",
"codepipeline:List*",
"codepipeline:Get*",
"codestar:List*",
"codestar:Describe*",
"codestar:Get*",
"codestar:Verify*",
+ "codestar-notifications:describeNotificationRule",
+ "codestar-notifications:listEventTypes",
+ "codestar-notifications:listNotificationRules",
+ "codestar-notifications:listTagsForResource",
+ "codestar-notifications:ListTargets",
+ "compute-optimizer:DescribeRecommendationExportJobs",
+ "compute-optimizer:GetAutoScalingGroupRecommendations",
+ "compute-optimizer:GetEBSVolumeRecommendations",
+ "compute-optimizer:GetEC2InstanceRecommendations",
+ "compute-optimizer:GetEC2RecommendationProjectedMetrics",
+ "compute-optimizer:GetEnrollmentStatus",
+ "compute-optimizer:GetLambdaFunctionRecommendations",
+ "compute-optimizer:GetRecommendationSummaries",
"cognito-identity:Describe*",
- "cognito-identity:Get*",
+ "cognito-identity:GetCredentialsForIdentity",
+ "cognito-identity:GetIdentityPoolRoles",
+ "cognito-identity:GetOpenIdToken",
+ "cognito-identity:GetOpenIdTokenForDeveloperIdentity",
"cognito-identity:List*",
"cognito-identity:Lookup*",
"cognito-sync:List*",
@@ -26287,9 +48280,12 @@ aws_managed_policies_data = """
"config:Describe*",
"config:Get*",
"config:List*",
+ "config:SelectResourceConfig",
"connect:List*",
"connect:Describe*",
"connect:GetFederationToken",
+ "dataexchange:Get*",
+ "dataexchange:List*",
"datasync:Describe*",
"datasync:List*",
"datapipeline:Describe*",
@@ -26304,9 +48300,31 @@ aws_managed_policies_data = """
"dax:ListTags",
"dax:Query",
"dax:Scan",
- "directconnect:Describe*",
+ "deepcomposer:GetComposition",
+ "deepcomposer:GetModel",
+ "deepcomposer:GetSampleModel",
+ "deepcomposer:ListCompositions",
+ "deepcomposer:ListModels",
+ "deepcomposer:ListSampleModels",
+ "deepcomposer:ListTrainingTopics",
+ "detective:Get*",
+ "detective:List*",
"devicefarm:List*",
"devicefarm:Get*",
+ "devops-guru:DescribeAccountHealth",
+ "devops-guru:DescribeAccountOverview",
+ "devops-guru:DescribeAnomaly",
+ "devops-guru:DescribeInsight",
+ "devops-guru:DescribeResourceCollectionHealth",
+ "devops-guru:DescribeServiceIntegration",
+ "devops-guru:GetResourceCollection",
+ "devops-guru:ListAnomaliesForInsight",
+ "devops-guru:ListEvents",
+ "devops-guru:ListInsights",
+ "devops-guru:ListNotificationChannels",
+ "devops-guru:ListRecommendations",
+ "devops-guru:SearchInsights",
+ "directconnect:Describe*",
"discovery:Describe*",
"discovery:List*",
"discovery:Get*",
@@ -26336,10 +48354,8 @@ aws_managed_policies_data = """
"ecr:List*",
"ecs:Describe*",
"ecs:List*",
- "eks:DescribeCluster",
- "eks:DescribeUpdates",
- "eks:ListClusters",
- "eks:ListUpdates",
+ "eks:Describe*",
+ "eks:List*",
"elasticache:Describe*",
"elasticache:List*",
"elasticbeanstalk:Check*",
@@ -26351,10 +48367,13 @@ aws_managed_policies_data = """
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
+ "elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:List*",
"elasticmapreduce:View*",
"elastictranscoder:List*",
"elastictranscoder:Read*",
+ "elemental-appliances-software:Get*",
+ "elemental-appliances-software:List*",
"es:Describe*",
"es:List*",
"es:Get*",
@@ -26367,6 +48386,8 @@ aws_managed_policies_data = """
"firehose:List*",
"fsx:Describe*",
"fsx:List*",
+ "freertos:Describe*",
+ "freertos:List*",
"gamelift:List*",
"gamelift:Get*",
"gamelift:Describe*",
@@ -26378,7 +48399,11 @@ aws_managed_policies_data = """
"glacier:Get*",
"globalaccelerator:Describe*",
"globalaccelerator:List*",
+ "glue:BatchGetDevEndpoints",
+ "glue:BatchGetJobs",
"glue:BatchGetPartition",
+ "glue:BatchGetTriggers",
+ "glue:BatchGetWorkflows",
"glue:GetCatalogImportStatus",
"glue:GetClassifier",
"glue:GetClassifiers",
@@ -26392,10 +48417,15 @@ aws_managed_policies_data = """
"glue:GetDevEndpoint",
"glue:GetDevEndpoints",
"glue:GetJob",
+ "glue:GetJobBookmark",
"glue:GetJobs",
"glue:GetJobRun",
"glue:GetJobRuns",
"glue:GetMapping",
+ "glue:GetMLTaskRun",
+ "glue:GetMLTaskRuns",
+ "glue:GetMLTransform",
+ "glue:GetMLTransforms",
"glue:GetPartition",
"glue:GetPartitions",
"glue:GetPlan",
@@ -26411,24 +48441,33 @@ aws_managed_policies_data = """
"glue:GetTriggers",
"glue:GetUserDefinedFunction",
"glue:GetUserDefinedFunctions",
+ "glue:GetWorkflow",
+ "glue:GetWorkflowRun",
+ "glue:GetWorkflowRunProperties",
+ "glue:GetWorkflowRuns",
+ "glue:ListCrawlers",
+ "glue:ListDevEndpoints",
+ "glue:ListJobs",
+ "glue:ListMLTransforms",
+ "glue:ListTriggers",
+ "glue:ListWorkflows",
"greengrass:Get*",
"greengrass:List*",
"guardduty:Get*",
"guardduty:List*",
"health:Describe*",
- "health:Get*",
- "health:List*",
"iam:Generate*",
"iam:Get*",
"iam:List*",
"iam:Simulate*",
+ "imagebuilder:Get*",
+ "imagebuilder:List*",
"importexport:Get*",
"importexport:List*",
"inspector:Describe*",
"inspector:Get*",
"inspector:List*",
"inspector:Preview*",
- "inspector:LocalizeText",
"iot:Describe*",
"iot:Get*",
"iot:List*",
@@ -26436,9 +48475,44 @@ aws_managed_policies_data = """
"iotanalytics:List*",
"iotanalytics:Get*",
"iotanalytics:SampleChannelData",
+ "iotsitewise:Describe*",
+ "iotsitewise:Get*",
+ "iotsitewise:List*",
+ "iotwireless:GetDestination",
+ "iotwireless:GetDeviceProfile",
+ "iotwireless:GetPartnerAccount",
+ "iotwireless:GetServiceEndpoint",
+ "iotwireless:GetServiceProfile",
+ "iotwireless:GetWirelessDevice",
+ "iotwireless:GetWirelessDeviceStatistics",
+ "iotwireless:GetWirelessGateway",
+ "iotwireless:GetWirelessGatewayCertificate",
+ "iotwireless:GetWirelessGatewayFirmwareInformation",
+ "iotwireless:GetWirelessGatewayStatistics",
+ "iotwireless:GetWirelessGatewayTask",
+ "iotwireless:GetWirelessGatewayTaskDefinition",
+ "iotwireless:ListDestinations",
+ "iotwireless:ListDeviceProfiles",
+ "iotwireless:ListPartnerAccounts",
+ "iotwireless:ListServiceProfiles",
+ "iotwireless:ListTagsForResource",
+ "iotwireless:ListWirelessDevices",
+ "iotwireless:ListWirelessGateways",
+ "iotwireless:ListWirelessGatewayTaskDefinitions",
"kafka:Describe*",
"kafka:List*",
"kafka:Get*",
+ "kendra:DescribeDataSource",
+ "kendra:DescribeFaq",
+ "kendra:DescribeIndex",
+ "kendra:DescribeThesaurus",
+ "kendra:ListDataSources",
+ "kendra:ListDataSourceSyncJobs",
+ "kendra:ListFaqs",
+ "kendra:ListIndices",
+ "kendra:ListTagsForResource",
+ "kendra:ListThesauri",
+ "kendra:Query",
"kinesisanalytics:Describe*",
"kinesisanalytics:Discover*",
"kinesisanalytics:Get*",
@@ -26455,6 +48529,8 @@ aws_managed_policies_data = """
"lambda:List*",
"lambda:Get*",
"lex:Get*",
+ "license-manager:Get*",
+ "license-manager:List*",
"lightsail:GetActiveNames",
"lightsail:GetBlueprints",
"lightsail:GetBundles",
@@ -26494,22 +48570,25 @@ aws_managed_policies_data = """
"lightsail:GetRelationalDatabases",
"lightsail:GetRelationalDatabaseSnapshot",
"lightsail:GetRelationalDatabaseSnapshots",
- "lightsail:GetResources",
"lightsail:GetStaticIp",
"lightsail:GetStaticIps",
- "lightsail:GetTagKeys",
- "lightsail:GetTagValues",
"lightsail:Is*",
- "lightsail:List*",
"logs:Describe*",
"logs:Get*",
"logs:FilterLogEvents",
"logs:ListTagsLogGroup",
"logs:StartQuery",
+ "logs:StopQuery",
"logs:TestMetricFilter",
"machinelearning:Describe*",
"machinelearning:Get*",
+ "mediaconvert:DescribeEndpoints",
+ "mediaconvert:Get*",
+ "mediaconvert:List*",
+ "mediapackage:List*",
+ "mediapackage:Describe*",
"mgh:Describe*",
+ "mgh:GetHomeRegion",
"mgh:List*",
"mobileanalytics:Get*",
"mobilehub:Describe*",
@@ -26520,19 +48599,37 @@ aws_managed_policies_data = """
"mobilehub:Validate*",
"mobilehub:Verify*",
"mobiletargeting:Get*",
+ "mobiletargeting:List*",
"mq:Describe*",
"mq:List*",
"opsworks:Describe*",
"opsworks:Get*",
+ "opsworks-cm:List*",
"opsworks-cm:Describe*",
"organizations:Describe*",
"organizations:List*",
+ "outposts:Get*",
+ "outposts:List*",
+ "personalize:Describe*",
+ "personalize:Get*",
+ "personalize:List*",
"pi:DescribeDimensionKeys",
"pi:GetResourceMetrics",
"polly:Describe*",
"polly:Get*",
"polly:List*",
"polly:SynthesizeSpeech",
+ "qldb:ListLedgers",
+ "qldb:DescribeLedger",
+ "qldb:ListJournalS3Exports",
+ "qldb:ListJournalS3ExportsForLedger",
+ "qldb:DescribeJournalS3Export",
+ "qldb:GetBlock",
+ "qldb:GetDigest",
+ "qldb:GetRevision",
+ "qldb:ListTagsForResource",
+ "ram:Get*",
+ "ram:List*",
"rekognition:CompareFaces",
"rekognition:Detect*",
"rekognition:List*",
@@ -26543,12 +48640,12 @@ aws_managed_policies_data = """
"redshift:Describe*",
"redshift:GetReservedNodeExchangeOfferings",
"redshift:View*",
- "resource-groups:Describe*",
"resource-groups:Get*",
"resource-groups:List*",
"resource-groups:Search*",
"robomaker:BatchDescribe*",
"robomaker:Describe*",
+ "robomaker:Get*",
"robomaker:List*",
"route53:Get*",
"route53:List*",
@@ -26557,34 +48654,62 @@ aws_managed_policies_data = """
"route53domains:Get*",
"route53domains:List*",
"route53domains:View*",
+ "route53resolver:Get*",
+ "route53resolver:List*",
"s3:Get*",
"s3:List*",
- "s3:Head*",
"sagemaker:Describe*",
+ "sagemaker:GetSearchSuggestions",
"sagemaker:List*",
+ "sagemaker:Search",
+ "schemas:Describe*",
+ "schemas:Get*",
+ "schemas:List*",
+ "schemas:Search*",
"sdb:Get*",
"sdb:List*",
"sdb:Select*",
"secretsmanager:List*",
"secretsmanager:Describe*",
"secretsmanager:GetResourcePolicy",
+ "securityhub:Describe*",
"securityhub:Get*",
"securityhub:List*",
"serverlessrepo:List*",
"serverlessrepo:Get*",
"serverlessrepo:SearchApplications",
+ "servicecatalog:Describe*",
+ "servicecatalog:GetApplication",
+ "servicecatalog:GetAttributeGroup",
"servicecatalog:List*",
"servicecatalog:Scan*",
"servicecatalog:Search*",
- "servicecatalog:Describe*",
"servicediscovery:Get*",
"servicediscovery:List*",
+ "servicequotas:GetAssociationForServiceQuotaTemplate",
+ "servicequotas:GetAWSDefaultServiceQuota",
+ "servicequotas:GetRequestedServiceQuotaChange",
+ "servicequotas:GetServiceQuota",
+ "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate",
+ "servicequotas:ListAWSDefaultServiceQuotas",
+ "servicequotas:ListRequestedServiceQuotaChangeHistory",
+ "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota",
+ "servicequotas:ListServices",
+ "servicequotas:ListServiceQuotas",
+ "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate",
"ses:Get*",
"ses:List*",
"ses:Describe*",
"shield:Describe*",
"shield:Get*",
"shield:List*",
+ "signer:DescribeSigningJob",
+ "signer:GetSigningPlatform",
+ "signer:GetSigningProfile",
+ "signer:ListSigningJobs",
+ "signer:ListSigningPlatforms",
+ "signer:ListSigningProfiles",
+ "signer:ListTagsForResource",
"snowball:Get*",
"snowball:Describe*",
"snowball:List*",
@@ -26597,16 +48722,28 @@ aws_managed_policies_data = """
"ssm:Describe*",
"ssm:Get*",
"ssm:List*",
+ "sso:Get*",
+ "sso:Describe*",
+ "sso:List*",
+ "sso:Search*",
+ "sso-directory:Describe*",
+ "sso-directory:List*",
+ "sso-directory:Search*",
"states:List*",
"states:Describe*",
"states:GetExecutionHistory",
"storagegateway:Describe*",
"storagegateway:List*",
- "sts:Get*",
+ "sts:GetAccessKeyInfo",
+ "sts:GetCallerIdentity",
+ "sts:GetSessionToken",
"swf:Count*",
"swf:Describe*",
"swf:Get*",
"swf:List*",
+ "synthetics:Describe*",
+ "synthetics:Get*",
+ "synthetics:List*",
"tag:Get*",
"transfer:Describe*",
"transfer:List*",
@@ -26616,6 +48753,10 @@ aws_managed_policies_data = """
"trustedadvisor:Describe*",
"waf:Get*",
"waf:List*",
+ "wafv2:CheckCapacity",
+ "wafv2:Describe*",
+ "wafv2:Get*",
+ "wafv2:List*",
"waf-regional:List*",
"waf-regional:Get*",
"workdocs:Describe*",
@@ -26643,14 +48784,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILL3HVNFSB6DCOWYQ",
"PolicyName": "ReadOnlyAccess",
- "UpdateDate": "2019-06-03T20:01:28+00:00",
- "VersionId": "v50"
+ "UpdateDate": "2021-01-14T20:07:47+00:00",
+ "VersionId": "v73"
},
"ResourceGroupsandTagEditorFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:53+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v5",
"Document": {
"Statement": [
{
@@ -26660,8 +48801,6 @@ aws_managed_policies_data = """
"tag:getTagValues",
"tag:TagResources",
"tag:UntagResources",
- "tag:AddResourceTags",
- "tag:RemoveResourceTags",
"resource-groups:*",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources"
@@ -26678,8 +48817,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNOS54ZFXN4T2Y34A",
"PolicyName": "ResourceGroupsandTagEditorFullAccess",
- "UpdateDate": "2019-03-07T21:54:03+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2019-10-02T23:57:57+00:00",
+ "VersionId": "v5"
},
"ResourceGroupsandTagEditorReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess",
@@ -26714,11 +48853,76 @@ aws_managed_policies_data = """
"UpdateDate": "2019-03-07T19:43:17+00:00",
"VersionId": "v2"
},
+ "Route53ResolverServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-08-12T17:47:24+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "logs:CreateLogDelivery",
+ "logs:GetLogDelivery",
+ "logs:UpdateLogDelivery",
+ "logs:DeleteLogDelivery",
+ "logs:ListLogDeliveries",
+ "logs:DescribeResourcePolicies",
+ "logs:DescribeLogGroups",
+ "s3:GetBucketPolicy"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AEMJZANMJ",
+ "PolicyName": "Route53ResolverServiceRolePolicy",
+ "UpdateDate": "2020-08-12T17:47:24+00:00",
+ "VersionId": "v1"
+ },
+ "S3StorageLensServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/S3StorageLensServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-11-18T18:15:40+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "organizations:DescribeOrganization",
+ "organizations:ListAccounts",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "organizations:ListDelegatedAdministrators"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "*"
+ ],
+ "Sid": "AwsOrgsAccess"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IHOVJESMS",
+ "PolicyName": "S3StorageLensServiceRolePolicy",
+ "UpdateDate": "2020-11-18T18:15:40+00:00",
+ "VersionId": "v1"
+ },
"SecretsManagerReadWrite": {
"Arn": "arn:aws:iam::aws:policy/SecretsManagerReadWrite",
"AttachmentCount": 0,
"CreateDate": "2018-04-04T18:05:29+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v3",
"Document": {
"Statement": [
{
@@ -26738,6 +48942,7 @@ aws_managed_policies_data = """
"lambda:ListFunctions",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
+ "redshift:DescribeClusters",
"tag:GetResources"
],
"Effect": "Allow",
@@ -26756,7 +48961,8 @@ aws_managed_policies_data = """
},
{
"Action": [
- "serverlessrepo:CreateCloudFormationChangeSet"
+ "serverlessrepo:CreateCloudFormationChangeSet",
+ "serverlessrepo:GetApplication"
],
"Effect": "Allow",
"Resource": "arn:aws:serverlessrepo:*:*:applications/SecretsManager*"
@@ -26766,7 +48972,10 @@ aws_managed_policies_data = """
"s3:GetObject"
],
"Effect": "Allow",
- "Resource": "arn:aws:s3:::awsserverlessrepo-changesets*"
+ "Resource": [
+ "arn:aws:s3:::awsserverlessrepo-changesets*",
+ "arn:aws:s3:::secrets-manager-rotation-apps-*/*"
+ ]
}
],
"Version": "2012-10-17"
@@ -26777,24 +48986,34 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3VG7CI5BIQZQ6G2E",
"PolicyName": "SecretsManagerReadWrite",
- "UpdateDate": "2018-05-03T20:02:35+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-06-24T18:01:22+00:00",
+ "VersionId": "v3"
},
"SecurityAudit": {
"Arn": "arn:aws:iam::aws:policy/SecurityAudit",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:01+00:00",
- "DefaultVersionId": "v27",
+ "DefaultVersionId": "v34",
"Document": {
"Statement": [
{
"Action": [
+ "access-analyzer:GetAnalyzedResource",
+ "access-analyzer:GetAnalyzer",
+ "access-analyzer:GetArchiveRule",
+ "access-analyzer:GetFinding",
+ "access-analyzer:ListAnalyzedResources",
+ "access-analyzer:ListAnalyzers",
+ "access-analyzer:ListArchiveRules",
+ "access-analyzer:ListFindings",
+ "access-analyzer:ListTagsForResource",
"acm:Describe*",
"acm:List*",
"application-autoscaling:Describe*",
"appmesh:Describe*",
"appmesh:List*",
"appsync:List*",
+ "athena:GetWorkGroup",
"athena:List*",
"autoscaling:Describe*",
"batch:DescribeComputeEnvironments",
@@ -26868,6 +49087,14 @@ aws_managed_policies_data = """
"dynamodb:ListStreams",
"dynamodb:ListTables",
"ec2:Describe*",
+ "ec2:DescribeTransitGatewayAttachments",
+ "ec2:DescribeTransitGatewayMulticastDomains",
+ "ec2:DescribeTransitGatewayPeeringAttachments",
+ "ec2:DescribeTransitGatewayRouteTables",
+ "ec2:DescribeTransitGateways",
+ "ec2:DescribeTransitGatewayVpcAttachments",
+ "ec2:GetManagedPrefixListAssociations",
+ "ec2:GetManagedPrefixListEntries",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecs:Describe*",
@@ -26931,6 +49158,7 @@ aws_managed_policies_data = """
"lambda:List*",
"license-manager:List*",
"lightsail:GetInstances",
+ "lightsail:GetLoadBalancers",
"logs:Describe*",
"logs:ListTagsLogGroup",
"machinelearning:DescribeMLModels",
@@ -26961,7 +49189,11 @@ aws_managed_policies_data = """
"route53domains:ListOperations",
"route53domains:ListTagsForDomain",
"route53resolver:List*",
+ "route53resolver:Get*",
"s3:GetAccelerateConfiguration",
+ "s3:GetAccessPoint",
+ "s3:GetAccessPointPolicy",
+ "s3:GetAccessPointPolicyStatus",
"s3:GetAccountPublicAccessBlock",
"s3:GetAnalyticsConfiguration",
"s3:GetBucket*",
@@ -26971,8 +49203,8 @@ aws_managed_policies_data = """
"s3:GetMetricsConfiguration",
"s3:GetObjectAcl",
"s3:GetObjectVersionAcl",
- "s3:GetPublicAccessBlock",
"s3:GetReplicationConfiguration",
+ "s3:ListAccessPoints",
"s3:ListAllMyBuckets",
"sagemaker:Describe*",
"sagemaker:List*",
@@ -26981,13 +49213,16 @@ aws_managed_policies_data = """
"secretsmanager:GetResourcePolicy",
"secretsmanager:ListSecrets",
"secretsmanager:ListSecretVersionIds",
+ "securityhub:Describe*",
"securityhub:Get*",
"securityhub:List*",
"serverlessrepo:GetApplicationPolicy",
"serverlessrepo:List*",
"ses:GetIdentityDkimAttributes",
+ "ses:GetIdentityPolicies",
"ses:GetIdentityVerificationAttributes",
"ses:ListIdentities",
+ "ses:ListIdentityPolicies",
"ses:ListVerifiedEmailAddresses",
"shield:Describe*",
"shield:List*",
@@ -26995,12 +49230,14 @@ aws_managed_policies_data = """
"snowball:ListJobs",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic",
+ "sns:ListTagsForResource",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListDeadLetterSourceQueues",
"sqs:ListQueues",
"sqs:ListQueueTags",
"ssm:Describe*",
+ "ssm:GetAutomationExecution",
"ssm:ListDocuments",
"sso:DescribePermissionsPolicies",
"sso:List*",
@@ -27026,27 +49263,81 @@ aws_managed_policies_data = """
"transfer:List*",
"translate:List*",
"trustedadvisor:Describe*",
+ "waf:GetWebACL",
"waf:ListWebACLs",
+ "waf:ListTagsForResource",
+ "wafv2:GetWebACL",
+ "wafv2:ListAvailableManagedRuleGroups",
+ "wafv2:ListIPSets",
+ "wafv2:ListLoggingConfigurations",
+ "wafv2:ListRegexPatternSets",
+ "wafv2:ListResourcesForWebACL",
+ "wafv2:ListRuleGroups",
+ "wafv2:ListTagsForResource",
+ "wafv2:ListWebACLs",
+ "waf-regional:GetWebACL",
+ "waf-regional:ListResourcesForWebACL",
+ "waf-regional:ListTagsForResource",
"waf-regional:ListWebACLs",
- "workspaces:Describe*"
+ "workspaces:Describe*",
+ "cloudsearch:DescribeDomainEndpointOptions",
+ "cloudwatch:ListTagsForResource",
+ "detective:ListGraphs",
+ "detective:ListMembers",
+ "detective:GetGraphIngestState",
+ "dynamodb:ListTagsOfResource",
+ "ec2:DescribeTransitGatewayAttachments",
+ "ec2:DescribeTransitGatewayMulticastDomains",
+ "ec2:DescribeTransitGatewayPeeringAttachments",
+ "ec2:DescribeTransitGatewayRouteTables",
+ "ec2:DescribeTransitGateways",
+ "ec2:DescribeTransitGatewayVpcAttachments",
+ "ec2:GetManagedPrefixListAssociations",
+ "ec2:GetManagedPrefixListEntries",
+ "ecr:DescribeImages",
+ "ecr:GetLifecyclePolicy",
+ "ecr:ListTagsForResource",
+ "eks:DescribeNodeGroup",
+ "eks:ListNodeGroups",
+ "elasticache:ListTagsForResource",
+ "elasticbeanstalk:DescribeApplications",
+ "elasticbeanstalk:ListTagsForResource",
+ "elasticmapreduce:GetBlockPublicAccessConfiguration",
+ "es:ListElasticsearchInstanceTypeDetails",
+ "es:ListElasticsearchVersions",
+ "es:ListTags",
+ "events:TestEventPattern",
+ "glue:GetDataCatalogEncryptionSettings",
+ "glue:GetDevEndpoints",
+ "guardduty:DescribePublishingDestination",
+ "secretsmanager:DescribeSecret",
+ "sns:ListTagsForResource",
+ "ssm:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
- "apigateway:HEAD",
- "apigateway:GET",
- "apigateway:OPTIONS"
+ "apigateway:GET"
],
"Effect": "Allow",
"Resource": [
+ "arn:aws:apigateway:*::/apis",
+ "arn:aws:apigateway:*::/apis/*/stages",
+ "arn:aws:apigateway:*::/apis/*/stages/*",
+ "arn:aws:apigateway:*::/apis/*/routes",
+ "arn:aws:apigateway:*::/clientcertificates/*",
"arn:aws:apigateway:*::/restapis",
"arn:aws:apigateway:*::/restapis/*/authorizers",
"arn:aws:apigateway:*::/restapis/*/authorizers/*",
+ "arn:aws:apigateway:*::/restapis/*/documentation/versions",
"arn:aws:apigateway:*::/restapis/*/resources",
"arn:aws:apigateway:*::/restapis/*/resources/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*",
+ "arn:aws:apigateway:*::/restapis/*/stages",
+ "arn:aws:apigateway:*::/restapis/*/stages/*",
+ "arn:aws:apigateway:*::/tags/*",
"arn:aws:apigateway:*::/vpclinks"
]
}
@@ -27059,8 +49350,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIX2T3QCXHR2OGGCTO",
"PolicyName": "SecurityAudit",
- "UpdateDate": "2019-04-29T18:33:52+00:00",
- "VersionId": "v27"
+ "UpdateDate": "2020-12-15T00:04:54+00:00",
+ "VersionId": "v34"
},
"ServerMigrationConnector": {
"Arn": "arn:aws:iam::aws:policy/ServerMigrationConnector",
@@ -27135,11 +49426,90 @@ aws_managed_policies_data = """
"UpdateDate": "2016-10-24T21:45:56+00:00",
"VersionId": "v1"
},
+ "ServerMigrationServiceConsoleFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ServerMigrationServiceConsoleFullAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-05-09T17:18:57+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "sms:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "cloudformation:ListStacks",
+ "cloudformation:DescribeStacks",
+ "cloudformation:DescribeStackResources"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "s3:ListAllMyBuckets",
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "s3:GetObject",
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::sms-app-*/*"
+ },
+ {
+ "Action": [
+ "ec2:DescribeKeyPairs",
+ "ec2:DescribeVpcs",
+ "ec2:DescribeSubnets",
+ "ec2:DescribeSecurityGroups"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:ListRoles"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "sms.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": "iam:GetInstanceProfile",
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4IIEMRGEYB",
+ "PolicyName": "ServerMigrationServiceConsoleFullAccess",
+ "UpdateDate": "2020-07-20T22:00:37+00:00",
+ "VersionId": "v2"
+ },
"ServerMigrationServiceLaunchRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceLaunchRole",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T19:53:06+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -27150,7 +49520,7 @@ aws_managed_policies_data = """
"ec2:TerminateInstances"
],
"Condition": {
- "ForAllValues:StringLike": {
+ "StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
@@ -27162,6 +49532,30 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
+ {
+ "Action": [
+ "ec2:DisassociateIamInstanceProfile",
+ "ec2:AssociateIamInstanceProfile",
+ "ec2:ReplaceIamInstanceProfileAssociation"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "ec2.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
{
"Action": [
"ec2:RunInstances",
@@ -27169,6 +49563,57 @@ aws_managed_policies_data = """
],
"Effect": "Allow",
"Resource": "*"
+ },
+ {
+ "Action": [
+ "applicationinsights:Describe*",
+ "applicationinsights:List*",
+ "cloudformation:ListStackResources",
+ "cloudformation:DescribeStacks"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "applicationinsights:CreateApplication",
+ "applicationinsights:CreateComponent",
+ "applicationinsights:UpdateApplication",
+ "applicationinsights:DeleteApplication",
+ "applicationinsights:UpdateComponentConfiguration",
+ "applicationinsights:DeleteComponent"
+ ],
+ "Effect": "Allow",
+ "Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*"
+ },
+ {
+ "Action": [
+ "resource-groups:CreateGroup",
+ "resource-groups:GetGroup",
+ "resource-groups:UpdateGroup",
+ "resource-groups:DeleteGroup"
+ ],
+ "Condition": {
+ "StringLike": {
+ "aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:resource-groups:*:*:group/sms-app-*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
+ ],
+ "Condition": {
+ "StringEquals": {
+ "iam:AWSServiceName": "application-insights.amazonaws.com"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights"
+ ]
}
],
"Version": "2012-10-17"
@@ -27179,28 +49624,60 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIIIAAMVUCBR2OLXZO",
"PolicyName": "ServerMigrationServiceLaunchRole",
- "UpdateDate": "2018-11-26T19:53:06+00:00",
+ "UpdateDate": "2020-10-15T17:29:00+00:00",
+ "VersionId": "v4"
+ },
+ "ServerMigrationServiceRoleForInstanceValidation": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRoleForInstanceValidation",
+ "AttachmentCount": 0,
+ "CreateDate": "2020-07-20T22:25:07+00:00",
+ "DefaultVersionId": "v1",
+ "Document": {
+ "Statement": [
+ {
+ "Action": "s3:GetObject",
+ "Effect": "Allow",
+ "Resource": "arn:aws:s3:::sms-app-*/*"
+ },
+ {
+ "Action": "sms:NotifyAppValidationOutput",
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4LJMOLEWUV",
+ "PolicyName": "ServerMigrationServiceRoleForInstanceValidation",
+ "UpdateDate": "2020-07-20T22:25:07+00:00",
"VersionId": "v1"
},
- "ServerMigrationServiceRole": {
- "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRole",
+ "ServerMigration_ServiceRole": {
+ "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigration_ServiceRole",
"AttachmentCount": 0,
- "CreateDate": "2016-10-24T21:19:00+00:00",
- "DefaultVersionId": "v3",
+ "CreateDate": "2020-08-11T20:41:44+00:00",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateChangeSet",
- "cloudformation:CreateStack",
- "cloudformation:DeleteStack",
- "cloudformation:ExecuteChangeSet"
+ "cloudformation:CreateStack"
],
"Condition": {
- "ForAllValues:StringLikeIfExists": {
+ "ForAllValues:StringEquals": {
"cloudformation:ResourceTypes": [
- "AWS::EC2::*"
+ "AWS::EC2::Instance",
+ "AWS::ApplicationInsights::Application",
+ "AWS::ResourceGroups::Group"
]
+ },
+ "Null": {
+ "cloudformation:ResourceTypes": "false"
}
},
"Effect": "Allow",
@@ -27208,9 +49685,13 @@ aws_managed_policies_data = """
},
{
"Action": [
+ "cloudformation:DeleteStack",
+ "cloudformation:ExecuteChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet",
+ "cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
+ "cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate"
],
@@ -27219,9 +49700,7 @@ aws_managed_policies_data = """
},
{
"Action": [
- "cloudformation:DescribeStacks",
"cloudformation:ValidateTemplate",
- "cloudformation:DescribeStackResource",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
@@ -27238,8 +49717,7 @@ aws_managed_policies_data = """
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
- "s3:PutLifecycleConfiguration",
- "s3:ListAllMyBuckets"
+ "s3:PutLifecycleConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::sms-app-*"
@@ -27258,28 +49736,124 @@ aws_managed_policies_data = """
"Effect": "Allow",
"Resource": "*"
},
+ {
+ "Action": "ssm:SendCommand",
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:ssm:*::document/AWS-RunRemoteScript",
+ "arn:aws:s3:::sms-app-*"
+ ]
+ },
+ {
+ "Action": "ssm:SendCommand",
+ "Condition": {
+ "StringEquals": {
+ "ssm:resourceTag/UseForSMSApplicationValidation": [
+ "true"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
{
"Action": [
- "ec2:ModifySnapshotAttribute",
- "ec2:CopySnapshot",
- "ec2:CopyImage",
- "ec2:Describe*",
- "ec2:DeleteSnapshot",
- "ec2:DeregisterImage",
- "ec2:CreateTags",
- "ec2:DeleteTags"
+ "ssm:CancelCommand",
+ "ssm:GetCommandInvocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
- "Action": "iam:GetRole",
+ "Action": "ec2:CreateTags",
+ "Condition": {
+ "StringEquals": {
+ "ec2:CreateAction": "CopySnapshot"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:snapshot/*"
+ },
+ {
+ "Action": "ec2:CopySnapshot",
+ "Condition": {
+ "StringLike": {
+ "aws:RequestTag/SMSJobId": [
+ "sms-*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:snapshot/*"
+ },
+ {
+ "Action": [
+ "ec2:ModifySnapshotAttribute",
+ "ec2:DeleteSnapshot"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/SMSJobId": [
+ "sms-*"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:snapshot/*"
+ },
+ {
+ "Action": [
+ "ec2:CopyImage",
+ "ec2:DescribeImages",
+ "ec2:DescribeInstances",
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeSnapshotAttribute",
+ "ec2:DeregisterImage",
+ "ec2:ImportImage",
+ "ec2:DescribeImportImageTasks",
+ "ec2:GetEbsEncryptionByDefault"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:GetRole",
+ "iam:GetInstanceProfile"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "ec2:DisassociateIamInstanceProfile",
+ "ec2:AssociateIamInstanceProfile",
+ "ec2:ReplaceIamInstanceProfileAssociation"
+ ],
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "arn:aws:ec2:*:*:instance/*"
+ },
+ {
+ "Action": "iam:PassRole",
+ "Condition": {
+ "StringEquals": {
+ "iam:PassedToService": "ec2.amazonaws.com"
+ }
+ },
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
+ "StringEqualsIfExists": {
+ "iam:PassedToService": "cloudformation.amazonaws.com"
+ },
"StringLike": {
"iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
@@ -27294,121 +49868,76 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAJMBH3M6BO63XFW2D4",
- "PolicyName": "ServerMigrationServiceRole",
- "UpdateDate": "2018-11-26T19:33:29+00:00",
- "VersionId": "v3"
+ "PolicyId": "ANPAZKAPJZG4NKLZNDFDI",
+ "PolicyName": "ServerMigration_ServiceRole",
+ "UpdateDate": "2020-10-15T17:26:32+00:00",
+ "VersionId": "v2"
},
- "ServiceCatalogAdminReadOnlyAccess": {
- "Arn": "arn:aws:iam::aws:policy/ServiceCatalogAdminReadOnlyAccess",
+ "ServiceQuotasFullAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ServiceQuotasFullAccess",
"AttachmentCount": 0,
- "CreateDate": "2015-09-29T18:40:35+00:00",
- "DefaultVersionId": "v5",
- "Document": {
- "Statement": [
- {
- "Action": [
- "catalog-admin:DescribeConstraints",
- "catalog-admin:DescribeListingForProduct",
- "catalog-admin:DescribeListings",
- "catalog-admin:DescribePortfolios",
- "catalog-admin:DescribeProductVersions",
- "catalog-admin:GetPortfolioCount",
- "catalog-admin:GetPortfolios",
- "catalog-admin:GetProductCounts",
- "catalog-admin:ListAllPortfolioConstraints",
- "catalog-admin:ListPortfolioConstraints",
- "catalog-admin:ListPortfolios",
- "catalog-admin:ListPrincipalConstraints",
- "catalog-admin:ListProductConstraints",
- "catalog-admin:ListResourceUsers",
- "catalog-admin:ListTagsForResource",
- "catalog-admin:SearchListings",
- "catalog-user:*",
- "cloudformation:DescribeStackEvents",
- "cloudformation:DescribeStacks",
- "cloudformation:GetTemplateSummary",
- "iam:GetGroup",
- "iam:GetRole",
- "iam:GetUser",
- "iam:ListGroups",
- "iam:ListRoles",
- "iam:ListUsers",
- "s3:GetObject",
- "servicecatalog:DescribeTagOption",
- "servicecatalog:GetTagOptionMigrationStatus",
- "servicecatalog:ListResourcesForTagOption",
- "servicecatalog:ListTagOptions",
- "servicecatalog:AccountLevelDescribeRecord",
- "servicecatalog:AccountLevelListRecordHistory",
- "servicecatalog:AccountLevelScanProvisionedProducts",
- "servicecatalog:DescribeProduct",
- "servicecatalog:DescribeProductView",
- "servicecatalog:DescribeProvisioningParameters",
- "servicecatalog:DescribeProvisionedProduct",
- "servicecatalog:DescribeRecord",
- "servicecatalog:ListLaunchPaths",
- "servicecatalog:ListRecordHistory",
- "servicecatalog:ScanProvisionedProducts",
- "servicecatalog:SearchProducts",
- "servicecatalog:DescribeConstraint",
- "servicecatalog:DescribeProductAsAdmin",
- "servicecatalog:DescribePortfolio",
- "servicecatalog:DescribeProvisioningArtifact",
- "servicecatalog:ListAcceptedPortfolioShares",
- "servicecatalog:ListConstraintsForPortfolio",
- "servicecatalog:ListPortfolioAccess",
- "servicecatalog:ListPortfolios",
- "servicecatalog:ListPortfoliosForProduct",
- "servicecatalog:ListPrincipalsForPortfolio",
- "servicecatalog:ListProvisioningArtifacts",
- "servicecatalog:SearchProductsAsAdmin"
- ],
- "Effect": "Allow",
- "Resource": "*"
- }
- ],
- "Version": "2012-10-17"
- },
- "IsAttachable": true,
- "IsDefaultVersion": true,
- "Path": "/",
- "PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAJ7XOUSS75M4LIPKO4",
- "PolicyName": "ServiceCatalogAdminReadOnlyAccess",
- "UpdateDate": "2017-08-08T18:57:36+00:00",
- "VersionId": "v5"
- },
- "ServiceCatalogEndUserAccess": {
- "Arn": "arn:aws:iam::aws:policy/ServiceCatalogEndUserAccess",
- "AttachmentCount": 0,
- "CreateDate": "2015-09-29T18:41:33+00:00",
+ "CreateDate": "2019-06-24T15:44:35+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
- "catalog-user:*",
- "s3:GetObject",
- "servicecatalog:DescribeProduct",
- "servicecatalog:DescribeProductView",
- "servicecatalog:DescribeProvisioningParameters",
- "servicecatalog:ListLaunchPaths",
- "servicecatalog:SearchProducts"
+ "autoscaling:DescribeAccountLimits",
+ "cloudformation:DescribeAccountLimits",
+ "cloudwatch:DescribeAlarmsForMetric",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:GetMetricData",
+ "cloudwatch:GetMetricStatistics",
+ "cloudwatch:PutMetricAlarm",
+ "dynamodb:DescribeLimits",
+ "elasticloadbalancing:DescribeAccountLimits",
+ "iam:GetAccountSummary",
+ "kinesis:DescribeLimits",
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "rds:DescribeAccountAttributes",
+ "route53:GetAccountLimit",
+ "tag:GetTagKeys",
+ "tag:GetTagValues",
+ "servicequotas:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
- "servicecatalog:ListRecordHistory",
- "servicecatalog:DescribeProvisionedProduct",
- "servicecatalog:DescribeRecord",
- "servicecatalog:ScanProvisionedProducts"
+ "cloudwatch:DeleteAlarms"
+ ],
+ "Condition": {
+ "Null": {
+ "aws:ResourceTag/ServiceQuotaMonitor": "false"
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "organizations:EnableAWSServiceAccess"
+ ],
+ "Condition": {
+ "StringLike": {
+ "organizations:ServicePrincipal": [
+ "servicequotas.amazonaws.com"
+ ]
+ }
+ },
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
- "servicecatalog:userLevel": "self"
+ "iam:AWSServiceName": "servicequotas.amazonaws.com"
}
},
"Effect": "Allow",
@@ -27421,11 +49950,91 @@ aws_managed_policies_data = """
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAJ56OMCO72RI4J5FSA",
- "PolicyName": "ServiceCatalogEndUserAccess",
- "UpdateDate": "2017-08-08T18:58:57+00:00",
+ "PolicyId": "ANPAZKAPJZG4CGHQWENW3",
+ "PolicyName": "ServiceQuotasFullAccess",
+ "UpdateDate": "2021-02-04T21:29:43+00:00",
"VersionId": "v4"
},
+ "ServiceQuotasReadOnlyAccess": {
+ "Arn": "arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-06-24T15:31:06+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "autoscaling:DescribeAccountLimits",
+ "cloudformation:DescribeAccountLimits",
+ "cloudwatch:DescribeAlarmsForMetric",
+ "cloudwatch:DescribeAlarms",
+ "cloudwatch:GetMetricData",
+ "cloudwatch:GetMetricStatistics",
+ "dynamodb:DescribeLimits",
+ "elasticloadbalancing:DescribeAccountLimits",
+ "iam:GetAccountSummary",
+ "kinesis:DescribeLimits",
+ "organizations:DescribeAccount",
+ "organizations:DescribeOrganization",
+ "organizations:ListAWSServiceAccessForOrganization",
+ "rds:DescribeAccountAttributes",
+ "route53:GetAccountLimit",
+ "tag:GetTagKeys",
+ "tag:GetTagValues",
+ "servicequotas:GetAssociationForServiceQuotaTemplate",
+ "servicequotas:GetAWSDefaultServiceQuota",
+ "servicequotas:GetRequestedServiceQuotaChange",
+ "servicequotas:GetServiceQuota",
+ "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate",
+ "servicequotas:ListAWSDefaultServiceQuotas",
+ "servicequotas:ListRequestedServiceQuotaChangeHistory",
+ "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota",
+ "servicequotas:ListServices",
+ "servicequotas:ListServiceQuotas",
+ "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate",
+ "servicequotas:ListTagsForResource"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4ITU2HGGUJ",
+ "PolicyName": "ServiceQuotasReadOnlyAccess",
+ "UpdateDate": "2020-12-21T18:11:57+00:00",
+ "VersionId": "v2"
+ },
+ "ServiceQuotasServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-05-22T20:44:17+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "support:*"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4FCG7EVJIR",
+ "PolicyName": "ServiceQuotasServiceRolePolicy",
+ "UpdateDate": "2019-06-24T14:52:56+00:00",
+ "VersionId": "v2"
+ },
"SimpleWorkflowFullAccess": {
"Arn": "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess",
"AttachmentCount": 0,
@@ -27456,7 +50065,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/job-function/SupportUser",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:21:53+00:00",
- "DefaultVersionId": "v2",
+ "DefaultVersionId": "v4",
"Document": {
"Statement": [
{
@@ -27503,6 +50112,7 @@ aws_managed_policies_data = """
"cognito-identity:LookupDeveloperIdentity",
"cognito-identity:Describe*",
"cognito-idp:Describe*",
+ "cognito-idp:List*",
"cognito-sync:Describe*",
"cognito-sync:GetBulkPublishDetails",
"cognito-sync:GetCognitoEvents",
@@ -27546,7 +50156,6 @@ aws_managed_policies_data = """
"ec2:DescribeNatGateways",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
- "ec2:GetFlowLogsCount",
"ecr:GetRepositoryPolicy",
"ecr:BatchCheckLayerAvailability",
"ecr:DescribeRepositories",
@@ -27590,11 +50199,8 @@ aws_managed_policies_data = """
"iam:List*",
"importexport:GetStatus",
"importexport:ListJobs",
- "importexport:GetJobDetail",
"inspector:Describe*",
"inspector:List*",
- "inspector:GetAssessmentTelemetry",
- "inspector:LocalizeText",
"iot:Describe*",
"iot:Get*",
"iot:List*",
@@ -27676,14 +50282,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3V4GSSN5SJY3P2RO",
"PolicyName": "SupportUser",
- "UpdateDate": "2017-05-17T23:11:51+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-08-18T22:30:18+00:00",
+ "VersionId": "v4"
},
"SystemAdministrator": {
"Arn": "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:23:56+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -27733,6 +50339,8 @@ aws_managed_policies_data = """
"ec2:CreateInstanceExportTask",
"ec2:CreateInternetGateway",
"ec2:CreateKeyPair",
+ "ec2:CreateLaunchTemplate",
+ "ec2:CreateLaunchTemplateVersion",
"ec2:CreateNatGateway",
"ec2:CreateNetworkInterface",
"ec2:CreatePlacementGroup",
@@ -27752,6 +50360,8 @@ aws_managed_policies_data = """
"ec2:CreateVpnGateway",
"ec2:DeleteFlowLogs",
"ec2:DeleteKeyPair",
+ "ec2:DeleteLaunchTemplate",
+ "ec2:DeleteLaunchTemplateVersions",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkInterface",
"ec2:DeletePlacementGroup",
@@ -27778,6 +50388,7 @@ aws_managed_policies_data = """
"ec2:EnableVpcClassicLinkDnsSupport",
"ec2:GetConsoleOutput",
"ec2:GetHostReservationPurchasePreview",
+ "ec2:GetLaunchTemplateData",
"ec2:GetPasswordData",
"ec2:Import*",
"ec2:Modify*",
@@ -27930,7 +50541,6 @@ aws_managed_policies_data = """
"arn:aws:iam::*:role/rds-monitoring-role",
"arn:aws:iam::*:role/ec2-sysadmin-*",
"arn:aws:iam::*:role/ecr-sysadmin-*",
- "arn:aws:iam::*:role/lamdba-sysadmin-*",
"arn:aws:iam::*:role/lambda-sysadmin-*"
]
}
@@ -27943,62 +50553,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAITJPEZXCYCBXANDSW",
"PolicyName": "SystemAdministrator",
- "UpdateDate": "2018-10-08T21:33:45+00:00",
- "VersionId": "v4"
- },
- "TagPoliciesServiceRolePolicy": {
- "Arn": "arn:aws:iam::aws:policy/aws-service-role/TagPoliciesServiceRolePolicy",
- "AttachmentCount": 0,
- "CreateDate": "2018-10-26T20:02:52+00:00",
- "DefaultVersionId": "v2",
- "Document": {
- "Statement": [
- {
- "Action": [
- "organizations:ListAccounts",
- "organizations:ListAccountsForParent",
- "organizations:ListChildren",
- "organizations:DescribeAccount",
- "organizations:DescribeOrganization",
- "organizations:ListRoots",
- "organizations:ListParents"
- ],
- "Effect": "Allow",
- "Resource": [
- "*"
- ]
- },
- {
- "Action": [
- "organizations:DisableAWSServiceAccess"
- ],
- "Condition": {
- "ForAllValues:StringLike": {
- "organizations:ServicePrincipal": [
- "tagpolicies.tag.amazonaws.com"
- ]
- }
- },
- "Effect": "Allow",
- "Resource": "*"
- }
- ],
- "Version": "2012-10-17"
- },
- "IsAttachable": true,
- "IsDefaultVersion": true,
- "Path": "/aws-service-role/",
- "PermissionsBoundaryUsageCount": 0,
- "PolicyId": "ANPAJGGCZXCABSYJA7UBI",
- "PolicyName": "TagPoliciesServiceRolePolicy",
- "UpdateDate": "2019-05-10T21:38:33+00:00",
- "VersionId": "v2"
+ "UpdateDate": "2020-08-24T20:05:29+00:00",
+ "VersionId": "v6"
},
"TranslateFullAccess": {
"Arn": "arn:aws:iam::aws:policy/TranslateFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T23:36:20+00:00",
- "DefaultVersionId": "v1",
+ "DefaultVersionId": "v2",
"Document": {
"Statement": [
{
@@ -28006,7 +50568,12 @@ aws_managed_policies_data = """
"translate:*",
"comprehend:DetectDominantLanguage",
"cloudwatch:GetMetricStatistics",
- "cloudwatch:ListMetrics"
+ "cloudwatch:ListMetrics",
+ "s3:ListAllMyBuckets",
+ "s3:ListBucket",
+ "s3:GetBucketLocation",
+ "iam:ListRoles",
+ "iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
@@ -28020,14 +50587,14 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIAPOAEI2VFQYUK5RY",
"PolicyName": "TranslateFullAccess",
- "UpdateDate": "2018-11-27T23:36:20+00:00",
- "VersionId": "v1"
+ "UpdateDate": "2020-01-08T21:22:27+00:00",
+ "VersionId": "v2"
},
"TranslateReadOnly": {
"Arn": "arn:aws:iam::aws:policy/TranslateReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T18:22:00+00:00",
- "DefaultVersionId": "v4",
+ "DefaultVersionId": "v6",
"Document": {
"Statement": [
{
@@ -28035,6 +50602,10 @@ aws_managed_policies_data = """
"translate:TranslateText",
"translate:GetTerminology",
"translate:ListTerminologies",
+ "translate:ListTextTranslationJobs",
+ "translate:DescribeTextTranslationJob",
+ "translate:GetParallelData",
+ "translate:ListParallelData",
"comprehend:DetectDominantLanguage",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
@@ -28051,8 +50622,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYAMZMTQNWUDJKY2E",
"PolicyName": "TranslateReadOnly",
- "UpdateDate": "2018-11-27T23:29:08+00:00",
- "VersionId": "v4"
+ "UpdateDate": "2020-11-23T17:31:06+00:00",
+ "VersionId": "v6"
},
"VMImportExportRoleForAWSConnector": {
"Arn": "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector",
@@ -28098,7 +50669,7 @@ aws_managed_policies_data = """
"Arn": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:20:15+00:00",
- "DefaultVersionId": "v7",
+ "DefaultVersionId": "v10",
"Document": {
"Statement": [
{
@@ -28149,8 +50720,6 @@ aws_managed_policies_data = """
"dax:DescribeParameterGroups",
"dax:DescribeParameters",
"dax:DescribeSubnetGroups",
- "dax:DescribeTable",
- "dax:ListTables",
"dax:ListTags",
"devicefarm:List*",
"directconnect:Describe*",
@@ -28220,6 +50789,8 @@ aws_managed_policies_data = """
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticfilesystem:DescribeFileSystems",
+ "elasticloadbalancing:DescribeInstanceHealth",
+ "elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:List*",
"elastictranscoder:List*",
"es:DescribeElasticsearchDomain",
@@ -28281,6 +50852,8 @@ aws_managed_policies_data = """
"route53:List*",
"route53:Get*",
"route53domains:List*",
+ "route53resolver:Get*",
+ "route53resolver:List*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sagemaker:Describe*",
@@ -28303,6 +50876,7 @@ aws_managed_policies_data = """
"trustedadvisor:Describe*",
"waf:List*",
"waf-regional:List*",
+ "wafv2:List*",
"workdocs:DescribeAvailableDirectories",
"workdocs:DescribeInstances",
"workmail:Describe*",
@@ -28320,8 +50894,8 @@ aws_managed_policies_data = """
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAID22R6XPJATWOFDK6",
"PolicyName": "ViewOnlyAccess",
- "UpdateDate": "2018-10-15T18:34:54+00:00",
- "VersionId": "v7"
+ "UpdateDate": "2020-08-18T22:51:43+00:00",
+ "VersionId": "v10"
},
"WAFLoggingServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFLoggingServiceRolePolicy",
@@ -28381,6 +50955,40 @@ aws_managed_policies_data = """
"UpdateDate": "2018-08-24T18:40:55+00:00",
"VersionId": "v1"
},
+ "WAFV2LoggingServiceRolePolicy": {
+ "Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFV2LoggingServiceRolePolicy",
+ "AttachmentCount": 0,
+ "CreateDate": "2019-11-07T00:40:56+00:00",
+ "DefaultVersionId": "v2",
+ "Document": {
+ "Statement": [
+ {
+ "Action": [
+ "firehose:PutRecord",
+ "firehose:PutRecordBatch"
+ ],
+ "Effect": "Allow",
+ "Resource": [
+ "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*"
+ ]
+ },
+ {
+ "Action": "organizations:DescribeOrganization",
+ "Effect": "Allow",
+ "Resource": "*"
+ }
+ ],
+ "Version": "2012-10-17"
+ },
+ "IsAttachable": true,
+ "IsDefaultVersion": true,
+ "Path": "/aws-service-role/",
+ "PermissionsBoundaryUsageCount": 0,
+ "PolicyId": "ANPAZKAPJZG4AHQ3ASNCX",
+ "PolicyName": "WAFV2LoggingServiceRolePolicy",
+ "UpdateDate": "2020-07-23T17:04:25+00:00",
+ "VersionId": "v2"
+ },
"WellArchitectedConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess",
"AttachmentCount": 0,
diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py
index ab4eb23a7..4ea24c1cb 100644
--- a/tests/test_iam/test_iam.py
+++ b/tests/test_iam/test_iam.py
@@ -674,20 +674,15 @@ def test_get_aws_managed_policy_version():
@mock_iam
-def test_get_aws_managed_policy_v4_version():
+def test_get_aws_managed_policy_v6_version():
conn = boto3.client("iam", region_name="us-east-1")
managed_policy_arn = "arn:aws:iam::aws:policy/job-function/SystemAdministrator"
- managed_policy_version_create_date = datetime.strptime(
- "2018-10-08T21:33:45+00:00", "%Y-%m-%dT%H:%M:%S+00:00"
- )
with pytest.raises(ClientError):
conn.get_policy_version(
PolicyArn=managed_policy_arn, VersionId="v2-does-not-exist"
)
- retrieved = conn.get_policy_version(PolicyArn=managed_policy_arn, VersionId="v4")
- retrieved["PolicyVersion"]["CreateDate"].replace(tzinfo=None).should.equal(
- managed_policy_version_create_date
- )
+ retrieved = conn.get_policy_version(PolicyArn=managed_policy_arn, VersionId="v6")
+ retrieved["PolicyVersion"]["CreateDate"].replace(tzinfo=None).should.be.an(datetime)
retrieved["PolicyVersion"]["Document"].should.be.an(dict)