From 67c1dbc1643e669765f50a437f756fbf47657c01 Mon Sep 17 00:00:00 2001 From: Bert Blommers Date: Tue, 23 Feb 2021 15:16:07 +0000 Subject: [PATCH] Changelog 2.0.0 (#3721) * Changelog for upcoming release (..-27/01) * Changelog for upcoming release (..-21-02) * Update Implementation Coverage * Update AWS Managed Policies --- CHANGELOG.md | 194 +- IMPLEMENTATION_COVERAGE.md | 1376 +- moto/iam/aws_managed_policies.py | 26732 ++++++++++++++++++++++++++--- tests/test_iam/test_iam.py | 11 +- 4 files changed, 26214 insertions(+), 2099 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d31409f0..a1f98bfb8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,10 +3,196 @@ Moto Changelog Unreleased ----- - * Reduced dependency overhead. - It is now possible to install dependencies for only specific services using: - pip install moto[service1,service1]. - See the README for more information. + + +2.0.0 +---- +Full list of PRs merged in this release: +https://github.com/spulec/moto/pulls?q=is%3Apr+is%3Aclosed+merged%3A2020-09-07..2021-02-23 + + General Changes: + * When installing, it is now required to specify the service you want to use: + pip install moto[service1,service2] + pip install moto[all] + + This will ensure that only the required dependencies are downloaded. + See the README for more information. + + * Moved CI to Github Actions + + * Moto no longer hogs the _default_mock from responses + + * Internal testing is now executed using Pytest (instead of Nose) + + * CORS is now enabled when running MotoServer + + * AWS Lambda and Batch now support Podman as an alternative to Docker + + New Services: + * Forecast + * MediaLive + * Support + * Transcribe + + New Methods: + * Application Autoscaling + * delete_scaling_policy + * deregister_scalable_target + * describe_scaling_policies + * put_scaling_policy + * Batch + * batch_update_partition + * Cognito IDP + * admin_set_user_password + * EC2 + * create_flow_logs + * delete_flow_logs + * describe_flow_logs + * describe_instance_type_offerings + * describe_vpc_endpoints + * EMR + * create_security_configuration + * delete_security_configuration + * get_security_configuration + * modify_cluster + * put_autoscaling_policy + * remove_auto_scaling_policy + * Events + * create_archive + * delete_archive + * describe_archive + * list_archives + * update_archive + * Lambda + * get_function_configuration + * get_layer_version + * list_layers + * publish_layer_version + * IAM + * associate_iam_instance_profile + * delete_role_permissions_boundary + * describe_iam_instance_profile_associations + * disassociate_iam_instance_profile + * put_role_permissions_boundary + * replace_iam_instance_profile_association + * set_default_policy_version + * tag_user + * untag_user + * IOT + * create_topic_rule + * delete_topic_rule + * disable_topic_rule + * enable_topic_rule + * get_topic_rule + * list_topic_rules + * replace_topic_rule + * Redshift + * get_cluster_credentials + * Route53 + * get_change (dummy) + * SageMaker + * create_notebook_instance_lifecycle_config + * delete_notebook_instance_lifecycle_config + * describe_notebook_instance_lifecycle_config + * Secrets Manager + * tag_resource + * SES + * test_render_template + * update_template + * Step Functions + * get_execution_history + * tag_resource + * untag_resource + * update_state_machine + + General Changes: + * ACM - import_certificate() now supports the Tags-parameter + * ACM - request_certificate() now supports the Tags-parameter + * CF - SSHIngressRule now supports CidrIp and Description + * CF - Now fully supports: + AWS::StepFunctions::StateMachine + * CF - Now supports creation of: + AWS::ApiGateway::Deployment + AWS::ApiGateway::Method + AWS::ApiGateway::Resource + AWS::ApiGateway::RestApi + AWS::Lambda::Permission + * CF - Now supports S3 outputs: Arn, DomainName, DualStackDomainName, RegionalDomainName, WebsiteURL + * CloudWatch - list_metrics() no longer returns duplicate entries + * CloudWatch - put_metric_alarm() now supports the Metrics and DatapointsToAlarm parameters + * Config - Now supports IAM (Role, Policy) + * Cognito - admin_initiate_auth() now supports the ADMIN_USER_PASSWORD_AUTH-flow + * CognitoIDP - list_users() now supports spaces in the Filter-parameter + * DynamoDB - GSI's now support the ProjectionType=INCLUDE parameter + * DynamoDB - put_item() now supports empty values (in non-key attributes) + * DynamoDB - update_item() now supports the ADD operation to a list (using the AttributeUpdates-parameter) + * DynamoDB - update_item() now supports the PUT operation to a StringSet (using the AttributeUpdates-parameter) + * DynamoDB - update_item() now supports ReturnValues='UPDATED_NEW' + * DynamoDB - update_item() now defaults to PUT if the action is not supplied + * DynamoDB Streams - The event name for deletions has been corrected to REMOVE (was DELETE before) + * EB - create()/describe_applications() now return a properly formatted ARN (that contains the application-name) + * EC2 - copy_snapshot() now supports the TagSpecifications-parameter + * EC2 - create_image() now supports the TagSpecifications-parameter + * EC2 - create_internet_gateway() now supports the TagSpecifications-parameter + * EC2 - create_nat_gateway() now supports the TagSpecification-parameter + * EC2 - create_network_acl() now supports the TagSpecification-parameter + * EC2 - create_route_table() now supports the TagSpecifications-parameter + * EC2 - create_subnet() now supports the TagSpecifications-parameter + * EC2 - create_subnet() now supports secondary CidrBlock-values + * EC2 - create_tags() now supports empty values + * EC2 - create_volume() now supports the KmsKeyId-parameter + * EC2 - create_vpc now supports the TagSpecifications-parameter + * EC2 - create_vpc_endpoint() now properly handles private_dns_enabled-parameter in CF/TF + * EC2 - create_vpn_endpoint() now supports the VpnGatewayId-parameter + * EC2 - describe_addresses() now returns Tags + * EC2 - describe_instances() now supports filtering by the subnet-id-attribute + * EC2 - describe_subnets() now supports filtering by the state-attribute + * ECR - list_images() now returns a proper value for the imageDigest-attribute + * ECS - the default cluster is now used in a variety of methods, if the Cluster-parameter is not supplied + * ECS - create_service() now supports the launchType-parameter + * ECS - delete_service() now supports the force-parameter + * ECS - describe_container_instances() now returns the registeredAt-attribute + * ECS - list_tasks now supports the filters family/service_name/desired_status + * ECS - register_scalable_target() now supports updates + * ECS - register_task_definition() now returns some attributes that were missing before + * ECS - run_task() now supports the tags-parameter + * EMR - ReleaseLabel now respects semantic versioning + * Events - Now supports the Go SDK + * Events - list_rules() now returns the EventBusName-parameter + * Events - put_events() now has basic input validation + * Glue - create_database() now returns some attributes that were missing before + * IAM - create_user() now returns the Tags-attribute + * IAM - list_roles() now supports the parameters PathPrefix/Marker/MaxItems + * IOT - delete_thing_group() is now idempotent + * Lambda - update_function_configuration() now supports the VpcConfig-parameter + * RDS - create_db_parameter_group() now returns the DBParameterGroupArn-attribute + * RDS - describe_db_instances() now returns the TagList-attribute + * RDS - describe_db_instances() now supports the filters-parameter + * RDS - describe_db_snapshots() now supports the filters-parameter + * Redshift - modify_cluster() now checks for invalid ClusterType/NumberOfNodes combinations + * ResourceGroupTagging: Now supports EC2 VPC resources + * ResourceGroupTagging: Now supports RDS DBInstance, DBSnapshot resources + * ResourceGroupTagging - get_resources() has improved support for the TagFilters-parameter + * S3 - copy_object() now supports copying deleted and subsequently restored objects with storage class Glacier + * S3 - get_object() now throws the correct error for an unknown VersionId + * S3 - get_object() now supports an empty Range-parameter + * S3 - get_object() now returns headers that were missing in some cases (ContentLength/ActualObjectSize/RangeRequested) + * S3 - put_object/get_object now support the ServerSideEncryption/SSEKMSKeyId/BucketKeyEnabled parameters + * S3 - list_object_versions now returns the object in the correct sort order (last modified time) + * SecretsManager - describe_secret() now returns a persistent ARN + * SecretsManager - get_secret_value() now requires a version to exist + * SecretsManager - put_secret_value() now requires a secret to exist + * SES - get-template() now returns the HtmlPart-attribute + * SNS - Support KmsMasterKeyId-attribute + * SNS - create_topic() no longer throws an error when creating a FIFO queue + * SNS - delete_topic() now also deletes the corresponding subscriptions + * SNS - delete_topic() now raises an appropriate exception if the supplied topic not exists + * Step Functions - list_executions() now supports filtering and pagination + * SQS - The MD5OfMessageAttributes is now computed correctly + * SQS - a message in the DLQ now no longer blocks other messages with that MessageGroupId + * SQS - create_queue() now supports the MaximumMessageSize-attribute + * SQS - receive_message() now supports MessageAttributeNames=["All"] + * SQS - send_message() now deduplicates properly using the MessageDeduplicationId diff --git a/IMPLEMENTATION_COVERAGE.md b/IMPLEMENTATION_COVERAGE.md index fc9454664..93db3f403 100644 --- a/IMPLEMENTATION_COVERAGE.md +++ b/IMPLEMENTATION_COVERAGE.md @@ -3,6 +3,7 @@
0% implemented +- [ ] apply_archive_rule - [ ] create_analyzer - [ ] create_archive_rule - [ ] delete_analyzer @@ -170,6 +171,17 @@ - [ ] update_skill_group
+## amp +
+0% implemented + +- [ ] create_workspace +- [ ] delete_workspace +- [ ] describe_workspace +- [ ] list_workspaces +- [ ] update_workspace_alias +
+ ## amplify
0% implemented @@ -213,6 +225,36 @@ - [ ] update_webhook
+## amplifybackend +
+0% implemented + +- [ ] clone_backend +- [ ] create_backend +- [ ] create_backend_api +- [ ] create_backend_auth +- [ ] create_backend_config +- [ ] create_token +- [ ] delete_backend +- [ ] delete_backend_api +- [ ] delete_backend_auth +- [ ] delete_token +- [ ] generate_backend_api_models +- [ ] get_backend +- [ ] get_backend_api +- [ ] get_backend_api_models +- [ ] get_backend_auth +- [ ] get_backend_job +- [ ] get_token +- [ ] list_backend_jobs +- [ ] remove_all_backends +- [ ] remove_backend_config +- [ ] update_backend_api +- [ ] update_backend_auth +- [ ] update_backend_config +- [ ] update_backend_job +
+ ## apigateway
34% implemented @@ -409,6 +451,7 @@ - [ ] get_vpc_links - [ ] import_api - [ ] reimport_api +- [ ] reset_authorizers_cache - [ ] tag_resource - [ ] untag_resource - [ ] update_api @@ -488,6 +531,21 @@ - [ ] update_flow
+## appintegrations +
+0% implemented + +- [ ] create_event_integration +- [ ] delete_event_integration +- [ ] get_event_integration +- [ ] list_event_integration_associations +- [ ] list_event_integrations +- [ ] list_tags_for_resource +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_event_integration +
+ ## application-autoscaling
60% implemented @@ -715,6 +773,63 @@ - [ ] update_work_group
+## auditmanager +
+0% implemented + +- [ ] associate_assessment_report_evidence_folder +- [ ] batch_associate_assessment_report_evidence +- [ ] batch_create_delegation_by_assessment +- [ ] batch_delete_delegation_by_assessment +- [ ] batch_disassociate_assessment_report_evidence +- [ ] batch_import_evidence_to_assessment_control +- [ ] create_assessment +- [ ] create_assessment_framework +- [ ] create_assessment_report +- [ ] create_control +- [ ] delete_assessment +- [ ] delete_assessment_framework +- [ ] delete_assessment_report +- [ ] delete_control +- [ ] deregister_account +- [ ] deregister_organization_admin_account +- [ ] disassociate_assessment_report_evidence_folder +- [ ] get_account_status +- [ ] get_assessment +- [ ] get_assessment_framework +- [ ] get_assessment_report_url +- [ ] get_change_logs +- [ ] get_control +- [ ] get_delegations +- [ ] get_evidence +- [ ] get_evidence_by_evidence_folder +- [ ] get_evidence_folder +- [ ] get_evidence_folders_by_assessment +- [ ] get_evidence_folders_by_assessment_control +- [ ] get_organization_admin_account +- [ ] get_services_in_scope +- [ ] get_settings +- [ ] list_assessment_frameworks +- [ ] list_assessment_reports +- [ ] list_assessments +- [ ] list_controls +- [ ] list_keywords_for_data_source +- [ ] list_notifications +- [ ] list_tags_for_resource +- [ ] register_account +- [ ] register_organization_admin_account +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_assessment +- [ ] update_assessment_control +- [ ] update_assessment_control_set_status +- [ ] update_assessment_framework +- [ ] update_assessment_status +- [ ] update_control +- [ ] update_settings +- [ ] validate_assessment_report_integrity +
+ ## autoscaling
42% implemented @@ -806,6 +921,7 @@ - [ ] describe_backup_job - [ ] describe_backup_vault - [ ] describe_copy_job +- [ ] describe_global_settings - [ ] describe_protected_resource - [ ] describe_recovery_point - [ ] describe_region_settings @@ -840,13 +956,14 @@ - [ ] tag_resource - [ ] untag_resource - [ ] update_backup_plan +- [ ] update_global_settings - [ ] update_recovery_point_lifecycle - [ ] update_region_settings
## batch
-93% implemented +78% implemented - [ ] cancel_job - [X] create_compute_environment @@ -859,9 +976,12 @@ - [X] describe_job_queues - [X] describe_jobs - [X] list_jobs +- [ ] list_tags_for_resource - [X] register_job_definition - [X] submit_job +- [ ] tag_resource - [X] terminate_job +- [ ] untag_resource - [X] update_compute_environment - [X] update_job_queue
@@ -874,8 +994,11 @@ - [ ] create_quantum_task - [ ] get_device - [ ] get_quantum_task +- [ ] list_tags_for_resource - [ ] search_devices - [ ] search_quantum_tasks +- [ ] tag_resource +- [ ] untag_resource ## budgets @@ -883,17 +1006,25 @@ 0% implemented - [ ] create_budget +- [ ] create_budget_action - [ ] create_notification - [ ] create_subscriber - [ ] delete_budget +- [ ] delete_budget_action - [ ] delete_notification - [ ] delete_subscriber - [ ] describe_budget +- [ ] describe_budget_action +- [ ] describe_budget_action_histories +- [ ] describe_budget_actions_for_account +- [ ] describe_budget_actions_for_budget - [ ] describe_budget_performance_history - [ ] describe_budgets - [ ] describe_notifications_for_budget - [ ] describe_subscribers_for_notification +- [ ] execute_budget_action - [ ] update_budget +- [ ] update_budget_action - [ ] update_notification - [ ] update_subscriber @@ -902,9 +1033,16 @@
0% implemented +- [ ] create_anomaly_monitor +- [ ] create_anomaly_subscription - [ ] create_cost_category_definition +- [ ] delete_anomaly_monitor +- [ ] delete_anomaly_subscription - [ ] delete_cost_category_definition - [ ] describe_cost_category_definition +- [ ] get_anomalies +- [ ] get_anomaly_monitors +- [ ] get_anomaly_subscriptions - [ ] get_cost_and_usage - [ ] get_cost_and_usage_with_resources - [ ] get_cost_forecast @@ -920,6 +1058,9 @@ - [ ] get_tags - [ ] get_usage_forecast - [ ] list_cost_category_definitions +- [ ] provide_anomaly_feedback +- [ ] update_anomaly_monitor +- [ ] update_anomaly_subscription - [ ] update_cost_category_definition
@@ -939,25 +1080,47 @@ - [ ] batch_update_phone_number - [ ] batch_update_user - [ ] create_account +- [ ] create_app_instance +- [ ] create_app_instance_admin +- [ ] create_app_instance_user - [ ] create_attendee - [ ] create_bot +- [ ] create_channel +- [ ] create_channel_ban +- [ ] create_channel_membership +- [ ] create_channel_moderator - [ ] create_meeting +- [ ] create_meeting_dial_out - [ ] create_meeting_with_attendees - [ ] create_phone_number_order - [ ] create_proxy_session - [ ] create_room - [ ] create_room_membership +- [ ] create_sip_media_application +- [ ] create_sip_media_application_call +- [ ] create_sip_rule - [ ] create_user - [ ] create_voice_connector - [ ] create_voice_connector_group - [ ] delete_account +- [ ] delete_app_instance +- [ ] delete_app_instance_admin +- [ ] delete_app_instance_streaming_configurations +- [ ] delete_app_instance_user - [ ] delete_attendee +- [ ] delete_channel +- [ ] delete_channel_ban +- [ ] delete_channel_membership +- [ ] delete_channel_message +- [ ] delete_channel_moderator - [ ] delete_events_configuration - [ ] delete_meeting - [ ] delete_phone_number - [ ] delete_proxy_session - [ ] delete_room - [ ] delete_room_membership +- [ ] delete_sip_media_application +- [ ] delete_sip_rule - [ ] delete_voice_connector - [ ] delete_voice_connector_emergency_calling_configuration - [ ] delete_voice_connector_group @@ -966,23 +1129,39 @@ - [ ] delete_voice_connector_streaming_configuration - [ ] delete_voice_connector_termination - [ ] delete_voice_connector_termination_credentials +- [ ] describe_app_instance +- [ ] describe_app_instance_admin +- [ ] describe_app_instance_user +- [ ] describe_channel +- [ ] describe_channel_ban +- [ ] describe_channel_membership +- [ ] describe_channel_membership_for_app_instance_user +- [ ] describe_channel_moderated_by_app_instance_user +- [ ] describe_channel_moderator - [ ] disassociate_phone_number_from_user - [ ] disassociate_phone_numbers_from_voice_connector - [ ] disassociate_phone_numbers_from_voice_connector_group - [ ] disassociate_signin_delegate_groups_from_account - [ ] get_account - [ ] get_account_settings +- [ ] get_app_instance_retention_settings +- [ ] get_app_instance_streaming_configurations - [ ] get_attendee - [ ] get_bot +- [ ] get_channel_message - [ ] get_events_configuration - [ ] get_global_settings - [ ] get_meeting +- [ ] get_messaging_session_endpoint - [ ] get_phone_number - [ ] get_phone_number_order - [ ] get_phone_number_settings - [ ] get_proxy_session - [ ] get_retention_settings - [ ] get_room +- [ ] get_sip_media_application +- [ ] get_sip_media_application_logging_configuration +- [ ] get_sip_rule - [ ] get_user - [ ] get_user_settings - [ ] get_voice_connector @@ -996,9 +1175,19 @@ - [ ] get_voice_connector_termination_health - [ ] invite_users - [ ] list_accounts +- [ ] list_app_instance_admins +- [ ] list_app_instance_users +- [ ] list_app_instances - [ ] list_attendee_tags - [ ] list_attendees - [ ] list_bots +- [ ] list_channel_bans +- [ ] list_channel_memberships +- [ ] list_channel_memberships_for_app_instance_user +- [ ] list_channel_messages +- [ ] list_channel_moderators +- [ ] list_channels +- [ ] list_channels_moderated_by_app_instance_user - [ ] list_meeting_tags - [ ] list_meetings - [ ] list_phone_number_orders @@ -1006,14 +1195,19 @@ - [ ] list_proxy_sessions - [ ] list_room_memberships - [ ] list_rooms +- [ ] list_sip_media_applications +- [ ] list_sip_rules - [ ] list_tags_for_resource - [ ] list_users - [ ] list_voice_connector_groups - [ ] list_voice_connector_termination_credentials - [ ] list_voice_connectors - [ ] logout_user +- [ ] put_app_instance_retention_settings +- [ ] put_app_instance_streaming_configurations - [ ] put_events_configuration - [ ] put_retention_settings +- [ ] put_sip_media_application_logging_configuration - [ ] put_voice_connector_emergency_calling_configuration - [ ] put_voice_connector_logging_configuration - [ ] put_voice_connector_origination @@ -1021,12 +1215,14 @@ - [ ] put_voice_connector_streaming_configuration - [ ] put_voice_connector_termination - [ ] put_voice_connector_termination_credentials +- [ ] redact_channel_message - [ ] redact_conversation_message - [ ] redact_room_message - [ ] regenerate_security_token - [ ] reset_personal_pin - [ ] restore_phone_number - [ ] search_available_phone_numbers +- [ ] send_channel_message - [ ] tag_attendee - [ ] tag_meeting - [ ] tag_resource @@ -1035,13 +1231,20 @@ - [ ] untag_resource - [ ] update_account - [ ] update_account_settings +- [ ] update_app_instance +- [ ] update_app_instance_user - [ ] update_bot +- [ ] update_channel +- [ ] update_channel_message +- [ ] update_channel_read_marker - [ ] update_global_settings - [ ] update_phone_number - [ ] update_phone_number_settings - [ ] update_proxy_session - [ ] update_room - [ ] update_room_membership +- [ ] update_sip_media_application +- [ ] update_sip_rule - [ ] update_user - [ ] update_user_settings - [ ] update_voice_connector @@ -1211,6 +1414,7 @@ - [ ] create_field_level_encryption_config - [ ] create_field_level_encryption_profile - [ ] create_invalidation +- [ ] create_key_group - [ ] create_monitoring_subscription - [ ] create_origin_request_policy - [ ] create_public_key @@ -1222,6 +1426,7 @@ - [ ] delete_distribution - [ ] delete_field_level_encryption_config - [ ] delete_field_level_encryption_profile +- [ ] delete_key_group - [ ] delete_monitoring_subscription - [ ] delete_origin_request_policy - [ ] delete_public_key @@ -1238,6 +1443,8 @@ - [ ] get_field_level_encryption_profile - [ ] get_field_level_encryption_profile_config - [ ] get_invalidation +- [ ] get_key_group +- [ ] get_key_group_config - [ ] get_monitoring_subscription - [ ] get_origin_request_policy - [ ] get_origin_request_policy_config @@ -1250,12 +1457,14 @@ - [ ] list_cloud_front_origin_access_identities - [ ] list_distributions - [ ] list_distributions_by_cache_policy_id +- [ ] list_distributions_by_key_group - [ ] list_distributions_by_origin_request_policy_id - [ ] list_distributions_by_realtime_log_config - [ ] list_distributions_by_web_acl_id - [ ] list_field_level_encryption_configs - [ ] list_field_level_encryption_profiles - [ ] list_invalidations +- [ ] list_key_groups - [ ] list_origin_request_policies - [ ] list_public_keys - [ ] list_realtime_log_configs @@ -1268,6 +1477,7 @@ - [ ] update_distribution - [ ] update_field_level_encryption_config - [ ] update_field_level_encryption_profile +- [ ] update_key_group - [ ] update_origin_request_policy - [ ] update_public_key - [ ] update_realtime_log_config @@ -1314,6 +1524,8 @@ - [ ] describe_clusters - [ ] initialize_cluster - [ ] list_tags +- [ ] modify_backup_attributes +- [ ] modify_cluster - [ ] restore_backup - [ ] tag_resource - [ ] untag_resource @@ -1451,8 +1663,11 @@ - [ ] list_packages - [ ] list_repositories - [ ] list_repositories_in_domain +- [ ] list_tags_for_resource - [ ] put_domain_permissions_policy - [ ] put_repository_permissions_policy +- [ ] tag_resource +- [ ] untag_resource - [ ] update_package_versions_status - [ ] update_repository @@ -1479,6 +1694,7 @@ - [ ] delete_webhook - [ ] describe_code_coverages - [ ] describe_test_cases +- [ ] get_report_group_trend - [ ] get_resource_policy - [ ] import_source_credentials - [ ] invalidate_project_cache @@ -1656,7 +1872,10 @@ - [ ] list_recommendation_feedback - [ ] list_recommendations - [ ] list_repository_associations +- [ ] list_tags_for_resource - [ ] put_recommendation_feedback +- [ ] tag_resource +- [ ] untag_resource ## codeguruprofiler @@ -1770,6 +1989,7 @@ - [ ] list_tags_for_resource - [ ] tag_resource - [ ] untag_resource +- [ ] update_host ## codestar-notifications @@ -1969,12 +2189,15 @@ - [ ] describe_endpoint - [ ] describe_entities_detection_job - [ ] describe_entity_recognizer +- [ ] describe_events_detection_job - [ ] describe_key_phrases_detection_job +- [ ] describe_pii_entities_detection_job - [ ] describe_sentiment_detection_job - [ ] describe_topics_detection_job - [ ] detect_dominant_language - [ ] detect_entities - [ ] detect_key_phrases +- [ ] detect_pii_entities - [ ] detect_sentiment - [ ] detect_syntax - [ ] list_document_classification_jobs @@ -1983,19 +2206,25 @@ - [ ] list_endpoints - [ ] list_entities_detection_jobs - [ ] list_entity_recognizers +- [ ] list_events_detection_jobs - [ ] list_key_phrases_detection_jobs +- [ ] list_pii_entities_detection_jobs - [ ] list_sentiment_detection_jobs - [ ] list_tags_for_resource - [ ] list_topics_detection_jobs - [ ] start_document_classification_job - [ ] start_dominant_language_detection_job - [ ] start_entities_detection_job +- [ ] start_events_detection_job - [ ] start_key_phrases_detection_job +- [ ] start_pii_entities_detection_job - [ ] start_sentiment_detection_job - [ ] start_topics_detection_job - [ ] stop_dominant_language_detection_job - [ ] stop_entities_detection_job +- [ ] stop_events_detection_job - [ ] stop_key_phrases_detection_job +- [ ] stop_pii_entities_detection_job - [ ] stop_sentiment_detection_job - [ ] stop_training_document_classifier - [ ] stop_training_entity_recognizer @@ -2039,16 +2268,18 @@ - [ ] export_auto_scaling_group_recommendations - [ ] export_ec2_instance_recommendations - [ ] get_auto_scaling_group_recommendations +- [ ] get_ebs_volume_recommendations - [ ] get_ec2_instance_recommendations - [ ] get_ec2_recommendation_projected_metrics - [ ] get_enrollment_status +- [ ] get_lambda_function_recommendations - [ ] get_recommendation_summaries - [ ] update_enrollment_status ## config
-32% implemented +30% implemented - [X] batch_get_aggregate_resource_config - [X] batch_get_resource_config @@ -2066,6 +2297,7 @@ - [ ] delete_remediation_exceptions - [ ] delete_resource_config - [ ] delete_retention_configuration +- [ ] delete_stored_query - [ ] deliver_config_snapshot - [ ] describe_aggregate_compliance_by_config_rules - [X] describe_aggregation_authorizations @@ -2105,8 +2337,10 @@ - [ ] get_organization_config_rule_detailed_status - [X] get_organization_conformance_pack_detailed_status - [X] get_resource_config_history +- [ ] get_stored_query - [X] list_aggregate_discovered_resources - [X] list_discovered_resources +- [ ] list_stored_queries - [ ] list_tags_for_resource - [X] put_aggregation_authorization - [ ] put_config_rule @@ -2115,12 +2349,14 @@ - [ ] put_conformance_pack - [X] put_delivery_channel - [X] put_evaluations +- [ ] put_external_evaluation - [ ] put_organization_config_rule - [X] put_organization_conformance_pack - [ ] put_remediation_configurations - [ ] put_remediation_exceptions - [ ] put_resource_config - [ ] put_retention_configuration +- [ ] put_stored_query - [ ] select_aggregate_resource_config - [ ] select_resource_config - [ ] start_config_rules_evaluation @@ -2135,50 +2371,115 @@
0% implemented +- [ ] associate_approved_origin +- [ ] associate_instance_storage_config +- [ ] associate_lambda_function +- [ ] associate_lex_bot +- [ ] associate_routing_profile_queues +- [ ] associate_security_key +- [ ] create_contact_flow +- [ ] create_instance +- [ ] create_integration_association +- [ ] create_quick_connect +- [ ] create_routing_profile +- [ ] create_use_case - [ ] create_user +- [ ] create_user_hierarchy_group +- [ ] delete_instance +- [ ] delete_integration_association +- [ ] delete_quick_connect +- [ ] delete_use_case - [ ] delete_user +- [ ] delete_user_hierarchy_group +- [ ] describe_contact_flow +- [ ] describe_instance +- [ ] describe_instance_attribute +- [ ] describe_instance_storage_config +- [ ] describe_quick_connect +- [ ] describe_routing_profile - [ ] describe_user - [ ] describe_user_hierarchy_group - [ ] describe_user_hierarchy_structure +- [ ] disassociate_approved_origin +- [ ] disassociate_instance_storage_config +- [ ] disassociate_lambda_function +- [ ] disassociate_lex_bot +- [ ] disassociate_routing_profile_queues +- [ ] disassociate_security_key - [ ] get_contact_attributes - [ ] get_current_metric_data - [ ] get_federation_token - [ ] get_metric_data +- [ ] list_approved_origins - [ ] list_contact_flows - [ ] list_hours_of_operations +- [ ] list_instance_attributes +- [ ] list_instance_storage_configs +- [ ] list_instances +- [ ] list_integration_associations +- [ ] list_lambda_functions +- [ ] list_lex_bots - [ ] list_phone_numbers +- [ ] list_prompts - [ ] list_queues +- [ ] list_quick_connects +- [ ] list_routing_profile_queues - [ ] list_routing_profiles +- [ ] list_security_keys - [ ] list_security_profiles - [ ] list_tags_for_resource +- [ ] list_use_cases - [ ] list_user_hierarchy_groups - [ ] list_users - [ ] resume_contact_recording - [ ] start_chat_contact - [ ] start_contact_recording - [ ] start_outbound_voice_contact +- [ ] start_task_contact - [ ] stop_contact - [ ] stop_contact_recording - [ ] suspend_contact_recording - [ ] tag_resource - [ ] untag_resource - [ ] update_contact_attributes +- [ ] update_contact_flow_content +- [ ] update_contact_flow_name +- [ ] update_instance_attribute +- [ ] update_instance_storage_config +- [ ] update_quick_connect_config +- [ ] update_quick_connect_name +- [ ] update_routing_profile_concurrency +- [ ] update_routing_profile_default_outbound_queue +- [ ] update_routing_profile_name +- [ ] update_routing_profile_queues - [ ] update_user_hierarchy +- [ ] update_user_hierarchy_group_name +- [ ] update_user_hierarchy_structure - [ ] update_user_identity_info - [ ] update_user_phone_config - [ ] update_user_routing_profile - [ ] update_user_security_profiles
+## connect-contact-lens +
+0% implemented + +- [ ] list_realtime_contact_analysis_segments +
+ ## connectparticipant
0% implemented +- [ ] complete_attachment_upload - [ ] create_participant_connection - [ ] disconnect_participant +- [ ] get_attachment - [ ] get_transcript - [ ] send_event - [ ] send_message +- [ ] start_attachment_upload
## cur @@ -2191,6 +2492,84 @@ - [ ] put_report_definition
+## customer-profiles +
+0% implemented + +- [ ] add_profile_key +- [ ] create_domain +- [ ] create_profile +- [ ] delete_domain +- [ ] delete_integration +- [ ] delete_profile +- [ ] delete_profile_key +- [ ] delete_profile_object +- [ ] delete_profile_object_type +- [ ] get_domain +- [ ] get_integration +- [ ] get_profile_object_type +- [ ] get_profile_object_type_template +- [ ] list_account_integrations +- [ ] list_domains +- [ ] list_integrations +- [ ] list_profile_object_type_templates +- [ ] list_profile_object_types +- [ ] list_profile_objects +- [ ] list_tags_for_resource +- [ ] put_integration +- [ ] put_profile_object +- [ ] put_profile_object_type +- [ ] search_profiles +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_domain +- [ ] update_profile +
+ +## databrew +
+0% implemented + +- [ ] batch_delete_recipe_version +- [ ] create_dataset +- [ ] create_profile_job +- [ ] create_project +- [ ] create_recipe +- [ ] create_recipe_job +- [ ] create_schedule +- [ ] delete_dataset +- [ ] delete_job +- [ ] delete_project +- [ ] delete_recipe_version +- [ ] delete_schedule +- [ ] describe_dataset +- [ ] describe_job +- [ ] describe_project +- [ ] describe_recipe +- [ ] describe_schedule +- [ ] list_datasets +- [ ] list_job_runs +- [ ] list_jobs +- [ ] list_projects +- [ ] list_recipe_versions +- [ ] list_recipes +- [ ] list_schedules +- [ ] list_tags_for_resource +- [ ] publish_recipe +- [ ] send_project_session_action +- [ ] start_job_run +- [ ] start_project_session +- [ ] stop_job_run +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_dataset +- [ ] update_profile_job +- [ ] update_project +- [ ] update_recipe +- [ ] update_recipe_job +- [ ] update_schedule +
+ ## dataexchange
0% implemented @@ -2246,7 +2625,7 @@ ## datasync
-19% implemented +18% implemented - [X] cancel_task_execution - [ ] create_agent @@ -2279,6 +2658,7 @@ - [ ] untag_resource - [ ] update_agent - [X] update_task +- [ ] update_task_execution
## dax @@ -2409,6 +2789,30 @@ - [ ] update_vpce_configuration
+## devops-guru +
+0% implemented + +- [ ] add_notification_channel +- [ ] describe_account_health +- [ ] describe_account_overview +- [ ] describe_anomaly +- [ ] describe_insight +- [ ] describe_resource_collection_health +- [ ] describe_service_integration +- [ ] get_resource_collection +- [ ] list_anomalies_for_insight +- [ ] list_events +- [ ] list_insights +- [ ] list_notification_channels +- [ ] list_recommendations +- [ ] put_feedback +- [ ] remove_notification_channel +- [ ] search_insights +- [ ] update_resource_collection +- [ ] update_service_integration +
+ ## directconnect
0% implemented @@ -2564,6 +2968,7 @@ - [ ] modify_replication_instance - [ ] modify_replication_subnet_group - [ ] modify_replication_task +- [ ] move_replication_task - [ ] reboot_replication_instance - [ ] refresh_schemas - [ ] reload_tables @@ -2629,6 +3034,7 @@ - [ ] accept_shared_directory - [ ] add_ip_routes +- [ ] add_region - [ ] add_tags_to_resource - [ ] cancel_schema_extension - [ ] connect_directory @@ -2653,12 +3059,15 @@ - [ ] describe_domain_controllers - [ ] describe_event_topics - [ ] describe_ldaps_settings +- [ ] describe_regions - [ ] describe_shared_directories - [ ] describe_snapshots - [ ] describe_trusts +- [ ] disable_client_authentication - [ ] disable_ldaps - [ ] disable_radius - [ ] disable_sso +- [ ] enable_client_authentication - [ ] enable_ldaps - [ ] enable_radius - [ ] enable_sso @@ -2673,6 +3082,7 @@ - [ ] register_event_topic - [ ] reject_shared_directory - [ ] remove_ip_routes +- [ ] remove_region - [ ] remove_tags_from_resource - [ ] reset_user_password - [ ] restore_from_snapshot @@ -2688,8 +3098,9 @@ ## dynamodb
-53% implemented +44% implemented +- [ ] batch_execute_statement - [X] batch_get_item - [X] batch_write_item - [ ] create_backup @@ -2702,15 +3113,23 @@ - [X] describe_continuous_backups - [ ] describe_contributor_insights - [ ] describe_endpoints +- [ ] describe_export - [ ] describe_global_table - [ ] describe_global_table_settings +- [ ] describe_kinesis_streaming_destination - [ ] describe_limits - [X] describe_table - [ ] describe_table_replica_auto_scaling - [X] describe_time_to_live +- [ ] disable_kinesis_streaming_destination +- [ ] enable_kinesis_streaming_destination +- [ ] execute_statement +- [ ] execute_transaction +- [ ] export_table_to_point_in_time - [X] get_item - [ ] list_backups - [ ] list_contributor_insights +- [ ] list_exports - [ ] list_global_tables - [X] list_tables - [X] list_tags_of_resource @@ -2757,9 +3176,10 @@ ## ec2
-28% implemented +27% implemented - [ ] accept_reserved_instances_exchange_quote +- [ ] accept_transit_gateway_multicast_domain_associations - [ ] accept_transit_gateway_peering_attachment - [ ] accept_transit_gateway_vpc_attachment - [ ] accept_vpc_endpoint_connections @@ -2773,6 +3193,7 @@ - [X] associate_address - [ ] associate_client_vpn_target_network - [X] associate_dhcp_options +- [ ] associate_enclave_certificate_iam_role - [X] associate_iam_instance_profile - [X] associate_route_table - [ ] associate_subnet_cidr_block @@ -2824,6 +3245,7 @@ - [X] create_nat_gateway - [X] create_network_acl - [X] create_network_acl_entry +- [ ] create_network_insights_path - [X] create_network_interface - [ ] create_network_interface_permission - [ ] create_placement_group @@ -2841,6 +3263,8 @@ - [ ] create_traffic_mirror_session - [ ] create_traffic_mirror_target - [ ] create_transit_gateway +- [ ] create_transit_gateway_connect +- [ ] create_transit_gateway_connect_peer - [ ] create_transit_gateway_multicast_domain - [ ] create_transit_gateway_peering_attachment - [ ] create_transit_gateway_prefix_list_reference @@ -2875,6 +3299,8 @@ - [X] delete_nat_gateway - [X] delete_network_acl - [X] delete_network_acl_entry +- [ ] delete_network_insights_analysis +- [ ] delete_network_insights_path - [X] delete_network_interface - [ ] delete_network_interface_permission - [ ] delete_placement_group @@ -2891,6 +3317,8 @@ - [ ] delete_traffic_mirror_session - [ ] delete_traffic_mirror_target - [ ] delete_transit_gateway +- [ ] delete_transit_gateway_connect +- [ ] delete_transit_gateway_connect_peer - [ ] delete_transit_gateway_multicast_domain - [ ] delete_transit_gateway_peering_attachment - [ ] delete_transit_gateway_prefix_list_reference @@ -2972,6 +3400,8 @@ - [ ] describe_moving_addresses - [ ] describe_nat_gateways - [X] describe_network_acls +- [ ] describe_network_insights_analyses +- [ ] describe_network_insights_paths - [ ] describe_network_interface_attribute - [ ] describe_network_interface_permissions - [X] describe_network_interfaces @@ -3004,6 +3434,8 @@ - [ ] describe_traffic_mirror_sessions - [ ] describe_traffic_mirror_targets - [ ] describe_transit_gateway_attachments +- [ ] describe_transit_gateway_connect_peers +- [ ] describe_transit_gateway_connects - [ ] describe_transit_gateway_multicast_domains - [ ] describe_transit_gateway_peering_attachments - [ ] describe_transit_gateway_route_tables @@ -3039,6 +3471,7 @@ - [X] disable_vpc_classic_link_dns_support - [X] disassociate_address - [ ] disassociate_client_vpn_target_network +- [ ] disassociate_enclave_certificate_iam_role - [X] disassociate_iam_instance_profile - [X] disassociate_route_table - [ ] disassociate_subnet_cidr_block @@ -3056,6 +3489,7 @@ - [ ] export_client_vpn_client_configuration - [ ] export_image - [ ] export_transit_gateway_routes +- [ ] get_associated_enclave_certificate_iam_roles - [ ] get_associated_ipv6_pool_cidrs - [ ] get_capacity_reservation_usage - [ ] get_coip_pool_usage @@ -3136,6 +3570,7 @@ - [ ] register_instance_event_notification_attributes - [ ] register_transit_gateway_multicast_group_members - [ ] register_transit_gateway_multicast_group_sources +- [ ] reject_transit_gateway_multicast_domain_associations - [ ] reject_transit_gateway_peering_attachment - [ ] reject_transit_gateway_vpc_attachment - [ ] reject_vpc_endpoint_connections @@ -3169,6 +3604,7 @@ - [ ] search_transit_gateway_routes - [ ] send_diagnostic_interrupt - [X] start_instances +- [ ] start_network_insights_analysis - [ ] start_vpc_endpoint_service_private_dns_verification - [X] stop_instances - [ ] terminate_client_vpn_connections @@ -3190,7 +3626,7 @@ ## ecr
-27% implemented +23% implemented - [ ] batch_check_layer_availability - [X] batch_delete_image @@ -3198,15 +3634,18 @@ - [ ] complete_layer_upload - [X] create_repository - [ ] delete_lifecycle_policy +- [ ] delete_registry_policy - [X] delete_repository - [ ] delete_repository_policy - [ ] describe_image_scan_findings - [X] describe_images +- [ ] describe_registry - [X] describe_repositories - [ ] get_authorization_token - [ ] get_download_url_for_layer - [ ] get_lifecycle_policy - [ ] get_lifecycle_policy_preview +- [ ] get_registry_policy - [ ] get_repository_policy - [ ] initiate_layer_upload - [X] list_images @@ -3215,6 +3654,8 @@ - [ ] put_image_scanning_configuration - [ ] put_image_tag_mutability - [ ] put_lifecycle_policy +- [ ] put_registry_policy +- [ ] put_replication_configuration - [ ] set_repository_policy - [ ] start_image_scan - [ ] start_lifecycle_policy_preview @@ -3223,9 +3664,35 @@ - [ ] upload_layer_part
+## ecr-public +
+0% implemented + +- [ ] batch_check_layer_availability +- [ ] batch_delete_image +- [ ] complete_layer_upload +- [ ] create_repository +- [ ] delete_repository +- [ ] delete_repository_policy +- [ ] describe_image_tags +- [ ] describe_images +- [ ] describe_registries +- [ ] describe_repositories +- [ ] get_authorization_token +- [ ] get_registry_catalog_data +- [ ] get_repository_catalog_data +- [ ] get_repository_policy +- [ ] initiate_layer_upload +- [ ] put_image +- [ ] put_registry_catalog_data +- [ ] put_repository_catalog_data +- [ ] set_repository_policy +- [ ] upload_layer_part +
+ ## ecs
-71% implemented +70% implemented - [ ] create_capacity_provider - [X] create_cluster @@ -3270,6 +3737,7 @@ - [ ] submit_task_state_change - [X] tag_resource - [X] untag_resource +- [ ] update_capacity_provider - [ ] update_cluster_settings - [ ] update_container_agent - [X] update_container_instances_state @@ -3313,16 +3781,21 @@
0% implemented +- [ ] create_addon - [ ] create_cluster - [ ] create_fargate_profile - [ ] create_nodegroup +- [ ] delete_addon - [ ] delete_cluster - [ ] delete_fargate_profile - [ ] delete_nodegroup +- [ ] describe_addon +- [ ] describe_addon_versions - [ ] describe_cluster - [ ] describe_fargate_profile - [ ] describe_nodegroup - [ ] describe_update +- [ ] list_addons - [ ] list_clusters - [ ] list_fargate_profiles - [ ] list_nodegroups @@ -3330,6 +3803,7 @@ - [ ] list_updates - [ ] tag_resource - [ ] untag_resource +- [ ] update_addon - [ ] update_cluster_config - [ ] update_cluster_version - [ ] update_nodegroup_config @@ -3365,6 +3839,8 @@ - [ ] create_global_replication_group - [ ] create_replication_group - [ ] create_snapshot +- [ ] create_user +- [ ] create_user_group - [ ] decrease_node_groups_in_global_replication_group - [ ] decrease_replica_count - [ ] delete_cache_cluster @@ -3374,6 +3850,8 @@ - [ ] delete_global_replication_group - [ ] delete_replication_group - [ ] delete_snapshot +- [ ] delete_user +- [ ] delete_user_group - [ ] describe_cache_clusters - [ ] describe_cache_engine_versions - [ ] describe_cache_parameter_groups @@ -3389,6 +3867,8 @@ - [ ] describe_service_updates - [ ] describe_snapshots - [ ] describe_update_actions +- [ ] describe_user_groups +- [ ] describe_users - [ ] disassociate_global_replication_group - [ ] failover_global_replication_group - [ ] increase_node_groups_in_global_replication_group @@ -3401,6 +3881,8 @@ - [ ] modify_global_replication_group - [ ] modify_replication_group - [ ] modify_replication_group_shard_configuration +- [ ] modify_user +- [ ] modify_user_group - [ ] purchase_reserved_cache_nodes_offering - [ ] rebalance_slots_in_global_replication_group - [ ] reboot_cache_cluster @@ -3564,7 +4046,7 @@ ## emr
-54% implemented +43% implemented - [ ] add_instance_fleet - [X] add_instance_groups @@ -3572,14 +4054,20 @@ - [X] add_tags - [ ] cancel_steps - [X] create_security_configuration +- [ ] create_studio +- [ ] create_studio_session_mapping - [X] delete_security_configuration +- [ ] delete_studio +- [ ] delete_studio_session_mapping - [ ] describe_cluster - [X] describe_job_flows - [ ] describe_notebook_execution - [ ] describe_security_configuration - [X] describe_step +- [ ] describe_studio - [ ] get_block_public_access_configuration - [ ] get_managed_scaling_policy +- [ ] get_studio_session_mapping - [X] list_bootstrap_actions - [X] list_clusters - [ ] list_instance_fleets @@ -3588,6 +4076,8 @@ - [ ] list_notebook_executions - [ ] list_security_configurations - [X] list_steps +- [ ] list_studio_session_mappings +- [ ] list_studios - [X] modify_cluster - [ ] modify_instance_fleet - [X] modify_instance_groups @@ -3603,6 +4093,28 @@ - [ ] start_notebook_execution - [ ] stop_notebook_execution - [X] terminate_job_flows +- [ ] update_studio_session_mapping +
+ +## emr-containers +
+0% implemented + +- [ ] cancel_job_run +- [ ] create_managed_endpoint +- [ ] create_virtual_cluster +- [ ] delete_managed_endpoint +- [ ] delete_virtual_cluster +- [ ] describe_job_run +- [ ] describe_managed_endpoint +- [ ] describe_virtual_cluster +- [ ] list_job_runs +- [ ] list_managed_endpoints +- [ ] list_tags_for_resource +- [ ] list_virtual_clusters +- [ ] start_job_run +- [ ] tag_resource +- [ ] untag_resource
## es @@ -3632,6 +4144,7 @@ - [ ] describe_reserved_elasticsearch_instances - [ ] dissociate_package - [ ] get_compatible_elasticsearch_versions +- [ ] get_package_version_history - [ ] get_upgrade_history - [ ] get_upgrade_status - [ ] list_domain_names @@ -3645,30 +4158,38 @@ - [ ] remove_tags - [ ] start_elasticsearch_service_software_update - [ ] update_elasticsearch_domain_config +- [ ] update_package - [ ] upgrade_elasticsearch_domain
## events
-67% implemented +65% implemented - [ ] activate_event_source +- [ ] cancel_replay +- [X] create_archive - [X] create_event_bus - [ ] create_partner_event_source - [ ] deactivate_event_source +- [X] delete_archive - [X] delete_event_bus - [ ] delete_partner_event_source - [X] delete_rule +- [X] describe_archive - [X] describe_event_bus - [ ] describe_event_source - [ ] describe_partner_event_source +- [ ] describe_replay - [X] describe_rule - [X] disable_rule - [X] enable_rule +- [X] list_archives - [X] list_event_buses - [ ] list_event_sources - [ ] list_partner_event_source_accounts - [ ] list_partner_event_sources +- [ ] list_replays - [X] list_rule_names_by_target - [X] list_rules - [X] list_tags_for_resource @@ -3680,9 +4201,11 @@ - [X] put_targets - [X] remove_permission - [X] remove_targets +- [ ] start_replay - [X] tag_resource - [X] test_event_pattern - [X] untag_resource +- [X] update_archive
## firehose @@ -3737,7 +4260,7 @@ ## forecast
-17% implemented +15% implemented - [ ] create_dataset - [X] create_dataset_group @@ -3745,24 +4268,28 @@ - [ ] create_forecast - [ ] create_forecast_export_job - [ ] create_predictor +- [ ] create_predictor_backtest_export_job - [ ] delete_dataset - [X] delete_dataset_group - [ ] delete_dataset_import_job - [ ] delete_forecast - [ ] delete_forecast_export_job - [ ] delete_predictor +- [ ] delete_predictor_backtest_export_job - [ ] describe_dataset - [X] describe_dataset_group - [ ] describe_dataset_import_job - [ ] describe_forecast - [ ] describe_forecast_export_job - [ ] describe_predictor +- [ ] describe_predictor_backtest_export_job - [ ] get_accuracy_metrics - [X] list_dataset_groups - [ ] list_dataset_import_jobs - [ ] list_datasets - [ ] list_forecast_export_jobs - [ ] list_forecasts +- [ ] list_predictor_backtest_export_jobs - [ ] list_predictors - [ ] list_tags_for_resource - [ ] tag_resource @@ -3790,8 +4317,16 @@ - [ ] create_variable - [ ] delete_detector - [ ] delete_detector_version +- [ ] delete_entity_type - [ ] delete_event +- [ ] delete_event_type +- [ ] delete_external_model +- [ ] delete_label +- [ ] delete_model +- [ ] delete_model_version +- [ ] delete_outcome - [ ] delete_rule +- [ ] delete_variable - [ ] describe_detector - [ ] describe_model_versions - [ ] get_detector_version @@ -3832,6 +4367,7 @@
0% implemented +- [ ] associate_file_system_aliases - [ ] cancel_data_repository_task - [ ] create_backup - [ ] create_data_repository_task @@ -3841,7 +4377,9 @@ - [ ] delete_file_system - [ ] describe_backups - [ ] describe_data_repository_tasks +- [ ] describe_file_system_aliases - [ ] describe_file_systems +- [ ] disassociate_file_system_aliases - [ ] list_tags_for_resource - [ ] tag_resource - [ ] untag_resource @@ -3987,28 +4525,50 @@
0% implemented +- [ ] add_custom_routing_endpoints - [ ] advertise_byoip_cidr +- [ ] allow_custom_routing_traffic - [ ] create_accelerator +- [ ] create_custom_routing_accelerator +- [ ] create_custom_routing_endpoint_group +- [ ] create_custom_routing_listener - [ ] create_endpoint_group - [ ] create_listener - [ ] delete_accelerator +- [ ] delete_custom_routing_accelerator +- [ ] delete_custom_routing_endpoint_group +- [ ] delete_custom_routing_listener - [ ] delete_endpoint_group - [ ] delete_listener +- [ ] deny_custom_routing_traffic - [ ] deprovision_byoip_cidr - [ ] describe_accelerator - [ ] describe_accelerator_attributes +- [ ] describe_custom_routing_accelerator +- [ ] describe_custom_routing_accelerator_attributes +- [ ] describe_custom_routing_endpoint_group +- [ ] describe_custom_routing_listener - [ ] describe_endpoint_group - [ ] describe_listener - [ ] list_accelerators - [ ] list_byoip_cidrs +- [ ] list_custom_routing_accelerators +- [ ] list_custom_routing_endpoint_groups +- [ ] list_custom_routing_listeners +- [ ] list_custom_routing_port_mappings +- [ ] list_custom_routing_port_mappings_by_destination - [ ] list_endpoint_groups - [ ] list_listeners - [ ] list_tags_for_resource - [ ] provision_byoip_cidr +- [ ] remove_custom_routing_endpoints - [ ] tag_resource - [ ] untag_resource - [ ] update_accelerator - [ ] update_accelerator_attributes +- [ ] update_custom_routing_accelerator +- [ ] update_custom_routing_accelerator_attributes +- [ ] update_custom_routing_listener - [ ] update_endpoint_group - [ ] update_listener - [ ] withdraw_byoip_cidr @@ -4016,7 +4576,7 @@ ## glue
-5% implemented +4% implemented - [ ] batch_create_partition - [ ] batch_delete_connection @@ -4030,7 +4590,9 @@ - [ ] batch_get_triggers - [ ] batch_get_workflows - [ ] batch_stop_job_run +- [ ] batch_update_partition - [ ] cancel_ml_task_run +- [ ] check_schema_version_validity - [ ] create_classifier - [ ] create_connection - [ ] create_crawler @@ -4039,6 +4601,9 @@ - [ ] create_job - [ ] create_ml_transform - [ ] create_partition +- [ ] create_partition_index +- [ ] create_registry +- [ ] create_schema - [ ] create_script - [ ] create_security_configuration - [X] create_table @@ -4055,7 +4620,11 @@ - [ ] delete_job - [ ] delete_ml_transform - [ ] delete_partition +- [ ] delete_partition_index +- [ ] delete_registry - [ ] delete_resource_policy +- [ ] delete_schema +- [ ] delete_schema_versions - [ ] delete_security_configuration - [X] delete_table - [ ] delete_table_version @@ -4089,10 +4658,16 @@ - [ ] get_ml_transform - [ ] get_ml_transforms - [ ] get_partition +- [ ] get_partition_indexes - [ ] get_partitions - [ ] get_plan +- [ ] get_registry - [ ] get_resource_policies - [ ] get_resource_policy +- [ ] get_schema +- [ ] get_schema_by_definition +- [ ] get_schema_version +- [ ] get_schema_versions_diff - [ ] get_security_configuration - [ ] get_security_configurations - [X] get_table @@ -4113,11 +4688,18 @@ - [ ] list_dev_endpoints - [ ] list_jobs - [ ] list_ml_transforms +- [ ] list_registries +- [ ] list_schema_versions +- [ ] list_schemas - [ ] list_triggers - [ ] list_workflows - [ ] put_data_catalog_encryption_settings - [ ] put_resource_policy +- [ ] put_schema_version_metadata - [ ] put_workflow_run_properties +- [ ] query_schema_version_metadata +- [ ] register_schema_version +- [ ] remove_schema_version_metadata - [ ] reset_job_bookmark - [ ] resume_workflow_run - [ ] search_tables @@ -4147,6 +4729,8 @@ - [ ] update_job - [ ] update_ml_transform - [ ] update_partition +- [ ] update_registry +- [ ] update_schema - [ ] update_table - [ ] update_trigger - [ ] update_user_defined_function @@ -4211,6 +4795,7 @@ - [ ] get_service_role_for_account - [ ] get_subscription_definition - [ ] get_subscription_definition_version +- [ ] get_thing_runtime_configuration - [ ] list_bulk_deployment_detailed_reports - [ ] list_bulk_deployments - [ ] list_connector_definition_versions @@ -4247,6 +4832,33 @@ - [ ] update_logger_definition - [ ] update_resource_definition - [ ] update_subscription_definition +- [ ] update_thing_runtime_configuration +
+ +## greengrassv2 +
+0% implemented + +- [ ] cancel_deployment +- [ ] create_component_version +- [ ] create_deployment +- [ ] delete_component +- [ ] delete_core_device +- [ ] describe_component +- [ ] get_component +- [ ] get_component_version_artifact +- [ ] get_core_device +- [ ] get_deployment +- [ ] list_component_versions +- [ ] list_components +- [ ] list_core_devices +- [ ] list_deployments +- [ ] list_effective_deployments +- [ ] list_installed_components +- [ ] list_tags_for_resource +- [ ] resolve_component_candidates +- [ ] tag_resource +- [ ] untag_resource
## groundstation @@ -4363,17 +4975,41 @@ - [ ] enable_health_service_access_for_organization
+## healthlake +
+0% implemented + +- [ ] create_fhir_datastore +- [ ] delete_fhir_datastore +- [ ] describe_fhir_datastore +- [ ] describe_fhir_export_job +- [ ] describe_fhir_import_job +- [ ] list_fhir_datastores +- [ ] start_fhir_export_job +- [ ] start_fhir_import_job +
+ ## honeycode
0% implemented +- [ ] batch_create_table_rows +- [ ] batch_delete_table_rows +- [ ] batch_update_table_rows +- [ ] batch_upsert_table_rows +- [ ] describe_table_data_import_job - [ ] get_screen_data - [ ] invoke_screen_automation +- [ ] list_table_columns +- [ ] list_table_rows +- [ ] list_tables +- [ ] query_table_rows +- [ ] start_table_data_import_job
## iam
-72% implemented +73% implemented - [ ] add_client_id_to_open_id_connect_provider - [X] add_role_to_instance_profile @@ -4495,9 +5131,9 @@ - [ ] simulate_custom_policy - [ ] simulate_principal_policy - [X] tag_role -- [ ] tag_user +- [X] tag_user - [X] untag_role -- [ ] untag_user +- [X] untag_user - [X] update_access_key - [X] update_account_password_policy - [ ] update_assume_role_policy @@ -4533,12 +5169,14 @@ - [ ] cancel_image_creation - [ ] create_component +- [ ] create_container_recipe - [ ] create_distribution_configuration - [ ] create_image - [ ] create_image_pipeline - [ ] create_image_recipe - [ ] create_infrastructure_configuration - [ ] delete_component +- [ ] delete_container_recipe - [ ] delete_distribution_configuration - [ ] delete_image - [ ] delete_image_pipeline @@ -4546,6 +5184,8 @@ - [ ] delete_infrastructure_configuration - [ ] get_component - [ ] get_component_policy +- [ ] get_container_recipe +- [ ] get_container_recipe_policy - [ ] get_distribution_configuration - [ ] get_image - [ ] get_image_pipeline @@ -4556,6 +5196,7 @@ - [ ] import_component - [ ] list_component_build_versions - [ ] list_components +- [ ] list_container_recipes - [ ] list_distribution_configurations - [ ] list_image_build_versions - [ ] list_image_pipeline_images @@ -4565,6 +5206,7 @@ - [ ] list_infrastructure_configurations - [ ] list_tags_for_resource - [ ] put_component_policy +- [ ] put_container_recipe_policy - [ ] put_image_policy - [ ] put_image_recipe_policy - [ ] start_image_pipeline_execution @@ -4632,7 +5274,7 @@ ## iot
-30% implemented +29% implemented - [ ] accept_certificate_transfer - [ ] add_thing_to_billing_group @@ -4645,6 +5287,7 @@ - [ ] cancel_audit_mitigation_actions_task - [ ] cancel_audit_task - [ ] cancel_certificate_transfer +- [ ] cancel_detect_mitigation_actions_task - [X] cancel_job - [X] cancel_job_execution - [ ] clear_default_authorizer @@ -4653,6 +5296,7 @@ - [ ] create_authorizer - [ ] create_billing_group - [ ] create_certificate_from_csr +- [ ] create_custom_metric - [ ] create_dimension - [ ] create_domain_configuration - [ ] create_dynamic_thing_group @@ -4680,6 +5324,7 @@ - [ ] delete_billing_group - [ ] delete_ca_certificate - [X] delete_certificate +- [ ] delete_custom_metric - [ ] delete_dimension - [ ] delete_domain_configuration - [ ] delete_dynamic_thing_group @@ -4712,7 +5357,9 @@ - [ ] describe_billing_group - [ ] describe_ca_certificate - [X] describe_certificate +- [ ] describe_custom_metric - [ ] describe_default_authorizer +- [ ] describe_detect_mitigation_actions_task - [ ] describe_dimension - [ ] describe_domain_configuration - [X] describe_endpoint @@ -4737,6 +5384,7 @@ - [X] detach_thing_principal - [X] disable_topic_rule - [X] enable_topic_rule +- [ ] get_behavior_model_training_summaries - [ ] get_cardinality - [ ] get_effective_policies - [ ] get_indexing_configuration @@ -4763,6 +5411,9 @@ - [ ] list_ca_certificates - [X] list_certificates - [ ] list_certificates_by_ca +- [ ] list_custom_metrics +- [ ] list_detect_mitigation_actions_executions +- [ ] list_detect_mitigation_actions_tasks - [ ] list_dimensions - [ ] list_domain_configurations - [ ] list_indices @@ -4815,6 +5466,7 @@ - [ ] set_v2_logging_level - [ ] set_v2_logging_options - [ ] start_audit_mitigation_actions_task +- [ ] start_detect_mitigation_actions_task - [ ] start_on_demand_audit_task - [ ] start_thing_registration_task - [ ] stop_thing_registration_task @@ -4829,6 +5481,7 @@ - [ ] update_billing_group - [ ] update_ca_certificate - [X] update_certificate +- [ ] update_custom_metric - [ ] update_dimension - [ ] update_domain_configuration - [ ] update_dynamic_thing_group @@ -4950,6 +5603,25 @@ - [ ] update_pipeline
+## iotdeviceadvisor +
+0% implemented + +- [ ] create_suite_definition +- [ ] delete_suite_definition +- [ ] get_suite_definition +- [ ] get_suite_run +- [ ] get_suite_run_report +- [ ] list_suite_definitions +- [ ] list_suite_runs +- [ ] list_tags_for_resource +- [ ] list_test_cases +- [ ] start_suite_run +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_suite_definition +
+ ## iotevents
0% implemented @@ -4982,6 +5654,20 @@ - [ ] list_detectors
+## iotfleethub +
+0% implemented + +- [ ] create_application +- [ ] delete_application +- [ ] describe_application +- [ ] list_applications +- [ ] list_tags_for_resource +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_application +
+ ## iotsecuretunneling
0% implemented @@ -5022,6 +5708,7 @@ - [ ] describe_asset_model - [ ] describe_asset_property - [ ] describe_dashboard +- [ ] describe_default_encryption_configuration - [ ] describe_gateway - [ ] describe_gateway_capability_configuration - [ ] describe_logging_options @@ -5033,6 +5720,7 @@ - [ ] get_asset_property_value_history - [ ] list_access_policies - [ ] list_asset_models +- [ ] list_asset_relationships - [ ] list_assets - [ ] list_associated_assets - [ ] list_dashboards @@ -5041,6 +5729,7 @@ - [ ] list_project_assets - [ ] list_projects - [ ] list_tags_for_resource +- [ ] put_default_encryption_configuration - [ ] put_logging_options - [ ] tag_resource - [ ] untag_resource @@ -5096,6 +5785,63 @@ - [ ] upload_entity_definitions
+## iotwireless +
+0% implemented + +- [ ] associate_aws_account_with_partner_account +- [ ] associate_wireless_device_with_thing +- [ ] associate_wireless_gateway_with_certificate +- [ ] associate_wireless_gateway_with_thing +- [ ] create_destination +- [ ] create_device_profile +- [ ] create_service_profile +- [ ] create_wireless_device +- [ ] create_wireless_gateway +- [ ] create_wireless_gateway_task +- [ ] create_wireless_gateway_task_definition +- [ ] delete_destination +- [ ] delete_device_profile +- [ ] delete_service_profile +- [ ] delete_wireless_device +- [ ] delete_wireless_gateway +- [ ] delete_wireless_gateway_task +- [ ] delete_wireless_gateway_task_definition +- [ ] disassociate_aws_account_from_partner_account +- [ ] disassociate_wireless_device_from_thing +- [ ] disassociate_wireless_gateway_from_certificate +- [ ] disassociate_wireless_gateway_from_thing +- [ ] get_destination +- [ ] get_device_profile +- [ ] get_partner_account +- [ ] get_service_endpoint +- [ ] get_service_profile +- [ ] get_wireless_device +- [ ] get_wireless_device_statistics +- [ ] get_wireless_gateway +- [ ] get_wireless_gateway_certificate +- [ ] get_wireless_gateway_firmware_information +- [ ] get_wireless_gateway_statistics +- [ ] get_wireless_gateway_task +- [ ] get_wireless_gateway_task_definition +- [ ] list_destinations +- [ ] list_device_profiles +- [ ] list_partner_accounts +- [ ] list_service_profiles +- [ ] list_tags_for_resource +- [ ] list_wireless_devices +- [ ] list_wireless_gateway_task_definitions +- [ ] list_wireless_gateways +- [ ] send_data_to_wireless_device +- [ ] tag_resource +- [ ] test_wireless_device +- [ ] untag_resource +- [ ] update_destination +- [ ] update_partner_account +- [ ] update_wireless_device +- [ ] update_wireless_gateway +
+ ## ivs
0% implemented @@ -5128,6 +5874,8 @@
0% implemented +- [ ] batch_associate_scram_secret +- [ ] batch_disassociate_scram_secret - [ ] create_cluster - [ ] create_configuration - [ ] delete_cluster @@ -5144,6 +5892,7 @@ - [ ] list_configurations - [ ] list_kafka_versions - [ ] list_nodes +- [ ] list_scram_secrets - [ ] list_tags_for_resource - [ ] reboot_broker - [ ] tag_resource @@ -5165,17 +5914,21 @@ - [ ] create_data_source - [ ] create_faq - [ ] create_index +- [ ] create_thesaurus - [ ] delete_data_source - [ ] delete_faq - [ ] delete_index +- [ ] delete_thesaurus - [ ] describe_data_source - [ ] describe_faq - [ ] describe_index +- [ ] describe_thesaurus - [ ] list_data_source_sync_jobs - [ ] list_data_sources - [ ] list_faqs - [ ] list_indices - [ ] list_tags_for_resource +- [ ] list_thesauri - [ ] query - [ ] start_data_source_sync_job - [ ] stop_data_source_sync_job @@ -5184,6 +5937,7 @@ - [ ] untag_resource - [ ] update_data_source - [ ] update_index +- [ ] update_thesaurus
## kinesis @@ -5283,6 +6037,7 @@ - [ ] add_application_reference_data_source - [ ] add_application_vpc_configuration - [ ] create_application +- [ ] create_application_presigned_url - [ ] create_application_snapshot - [ ] delete_application - [ ] delete_application_cloud_watch_logging_option @@ -5402,24 +6157,29 @@ ## lambda
-48% implemented +41% implemented - [ ] add_layer_version_permission - [X] add_permission - [ ] create_alias +- [ ] create_code_signing_config - [X] create_event_source_mapping - [X] create_function - [ ] delete_alias +- [ ] delete_code_signing_config - [X] delete_event_source_mapping - [X] delete_function +- [ ] delete_function_code_signing_config - [X] delete_function_concurrency - [ ] delete_function_event_invoke_config - [ ] delete_layer_version - [ ] delete_provisioned_concurrency_config - [ ] get_account_settings - [ ] get_alias +- [ ] get_code_signing_config - [X] get_event_source_mapping - [X] get_function +- [ ] get_function_code_signing_config - [X] get_function_concurrency - [ ] get_function_configuration - [ ] get_function_event_invoke_config @@ -5431,9 +6191,11 @@ - [X] invoke - [ ] invoke_async - [ ] list_aliases +- [ ] list_code_signing_configs - [X] list_event_source_mappings - [ ] list_function_event_invoke_configs - [X] list_functions +- [ ] list_functions_by_code_signing_config - [ ] list_layer_versions - [X] list_layers - [ ] list_provisioned_concurrency_configs @@ -5441,6 +6203,7 @@ - [X] list_versions_by_function - [X] publish_layer_version - [ ] publish_version +- [ ] put_function_code_signing_config - [X] put_function_concurrency - [ ] put_function_event_invoke_config - [ ] put_provisioned_concurrency_config @@ -5449,6 +6212,7 @@ - [X] tag_resource - [X] untag_resource - [ ] update_alias +- [ ] update_code_signing_config - [X] update_event_source_mapping - [X] update_function_code - [X] update_function_configuration @@ -5515,17 +6279,41 @@
0% implemented +- [ ] accept_grant +- [ ] check_in_license +- [ ] checkout_borrow_license +- [ ] checkout_license +- [ ] create_grant +- [ ] create_grant_version +- [ ] create_license - [ ] create_license_configuration +- [ ] create_license_version +- [ ] create_token +- [ ] delete_grant +- [ ] delete_license - [ ] delete_license_configuration +- [ ] delete_token +- [ ] extend_license_consumption +- [ ] get_access_token +- [ ] get_grant +- [ ] get_license - [ ] get_license_configuration +- [ ] get_license_usage - [ ] get_service_settings - [ ] list_associations_for_license_configuration +- [ ] list_distributed_grants - [ ] list_failures_for_license_configuration_operations - [ ] list_license_configurations - [ ] list_license_specifications_for_resource +- [ ] list_license_versions +- [ ] list_licenses +- [ ] list_received_grants +- [ ] list_received_licenses - [ ] list_resource_inventory - [ ] list_tags_for_resource +- [ ] list_tokens - [ ] list_usage_for_license_configuration +- [ ] reject_grant - [ ] tag_resource - [ ] untag_resource - [ ] update_license_configuration @@ -5548,6 +6336,9 @@ - [ ] create_certificate - [ ] create_cloud_formation_stack - [ ] create_contact_method +- [ ] create_container_service +- [ ] create_container_service_deployment +- [ ] create_container_service_registry_login - [ ] create_disk - [ ] create_disk_from_snapshot - [ ] create_disk_snapshot @@ -5567,6 +6358,8 @@ - [ ] delete_auto_snapshot - [ ] delete_certificate - [ ] delete_contact_method +- [ ] delete_container_image +- [ ] delete_container_service - [ ] delete_disk - [ ] delete_disk_snapshot - [ ] delete_distribution @@ -5596,6 +6389,13 @@ - [ ] get_certificates - [ ] get_cloud_formation_stack_records - [ ] get_contact_methods +- [ ] get_container_api_metadata +- [ ] get_container_images +- [ ] get_container_log +- [ ] get_container_service_deployments +- [ ] get_container_service_metric_data +- [ ] get_container_service_powers +- [ ] get_container_services - [ ] get_disk - [ ] get_disk_snapshot - [ ] get_disk_snapshots @@ -5647,6 +6447,7 @@ - [ ] put_instance_public_ports - [ ] reboot_instance - [ ] reboot_relational_database +- [ ] register_container_image - [ ] release_static_ip - [ ] reset_distribution_cache - [ ] send_contact_method_verification @@ -5658,6 +6459,7 @@ - [ ] test_alarm - [ ] unpeer_vpc - [ ] untag_resource +- [ ] update_container_service - [ ] update_distribution - [ ] update_distribution_bundle - [ ] update_domain_entry @@ -5666,6 +6468,47 @@ - [ ] update_relational_database_parameters
+## location +
+0% implemented + +- [ ] associate_tracker_consumer +- [ ] batch_delete_geofence +- [ ] batch_evaluate_geofences +- [ ] batch_get_device_position +- [ ] batch_put_geofence +- [ ] batch_update_device_position +- [ ] create_geofence_collection +- [ ] create_map +- [ ] create_place_index +- [ ] create_tracker +- [ ] delete_geofence_collection +- [ ] delete_map +- [ ] delete_place_index +- [ ] delete_tracker +- [ ] describe_geofence_collection +- [ ] describe_map +- [ ] describe_place_index +- [ ] describe_tracker +- [ ] disassociate_tracker_consumer +- [ ] get_device_position +- [ ] get_device_position_history +- [ ] get_geofence +- [ ] get_map_glyphs +- [ ] get_map_sprites +- [ ] get_map_style_descriptor +- [ ] get_map_tile +- [ ] list_geofence_collections +- [ ] list_geofences +- [ ] list_maps +- [ ] list_place_indexes +- [ ] list_tracker_consumers +- [ ] list_trackers +- [ ] put_geofence +- [ ] search_place_index_for_position +- [ ] search_place_index_for_text +
+ ## logs
40% implemented @@ -5714,6 +6557,28 @@ - [X] untag_log_group
+## lookoutvision +
+0% implemented + +- [ ] create_dataset +- [ ] create_model +- [ ] create_project +- [ ] delete_dataset +- [ ] delete_model +- [ ] delete_project +- [ ] describe_dataset +- [ ] describe_model +- [ ] describe_project +- [ ] detect_anomalies +- [ ] list_dataset_entries +- [ ] list_models +- [ ] list_projects +- [ ] start_model +- [ ] stop_model +- [ ] update_dataset_entries +
+ ## machinelearning
0% implemented @@ -5881,10 +6746,15 @@ - [ ] create_flow - [ ] delete_flow - [ ] describe_flow +- [ ] describe_offering +- [ ] describe_reservation - [ ] grant_flow_entitlements - [ ] list_entitlements - [ ] list_flows +- [ ] list_offerings +- [ ] list_reservations - [ ] list_tags_for_resource +- [ ] purchase_offering - [ ] remove_flow_output - [ ] remove_flow_source - [ ] remove_flow_vpc_interface @@ -5932,9 +6802,14 @@ ## medialive
-25% implemented +21% implemented +- [ ] accept_input_device_transfer +- [ ] batch_delete +- [ ] batch_start +- [ ] batch_stop - [ ] batch_update_schedule +- [ ] cancel_input_device_transfer - [X] create_channel - [X] create_input - [ ] create_input_security_group @@ -5960,6 +6835,7 @@ - [ ] describe_reservation - [ ] describe_schedule - [X] list_channels +- [ ] list_input_device_transfers - [ ] list_input_devices - [ ] list_input_security_groups - [X] list_inputs @@ -5969,10 +6845,12 @@ - [ ] list_reservations - [ ] list_tags_for_resource - [ ] purchase_offering +- [ ] reject_input_device_transfer - [X] start_channel - [ ] start_multiplex - [X] stop_channel - [ ] stop_multiplex +- [ ] transfer_input_device - [X] update_channel - [ ] update_channel_class - [X] update_input @@ -5987,6 +6865,7 @@
0% implemented +- [ ] configure_logs - [ ] create_channel - [ ] create_harvest_job - [ ] create_origin_endpoint @@ -6210,6 +7089,23 @@ - [ ] update_qualification_type
+## mwaa +
+0% implemented + +- [ ] create_cli_token +- [ ] create_environment +- [ ] create_web_login_token +- [ ] delete_environment +- [ ] get_environment +- [ ] list_environments +- [ ] list_tags_for_resource +- [ ] publish_metrics +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_environment +
+ ## neptune
0% implemented @@ -6222,6 +7118,7 @@ - [ ] copy_db_cluster_snapshot - [ ] copy_db_parameter_group - [ ] create_db_cluster +- [ ] create_db_cluster_endpoint - [ ] create_db_cluster_parameter_group - [ ] create_db_cluster_snapshot - [ ] create_db_instance @@ -6229,12 +7126,14 @@ - [ ] create_db_subnet_group - [ ] create_event_subscription - [ ] delete_db_cluster +- [ ] delete_db_cluster_endpoint - [ ] delete_db_cluster_parameter_group - [ ] delete_db_cluster_snapshot - [ ] delete_db_instance - [ ] delete_db_parameter_group - [ ] delete_db_subnet_group - [ ] delete_event_subscription +- [ ] describe_db_cluster_endpoints - [ ] describe_db_cluster_parameter_groups - [ ] describe_db_cluster_parameters - [ ] describe_db_cluster_snapshot_attributes @@ -6256,6 +7155,7 @@ - [ ] failover_db_cluster - [ ] list_tags_for_resource - [ ] modify_db_cluster +- [ ] modify_db_cluster_endpoint - [ ] modify_db_cluster_parameter_group - [ ] modify_db_cluster_snapshot_attribute - [ ] modify_db_instance @@ -6275,16 +7175,54 @@ - [ ] stop_db_cluster
+## network-firewall +
+0% implemented + +- [ ] associate_firewall_policy +- [ ] associate_subnets +- [ ] create_firewall +- [ ] create_firewall_policy +- [ ] create_rule_group +- [ ] delete_firewall +- [ ] delete_firewall_policy +- [ ] delete_resource_policy +- [ ] delete_rule_group +- [ ] describe_firewall +- [ ] describe_firewall_policy +- [ ] describe_logging_configuration +- [ ] describe_resource_policy +- [ ] describe_rule_group +- [ ] disassociate_subnets +- [ ] list_firewall_policies +- [ ] list_firewalls +- [ ] list_rule_groups +- [ ] list_tags_for_resource +- [ ] put_resource_policy +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_firewall_delete_protection +- [ ] update_firewall_description +- [ ] update_firewall_policy +- [ ] update_firewall_policy_change_protection +- [ ] update_logging_configuration +- [ ] update_rule_group +- [ ] update_subnet_change_protection +
+ ## networkmanager
0% implemented - [ ] associate_customer_gateway - [ ] associate_link +- [ ] associate_transit_gateway_connect_peer +- [ ] create_connection - [ ] create_device - [ ] create_global_network - [ ] create_link - [ ] create_site +- [ ] delete_connection - [ ] delete_device - [ ] delete_global_network - [ ] delete_link @@ -6293,16 +7231,20 @@ - [ ] describe_global_networks - [ ] disassociate_customer_gateway - [ ] disassociate_link +- [ ] disassociate_transit_gateway_connect_peer +- [ ] get_connections - [ ] get_customer_gateway_associations - [ ] get_devices - [ ] get_link_associations - [ ] get_links - [ ] get_sites +- [ ] get_transit_gateway_connect_peer_associations - [ ] get_transit_gateway_registrations - [ ] list_tags_for_resource - [ ] register_transit_gateway - [ ] tag_resource - [ ] untag_resource +- [ ] update_connection - [ ] update_device - [ ] update_global_network - [ ] update_link @@ -6482,6 +7424,9 @@ - [ ] get_outpost_instance_types - [ ] list_outposts - [ ] list_sites +- [ ] list_tags_for_resource +- [ ] tag_resource +- [ ] untag_resource
## personalize @@ -6538,6 +7483,8 @@ 0% implemented - [ ] put_events +- [ ] put_items +- [ ] put_users
## personalize-runtime @@ -7056,10 +8003,12 @@ - [ ] start_activity_stream - [ ] start_db_cluster - [ ] start_db_instance +- [ ] start_db_instance_automated_backups_replication - [ ] start_export_task - [ ] stop_activity_stream - [ ] stop_db_cluster - [ ] stop_db_instance +- [ ] stop_db_instance_automated_backups_replication
## rds-data @@ -7172,6 +8121,21 @@ - [ ] rotate_encryption_key
+## redshift-data +
+0% implemented + +- [ ] cancel_statement +- [ ] describe_statement +- [ ] describe_table +- [ ] execute_statement +- [ ] get_statement_result +- [ ] list_databases +- [ ] list_schemas +- [ ] list_statements +- [ ] list_tables +
+ ## rekognition
0% implemented @@ -7194,6 +8158,7 @@ - [ ] detect_faces - [ ] detect_labels - [ ] detect_moderation_labels +- [ ] detect_protective_equipment - [ ] detect_text - [ ] get_celebrity_info - [ ] get_celebrity_recognition @@ -7227,7 +8192,7 @@ ## resource-groups
-60% implemented +56% implemented - [X] create_group - [X] delete_group @@ -7238,6 +8203,7 @@ - [ ] group_resources - [ ] list_group_resources - [X] list_groups +- [ ] put_group_configuration - [ ] search_resources - [X] tag - [ ] ungroup_resources @@ -7325,30 +8291,37 @@ ## route53
-12% implemented +10% implemented +- [ ] activate_key_signing_key - [ ] associate_vpc_with_hosted_zone - [ ] change_resource_record_sets - [X] change_tags_for_resource - [X] create_health_check - [X] create_hosted_zone +- [ ] create_key_signing_key - [ ] create_query_logging_config - [ ] create_reusable_delegation_set - [ ] create_traffic_policy - [ ] create_traffic_policy_instance - [ ] create_traffic_policy_version - [ ] create_vpc_association_authorization +- [ ] deactivate_key_signing_key - [X] delete_health_check - [X] delete_hosted_zone +- [ ] delete_key_signing_key - [ ] delete_query_logging_config - [ ] delete_reusable_delegation_set - [ ] delete_traffic_policy - [ ] delete_traffic_policy_instance - [ ] delete_vpc_association_authorization +- [ ] disable_hosted_zone_dnssec - [ ] disassociate_vpc_from_hosted_zone +- [ ] enable_hosted_zone_dnssec - [ ] get_account_limit - [ ] get_change - [ ] get_checker_ip_ranges +- [ ] get_dnssec - [ ] get_geo_location - [ ] get_health_check - [ ] get_health_check_count @@ -7436,6 +8409,7 @@ - [ ] disassociate_resolver_endpoint_ip_address - [ ] disassociate_resolver_query_log_config - [ ] disassociate_resolver_rule +- [ ] get_resolver_dnssec_config - [ ] get_resolver_endpoint - [ ] get_resolver_query_log_config - [ ] get_resolver_query_log_config_association @@ -7443,6 +8417,7 @@ - [ ] get_resolver_rule - [ ] get_resolver_rule_association - [ ] get_resolver_rule_policy +- [ ] list_resolver_dnssec_configs - [ ] list_resolver_endpoint_ip_addresses - [ ] list_resolver_endpoints - [ ] list_resolver_query_log_config_associations @@ -7454,13 +8429,14 @@ - [ ] put_resolver_rule_policy - [ ] tag_resource - [ ] untag_resource +- [ ] update_resolver_dnssec_config - [ ] update_resolver_endpoint - [ ] update_resolver_rule
## s3
-26% implemented +24% implemented - [ ] abort_multipart_upload - [ ] complete_multipart_upload @@ -7471,9 +8447,11 @@ - [ ] delete_bucket_analytics_configuration - [X] delete_bucket_cors - [X] delete_bucket_encryption +- [ ] delete_bucket_intelligent_tiering_configuration - [ ] delete_bucket_inventory_configuration - [ ] delete_bucket_lifecycle - [ ] delete_bucket_metrics_configuration +- [ ] delete_bucket_ownership_controls - [X] delete_bucket_policy - [ ] delete_bucket_replication - [X] delete_bucket_tagging @@ -7487,6 +8465,7 @@ - [ ] get_bucket_analytics_configuration - [X] get_bucket_cors - [X] get_bucket_encryption +- [ ] get_bucket_intelligent_tiering_configuration - [ ] get_bucket_inventory_configuration - [ ] get_bucket_lifecycle - [ ] get_bucket_lifecycle_configuration @@ -7495,6 +8474,7 @@ - [ ] get_bucket_metrics_configuration - [ ] get_bucket_notification - [X] get_bucket_notification_configuration +- [ ] get_bucket_ownership_controls - [X] get_bucket_policy - [ ] get_bucket_policy_status - [ ] get_bucket_replication @@ -7513,6 +8493,7 @@ - [ ] head_bucket - [ ] head_object - [ ] list_bucket_analytics_configurations +- [ ] list_bucket_intelligent_tiering_configurations - [ ] list_bucket_inventory_configurations - [ ] list_bucket_metrics_configurations - [ ] list_buckets @@ -7526,6 +8507,7 @@ - [ ] put_bucket_analytics_configuration - [X] put_bucket_cors - [X] put_bucket_encryption +- [ ] put_bucket_intelligent_tiering_configuration - [ ] put_bucket_inventory_configuration - [ ] put_bucket_lifecycle - [ ] put_bucket_lifecycle_configuration @@ -7533,6 +8515,7 @@ - [ ] put_bucket_metrics_configuration - [ ] put_bucket_notification - [X] put_bucket_notification_configuration +- [ ] put_bucket_ownership_controls - [ ] put_bucket_policy - [ ] put_bucket_replication - [ ] put_bucket_request_payment @@ -7557,53 +8540,99 @@ 0% implemented - [ ] create_access_point +- [ ] create_bucket - [ ] create_job - [ ] delete_access_point - [ ] delete_access_point_policy +- [ ] delete_bucket +- [ ] delete_bucket_lifecycle_configuration +- [ ] delete_bucket_policy +- [ ] delete_bucket_tagging - [ ] delete_job_tagging - [ ] delete_public_access_block +- [ ] delete_storage_lens_configuration +- [ ] delete_storage_lens_configuration_tagging - [ ] describe_job - [ ] get_access_point - [ ] get_access_point_policy - [ ] get_access_point_policy_status +- [ ] get_bucket +- [ ] get_bucket_lifecycle_configuration +- [ ] get_bucket_policy +- [ ] get_bucket_tagging - [ ] get_job_tagging - [ ] get_public_access_block +- [ ] get_storage_lens_configuration +- [ ] get_storage_lens_configuration_tagging - [ ] list_access_points - [ ] list_jobs +- [ ] list_regional_buckets +- [ ] list_storage_lens_configurations - [ ] put_access_point_policy +- [ ] put_bucket_lifecycle_configuration +- [ ] put_bucket_policy +- [ ] put_bucket_tagging - [ ] put_job_tagging - [ ] put_public_access_block +- [ ] put_storage_lens_configuration +- [ ] put_storage_lens_configuration_tagging - [ ] update_job_priority - [ ] update_job_status
+## s3outposts +
+0% implemented + +- [ ] create_endpoint +- [ ] delete_endpoint +- [ ] list_endpoints +
+ ## sagemaker
-13% implemented +8% implemented +- [ ] add_association - [ ] add_tags - [ ] associate_trial_component +- [ ] create_action - [ ] create_algorithm - [ ] create_app +- [ ] create_app_image_config +- [ ] create_artifact - [ ] create_auto_ml_job - [ ] create_code_repository - [ ] create_compilation_job +- [ ] create_context +- [ ] create_data_quality_job_definition +- [ ] create_device_fleet - [ ] create_domain +- [ ] create_edge_packaging_job - [X] create_endpoint - [X] create_endpoint_config - [ ] create_experiment +- [ ] create_feature_group - [ ] create_flow_definition - [ ] create_human_task_ui - [ ] create_hyper_parameter_tuning_job +- [ ] create_image +- [ ] create_image_version - [ ] create_labeling_job - [X] create_model +- [ ] create_model_bias_job_definition +- [ ] create_model_explainability_job_definition - [ ] create_model_package +- [ ] create_model_package_group +- [ ] create_model_quality_job_definition - [ ] create_monitoring_schedule - [X] create_notebook_instance - [X] create_notebook_instance_lifecycle_config +- [ ] create_pipeline - [ ] create_presigned_domain_url - [ ] create_presigned_notebook_instance_url - [ ] create_processing_job +- [ ] create_project - [X] create_training_job - [ ] create_transform_job - [ ] create_trial @@ -7611,45 +8640,82 @@ - [ ] create_user_profile - [ ] create_workforce - [ ] create_workteam +- [ ] delete_action - [ ] delete_algorithm - [ ] delete_app +- [ ] delete_app_image_config +- [ ] delete_artifact +- [ ] delete_association - [ ] delete_code_repository +- [ ] delete_context +- [ ] delete_data_quality_job_definition +- [ ] delete_device_fleet - [ ] delete_domain - [X] delete_endpoint - [X] delete_endpoint_config - [ ] delete_experiment +- [ ] delete_feature_group - [ ] delete_flow_definition - [ ] delete_human_task_ui +- [ ] delete_image +- [ ] delete_image_version - [X] delete_model +- [ ] delete_model_bias_job_definition +- [ ] delete_model_explainability_job_definition - [ ] delete_model_package +- [ ] delete_model_package_group +- [ ] delete_model_package_group_policy +- [ ] delete_model_quality_job_definition - [ ] delete_monitoring_schedule - [X] delete_notebook_instance - [X] delete_notebook_instance_lifecycle_config +- [ ] delete_pipeline +- [ ] delete_project - [ ] delete_tags - [ ] delete_trial - [ ] delete_trial_component - [ ] delete_user_profile - [ ] delete_workforce - [ ] delete_workteam +- [ ] deregister_devices +- [ ] describe_action - [ ] describe_algorithm - [ ] describe_app +- [ ] describe_app_image_config +- [ ] describe_artifact - [ ] describe_auto_ml_job - [ ] describe_code_repository - [ ] describe_compilation_job +- [ ] describe_context +- [ ] describe_data_quality_job_definition +- [ ] describe_device +- [ ] describe_device_fleet - [ ] describe_domain +- [ ] describe_edge_packaging_job - [X] describe_endpoint - [X] describe_endpoint_config - [ ] describe_experiment +- [ ] describe_feature_group - [ ] describe_flow_definition - [ ] describe_human_task_ui - [ ] describe_hyper_parameter_tuning_job +- [ ] describe_image +- [ ] describe_image_version - [ ] describe_labeling_job - [X] describe_model +- [ ] describe_model_bias_job_definition +- [ ] describe_model_explainability_job_definition - [ ] describe_model_package +- [ ] describe_model_package_group +- [ ] describe_model_quality_job_definition - [ ] describe_monitoring_schedule - [ ] describe_notebook_instance - [X] describe_notebook_instance_lifecycle_config +- [ ] describe_pipeline +- [ ] describe_pipeline_definition_for_execution +- [ ] describe_pipeline_execution - [ ] describe_processing_job +- [ ] describe_project - [ ] describe_subscribed_workteam - [X] describe_training_job - [ ] describe_transform_job @@ -7658,30 +8724,56 @@ - [ ] describe_user_profile - [ ] describe_workforce - [ ] describe_workteam +- [ ] disable_sagemaker_servicecatalog_portfolio - [ ] disassociate_trial_component +- [ ] enable_sagemaker_servicecatalog_portfolio +- [ ] get_device_fleet_report +- [ ] get_model_package_group_policy +- [ ] get_sagemaker_servicecatalog_portfolio_status - [ ] get_search_suggestions +- [ ] list_actions - [ ] list_algorithms +- [ ] list_app_image_configs - [ ] list_apps +- [ ] list_artifacts +- [ ] list_associations - [ ] list_auto_ml_jobs - [ ] list_candidates_for_auto_ml_job - [ ] list_code_repositories - [ ] list_compilation_jobs +- [ ] list_contexts +- [ ] list_data_quality_job_definitions +- [ ] list_device_fleets +- [ ] list_devices - [ ] list_domains +- [ ] list_edge_packaging_jobs - [ ] list_endpoint_configs - [ ] list_endpoints - [ ] list_experiments +- [ ] list_feature_groups - [ ] list_flow_definitions - [ ] list_human_task_uis - [ ] list_hyper_parameter_tuning_jobs +- [ ] list_image_versions +- [ ] list_images - [ ] list_labeling_jobs - [ ] list_labeling_jobs_for_workteam +- [ ] list_model_bias_job_definitions +- [ ] list_model_explainability_job_definitions +- [ ] list_model_package_groups - [ ] list_model_packages +- [ ] list_model_quality_job_definitions - [X] list_models - [ ] list_monitoring_executions - [ ] list_monitoring_schedules - [ ] list_notebook_instance_lifecycle_configs - [ ] list_notebook_instances +- [ ] list_pipeline_execution_steps +- [ ] list_pipeline_executions +- [ ] list_pipeline_parameters_for_execution +- [ ] list_pipelines - [ ] list_processing_jobs +- [ ] list_projects - [ ] list_subscribed_workteams - [ ] list_tags - [ ] list_training_jobs @@ -7692,27 +8784,43 @@ - [ ] list_user_profiles - [ ] list_workforces - [ ] list_workteams +- [ ] put_model_package_group_policy +- [ ] register_devices - [ ] render_ui_template - [ ] search - [ ] start_monitoring_schedule - [X] start_notebook_instance +- [ ] start_pipeline_execution - [ ] stop_auto_ml_job - [ ] stop_compilation_job +- [ ] stop_edge_packaging_job - [ ] stop_hyper_parameter_tuning_job - [ ] stop_labeling_job - [ ] stop_monitoring_schedule - [X] stop_notebook_instance +- [ ] stop_pipeline_execution - [ ] stop_processing_job - [ ] stop_training_job - [ ] stop_transform_job +- [ ] update_action +- [ ] update_app_image_config +- [ ] update_artifact - [ ] update_code_repository +- [ ] update_context +- [ ] update_device_fleet +- [ ] update_devices - [ ] update_domain - [ ] update_endpoint - [ ] update_endpoint_weights_and_capacities - [ ] update_experiment +- [ ] update_image +- [ ] update_model_package - [ ] update_monitoring_schedule - [ ] update_notebook_instance - [ ] update_notebook_instance_lifecycle_config +- [ ] update_pipeline +- [ ] update_pipeline_execution +- [ ] update_training_job - [ ] update_trial - [ ] update_trial_component - [ ] update_user_profile @@ -7731,6 +8839,23 @@ - [ ] stop_human_loop
+## sagemaker-edge +
+0% implemented + +- [ ] get_device_registration +- [ ] send_heartbeat +
+ +## sagemaker-featurestore-runtime +
+0% implemented + +- [ ] delete_record +- [ ] get_record +- [ ] put_record +
+ ## sagemaker-runtime
0% implemented @@ -7743,6 +8868,7 @@ 0% implemented - [ ] create_savings_plan +- [ ] delete_queued_savings_plan - [ ] describe_savings_plan_rates - [ ] describe_savings_plans - [ ] describe_savings_plans_offering_rates @@ -7768,6 +8894,7 @@ - [ ] describe_discoverer - [ ] describe_registry - [ ] describe_schema +- [ ] export_schema - [ ] get_code_binding_source - [ ] get_discovered_schema - [ ] get_resource_policy @@ -7848,14 +8975,17 @@ - [ ] delete_members - [ ] describe_action_targets - [ ] describe_hub +- [ ] describe_organization_configuration - [ ] describe_products - [ ] describe_standards - [ ] describe_standards_controls - [ ] disable_import_findings_for_product +- [ ] disable_organization_admin_account - [ ] disable_security_hub - [ ] disassociate_from_master_account - [ ] disassociate_members - [ ] enable_import_findings_for_product +- [ ] enable_organization_admin_account - [ ] enable_security_hub - [ ] get_enabled_standards - [ ] get_findings @@ -7868,12 +8998,14 @@ - [ ] list_enabled_products_for_import - [ ] list_invitations - [ ] list_members +- [ ] list_organization_admin_accounts - [ ] list_tags_for_resource - [ ] tag_resource - [ ] untag_resource - [ ] update_action_target - [ ] update_findings - [ ] update_insight +- [ ] update_organization_configuration - [ ] update_security_hub_configuration - [ ] update_standards_control
@@ -7916,8 +9048,11 @@ - [ ] list_service_quota_increase_requests_in_template - [ ] list_service_quotas - [ ] list_services +- [ ] list_tags_for_resource - [ ] put_service_quota_increase_request_into_template - [ ] request_service_quota_increase +- [ ] tag_resource +- [ ] untag_resource
## servicecatalog @@ -7953,6 +9088,7 @@ - [ ] describe_copy_product_status - [ ] describe_portfolio - [ ] describe_portfolio_share_status +- [ ] describe_portfolio_shares - [ ] describe_product - [ ] describe_product_as_admin - [ ] describe_product_view @@ -7974,6 +9110,8 @@ - [ ] execute_provisioned_product_plan - [ ] execute_provisioned_product_service_action - [ ] get_aws_organizations_access_status +- [ ] get_provisioned_product_outputs +- [ ] import_as_provisioned_product - [ ] list_accepted_portfolio_shares - [ ] list_budgets_for_resource - [ ] list_constraints_for_portfolio @@ -8001,6 +9139,7 @@ - [ ] terminate_provisioned_product - [ ] update_constraint - [ ] update_portfolio +- [ ] update_portfolio_share - [ ] update_product - [ ] update_provisioned_product - [ ] update_provisioned_product_properties @@ -8009,6 +9148,32 @@ - [ ] update_tag_option
+## servicecatalog-appregistry +
+0% implemented + +- [ ] associate_attribute_group +- [ ] associate_resource +- [ ] create_application +- [ ] create_attribute_group +- [ ] delete_application +- [ ] delete_attribute_group +- [ ] disassociate_attribute_group +- [ ] disassociate_resource +- [ ] get_application +- [ ] get_attribute_group +- [ ] list_applications +- [ ] list_associated_attribute_groups +- [ ] list_associated_resources +- [ ] list_attribute_groups +- [ ] list_tags_for_resource +- [ ] sync_resource +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_application +- [ ] update_attribute_group +
+ ## servicediscovery
0% implemented @@ -8040,7 +9205,7 @@ ## ses
-23% implemented +25% implemented - [ ] clone_receipt_rule_set - [X] create_configuration_set @@ -8108,7 +9273,7 @@ - [ ] update_configuration_set_tracking_options - [ ] update_custom_verification_email_template - [ ] update_receipt_rule -- [ ] update_template +- [X] update_template - [ ] verify_domain_dkim - [ ] verify_domain_identity - [X] verify_email_address @@ -8121,6 +9286,8 @@ - [ ] create_configuration_set - [ ] create_configuration_set_event_destination +- [ ] create_contact +- [ ] create_contact_list - [ ] create_custom_verification_email_template - [ ] create_dedicated_ip_pool - [ ] create_deliverability_test_report @@ -8130,6 +9297,8 @@ - [ ] create_import_job - [ ] delete_configuration_set - [ ] delete_configuration_set_event_destination +- [ ] delete_contact +- [ ] delete_contact_list - [ ] delete_custom_verification_email_template - [ ] delete_dedicated_ip_pool - [ ] delete_email_identity @@ -8140,6 +9309,8 @@ - [ ] get_blacklist_reports - [ ] get_configuration_set - [ ] get_configuration_set_event_destinations +- [ ] get_contact +- [ ] get_contact_list - [ ] get_custom_verification_email_template - [ ] get_dedicated_ip - [ ] get_dedicated_ips @@ -8153,6 +9324,8 @@ - [ ] get_import_job - [ ] get_suppressed_destination - [ ] list_configuration_sets +- [ ] list_contact_lists +- [ ] list_contacts - [ ] list_custom_verification_email_templates - [ ] list_dedicated_ip_pools - [ ] list_deliverability_test_reports @@ -8186,6 +9359,8 @@ - [ ] test_render_email_template - [ ] untag_resource - [ ] update_configuration_set_event_destination +- [ ] update_contact +- [ ] update_contact_list - [ ] update_custom_verification_email_template - [ ] update_email_identity_policy - [ ] update_email_template @@ -8200,13 +9375,17 @@ - [ ] associate_health_check - [ ] associate_proactive_engagement_details - [ ] create_protection +- [ ] create_protection_group - [ ] create_subscription - [ ] delete_protection +- [ ] delete_protection_group - [ ] delete_subscription - [ ] describe_attack +- [ ] describe_attack_statistics - [ ] describe_drt_access - [ ] describe_emergency_contact_settings - [ ] describe_protection +- [ ] describe_protection_group - [ ] describe_subscription - [ ] disable_proactive_engagement - [ ] disassociate_drt_log_bucket @@ -8215,8 +9394,11 @@ - [ ] enable_proactive_engagement - [ ] get_subscription_state - [ ] list_attacks +- [ ] list_protection_groups - [ ] list_protections +- [ ] list_resources_in_protection_group - [ ] update_emergency_contact_settings +- [ ] update_protection_group - [ ] update_subscription
@@ -8224,15 +9406,20 @@
0% implemented +- [ ] add_profile_permission - [ ] cancel_signing_profile - [ ] describe_signing_job - [ ] get_signing_platform - [ ] get_signing_profile +- [ ] list_profile_permissions - [ ] list_signing_jobs - [ ] list_signing_platforms - [ ] list_signing_profiles - [ ] list_tags_for_resource - [ ] put_signing_profile +- [ ] remove_profile_permission +- [ ] revoke_signature +- [ ] revoke_signing_profile - [ ] start_signing_job - [ ] tag_resource - [ ] untag_resource @@ -8302,10 +9489,12 @@ - [ ] create_address - [ ] create_cluster - [ ] create_job +- [ ] create_return_shipping_label - [ ] describe_address - [ ] describe_addresses - [ ] describe_cluster - [ ] describe_job +- [ ] describe_return_shipping_label - [ ] get_job_manifest - [ ] get_job_unlock_code - [ ] get_snowball_usage @@ -8316,6 +9505,7 @@ - [ ] list_jobs - [ ] update_cluster - [ ] update_job +- [ ] update_job_shipment_state
## sns @@ -8385,7 +9575,7 @@ ## ssm
-18% implemented +16% implemented - [X] add_tags_to_resource - [ ] cancel_command @@ -8396,6 +9586,7 @@ - [X] create_document - [ ] create_maintenance_window - [ ] create_ops_item +- [ ] create_ops_metadata - [ ] create_patch_baseline - [ ] create_resource_data_sync - [ ] delete_activation @@ -8403,6 +9594,7 @@ - [X] delete_document - [ ] delete_inventory - [ ] delete_maintenance_window +- [ ] delete_ops_metadata - [X] delete_parameter - [X] delete_parameters - [ ] delete_patch_baseline @@ -8458,6 +9650,7 @@ - [ ] get_maintenance_window_execution_task_invocation - [ ] get_maintenance_window_task - [ ] get_ops_item +- [ ] get_ops_metadata - [ ] get_ops_summary - [X] get_parameter - [X] get_parameter_history @@ -8473,9 +9666,12 @@ - [X] list_commands - [ ] list_compliance_items - [ ] list_compliance_summaries +- [ ] list_document_metadata_history - [ ] list_document_versions - [X] list_documents - [ ] list_inventory_entries +- [ ] list_ops_item_events +- [ ] list_ops_metadata - [ ] list_resource_compliance_summaries - [ ] list_resource_data_sync - [X] list_tags_for_resource @@ -8494,6 +9690,7 @@ - [X] send_command - [ ] start_associations_once - [ ] start_automation_execution +- [ ] start_change_request_execution - [ ] start_session - [ ] stop_automation_execution - [ ] terminate_session @@ -8501,11 +9698,13 @@ - [ ] update_association_status - [X] update_document - [X] update_document_default_version +- [ ] update_document_metadata - [ ] update_maintenance_window - [ ] update_maintenance_window_target - [ ] update_maintenance_window_task - [ ] update_managed_instance_role - [ ] update_ops_item +- [ ] update_ops_metadata - [ ] update_patch_baseline - [ ] update_resource_data_sync - [ ] update_service_setting @@ -8521,6 +9720,43 @@ - [ ] logout
+## sso-admin +
+0% implemented + +- [ ] attach_managed_policy_to_permission_set +- [ ] create_account_assignment +- [ ] create_instance_access_control_attribute_configuration +- [ ] create_permission_set +- [ ] delete_account_assignment +- [ ] delete_inline_policy_from_permission_set +- [ ] delete_instance_access_control_attribute_configuration +- [ ] delete_permission_set +- [ ] describe_account_assignment_creation_status +- [ ] describe_account_assignment_deletion_status +- [ ] describe_instance_access_control_attribute_configuration +- [ ] describe_permission_set +- [ ] describe_permission_set_provisioning_status +- [ ] detach_managed_policy_from_permission_set +- [ ] get_inline_policy_for_permission_set +- [ ] list_account_assignment_creation_status +- [ ] list_account_assignment_deletion_status +- [ ] list_account_assignments +- [ ] list_accounts_for_provisioned_permission_set +- [ ] list_instances +- [ ] list_managed_policies_in_permission_set +- [ ] list_permission_set_provisioning_status +- [ ] list_permission_sets +- [ ] list_permission_sets_provisioned_to_account +- [ ] list_tags_for_resource +- [ ] provision_permission_set +- [ ] put_inline_policy_to_permission_set +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_instance_access_control_attribute_configuration +- [ ] update_permission_set +
+ ## sso-oidc
0% implemented @@ -8532,7 +9768,7 @@ ## stepfunctions
-54% implemented +52% implemented - [ ] create_activity - [X] create_state_machine @@ -8552,6 +9788,7 @@ - [ ] send_task_heartbeat - [ ] send_task_success - [X] start_execution +- [ ] start_sync_execution - [X] stop_execution - [X] tag_resource - [X] untag_resource @@ -8592,6 +9829,7 @@ - [ ] delete_volume - [ ] describe_availability_monitor_test - [ ] describe_bandwidth_rate_limit +- [ ] describe_bandwidth_rate_limit_schedule - [ ] describe_cache - [ ] describe_cached_iscsi_volumes - [ ] describe_chap_credentials @@ -8634,12 +9872,14 @@ - [ ] start_gateway - [ ] update_automatic_tape_creation_policy - [ ] update_bandwidth_rate_limit +- [ ] update_bandwidth_rate_limit_schedule - [ ] update_chap_credentials - [ ] update_gateway_information - [ ] update_gateway_software_now - [ ] update_maintenance_start_time - [ ] update_nfs_file_share - [ ] update_smb_file_share +- [ ] update_smb_file_share_visibility - [ ] update_smb_security_strategy - [ ] update_snapshot_schedule - [ ] update_vtl_device_type @@ -8753,6 +9993,36 @@ - [ ] start_document_text_detection
+## timestream-query +
+0% implemented + +- [ ] cancel_query +- [ ] describe_endpoints +- [ ] query +
+ +## timestream-write +
+0% implemented + +- [ ] create_database +- [ ] create_table +- [ ] delete_database +- [ ] delete_table +- [ ] describe_database +- [ ] describe_endpoints +- [ ] describe_table +- [ ] list_databases +- [ ] list_tables +- [ ] list_tags_for_resource +- [ ] tag_resource +- [ ] untag_resource +- [ ] update_database +- [ ] update_table +- [ ] write_records +
+ ## transcribe
29% implemented @@ -8816,15 +10086,20 @@
0% implemented +- [ ] create_parallel_data +- [ ] delete_parallel_data - [ ] delete_terminology - [ ] describe_text_translation_job +- [ ] get_parallel_data - [ ] get_terminology - [ ] import_terminology +- [ ] list_parallel_data - [ ] list_terminologies - [ ] list_text_translation_jobs - [ ] start_text_translation_job - [ ] stop_text_translation_job - [ ] translate_text +- [ ] update_parallel_data
## waf @@ -9043,6 +10318,40 @@ - [ ] update_web_acl
+## wellarchitected +
+0% implemented + +- [ ] associate_lenses +- [ ] create_milestone +- [ ] create_workload +- [ ] create_workload_share +- [ ] delete_workload +- [ ] delete_workload_share +- [ ] disassociate_lenses +- [ ] get_answer +- [ ] get_lens_review +- [ ] get_lens_review_report +- [ ] get_lens_version_difference +- [ ] get_milestone +- [ ] get_workload +- [ ] list_answers +- [ ] list_lens_review_improvements +- [ ] list_lens_reviews +- [ ] list_lenses +- [ ] list_milestones +- [ ] list_notifications +- [ ] list_share_invitations +- [ ] list_workload_shares +- [ ] list_workloads +- [ ] update_answer +- [ ] update_lens_review +- [ ] update_share_invitation +- [ ] update_workload +- [ ] update_workload_share +- [ ] upgrade_lens_review +
+ ## workdocs
0% implemented @@ -9135,19 +10444,23 @@ - [ ] associate_delegate_to_resource - [ ] associate_member_to_group +- [ ] cancel_mailbox_export_job - [ ] create_alias - [ ] create_group +- [ ] create_organization - [ ] create_resource - [ ] create_user - [ ] delete_access_control_rule - [ ] delete_alias - [ ] delete_group - [ ] delete_mailbox_permissions +- [ ] delete_organization - [ ] delete_resource - [ ] delete_retention_policy - [ ] delete_user - [ ] deregister_from_work_mail - [ ] describe_group +- [ ] describe_mailbox_export_job - [ ] describe_organization - [ ] describe_resource - [ ] describe_user @@ -9160,6 +10473,7 @@ - [ ] list_aliases - [ ] list_group_members - [ ] list_groups +- [ ] list_mailbox_export_jobs - [ ] list_mailbox_permissions - [ ] list_organizations - [ ] list_resource_delegates @@ -9171,6 +10485,7 @@ - [ ] put_retention_policy - [ ] register_to_work_mail - [ ] reset_password +- [ ] start_mailbox_export_job - [ ] tag_resource - [ ] untag_resource - [ ] update_mailbox_quota @@ -9189,12 +10504,15 @@
0% implemented +- [ ] associate_connection_alias - [ ] associate_ip_groups - [ ] authorize_ip_rules - [ ] copy_workspace_image +- [ ] create_connection_alias - [ ] create_ip_group - [ ] create_tags - [ ] create_workspaces +- [ ] delete_connection_alias - [ ] delete_ip_group - [ ] delete_tags - [ ] delete_workspace_image @@ -9202,6 +10520,8 @@ - [ ] describe_account - [ ] describe_account_modifications - [ ] describe_client_properties +- [ ] describe_connection_alias_permissions +- [ ] describe_connection_aliases - [ ] describe_ip_groups - [ ] describe_tags - [ ] describe_workspace_bundles @@ -9211,6 +10531,7 @@ - [ ] describe_workspace_snapshots - [ ] describe_workspaces - [ ] describe_workspaces_connection_status +- [ ] disassociate_connection_alias - [ ] disassociate_ip_groups - [ ] import_workspace_image - [ ] list_available_management_cidr_ranges @@ -9230,6 +10551,7 @@ - [ ] start_workspaces - [ ] stop_workspaces - [ ] terminate_workspaces +- [ ] update_connection_alias_permission - [ ] update_rules_of_ip_group - [ ] update_workspace_image_permission
@@ -9246,6 +10568,10 @@ - [ ] get_encryption_config - [ ] get_group - [ ] get_groups +- [ ] get_insight +- [ ] get_insight_events +- [ ] get_insight_impact_graph +- [ ] get_insight_summaries - [ ] get_sampling_rules - [ ] get_sampling_statistic_summaries - [ ] get_sampling_targets diff --git a/moto/iam/aws_managed_policies.py b/moto/iam/aws_managed_policies.py index a8fca28e0..8b292b456 100644 --- a/moto/iam/aws_managed_policies.py +++ b/moto/iam/aws_managed_policies.py @@ -5,7 +5,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-10-20T17:23:10+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -13,10 +13,18 @@ aws_managed_policies_data = """ "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:RemoveListenerCertificates", "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancers", "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingTargets", - "xray:GetSamplingRules" + "xray:GetSamplingRules", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "servicediscovery:DiscoverInstances" ], "Effect": "Allow", "Resource": [ @@ -31,6 +39,61 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:firehose:*:*:deliverystream/amazon-apigateway-*" + }, + { + "Action": [ + "acm:DescribeCertificate" + ], + "Effect": "Allow", + "Resource": "arn:aws:acm:*:*:certificate/*" + }, + { + "Action": "ec2:CreateNetworkInterfacePermission", + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "Owner", + "VpcLinkId" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action": [ + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeVpcs", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:UnassignPrivateIpAddresses", + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "servicediscovery:GetNamespace", + "Effect": "Allow", + "Resource": "arn:aws:servicediscovery:*:*:namespace/*" + }, + { + "Action": "servicediscovery:GetService", + "Effect": "Allow", + "Resource": "arn:aws:servicediscovery:*:*:service/*" } ], "Version": "2012-10-17" @@ -41,8 +104,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJQQDZNLDBF2ULTWK6", "PolicyName": "APIGatewayServiceRolePolicy", - "UpdateDate": "2019-05-20T18:22:18+00:00", - "VersionId": "v4" + "UpdateDate": "2020-02-25T20:24:49+00:00", + "VersionId": "v8" }, "AWSAccountActivityAccess": { "Arn": "arn:aws:iam::aws:policy/AWSAccountActivityAccess", @@ -100,7 +163,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService", "AttachmentCount": 0, "CreateDate": "2016-08-02T01:35:11+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -165,6 +228,13 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "*", "Sid": "arsenal" + }, + { + "Action": [ + "mgh:GetHomeRegion" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -175,14 +245,40 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIA3DIL7BYQ35ISM4K", "PolicyName": "AWSAgentlessDiscoveryService", - "UpdateDate": "2016-08-02T01:35:11+00:00", + "UpdateDate": "2020-02-24T23:08:23+00:00", + "VersionId": "v2" + }, + "AWSAppMeshEnvoyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSAppMeshEnvoyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-07-03T21:29:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "appmesh:StreamAggregatedResources" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PMG6ZGSZZ", + "PolicyName": "AWSAppMeshEnvoyAccess", + "UpdateDate": "2019-07-03T21:29:37+00:00", "VersionId": "v1" }, "AWSAppMeshFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSAppMeshFullAccess", "AttachmentCount": 0, "CreateDate": "2019-04-16T17:50:40+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -191,6 +287,49 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": [ + "appmesh.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh" + }, + { + "Action": [ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStack*", + "cloudformation:UpdateStack" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" + }, + { + "Action": [ + "acm:ListCertificates", + "acm:DescribeCertificate", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:ListCertificateAuthorities" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "servicediscovery:ListNamespaces", + "servicediscovery:ListServices", + "servicediscovery:ListInstances" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -201,14 +340,75 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAZKAPJZG4ILVZ5BWFU", "PolicyName": "AWSAppMeshFullAccess", - "UpdateDate": "2019-04-16T17:50:40+00:00", + "UpdateDate": "2021-01-07T19:54:08+00:00", + "VersionId": "v6" + }, + "AWSAppMeshPreviewEnvoyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSAppMeshPreviewEnvoyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-08-05T23:32:39+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "appmesh-preview:StreamAggregatedResources" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NKURE3R2M", + "PolicyName": "AWSAppMeshPreviewEnvoyAccess", + "UpdateDate": "2019-08-05T23:32:39+00:00", "VersionId": "v1" }, + "AWSAppMeshPreviewServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshPreviewServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-06-19T19:07:00+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "servicediscovery:DiscoverInstances" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudMapServiceDiscovery" + }, + { + "Action": [ + "acm:DescribeCertificate" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ACMCertificateVerification" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FAQWKJYPJ", + "PolicyName": "AWSAppMeshPreviewServiceRolePolicy", + "UpdateDate": "2019-08-21T21:06:29+00:00", + "VersionId": "v3" + }, "AWSAppMeshReadOnly": { "Arn": "arn:aws:iam::aws:policy/AWSAppMeshReadOnly", "AttachmentCount": 0, "CreateDate": "2019-04-16T17:51:11+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -218,6 +418,32 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "cloudformation:DescribeStack*" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" + }, + { + "Action": [ + "acm:ListCertificates", + "acm:DescribeCertificate", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:ListCertificateAuthorities" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "servicediscovery:ListNamespaces", + "servicediscovery:ListServices", + "servicediscovery:ListInstances" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -228,14 +454,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAZKAPJZG4HOPFCIWXP", "PolicyName": "AWSAppMeshReadOnly", - "UpdateDate": "2019-04-16T17:51:11+00:00", - "VersionId": "v1" + "UpdateDate": "2021-01-07T19:53:16+00:00", + "VersionId": "v5" }, "AWSAppMeshServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2019-06-03T18:30:51+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -245,6 +471,14 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "*", "Sid": "CloudMapServiceDiscovery" + }, + { + "Action": [ + "acm:DescribeCertificate" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ACMCertificateVerification" } ], "Version": "2012-10-17" @@ -255,14 +489,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAZKAPJZG4B5IHMMEND", "PolicyName": "AWSAppMeshServiceRolePolicy", - "UpdateDate": "2019-06-03T18:30:51+00:00", - "VersionId": "v1" + "UpdateDate": "2019-09-10T22:44:43+00:00", + "VersionId": "v2" }, "AWSAppSyncAdministrator": { "Arn": "arn:aws:iam::aws:policy/AWSAppSyncAdministrator", "AttachmentCount": 0, "CreateDate": "2018-03-20T21:20:28+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -285,6 +519,24 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "appsync.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync*" } ], "Version": "2012-10-17" @@ -295,8 +547,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJBYY36AJPXTTWIXCY", "PolicyName": "AWSAppSyncAdministrator", - "UpdateDate": "2018-03-20T21:20:28+00:00", - "VersionId": "v1" + "UpdateDate": "2019-11-04T19:23:49+00:00", + "VersionId": "v2" }, "AWSAppSyncInvokeFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess", @@ -399,6 +651,38 @@ aws_managed_policies_data = """ "UpdateDate": "2018-03-20T21:21:06+00:00", "VersionId": "v1" }, + "AWSAppSyncServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppSyncServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-01-21T19:56:53+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + "xray:GetSamplingTargets", + "xray:GetSamplingRules", + "xray:GetSamplingStatisticSummaries" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IKBIQXBOO", + "PolicyName": "AWSAppSyncServiceRolePolicy", + "UpdateDate": "2020-01-21T19:56:53+00:00", + "VersionId": "v1" + }, "AWSApplicationAutoScalingCustomResourcePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoScalingCustomResourcePolicy", "AttachmentCount": 0, @@ -462,9 +746,79 @@ aws_managed_policies_data = """ "UpdateDate": "2017-10-20T19:04:06+00:00", "VersionId": "v1" }, + "AWSApplicationAutoscalingCassandraTablePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-03-18T22:49:23+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "cassandra:Select", + "Effect": "Allow", + "Resource": [ + "arn:*:cassandra:*:*:/keyspace/system/table/*", + "arn:*:cassandra:*:*:/keyspace/system_schema/table/*", + "arn:*:cassandra:*:*:/keyspace/system_schema_mcs/table/*" + ] + }, + { + "Action": [ + "cassandra:Alter", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BOOOZAOTV", + "PolicyName": "AWSApplicationAutoscalingCassandraTablePolicy", + "UpdateDate": "2020-03-18T22:49:23+00:00", + "VersionId": "v1" + }, + "AWSApplicationAutoscalingComprehendEndpointPolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingComprehendEndpointPolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-14T18:39:07+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "comprehend:UpdateEndpoint", + "comprehend:DescribeEndpoint", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HD4ODS6K6", + "PolicyName": "AWSApplicationAutoscalingComprehendEndpointPolicy", + "UpdateDate": "2019-11-14T18:39:07+00:00", + "VersionId": "v1" + }, "AWSApplicationAutoscalingDynamoDBTablePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingDynamoDBTablePolicy", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2017-10-20T21:34:57+00:00", "DefaultVersionId": "v1", "Document": { @@ -586,6 +940,72 @@ aws_managed_policies_data = """ "UpdateDate": "2017-10-26T00:57:39+00:00", "VersionId": "v1" }, + "AWSApplicationAutoscalingKafkaClusterPolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingKafkaClusterPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-08-24T18:36:01+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "kafka:DescribeCluster", + "kafka:DescribeClusterOperation", + "kafka:UpdateBrokerStorage", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FTCIZBJA2", + "PolicyName": "AWSApplicationAutoscalingKafkaClusterPolicy", + "UpdateDate": "2020-08-24T18:36:01+00:00", + "VersionId": "v1" + }, + "AWSApplicationAutoscalingLambdaConcurrencyPolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingLambdaConcurrencyPolicy", + "AttachmentCount": 0, + "CreateDate": "2019-10-21T20:04:17+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "lambda:PutProvisionedConcurrencyConfig", + "lambda:GetProvisionedConcurrencyConfig", + "lambda:DeleteProvisionedConcurrencyConfig", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KIR2KPJCU", + "PolicyName": "AWSApplicationAutoscalingLambdaConcurrencyPolicy", + "UpdateDate": "2019-10-21T20:04:17+00:00", + "VersionId": "v1" + }, "AWSApplicationAutoscalingRDSClusterPolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingRDSClusterPolicy", "AttachmentCount": 0, @@ -669,7 +1089,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess", "AttachmentCount": 0, "CreateDate": "2016-05-11T21:38:47+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -678,6 +1098,13 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "mgh:GetHomeRegion" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -688,14 +1115,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAICZIOVAGC6JPF3WHC", "PolicyName": "AWSApplicationDiscoveryAgentAccess", - "UpdateDate": "2016-05-11T21:38:47+00:00", - "VersionId": "v1" + "UpdateDate": "2020-02-24T22:26:45+00:00", + "VersionId": "v2" }, "AWSApplicationDiscoveryServiceFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess", "AttachmentCount": 0, "CreateDate": "2016-05-11T21:30:50+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -730,6 +1157,20 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "migrationhub.amazonaws.com", + "dmsintegration.migrationhub.amazonaws.com", + "smsintegration.migrationhub.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -740,8 +1181,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJBNJEA6ZXM2SBOPDU", "PolicyName": "AWSApplicationDiscoveryServiceFullAccess", - "UpdateDate": "2018-08-16T16:02:27+00:00", - "VersionId": "v3" + "UpdateDate": "2019-06-19T21:21:26+00:00", + "VersionId": "v4" }, "AWSArtifactAccountSync": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSArtifactAccountSync", @@ -770,6 +1211,371 @@ aws_managed_policies_data = """ "UpdateDate": "2018-04-10T23:04:33+00:00", "VersionId": "v1" }, + "AWSAuditManagerAdministratorAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-11T20:02:42+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "auditmanager:*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AuditManagerAccess" + }, + { + "Action": [ + "organizations:ListAccountsForParent", + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount", + "organizations:ListParents", + "organizations:ListChildren" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "OrganizationsAccess" + }, + { + "Action": [ + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator", + "organizations:EnableAWSServiceAccess" + ], + "Condition": { + "StringLikeIfExists": { + "organizations:ServicePrincipal": [ + "auditmanager.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowOnlyAuditManagerIntegration" + }, + { + "Action": [ + "iam:GetUser", + "iam:ListUsers", + "iam:ListRoles" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "IAMAccess" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "auditmanager.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", + "Sid": "IAMAccessCreateSLR" + }, + { + "Action": [ + "iam:DeleteServiceLinkedRole", + "iam:UpdateRoleDescription", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", + "Sid": "IAMAccessManageSLR" + }, + { + "Action": [ + "s3:ListAllMyBuckets" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "S3Access" + }, + { + "Action": [ + "kms:DescribeKey", + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "KmsAccess" + }, + { + "Action": [ + "kms:CreateGrant" + ], + "Condition": { + "Bool": { + "kms:GrantIsForAWSResource": "true" + }, + "StringLike": { + "kms:ViaService": "auditmanager.*.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "KmsCreateGrantAccess" + }, + { + "Action": [ + "sns:ListTopics" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SNSAccess" + }, + { + "Action": [ + "events:PutRule" + ], + "Condition": { + "StringEquals": { + "events:detail-type": "Security Hub Findings - Imported", + "events:source": "aws.securityhub" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CreateEventsAccess" + }, + { + "Action": [ + "events:DeleteRule", + "events:DescribeRule", + "events:EnableRule", + "events:DisableRule", + "events:ListTargetsByRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect": "Allow", + "Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", + "Sid": "EventsAccess" + }, + { + "Action": [ + "tag:GetResources" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "TagAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EBAFCQQJX", + "PolicyName": "AWSAuditManagerAdministratorAccess", + "UpdateDate": "2020-12-11T20:02:42+00:00", + "VersionId": "v1" + }, + "AWSAuditManagerServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-08T15:12:12+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "license-manager:ListLicenseConfigurations", + "license-manager:ListAssociationsForLicenseConfiguration", + "license-manager:ListUsageForLicenseConfiguration" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "LicenseManagerAccess" + }, + { + "Action": [ + "iam:GenerateCredentialReport", + "iam:GetAccountSummary", + "iam:ListPolicies", + "iam:GetAccountPasswordPolicy", + "iam:ListUsers", + "iam:ListUserPolicies", + "iam:ListRoles", + "iam:ListRolePolicies", + "iam:ListGroups", + "iam:ListGroupPolicies", + "iam:ListEntitiesForPolicy" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "IAMAccess" + }, + { + "Action": [ + "ec2:DescribeInstances", + "ec2:DescribeFlowLogs", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables", + "ec2:DescribeSnapshots", + "ec2:DescribeVpcEndpoints" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "EC2Access" + }, + { + "Action": [ + "cloudtrail:DescribeTrails" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudtrailAccess" + }, + { + "Action": [ + "config:DescribeDeliveryChannels", + "config:ListDiscoveredResources", + "config:DescribeConfigRules" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ConfigAccess" + }, + { + "Action": [ + "securityhub:DescribeStandards" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SecurityHubAccess" + }, + { + "Action": [ + "kms:ListKeys", + "kms:DescribeKey", + "kms:ListGrants" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "KMSAccess" + }, + { + "Action": [ + "cloudwatch:DescribeAlarms" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudwatchAccess" + }, + { + "Action": [ + "s3:GetLifecycleConfiguration" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "S3Access" + }, + { + "Action": [ + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "EventBridgeAccess" + }, + { + "Action": [ + "waf:ListActivatedRulesInRuleGroup" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "WAFAccess" + }, + { + "Action": [ + "guardduty:ListDetectors" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "GuardDutyAccess" + }, + { + "Action": [ + "route53:GetQueryLoggingConfig" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "Route53Access" + }, + { + "Action": [ + "organizations:DescribePolicy" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "OrganizationsAccess" + }, + { + "Action": [ + "cognito-idp:DescribeUserPool" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CognitoAccess" + }, + { + "Action": [ + "elasticfilesystem:DescribeFileSystems" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "EFSAccess" + }, + { + "Action": [ + "events:PutRule" + ], + "Condition": { + "StringEquals": { + "events:detail-type": "Security Hub Findings - Imported", + "events:source": "aws.securityhub" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CreateEventsAccess" + }, + { + "Action": [ + "events:DeleteRule", + "events:DescribeRule", + "events:EnableRule", + "events:DisableRule", + "events:ListTargetsByRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect": "Allow", + "Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", + "Sid": "EventsAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4C5N52UWST", + "PolicyName": "AWSAuditManagerServiceRolePolicy", + "UpdateDate": "2020-12-08T15:12:12+00:00", + "VersionId": "v1" + }, "AWSAutoScalingPlansEC2AutoScalingPolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy", "AttachmentCount": 0, @@ -800,72 +1606,11 @@ aws_managed_policies_data = """ "UpdateDate": "2018-08-23T22:46:59+00:00", "VersionId": "v1" }, - "AWSB9InternalServicePolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSB9InternalServicePolicy", + "AWSBackupFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSBackupFullAccess", "AttachmentCount": 0, - "CreateDate": "2018-12-13T18:48:22+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeSecurityGroups", - "greengrass:CreateDeployment", - "greengrass:CreateGroupVersion", - "greengrass:CreateFunctionDefinition", - "greengrass:CreateFunctionDefinitionVersion", - "greengrass:GetDeploymentStatus", - "greengrass:GetGroup", - "greengrass:GetGroupVersion", - "greengrass:GetCoreDefinitionVersion", - "greengrass:GetFunctionDefinitionVersion", - "greengrass:GetAssociatedRole", - "lambda:CreateFunction" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:UpdateFunctionCode", - "lambda:GetFunction", - "lambda:UpdateFunctionConfiguration" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": "lambda.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWR2IIOQ7JJGVQOPW", - "PolicyName": "AWSB9InternalServicePolicy", - "UpdateDate": "2018-12-13T18:48:22+00:00", - "VersionId": "v1" - }, - "AWSBackupAdminPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSBackupAdminPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-01-19T02:34:31+00:00", - "DefaultVersionId": "v2", + "CreateDate": "2019-11-18T22:21:52+00:00", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -883,15 +1628,33 @@ aws_managed_policies_data = """ "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:DescribeDBInstances", - "rds:describeDBSnapshots", "rds:describeDBEngineVersions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", - "rds:describeDBSubnetGroups" + "rds:describeDBSubnetGroups", + "rds:describeDBClusterSnapshots", + "rds:describeDBClusters", + "rds:describeDBParameterGroups", + "rds:describeDBClusterParameterGroups" ], "Effect": "Allow", "Resource": "*" }, + { + "Action": [ + "rds:DeleteDBSnapshot", + "rds:DeleteDBClusterSnapshot" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "backup.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "dynamodb:ListBackups", @@ -900,6 +1663,20 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "*" }, + { + "Action": [ + "dynamodb:DeleteBackup" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "backup.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "elasticfilesystem:DescribeFilesystems" @@ -911,11 +1688,34 @@ aws_managed_policies_data = """ "Action": [ "ec2:DescribeSnapshots", "ec2:DescribeVolumes", - "ec2:describeAvailabilityZones" + "ec2:describeAvailabilityZones", + "ec2:DescribeVpcs", + "ec2:DescribeAccountAttributes", + "ec2:DescribeSecurityGroups", + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:DescribePlacementGroups", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes" ], "Effect": "Allow", "Resource": "*" }, + { + "Action": [ + "ec2:DeleteSnapshot", + "ec2:DeregisterImage" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "backup.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "tag:GetTagKeys", @@ -952,8 +1752,7 @@ aws_managed_policies_data = """ { "Action": [ "iam:ListRoles", - "iam:GetRole", - "iam:GetUser" + "iam:GetRole" ], "Effect": "Allow", "Resource": "*" @@ -971,18 +1770,81 @@ aws_managed_policies_data = """ "arn:aws:iam::*:role/*AWSBackup*" ] }, + { + "Action": "organizations:DescribeOrganization", + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "kms:ListKeys", "kms:DescribeKey", "kms:GenerateDataKey", - "kms:RetireGrant", - "kms:CreateGrant", - "kms:ListAliases", - "kms:Decrypt" + "kms:ListAliases" ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "kms:CreateGrant" + ], + "Condition": { + "Bool": { + "kms:GrantIsForAWSResource": true + }, + "ForAnyValue:StringEquals": { + "kms:EncryptionContextKeys": "aws:backup:backup-vault" + }, + "StringLike": { + "kms:ViaService": "backup.*.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ssm:CancelCommand", + "ssm:GetCommandInvocation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ssm:SendCommand", + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": "fsx:DescribeFileSystems", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "fsx:DescribeBackups", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "fsx:DeleteBackup", + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "backup.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:backup/*" + }, + { + "Action": "ds:DescribeDirectories", + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -991,16 +1853,16 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWFPFHACTI7XN6M2C", - "PolicyName": "AWSBackupAdminPolicy", - "UpdateDate": "2019-03-11T22:14:30+00:00", - "VersionId": "v2" + "PolicyId": "ANPAZKAPJZG4LL52EIPJX", + "PolicyName": "AWSBackupFullAccess", + "UpdateDate": "2020-11-09T16:49:24+00:00", + "VersionId": "v6" }, - "AWSBackupOperatorPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSBackupOperatorPolicy", + "AWSBackupOperatorAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSBackupOperatorAccess", "AttachmentCount": 0, - "CreateDate": "2019-01-19T02:31:55+00:00", - "DefaultVersionId": "v2", + "CreateDate": "2019-11-18T22:23:17+00:00", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -1012,7 +1874,8 @@ aws_managed_policies_data = """ "backup:DeleteBackupSelection", "backup:GetRecoveryPointRestoreMetadata", "backup:StartBackupJob", - "backup:StartRestoreJob" + "backup:StartRestoreJob", + "backup:StartCopyJob" ], "Effect": "Allow", "Resource": "*" @@ -1026,7 +1889,11 @@ aws_managed_policies_data = """ "rds:describeDBEngineVersions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", - "rds:describeDBSubnetGroups" + "rds:describeDBSubnetGroups", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBClusterParameterGroups" ], "Effect": "Allow", "Resource": "*" @@ -1050,7 +1917,15 @@ aws_managed_policies_data = """ "Action": [ "ec2:DescribeSnapshots", "ec2:DescribeVolumes", - "ec2:describeAvailabilityZones" + "ec2:describeAvailabilityZones", + "ec2:DescribeVpcs", + "ec2:DescribeAccountAttributes", + "ec2:DescribeSecurityGroups", + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:DescribePlacementGroups", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes" ], "Effect": "Allow", "Resource": "*" @@ -1091,8 +1966,7 @@ aws_managed_policies_data = """ { "Action": [ "iam:ListRoles", - "iam:GetRole", - "iam:GetUser" + "iam:GetRole" ], "Effect": "Allow", "Resource": "*" @@ -1110,15 +1984,113 @@ aws_managed_policies_data = """ "arn:aws:iam::*:role/*AWSBackup*" ] }, + { + "Action": "organizations:DescribeOrganization", + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ - "kms:ListKeys", - "kms:DescribeKey", - "kms:GenerateDataKey", - "kms:RetireGrant", - "kms:CreateGrant", - "kms:ListAliases", - "kms:Decrypt" + "ssm:CancelCommand", + "ssm:GetCommandInvocation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ssm:SendCommand", + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": "fsx:DescribeBackups", + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:backup/*" + }, + { + "Action": "fsx:DescribeFileSystems", + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:file-system/*" + }, + { + "Action": "ds:DescribeDirectories", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KHXVYMY4O", + "PolicyName": "AWSBackupOperatorAccess", + "UpdateDate": "2020-11-09T16:43:44+00:00", + "VersionId": "v6" + }, + "AWSBackupOrganizationAdminAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSBackupOrganizationAdminAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-24T16:23:14+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "organizations:DisableAWSServiceAccess", + "organizations:EnableAWSServiceAccess" + ], + "Condition": { + "StringEquals": { + "organizations:ServicePrincipal": [ + "backup.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "organizations:AttachPolicy", + "organizations:ListPoliciesForTarget", + "organizations:ListTargetsForPolicy", + "organizations:DetachPolicy", + "organizations:DisablePolicyType", + "organizations:DescribePolicy", + "organizations:DescribeEffectivePolicy", + "organizations:ListPolicies", + "organizations:EnablePolicyType", + "organizations:CreatePolicy", + "organizations:UpdatePolicy", + "organizations:DeletePolicy" + ], + "Condition": { + "StringLikeIfExists": { + "organizations:PolicyType": [ + "BACKUP_POLICY" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "organizations:ListRoots", + "organizations:ListParents", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListAccountsForParent", + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListChildren", + "organizations:DescribeAccount", + "organizations:DescribeOrganizationalUnit" ], "Effect": "Allow", "Resource": "*" @@ -1130,16 +2102,221 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7BHZKKS47SGORCJE", - "PolicyName": "AWSBackupOperatorPolicy", - "UpdateDate": "2019-03-11T22:18:12+00:00", + "PolicyId": "ANPAZKAPJZG4E5BC3XLFS", + "PolicyName": "AWSBackupOrganizationAdminAccess", + "UpdateDate": "2020-11-24T22:09:43+00:00", "VersionId": "v2" }, + "AWSBackupServiceLinkedRolePolicyForBackup": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup", + "AttachmentCount": 0, + "CreateDate": "2020-06-02T23:08:40+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:Backup", + "elasticfilesystem:DescribeTags" + ], + "Condition": { + "StringLike": { + "aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action": [ + "tag:GetResources" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CopySnapshot" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*::snapshot/*" + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "AWSBackupManagedResource" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*::snapshot/*" + ] + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "Null": { + "ec2:ResourceTag/AWSBackupManagedResource": "false" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*::snapshot/*" + ] + }, + { + "Action": [ + "ec2:DescribeSnapshots", + "ec2:DescribeImages", + "rds:DescribeDBSnapshots", + "rds:DescribeDBClusterSnapshots" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:CopySnapshot", + "Effect": "Allow", + "Resource": "arn:aws:ec2:*::snapshot/*" + }, + { + "Action": "ec2:CopyImage", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DeregisterImage", + "ec2:DeleteSnapshot" + ], + "Condition": { + "Null": { + "ec2:ResourceTag/AWSBackupManagedResource": "false" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "rds:AddTagsToResource", + "rds:CopyDBSnapshot", + "rds:DeleteDBSnapshot" + ], + "Effect": "Allow", + "Resource": "arn:aws:rds:*:*:snapshot:awsbackup:*" + }, + { + "Action": [ + "rds:AddTagsToResource", + "rds:CopyDBClusterSnapshot", + "rds:DeleteDBClusterSnapshot" + ], + "Effect": "Allow", + "Resource": "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" + }, + { + "Action": "kms:DescribeKey", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:ListGrants", + "kms:ReEncryptFrom", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "Condition": { + "StringLike": { + "kms:ViaService": [ + "ec2.*.amazonaws.com", + "rds.*.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "kms:CreateGrant", + "Condition": { + "Bool": { + "kms:GrantIsForAWSResource": "true" + }, + "StringLike": { + "kms:ViaService": [ + "ec2.*.amazonaws.com", + "rds.*.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ONJBD4ZY2", + "PolicyName": "AWSBackupServiceLinkedRolePolicyForBackup", + "UpdateDate": "2020-11-10T18:37:51+00:00", + "VersionId": "v2" + }, + "AWSBackupServiceLinkedRolePolicyForBackupTest": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackupTest", + "AttachmentCount": 0, + "CreateDate": "2020-05-12T17:37:29+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:Backup", + "elasticfilesystem:DescribeTags" + ], + "Condition": { + "StringLike": { + "aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action": [ + "tag:GetResources" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KMHRZD5LV", + "PolicyName": "AWSBackupServiceLinkedRolePolicyForBackupTest", + "UpdateDate": "2020-05-12T17:37:29+00:00", + "VersionId": "v1" + }, "AWSBackupServiceRolePolicyForBackup": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup", "AttachmentCount": 0, "CreateDate": "2019-01-10T21:01:28+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -1165,14 +2342,19 @@ aws_managed_policies_data = """ "rds:DescribeDBSnapshots", "rds:CreateDBSnapshot", "rds:CopyDBSnapshot", - "rds:DescribeDBInstances" + "rds:DescribeDBInstances", + "rds:CreateDBClusterSnapshot", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:CopyDBClusterSnapshot" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "rds:DeleteDBSnapshot" + "rds:DeleteDBSnapshot", + "rds:ModifyDBSnapshotAttribute" ], "Effect": "Allow", "Resource": [ @@ -1181,11 +2363,36 @@ aws_managed_policies_data = """ }, { "Action": [ - "storagegateway:CreateSnapshot" + "rds:DeleteDBClusterSnapshot", + "rds:ModifyDBClusterSnapshotAttribute" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" + ] + }, + { + "Action": [ + "storagegateway:CreateSnapshot", + "storagegateway:ListTagsForResource" ], "Effect": "Allow", "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" }, + { + "Action": [ + "ec2:CopySnapshot" + ], + "Effect": "Allow", + "Resource": "arn:aws:ec2:*::snapshot/*" + }, + { + "Action": [ + "ec2:CopyImage" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "ec2:CreateTags", @@ -1196,14 +2403,66 @@ aws_managed_policies_data = """ }, { "Action": [ - "ec2:DescribeSnapshots" + "ec2:CreateImage", + "ec2:DeregisterImage" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "elasticfilesystem:Backup" + "ec2:CreateTags" + ], + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:image/*" + }, + { + "Action": [ + "ec2:DescribeSnapshots", + "ec2:DescribeTags", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceCreditSpecifications", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeElasticGpus", + "ec2:DescribeSpotInstanceRequests" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:ModifySnapshotAttribute", + "ec2:ModifyImageAttribute" + ], + "Condition": { + "Null": { + "aws:ResourceTag/aws:backup:source-resource": "false" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "backup:DescribeBackupVault", + "backup:CopyIntoBackupVault" + ], + "Effect": "Allow", + "Resource": "arn:aws:backup:*:*:backup-vault:*" + }, + { + "Action": [ + "backup:CopyFromBackupVault" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticfilesystem:Backup", + "elasticfilesystem:DescribeTags" ], "Effect": "Allow", "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" @@ -1236,12 +2495,70 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "*" }, + { + "Action": [ + "kms:GenerateDataKeyWithoutPlaintext" + ], + "Condition": { + "StringLike": { + "kms:ViaService": [ + "ec2.*.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:kms:*:*:key/*" + }, { "Action": [ "tag:GetResources" ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "ssm:CancelCommand", + "ssm:GetCommandInvocation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ssm:SendCommand", + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": "fsx:DescribeBackups", + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:backup/*" + }, + { + "Action": "fsx:CreateBackup", + "Effect": "Allow", + "Resource": [ + "arn:aws:fsx:*:*:file-system/*", + "arn:aws:fsx:*:*:backup/*" + ] + }, + { + "Action": "fsx:DescribeFileSystems", + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:file-system/*" + }, + { + "Action": "fsx:ListTagsForResource", + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:file-system/*" + }, + { + "Action": "fsx:DeleteBackup", + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:backup/*" } ], "Version": "2012-10-17" @@ -1252,14 +2569,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIOOYZSLZZXWFJJ5N2", "PolicyName": "AWSBackupServiceRolePolicyForBackup", - "UpdateDate": "2019-04-25T19:15:48+00:00", - "VersionId": "v2" + "UpdateDate": "2020-11-18T23:16:27+00:00", + "VersionId": "v8" }, "AWSBackupServiceRolePolicyForRestores": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores", "AttachmentCount": 0, "CreateDate": "2019-01-12T00:23:54+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v7", "Document": { "Statement": [ { @@ -1334,7 +2651,10 @@ aws_managed_policies_data = """ "rds:ListTagsForResource", "rds:RestoreDBInstanceFromDBSnapshot", "rds:DeleteDBInstance", - "rds:AddTagsToResource" + "rds:AddTagsToResource", + "rds:DescribeDBClusters", + "rds:RestoreDBClusterFromSnapshot", + "rds:DeleteDBCluster" ], "Effect": "Allow", "Resource": "*" @@ -1354,6 +2674,27 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "*" }, + { + "Action": [ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:ReEncryptTo", + "kms:ReEncryptFrom" + ], + "Condition": { + "StringLike": { + "kms:ViaService": [ + "dynamodb.*.amazonaws.com", + "ec2.*.amazonaws.com", + "elasticfilesystem.*.amazonaws.com", + "rds.*.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, { "Action": "kms:CreateGrant", "Condition": { @@ -1363,6 +2704,58 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "ec2:RunInstances" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:TerminateInstances" + ], + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": [ + "fsx:CreateFileSystemFromBackup" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:fsx:*:*:file-system/*", + "arn:aws:fsx:*:*:backup/*" + ] + }, + { + "Action": "fsx:DescribeFileSystems", + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:file-system/*" + }, + { + "Action": "fsx:DescribeBackups", + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:backup/*" + }, + { + "Action": [ + "fsx:DeleteFileSystem", + "fsx:UntagResource" + ], + "Condition": { + "Null": { + "aws:ResourceTag/aws:backup:source-resource": "false" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:file-system/*" + }, + { + "Action": "ds:DescribeDirectories", + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -1373,8 +2766,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJZCCL6F2WPVOUXZKI", "PolicyName": "AWSBackupServiceRolePolicyForRestores", - "UpdateDate": "2019-04-25T19:17:26+00:00", - "VersionId": "v3" + "UpdateDate": "2020-11-09T16:52:12+00:00", + "VersionId": "v7" }, "AWSBatchFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSBatchFullAccess", @@ -1464,7 +2857,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole", "AttachmentCount": 0, "CreateDate": "2016-12-06T19:36:24+00:00", - "DefaultVersionId": "v9", + "DefaultVersionId": "v11", "Document": { "Statement": [ { @@ -1508,6 +2901,7 @@ aws_managed_policies_data = """ "ecs:DescribeContainerInstances", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", + "ecs:ListAccountSettings", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListTaskDefinitionFamilies", @@ -1532,12 +2926,20 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "*" }, + { + "Action": "ecs:TagResource", + "Effect": "Allow", + "Resource": [ + "arn:aws:ecs:*:*:task/*_Batch_*" + ] + }, { "Action": "iam:PassRole", "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", + "ec2.amazonaws.com.cn", "ecs-tasks.amazonaws.com" ] } @@ -1585,19 +2987,19 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIUETIXPCKASQJURFE", "PolicyName": "AWSBatchServiceRole", - "UpdateDate": "2018-10-30T19:00:56+00:00", - "VersionId": "v9" + "UpdateDate": "2020-11-23T18:19:27+00:00", + "VersionId": "v11" }, - "AWSCertificateManagerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess", + "AWSBillingReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess", "AttachmentCount": 0, - "CreateDate": "2016-01-21T17:02:36+00:00", + "CreateDate": "2020-08-27T20:08:51+00:00", "DefaultVersionId": "v1", "Document": { "Statement": [ { "Action": [ - "acm:*" + "aws-portal:ViewBilling" ], "Effect": "Allow", "Resource": "*" @@ -1609,16 +3011,197 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LJ3OSZ5SX", + "PolicyName": "AWSBillingReadOnlyAccess", + "UpdateDate": "2020-08-27T20:08:51+00:00", + "VersionId": "v1" + }, + "AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM": { + "Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM", + "AttachmentCount": 0, + "CreateDate": "2020-10-15T17:20:48+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DescribeInstanceStatus", + "ec2:StartInstances", + "ec2:StopInstances", + "rds:DescribeDBInstances", + "rds:StartDBInstance", + "rds:StopDBInstance" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "ssm.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ssm:StartAutomationExecution" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KIUIYBT2X", + "PolicyName": "AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM", + "UpdateDate": "2020-10-15T17:20:48+00:00", + "VersionId": "v1" + }, + "AWSBudgetsActionsWithAWSResourceControlAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsWithAWSResourceControlAccess", + "AttachmentCount": 0, + "CreateDate": "2020-10-15T17:19:12+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "budgets:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "aws-portal:ViewBilling" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": "budgets.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "aws-portal:ModifyBilling", + "ec2:DescribeInstances", + "iam:ListGroups", + "iam:ListPolicies", + "iam:ListRoles", + "iam:ListUsers", + "organizations:ListAccounts", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListPolicies", + "organizations:ListRoots", + "rds:DescribeDBInstances", + "sns:ListTopics" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AHTKKGHHS", + "PolicyName": "AWSBudgetsActionsWithAWSResourceControlAccess", + "UpdateDate": "2020-10-15T17:19:12+00:00", + "VersionId": "v1" + }, + "AWSBudgetsReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSBudgetsReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-10-15T17:18:28+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "aws-portal:ViewBilling", + "budgets:ViewBudget", + "budgets:Describe*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EZCFS6BHW", + "PolicyName": "AWSBudgetsReadOnlyAccess", + "UpdateDate": "2020-10-15T17:18:28+00:00", + "VersionId": "v1" + }, + "AWSCertificateManagerFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess", + "AttachmentCount": 0, + "CreateDate": "2016-01-21T17:02:36+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "acm:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "acm.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" + }, + { + "Action": [ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus", + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJYCHABBP6VQIVBCBQ", "PolicyName": "AWSCertificateManagerFullAccess", - "UpdateDate": "2016-01-21T17:02:36+00:00", - "VersionId": "v1" + "UpdateDate": "2020-08-17T22:18:28+00:00", + "VersionId": "v2" }, "AWSCertificateManagerPrivateCAAuditor": { "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAAuditor", "AttachmentCount": 0, "CreateDate": "2018-10-23T16:51:08+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -1629,6 +3212,7 @@ aws_managed_policies_data = """ "acm-pca:GetCertificateAuthorityCsr", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", + "acm-pca:GetPolicy", "acm-pca:ListPermissions", "acm-pca:ListTags" ], @@ -1651,8 +3235,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJW77VE4UEBJ4PEXEY", "PolicyName": "AWSCertificateManagerPrivateCAAuditor", - "UpdateDate": "2019-03-14T17:17:38+00:00", - "VersionId": "v3" + "UpdateDate": "2020-08-17T22:54:12+00:00", + "VersionId": "v4" }, "AWSCertificateManagerPrivateCAFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAFullAccess", @@ -1680,11 +3264,74 @@ aws_managed_policies_data = """ "UpdateDate": "2018-10-23T16:54:50+00:00", "VersionId": "v1" }, + "AWSCertificateManagerPrivateCAPrivilegedUser": { + "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAPrivilegedUser", + "AttachmentCount": 0, + "CreateDate": "2019-06-20T17:43:13+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "acm-pca:IssueCertificate" + ], + "Condition": { + "StringLike": { + "acm-pca:TemplateArn": [ + "arn:aws:acm-pca:::template/*CACertificate*/V*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action": [ + "acm-pca:IssueCertificate" + ], + "Condition": { + "StringNotLike": { + "acm-pca:TemplateArn": [ + "arn:aws:acm-pca:::template/*CACertificate*/V*" + ] + } + }, + "Effect": "Deny", + "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action": [ + "acm-pca:RevokeCertificate", + "acm-pca:GetCertificate", + "acm-pca:ListPermissions" + ], + "Effect": "Allow", + "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action": [ + "acm-pca:ListCertificateAuthorities" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EQ6CWU5X5", + "PolicyName": "AWSCertificateManagerPrivateCAPrivilegedUser", + "UpdateDate": "2019-06-20T17:43:13+00:00", + "VersionId": "v1" + }, "AWSCertificateManagerPrivateCAReadOnly": { "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAReadOnly", "AttachmentCount": 0, "CreateDate": "2018-10-23T16:57:04+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": { "Action": [ @@ -1694,6 +3341,7 @@ aws_managed_policies_data = """ "acm-pca:GetCertificateAuthorityCsr", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", + "acm-pca:GetPolicy", "acm-pca:ListPermissions", "acm-pca:ListTags" ], @@ -1708,19 +3356,46 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJQAQT3WIXOXY7TD4A", "PolicyName": "AWSCertificateManagerPrivateCAReadOnly", - "UpdateDate": "2019-03-14T17:17:21+00:00", - "VersionId": "v2" + "UpdateDate": "2020-08-17T22:54:22+00:00", + "VersionId": "v3" }, "AWSCertificateManagerPrivateCAUser": { "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAUser", "AttachmentCount": 0, "CreateDate": "2018-10-23T16:53:33+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { "Action": [ - "acm-pca:IssueCertificate", + "acm-pca:IssueCertificate" + ], + "Condition": { + "StringLike": { + "acm-pca:TemplateArn": [ + "arn:aws:acm-pca:::template/EndEntityCertificate/V*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action": [ + "acm-pca:IssueCertificate" + ], + "Condition": { + "StringNotLike": { + "acm-pca:TemplateArn": [ + "arn:aws:acm-pca:::template/EndEntityCertificate/V*" + ] + } + }, + "Effect": "Deny", + "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action": [ "acm-pca:RevokeCertificate", "acm-pca:GetCertificate", "acm-pca:ListPermissions" @@ -1744,8 +3419,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJBXCSJJULLMRWSNII", "PolicyName": "AWSCertificateManagerPrivateCAUser", - "UpdateDate": "2019-03-14T17:17:02+00:00", - "VersionId": "v3" + "UpdateDate": "2019-06-20T17:42:37+00:00", + "VersionId": "v4" }, "AWSCertificateManagerReadOnly": { "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly", @@ -1774,11 +3449,52 @@ aws_managed_policies_data = """ "UpdateDate": "2016-04-21T15:08:16+00:00", "VersionId": "v2" }, + "AWSChatbotServiceLinkedRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-18T16:39:50+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "sns:Unsubscribe", + "sns:Subscribe", + "sns:ListSubscriptions" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/chatbot/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ID4WRYKST", + "PolicyName": "AWSChatbotServiceLinkedRolePolicy", + "UpdateDate": "2019-11-18T16:39:50+00:00", + "VersionId": "v1" + }, "AWSCloud9Administrator": { "Arn": "arn:aws:iam::aws:policy/AWSCloud9Administrator", "AttachmentCount": 0, "CreateDate": "2017-11-30T16:17:28+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -1803,6 +3519,28 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "*" + }, + { + "Action": "ssm:StartSession", + "Condition": { + "StringEquals": { + "aws:CalledViaFirst": "cloud9.amazonaws.com" + }, + "StringLike": { + "ssm:resourceTag/aws:cloud9:environment": "*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": [ + "ssm:StartSession" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/*" + ] } ], "Version": "2012-10-17" @@ -1813,14 +3551,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIQ4KWP455WDTCBGWK", "PolicyName": "AWSCloud9Administrator", - "UpdateDate": "2017-11-30T16:17:28+00:00", - "VersionId": "v1" + "UpdateDate": "2020-07-29T06:28:54+00:00", + "VersionId": "v2" }, "AWSCloud9EnvironmentMember": { "Arn": "arn:aws:iam::aws:policy/AWSCloud9EnvironmentMember", "AttachmentCount": 0, "CreateDate": "2017-11-30T16:18:28+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -1847,6 +3585,28 @@ aws_managed_policies_data = """ "Resource": [ "*" ] + }, + { + "Action": "ssm:StartSession", + "Condition": { + "StringEquals": { + "aws:CalledViaFirst": "cloud9.amazonaws.com" + }, + "StringLike": { + "ssm:resourceTag/aws:cloud9:environment": "*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": [ + "ssm:StartSession" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/*" + ] } ], "Version": "2012-10-17" @@ -1857,14 +3617,44 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI54ULAIPVT5HFTYGK", "PolicyName": "AWSCloud9EnvironmentMember", - "UpdateDate": "2017-11-30T16:18:28+00:00", + "UpdateDate": "2020-07-29T06:29:08+00:00", + "VersionId": "v2" + }, + "AWSCloud9SSMInstanceProfile": { + "Arn": "arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile", + "AttachmentCount": 0, + "CreateDate": "2020-05-14T11:40:49+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel", + "ssm:UpdateInstanceInformation" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IQOSNAKW6", + "PolicyName": "AWSCloud9SSMInstanceProfile", + "UpdateDate": "2020-05-14T11:40:49+00:00", "VersionId": "v1" }, "AWSCloud9ServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-11-30T13:44:08+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v7", "Document": { "Statement": [ { @@ -1875,6 +3665,7 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", "cloudformation:CreateStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", @@ -1909,7 +3700,10 @@ aws_managed_policies_data = """ } }, "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" + "Resource": [ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:security-group/*" + ] }, { "Action": [ @@ -1923,6 +3717,30 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "iam:ListInstanceProfiles", + "iam:GetInstanceProfile" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:instance-profile/cloud9/*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringLike": { + "iam:PassedToService": "ec2.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/service-role/AWSCloud9SSMAccessRole" + ] } ], "Version": "2012-10-17" @@ -1933,14 +3751,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJFXGCBXQIZATFZ4YG", "PolicyName": "AWSCloud9ServiceRolePolicy", - "UpdateDate": "2018-02-27T10:20:24+00:00", - "VersionId": "v2" + "UpdateDate": "2020-10-06T12:43:49+00:00", + "VersionId": "v7" }, "AWSCloud9User": { "Arn": "arn:aws:iam::aws:policy/AWSCloud9User", "AttachmentCount": 0, "CreateDate": "2017-11-30T16:16:17+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -2007,6 +3825,28 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "*" + }, + { + "Action": "ssm:StartSession", + "Condition": { + "StringEquals": { + "aws:CalledViaFirst": "cloud9.amazonaws.com" + }, + "StringLike": { + "ssm:resourceTag/aws:cloud9:environment": "*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": [ + "ssm:StartSession" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/*" + ] } ], "Version": "2012-10-17" @@ -2017,14 +3857,40 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJPFGFWQF67QVARP6U", "PolicyName": "AWSCloud9User", - "UpdateDate": "2018-07-02T08:46:37+00:00", - "VersionId": "v3" + "UpdateDate": "2020-07-29T06:26:43+00:00", + "VersionId": "v4" + }, + "AWSCloudFormationFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-07-26T21:50:35+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudformation:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CRR3ZS723", + "PolicyName": "AWSCloudFormationFullAccess", + "UpdateDate": "2019-07-26T21:50:35+00:00", + "VersionId": "v1" }, "AWSCloudFormationReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:39:49+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -2034,8 +3900,7 @@ aws_managed_policies_data = """ "cloudformation:Get*", "cloudformation:List*", "cloudformation:ValidateTemplate", - "cloudformation:DetectStackDrift", - "cloudformation:DetectStackResourceDrift" + "cloudformation:Detect*" ], "Effect": "Allow", "Resource": "*" @@ -2049,14 +3914,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJWVBEE4I2POWLODLW", "PolicyName": "AWSCloudFormationReadOnlyAccess", - "UpdateDate": "2019-02-06T22:16:02+00:00", - "VersionId": "v3" + "UpdateDate": "2019-11-13T17:40:07+00:00", + "VersionId": "v4" }, "AWSCloudFrontLogger": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontLogger", "AttachmentCount": 0, "CreateDate": "2018-06-12T20:15:23+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -2066,7 +3931,7 @@ aws_managed_policies_data = """ "logs:PutLogEvents" ], "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:/aws/cloudfront/*" + "Resource": "arn:aws:logs:*:*:log-group:/aws/cloudfront/*" } ], "Version": "2012-10-17" @@ -2077,8 +3942,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIOI7RPKLCNINBTRP4", "PolicyName": "AWSCloudFrontLogger", - "UpdateDate": "2018-06-12T20:15:23+00:00", - "VersionId": "v1" + "UpdateDate": "2019-11-22T19:33:51+00:00", + "VersionId": "v2" }, "AWSCloudHSMFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess", @@ -2199,7 +4064,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSCloudMapFullAccess", "AttachmentCount": 0, "CreateDate": "2018-11-28T23:57:31+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -2215,6 +4080,7 @@ aws_managed_policies_data = """ "route53:UpdateHealthCheck", "ec2:DescribeVpcs", "ec2:DescribeRegions", + "ec2:DescribeInstances", "servicediscovery:*" ], "Effect": "Allow", @@ -2231,8 +4097,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIZPIMAQZJS3WUXUJM", "PolicyName": "AWSCloudMapFullAccess", - "UpdateDate": "2018-11-28T23:57:31+00:00", - "VersionId": "v1" + "UpdateDate": "2020-07-29T19:15:35+00:00", + "VersionId": "v2" }, "AWSCloudMapReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCloudMapReadOnlyAccess", @@ -2268,7 +4134,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSCloudMapRegisterInstanceAccess", "AttachmentCount": 0, "CreateDate": "2018-11-29T00:04:57+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -2284,7 +4150,8 @@ aws_managed_policies_data = """ "servicediscovery:List*", "servicediscovery:RegisterInstance", "servicediscovery:DeregisterInstance", - "servicediscovery:DiscoverInstances" + "servicediscovery:DiscoverInstances", + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": [ @@ -2300,75 +4167,19 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI4P5Z5HXVWJ75WQBC", "PolicyName": "AWSCloudMapRegisterInstanceAccess", - "UpdateDate": "2018-11-29T00:04:57+00:00", - "VersionId": "v1" + "UpdateDate": "2020-07-29T17:57:24+00:00", + "VersionId": "v2" }, - "AWSCloudTrailFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess", + "AWSCloudShellFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess", "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:58+00:00", - "DefaultVersionId": "v7", + "CreateDate": "2020-12-15T18:07:44+00:00", + "DefaultVersionId": "v1", "Document": { "Statement": [ { "Action": [ - "sns:AddPermission", - "sns:CreateTopic", - "sns:DeleteTopic", - "sns:ListTopics", - "sns:SetTopicAttributes", - "sns:GetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:ListAllMyBuckets", - "s3:PutBucketPolicy", - "s3:ListBucket", - "s3:GetObject", - "s3:GetBucketLocation", - "s3:GetBucketPolicy" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudtrail:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole", - "iam:ListRoles", - "iam:GetRolePolicy", - "iam:GetUser" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListKeys", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:ListFunctions" + "cloudshell:*" ], "Effect": "Allow", "Resource": "*" @@ -2380,16 +4191,16 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQNUJTQYDRJPC3BNK", - "PolicyName": "AWSCloudTrailFullAccess", - "UpdateDate": "2019-05-21T23:39:06+00:00", - "VersionId": "v7" + "PolicyId": "ANPAZKAPJZG4HEDUXFSA3", + "PolicyName": "AWSCloudShellFullAccess", + "UpdateDate": "2020-12-15T18:07:44+00:00", + "VersionId": "v1" }, "AWSCloudTrailReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:39:59+00:00", - "DefaultVersionId": "v7", + "DefaultVersionId": "v9", "Document": { "Statement": [ { @@ -2402,12 +4213,15 @@ aws_managed_policies_data = """ }, { "Action": [ + "cloudtrail:GetTrail", "cloudtrail:GetTrailStatus", "cloudtrail:DescribeTrails", + "cloudtrail:ListTrails", "cloudtrail:LookupEvents", "cloudtrail:ListTags", "cloudtrail:ListPublicKeys", "cloudtrail:GetEventSelectors", + "cloudtrail:GetInsightSelectors", "s3:ListAllMyBuckets", "kms:ListAliases", "lambda:ListFunctions" @@ -2424,14 +4238,207 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJDU7KJADWBSEQ3E7S", "PolicyName": "AWSCloudTrailReadOnlyAccess", - "UpdateDate": "2017-12-11T19:51:37+00:00", - "VersionId": "v7" + "UpdateDate": "2019-11-20T21:06:49+00:00", + "VersionId": "v9" + }, + "AWSCloudTrail_FullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-10-08T23:41:15+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "sns:AddPermission", + "sns:CreateTopic", + "sns:SetTopicAttributes", + "sns:GetTopicAttributes" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sns:*:*:aws-cloudtrail-logs*" + ] + }, + { + "Action": [ + "sns:ListTopics" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:CreateBucket", + "s3:PutBucketPolicy", + "s3:PutBucketPublicAccessBlock" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::aws-cloudtrail-logs*" + ] + }, + { + "Action": [ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation", + "s3:GetBucketPolicy" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "cloudtrail:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogGroup" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:aws-cloudtrail-logs*" + ] + }, + { + "Action": [ + "iam:ListRoles", + "iam:GetRolePolicy", + "iam:GetUser" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": "cloudtrail.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:CreateKey", + "kms:CreateAlias", + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "lambda:ListFunctions" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "dynamodb:ListGlobalTables", + "dynamodb:ListTables" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CA4SIJQAM", + "PolicyName": "AWSCloudTrail_FullAccess", + "UpdateDate": "2021-02-22T19:01:00+00:00", + "VersionId": "v3" + }, + "AWSCodeArtifactAdminAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactAdminAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-16T23:53:23+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "codeartifact:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "sts:GetServiceBearerToken", + "Condition": { + "StringEquals": { + "sts:AWSServiceName": "codeartifact.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MBONPJNI5", + "PolicyName": "AWSCodeArtifactAdminAccess", + "UpdateDate": "2020-06-16T23:53:23+00:00", + "VersionId": "v1" + }, + "AWSCodeArtifactReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-25T21:23:52+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "codeartifact:Describe*", + "codeartifact:Get*", + "codeartifact:List*", + "codeartifact:ReadFromRepository" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "sts:GetServiceBearerToken", + "Condition": { + "StringEquals": { + "sts:AWSServiceName": "codeartifact.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PVTKOJHFB", + "PolicyName": "AWSCodeArtifactReadOnlyAccess", + "UpdateDate": "2020-06-25T21:23:52+00:00", + "VersionId": "v1" }, "AWSCodeBuildAdminAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess", "AttachmentCount": 0, "CreateDate": "2016-12-01T19:04:44+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v12", "Document": { "Statement": [ { @@ -2448,6 +4455,7 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "ecr:DescribeRepositories", "ecr:ListImages", + "elasticfilesystem:DescribeFileSystems", "events:DeleteRule", "events:DescribeRule", "events:DisableRule", @@ -2477,6 +4485,89 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*" + }, + { + "Action": [ + "ssm:StartSession" + ], + "Effect": "Allow", + "Resource": "arn:aws:ecs:*:*:task/*/*" + }, + { + "Action": [ + "codestar-connections:CreateConnection", + "codestar-connections:DeleteConnection", + "codestar-connections:UpdateConnectionInstallation", + "codestar-connections:TagResource", + "codestar-connections:UntagResource", + "codestar-connections:ListConnections", + "codestar-connections:ListInstallationTargets", + "codestar-connections:ListTagsForResource", + "codestar-connections:GetConnection", + "codestar-connections:GetIndividualAccessToken", + "codestar-connections:GetInstallationUrl", + "codestar-connections:PassConnection", + "codestar-connections:StartOAuthHandshake", + "codestar-connections:UseConnection" + ], + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:*:*:connection/*", + "Sid": "CodeStarConnectionsReadWriteAccess" + }, + { + "Action": [ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadWriteAccess" + }, + { + "Action": [ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsListAccess" + }, + { + "Action": [ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:codestar-notifications*", + "Sid": "CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action": [ + "sns:ListTopics", + "sns:GetTopicAttributes" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SNSTopicListAccess" + }, + { + "Action": [ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsChatbotAccess" } ], "Version": "2012-10-17" @@ -2487,22 +4578,28 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJQJGIOIE3CD2TQXDS", "PolicyName": "AWSCodeBuildAdminAccess", - "UpdateDate": "2018-11-15T21:21:56+00:00", - "VersionId": "v6" + "UpdateDate": "2020-09-14T16:03:39+00:00", + "VersionId": "v12" }, "AWSCodeBuildDeveloperAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", "AttachmentCount": 0, "CreateDate": "2016-12-01T19:02:32+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v13", "Document": { "Statement": [ { "Action": [ "codebuild:StartBuild", "codebuild:StopBuild", + "codebuild:StartBuildBatch", + "codebuild:StopBuildBatch", + "codebuild:RetryBuild", + "codebuild:RetryBuildBatch", "codebuild:BatchGet*", - "codebuild:Get*", + "codebuild:GetResourcePolicy", + "codebuild:DescribeTestCases", + "codebuild:DescribeCodeCoverages", "codebuild:List*", "codecommit:GetBranch", "codecommit:GetCommit", @@ -2525,6 +4622,67 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*" + }, + { + "Action": [ + "ssm:StartSession" + ], + "Effect": "Allow", + "Resource": "arn:aws:ecs:*:*:task/*/*" + }, + { + "Action": [ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:*:*:connection/*", + "Sid": "CodeStarConnectionsUserAccess" + }, + { + "Action": [ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadWriteAccess" + }, + { + "Action": [ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsListAccess" + }, + { + "Action": [ + "sns:ListTopics", + "sns:GetTopicAttributes" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SNSTopicListAccess" + }, + { + "Action": [ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsChatbotAccess" } ], "Version": "2012-10-17" @@ -2535,21 +4693,23 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIMKTMR34XSBQW45HS", "PolicyName": "AWSCodeBuildDeveloperAccess", - "UpdateDate": "2018-11-15T21:32:53+00:00", - "VersionId": "v4" + "UpdateDate": "2020-09-14T16:03:44+00:00", + "VersionId": "v13" }, "AWSCodeBuildReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2016-12-01T19:03:41+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v11", "Document": { "Statement": [ { "Action": [ "codebuild:BatchGet*", - "codebuild:Get*", + "codebuild:GetResourcePolicy", "codebuild:List*", + "codebuild:DescribeTestCases", + "codebuild:DescribeCodeCoverages", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetRepository", @@ -2561,6 +4721,38 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:*:*:connection/*", + "Sid": "CodeStarConnectionsUserAccess" + }, + { + "Action": [ + "codestar-notifications:DescribeNotificationRule" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsPowerUserAccess" + }, + { + "Action": [ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsListAccess" } ], "Version": "2012-10-17" @@ -2571,14 +4763,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJIZZWN6557F5HVP2K", "PolicyName": "AWSCodeBuildReadOnlyAccess", - "UpdateDate": "2018-11-15T21:38:34+00:00", - "VersionId": "v3" + "UpdateDate": "2020-09-14T16:04:04+00:00", + "VersionId": "v11" }, "AWSCodeCommitFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", "AttachmentCount": 0, "CreateDate": "2015-07-09T17:02:19+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v9", "Document": { "Statement": [ { @@ -2645,9 +4837,7 @@ aws_managed_policies_data = """ "Action": [ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", - "iam:ListServiceSpecificCredentials", - "iam:ListAccessKeys", - "iam:GetSSHPublicKey" + "iam:ListServiceSpecificCredentials" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", @@ -2675,6 +4865,101 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", "Sid": "IAMSelfManageServiceSpecificCredentials" + }, + { + "Action": [ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadWriteAccess" + }, + { + "Action": [ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsListAccess" + }, + { + "Action": [ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:codestar-notifications*", + "Sid": "CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action": [ + "codeguru-reviewer:AssociateRepository", + "codeguru-reviewer:DescribeRepositoryAssociation", + "codeguru-reviewer:ListRepositoryAssociations", + "codeguru-reviewer:DisassociateRepository", + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListCodeReviews" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AmazonCodeGuruReviewerFullAccess" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", + "Sid": "AmazonCodeGuruReviewerSLRCreation" + }, + { + "Action": [ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:RemoveTargets" + ], + "Condition": { + "StringEquals": { + "events:ManagedBy": "codeguru-reviewer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudWatchEventsManagedRules" + }, + { + "Action": [ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsChatbotAccess" + }, + { + "Action": [ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:*:*:connection/*", + "Sid": "CodeStarConnectionsReadOnlyAccess" } ], "Version": "2012-10-17" @@ -2685,29 +4970,35 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI4VCZ3XPIZLQ5NZV2", "PolicyName": "AWSCodeCommitFullAccess", - "UpdateDate": "2017-11-20T20:04:31+00:00", - "VersionId": "v2" + "UpdateDate": "2020-07-30T23:17:35+00:00", + "VersionId": "v9" }, "AWSCodeCommitPowerUser": { "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser", "AttachmentCount": 0, "CreateDate": "2015-07-09T17:06:49+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v14", "Document": { "Statement": [ { "Action": [ + "codecommit:AssociateApprovalRuleTemplateWithRepository", + "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", + "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:BatchGet*", "codecommit:BatchDescribe*", - "codecommit:Get*", - "codecommit:List*", "codecommit:Create*", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:Describe*", + "codecommit:DisassociateApprovalRuleTemplateFromRepository", + "codecommit:EvaluatePullRequestApprovalRules", + "codecommit:Get*", + "codecommit:List*", + "codecommit:Merge*", + "codecommit:OverridePullRequestApprovalRules", "codecommit:Put*", "codecommit:Post*", - "codecommit:Merge*", "codecommit:TagResource", "codecommit:Test*", "codecommit:UntagResource", @@ -2772,9 +5063,7 @@ aws_managed_policies_data = """ "Action": [ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", - "iam:ListServiceSpecificCredentials", - "iam:ListAccessKeys", - "iam:GetSSHPublicKey" + "iam:ListServiceSpecificCredentials" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", @@ -2802,6 +5091,91 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", "Sid": "IAMSelfManageServiceSpecificCredentials" + }, + { + "Action": [ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadWriteAccess" + }, + { + "Action": [ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsListAccess" + }, + { + "Action": [ + "codeguru-reviewer:AssociateRepository", + "codeguru-reviewer:DescribeRepositoryAssociation", + "codeguru-reviewer:ListRepositoryAssociations", + "codeguru-reviewer:DisassociateRepository", + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListCodeReviews" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AmazonCodeGuruReviewerFullAccess" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", + "Sid": "AmazonCodeGuruReviewerSLRCreation" + }, + { + "Action": [ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:RemoveTargets" + ], + "Condition": { + "StringEquals": { + "events:ManagedBy": "codeguru-reviewer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudWatchEventsManagedRules" + }, + { + "Action": [ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsChatbotAccess" + }, + { + "Action": [ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:*:*:connection/*", + "Sid": "CodeStarConnectionsReadOnlyAccess" } ], "Version": "2012-10-17" @@ -2812,22 +5186,23 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI4UIINUVGB5SEC57G", "PolicyName": "AWSCodeCommitPowerUser", - "UpdateDate": "2019-05-30T19:37:08+00:00", - "VersionId": "v6" + "UpdateDate": "2020-07-30T23:12:48+00:00", + "VersionId": "v14" }, "AWSCodeCommitReadOnly": { "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly", "AttachmentCount": 0, "CreateDate": "2015-07-09T17:05:06+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v10", "Document": { "Statement": [ { "Action": [ "codecommit:BatchGet*", "codecommit:BatchDescribe*", - "codecommit:Get*", "codecommit:Describe*", + "codecommit:EvaluatePullRequestApprovalRules", + "codecommit:Get*", "codecommit:List*", "codecommit:GitPull" ], @@ -2880,6 +5255,49 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", "Sid": "IAMReadOnlyConsoleAccess" + }, + { + "Action": [ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:*:*:connection/*", + "Sid": "CodeStarConnectionsReadOnlyAccess" + }, + { + "Action": [ + "codestar-notifications:DescribeNotificationRule" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadOnlyAccess" + }, + { + "Action": [ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsListAccess" + }, + { + "Action": [ + "codeguru-reviewer:DescribeRepositoryAssociation", + "codeguru-reviewer:ListRepositoryAssociations", + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListCodeReviews" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AmazonCodeGuruReviewerReadOnlyAccess" } ], "Version": "2012-10-17" @@ -2890,14 +5308,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJACNSXR7Z2VLJW3D6", "PolicyName": "AWSCodeCommitReadOnly", - "UpdateDate": "2019-05-15T17:26:42+00:00", - "VersionId": "v3" + "UpdateDate": "2020-07-30T23:08:05+00:00", + "VersionId": "v10" }, "AWSCodeDeployDeployerAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess", "AttachmentCount": 0, "CreateDate": "2015-05-19T18:18:43+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -2910,6 +5328,50 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadWriteAccess" + }, + { + "Action": [ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsListAccess" + }, + { + "Action": [ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsChatbotAccess" + }, + { + "Action": [ + "sns:ListTopics" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SNSTopicListAccess" } ], "Version": "2012-10-17" @@ -2920,20 +5382,74 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJUWEPOMGLMVXJAPUI", "PolicyName": "AWSCodeDeployDeployerAccess", - "UpdateDate": "2015-05-19T18:18:43+00:00", - "VersionId": "v1" + "UpdateDate": "2020-04-02T16:16:11+00:00", + "VersionId": "v3" }, "AWSCodeDeployFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess", "AttachmentCount": 0, "CreateDate": "2015-05-19T18:13:23+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": "codedeploy:*", "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadWriteAccess" + }, + { + "Action": [ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsListAccess" + }, + { + "Action": [ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:codestar-notifications*", + "Sid": "CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action": [ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsChatbotAccess" + }, + { + "Action": [ + "sns:ListTopics" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SNSTopicListAccess" } ], "Version": "2012-10-17" @@ -2944,14 +5460,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIONKN3TJZUKXCHXWC", "PolicyName": "AWSCodeDeployFullAccess", - "UpdateDate": "2015-05-19T18:13:23+00:00", - "VersionId": "v1" + "UpdateDate": "2020-04-02T16:14:47+00:00", + "VersionId": "v3" }, "AWSCodeDeployReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-05-19T18:21:32+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -2962,6 +5478,29 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "codestar-notifications:DescribeNotificationRule" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsPowerUserAccess" + }, + { + "Action": [ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsListAccess" } ], "Version": "2012-10-17" @@ -2972,14 +5511,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAILZHHKCKB4NE7XOIQ", "PolicyName": "AWSCodeDeployReadOnlyAccess", - "UpdateDate": "2015-05-19T18:21:32+00:00", - "VersionId": "v1" + "UpdateDate": "2020-04-02T16:20:09+00:00", + "VersionId": "v3" }, "AWSCodeDeployRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole", "AttachmentCount": 0, "CreateDate": "2015-05-04T18:05:37+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -3001,6 +5540,7 @@ aws_managed_policies_data = """ "autoscaling:SuspendProcesses", "autoscaling:ResumeProcesses", "autoscaling:AttachLoadBalancers", + "autoscaling:AttachLoadBalancerTargetGroups", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:PutNotificationConfiguration", @@ -3010,7 +5550,6 @@ aws_managed_policies_data = """ "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:TerminateInstances", - "tag:GetTags", "tag:GetResources", "sns:Publish", "cloudwatch:DescribeAlarms", @@ -3036,14 +5575,40 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ2NKMKD73QS5NBFLA", "PolicyName": "AWSCodeDeployRole", - "UpdateDate": "2017-09-11T19:09:51+00:00", - "VersionId": "v6" + "UpdateDate": "2020-05-19T17:11:39+00:00", + "VersionId": "v8" + }, + "AWSCodeDeployRoleForCloudFormation": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForCloudFormation", + "AttachmentCount": 0, + "CreateDate": "2020-05-19T17:12:52+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "lambda:InvokeFunction" + ], + "Effect": "Allow", + "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CO24UTMFH", + "PolicyName": "AWSCodeDeployRoleForCloudFormation", + "UpdateDate": "2020-05-19T17:12:52+00:00", + "VersionId": "v1" }, "AWSCodeDeployRoleForECS": { "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS", "AttachmentCount": 0, "CreateDate": "2018-11-27T20:40:57+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -3061,7 +5626,6 @@ aws_managed_policies_data = """ "cloudwatch:DescribeAlarms", "sns:Publish", "s3:GetObject", - "s3:GetObjectMetadata", "s3:GetObjectVersion" ], "Effect": "Allow", @@ -3090,14 +5654,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIIL3KXEKRGEN2HFIO", "PolicyName": "AWSCodeDeployRoleForECS", - "UpdateDate": "2018-12-19T17:57:04+00:00", - "VersionId": "v2" + "UpdateDate": "2019-09-23T22:37:46+00:00", + "VersionId": "v3" }, "AWSCodeDeployRoleForECSLimited": { "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECSLimited", "AttachmentCount": 0, "CreateDate": "2018-11-27T20:42:42+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -3139,7 +5703,6 @@ aws_managed_policies_data = """ { "Action": [ "s3:GetObject", - "s3:GetObjectMetadata", "s3:GetObjectVersion" ], "Condition": { @@ -3176,14 +5739,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ6Z7L2IOXEFFOGD2M", "PolicyName": "AWSCodeDeployRoleForECSLimited", - "UpdateDate": "2018-12-19T18:06:16+00:00", - "VersionId": "v2" + "UpdateDate": "2019-09-23T22:10:29+00:00", + "VersionId": "v3" }, "AWSCodeDeployRoleForLambda": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda", "AttachmentCount": 0, "CreateDate": "2017-11-28T14:05:44+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -3191,6 +5754,7 @@ aws_managed_policies_data = """ "cloudwatch:DescribeAlarms", "lambda:UpdateAlias", "lambda:GetAlias", + "lambda:GetProvisionedConcurrencyConfig", "sns:Publish" ], "Effect": "Allow", @@ -3233,8 +5797,65 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJA3RQZIKNOSJ4ZQSA", "PolicyName": "AWSCodeDeployRoleForLambda", - "UpdateDate": "2017-12-01T22:32:58+00:00", - "VersionId": "v2" + "UpdateDate": "2019-12-03T19:53:10+00:00", + "VersionId": "v3" + }, + "AWSCodeDeployRoleForLambdaLimited": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited", + "AttachmentCount": 0, + "CreateDate": "2020-08-17T17:14:14+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudwatch:DescribeAlarms", + "lambda:UpdateAlias", + "lambda:GetAlias", + "lambda:GetProvisionedConcurrencyConfig" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::*/CodeDeploy/*" + }, + { + "Action": [ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Condition": { + "StringEquals": { + "s3:ExistingObjectTag/UseWithCodeDeploy": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "lambda:InvokeFunction" + ], + "Effect": "Allow", + "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4C55RUFGEB", + "PolicyName": "AWSCodeDeployRoleForLambdaLimited", + "UpdateDate": "2020-08-17T17:14:14+00:00", + "VersionId": "v1" }, "AWSCodePipelineApproverAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess", @@ -3301,20 +5922,194 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess", "AttachmentCount": 0, "CreateDate": "2015-07-09T16:58:07+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v10", "Document": { "Statement": [ { "Action": [ "codepipeline:*", + "cloudformation:DescribeStacks", + "cloudformation:ListChangeSets", + "cloudtrail:CreateTrail", + "cloudtrail:DescribeTrails", + "cloudtrail:GetEventSelectors", + "cloudtrail:PutEventSelectors", + "cloudtrail:StartLogging", + "codebuild:BatchGetProjects", + "codebuild:CreateProject", + "codebuild:ListCuratedEnvironmentImages", + "codebuild:ListProjects", + "codecommit:GetBranch", + "codecommit:GetRepositoryTriggers", + "codecommit:ListBranches", + "codecommit:ListRepositories", + "codecommit:PutRepositoryTriggers", + "codecommit:GetReferences", + "codedeploy:GetApplication", + "codedeploy:BatchGetApplications", + "codedeploy:GetDeploymentGroup", + "codedeploy:BatchGetDeploymentGroups", + "codedeploy:ListApplications", + "codedeploy:ListDeploymentGroups", + "devicefarm:GetDevicePool", + "devicefarm:GetProject", + "devicefarm:ListDevicePools", + "devicefarm:ListProjects", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecs:ListClusters", + "ecs:ListServices", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:DescribeEnvironments", "iam:ListRoles", - "iam:PassRole", + "iam:GetRole", + "lambda:GetFunctionConfiguration", + "lambda:ListFunctions", + "events:ListRules", + "events:ListTargetsByRule", + "events:DescribeRule", + "opsworks:DescribeApps", + "opsworks:DescribeLayers", + "opsworks:DescribeStacks", + "s3:GetBucketPolicy", + "s3:GetBucketVersioning", + "s3:GetObjectVersion", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sns:ListTopics", + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes", + "states:ListStateMachines" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetObject", "s3:CreateBucket", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3::*:codepipeline-*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "events.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/service-role/cwe-role-*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "codepipeline.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:DisableRule", + "events:RemoveTargets" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:events:*:*:rule/codepipeline-*" + ] + }, + { + "Action": [ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadWriteAccess" + }, + { + "Action": [ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:codestar-notifications*", + "Sid": "CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action": [ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsChatbotAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAJP5LH77KSAT2KHQGG", + "PolicyName": "AWSCodePipelineFullAccess", + "UpdateDate": "2020-05-21T22:03:13+00:00", + "VersionId": "v10" + }, + "AWSCodePipelineReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2015-07-09T16:43:57+00:00", + "DefaultVersionId": "v9", + "Document": { + "Statement": [ + { + "Action": [ + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:GetPipelineExecution", + "codepipeline:ListPipelineExecutions", + "codepipeline:ListActionExecutions", + "codepipeline:ListActionTypes", + "codepipeline:ListPipelines", + "codepipeline:ListTagsForResource", + "iam:ListRoles", "s3:GetBucketPolicy", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", - "s3:PutBucketPolicy", "codecommit:ListBranches", "codecommit:ListRepositories", "codedeploy:GetApplication", @@ -3328,60 +6123,25 @@ aws_managed_policies_data = """ "opsworks:DescribeApps", "opsworks:DescribeLayers", "opsworks:DescribeStacks", - "cloudformation:DescribeStacks", - "cloudformation:ListChangeSets" + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" ], "Effect": "Allow", "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJP5LH77KSAT2KHQGG", - "PolicyName": "AWSCodePipelineFullAccess", - "UpdateDate": "2016-11-01T19:59:46+00:00", - "VersionId": "v5" - }, - "AWSCodePipelineReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T16:43:57+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ + }, { "Action": [ - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:GetPipelineExecution", - "codepipeline:ListPipelineExecutions", - "codepipeline:ListActionTypes", - "codepipeline:ListPipelines", - "iam:ListRoles", - "s3:GetBucketPolicy", - "s3:GetObject", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "codecommit:ListBranches", - "codecommit:ListRepositories", - "codedeploy:GetApplication", - "codedeploy:GetDeploymentGroup", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentGroups", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "lambda:GetFunctionConfiguration", - "lambda:ListFunctions", - "opsworks:DescribeApps", - "opsworks:DescribeLayers", - "opsworks:DescribeStacks" + "codestar-notifications:DescribeNotificationRule" ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" + } + }, "Effect": "Allow", - "Resource": "*" + "Resource": "*", + "Sid": "CodeStarNotificationsReadOnlyAccess" } ], "Version": "2012-10-17" @@ -3392,8 +6152,232 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAILFKZXIBOTNC5TO2Q", "PolicyName": "AWSCodePipelineReadOnlyAccess", - "UpdateDate": "2017-08-02T17:25:18+00:00", - "VersionId": "v6" + "UpdateDate": "2020-03-26T16:07:17+00:00", + "VersionId": "v9" + }, + "AWSCodePipeline_FullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-08-03T22:38:28+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "codepipeline:*", + "cloudformation:DescribeStacks", + "cloudformation:ListChangeSets", + "cloudtrail:DescribeTrails", + "codebuild:BatchGetProjects", + "codebuild:CreateProject", + "codebuild:ListCuratedEnvironmentImages", + "codebuild:ListProjects", + "codecommit:ListBranches", + "codecommit:GetReferences", + "codecommit:ListRepositories", + "codedeploy:BatchGetDeploymentGroups", + "codedeploy:ListApplications", + "codedeploy:ListDeploymentGroups", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecs:ListClusters", + "ecs:ListServices", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:DescribeEnvironments", + "iam:ListRoles", + "iam:GetRole", + "lambda:ListFunctions", + "events:ListRules", + "events:ListTargetsByRule", + "events:DescribeRule", + "opsworks:DescribeApps", + "opsworks:DescribeLayers", + "opsworks:DescribeStacks", + "s3:ListAllMyBuckets", + "sns:ListTopics", + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes", + "states:ListStateMachines" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetObject", + "s3:ListBucket", + "s3:GetBucketPolicy", + "s3:GetBucketVersioning", + "s3:GetObjectVersion", + "s3:CreateBucket", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3::*:codepipeline-*" + }, + { + "Action": [ + "cloudtrail:PutEventSelectors", + "cloudtrail:CreateTrail", + "cloudtrail:GetEventSelectors", + "cloudtrail:StartLogging" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudtrail:*:*:trail/codepipeline-source-trail" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "events.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/service-role/cwe-role-*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "codepipeline.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:DisableRule", + "events:RemoveTargets" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:events:*:*:rule/codepipeline-*" + ] + }, + { + "Action": [ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadWriteAccess" + }, + { + "Action": [ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:codestar-notifications*", + "Sid": "CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action": [ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsChatbotAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4A6ZKP3LKA", + "PolicyName": "AWSCodePipeline_FullAccess", + "UpdateDate": "2020-08-03T22:38:28+00:00", + "VersionId": "v1" + }, + "AWSCodePipeline_ReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_ReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-08-03T22:25:17+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:GetPipelineExecution", + "codepipeline:ListPipelineExecutions", + "codepipeline:ListActionExecutions", + "codepipeline:ListActionTypes", + "codepipeline:ListPipelines", + "codepipeline:ListTagsForResource", + "s3:ListAllMyBuckets", + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetObject", + "s3:ListBucket", + "s3:GetBucketPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3::*:codepipeline-*" + }, + { + "Action": [ + "codestar-notifications:DescribeNotificationRule" + ], + "Condition": { + "StringLike": { + "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeStarNotificationsReadOnlyAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IGBTPGT6W", + "PolicyName": "AWSCodePipeline_ReadOnlyAccess", + "UpdateDate": "2020-08-03T22:25:17+00:00", + "VersionId": "v1" }, "AWSCodeStarFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSCodeStarFullAccess", @@ -3438,11 +6422,70 @@ aws_managed_policies_data = """ "UpdateDate": "2018-01-10T21:54:06+00:00", "VersionId": "v2" }, + "AWSCodeStarNotificationsServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-05T16:10:21+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": "arn:aws:events:*:*:rule/awscodestarnotifications-*" + }, + { + "Action": [ + "sns:CreateTopic" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:CodeStarNotifications-*" + }, + { + "Action": [ + "codecommit:GetCommentsForPullRequest", + "codecommit:GetCommentsForComparedCommit", + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:UpdateSlackChannelConfiguration", + "codecommit:GetDifferences", + "codepipeline:ListActionExecutions" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "codecommit:GetFile" + ], + "Condition": { + "StringNotEquals": { + "aws:ResourceTag/ExcludeFileContentFromNotifications": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BGRXOB2GH", + "PolicyName": "AWSCodeStarNotificationsServiceRolePolicy", + "UpdateDate": "2020-03-19T16:01:55+00:00", + "VersionId": "v4" + }, "AWSCodeStarServiceRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole", "AttachmentCount": 0, "CreateDate": "2017-04-19T15:20:50+00:00", - "DefaultVersionId": "v9", + "DefaultVersionId": "v10", "Document": { "Statement": [ { @@ -3626,6 +6669,26 @@ aws_managed_policies_data = """ "*" ], "Sid": "DescribeConfigRuleForARN" + }, + { + "Action": [ + "codestar-connections:UseConnection", + "codestar-connections:GetConnection" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ProjectCodeStarConnections" + }, + { + "Action": "codestar-connections:PassConnection", + "Condition": { + "ForAnyValue:StringEqualsIfExists": { + "codestar-connections:PassedToService": "codepipeline.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "ProjectCodeStarConnectionsPassConnections" } ], "Version": "2012-10-17" @@ -3636,33 +6699,280 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIN6D4M2KD3NBOC4M4", "PolicyName": "AWSCodeStarServiceRole", - "UpdateDate": "2019-04-24T19:25:28+00:00", - "VersionId": "v9" + "UpdateDate": "2021-02-15T22:25:37+00:00", + "VersionId": "v10" + }, + "AWSCompromisedKeyQuarantine": { + "Arn": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantine", + "AttachmentCount": 0, + "CreateDate": "2020-08-11T18:04:13+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iam:AttachGroupPolicy", + "iam:AttachRolePolicy", + "iam:AttachUserPolicy", + "iam:ChangePassword", + "iam:CreateAccessKey", + "iam:CreateInstanceProfile", + "iam:CreateLoginProfile", + "iam:CreateRole", + "iam:CreateUser", + "iam:DetachUserPolicy", + "iam:PutUserPermissionsBoundary", + "iam:PutUserPolicy", + "iam:UpdateAccessKey", + "iam:UpdateAccountPasswordPolicy", + "iam:UpdateUser", + "ec2:RequestSpotInstances", + "ec2:RunInstances", + "ec2:StartInstances", + "organizations:CreateAccount", + "organizations:CreateOrganization", + "organizations:InviteAccountToOrganization", + "lambda:CreateFunction", + "lightsail:Create*", + "lightsail:Start*", + "lightsail:Delete*", + "lightsail:Update*", + "lightsail:GetInstanceAccessDetails", + "lightsail:DownloadDefaultKeyPair" + ], + "Effect": "Deny", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PLD3NKX4L", + "PolicyName": "AWSCompromisedKeyQuarantine", + "UpdateDate": "2020-08-11T18:04:13+00:00", + "VersionId": "v1" + }, + "AWSConfigMultiAccountSetupPolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigMultiAccountSetupPolicy", + "AttachmentCount": 0, + "CreateDate": "2019-06-17T18:03:16+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "config:PutConfigRule", + "config:DeleteConfigRule" + ], + "Effect": "Allow", + "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-multiaccountsetup.amazonaws.com/*" + }, + { + "Action": [ + "config:DescribeConfigurationRecorders" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeAccount" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "config:PutConformancePack", + "config:DeleteConformancePack", + "config:DescribeConformancePackStatus" + ], + "Effect": "Allow", + "Resource": "arn:aws:config:*:*:conformance-pack/aws-service-conformance-pack/config-multiaccountsetup.amazonaws.com/*" + }, + { + "Action": [ + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "config-conforms.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "ssm.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4L5NAGNGTD", + "PolicyName": "AWSConfigMultiAccountSetupPolicy", + "UpdateDate": "2020-05-21T22:59:26+00:00", + "VersionId": "v4" + }, + "AWSConfigRemediationServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigRemediationServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-06-18T21:21:35+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:StartAutomationExecution" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "ssm.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BC7ZOM6NP", + "PolicyName": "AWSConfigRemediationServiceRolePolicy", + "UpdateDate": "2019-06-18T21:21:35+00:00", + "VersionId": "v1" }, "AWSConfigRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRole", "AttachmentCount": 0, "CreateDate": "2015-04-02T17:36:23+00:00", - "DefaultVersionId": "v25", + "DefaultVersionId": "v36", "Document": { "Statement": [ { "Action": [ + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm:ListTagsForCertificate", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribePolicies", + "autoscaling:DescribeScheduledActions", + "autoscaling:DescribeTags", + "backup:ListBackupPlans", + "backup:ListBackupSelections", + "backup:GetBackupSelection", + "cloudfront:ListTagsForResource", + "cloudformation:describeType", + "cloudformation:listTypes", "cloudtrail:DescribeTrails", - "ec2:Describe*", - "config:Put*", - "config:Get*", - "config:List*", - "config:Describe*", - "config:BatchGet*", - "config:Select*", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", - "s3:GetObject", + "cloudwatch:DescribeAlarms", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:ListPipelines", + "config:BatchGet*", + "config:Describe*", + "config:Get*", + "config:List*", + "config:Put*", + "config:Select*", + "dax:DescribeClusters", + "dms:DescribeReplicationInstances", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "dynamodb:ListTagsOfResource", + "ec2:Describe*", + "ec2:GetEbsEncryptionByDefault", + "ecr:DescribeRepositories", + "ecr:GetLifecyclePolicy", + "ecr:GetRepositoryPolicy", + "ecr:ListTagsForResource", + "ecs:DescribeClusters", + "ecs:DescribeServices", + "ecs:DescribeTaskDefinition", + "ecs:DescribeTaskSets", + "ecs:ListClusters", + "ecs:ListServices", + "ecs:ListTagsForResource", + "ecs:ListTaskDefinitions", + "eks:DescribeCluster", + "eks:DescribeNodegroup", + "eks:ListClusters", + "eks:ListNodegroups", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeReplicationGroups", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListInstances", + "es:DescribeElasticsearchDomain", + "es:DescribeElasticsearchDomains", + "es:ListDomainNames", + "es:ListTags", + "guardduty:GetDetector", + "guardduty:GetFindings", + "guardduty:GetMasterAccount", + "guardduty:ListDetectors", + "guardduty:ListFindings", + "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", + "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetPolicy", @@ -3671,8 +6981,6 @@ aws_managed_policies_data = """ "iam:GetRolePolicy", "iam:GetUser", "iam:GetUserPolicy", - "iam:GenerateCredentialReport", - "iam:GetCredentialReport", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", @@ -3684,13 +6992,21 @@ aws_managed_policies_data = """ "iam:ListRolePolicies", "iam:ListUserPolicies", "iam:ListVirtualMFADevices", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeTags", - "acm:DescribeCertificate", - "acm:ListCertificates", - "acm:ListTagsForCertificate", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:ListKeys", + "kms:ListResourceTags", + "lambda:GetAlias", + "lambda:GetFunction", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListFunctions", + "logs:DescribeLogGroups", + "organizations:DescribeOrganization", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", @@ -3698,25 +7014,6 @@ aws_managed_policies_data = """ "rds:DescribeDBSubnetGroups", "rds:DescribeEventSubscriptions", "rds:ListTagsForResource", - "rds:DescribeDBClusters", - "s3:GetAccelerateConfiguration", - "s3:GetBucketAcl", - "s3:GetBucketCORS", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketNotification", - "s3:GetBucketPolicy", - "s3:GetBucketRequestPayment", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetLifecycleConfiguration", - "s3:GetReplicationConfiguration", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:GetEncryptionConfiguration", - "s3:GetBucketPublicAccessBlock", - "s3:GetAccountPublicAccessBlock", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusterSecurityGroups", @@ -3725,41 +7022,57 @@ aws_managed_policies_data = """ "redshift:DescribeClusters", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "dynamodb:ListTagsOfResource", - "cloudwatch:DescribeAlarms", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeLifecycleHooks", - "autoscaling:DescribePolicies", - "autoscaling:DescribeScheduledActions", - "autoscaling:DescribeTags", - "lambda:GetFunction", - "lambda:GetPolicy", - "lambda:ListFunctions", - "lambda:GetAlias", - "lambda:ListAliases", - "waf-regional:GetWebACLForResource", - "waf-regional:GetWebACL", - "cloudfront:ListTagsForResource", - "guardduty:ListDetectors", - "guardduty:GetMasterAccount", - "guardduty:GetDetector", - "codepipeline:ListPipelines", - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "kms:ListKeys", - "kms:GetKeyRotationStatus", - "kms:DescribeKey", - "ssm:DescribeDocument", - "ssm:GetDocument", + "s3:GetAccelerateConfiguration", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketNotification", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketRequestPayment", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetObject", + "s3:GetReplicationConfiguration", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeNotebookInstance", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListNotebookInstances", + "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", + "securityhub:describeHub", + "shield:DescribeDRTAccess", + "shield:DescribeProtection", + "shield:DescribeSubscription", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListTagsForResource", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:ListQueues", + "sqs:ListQueueTags", "ssm:DescribeAutomationExecutions", + "ssm:DescribeDocument", "ssm:GetAutomationExecution", - "shield:DescribeProtection" + "ssm:GetDocument", + "storagegateway:ListGateways", + "storagegateway:ListVolumes", + "support:DescribeCases", + "tag:GetResources", + "waf:GetLoggingConfiguration", + "waf:GetWebACL", + "wafv2:GetLoggingConfiguration", + "waf-regional:GetLoggingConfiguration", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource" ], "Effect": "Allow", "Resource": "*" @@ -3773,21 +7086,22 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIQRXRDRGJUA33ELIO", "PolicyName": "AWSConfigRole", - "UpdateDate": "2019-05-13T21:29:39+00:00", - "VersionId": "v25" + "UpdateDate": "2021-01-29T19:22:20+00:00", + "VersionId": "v36" }, "AWSConfigRoleForOrganizations": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations", "AttachmentCount": 0, "CreateDate": "2018-03-19T22:53:01+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "organizations:ListAccounts", "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization" + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators" ], "Effect": "Allow", "Resource": "*" @@ -3801,8 +7115,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIEHGYAUTHXSXZAW2E", "PolicyName": "AWSConfigRoleForOrganizations", - "UpdateDate": "2018-03-19T22:53:01+00:00", - "VersionId": "v1" + "UpdateDate": "2020-11-24T20:19:13+00:00", + "VersionId": "v2" }, "AWSConfigRulesExecutionRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole", @@ -3846,27 +7160,98 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-05-30T23:31:46+00:00", - "DefaultVersionId": "v11", + "DefaultVersionId": "v22", "Document": { "Statement": [ { "Action": [ + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm:ListTagsForCertificate", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribePolicies", + "autoscaling:DescribeScheduledActions", + "autoscaling:DescribeTags", + "backup:ListBackupPlans", + "backup:ListBackupSelections", + "backup:GetBackupSelection", + "cloudfront:ListTagsForResource", + "cloudformation:describeType", + "cloudformation:listTypes", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", - "ec2:Describe*", - "config:Put*", - "config:Get*", - "config:List*", - "config:Describe*", - "config:BatchGet*", - "config:Select*", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", + "cloudwatch:DescribeAlarms", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:ListPipelines", + "config:BatchGet*", + "config:Describe*", + "config:Get*", + "config:List*", + "config:Put*", + "config:Select*", + "dax:DescribeClusters", + "dms:DescribeReplicationInstances", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "dynamodb:ListTagsOfResource", + "ec2:Describe*", + "ec2:GetEbsEncryptionByDefault", + "ecr:DescribeRepositories", + "ecr:GetLifecyclePolicy", + "ecr:GetRepositoryPolicy", + "ecr:ListTagsForResource", + "ecs:DescribeClusters", + "ecs:DescribeServices", + "ecs:DescribeTaskDefinition", + "ecs:DescribeTaskSets", + "ecs:ListClusters", + "ecs:ListServices", + "ecs:ListTagsForResource", + "ecs:ListTaskDefinitions", + "eks:DescribeCluster", + "eks:DescribeNodegroup", + "eks:ListClusters", + "eks:ListNodegroups", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeReplicationGroups", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListInstances", + "es:DescribeElasticsearchDomain", + "es:DescribeElasticsearchDomains", + "es:ListDomainNames", + "es:ListTags", + "guardduty:GetDetector", + "guardduty:GetFindings", + "guardduty:GetMasterAccount", + "guardduty:ListDetectors", + "guardduty:ListFindings", "iam:GenerateCredentialReport", - "iam:GetCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", + "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetPolicy", @@ -3886,13 +7271,21 @@ aws_managed_policies_data = """ "iam:ListRolePolicies", "iam:ListUserPolicies", "iam:ListVirtualMFADevices", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeTags", - "acm:DescribeCertificate", - "acm:ListCertificates", - "acm:ListTagsForCertificate", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:ListKeys", + "kms:ListResourceTags", + "lambda:GetAlias", + "lambda:GetFunction", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListFunctions", + "logs:DescribeLogGroups", + "organizations:DescribeOrganization", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", @@ -3900,25 +7293,6 @@ aws_managed_policies_data = """ "rds:DescribeDBSubnetGroups", "rds:DescribeEventSubscriptions", "rds:ListTagsForResource", - "rds:DescribeDBClusters", - "s3:GetAccelerateConfiguration", - "s3:GetBucketAcl", - "s3:GetBucketCORS", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketNotification", - "s3:GetBucketPolicy", - "s3:GetBucketRequestPayment", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetLifecycleConfiguration", - "s3:GetReplicationConfiguration", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:GetEncryptionConfiguration", - "s3:GetBucketPublicAccessBlock", - "s3:GetAccountPublicAccessBlock", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusterSecurityGroups", @@ -3927,41 +7301,56 @@ aws_managed_policies_data = """ "redshift:DescribeClusters", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "dynamodb:ListTagsOfResource", - "cloudwatch:DescribeAlarms", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeLifecycleHooks", - "autoscaling:DescribePolicies", - "autoscaling:DescribeScheduledActions", - "autoscaling:DescribeTags", - "lambda:GetFunction", - "lambda:GetPolicy", - "lambda:ListFunctions", - "lambda:GetAlias", - "lambda:ListAliases", - "waf-regional:GetWebACLForResource", - "waf-regional:GetWebACL", - "cloudfront:ListTagsForResource", - "guardduty:ListDetectors", - "guardduty:GetMasterAccount", - "guardduty:GetDetector", - "codepipeline:ListPipelines", - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "kms:ListKeys", - "kms:GetKeyRotationStatus", - "kms:DescribeKey", - "ssm:DescribeDocument", - "ssm:GetDocument", + "s3:GetAccelerateConfiguration", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketNotification", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketRequestPayment", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetReplicationConfiguration", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeNotebookInstance", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListNotebookInstances", + "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", + "securityhub:describeHub", + "shield:DescribeDRTAccess", + "shield:DescribeProtection", + "shield:DescribeSubscription", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListTagsForResource", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:ListQueues", + "sqs:ListQueueTags", "ssm:DescribeAutomationExecutions", + "ssm:DescribeDocument", "ssm:GetAutomationExecution", - "shield:DescribeProtection" + "ssm:GetDocument", + "storagegateway:ListGateways", + "storagegateway:ListVolumes", + "support:DescribeCases", + "tag:GetResources", + "waf:GetLoggingConfiguration", + "waf:GetWebACL", + "wafv2:GetLoggingConfiguration", + "waf-regional:GetLoggingConfiguration", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource" ], "Effect": "Allow", "Resource": "*" @@ -3975,8 +7364,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJUCWFHNZER665LLQQ", "PolicyName": "AWSConfigServiceRolePolicy", - "UpdateDate": "2019-05-13T21:18:44+00:00", - "VersionId": "v11" + "UpdateDate": "2021-01-29T19:19:53+00:00", + "VersionId": "v22" }, "AWSConfigUserAccess": { "Arn": "arn:aws:iam::aws:policy/AWSConfigUserAccess", @@ -4110,9 +7499,31 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AWSControlTowerServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2019-05-03T18:19:11+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v6", "Document": { "Statement": [ + { + "Action": [ + "cloudformation:CreateStack", + "cloudformation:CreateStackInstances", + "cloudformation:CreateStackSet", + "cloudformation:DeleteStack", + "cloudformation:DeleteStackInstances", + "cloudformation:DeleteStackSet", + "cloudformation:DescribeStackInstance", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackSet", + "cloudformation:DescribeStackSetOperation", + "cloudformation:ListStackInstances", + "cloudformation:UpdateStack", + "cloudformation:UpdateStackInstances", + "cloudformation:UpdateStackSet" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:type/resource/AWS-IAM-Role" + ] + }, { "Action": [ "cloudformation:CreateStack", @@ -4135,7 +7546,8 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:cloudformation:*:*:stack/AWSControlTower*/*", "arn:aws:cloudformation:*:*:stack/StackSet-AWSControlTower*/*", - "arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*" + "arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*", + "arn:aws:cloudformation:*:*:stackset-target/AWSControlTower*/*" ] }, { @@ -4194,6 +7606,7 @@ aws_managed_policies_data = """ "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListPoliciesForTarget", + "organizations:ListTargetsForPolicy", "organizations:ListRoots", "organizations:MoveAccount", "servicecatalog:AssociatePrincipalWithPortfolio" @@ -4218,8 +7631,33 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/service-role/AWSControlTowerStackSetRole", - "arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole" + "arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole", + "arn:aws:iam::*:role/service-role/AWSControlTowerConfigAggregatorRoleForOrganizations" ] + }, + { + "Action": [ + "config:DeleteConfigurationAggregator", + "config:PutConfigurationAggregator", + "config:TagResource" + ], + "Condition": { + "StringEquals": { + "aws:ResourceTag/aws-control-tower": "managed-by-control-tower" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "organizations:EnableAWSServiceAccess", + "Condition": { + "StringLike": { + "organizations:ServicePrincipal": "config.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -4230,14 +7668,390 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAZKAPJZG4MW35THVLF", "PolicyName": "AWSControlTowerServiceRolePolicy", - "UpdateDate": "2019-05-23T19:14:24+00:00", - "VersionId": "v2" + "UpdateDate": "2020-11-10T21:08:05+00:00", + "VersionId": "v6" + }, + "AWSDataExchangeFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-11-13T19:27:59+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "dataexchange:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetObject", + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action": "s3:GetObject", + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "dataexchange.amazonaws.com" + ] + }, + "StringEqualsIgnoreCase": { + "s3:ExistingObjectTag/AWSDataExchange": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action": [ + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListEntities", + "aws-marketplace:StartChangeSet", + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:CancelChangeSet", + "aws-marketplace:GetAgreementApprovalRequest", + "aws-marketplace:ListAgreementApprovalRequests", + "aws-marketplace:AcceptAgreementApprovalRequest", + "aws-marketplace:RejectAgreementApprovalRequest", + "aws-marketplace:UpdateAgreementApprovalRequest" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "aws-marketplace:Subscribe", + "aws-marketplace:Unsubscribe", + "aws-marketplace:ViewSubscriptions", + "aws-marketplace:GetAgreementRequest", + "aws-marketplace:ListAgreementRequests", + "aws-marketplace:CancelAgreementRequest" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeys" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MPDTDB3FH", + "PolicyName": "AWSDataExchangeFullAccess", + "UpdateDate": "2021-01-19T19:42:47+00:00", + "VersionId": "v3" + }, + "AWSDataExchangeProviderFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeProviderFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-11-13T19:27:55+00:00", + "DefaultVersionId": "v5", + "Document": { + "Statement": [ + { + "Action": [ + "dataexchange:CreateDataSet", + "dataexchange:CreateRevision", + "dataexchange:CreateAsset", + "dataexchange:Get*", + "dataexchange:Update*", + "dataexchange:List*", + "dataexchange:Delete*", + "dataexchange:TagResource", + "dataexchange:UntagResource", + "tag:GetTagKeys", + "tag:GetTagValues" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "dataexchange:CreateJob", + "dataexchange:StartJob", + "dataexchange:CancelJob" + ], + "Condition": { + "StringEquals": { + "dataexchange:JobType": [ + "IMPORT_ASSETS_FROM_S3", + "IMPORT_ASSET_FROM_SIGNED_URL", + "EXPORT_ASSETS_TO_S3", + "EXPORT_ASSET_TO_SIGNED_URL" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetObject", + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action": "s3:GetObject", + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "dataexchange.amazonaws.com" + ] + }, + "StringEqualsIgnoreCase": { + "s3:ExistingObjectTag/AWSDataExchange": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action": [ + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:ListChangeSets", + "aws-marketplace:StartChangeSet", + "aws-marketplace:CancelChangeSet", + "aws-marketplace:GetAgreementApprovalRequest", + "aws-marketplace:ListAgreementApprovalRequests", + "aws-marketplace:AcceptAgreementApprovalRequest", + "aws-marketplace:RejectAgreementApprovalRequest", + "aws-marketplace:UpdateAgreementApprovalRequest" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeys" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MQSUGZZPZ", + "PolicyName": "AWSDataExchangeProviderFullAccess", + "UpdateDate": "2021-01-14T21:20:09+00:00", + "VersionId": "v5" + }, + "AWSDataExchangeReadOnly": { + "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeReadOnly", + "AttachmentCount": 0, + "CreateDate": "2019-11-13T19:27:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "dataexchange:Get*", + "dataexchange:List*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "aws-marketplace:ViewSubscriptions", + "aws-marketplace:GetAgreementRequest", + "aws-marketplace:ListAgreementRequests", + "aws-marketplace:GetAgreementApprovalRequest", + "aws-marketplace:ListAgreementApprovalRequests", + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:ListChangeSets" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4DQNFEZURI", + "PolicyName": "AWSDataExchangeReadOnly", + "UpdateDate": "2019-11-13T19:27:37+00:00", + "VersionId": "v1" + }, + "AWSDataExchangeSubscriberFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeSubscriberFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-11-13T19:27:52+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "dataexchange:Get*", + "dataexchange:List*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "dataexchange:CreateJob", + "dataexchange:StartJob", + "dataexchange:CancelJob" + ], + "Condition": { + "StringEquals": { + "dataexchange:JobType": [ + "EXPORT_ASSETS_TO_S3", + "EXPORT_ASSET_TO_SIGNED_URL", + "EXPORT_REVISIONS_TO_S3" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetObject", + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action": [ + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "aws-marketplace:Subscribe", + "aws-marketplace:Unsubscribe", + "aws-marketplace:ViewSubscriptions", + "aws-marketplace:GetAgreementRequest", + "aws-marketplace:ListAgreementRequests", + "aws-marketplace:CancelAgreementRequest" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeys" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MAWRW4GF7", + "PolicyName": "AWSDataExchangeSubscriberFullAccess", + "UpdateDate": "2021-02-08T23:34:25+00:00", + "VersionId": "v4" }, "AWSDataLifecycleManagerServiceRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole", "AttachmentCount": 0, "CreateDate": "2018-07-06T19:34:16+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -4247,7 +8061,13 @@ aws_managed_policies_data = """ "ec2:DeleteSnapshot", "ec2:DescribeInstances", "ec2:DescribeVolumes", - "ec2:DescribeSnapshots" + "ec2:DescribeSnapshots", + "ec2:EnableFastSnapshotRestores", + "ec2:DescribeFastSnapshotRestores", + "ec2:DisableFastSnapshotRestores", + "ec2:CopySnapshot", + "ec2:ModifySnapshotAttribute", + "ec2:DescribeSnapshotAttribute" ], "Effect": "Allow", "Resource": "*" @@ -4258,6 +8078,20 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:ec2:*::snapshot/*" + }, + { + "Action": [ + "events:PutRule", + "events:DeleteRule", + "events:DescribeRule", + "events:EnableRule", + "events:DisableRule", + "events:ListTargetsByRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect": "Allow", + "Resource": "arn:aws:events:*:*:rule/AwsDataLifecycleRule.managed-cwe.*" } ], "Version": "2012-10-17" @@ -4268,8 +8102,62 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIZRLOKFUFE7YXQOJS", "PolicyName": "AWSDataLifecycleManagerServiceRole", - "UpdateDate": "2019-05-29T16:44:12+00:00", - "VersionId": "v2" + "UpdateDate": "2020-12-11T18:15:06+00:00", + "VersionId": "v6" + }, + "AWSDataLifecycleManagerServiceRoleForAMIManagement": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRoleForAMIManagement", + "AttachmentCount": 0, + "CreateDate": "2020-10-21T19:39:41+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "ec2:CreateTags", + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*::image/*" + ] + }, + { + "Action": [ + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeImageAttribute", + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:DeleteSnapshot", + "Effect": "Allow", + "Resource": "arn:aws:ec2:*::snapshot/*" + }, + { + "Action": [ + "ec2:ResetImageAttribute", + "ec2:DeregisterImage", + "ec2:CreateImage", + "ec2:CopyImage", + "ec2:ModifyImageAttribute" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MG6O7FWSP", + "PolicyName": "AWSDataLifecycleManagerServiceRoleForAMIManagement", + "UpdateDate": "2020-10-21T19:39:41+00:00", + "VersionId": "v1" }, "AWSDataPipelineRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole", @@ -4468,7 +8356,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSDataSyncFullAccess", "AttachmentCount": 0, "CreateDate": "2019-01-18T19:40:36+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -4481,12 +8369,14 @@ aws_managed_policies_data = """ "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:ModifyNetworkInterfaceAttribute", + "fsx:DescribeFileSystems", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "iam:GetRole", "iam:ListRoles", "logs:CreateLogGroup", "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "s3:ListAllMyBuckets", "s3:ListBucket" ], @@ -4516,14 +8406,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJGOHCDUQULZJKDGT4", "PolicyName": "AWSDataSyncFullAccess", - "UpdateDate": "2019-01-18T19:40:36+00:00", - "VersionId": "v1" + "UpdateDate": "2020-06-30T17:58:58+00:00", + "VersionId": "v3" }, "AWSDataSyncReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSDataSyncReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2019-01-18T19:18:44+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -4534,9 +8424,11 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", + "fsx:DescribeFileSystems", "iam:GetRole", "iam:ListRoles", "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", "s3:ListAllMyBuckets", "s3:ListBucket" ], @@ -4552,21 +8444,20 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJRYVEZEDR7ZEAGYLY", "PolicyName": "AWSDataSyncReadOnlyAccess", - "UpdateDate": "2019-01-18T19:18:44+00:00", - "VersionId": "v1" + "UpdateDate": "2020-06-30T17:59:22+00:00", + "VersionId": "v3" }, "AWSDeepLensLambdaFunctionAccessPolicy": { "Arn": "arn:aws:iam::aws:policy/AWSDeepLensLambdaFunctionAccessPolicy", "AttachmentCount": 0, "CreateDate": "2017-11-29T15:47:18+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { "Action": [ "s3:ListBucket", - "s3:GetObject", - "s3:ListObjects" + "s3:GetObject" ], "Effect": "Allow", "Resource": [ @@ -4618,14 +8509,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIKIEE4PRM54V4G3ZG", "PolicyName": "AWSDeepLensLambdaFunctionAccessPolicy", - "UpdateDate": "2018-05-29T22:08:02+00:00", - "VersionId": "v3" + "UpdateDate": "2019-06-11T23:11:55+00:00", + "VersionId": "v4" }, "AWSDeepLensServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepLensServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-11-29T15:46:36+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -4908,25 +8799,25 @@ aws_managed_policies_data = """ }, { "Action": [ - "acuity:CreateStream", - "acuity:DescribeStream", - "acuity:DeleteStream" + "kinesisvideo:CreateStream", + "kinesisvideo:DescribeStream", + "kinesisvideo:DeleteStream" ], "Effect": "Allow", "Resource": [ - "arn:aws:acuity:*:*:stream/deeplens*/*" + "arn:aws:kinesisvideo:*:*:stream/deeplens*/*" ], - "Sid": "DeepLensAcuityStreamAccess" + "Sid": "DeepLensKinesisVideoStreamAccess" }, { "Action": [ - "acuity:GetDataEndpoint" + "kinesisvideo:GetDataEndpoint" ], "Effect": "Allow", "Resource": [ "*" ], - "Sid": "DeepLensAcuityEndpointAccess" + "Sid": "DeepLensKinesisVideoEndpointAccess" } ], "Version": "2012-10-17" @@ -4937,14 +8828,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJK2Z2S7FPJFCYGR72", "PolicyName": "AWSDeepLensServiceRolePolicy", - "UpdateDate": "2018-06-07T21:25:01+00:00", - "VersionId": "v5" + "UpdateDate": "2019-09-25T19:25:06+00:00", + "VersionId": "v6" }, "AWSDeepRacerCloudFormationAccessPolicy": { "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerCloudFormationAccessPolicy", "AttachmentCount": 0, "CreateDate": "2019-02-28T21:59:49+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -4971,6 +8862,7 @@ aws_managed_policies_data = """ "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", "ec2:DeleteInternetGateway", "ec2:DeleteNatGateway", "ec2:DeleteNetworkAcl", @@ -4981,6 +8873,7 @@ aws_managed_policies_data = """ "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeNatGateways", @@ -4989,9 +8882,11 @@ aws_managed_policies_data = """ "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", + "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DetachInternetGateway", "ec2:DisassociateRouteTable", + "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ReleaseAddress", "ec2:ReplaceNetworkAclAssociation", @@ -5000,6 +8895,64 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringLikeIfExists": { + "iam:PassedToService": "lambda.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/service-role/AWSDeepRacerLambdaAccessRole" + }, + { + "Action": [ + "lambda:CreateFunction", + "lambda:GetFunction", + "lambda:DeleteFunction", + "lambda:TagResource", + "lambda:UpdateFunctionCode" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:function:*DeepRacer*", + "arn:aws:lambda:*:*:function:*Deepracer*", + "arn:aws:lambda:*:*:function:*deepracer*" + ] + }, + { + "Action": [ + "s3:PutBucketPolicy", + "s3:CreateBucket", + "s3:ListBucket", + "s3:GetBucketAcl", + "s3:DeleteBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*DeepRacer*", + "arn:aws:s3:::*Deepracer*", + "arn:aws:s3:::*deepracer*" + ] + }, + { + "Action": [ + "robomaker:CreateSimulationApplication", + "robomaker:CreateSimulationApplicationVersion", + "robomaker:DeleteSimulationApplication", + "robomaker:DescribeSimulationApplication", + "robomaker:ListSimulationApplications", + "robomaker:TagResource", + "robomaker:UpdateSimulationApplication" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:robomaker:*:*:/createSimulationApplication", + "arn:aws:robomaker:*:*:simulation-application/deepracer*" + ] } ], "Version": "2012-10-17" @@ -5010,7 +8963,58 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJYG7FM75UF5CW5ICS", "PolicyName": "AWSDeepRacerCloudFormationAccessPolicy", - "UpdateDate": "2019-02-28T21:59:49+00:00", + "UpdateDate": "2019-06-14T17:02:04+00:00", + "VersionId": "v2" + }, + "AWSDeepRacerFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-10-05T22:03:10+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "s3:ListAllMyBuckets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:DeleteObject", + "s3:DeleteObjectVersion", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:ListBucket", + "s3:GetBucketAcl", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:GetObjectAcl", + "s3:GetBucketLocation" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*DeepRacer*", + "arn:aws:s3:::*Deepracer*", + "arn:aws:s3:::*deepracer*", + "arn:aws:s3:::dr-*", + "arn:aws:s3:::*DeepRacer*/*", + "arn:aws:s3:::*Deepracer*/*", + "arn:aws:s3:::*deepracer*/*", + "arn:aws:s3:::dr-*/*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JFTOPTVBM", + "PolicyName": "AWSDeepRacerFullAccess", + "UpdateDate": "2020-10-05T22:03:10+00:00", "VersionId": "v1" }, "AWSDeepRacerRoboMakerAccessPolicy": { @@ -5110,7 +9114,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2019-02-28T21:58:09+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -5124,7 +9128,6 @@ aws_managed_policies_data = """ "Action": [ "robomaker:*", "sagemaker:*", - "sts:*", "s3:ListAllMyBuckets" ], "Effect": "Allow", @@ -5249,8 +9252,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJTUAQLIAVBJ7LZ32S", "PolicyName": "AWSDeepRacerServiceRolePolicy", - "UpdateDate": "2019-04-06T04:08:05+00:00", - "VersionId": "v2" + "UpdateDate": "2019-06-12T20:55:34+00:00", + "VersionId": "v3" }, "AWSDenyAll": { "Arn": "arn:aws:iam::aws:policy/AWSDenyAll", @@ -5336,12 +9339,13 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:08+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { "Action": [ "directconnect:Describe*", + "directconnect:List*", "ec2:DescribeVpnGateways", "ec2:DescribeTransitGateways" ], @@ -5357,14 +9361,44 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI23HZ27SI6FQMGNQ2", "PolicyName": "AWSDirectConnectReadOnlyAccess", - "UpdateDate": "2019-04-30T15:23:18+00:00", - "VersionId": "v3" + "UpdateDate": "2020-05-18T18:48:22+00:00", + "VersionId": "v4" + }, + "AWSDirectConnectServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSDirectConnectServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2021-01-14T18:35:27+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:secretsmanager:*:*:secret:*directconnect*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4O7743JCTQ", + "PolicyName": "AWSDirectConnectServiceRolePolicy", + "UpdateDate": "2021-01-14T18:35:27+00:00", + "VersionId": "v1" }, "AWSDirectoryServiceFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:41:11+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -5415,10 +9449,8 @@ aws_managed_policies_data = """ "organizations:DisableAWSServiceAccess" ], "Condition": { - "ForAllValues:StringLike": { - "organizations:ServicePrincipal": [ - "ds.amazonaws.com" - ] + "StringEquals": { + "organizations:ServicePrincipal": "ds.amazonaws.com" } }, "Effect": "Allow", @@ -5444,8 +9476,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAINAW5ANUWTH3R4ANI", "PolicyName": "AWSDirectoryServiceFullAccess", - "UpdateDate": "2019-02-05T20:29:43+00:00", - "VersionId": "v4" + "UpdateDate": "2020-11-24T23:24:10+00:00", + "VersionId": "v5" }, "AWSDirectoryServiceReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess", @@ -5541,7 +9573,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2FleetServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-03-21T00:08:55+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -5597,6 +9629,20 @@ aws_managed_policies_data = """ "arn:aws:ec2:*:*:spot-instances-request/*" ] }, + { + "Action": [ + "ec2:CreateTags" + ], + "Condition": { + "StringEquals": { + "ec2:CreateAction": "RunInstances" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:volume/*" + ] + }, { "Action": [ "ec2:TerminateInstances" @@ -5618,14 +9664,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJCL355O4TC27CPKVC", "PolicyName": "AWSEC2FleetServiceRolePolicy", - "UpdateDate": "2018-04-19T21:37:07+00:00", - "VersionId": "v2" + "UpdateDate": "2020-05-04T20:10:31+00:00", + "VersionId": "v3" }, "AWSEC2SpotFleetServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-10-23T19:13:06+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -5665,7 +9711,9 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": [ "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:spot-instances-request/*" + "arn:aws:ec2:*:*:spot-instances-request/*", + "arn:aws:ec2:*:*:spot-fleet-request/*", + "arn:aws:ec2:*:*:volume/*" ] }, { @@ -5679,6 +9727,24 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "elasticloadbalancing:RegisterInstancesWithLoadBalancer" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" + ] + }, + { + "Action": [ + "elasticloadbalancing:RegisterTargets" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:*/*" + ] } ], "Version": "2012-10-17" @@ -5689,12 +9755,12 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAILWCVTZD57EMYWMBO", "PolicyName": "AWSEC2SpotFleetServiceRolePolicy", - "UpdateDate": "2018-03-28T19:04:33+00:00", - "VersionId": "v3" + "UpdateDate": "2020-03-16T19:16:21+00:00", + "VersionId": "v4" }, "AWSEC2SpotServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2017-09-18T18:51:54+00:00", "DefaultVersionId": "v4", "Document": { @@ -5904,7 +9970,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:18+00:00", - "DefaultVersionId": "v7", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -5981,6 +10047,20 @@ aws_managed_policies_data = """ "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" ] }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*" + ] + }, { "Action": [ "iam:AttachRolePolicy" @@ -5994,7 +10074,7 @@ aws_managed_policies_data = """ } }, "Effect": "Allow", - "Resource": "*" + "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk*" } ], "Version": "2012-10-17" @@ -6005,31 +10085,39 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIZYX2YLLBW2LJVUFW", "PolicyName": "AWSElasticBeanstalkFullAccess", - "UpdateDate": "2018-02-23T19:36:01+00:00", - "VersionId": "v7" + "UpdateDate": "2019-07-10T19:27:59+00:00", + "VersionId": "v8" }, "AWSElasticBeanstalkMaintenance": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkMaintenance", "AttachmentCount": 0, "CreateDate": "2019-01-11T23:22:52+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { - "Statement": { - "Action": [ - "cloudformation:CreateChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:ExecuteChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:ListChangeSets", - "cloudformation:DescribeStacks" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/awseb-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ], - "Sid": "AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks" - }, + "Statement": [ + { + "Action": [ + "cloudformation:CreateChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:ExecuteChangeSet", + "cloudformation:DeleteChangeSet", + "cloudformation:ListChangeSets", + "cloudformation:DescribeStacks" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/awseb-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ], + "Sid": "AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks" + }, + { + "Action": "elasticloadbalancing:DescribeLoadBalancers", + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowElasticBeanstalkStacksUpdateExecuteSuccessfully" + } + ], "Version": "2012-10-17" }, "IsAttachable": true, @@ -6038,8 +10126,207 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJQPH22XGBH2VV2LSW", "PolicyName": "AWSElasticBeanstalkMaintenance", - "UpdateDate": "2019-01-11T23:22:52+00:00", - "VersionId": "v1" + "UpdateDate": "2019-06-04T17:48:27+00:00", + "VersionId": "v2" + }, + "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkManagedUpdatesServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-21T22:35:06+00:00", + "DefaultVersionId": "v5", + "Document": { + "Statement": [ + { + "Action": "iam:PassRole", + "Condition": { + "StringLikeIfExists": { + "iam:PassedToService": [ + "elasticbeanstalk.amazonaws.com", + "ec2.amazonaws.com", + "autoscaling.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "ecs.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowPassRoleToElasticBeanstalkAndDownstreamServices" + }, + { + "Action": [ + "ec2:releaseAddress", + "ec2:allocateAddress", + "ec2:DisassociateAddress", + "ec2:AssociateAddress" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SingleInstanceAPIs" + }, + { + "Action": [ + "ecs:RegisterTaskDefinition", + "ecs:DeRegisterTaskDefinition", + "ecs:List*", + "ecs:Describe*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ECS" + }, + { + "Action": [ + "elasticbeanstalk:*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ElasticBeanstalkAPIs" + }, + { + "Action": [ + "cloudformation:Describe*", + "cloudformation:List*", + "ec2:Describe*", + "autoscaling:Describe*", + "elasticloadbalancing:Describe*", + "logs:DescribeLogGroups", + "sns:GetTopicAttributes", + "sns:ListSubscriptionsByTopic" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ReadOnlyAPIs" + }, + { + "Action": [ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:DeleteScheduledAction", + "autoscaling:DetachInstances", + "autoscaling:PutNotificationConfiguration", + "autoscaling:PutScalingPolicy", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:ResumeProcesses", + "autoscaling:SuspendProcesses", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" + ], + "Sid": "ASG" + }, + { + "Action": [ + "cloudformation:CreateStack", + "cloudformation:CancelUpdateStack", + "cloudformation:DeleteStack", + "cloudformation:GetTemplate", + "cloudformation:UpdateStack" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ], + "Sid": "CFN" + }, + { + "Action": [ + "ec2:TerminateInstances" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:cloudformation:stack-id": [ + "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*", + "Sid": "EC2" + }, + { + "Action": [ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectVersion", + "s3:GetObjectVersionAcl", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:PutObjectVersionAcl" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::elasticbeanstalk-*/*", + "Sid": "S3Obj" + }, + { + "Action": [ + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:ListBucket", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::elasticbeanstalk-*", + "Sid": "S3Bucket" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", + "Sid": "CWL" + }, + { + "Action": [ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeRegisterTargets", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*" + ], + "Sid": "ELB" + }, + { + "Action": [ + "sns:CreateTopic" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*", + "Sid": "SNS" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HVFNJB4NR", + "PolicyName": "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy", + "UpdateDate": "2020-12-11T18:21:32+00:00", + "VersionId": "v5" }, "AWSElasticBeanstalkMulticontainerDocker": { "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker", @@ -6077,6 +10364,106 @@ aws_managed_policies_data = """ "UpdateDate": "2016-06-06T23:45:37+00:00", "VersionId": "v2" }, + "AWSElasticBeanstalkReadOnly": { + "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnly", + "AttachmentCount": 0, + "CreateDate": "2021-01-22T19:02:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "acm:ListCertificates", + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribePolicies", + "autoscaling:DescribeLoadBalancers", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeScheduledActions", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:GetTemplate", + "cloudformation:ListStackResources", + "cloudformation:ListStacks", + "cloudformation:ValidateTemplate", + "cloudtrail:LookupEvents", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeKeyPairs", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "elasticbeanstalk:Check*", + "elasticbeanstalk:Describe*", + "elasticbeanstalk:List*", + "elasticbeanstalk:RequestEnvironmentInfo", + "elasticbeanstalk:RetrieveEnvironmentInfo", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfiles", + "iam:ListRolePolicies", + "iam:ListRoles", + "iam:ListServerCertificates", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeOrderableDBInstanceOptions", + "rds:DescribeDBSnapshots", + "s3:ListAllMyBuckets", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "sqs:ListQueues" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowAPIs" + }, + { + "Action": [ + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectVersion", + "s3:GetObjectVersionAcl", + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::elasticbeanstalk-*", + "Sid": "AllowS3" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BYFSOYIWH", + "PolicyName": "AWSElasticBeanstalkReadOnly", + "UpdateDate": "2021-01-22T19:02:37+00:00", + "VersionId": "v1" + }, "AWSElasticBeanstalkReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess", "AttachmentCount": 0, @@ -6125,11 +10512,409 @@ aws_managed_policies_data = """ "UpdateDate": "2015-02-06T18:40:19+00:00", "VersionId": "v1" }, + "AWSElasticBeanstalkRoleCWL": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCWL", + "AttachmentCount": 0, + "CreateDate": "2020-06-05T21:49:06+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", + "Sid": "AllowCWL" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4G4S2QMTW3", + "PolicyName": "AWSElasticBeanstalkRoleCWL", + "UpdateDate": "2020-06-05T21:49:06+00:00", + "VersionId": "v1" + }, + "AWSElasticBeanstalkRoleCore": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCore", + "AttachmentCount": 0, + "CreateDate": "2020-06-05T21:48:24+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:TerminateInstances" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/awseb-e-*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*", + "Sid": "TerminateInstances" + }, + { + "Action": [ + "ec2:ReleaseAddress", + "ec2:AllocateAddress", + "ec2:DisassociateAddress", + "ec2:AssociateAddress", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:CreateSecurityGroup", + "ec2:DeleteSecurityGroup", + "ec2:AuthorizeSecurityGroup*", + "ec2:RevokeSecurityGroup*", + "ec2:CreateLaunchTemplate*", + "ec2:DeleteLaunchTemplate*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "EC2" + }, + { + "Action": "ec2:RunInstances", + "Condition": { + "ArnLike": { + "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "LTRunInstances" + }, + { + "Action": [ + "autoscaling:AttachInstances", + "autoscaling:*LoadBalancer*", + "autoscaling:*AutoScalingGroup", + "autoscaling:*LaunchConfiguration", + "autoscaling:DeleteScheduledAction", + "autoscaling:DetachInstances", + "autoscaling:PutNotificationConfiguration", + "autoscaling:PutScalingPolicy", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:ResumeProcesses", + "autoscaling:SuspendProcesses", + "autoscaling:*Tags" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*" + ], + "Sid": "ASG" + }, + { + "Action": [ + "autoscaling:DeletePolicy" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "ASGPolicy" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "elasticbeanstalk.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" + ], + "Sid": "EBSLR" + }, + { + "Action": [ + "s3:Delete*", + "s3:Get*", + "s3:Put*" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::elasticbeanstalk-*/*", + "arn:aws:s3:::elasticbeanstalk-env-resources-*/*" + ], + "Sid": "S3Obj" + }, + { + "Action": [ + "s3:GetBucket*", + "s3:ListBucket", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::elasticbeanstalk-*", + "Sid": "S3Bucket" + }, + { + "Action": [ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:GetTemplate", + "cloudformation:ListStackResources", + "cloudformation:UpdateStack", + "cloudformation:ContinueUpdateRollback", + "cloudformation:CancelUpdateStack" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "Sid": "CFN" + }, + { + "Action": [ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudwatch:*:*:alarm:awseb-*", + "Sid": "CloudWatch" + }, + { + "Action": [ + "elasticloadbalancing:Create*", + "elasticloadbalancing:Delete*", + "elasticloadbalancing:Modify*", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeRegisterTargets", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:*Tags", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:SetRulePriorities", + "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/awseb-*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/awseb-*/*", + "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", + "arn:aws:elasticloadbalancing:*:*:listener/app/awseb-*", + "arn:aws:elasticloadbalancing:*:*:listener/net/awseb-*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*" + ], + "Sid": "ELB" + }, + { + "Action": [ + "autoscaling:Describe*", + "cloudformation:Describe*", + "logs:Describe*", + "ec2:Describe*", + "ecs:Describe*", + "ecs:List*", + "elasticloadbalancing:Describe*", + "rds:Describe*", + "sns:List*", + "iam:List*", + "acm:Describe*", + "acm:List*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ListAPIs" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "elasticbeanstalk.amazonaws.com", + "ec2.amazonaws.com", + "autoscaling.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "ecs.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk-*", + "Sid": "AllowPassRole" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OXQ5DMW6K", + "PolicyName": "AWSElasticBeanstalkRoleCore", + "UpdateDate": "2020-09-09T20:31:14+00:00", + "VersionId": "v2" + }, + "AWSElasticBeanstalkRoleECS": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleECS", + "AttachmentCount": 0, + "CreateDate": "2020-06-05T21:47:27+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ecs:CreateCluster", + "ecs:DeleteCluster", + "ecs:RegisterTaskDefinition", + "ecs:DeRegisterTaskDefinition" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "AllowECS" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ORP4E3ZEZ", + "PolicyName": "AWSElasticBeanstalkRoleECS", + "UpdateDate": "2020-06-05T21:47:27+00:00", + "VersionId": "v1" + }, + "AWSElasticBeanstalkRoleRDS": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleRDS", + "AttachmentCount": 0, + "CreateDate": "2020-06-05T21:46:55+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "rds:CreateDBSecurityGroup", + "rds:DeleteDBSecurityGroup", + "rds:AuthorizeDBSecurityGroupIngress", + "rds:CreateDBInstance", + "rds:ModifyDBInstance", + "rds:DeleteDBInstance" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:rds:*:*:secgrp:awseb-e-*", + "arn:aws:rds:*:*:db:*" + ], + "Sid": "AllowRDS" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4G5JWEESE4", + "PolicyName": "AWSElasticBeanstalkRoleRDS", + "UpdateDate": "2020-06-05T21:46:55+00:00", + "VersionId": "v1" + }, + "AWSElasticBeanstalkRoleSNS": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleSNS", + "AttachmentCount": 0, + "CreateDate": "2020-06-05T21:46:22+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sns:CreateTopic", + "sns:SetTopicAttributes", + "sns:DeleteTopic" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" + ], + "Sid": "AllowBeanstalkManageSNS" + }, + { + "Action": [ + "sns:GetTopicAttributes", + "sns:Subscribe", + "sns:Unsubscribe", + "sns:Publish" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowSNSPublish" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PARPZJ2UZ", + "PolicyName": "AWSElasticBeanstalkRoleSNS", + "UpdateDate": "2020-06-05T21:46:22+00:00", + "VersionId": "v1" + }, + "AWSElasticBeanstalkRoleWorkerTier": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleWorkerTier", + "AttachmentCount": 0, + "CreateDate": "2020-06-05T21:43:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sqs:TagQueue", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:CreateQueue" + ], + "Effect": "Allow", + "Resource": "arn:aws:sqs:*:*:awseb-e-*", + "Sid": "AllowSQS" + }, + { + "Action": [ + "dynamodb:CreateTable", + "dynamodb:TagResource", + "dynamodb:DescribeTable", + "dynamodb:DeleteTable" + ], + "Effect": "Allow", + "Resource": "arn:aws:dynamodb:*:*:table/awseb-e-*", + "Sid": "AllowDDB" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LTO4NS2Z5", + "PolicyName": "AWSElasticBeanstalkRoleWorkerTier", + "UpdateDate": "2020-06-05T21:43:37+00:00", + "VersionId": "v1" + }, "AWSElasticBeanstalkService": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService", "AttachmentCount": 0, "CreateDate": "2016-04-11T20:27:23+00:00", - "DefaultVersionId": "v15", + "DefaultVersionId": "v16", "Document": { "Statement": [ { @@ -6256,13 +11041,9 @@ aws_managed_policies_data = """ "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeOrderableDBInstanceOptions", - "s3:CopyObject", "s3:GetObject", "s3:GetObjectAcl", - "s3:GetObjectMetadata", "s3:ListBucket", - "s3:listBuckets", - "s3:ListObjects", "sns:CreateTopic", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", @@ -6290,14 +11071,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJKQ5SN74ZQ4WASXBM", "PolicyName": "AWSElasticBeanstalkService", - "UpdateDate": "2019-02-05T17:46:21+00:00", - "VersionId": "v15" + "UpdateDate": "2019-06-14T23:18:46+00:00", + "VersionId": "v16" }, "AWSElasticBeanstalkServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-09-13T23:46:37+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -6329,6 +11110,7 @@ aws_managed_policies_data = """ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeTargetGroups", + "lambda:GetFunction", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sns:Publish" @@ -6341,12 +11123,15 @@ aws_managed_policies_data = """ }, { "Action": [ - "logs:DescribeLogStreams", "logs:CreateLogStream", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:DeleteLogGroup", "logs:PutLogEvents" ], "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*" + "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", + "Sid": "AllowOperationsOnHealthStreamingLogs" } ], "Version": "2012-10-17" @@ -6357,14 +11142,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIID62QSI3OSIPQXTM", "PolicyName": "AWSElasticBeanstalkServiceRolePolicy", - "UpdateDate": "2018-04-09T22:06:23+00:00", - "VersionId": "v5" + "UpdateDate": "2019-06-06T21:59:51+00:00", + "VersionId": "v6" }, "AWSElasticBeanstalkWebTier": { "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier", "AttachmentCount": 0, "CreateDate": "2016-02-08T23:08:54+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v7", "Document": { "Statement": [ { @@ -6404,6 +11189,17 @@ aws_managed_policies_data = """ "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" ], "Sid": "CloudWatchLogsAccess" + }, + { + "Action": [ + "elasticbeanstalk:PutInstanceStatistics" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticbeanstalk:*:*:application/*", + "arn:aws:elasticbeanstalk:*:*:environment/*" + ], + "Sid": "ElasticBeanstalkHealthAccess" } ], "Version": "2012-10-17" @@ -6414,14 +11210,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIUF4325SJYOREKW3A", "PolicyName": "AWSElasticBeanstalkWebTier", - "UpdateDate": "2019-03-01T00:04:49+00:00", - "VersionId": "v6" + "UpdateDate": "2020-09-09T19:38:36+00:00", + "VersionId": "v7" }, "AWSElasticBeanstalkWorkerTier": { "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier", "AttachmentCount": 0, "CreateDate": "2016-02-08T23:12:02+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -6495,6 +11291,17 @@ aws_managed_policies_data = """ "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" ], "Sid": "CloudWatchLogsAccess" + }, + { + "Action": [ + "elasticbeanstalk:PutInstanceStatistics" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticbeanstalk:*:*:application/*", + "arn:aws:elasticbeanstalk:*:*:environment/*" + ], + "Sid": "ElasticBeanstalkHealthAccess" } ], "Version": "2012-10-17" @@ -6505,14 +11312,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJQDLBRSJVKVF4JMSK", "PolicyName": "AWSElasticBeanstalkWorkerTier", - "UpdateDate": "2019-03-01T00:07:00+00:00", - "VersionId": "v5" + "UpdateDate": "2020-09-09T19:53:40+00:00", + "VersionId": "v6" }, "AWSElasticLoadBalancingClassicServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingClassicServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-09-19T22:36:18+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -6529,7 +11336,6 @@ aws_managed_policies_data = """ "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", - "ec2:ModifyNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:AuthorizeSecurityGroupIngress", "ec2:AssociateAddress", @@ -6552,19 +11358,20 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIUMWW3QP7DPZPNVU4", "PolicyName": "AWSElasticLoadBalancingClassicServiceRolePolicy", - "UpdateDate": "2017-09-19T22:36:18+00:00", - "VersionId": "v1" + "UpdateDate": "2019-10-07T23:04:27+00:00", + "VersionId": "v2" }, "AWSElasticLoadBalancingServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2017-09-19T22:19:04+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v6", "Document": { "Statement": [ { "Action": [ "ec2:DescribeAddresses", + "ec2:DescribeCoipPools", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", @@ -6577,8 +11384,9 @@ aws_managed_policies_data = """ "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", - "ec2:ModifyNetworkInterface", + "ec2:GetCoipPoolUsage", "ec2:ModifyNetworkInterfaceAttribute", + "ec2:AllocateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AssociateAddress", "ec2:DisassociateAddress", @@ -6586,12 +11394,14 @@ aws_managed_policies_data = """ "ec2:DetachNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:AssignIpv6Addresses", + "ec2:ReleaseAddress", "ec2:UnassignIpv6Addresses", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", - "logs:ListLogDeliveries" + "logs:ListLogDeliveries", + "outposts:GetOutpostInstanceTypes" ], "Effect": "Allow", "Resource": "*" @@ -6605,22 +11415,21 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIMHWGGSRHLOQUICJQ", "PolicyName": "AWSElasticLoadBalancingServiceRolePolicy", - "UpdateDate": "2019-03-18T21:51:14+00:00", - "VersionId": "v3" + "UpdateDate": "2020-05-19T16:40:28+00:00", + "VersionId": "v6" }, "AWSElementalMediaConvertFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess", "AttachmentCount": 0, "CreateDate": "2018-06-25T19:25:35+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "mediaconvert:*", "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListObjects" + "s3:ListBucket" ], "Effect": "Allow", "Resource": "*" @@ -6648,14 +11457,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIXDREOCL6LV7RBJWC", "PolicyName": "AWSElementalMediaConvertFullAccess", - "UpdateDate": "2018-06-25T19:25:35+00:00", - "VersionId": "v1" + "UpdateDate": "2019-06-10T22:52:25+00:00", + "VersionId": "v2" }, "AWSElementalMediaConvertReadOnly": { "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertReadOnly", "AttachmentCount": 0, "CreateDate": "2018-06-25T19:25:14+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -6664,8 +11473,7 @@ aws_managed_policies_data = """ "mediaconvert:List*", "mediaconvert:DescribeEndpoints", "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListObjects" + "s3:ListBucket" ], "Effect": "Allow", "Resource": "*" @@ -6679,7 +11487,54 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJSXYOBSLJN3JEDO42", "PolicyName": "AWSElementalMediaConvertReadOnly", - "UpdateDate": "2018-06-25T19:25:14+00:00", + "UpdateDate": "2019-06-10T22:52:18+00:00", + "VersionId": "v2" + }, + "AWSElementalMediaLiveFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-07-08T17:07:14+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": { + "Action": "medialive:*", + "Effect": "Allow", + "Resource": "*" + }, + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4K5KSJBKUE", + "PolicyName": "AWSElementalMediaLiveFullAccess", + "UpdateDate": "2020-07-08T17:07:14+00:00", + "VersionId": "v1" + }, + "AWSElementalMediaLiveReadOnly": { + "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveReadOnly", + "AttachmentCount": 0, + "CreateDate": "2020-07-08T16:38:07+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": { + "Action": [ + "medialive:List*", + "medialive:Describe*" + ], + "Effect": "Allow", + "Resource": "*" + }, + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4L7DTGZPRO", + "PolicyName": "AWSElementalMediaLiveReadOnly", + "UpdateDate": "2020-07-08T16:38:07+00:00", "VersionId": "v1" }, "AWSElementalMediaPackageFullAccess": { @@ -6913,17 +11768,107 @@ aws_managed_policies_data = """ "UpdateDate": "2018-05-09T21:05:29+00:00", "VersionId": "v1" }, + "AWSForWordPressPluginPolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy", + "AttachmentCount": 0, + "CreateDate": "2019-10-30T00:27:46+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "polly:SynthesizeSpeech", + "polly:DescribeVoices", + "translate:TranslateText" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "Permissions1" + }, + { + "Action": [ + "s3:ListBucket", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "s3:PutObject", + "s3:DeleteObject", + "s3:CreateBucket", + "s3:PutObjectAcl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::audio_for_wordpress*", + "arn:aws:s3:::audio-for-wordpress*" + ], + "Sid": "Permissions2" + }, + { + "Action": [ + "acm:AddTagsToCertificate", + "acm:DescribeCertificate", + "acm:RequestCertificate", + "cloudformation:CreateStack", + "cloudfront:ListDistributions" + ], + "Condition": { + "StringEquals": { + "aws:RequestedRegion": "us-east-1" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "Permissions3" + }, + { + "Action": [ + "acm:DeleteCertificate", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResources", + "cloudformation:UpdateStack", + "cloudfront:CreateDistribution", + "cloudfront:CreateInvalidation", + "cloudfront:DeleteDistribution", + "cloudfront:GetDistribution", + "cloudfront:GetInvalidation", + "cloudfront:TagResource", + "cloudfront:UpdateDistribution" + ], + "Condition": { + "StringEquals": { + "aws:ResourceTag/createdBy": "AWSForWordPressPlugin" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "Permissions4" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KEKYXDWNJ", + "PolicyName": "AWSForWordPressPluginPolicy", + "UpdateDate": "2020-01-20T23:20:47+00:00", + "VersionId": "v2" + }, "AWSGlobalAcceleratorSLRPolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy", "AttachmentCount": 0, "CreateDate": "2019-04-05T19:39:13+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v4", "Document": { "Statement": [ { "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface" ], @@ -6970,8 +11915,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAZKAPJZG4EJ5ZEQR2C", "PolicyName": "AWSGlobalAcceleratorSLRPolicy", - "UpdateDate": "2019-04-05T19:39:13+00:00", - "VersionId": "v1" + "UpdateDate": "2019-10-14T21:05:22+00:00", + "VersionId": "v4" }, "AWSGlueConsoleFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess", @@ -7162,7 +12107,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleSageMakerNotebookFullAccess", "AttachmentCount": 0, "CreateDate": "2018-10-05T17:52:35+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -7202,7 +12147,6 @@ aws_managed_policies_data = """ "kms:ListAliases", "kms:DescribeKey", "sagemaker:ListNotebookInstances", - "sagemaker:ListNotebookInstanceLifecycleConfigs", "cloudformation:ListStacks", "cloudwatch:GetMetricData", "cloudwatch:ListDashboards" @@ -7256,10 +12200,7 @@ aws_managed_policies_data = """ "sagemaker:CreateNotebookInstance", "sagemaker:DeleteNotebookInstance", "sagemaker:DescribeNotebookInstance", - "sagemaker:DescribeNotebookInstanceLifecycleConfig", - "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:StartNotebookInstance", - "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:StopNotebookInstance", "sagemaker:UpdateNotebookInstance", "sagemaker:ListTags" @@ -7267,6 +12208,16 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*" }, + { + "Action": [ + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:CreateNotebookInstanceLifecycleConfig", + "sagemaker:DeleteNotebookInstanceLifecycleConfig", + "sagemaker:ListNotebookInstanceLifecycleConfigs" + ], + "Effect": "Allow", + "Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/aws-glue-*" + }, { "Action": [ "ec2:RunInstances" @@ -7382,14 +12333,219 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJELFOHJC42QS3ZSYY", "PolicyName": "AWSGlueConsoleSageMakerNotebookFullAccess", - "UpdateDate": "2018-10-05T17:52:35+00:00", + "UpdateDate": "2019-09-26T17:14:11+00:00", + "VersionId": "v2" + }, + "AWSGlueDataBrewServiceRole": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueDataBrewServiceRole", + "AttachmentCount": 0, + "CreateDate": "2020-12-04T21:26:50+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "glue:GetDatabases", + "glue:GetPartitions", + "glue:GetTable", + "glue:GetTables", + "glue:GetConnection" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "s3:ListBucket", + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::databrew-public-datasets-*" + ] + }, + { + "Action": [ + "ec2:DescribeVpcEndpoints", + "ec2:DescribeRouteTables", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:CreateNetworkInterface" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "ec2:DeleteNetworkInterface", + "Condition": { + "StringLike": { + "aws:ResourceTag/aws-glue-service-resource": "*" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "aws-glue-service-resource" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:/aws-glue-databrew/*" + ] + }, + { + "Action": [ + "lakeformation:GetDataAccess" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HSXDEANHC", + "PolicyName": "AWSGlueDataBrewServiceRole", + "UpdateDate": "2020-12-04T21:26:50+00:00", + "VersionId": "v1" + }, + "AWSGlueSchemaRegistryFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-20T00:19:00+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "glue:CreateRegistry", + "glue:UpdateRegistry", + "glue:DeleteRegistry", + "glue:GetRegistry", + "glue:ListRegistries", + "glue:CreateSchema", + "glue:UpdateSchema", + "glue:DeleteSchema", + "glue:GetSchema", + "glue:ListSchemas", + "glue:RegisterSchemaVersion", + "glue:DeleteSchemaVersions", + "glue:GetSchemaByDefinition", + "glue:GetSchemaVersion", + "glue:GetSchemaVersionsDiff", + "glue:ListSchemaVersions", + "glue:CheckSchemaVersionValidity", + "glue:PutSchemaVersionMetadata", + "glue:RemoveSchemaVersionMetadata", + "glue:QuerySchemaVersionMetadata" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "AWSGlueSchemaRegistryFullAccess" + }, + { + "Action": [ + "glue:GetTags", + "glue:TagResource", + "glue:UnTagResource" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:schema/*", + "arn:aws:glue:*:*:registry/*" + ], + "Sid": "AWSGlueSchemaRegistryTagsFullAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4H2OHGXA4A", + "PolicyName": "AWSGlueSchemaRegistryFullAccess", + "UpdateDate": "2020-11-20T00:19:00+00:00", + "VersionId": "v1" + }, + "AWSGlueSchemaRegistryReadonlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryReadonlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-20T00:20:06+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "glue:GetRegistry", + "glue:ListRegistries", + "glue:GetSchema", + "glue:ListSchemas", + "glue:GetSchemaByDefinition", + "glue:GetSchemaVersion", + "glue:ListSchemaVersions", + "glue:GetSchemaVersionsDiff", + "glue:CheckSchemaVersionValidity", + "glue:QuerySchemaVersionMetadata", + "glue:GetTags" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "AWSGlueSchemaRegistryReadonlyAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4B2SFYL4LZ", + "PolicyName": "AWSGlueSchemaRegistryReadonlyAccess", + "UpdateDate": "2020-11-20T00:20:06+00:00", "VersionId": "v1" }, "AWSGlueServiceNotebookRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceNotebookRole", "AttachmentCount": 0, "CreateDate": "2017-08-14T13:37:42+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -7410,11 +12566,6 @@ aws_managed_policies_data = """ "glue:UpdateDatabase", "glue:UpdatePartition", "glue:UpdateTable", - "glue:CreateBookmark", - "glue:GetBookmark", - "glue:UpdateBookmark", - "glue:GetMetric", - "glue:PutMetric", "glue:CreateConnection", "glue:CreateJob", "glue:DeleteConnection", @@ -7496,8 +12647,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIMRC6VZUHJYCTKWFI", "PolicyName": "AWSGlueServiceNotebookRole", - "UpdateDate": "2017-08-17T18:08:29+00:00", - "VersionId": "v2" + "UpdateDate": "2019-10-07T18:05:54+00:00", + "VersionId": "v3" }, "AWSGlueServiceRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole", @@ -7604,6 +12755,130 @@ aws_managed_policies_data = """ "UpdateDate": "2018-06-25T18:23:09+00:00", "VersionId": "v4" }, + "AWSGrafanaAccountAdministrator": { + "Arn": "arn:aws:iam::aws:policy/AWSGrafanaAccountAdministrator", + "AttachmentCount": 0, + "CreateDate": "2021-02-23T00:20:38+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iam:ListRoles" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AWSGrafanaOrganizationAdmin" + }, + { + "Action": "iam:GetRole", + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*", + "Sid": "GrafanaIAMGetRolePermission" + }, + { + "Action": [ + "grafana:*" + ], + "Effect": "Allow", + "Resource": "arn:aws:grafana:*:*:/workspaces*", + "Sid": "AWSGrafanaPermissions" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringLike": { + "iam:PassedToService": "grafana.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*", + "Sid": "GrafanaIAMPassRolePermission" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "sso.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", + "Sid": "SSOSLRPermission" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KHVCM25DH", + "PolicyName": "AWSGrafanaAccountAdministrator", + "UpdateDate": "2021-02-23T00:20:38+00:00", + "VersionId": "v1" + }, + "AWSGrafanaConsoleReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSGrafanaConsoleReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2021-02-23T00:10:40+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "grafana:DescribeWorkspace", + "grafana:ListPermissions", + "grafana:ListWorkspaces" + ], + "Effect": "Allow", + "Resource": "arn:aws:grafana:*:*:/workspaces*", + "Sid": "AWSGrafanaConsoleReadOnlyAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OHSWBMKNF", + "PolicyName": "AWSGrafanaConsoleReadOnlyAccess", + "UpdateDate": "2021-02-23T00:10:40+00:00", + "VersionId": "v1" + }, + "AWSGrafanaWorkspacePermissionManagement": { + "Arn": "arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagement", + "AttachmentCount": 0, + "CreateDate": "2021-02-23T00:15:54+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "grafana:DescribeWorkspace", + "grafana:UpdatePermissions", + "grafana:ListPermissions", + "grafana:ListWorkspaces" + ], + "Effect": "Allow", + "Resource": "arn:aws:grafana:*:*:/workspaces*", + "Sid": "AWSGrafanaPermissions" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4G37QQNGZW", + "PolicyName": "AWSGrafanaWorkspacePermissionManagement", + "UpdateDate": "2021-02-23T00:15:54+00:00", + "VersionId": "v1" + }, "AWSGreengrassFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSGreengrassFullAccess", "AttachmentCount": 0, @@ -7769,13 +13044,40 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSHealthFullAccess", "AttachmentCount": 0, "CreateDate": "2016-12-06T12:30:31+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ - "health:*" + "organizations:EnableAWSServiceAccess", + "organizations:DisableAWSServiceAccess" ], + "Condition": { + "StringEquals": { + "organizations:ServicePrincipal": "health.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "health:*", + "organizations:ListAccounts", + "organizations:ListParents", + "organizations:DescribeAccount", + "organizations:ListDelegatedAdministrators" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "health.amazonaws.com" + } + }, "Effect": "Allow", "Resource": "*" } @@ -7788,19 +13090,19 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI3CUMPCPEUPCSXC4Y", "PolicyName": "AWSHealthFullAccess", - "UpdateDate": "2016-12-06T12:30:31+00:00", - "VersionId": "v1" + "UpdateDate": "2020-11-16T18:11:34+00:00", + "VersionId": "v3" }, - "AWSIQFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIQFullAccess", + "AWSIQContractServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQContractServiceRolePolicy", "AttachmentCount": 0, - "CreateDate": "2019-04-04T23:13:42+00:00", + "CreateDate": "2019-08-22T19:28:39+00:00", "DefaultVersionId": "v1", "Document": { "Statement": [ { "Action": [ - "iq:*" + "aws-marketplace:Subscribe" ], "Effect": "Allow", "Resource": "*" @@ -7810,11 +13112,252 @@ aws_managed_policies_data = """ }, "IsAttachable": true, "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4E26ATDUIP", + "PolicyName": "AWSIQContractServiceRolePolicy", + "UpdateDate": "2019-08-22T19:28:39+00:00", + "VersionId": "v1" + }, + "AWSIQFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSIQFullAccess", + "AttachmentCount": 1, + "CreateDate": "2019-04-04T23:13:42+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "iq:*", + "iq-permission:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "permission.iq.amazonaws.com", + "contract.iq.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAZKAPJZG4P4TAHETXT", "PolicyName": "AWSIQFullAccess", - "UpdateDate": "2019-04-04T23:13:42+00:00", + "UpdateDate": "2019-09-25T20:22:34+00:00", + "VersionId": "v2" + }, + "AWSIQPermissionServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQPermissionServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-08-22T19:36:29+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iam:DeleteRole", + "iam:ListAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/AWSIQPermission-*" + }, + { + "Action": [ + "iam:AttachRolePolicy" + ], + "Condition": { + "ArnEquals": { + "iam:PolicyARN": "arn:aws:iam::aws:policy/AWSDenyAll" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/AWSIQPermission-*" + }, + { + "Action": [ + "iam:DetachRolePolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/AWSIQPermission-*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4J77DMGFZ5", + "PolicyName": "AWSIQPermissionServiceRolePolicy", + "UpdateDate": "2019-08-22T19:36:29+00:00", + "VersionId": "v1" + }, + "AWSImageBuilderFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSImageBuilderFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-20T18:25:12+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "imagebuilder:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sns:ListTopics" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sns:Publish" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:*imagebuilder*" + }, + { + "Action": [ + "license-manager:ListLicenseConfigurations", + "license-manager:ListLicenseSpecificationsForResource" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" + }, + { + "Action": [ + "iam:GetInstanceProfile" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:instance-profile/*imagebuilder*" + }, + { + "Action": [ + "iam:ListInstanceProfiles", + "iam:ListRoles" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "ec2.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:instance-profile/*imagebuilder*", + "arn:aws:iam::*:role/*imagebuilder*" + ] + }, + { + "Action": [ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3::*:*imagebuilder*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "imagebuilder.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" + }, + { + "Action": [ + "ec2:DescribeImages", + "ec2:DescribeVpcs", + "ec2:DescribeRegions", + "ec2:DescribeVolumes", + "ec2:DescribeSubnets", + "ec2:DescribeKeyPairs", + "ec2:DescribeSecurityGroups" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EO4HCSNZH", + "PolicyName": "AWSImageBuilderFullAccess", + "UpdateDate": "2019-12-20T18:25:12+00:00", + "VersionId": "v1" + }, + "AWSImageBuilderReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSImageBuilderReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-19T22:29:23+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "imagebuilder:Get*", + "imagebuilder:List*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OD5TC5BXP", + "PolicyName": "AWSImageBuilderReadOnlyAccess", + "UpdateDate": "2019-12-19T22:29:23+00:00", "VersionId": "v1" }, "AWSImportExportFullAccess": { @@ -7983,7 +13526,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSIoTConfigAccess", "AttachmentCount": 0, "CreateDate": "2015-10-27T21:52:07+00:00", - "DefaultVersionId": "v8", + "DefaultVersionId": "v9", "Document": { "Statement": [ { @@ -8031,7 +13574,6 @@ aws_managed_policies_data = """ "iot:DescribeAuthorizer", "iot:DescribeCACertificate", "iot:DescribeCertificate", - "iot:DescribeCertificateTag", "iot:DescribeDefaultAuthorizer", "iot:DescribeEndpoint", "iot:DescribeEventConfigurations", @@ -8108,7 +13650,6 @@ aws_managed_policies_data = """ "iot:UpdateAuthorizer", "iot:UpdateCACertificate", "iot:UpdateCertificate", - "iot:UpdateCertificateTag", "iot:UpdateEventConfigurations", "iot:UpdateIndexingConfiguration", "iot:UpdateRoleAlias", @@ -8154,14 +13695,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIWWGD4LM4EMXNRL7I", "PolicyName": "AWSIoTConfigAccess", - "UpdateDate": "2018-10-01T17:22:32+00:00", - "VersionId": "v8" + "UpdateDate": "2019-09-27T20:48:00+00:00", + "VersionId": "v9" }, "AWSIoTConfigReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-10-27T21:52:31+00:00", - "DefaultVersionId": "v7", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -8169,7 +13710,6 @@ aws_managed_policies_data = """ "iot:DescribeAuthorizer", "iot:DescribeCACertificate", "iot:DescribeCertificate", - "iot:DescribeCertificateTag", "iot:DescribeDefaultAuthorizer", "iot:DescribeEndpoint", "iot:DescribeEventConfigurations", @@ -8250,8 +13790,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJHENEMXGX4XMFOIOI", "PolicyName": "AWSIoTConfigReadOnlyAccess", - "UpdateDate": "2018-07-18T21:22:11+00:00", - "VersionId": "v7" + "UpdateDate": "2019-09-27T20:52:40+00:00", + "VersionId": "v8" }, "AWSIoTDataAccess": { "Arn": "arn:aws:iam::aws:policy/AWSIoTDataAccess", @@ -8285,11 +13825,40 @@ aws_managed_policies_data = """ "UpdateDate": "2017-11-16T18:24:11+00:00", "VersionId": "v2" }, + "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", + "AttachmentCount": 0, + "CreateDate": "2019-08-07T17:55:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iot:ListPrincipalThings", + "iot:AddThingToThingGroup" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HEHG3RV6B", + "PolicyName": "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", + "UpdateDate": "2019-08-07T17:55:37+00:00", + "VersionId": "v1" + }, "AWSIoTDeviceDefenderAudit": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAudit", "AttachmentCount": 0, "CreateDate": "2018-07-18T21:17:40+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -8303,12 +13872,17 @@ aws_managed_policies_data = """ "iot:ListPolicies", "iot:GetPolicy", "iot:GetEffectivePolicies", + "iot:ListRoleAliases", + "iot:DescribeRoleAlias", "cognito-identity:GetIdentityPoolRoles", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies", + "iam:GetRole", "iam:GetPolicy", "iam:GetPolicyVersion", - "iam:GetRolePolicy" + "iam:GetRolePolicy", + "iam:GenerateServiceLastAccessedDetails", + "iam:GetServiceLastAccessedDetails" ], "Effect": "Allow", "Resource": [ @@ -8324,9 +13898,577 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJKUN6OAGIHZ66TRKO", "PolicyName": "AWSIoTDeviceDefenderAudit", - "UpdateDate": "2018-07-18T21:17:40+00:00", + "UpdateDate": "2019-11-25T23:52:43+00:00", + "VersionId": "v3" + }, + "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", + "AttachmentCount": 0, + "CreateDate": "2019-08-07T17:04:07+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iot:SetV2LoggingOptions" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "iot.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4G34KP2NLZ", + "PolicyName": "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", + "UpdateDate": "2019-08-07T17:04:07+00:00", "VersionId": "v1" }, + "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", + "AttachmentCount": 0, + "CreateDate": "2019-08-07T17:04:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sns:Publish" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GZL2FL6JV", + "PolicyName": "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", + "UpdateDate": "2019-08-07T17:04:37+00:00", + "VersionId": "v1" + }, + "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", + "AttachmentCount": 0, + "CreateDate": "2019-08-07T17:04:57+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iot:CreatePolicyVersion" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HN4VCIBCR", + "PolicyName": "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", + "UpdateDate": "2019-08-07T17:04:57+00:00", + "VersionId": "v1" + }, + "AWSIoTDeviceDefenderUpdateCACertMitigationAction": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateCACertMitigationAction", + "AttachmentCount": 0, + "CreateDate": "2019-08-07T17:05:49+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iot:UpdateCACertificate" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KLBGET6KX", + "PolicyName": "AWSIoTDeviceDefenderUpdateCACertMitigationAction", + "UpdateDate": "2019-08-07T17:05:49+00:00", + "VersionId": "v1" + }, + "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", + "AttachmentCount": 0, + "CreateDate": "2019-08-07T17:06:00+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iot:UpdateCertificate" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KB4AHFGEB", + "PolicyName": "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", + "UpdateDate": "2019-08-07T17:06:00+00:00", + "VersionId": "v1" + }, + "AWSIoTDeviceTesterForFreeRTOSFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForFreeRTOSFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-02-12T20:33:53+00:00", + "DefaultVersionId": "v5", + "Document": { + "Statement": [ + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "iot.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/idt-*", + "Sid": "VisualEditor0" + }, + { + "Action": [ + "iot:DeleteThing", + "iot:AttachThingPrincipal", + "iot:DeleteCertificate", + "iot:GetRegistrationCode", + "iot:CreatePolicy", + "iot:UpdateCACertificate", + "s3:ListBucket", + "iot:DescribeEndpoint", + "iot:CreateOTAUpdate", + "iot:CreateStream", + "signer:ListSigningJobs", + "acm:ListCertificates", + "iot:CreateKeysAndCertificate", + "iot:UpdateCertificate", + "iot:CreateCertificateFromCsr", + "iot:DetachThingPrincipal", + "iot:RegisterCACertificate", + "iot:CreateThing", + "freertos:ListHardwarePlatforms", + "iam:ListRoles", + "iot:RegisterCertificate", + "iot:DeleteCACertificate", + "signer:PutSigningProfile", + "s3:ListAllMyBuckets", + "signer:ListSigningPlatforms", + "iot-device-tester:SendMetrics", + "iot-device-tester:SupportedVersion", + "iot-device-tester:LatestIdt", + "iot-device-tester:CheckVersion", + "iot-device-tester:DownloadTestSuite" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "VisualEditor1" + }, + { + "Action": [ + "iam:GetRole", + "signer:StartSigningJob", + "acm:GetCertificate", + "signer:DescribeSigningJob", + "s3:CreateBucket", + "execute-api:Invoke", + "s3:DeleteBucket", + "s3:PutBucketVersioning", + "signer:CancelSigningProfile" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", + "arn:aws:signer:*:*:/signing-profiles/*", + "arn:aws:signer:*:*:/signing-jobs/*", + "arn:aws:iam::*:role/idt-*", + "arn:aws:acm:*:*:certificate/*", + "arn:aws:s3:::idt-*", + "arn:aws:s3:::afr-ota*" + ], + "Sid": "VisualEditor2" + }, + { + "Action": [ + "iot:DeleteStream", + "iot:DeleteCertificate", + "iot:AttachPolicy", + "iot:DetachPolicy", + "iot:DeletePolicy", + "s3:ListBucketVersions", + "iot:UpdateCertificate", + "iot:GetOTAUpdate", + "iot:DeleteOTAUpdate", + "iot:DescribeJobExecution" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::afr-ota*", + "arn:aws:iot:*:*:thinggroup/idt*", + "arn:aws:iam::*:role/idt-*" + ], + "Sid": "VisualEditor3" + }, + { + "Action": [ + "iot:DeleteCertificate", + "iot:AttachPolicy", + "iot:DetachPolicy", + "s3:DeleteObjectVersion", + "iot:DeleteOTAUpdate", + "s3:PutObject", + "s3:GetObject", + "iot:DeleteStream", + "iot:DeletePolicy", + "s3:DeleteObject", + "iot:UpdateCertificate", + "iot:GetOTAUpdate", + "s3:GetObjectVersion", + "iot:DescribeJobExecution" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::afr-ota*/*", + "arn:aws:s3:::idt-*/*", + "arn:aws:iot:*:*:policy/idt*", + "arn:aws:iam::*:role/idt-*", + "arn:aws:iot:*:*:otaupdate/idt*", + "arn:aws:iot:*:*:thing/idt*", + "arn:aws:iot:*:*:cert/*", + "arn:aws:iot:*:*:job/*", + "arn:aws:iot:*:*:stream/*" + ], + "Sid": "VisualEditor4" + }, + { + "Action": [ + "s3:PutObject", + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::afr-ota*/*", + "arn:aws:s3:::idt-*/*" + ], + "Sid": "VisualEditor5" + }, + { + "Action": [ + "iot:CancelJobExecution" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:job/*", + "arn:aws:iot:*:*:thing/idt*" + ], + "Sid": "VisualEditor6" + }, + { + "Action": [ + "ec2:TerminateInstances" + ], + "Condition": { + "StringEquals": { + "ec2:ResourceTag/Owner": "IoTDeviceTester" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid": "VisualEditor7" + }, + { + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Condition": { + "StringEquals": { + "ec2:ResourceTag/Owner": "IoTDeviceTester" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid": "VisualEditor8" + }, + { + "Action": [ + "ec2:RunInstances" + ], + "Condition": { + "StringEquals": { + "aws:RequestTag/Owner": "IoTDeviceTester" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid": "VisualEditor9" + }, + { + "Action": [ + "ec2:RunInstances" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*:*:placement-group/*", + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:subnet/*" + ], + "Sid": "VisualEditor10" + }, + { + "Action": [ + "ec2:CreateSecurityGroup" + ], + "Condition": { + "StringEquals": { + "aws:RequestTag/Owner": "IoTDeviceTester" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid": "VisualEditor11" + }, + { + "Action": [ + "ec2:DescribeInstances", + "ec2:DescribeSecurityGroups", + "ssm:DescribeParameters", + "ssm:GetParameters" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "VisualEditor12" + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:TagKeys": [ + "Owner" + ], + "ec2:CreateAction": [ + "RunInstances", + "CreateSecurityGroup" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:instance/*" + ], + "Sid": "VisualEditor13" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ADNJ2YUUH", + "PolicyName": "AWSIoTDeviceTesterForFreeRTOSFullAccess", + "UpdateDate": "2020-12-15T18:03:46+00:00", + "VersionId": "v5" + }, + "AWSIoTDeviceTesterForGreengrassFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForGreengrassFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-02-20T21:21:27+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "iot.amazonaws.com", + "lambda.amazonaws.com", + "greengrass.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/idt-*", + "Sid": "VisualEditor1" + }, + { + "Action": [ + "lambda:CreateFunction", + "iot:DeleteCertificate", + "lambda:DeleteFunction", + "execute-api:Invoke", + "iot:UpdateCertificate" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", + "arn:aws:lambda:*:*:function:idt-*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid": "VisualEditor2" + }, + { + "Action": [ + "iot:CreateThing", + "iot:DeleteThing" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:thing/idt-*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid": "VisualEditor3" + }, + { + "Action": [ + "iot:AttachPolicy", + "iot:DetachPolicy", + "iot:DeletePolicy" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:policy/idt-*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid": "VisualEditor4" + }, + { + "Action": [ + "iot:CreateJob", + "iot:DescribeJob", + "iot:DescribeJobExecution", + "iot:DeleteJob" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:thing/idt-*", + "arn:aws:iot:*:*:job/*" + ], + "Sid": "VisualEditor5" + }, + { + "Action": [ + "iot:DescribeEndpoint", + "greengrass:*", + "iam:ListAttachedRolePolicies", + "iot:CreatePolicy", + "iot:GetThingShadow", + "iot:CreateKeysAndCertificate", + "iot:ListThings", + "iot:UpdateThingShadow", + "iot:CreateCertificateFromCsr", + "iot-device-tester:SendMetrics", + "iot-device-tester:SupportedVersion", + "iot-device-tester:LatestIdt", + "iot-device-tester:CheckVersion", + "iot-device-tester:DownloadTestSuite" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "VisualEditor6" + }, + { + "Action": [ + "iot:DetachThingPrincipal", + "iot:AttachThingPrincipal" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:thing/idt-*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid": "VisualEditor7" + }, + { + "Action": [ + "s3:PutObject", + "s3:DeleteObjectVersion", + "s3:ListBucketVersions", + "s3:CreateBucket", + "s3:DeleteObject", + "s3:DeleteBucket" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::idt*", + "Sid": "VisualEditor8" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ORKVZSPY7", + "PolicyName": "AWSIoTDeviceTesterForGreengrassFullAccess", + "UpdateDate": "2020-06-25T17:01:56+00:00", + "VersionId": "v4" + }, "AWSIoTEventsFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSIoTEventsFullAccess", "AttachmentCount": 0, @@ -8357,14 +14499,13 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSIoTEventsReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2019-01-10T22:50:08+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "iotevents:Describe*", - "iotevents:List*", - "iotevents:Get*" + "iotevents:List*" ], "Effect": "Allow", "Resource": "*" @@ -8378,7 +14519,72 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJYJFNAR7CN5JW52PG", "PolicyName": "AWSIoTEventsReadOnlyAccess", - "UpdateDate": "2019-01-10T22:50:08+00:00", + "UpdateDate": "2019-09-23T17:22:04+00:00", + "VersionId": "v2" + }, + "AWSIoTFleetHubFederationAccess": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTFleetHubFederationAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-15T08:08:05+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iot:DescribeIndex", + "iot:DescribeThingGroup", + "iot:GetBucketsAggregation", + "iot:GetCardinality", + "iot:GetIndexingConfiguration", + "iot:GetPercentiles", + "iot:GetStatistics", + "iot:SearchIndex", + "iot:CreateFleetMetric", + "iot:ListFleetMetrics", + "iot:DeleteFleetMetric", + "iot:DescribeFleetMetric", + "iot:UpdateFleetMetric", + "iotfleethub:ListDashboards", + "iotfleethub:DescribeDashboard", + "iotfleethub:DescribeApplication", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "sns:ListTopics" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:ListSubscriptionsByTopic", + "sns:Subscribe", + "sns:Unsubscribe" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:iotfleethub*" + }, + { + "Action": [ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarmHistory" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudwatch:*:*:iotfleethub*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4H4EGQA254", + "PolicyName": "AWSIoTFleetHubFederationAccess", + "UpdateDate": "2020-12-15T08:08:05+00:00", "VersionId": "v1" }, "AWSIoTFullAccess": { @@ -8622,6 +14828,108 @@ aws_managed_policies_data = """ "UpdateDate": "2018-12-04T20:53:39+00:00", "VersionId": "v1" }, + "AWSIoTSiteWiseMonitorPortalAccess": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTSiteWiseMonitorPortalAccess", + "AttachmentCount": 0, + "CreateDate": "2020-05-19T20:01:21+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iotsitewise:CreateProject", + "iotsitewise:DescribeProject", + "iotsitewise:UpdateProject", + "iotsitewise:DeleteProject", + "iotsitewise:ListProjects", + "iotsitewise:BatchAssociateProjectAssets", + "iotsitewise:BatchDisassociateProjectAssets", + "iotsitewise:ListProjectAssets", + "iotsitewise:CreateDashboard", + "iotsitewise:DescribeDashboard", + "iotsitewise:UpdateDashboard", + "iotsitewise:DeleteDashboard", + "iotsitewise:ListDashboards", + "iotsitewise:CreateAccessPolicy", + "iotsitewise:DescribeAccessPolicy", + "iotsitewise:UpdateAccessPolicy", + "iotsitewise:DeleteAccessPolicy", + "iotsitewise:ListAccessPolicies", + "iotsitewise:DescribeAsset", + "iotsitewise:ListAssets", + "iotsitewise:ListAssociatedAssets", + "iotsitewise:DescribeAssetProperty", + "iotsitewise:GetAssetPropertyValue", + "iotsitewise:GetAssetPropertyValueHistory", + "iotsitewise:GetAssetPropertyAggregates", + "sso-directory:DescribeUsers" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4E6CZDALWJ", + "PolicyName": "AWSIoTSiteWiseMonitorPortalAccess", + "UpdateDate": "2020-05-19T20:01:21+00:00", + "VersionId": "v1" + }, + "AWSIoTSiteWiseMonitorServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTSiteWiseMonitorServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-14T00:59:10+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "iotsitewise:CreateProject", + "iotsitewise:DescribeProject", + "iotsitewise:UpdateProject", + "iotsitewise:DeleteProject", + "iotsitewise:ListProjects", + "iotsitewise:BatchAssociateProjectAssets", + "iotsitewise:BatchDisassociateProjectAssets", + "iotsitewise:ListProjectAssets", + "iotsitewise:CreateDashboard", + "iotsitewise:DescribeDashboard", + "iotsitewise:UpdateDashboard", + "iotsitewise:DeleteDashboard", + "iotsitewise:ListDashboards", + "iotsitewise:CreateAccessPolicy", + "iotsitewise:DescribeAccessPolicy", + "iotsitewise:UpdateAccessPolicy", + "iotsitewise:DeleteAccessPolicy", + "iotsitewise:ListAccessPolicies", + "iotsitewise:DescribeAsset", + "iotsitewise:ListAssets", + "iotsitewise:ListAssociatedAssets", + "iotsitewise:DescribeAssetProperty", + "iotsitewise:GetAssetPropertyValue", + "iotsitewise:GetAssetPropertyValueHistory", + "iotsitewise:GetAssetPropertyAggregates", + "sso-directory:DescribeUsers" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CR556M6Y5", + "PolicyName": "AWSIoTSiteWiseMonitorServiceRolePolicy", + "UpdateDate": "2019-12-13T22:19:25+00:00", + "VersionId": "v2" + }, "AWSIoTSiteWiseReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseReadOnlyAccess", "AttachmentCount": 0, @@ -8654,12 +14962,13 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration", "AttachmentCount": 0, "CreateDate": "2017-12-01T20:21:52+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ "iot:AddThingToThingGroup", + "iot:AttachPolicy", "iot:AttachPrincipalPolicy", "iot:AttachThingPrincipal", "iot:CreateCertificateFromCsr", @@ -8669,11 +14978,14 @@ aws_managed_policies_data = """ "iot:DescribeThing", "iot:DescribeThingGroup", "iot:DescribeThingType", + "iot:DetachPolicy", "iot:DetachThingPrincipal", "iot:GetPolicy", + "iot:ListAttachedPolicies", "iot:ListPolicyPrincipals", "iot:ListPrincipalPolicies", "iot:ListPrincipalThings", + "iot:ListTargetsForPolicy", "iot:ListThingGroupsForThing", "iot:ListThingPrincipals", "iot:RegisterCertificate", @@ -8681,7 +14993,10 @@ aws_managed_policies_data = """ "iot:RemoveThingFromThingGroup", "iot:UpdateCertificate", "iot:UpdateThing", - "iot:UpdateThingGroupsForThing" + "iot:UpdateThingGroupsForThing", + "iot:AddThingToBillingGroup", + "iot:DescribeBillingGroup", + "iot:RemoveThingFromBillingGroup" ], "Effect": "Allow", "Resource": [ @@ -8697,7 +15012,172 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI3YQXTC5XAEVTJNEU", "PolicyName": "AWSIoTThingsRegistration", - "UpdateDate": "2017-12-01T20:21:52+00:00", + "UpdateDate": "2020-10-05T19:20:12+00:00", + "VersionId": "v3" + }, + "AWSIoTWirelessDataAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessDataAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-15T15:31:39+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iotwireless:SendDataToWirelessDevice" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HH6GBXNUO", + "PolicyName": "AWSIoTWirelessDataAccess", + "UpdateDate": "2020-12-15T15:31:39+00:00", + "VersionId": "v1" + }, + "AWSIoTWirelessFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-15T15:27:57+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iotwireless:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4L5RZVVSRQ", + "PolicyName": "AWSIoTWirelessFullAccess", + "UpdateDate": "2020-12-15T15:27:57+00:00", + "VersionId": "v1" + }, + "AWSIoTWirelessFullPublishAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullPublishAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-15T15:29:59+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iot:DescribeEndpoint", + "iot:Publish" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JSRC2FZ22", + "PolicyName": "AWSIoTWirelessFullPublishAccess", + "UpdateDate": "2020-12-15T15:29:59+00:00", + "VersionId": "v1" + }, + "AWSIoTWirelessGatewayCertManager": { + "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessGatewayCertManager", + "AttachmentCount": 0, + "CreateDate": "2020-12-15T15:30:48+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iot:CreateKeysAndCertificate", + "iot:DescribeCertificate", + "iot:ListCertificates" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "IoTWirelessGatewayCertManager" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4O6BH33Y6U", + "PolicyName": "AWSIoTWirelessGatewayCertManager", + "UpdateDate": "2020-12-15T15:30:48+00:00", + "VersionId": "v1" + }, + "AWSIoTWirelessLogging": { + "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessLogging", + "AttachmentCount": 0, + "CreateDate": "2020-12-15T15:32:40+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/iotwireless*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4L3X44AIHR", + "PolicyName": "AWSIoTWirelessLogging", + "UpdateDate": "2020-12-15T15:32:40+00:00", + "VersionId": "v1" + }, + "AWSIoTWirelessReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-15T15:28:56+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iotwireless:List*", + "iotwireless:Get*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FJYYSL3ZA", + "PolicyName": "AWSIoTWirelessReadOnlyAccess", + "UpdateDate": "2020-12-15T15:28:56+00:00", "VersionId": "v1" }, "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy": { @@ -8769,9 +15249,144 @@ aws_managed_policies_data = """ "UpdateDate": "2017-03-07T00:55:11+00:00", "VersionId": "v2" }, + "AWSLakeFormationCrossAccountManager": { + "Arn": "arn:aws:iam::aws:policy/AWSLakeFormationCrossAccountManager", + "AttachmentCount": 0, + "CreateDate": "2020-08-04T20:59:46+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "ram:CreateResourceShare" + ], + "Condition": { + "StringLikeIfExists": { + "ram:RequestedResourceType": [ + "glue:Table", + "glue:Database", + "glue:Catalog" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ram:UpdateResourceShare", + "ram:DeleteResourceShare" + ], + "Condition": { + "StringLike": { + "ram:ResourceShareName": [ + "LakeFormation*" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "glue:PutResourcePolicy", + "glue:DeleteResourcePolicy", + "organizations:DescribeOrganization", + "organizations:DescribeAccount", + "ram:Get*", + "ram:List*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "organizations:ListRoots", + "organizations:ListAccountsForParent", + "organizations:ListOrganizationalUnitsForParent" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HPT7Y7QL3", + "PolicyName": "AWSLakeFormationCrossAccountManager", + "UpdateDate": "2020-12-07T23:11:36+00:00", + "VersionId": "v3" + }, + "AWSLakeFormationDataAdmin": { + "Arn": "arn:aws:iam::aws:policy/AWSLakeFormationDataAdmin", + "AttachmentCount": 0, + "CreateDate": "2019-08-08T17:33:44+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "lakeformation:*", + "cloudtrail:DescribeTrails", + "cloudtrail:LookupEvents", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:CreateDatabase", + "glue:UpdateDatabase", + "glue:DeleteDatabase", + "glue:GetConnections", + "glue:SearchTables", + "glue:GetTable", + "glue:CreateTable", + "glue:UpdateTable", + "glue:DeleteTable", + "glue:GetTableVersions", + "glue:GetPartitions", + "glue:GetTables", + "glue:GetWorkflow", + "glue:ListWorkflows", + "glue:BatchGetWorkflows", + "glue:DeleteWorkflow", + "glue:GetWorkflowRuns", + "glue:StartWorkflowRun", + "glue:GetWorkflow", + "s3:ListBucket", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "iam:ListUsers", + "iam:ListRoles", + "iam:GetRole", + "iam:GetRolePolicy" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "lakeformation:PutDataLakeSettings" + ], + "Effect": "Deny", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OWCH3ENIA", + "PolicyName": "AWSLakeFormationDataAdmin", + "UpdateDate": "2019-12-16T22:41:40+00:00", + "VersionId": "v2" + }, "AWSLambdaBasicExecutionRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "AttachmentCount": 2, + "AttachmentCount": 0, "CreateDate": "2015-04-09T15:03:43+00:00", "DefaultVersionId": "v1", "Document": { @@ -8833,14 +15448,16 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess", "AttachmentCount": 0, "CreateDate": "2016-12-06T00:37:27+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface" + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" ], "Effect": "Allow", "Resource": "*" @@ -8854,8 +15471,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJXAW2Q3KPTURUT2QC", "PolicyName": "AWSLambdaENIManagementAccess", - "UpdateDate": "2016-12-06T00:37:27+00:00", - "VersionId": "v1" + "UpdateDate": "2020-10-01T20:07:26+00:00", + "VersionId": "v2" }, "AWSLambdaExecute": { "Arn": "arn:aws:iam::aws:policy/AWSLambdaExecute", @@ -9039,6 +15656,42 @@ aws_managed_policies_data = """ "UpdateDate": "2018-11-19T20:09:24+00:00", "VersionId": "v2" }, + "AWSLambdaMSKExecutionRole": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaMSKExecutionRole", + "AttachmentCount": 0, + "CreateDate": "2020-08-11T17:35:05+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "kafka:DescribeCluster", + "kafka:GetBootstrapBrokers", + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcs", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FHMXOHIS5", + "PolicyName": "AWSLambdaMSKExecutionRole", + "UpdateDate": "2020-08-11T17:35:05+00:00", + "VersionId": "v1" + }, "AWSLambdaReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess", "AttachmentCount": 0, @@ -9173,7 +15826,7 @@ aws_managed_policies_data = """ }, "AWSLambdaRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaRole", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2015-02-06T18:41:28+00:00", "DefaultVersionId": "v1", "Document": { @@ -9234,7 +15887,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", "AttachmentCount": 0, "CreateDate": "2016-02-11T23:15:26+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -9244,7 +15897,9 @@ aws_managed_policies_data = """ "logs:PutLogEvents", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface" + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" ], "Effect": "Allow", "Resource": "*" @@ -9258,14 +15913,137 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJVTME3YLVNL72YR2K", "PolicyName": "AWSLambdaVPCAccessExecutionRole", - "UpdateDate": "2016-02-11T23:15:26+00:00", + "UpdateDate": "2020-10-15T22:53:03+00:00", + "VersionId": "v2" + }, + "AWSLambda_FullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSLambda_FullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-17T21:14:08+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricData", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "kms:ListAliases", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:ListRolePolicies", + "iam:ListRoles", + "lambda:*", + "logs:DescribeLogGroups", + "states:DescribeStateMachine", + "states:ListStateMachines", + "tag:GetResources", + "xray:GetTraceSummaries", + "xray:BatchGetTraces" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "lambda.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "logs:FilterLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OXQPYWZ5D", + "PolicyName": "AWSLambda_FullAccess", + "UpdateDate": "2020-11-17T21:14:08+00:00", + "VersionId": "v1" + }, + "AWSLambda_ReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-17T21:10:32+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "kms:ListAliases", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:ListRolePolicies", + "iam:ListRoles", + "logs:DescribeLogGroups", + "lambda:Get*", + "lambda:List*", + "states:DescribeStateMachine", + "states:ListStateMachines", + "tag:GetResources", + "xray:GetTraceSummaries", + "xray:BatchGetTraces" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "logs:FilterLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IERNVMNPE", + "PolicyName": "AWSLambda_ReadOnlyAccess", + "UpdateDate": "2020-11-17T21:10:32+00:00", "VersionId": "v1" }, "AWSLicenseManagerMasterAccountRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-11-26T19:03:51+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -9392,6 +16170,67 @@ aws_managed_policies_data = """ "*" ], "Sid": "RAMPermissions3" + }, + { + "Action": [ + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "IAMGetRoles" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "cloudformation.amazonaws.com", + "glue.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/LicenseManagerServiceResourceDataSyncRole*" + ], + "Sid": "IAMPassRoles" + }, + { + "Action": [ + "cloudformation:UpdateStack", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStacks" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*" + ], + "Sid": "CloudformationPermission" + }, + { + "Action": [ + "glue:CreateTable", + "glue:UpdateTable", + "glue:DeleteTable", + "glue:UpdateJob", + "glue:UpdateCrawler" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler", + "arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob", + "arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*", + "arn:aws:glue:*:*:table/license_manager_resource_sync/*", + "arn:aws:glue:*:*:database/license_manager_resource_inventory_db", + "arn:aws:glue:*:*:database/license_manager_resource_sync" + ], + "Sid": "GlueUpdatePermissions" } ], "Version": "2012-10-17" @@ -9402,19 +16241,20 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIJE2NOZW2BDEHYUH2", "PolicyName": "AWSLicenseManagerMasterAccountRolePolicy", - "UpdateDate": "2018-11-26T19:03:51+00:00", - "VersionId": "v1" + "UpdateDate": "2019-08-29T22:56:41+00:00", + "VersionId": "v3" }, "AWSLicenseManagerMemberAccountRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMemberAccountRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-11-26T19:04:32+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ - "license-manager:UpdateLicenseSpecificationsForResource" + "license-manager:UpdateLicenseSpecificationsForResource", + "license-manager:GetLicenseConfiguration" ], "Effect": "Allow", "Resource": [ @@ -9458,14 +16298,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJZTYEY2LEGBYAVUY4", "PolicyName": "AWSLicenseManagerMemberAccountRolePolicy", - "UpdateDate": "2018-11-26T19:04:32+00:00", - "VersionId": "v1" + "UpdateDate": "2019-11-15T22:09:32+00:00", + "VersionId": "v2" }, "AWSLicenseManagerServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-11-26T19:02:53+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -9553,6 +16393,20 @@ aws_managed_policies_data = """ "*" ], "Sid": "OrganizationPermissions" + }, + { + "Action": [ + "license-manager:GetServiceSettings", + "license-manager:GetLicense*", + "license-manager:UpdateLicenseSpecificationsForResource", + "license-manager:ListUsageForLicenseConfiguration", + "license-manager:ListDistributedGrants" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "LicenseManagerPermissions" } ], "Version": "2012-10-17" @@ -9563,7 +16417,43 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIM7JPETWHTYNBQSZE", "PolicyName": "AWSLicenseManagerServiceRolePolicy", - "UpdateDate": "2018-11-26T19:02:53+00:00", + "UpdateDate": "2020-12-03T08:38:18+00:00", + "VersionId": "v3" + }, + "AWSMarketplaceAmiIngestion": { + "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceAmiIngestion", + "AttachmentCount": 0, + "CreateDate": "2020-09-25T20:55:10+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:ModifySnapshotAttribute" + ], + "Effect": "Allow", + "Resource": "arn:aws:ec2:us-east-1::snapshot/snap-*" + }, + { + "Action": [ + "ec2:DescribeImageAttribute", + "ec2:DescribeImages", + "ec2:DescribeSnapshotAttribute", + "ec2:ModifyImageAttribute" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AV3OZYWEM", + "PolicyName": "AWSMarketplaceAmiIngestion", + "UpdateDate": "2020-09-25T20:55:10+00:00", "VersionId": "v1" }, "AWSMarketplaceFullAccess": { @@ -9812,11 +16702,47 @@ aws_managed_policies_data = """ "UpdateDate": "2018-08-08T21:11:59+00:00", "VersionId": "v2" }, + "AWSMarketplaceLicenseManagementServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceLicenseManagementServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-03T08:33:40+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "organizations:DescribeOrganization", + "license-manager:ListReceivedGrants", + "license-manager:ListDistributedGrants", + "license-manager:GetGrant", + "license-manager:CreateGrant", + "license-manager:CreateGrantVersion", + "license-manager:DeleteGrant", + "license-manager:AcceptGrant" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "AllowLicenseManagerActions" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4DTCV6FSO7", + "PolicyName": "AWSMarketplaceLicenseManagementServiceRolePolicy", + "UpdateDate": "2020-12-03T08:33:40+00:00", + "VersionId": "v1" + }, "AWSMarketplaceManageSubscriptions": { "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:32+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -9827,6 +16753,15 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "aws-marketplace:CreatePrivateMarketplaceRequests", + "aws-marketplace:ListPrivateMarketplaceRequests", + "aws-marketplace:DescribePrivateMarketplaceRequests" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -9837,8 +16772,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJRDW2WIFN7QLUAKBQ", "PolicyName": "AWSMarketplaceManageSubscriptions", - "UpdateDate": "2015-02-06T18:40:32+00:00", - "VersionId": "v1" + "UpdateDate": "2019-10-28T21:49:43+00:00", + "VersionId": "v2" }, "AWSMarketplaceMeteringFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess", @@ -9866,11 +16801,68 @@ aws_managed_policies_data = """ "UpdateDate": "2016-03-17T22:39:22+00:00", "VersionId": "v1" }, + "AWSMarketplaceMeteringRegisterUsage": { + "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage", + "AttachmentCount": 0, + "CreateDate": "2019-11-21T01:17:54+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "aws-marketplace:RegisterUsage" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OIHJX73MZ", + "PolicyName": "AWSMarketplaceMeteringRegisterUsage", + "UpdateDate": "2019-11-21T01:17:54+00:00", + "VersionId": "v1" + }, + "AWSMarketplaceProcurementSystemAdminFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceProcurementSystemAdminFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-06-25T13:07:47+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "aws-marketplace:PutProcurementSystemConfiguration", + "aws-marketplace:DescribeProcurementSystemConfiguration", + "organizations:Describe*", + "organizations:List*" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FIYNR3TC4", + "PolicyName": "AWSMarketplaceProcurementSystemAdminFullAccess", + "UpdateDate": "2019-06-25T13:07:47+00:00", + "VersionId": "v1" + }, "AWSMarketplaceRead-only": { "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceRead-only", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:31+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -9899,6 +16891,14 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "aws-marketplace:ListPrivateMarketplaceRequests", + "aws-marketplace:DescribePrivateMarketplaceRequests" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -9909,14 +16909,175 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJOOM6LETKURTJ3XZ2", "PolicyName": "AWSMarketplaceRead-only", - "UpdateDate": "2018-07-31T23:24:24+00:00", + "UpdateDate": "2019-10-28T21:51:31+00:00", + "VersionId": "v3" + }, + "AWSMarketplaceSellerFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-07-02T20:40:09+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "aws-marketplace-management:uploadFiles", + "aws-marketplace-management:viewMarketing", + "aws-marketplace-management:viewReports", + "aws-marketplace-management:viewSupport", + "aws-marketplace-management:viewSettings", + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:StartChangeSet", + "aws-marketplace:CancelChangeSet", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListTasks", + "aws-marketplace:DescribeTask", + "aws-marketplace:UpdateTask", + "aws-marketplace:CompleteTask", + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:ModifyImageAttribute", + "ec2:ModifySnapshotAttribute" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "aws-marketplace:SearchAgreements", + "aws-marketplace:DescribeAgreement", + "aws-marketplace:GetAgreementTerms" + ], + "Condition": { + "ForAllValues:StringEquals": { + "aws-marketplace:AgreementType": [ + "PurchaseAgreement" + ] + }, + "StringEquals": { + "aws-marketplace:PartyType": "Proposer" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:GetRole", + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": "assets.marketplace.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JF7OFUANW", + "PolicyName": "AWSMarketplaceSellerFullAccess", + "UpdateDate": "2020-10-09T22:23:38+00:00", + "VersionId": "v4" + }, + "AWSMarketplaceSellerProductsFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-07-02T21:06:25+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:StartChangeSet", + "aws-marketplace:CancelChangeSet", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListTasks", + "aws-marketplace:DescribeTask", + "aws-marketplace:UpdateTask", + "aws-marketplace:CompleteTask", + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:ModifyImageAttribute", + "ec2:ModifySnapshotAttribute" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:GetRole", + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": "assets.marketplace.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4DS2YFEG4N", + "PolicyName": "AWSMarketplaceSellerProductsFullAccess", + "UpdateDate": "2020-10-09T22:22:38+00:00", + "VersionId": "v3" + }, + "AWSMarketplaceSellerProductsReadOnly": { + "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsReadOnly", + "AttachmentCount": 0, + "CreateDate": "2019-07-02T21:40:47+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListTasks", + "aws-marketplace:DescribeTask", + "ec2:DescribeImages", + "ec2:DescribeSnapshots" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4K5Y2Q5F7D", + "PolicyName": "AWSMarketplaceSellerProductsReadOnly", + "UpdateDate": "2020-03-05T23:11:53+00:00", "VersionId": "v2" }, "AWSMigrationHubDMSAccess": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDMSAccess", "AttachmentCount": 0, "CreateDate": "2017-08-14T14:00:06+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -9946,7 +17107,8 @@ aws_managed_policies_data = """ }, { "Action": [ - "mgh:ListMigrationTasks" + "mgh:ListMigrationTasks", + "mgh:GetHomeRegion" ], "Effect": "Allow", "Resource": "*" @@ -9960,14 +17122,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIUQB56VA4JHLN7G2W", "PolicyName": "AWSMigrationHubDMSAccess", - "UpdateDate": "2017-08-14T14:00:06+00:00", - "VersionId": "v1" + "UpdateDate": "2019-10-07T17:51:53+00:00", + "VersionId": "v2" }, "AWSMigrationHubDiscoveryAccess": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDiscoveryAccess", "AttachmentCount": 0, "CreateDate": "2017-08-14T13:30:51+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -9979,6 +17141,41 @@ aws_managed_policies_data = """ "Resource": [ "*" ] + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": "aws:migrationhub:source-id" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action": "dms:AddTagsToResource", + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": "aws:migrationhub:source-id" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:dms:*:*:endpoint:*" + ] + }, + { + "Action": [ + "ec2:DescribeInstanceAttribute" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" @@ -9989,14 +17186,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAITRMRLSV7JAL6YIGG", "PolicyName": "AWSMigrationHubDiscoveryAccess", - "UpdateDate": "2017-08-14T13:30:51+00:00", - "VersionId": "v1" + "UpdateDate": "2020-08-06T17:34:42+00:00", + "VersionId": "v3" }, "AWSMigrationHubFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSMigrationHubFullAccess", "AttachmentCount": 0, "CreateDate": "2017-08-14T14:02:54+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -10031,6 +17228,20 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "migrationhub.amazonaws.com", + "dmsintegration.migrationhub.amazonaws.com", + "smsintegration.migrationhub.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -10041,14 +17252,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ4A2SZKHUYHDYIGOK", "PolicyName": "AWSMigrationHubFullAccess", - "UpdateDate": "2018-08-16T20:29:37+00:00", - "VersionId": "v3" + "UpdateDate": "2019-06-19T21:14:41+00:00", + "VersionId": "v4" }, "AWSMigrationHubSMSAccess": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubSMSAccess", "AttachmentCount": 0, "CreateDate": "2017-08-14T13:57:54+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -10078,7 +17289,8 @@ aws_managed_policies_data = """ }, { "Action": [ - "mgh:ListMigrationTasks" + "mgh:ListMigrationTasks", + "mgh:GetHomeRegion" ], "Effect": "Allow", "Resource": "*" @@ -10092,23 +17304,20 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIWQYYT6TSVIRJO4TY", "PolicyName": "AWSMigrationHubSMSAccess", - "UpdateDate": "2017-08-14T13:57:54+00:00", - "VersionId": "v1" + "UpdateDate": "2019-10-07T18:01:22+00:00", + "VersionId": "v2" }, "AWSMobileHub_FullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess", "AttachmentCount": 0, "CreateDate": "2016-01-05T19:56:01+00:00", - "DefaultVersionId": "v13", + "DefaultVersionId": "v14", "Document": { "Statement": [ { "Action": [ "apigateway:GET", - "apigateway:GetRestApis", - "apigateway:GetResources", "apigateway:POST", - "apigateway:TestInvokeMethod", "cloudfront:GetDistribution", "devicefarm:CreateProject", "devicefarm:ListJobs", @@ -10133,26 +17342,7 @@ aws_managed_policies_data = """ "lex:GetBots", "lex:GetBotAlias", "lex:GetBotAliases", - "mobilehub:CreateProject", - "mobilehub:DeleteProject", - "mobilehub:UpdateProject", - "mobilehub:ExportProject", - "mobilehub:ImportProject", - "mobilehub:SynchronizeProject", - "mobilehub:GenerateProjectParameters", - "mobilehub:GetProject", - "mobilehub:GetProjectSnapshot", - "mobilehub:ListProjectSnapshots", - "mobilehub:DeleteProjectSnapshot", - "mobilehub:ListAvailableConnectors", - "mobilehub:ListAvailableFeatures", - "mobilehub:ListAvailableRegions", - "mobilehub:ListProjects", - "mobilehub:ValidateProject", - "mobilehub:VerifyServiceRole", - "mobilehub:DescribeBundle", - "mobilehub:ExportBundle", - "mobilehub:ListBundles" + "mobilehub:*" ], "Effect": "Allow", "Resource": "*" @@ -10187,8 +17377,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIJLU43R6AGRBK76DM", "PolicyName": "AWSMobileHub_FullAccess", - "UpdateDate": "2018-02-05T23:44:29+00:00", - "VersionId": "v13" + "UpdateDate": "2019-12-19T23:15:52+00:00", + "VersionId": "v14" }, "AWSMobileHub_ReadOnly": { "Arn": "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly", @@ -10249,11 +17439,168 @@ aws_managed_policies_data = """ "UpdateDate": "2018-07-23T21:59:05+00:00", "VersionId": "v10" }, + "AWSNetworkFirewallServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkFirewallServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-11-17T17:17:26+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Condition": { + "StringEquals": { + "aws:RequestTag/AWSNetworkFirewallManaged": "true", + "ec2:CreateAction": "CreateVpcEndpoint" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action": [ + "ec2:DeleteVpcEndpoints" + ], + "Condition": { + "StringEquals": { + "aws:ResourceTag/AWSNetworkFirewallManaged": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4DF6QQZAL3", + "PolicyName": "AWSNetworkFirewallServiceRolePolicy", + "UpdateDate": "2020-11-17T17:17:26+00:00", + "VersionId": "v1" + }, + "AWSNetworkManagerFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T17:37:58+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "networkmanager:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "networkmanager.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ARXJ4NU7I", + "PolicyName": "AWSNetworkManagerFullAccess", + "UpdateDate": "2019-12-03T17:37:58+00:00", + "VersionId": "v1" + }, + "AWSNetworkManagerReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T17:35:05+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "networkmanager:Describe*", + "networkmanager:Get*", + "networkmanager:List*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LZFJOS62Z", + "PolicyName": "AWSNetworkManagerReadOnlyAccess", + "UpdateDate": "2019-12-03T17:35:05+00:00", + "VersionId": "v1" + }, + "AWSNetworkManagerServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkManagerServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T14:03:35+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "directconnect:DescribeConnections", + "directconnect:DescribeDirectConnectGatewayAttachments", + "directconnect:DescribeLocations", + "directconnect:DescribeVirtualInterfaces", + "ec2:DescribeCustomerGateways", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGateways", + "ec2:DescribeVpnConnections", + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:SearchTransitGatewayRoutes", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTransitGatewayConnects", + "ec2:DescribeTransitGatewayConnectPeers" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4B346KOB7I", + "PolicyName": "AWSNetworkManagerServiceRolePolicy", + "UpdateDate": "2020-12-10T12:06:22+00:00", + "VersionId": "v3" + }, "AWSOpsWorksCMInstanceProfileRole": { "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole", "AttachmentCount": 0, "CreateDate": "2016-11-24T09:48:22+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -10278,6 +17625,16 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:s3:::aws-opsworks-cm-*" + }, + { + "Action": "acm:GetCertificate", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "secretsmanager:GetSecretValue", + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:*:*:aws-opsworks-cm-secrets-*" } ], "Version": "2012-10-17" @@ -10288,14 +17645,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAICSU3OSHCURP2WIZW", "PolicyName": "AWSOpsWorksCMInstanceProfileRole", - "UpdateDate": "2017-11-03T12:01:32+00:00", - "VersionId": "v2" + "UpdateDate": "2021-01-12T09:37:42+00:00", + "VersionId": "v4" }, "AWSOpsWorksCMServiceRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole", "AttachmentCount": 0, "CreateDate": "2016-11-24T09:49:46+00:00", - "DefaultVersionId": "v8", + "DefaultVersionId": "v13", "Document": { "Statement": [ { @@ -10304,17 +17661,27 @@ aws_managed_policies_data = """ "s3:DeleteObject", "s3:DeleteBucket", "s3:GetObject", - "s3:HeadBucket", "s3:ListBucket", - "s3:ListObjects", "s3:PutBucketPolicy", - "s3:PutObject" + "s3:PutObject", + "s3:GetBucketTagging", + "s3:PutBucketTagging" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::aws-opsworks-cm-*" ] }, + { + "Action": [ + "tag:UntagResources", + "tag:TagResources" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "ssm:DescribeInstanceInformation", @@ -10429,6 +17796,35 @@ aws_managed_policies_data = """ "arn:aws:iam::*:role/aws-opsworks-cm-*", "arn:aws:iam::*:role/service-role/aws-opsworks-cm-*" ] + }, + { + "Action": [ + "acm:DeleteCertificate", + "acm:ImportCertificate" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:UpdateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource", + "secretsmanager:UntagResource" + ], + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:*:*:aws-opsworks-cm-secrets-*" + }, + { + "Action": "ec2:DeleteTags", + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:elastic-ip/*", + "arn:aws:ec2:*:*:security-group/*" + ] } ], "Version": "2012-10-17" @@ -10439,8 +17835,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ6I6MPGJE62URSHCO", "PolicyName": "AWSOpsWorksCMServiceRole", - "UpdateDate": "2019-02-21T15:15:07+00:00", - "VersionId": "v8" + "UpdateDate": "2021-01-06T15:08:35+00:00", + "VersionId": "v13" }, "AWSOpsWorksCloudWatchLogs": { "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs", @@ -10544,17 +17940,59 @@ aws_managed_policies_data = """ "UpdateDate": "2016-06-03T14:23:15+00:00", "VersionId": "v1" }, - "AWSOpsWorksRegisterCLI": { - "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI", + "AWSOpsWorksRegisterCLI_EC2": { + "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_EC2", "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:49+00:00", + "CreateDate": "2019-06-18T15:56:17+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "opsworks:AssignInstance", + "opsworks:CreateLayer", + "opsworks:DeregisterInstance", + "opsworks:DescribeInstances", + "opsworks:DescribeStackProvisioningParameters", + "opsworks:DescribeStacks", + "opsworks:UnassignInstance" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "ec2:DescribeInstances" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NCE3CMCRC", + "PolicyName": "AWSOpsWorksRegisterCLI_EC2", + "UpdateDate": "2019-06-18T15:56:17+00:00", + "VersionId": "v1" + }, + "AWSOpsWorksRegisterCLI_OnPremises": { + "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_OnPremises", + "AttachmentCount": 0, + "CreateDate": "2019-06-18T15:33:16+00:00", "DefaultVersionId": "v1", "Document": { "Statement": [ { "Action": [ "opsworks:AssignInstance", - "opsworks:CreateStack", "opsworks:CreateLayer", "opsworks:DeregisterInstance", "opsworks:DescribeInstances", @@ -10578,17 +18016,36 @@ aws_managed_policies_data = """ }, { "Action": [ - "iam:AddUserToGroup", - "iam:CreateAccessKey", "iam:CreateGroup", - "iam:CreateUser", - "iam:ListInstanceProfiles", - "iam:PassRole", - "iam:PutUserPolicy" + "iam:AddUserToGroup" ], "Effect": "Allow", "Resource": [ - "*" + "arn:aws:iam::*:group/AWS/OpsWorks/OpsWorks-*" + ] + }, + { + "Action": [ + "iam:CreateUser", + "iam:CreateAccessKey" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" + ] + }, + { + "Action": [ + "iam:AttachUserPolicy" + ], + "Condition": { + "ArnEquals": { + "iam:PolicyARN": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" ] } ], @@ -10598,9 +18055,9 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ3AB5ZBFPCQGTVDU4", - "PolicyName": "AWSOpsWorksRegisterCLI", - "UpdateDate": "2015-02-06T18:40:49+00:00", + "PolicyId": "ANPAZKAPJZG4EZJ5DYEPG", + "PolicyName": "AWSOpsWorksRegisterCLI_OnPremises", + "UpdateDate": "2019-06-18T15:33:16+00:00", "VersionId": "v1" }, "AWSOpsWorksRole": { @@ -10647,6 +18104,60 @@ aws_managed_policies_data = """ "UpdateDate": "2015-02-06T18:41:27+00:00", "VersionId": "v1" }, + "AWSOpsWorks_FullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSOpsWorks_FullAccess", + "AttachmentCount": 0, + "CreateDate": "2021-01-22T16:29:08+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudwatch:GetMetricStatistics", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "iam:GetRolePolicy", + "iam:ListInstanceProfiles", + "iam:ListRoles", + "iam:ListUsers", + "opsworks:*" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": "opsworks.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4D626GOURR", + "PolicyName": "AWSOpsWorks_FullAccess", + "UpdateDate": "2021-01-22T16:29:08+00:00", + "VersionId": "v1" + }, "AWSOrganizationsFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess", "AttachmentCount": 0, @@ -10700,7 +18211,7 @@ aws_managed_policies_data = """ }, "AWSOrganizationsServiceTrustPolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2017-10-10T23:04:07+00:00", "DefaultVersionId": "v2", "Document": { @@ -10735,6 +18246,507 @@ aws_managed_policies_data = """ "UpdateDate": "2017-11-01T06:01:18+00:00", "VersionId": "v2" }, + "AWSOutpostsServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOutpostsServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-11-09T22:55:56+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NM7FW2RO7", + "PolicyName": "AWSOutpostsServiceRolePolicy", + "UpdateDate": "2020-11-09T22:55:56+00:00", + "VersionId": "v1" + }, + "AWSPanoramaApplianceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T13:13:18+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", + "Sid": "PanoramaDeviceCreateLogStream" + }, + { + "Action": "logs:CreateLogGroup", + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*", + "Sid": "PanoramaDeviceCreateLogGroup" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CWIHTBB4Y", + "PolicyName": "AWSPanoramaApplianceRolePolicy", + "UpdateDate": "2020-12-01T13:13:18+00:00", + "VersionId": "v1" + }, + "AWSPanoramaFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSPanoramaFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T13:12:47+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "panorama:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IAPULBSWQ", + "PolicyName": "AWSPanoramaFullAccess", + "UpdateDate": "2020-12-01T13:12:47+00:00", + "VersionId": "v1" + }, + "AWSPanoramaGreengrassGroupRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaGreengrassGroupRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T13:10:22+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "s3:ListBucket", + "s3:GetBucket*", + "s3:GetObject", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*aws-panorama*" + ], + "Sid": "PanoramaS3Access" + }, + { + "Action": "cloudwatch:PutDashboard", + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudwatch::*:dashboard/panorama*" + ], + "Sid": "PanoramaCLoudWatchPutDashboard" + }, + { + "Action": "cloudwatch:PutMetricData", + "Effect": "Allow", + "Resource": "*", + "Sid": "PanoramaCloudWatchPutMetricData" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents", + "logs:CreateLogGroup" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*", + "Sid": "PanoramaGreenGrassCloudWatchAccess" + }, + { + "Action": [ + "panorama:*" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "PanoramaAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IRCPXKCEG", + "PolicyName": "AWSPanoramaGreengrassGroupRolePolicy", + "UpdateDate": "2021-01-06T19:30:35+00:00", + "VersionId": "v2" + }, + "AWSPanoramaSageMakerRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaSageMakerRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T13:13:54+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "s3:GetObject", + "s3:PutObject", + "s3:GetBucket*" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*aws-panorama*" + ], + "Sid": "PanoramaSageMakerS3Access" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4O23KYQMI2", + "PolicyName": "AWSPanoramaSageMakerRolePolicy", + "UpdateDate": "2020-12-01T13:13:54+00:00", + "VersionId": "v1" + }, + "AWSPanoramaServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T13:14:43+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iot:CreateThing", + "iot:DeleteThing", + "iot:DeleteThingShadow", + "iot:DescribeThing", + "iot:GetThingShadow", + "iot:UpdateThing", + "iot:UpdateThingShadow" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:thing/panorama*" + ], + "Sid": "PanoramaIoTThingAccess" + }, + { + "Action": [ + "iot:AttachThingPrincipal", + "iot:DetachThingPrincipal", + "iot:UpdateCertificate", + "iot:DeleteCertificate", + "iot:AttachPrincipalPolicy", + "iot:DetachPrincipalPolicy" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:thing/panorama*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid": "PanoramaIoTCertificateAccess" + }, + { + "Action": [ + "iot:CreateKeysAndCertificate", + "iot:CreatePolicy" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "PanoramaIoTCreateCertificateAndPolicyAccess" + }, + { + "Action": [ + "iot:CreatePolicyVersion" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:policy/panorama*" + ], + "Sid": "PanoramaIoTCreatePolicyVersionAccess" + }, + { + "Action": [ + "iot:DescribeJobExecution", + "iot:CreateJob", + "iot:DeleteJob" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:job/panorama*", + "arn:aws:iot:*:*:thing/panorama*" + ], + "Sid": "PanoramaIoTJobAccess" + }, + { + "Action": [ + "iot:DescribeEndpoint" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "PanoramaIoTEndpointAccess" + }, + { + "Action": [ + "panorama:Describe*", + "panorama:List*", + "panorama:Get*" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "PanoramaAccess" + }, + { + "Action": [ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:DeleteBucket", + "s3:ListBucket", + "s3:GetBucket*", + "s3:CreateBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*aws-panorama*" + ], + "Sid": "PanoramaS3Access" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "sagemaker.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/AWSPanoramaSageMakerRole", + "arn:aws:iam::*:role/service-role/AWSPanoramaSageMakerRole" + ], + "Sid": "PanoramaIAMPassSageMakerRoleAccess" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "greengrass.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/AWSPanoramaGreengrassGroupRole", + "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassGroupRole", + "arn:aws:iam::*:role/AWSPanoramaGreengrassRole", + "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassRole" + ], + "Sid": "PanoramaIAMPassGreengrassRoleAccess" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEqualsIfExists": { + "iam:PassedToService": "iot.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/AWSPanoramaApplianceRole", + "arn:aws:iam::*:role/service-role/AWSPanoramaApplianceRole" + ], + "Sid": "PanoramaIAMPassIoTRoleAccess" + }, + { + "Action": [ + "greengrass:AssociateRoleToGroup", + "greengrass:AssociateServiceRoleToAccount", + "greengrass:CreateResourceDefinition", + "greengrass:CreateResourceDefinitionVersion", + "greengrass:CreateCoreDefinition", + "greengrass:CreateCoreDefinitionVersion", + "greengrass:CreateDeployment", + "greengrass:CreateFunctionDefinition", + "greengrass:CreateFunctionDefinitionVersion", + "greengrass:CreateGroup", + "greengrass:CreateGroupCertificateAuthority", + "greengrass:CreateGroupVersion", + "greengrass:CreateLoggerDefinition", + "greengrass:CreateLoggerDefinitionVersion", + "greengrass:CreateSubscriptionDefinition", + "greengrass:CreateSubscriptionDefinitionVersion", + "greengrass:DeleteCoreDefinition", + "greengrass:DeleteFunctionDefinition", + "greengrass:DeleteResourceDefinition", + "greengrass:DeleteGroup", + "greengrass:DeleteLoggerDefinition", + "greengrass:DeleteSubscriptionDefinition", + "greengrass:DisassociateRoleFromGroup", + "greengrass:DisassociateServiceRoleFromAccount", + "greengrass:GetAssociatedRole", + "greengrass:GetConnectivityInfo", + "greengrass:GetCoreDefinition", + "greengrass:GetCoreDefinitionVersion", + "greengrass:GetDeploymentStatus", + "greengrass:GetDeviceDefinition", + "greengrass:GetDeviceDefinitionVersion", + "greengrass:GetFunctionDefinition", + "greengrass:GetFunctionDefinitionVersion", + "greengrass:GetGroup", + "greengrass:GetGroupCertificateAuthority", + "greengrass:GetGroupCertificateConfiguration", + "greengrass:GetGroupVersion", + "greengrass:GetLoggerDefinition", + "greengrass:GetLoggerDefinitionVersion", + "greengrass:GetResourceDefinition", + "greengrass:GetServiceRoleForAccount", + "greengrass:GetSubscriptionDefinition", + "greengrass:GetSubscriptionDefinitionVersion", + "greengrass:ListCoreDefinitionVersions", + "greengrass:ListCoreDefinitions", + "greengrass:ListDeployments", + "greengrass:ListDeviceDefinitionVersions", + "greengrass:ListDeviceDefinitions", + "greengrass:ListFunctionDefinitionVersions", + "greengrass:ListFunctionDefinitions", + "greengrass:ListGroupCertificateAuthorities", + "greengrass:ListGroupVersions", + "greengrass:ListGroups", + "greengrass:ListLoggerDefinitionVersions", + "greengrass:ListLoggerDefinitions", + "greengrass:ListSubscriptionDefinitionVersions", + "greengrass:ListSubscriptionDefinitions", + "greengrass:ResetDeployments", + "greengrass:UpdateConnectivityInfo", + "greengrass:UpdateCoreDefinition", + "greengrass:UpdateDeviceDefinition", + "greengrass:UpdateFunctionDefinition", + "greengrass:UpdateGroup", + "greengrass:UpdateGroupCertificateConfiguration", + "greengrass:UpdateLoggerDefinition", + "greengrass:UpdateSubscriptionDefinition", + "greengrass:UpdateResourceDefinition" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "PanoramaGreenGrassAccess" + }, + { + "Action": [ + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:ListFunctions", + "lambda:ListVersionsByFunction" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:function:*" + ], + "Sid": "PanoramaLambdaUsersFunctionAccess" + }, + { + "Action": [ + "sagemaker:CreateTrainingJob", + "sagemaker:StopTrainingJob", + "sagemaker:CreateCompilationJob", + "sagemaker:DescribeCompilationJob", + "sagemaker:StopCompilationJob" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sagemaker:*:*:training-job/panorama*", + "arn:aws:sagemaker:*:*:compilation-job/panorama*" + ], + "Sid": "PanoramaSageMakerWriteAccess" + }, + { + "Action": [ + "sagemaker:ListCompilationJobs" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "PanoramaSageMakerListAccess" + }, + { + "Action": [ + "sagemaker:DescribeTrainingJob" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sagemaker:*:*:training-job/*" + ], + "Sid": "PanoramaSageMakerReadAccess" + }, + { + "Action": [ + "iot:AttachPolicy", + "iot:CreateRoleAlias" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:policy/panorama*", + "arn:aws:iot:*:*:rolealias/panorama*" + ], + "Sid": "PanoramaCWLogsAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4G7G35B6C5", + "PolicyName": "AWSPanoramaServiceRolePolicy", + "UpdateDate": "2020-12-01T13:14:43+00:00", + "VersionId": "v1" + }, "AWSPriceListServiceFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess", "AttachmentCount": 0, @@ -10765,27 +18777,43 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceAdminFullAccess", "AttachmentCount": 0, "CreateDate": "2018-11-27T16:32:32+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ "aws-marketplace:CreatePrivateMarketplace", - "aws-marketplace:CreatePrivateMarketplaceProfile", - "aws-marketplace:UpdatePrivateMarketplaceProfile", "aws-marketplace:StartPrivateMarketplace", "aws-marketplace:StopPrivateMarketplace", + "aws-marketplace:DescribePrivateMarketplaceStatus", "aws-marketplace:AssociateProductsWithPrivateMarketplace", "aws-marketplace:DisassociateProductsFromPrivateMarketplace", - "aws-marketplace:DescribePrivateMarketplaceProfile", - "aws-marketplace:DescribePrivateMarketplaceStatus", "aws-marketplace:ListPrivateMarketplaceProducts", - "aws-marketplace:DescribePrivateMarketplaceProducts" + "aws-marketplace:DescribePrivateMarketplaceProducts", + "aws-marketplace:ListPrivateMarketplaceRequests", + "aws-marketplace:DescribePrivateMarketplaceRequests", + "aws-marketplace:UpdatePrivateMarketplaceSettings", + "aws-marketplace:DescribePrivateMarketplaceSettings", + "aws-marketplace:CreatePrivateMarketplaceProfile", + "aws-marketplace:UpdatePrivateMarketplaceProfile", + "aws-marketplace:DescribePrivateMarketplaceProfile" ], "Effect": "Allow", "Resource": [ "*" ] + }, + { + "Action": [ + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeEntity", + "aws-marketplace:StartChangeSet", + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:CancelChangeSet" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -10796,7 +18824,208 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ6VRZDDCYDOVCOCEI", "PolicyName": "AWSPrivateMarketplaceAdminFullAccess", - "UpdateDate": "2018-11-27T16:32:32+00:00", + "UpdateDate": "2020-12-03T15:12:31+00:00", + "VersionId": "v3" + }, + "AWSPrivateMarketplaceRequests": { + "Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceRequests", + "AttachmentCount": 0, + "CreateDate": "2019-10-28T21:44:03+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "aws-marketplace:CreatePrivateMarketplaceRequests", + "aws-marketplace:ListPrivateMarketplaceRequests", + "aws-marketplace:DescribePrivateMarketplaceRequests" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AV6W3DAIW", + "PolicyName": "AWSPrivateMarketplaceRequests", + "UpdateDate": "2019-10-28T21:44:03+00:00", + "VersionId": "v1" + }, + "AWSProtonDeveloperAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSProtonDeveloperAccess", + "AttachmentCount": 0, + "CreateDate": "2021-02-17T19:02:08+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "proton:ListServiceTemplates", + "proton:ListServiceTemplateMajorVersions", + "proton:ListServiceTemplateMinorVersions", + "proton:ListServices", + "proton:ListServiceInstances", + "proton:ListEnvironments", + "proton:GetServiceTemplate", + "proton:GetServiceTemplateMajorVersion", + "proton:GetServiceTemplateMinorVersion", + "proton:GetService", + "proton:GetServiceInstance", + "proton:GetEnvironment", + "proton:CreateService", + "proton:UpdateService", + "proton:UpdateServiceInstance", + "proton:UpdateServicePipeline", + "proton:DeleteService", + "codestar-connections:ListConnections" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "codestar-connections:PassConnection" + ], + "Condition": { + "StringEquals": { + "codestar-connections:PassedToService": "proton.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:*:*:connection/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FWOFPRNSU", + "PolicyName": "AWSProtonDeveloperAccess", + "UpdateDate": "2021-02-17T19:02:08+00:00", + "VersionId": "v1" + }, + "AWSProtonFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSProtonFullAccess", + "AttachmentCount": 0, + "CreateDate": "2021-02-17T19:07:18+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "proton:*", + "codestar-connections:ListConnections", + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:CreateGrant" + ], + "Condition": { + "StringLike": { + "kms:ViaService": "proton.*.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": "proton.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "codestar-connections:PassConnection" + ], + "Condition": { + "StringEquals": { + "codestar-connections:PassedToService": "proton.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:codestar-connections:*:*:connection/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IOK6P734E", + "PolicyName": "AWSProtonFullAccess", + "UpdateDate": "2021-02-17T19:07:18+00:00", + "VersionId": "v1" + }, + "AWSProtonReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSProtonReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2021-02-17T19:09:12+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": { + "Action": [ + "proton:List*", + "proton:Get*" + ], + "Effect": "Allow", + "Resource": "*" + }, + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4DW2EHEZB3", + "PolicyName": "AWSProtonReadOnlyAccess", + "UpdateDate": "2021-02-17T19:09:12+00:00", + "VersionId": "v1" + }, + "AWSPurchaseOrdersServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSPurchaseOrdersServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-05-06T18:15:47+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "aws-portal:*Billing", + "awsbillingconsole:*Billing", + "purchase-orders:*PurchaseOrders" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KQXTYO5FP", + "PolicyName": "AWSPurchaseOrdersServiceRolePolicy", + "UpdateDate": "2020-05-06T18:15:47+00:00", "VersionId": "v1" }, "AWSQuickSightDescribeRDS": { @@ -10851,6 +19080,60 @@ aws_managed_policies_data = """ "UpdateDate": "2015-11-10T23:25:01+00:00", "VersionId": "v1" }, + "AWSQuickSightElasticsearchPolicy": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-09-09T17:27:19+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "es:ESHttpGet" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:es:*:*:domain/*/", + "arn:aws:es:*:*:domain/*/_cluster/settings", + "arn:aws:es:*:*:domain/*/_cat/indices" + ] + }, + { + "Action": "es:ListDomainNames", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "es:DescribeElasticsearchDomain" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:es:*:*:domain/*" + ] + }, + { + "Action": [ + "es:ESHttpPost", + "es:ESHttpGet" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:es:*:*:domain/*/_opendistro/_sql" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BLUM3JVIN", + "PolicyName": "AWSQuickSightElasticsearchPolicy", + "UpdateDate": "2020-10-15T17:09:55+00:00", + "VersionId": "v2" + }, "AWSQuickSightIoTAnalyticsAccess": { "Arn": "arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess", "AttachmentCount": 0, @@ -10905,11 +19188,83 @@ aws_managed_policies_data = """ "UpdateDate": "2015-11-10T23:25:07+00:00", "VersionId": "v1" }, + "AWSQuickSightSageMakerPolicy": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-01-17T17:18:13+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sagemaker:DescribeTransformJob", + "sagemaker:StopTransformJob", + "sagemaker:CreateTransformJob" + ], + "Effect": "Allow", + "Resource": "arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*" + }, + { + "Action": "sagemaker:ListModels", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetObject", + "Effect": "Allow", + "Resource": "arn:aws:s3:::quicksight-ml.*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MCLBVDT2I", + "PolicyName": "AWSQuickSightSageMakerPolicy", + "UpdateDate": "2020-01-17T17:18:13+00:00", + "VersionId": "v1" + }, + "AWSQuickSightTimestreamPolicy": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-09-30T21:47:03+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "timestream:Select", + "timestream:CancelQuery", + "timestream:ListTables", + "timestream:ListDatabases", + "timestream:ListMeasures", + "timestream:DescribeTable", + "timestream:DescribeDatabase", + "timestream:SelectValues", + "timestream:DescribeEndpoints" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CFKVDHQJH", + "PolicyName": "AWSQuickSightTimestreamPolicy", + "UpdateDate": "2020-09-30T21:47:03+00:00", + "VersionId": "v1" + }, "AWSQuicksightAthenaAccess": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess", "AttachmentCount": 0, "CreateDate": "2016-12-09T02:31:03+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v9", "Document": { "Statement": [ { @@ -10930,7 +19285,16 @@ aws_managed_policies_data = """ "athena:ListQueryExecutions", "athena:RunQuery", "athena:StartQueryExecution", - "athena:StopQueryExecution" + "athena:StopQueryExecution", + "athena:ListWorkGroups", + "athena:ListEngineVersions", + "athena:GetWorkGroup", + "athena:GetDataCatalog", + "athena:GetDatabase", + "athena:GetTableMetadata", + "athena:ListDataCatalogs", + "athena:ListDatabases", + "athena:ListTableMetadata" ], "Effect": "Allow", "Resource": [ @@ -10979,6 +19343,15 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:s3:::aws-athena-query-results-*" ] + }, + { + "Action": [ + "lakeformation:GetDataAccess" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" @@ -10989,8 +19362,94 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI4JB77JXFQXDWNRPM", "PolicyName": "AWSQuicksightAthenaAccess", - "UpdateDate": "2018-08-07T20:24:55+00:00", - "VersionId": "v4" + "UpdateDate": "2021-01-29T02:07:58+00:00", + "VersionId": "v9" + }, + "AWSResourceAccessManagerFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-06-04T17:28:22+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ram:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FYRGF63DP", + "PolicyName": "AWSResourceAccessManagerFullAccess", + "UpdateDate": "2019-06-04T17:28:22+00:00", + "VersionId": "v1" + }, + "AWSResourceAccessManagerReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-09T20:58:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ram:Get*", + "ram:List*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BQV2LHYJY", + "PolicyName": "AWSResourceAccessManagerReadOnlyAccess", + "UpdateDate": "2019-12-09T20:58:37+00:00", + "VersionId": "v1" + }, + "AWSResourceAccessManagerResourceShareParticipantAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerResourceShareParticipantAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-09T20:41:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ram:AcceptResourceShareInvitation", + "ram:GetResourcePolicies", + "ram:GetResourceShareInvitations", + "ram:GetResourceShares", + "ram:ListPendingInvitationResources", + "ram:ListPrincipals", + "ram:ListResources", + "ram:RejectResourceShareInvitation" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LIFEGGUIU", + "PolicyName": "AWSResourceAccessManagerResourceShareParticipantAccess", + "UpdateDate": "2019-12-09T20:41:37+00:00", + "VersionId": "v1" }, "AWSResourceAccessManagerServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy", @@ -11105,66 +19564,19 @@ aws_managed_policies_data = """ "UpdateDate": "2019-02-05T17:56:25+00:00", "VersionId": "v2" }, - "AWSRoboMakerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSRoboMakerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-26T05:28:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "robomaker:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "VisualEditor0" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "robomaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIG7WQVUX3AGSKGBAO", - "PolicyName": "AWSRoboMakerFullAccess", - "UpdateDate": "2018-11-26T05:28:10+00:00", - "VersionId": "v1" - }, "AWSRoboMakerReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSRoboMakerReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2018-11-26T05:30:50+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ - "robomaker:ListDeploymentJobs", - "robomaker:BatchDescribeSimulationJob", - "robomaker:DescribeFleet", - "robomaker:DescribeSimulationApplication", - "robomaker:DescribeRobotApplication", - "robomaker:ListFleets", - "robomaker:ListSimulationJobs", - "robomaker:DescribeDeploymentJob", - "robomaker:DescribeSimulationJob", - "robomaker:DescribeRobot", - "robomaker:ListRobots", - "robomaker:ListRobotApplications", - "robomaker:ListSimulationApplications" + "robomaker:List*", + "robomaker:BatchDescribe*", + "robomaker:Describe*", + "robomaker:Get*" ], "Effect": "Allow", "Resource": "*", @@ -11179,14 +19591,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIXFHP2ALXXGGECYJI", "PolicyName": "AWSRoboMakerReadOnlyAccess", - "UpdateDate": "2018-11-26T05:30:50+00:00", - "VersionId": "v1" + "UpdateDate": "2020-08-28T23:10:18+00:00", + "VersionId": "v2" }, "AWSRoboMakerServicePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSRoboMakerServicePolicy", "AttachmentCount": 0, "CreateDate": "2018-11-26T06:30:08+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -11207,11 +19619,23 @@ aws_managed_policies_data = """ "greengrass:GetCoreDefinitionVersion", "greengrass:GetFunctionDefinitionVersion", "greengrass:GetAssociatedRole", - "lambda:CreateFunction" + "lambda:CreateFunction", + "robomaker:CreateSimulationJob", + "robomaker:CancelSimulationJob" ], "Effect": "Allow", "Resource": "*" }, + { + "Action": [ + "robomaker:TagResource" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:robomaker:*:*:/createsimulationjob", + "arn:aws:robomaker:*:*:simulation-job/*" + ] + }, { "Action": [ "lambda:UpdateFunctionCode", @@ -11230,8 +19654,11 @@ aws_managed_policies_data = """ { "Action": "iam:PassRole", "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": "lambda.amazonaws.com" + "StringEquals": { + "iam:PassedToService": [ + "lambda.amazonaws.com", + "robomaker.amazonaws.com" + ] } }, "Effect": "Allow", @@ -11246,8 +19673,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJYLVVUUQMAEEZ3ZNY", "PolicyName": "AWSRoboMakerServicePolicy", - "UpdateDate": "2019-04-04T22:15:35+00:00", - "VersionId": "v2" + "UpdateDate": "2020-08-04T20:38:08+00:00", + "VersionId": "v5" }, "AWSRoboMakerServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/AWSRoboMakerServiceRolePolicy", @@ -11310,16 +19737,61 @@ aws_managed_policies_data = """ "UpdateDate": "2018-11-26T05:33:19+00:00", "VersionId": "v1" }, - "AWSSSODirectoryAdministrator": { - "Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator", + "AWSRoboMaker_FullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSRoboMaker_FullAccess", "AttachmentCount": 0, - "CreateDate": "2018-10-31T23:54:00+00:00", + "CreateDate": "2020-09-10T18:34:18+00:00", "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "robomaker:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetObject", + "Condition": { + "StringEquals": { + "aws:CalledViaFirst": "robomaker.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "robomaker.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FACURHLCA", + "PolicyName": "AWSRoboMaker_FullAccess", + "UpdateDate": "2020-09-10T18:34:18+00:00", + "VersionId": "v1" + }, + "AWSSSODirectoryAdministrator": { + "Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator", + "AttachmentCount": 0, + "CreateDate": "2018-10-31T23:54:00+00:00", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ - "sso-directory:*" + "sso-directory:*", + "sso:ListDirectoryAssociations" ], "Effect": "Allow", "Resource": "*", @@ -11334,21 +19806,22 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI2TCZRD7WRD5D2E2Q", "PolicyName": "AWSSSODirectoryAdministrator", - "UpdateDate": "2018-10-31T23:54:00+00:00", - "VersionId": "v1" + "UpdateDate": "2020-08-18T17:17:40+00:00", + "VersionId": "v2" }, "AWSSSODirectoryReadOnly": { "Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryReadOnly", "AttachmentCount": 0, "CreateDate": "2018-10-31T23:49:32+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "sso-directory:Search*", "sso-directory:Describe*", - "sso-directory:List*" + "sso-directory:List*", + "sso-directory:Get*" ], "Effect": "Allow", "Resource": "*", @@ -11363,8 +19836,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJDPMQELJXZD2NC6JG", "PolicyName": "AWSSSODirectoryReadOnly", - "UpdateDate": "2018-10-31T23:49:32+00:00", - "VersionId": "v1" + "UpdateDate": "2019-11-26T22:37:16+00:00", + "VersionId": "v2" }, "AWSSSOMasterAccountAdministrator": { "Arn": "arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator", @@ -11467,7 +19940,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSSSOReadOnly", "AttachmentCount": 0, "CreateDate": "2018-06-27T20:24:34+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -11483,23 +19956,9 @@ aws_managed_policies_data = """ "organizations:ListRoots", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", - "sso:DescribePermissionsPolicies", - "sso:GetApplicationTemplate", - "sso:GetApplicationInstance", - "sso:GetPermissionSet", - "sso:GetProfile", - "sso:GetPermissionsPolicy", - "sso:GetSSOStatus", - "sso:GetSSOConfiguration", - "sso:GetTrust", - "sso:ListPermissionSets", - "sso:ListDirectoryAssociations", - "sso:ListProfiles", - "sso:ListApplicationInstances", - "sso:ListApplicationInstanceCertificates", - "sso:ListApplicationTemplates", - "sso:ListApplications", - "sso:ListProfileAssociations", + "sso:Describe*", + "sso:Get*", + "sso:List*", "sso:Search*", "sso-directory:DescribeDirectory" ], @@ -11516,43 +19975,60 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJBSMEEZXFDMKMY43I", "PolicyName": "AWSSSOReadOnly", - "UpdateDate": "2018-12-19T20:17:58+00:00", - "VersionId": "v3" + "UpdateDate": "2020-09-10T21:26:29+00:00", + "VersionId": "v6" }, "AWSSSOServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-12-05T18:36:15+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v13", "Document": { "Statement": [ { "Action": [ "iam:AttachRolePolicy", "iam:CreateRole", - "iam:DeleteRole", - "iam:DeleteRolePolicy", - "iam:DetachRolePolicy", - "iam:GetRole", - "iam:ListRolePolicies", "iam:PutRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:UpdateRole" + "iam:UpdateRole", + "iam:UpdateRoleDescription", + "iam:UpdateAssumeRolePolicy" ], + "Condition": { + "StringNotEquals": { + "aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}" + } + }, "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" - ] + ], + "Sid": "IAMRoleProvisioningActions" }, { "Action": [ + "iam:GetRole", "iam:ListRoles" ], "Effect": "Allow", "Resource": [ "*" ], - "Sid": "ListRolesInTheAccount" + "Sid": "IAMRoleReadActions" + }, + { + "Action": [ + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:ListRolePolicies", + "iam:ListAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" + ], + "Sid": "IAMRoleCleanupActions" }, { "Action": [ @@ -11565,19 +20041,34 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO" ], - "Sid": "AllowDeletionOfServiceLinkedRoleForSSO" + "Sid": "IAMSLRCleanupActions" }, { "Action": [ "iam:CreateSAMLProvider", - "iam:GetSAMLProvider", - "iam:UpdateSAMLProvider", - "iam:DeleteSAMLProvider" + "iam:UpdateSAMLProvider" + ], + "Condition": { + "StringNotEquals": { + "aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:saml-provider/AWSSSO_*" + ], + "Sid": "IAMSAMLProviderProvisioningActions" + }, + { + "Action": [ + "iam:DeleteSAMLProvider", + "iam:GetSAMLProvider" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:saml-provider/AWSSSO_*" - ] + ], + "Sid": "IAMSAMLProviderCleanupActions" }, { "Action": [ @@ -11599,6 +20090,30 @@ aws_managed_policies_data = """ "*" ], "Sid": "AllowUnauthAppForDirectory" + }, + { + "Action": [ + "ds:DescribeDirectories", + "ds:DescribeTrusts" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "AllowDescribeForDirectory" + }, + { + "Action": [ + "identitystore:DescribeUser", + "identitystore:DescribeGroup", + "identitystore:ListGroups", + "identitystore:ListUsers" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "AllowDescribeAndListOperationsOnIdentitySource" } ], "Version": "2012-10-17" @@ -11609,8 +20124,59 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIJ52KSWOD4GI54XP2", "PolicyName": "AWSSSOServiceRolePolicy", - "UpdateDate": "2019-05-15T20:45:42+00:00", - "VersionId": "v6" + "UpdateDate": "2020-11-19T00:02:00+00:00", + "VersionId": "v13" + }, + "AWSSavingsPlansFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-11-06T22:45:18+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "savingsplans:*", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NDDOS76AO", + "PolicyName": "AWSSavingsPlansFullAccess", + "UpdateDate": "2019-11-06T22:45:18+00:00", + "VersionId": "v1" + }, + "AWSSavingsPlansReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-11-06T22:45:10+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "savingsplans:Describe*", + "savingsplans:List*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OQ26WIHJ5", + "PolicyName": "AWSSavingsPlansReadOnlyAccess", + "UpdateDate": "2019-11-06T22:45:10+00:00", + "VersionId": "v1" }, "AWSSecurityHubFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess", @@ -11650,13 +20216,14 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSSecurityHubReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2018-11-28T01:34:29+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "securityhub:Get*", - "securityhub:List*" + "securityhub:List*", + "securityhub:Describe*" ], "Effect": "Allow", "Resource": "*" @@ -11670,14 +20237,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIEBAQNOFUCLFJ3UHG", "PolicyName": "AWSSecurityHubReadOnlyAccess", - "UpdateDate": "2018-11-28T01:34:29+00:00", - "VersionId": "v1" + "UpdateDate": "2019-06-25T22:45:52+00:00", + "VersionId": "v2" }, "AWSSecurityHubServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-11-27T23:47:51+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v7", "Document": { "Statement": [ { @@ -11686,12 +20253,19 @@ aws_managed_policies_data = """ "cloudtrail:GetTrailStatus", "cloudtrail:GetEventSelectors", "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAlarmsForMetric", "logs:DescribeMetricFilters", "sns:ListSubscriptionsByTopic", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeConfigRules", - "config:BatchGetResourceConfig" + "config:BatchGetResourceConfig", + "config:SelectResourceConfig", + "iam:GenerateCredentialReport", + "iam:GetCredentialReport", + "organizations:ListAccounts", + "organizations:DescribeAccount", + "organizations:DescribeOrganization" ], "Effect": "Allow", "Resource": "*" @@ -11700,7 +20274,8 @@ aws_managed_policies_data = """ "Action": [ "config:PutConfigRule", "config:DeleteConfigRule", - "config:GetComplianceDetailsByConfigRule" + "config:GetComplianceDetailsByConfigRule", + "config:DescribeConfigRuleEvaluationStatus" ], "Effect": "Allow", "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*" @@ -11714,8 +20289,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJQPCESDDYDLLSOGYO", "PolicyName": "AWSSecurityHubServiceRolePolicy", - "UpdateDate": "2018-11-27T23:47:51+00:00", - "VersionId": "v1" + "UpdateDate": "2020-09-21T19:59:01+00:00", + "VersionId": "v7" }, "AWSServiceCatalogAdminFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminFullAccess", @@ -11804,11 +20379,149 @@ aws_managed_policies_data = """ "UpdateDate": "2019-02-06T01:57:54+00:00", "VersionId": "v5" }, + "AWSServiceCatalogAdminReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-10-25T18:53:38+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks", + "cloudformation:DescribeChangeSet", + "cloudformation:ListChangeSets", + "cloudformation:ListStackResources", + "cloudformation:DescribeStackSet", + "cloudformation:DescribeStackInstance", + "cloudformation:DescribeStackSetOperation", + "cloudformation:ListStackInstances", + "cloudformation:ListStackSetOperations", + "cloudformation:ListStackSetOperationResults" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/SC-*", + "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", + "arn:aws:cloudformation:*:*:changeSet/SC-*", + "arn:aws:cloudformation:*:*:stackset/SC-*" + ] + }, + { + "Action": [ + "cloudformation:GetTemplateSummary", + "iam:GetGroup", + "iam:GetRole", + "iam:GetUser", + "iam:ListGroups", + "iam:ListRoles", + "iam:ListUsers", + "servicecatalog:Get*", + "servicecatalog:List*", + "servicecatalog:Describe*", + "servicecatalog:ScanProvisionedProducts", + "servicecatalog:Search*", + "ssm:DescribeDocument", + "ssm:GetAutomationExecution", + "ssm:ListDocuments", + "ssm:ListDocumentVersions", + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MC6ZR7YFX", + "PolicyName": "AWSServiceCatalogAdminReadOnlyAccess", + "UpdateDate": "2019-10-25T18:53:38+00:00", + "VersionId": "v1" + }, + "AWSServiceCatalogAppRegistryFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-12T22:25:58+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudformation:DescribeStacks", + "servicecatalog:CreateApplication", + "servicecatalog:GetApplication", + "servicecatalog:UpdateApplication", + "servicecatalog:DeleteApplication", + "servicecatalog:ListApplications", + "servicecatalog:AssociateResource", + "servicecatalog:DisassociateResource", + "servicecatalog:ListAssociatedResources", + "servicecatalog:AssociateAttributeGroup", + "servicecatalog:DisassociateAttributeGroup", + "servicecatalog:ListAssociatedAttributeGroups", + "servicecatalog:CreateAttributeGroup", + "servicecatalog:UpdateAttributeGroup", + "servicecatalog:DeleteAttributeGroup", + "servicecatalog:GetAttributeGroup", + "servicecatalog:ListAttributeGroups" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4N2G3EPAYN", + "PolicyName": "AWSServiceCatalogAppRegistryFullAccess", + "UpdateDate": "2020-11-12T22:25:58+00:00", + "VersionId": "v1" + }, + "AWSServiceCatalogAppRegistryReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-12T22:34:32+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "servicecatalog:GetApplication", + "servicecatalog:ListApplications", + "servicecatalog:ListAssociatedResources", + "servicecatalog:ListAssociatedAttributeGroups", + "servicecatalog:GetAttributeGroup", + "servicecatalog:ListAttributeGroups" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4M3SSCJCST", + "PolicyName": "AWSServiceCatalogAppRegistryReadOnlyAccess", + "UpdateDate": "2020-11-12T22:34:32+00:00", + "VersionId": "v1" + }, "AWSServiceCatalogEndUserFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess", "AttachmentCount": 0, "CreateDate": "2018-02-15T17:22:32+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v7", "Document": { "Statement": [ { @@ -11870,6 +20583,7 @@ aws_managed_policies_data = """ "servicecatalog:DescribeProvisionedProduct", "servicecatalog:DescribeRecord", "servicecatalog:ListRecordHistory", + "servicecatalog:ListStackInstancesForProvisionedProduct", "servicecatalog:ScanProvisionedProducts", "servicecatalog:TerminateProvisionedProduct", "servicecatalog:UpdateProvisionedProduct", @@ -11880,7 +20594,8 @@ aws_managed_policies_data = """ "servicecatalog:DeleteProvisionedProductPlan", "servicecatalog:ListProvisionedProductPlans", "servicecatalog:ListServiceActionsForProvisioningArtifact", - "servicecatalog:ExecuteProvisionedProductServiceAction" + "servicecatalog:ExecuteProvisionedProductServiceAction", + "servicecatalog:DescribeServiceActionExecutionParameters" ], "Condition": { "StringEquals": { @@ -11899,9 +20614,326 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJTLLC4DGDMTZB54M4", "PolicyName": "AWSServiceCatalogEndUserFullAccess", - "UpdateDate": "2019-02-06T02:00:22+00:00", + "UpdateDate": "2019-07-10T20:30:52+00:00", + "VersionId": "v7" + }, + "AWSServiceCatalogEndUserReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-10-25T18:49:34+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks", + "cloudformation:DescribeChangeSet", + "cloudformation:ListChangeSets", + "cloudformation:DescribeStackSet", + "cloudformation:DescribeStackInstance", + "cloudformation:DescribeStackSetOperation", + "cloudformation:ListStackInstances", + "cloudformation:ListStackResources", + "cloudformation:ListStackSetOperations", + "cloudformation:ListStackSetOperationResults" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/SC-*", + "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", + "arn:aws:cloudformation:*:*:changeSet/SC-*", + "arn:aws:cloudformation:*:*:stackset/SC-*" + ] + }, + { + "Action": [ + "cloudformation:GetTemplateSummary", + "servicecatalog:DescribeProduct", + "servicecatalog:DescribeProductView", + "servicecatalog:DescribeProvisioningParameters", + "servicecatalog:ListLaunchPaths", + "servicecatalog:SearchProducts", + "ssm:DescribeDocument", + "ssm:GetAutomationExecution", + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "servicecatalog:DescribeProvisionedProduct", + "servicecatalog:DescribeRecord", + "servicecatalog:ListRecordHistory", + "servicecatalog:ListStackInstancesForProvisionedProduct", + "servicecatalog:ScanProvisionedProducts", + "servicecatalog:SearchProvisionedProducts", + "servicecatalog:DescribeProvisionedProductPlan", + "servicecatalog:ListProvisionedProductPlans", + "servicecatalog:ListServiceActionsForProvisioningArtifact", + "servicecatalog:DescribeServiceActionExecutionParameters" + ], + "Condition": { + "StringEquals": { + "servicecatalog:userLevel": "self" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IWYKXJJED", + "PolicyName": "AWSServiceCatalogEndUserReadOnlyAccess", + "UpdateDate": "2019-10-25T18:49:34+00:00", + "VersionId": "v1" + }, + "AWSServiceRoleForAmazonEKSNodegroup": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup", + "AttachmentCount": 0, + "CreateDate": "2019-11-07T01:34:26+00:00", + "DefaultVersionId": "v5", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:RevokeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DescribeInstances", + "ec2:RevokeSecurityGroupEgress", + "ec2:DeleteSecurityGroup" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/eks": "*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "SharedSecurityGroupRelatedPermissions" + }, + { + "Action": [ + "ec2:RevokeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DescribeInstances", + "ec2:RevokeSecurityGroupEgress", + "ec2:DeleteSecurityGroup" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/eks:nodegroup-name": "*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "EKSCreatedSecurityGroupRelatedPermissions" + }, + { + "Action": [ + "ec2:DeleteLaunchTemplate", + "ec2:CreateLaunchTemplateVersion" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/eks:nodegroup-name": "*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "LaunchTemplateRelatedPermissions" + }, + { + "Action": [ + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:CompleteLifecycleAction", + "autoscaling:PutLifecycleHook", + "autoscaling:PutNotificationConfiguration" + ], + "Effect": "Allow", + "Resource": "arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*", + "Sid": "AutoscalingRelatedPermissions" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "autoscaling.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowAutoscalingToCreateSLR" + }, + { + "Action": [ + "autoscaling:CreateOrUpdateTags", + "autoscaling:CreateAutoScalingGroup" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:TagKeys": [ + "eks", + "eks:cluster-name", + "eks:nodegroup-name" + ] + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowASGCreationByEKS" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "autoscaling.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowPassRoleToAutoscaling" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEqualsIfExists": { + "iam:PassedToService": [ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowPassRoleToEC2" + }, + { + "Action": [ + "iam:GetRole", + "ec2:CreateLaunchTemplate", + "ec2:DescribeInstances", + "iam:GetInstanceProfile", + "ec2:DescribeLaunchTemplates", + "autoscaling:DescribeAutoScalingGroups", + "ec2:CreateSecurityGroup", + "ec2:DescribeLaunchTemplateVersions", + "ec2:RunInstances", + "ec2:DescribeSecurityGroups", + "ec2:GetConsoleOutput", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "PermissionsToManageResourcesForNodegroups" + }, + { + "Action": [ + "iam:CreateInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:AddRoleToInstanceProfile" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:instance-profile/eks-*", + "Sid": "PermissionsToCreateAndManageInstanceProfiles" + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition": { + "ForAnyValue:StringLike": { + "aws:TagKeys": [ + "eks", + "eks:cluster-name", + "eks:nodegroup-name", + "kubernetes.io/cluster/*" + ] + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "PermissionsToManageEKSAndKubernetesTags" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KH2AAMJJG", + "PolicyName": "AWSServiceRoleForAmazonEKSNodegroup", + "UpdateDate": "2020-08-31T19:07:38+00:00", "VersionId": "v5" }, + "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-10-01T09:49:01+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ssm:CreateOpsItem" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4M4BX2KX5V", + "PolicyName": "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy", + "UpdateDate": "2020-10-01T09:49:01+00:00", + "VersionId": "v1" + }, + "AWSServiceRoleForCodeGuru-Profiler": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeGuru-Profiler", + "AttachmentCount": 0, + "CreateDate": "2020-06-26T22:04:26+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sns:Publish" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowSNSPublishToSendNotifications" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GNVXVLNQT", + "PolicyName": "AWSServiceRoleForCodeGuru-Profiler", + "UpdateDate": "2020-06-26T22:04:26+00:00", + "VersionId": "v1" + }, "AWSServiceRoleForEC2ScheduledInstances": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForEC2ScheduledInstances", "AttachmentCount": 0, @@ -11949,76 +20981,257 @@ aws_managed_policies_data = """ "UpdateDate": "2017-10-12T18:31:55+00:00", "VersionId": "v1" }, - "AWSServiceRoleForIoTSiteWise": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise", + "AWSServiceRoleForImageBuilder": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder", "AttachmentCount": 0, - "CreateDate": "2018-11-14T19:19:17+00:00", - "DefaultVersionId": "v3", + "CreateDate": "2019-11-29T22:02:13+00:00", + "DefaultVersionId": "v12", "Document": { "Statement": [ { - "Action": "iotanalytics:ExecuteQuery", + "Action": [ + "ec2:RunInstances" + ], "Effect": "Allow", - "Resource": "arn:aws:iotanalytics:*:*:datastore-index/*" + "Resource": [ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:key-pair/*" + ] }, { "Action": [ - "greengrass:CreateCoreDefinitionVersion", - "greengrass:CreateDeployment", - "greengrass:CreateFunctionDefinition", - "greengrass:CreateFunctionDefinitionVersion", - "greengrass:CreateGroupVersion", - "greengrass:CreateLoggerDefinition", - "greengrass:CreateLoggerDefinitionVersion", - "greengrass:CreateResourceDefinition", - "greengrass:CreateResourceDefinitionVersion", - "greengrass:GetAssociatedRole", - "greengrass:GetCoreDefinition", - "greengrass:GetCoreDefinitionVersion", - "greengrass:GetDeploymentStatus", - "greengrass:GetFunctionDefinition", - "greengrass:GetFunctionDefinitionVersion", - "greengrass:GetGroup", - "greengrass:GetGroupVersion", - "greengrass:GetLoggerDefinition", - "greengrass:GetLoggerDefinitionVersion", - "greengrass:GetResourceDefinition", - "greengrass:GetResourceDefinitionVersion", - "greengrass:ListCoreDefinitions", - "greengrass:UpdateCoreDefinition", - "greengrass:UpdateFunctionDefinition", - "greengrass:UpdateLoggerDefinition", - "greengrass:UpdateResourceDefinition" + "ec2:RunInstances" ], + "Condition": { + "StringEquals": { + "aws:RequestTag/CreatedBy": "EC2 Image Builder" + } + }, "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:CreateAlias", - "lambda:CreateFunction", - "lambda:GetFunction", - "lambda:ListVersionsByFunction", - "lambda:UpdateFunctionCode", - "lambda:PublishVersion", - "lambda:UpdateAlias" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:AWSIoTSiteWise*" - }, - { - "Action": [ - "iot:GetThingShadow", - "iot:UpdateThingShadow" - ], - "Effect": "Allow", - "Resource": "*" + "Resource": [ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:instance/*" + ] }, { "Action": "iam:PassRole", "Condition": { - "StringLikeIfExists": { - "iam:PassedToService": "lambda.amazonaws.com" + "StringEquals": { + "iam:PassedToService": [ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "ec2:ResourceTag/CreatedBy": "EC2 Image Builder" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CopyImage", + "ec2:CreateImage", + "ec2:CreateLaunchTemplate", + "ec2:DeregisterImage", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeInstanceTypes", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:ModifyImageAttribute" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:ModifySnapshotAttribute" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "ec2:ResourceTag/CreatedBy": "EC2 Image Builder" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*::snapshot/*" + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Effect": "Allow", + "Resource": "arn:aws:ec2:*::image/*" + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:RequestTag/CreatedBy": "EC2 Image Builder" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "license-manager:UpdateLicenseSpecificationsForResource" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sns:Publish" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ssm:ListCommands", + "ssm:ListCommandInvocations", + "ssm:AddTagsToResource", + "ssm:DescribeInstanceInformation", + "ssm:GetAutomationExecution", + "ssm:StopAutomationExecution", + "ssm:ListInventoryEntries", + "ssm:SendAutomationSignal", + "ssm:DescribeInstanceAssociationsStatus" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ssm:SendCommand", + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/AWS-RunPowerShellScript", + "arn:aws:ssm:*:*:document/AWS-RunShellScript", + "arn:aws:ssm:*:*:document/AWSEC2-RunSysprep", + "arn:aws:s3:::*" + ] + }, + { + "Action": [ + "ssm:SendCommand" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "ssm:resourceTag/CreatedBy": [ + "EC2 Image Builder" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": "ssm:StartAutomationExecution", + "Effect": "Allow", + "Resource": "arn:aws:ssm:*:*:automation-definition/ImageBuilder*" + }, + { + "Action": [ + "ssm:CreateAssociation", + "ssm:DeleteAssociation" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory", + "arn:aws:ssm:*:*:association/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": [ + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncryptFrom", + "kms:ReEncryptTo", + "kms:GenerateDataKeyWithoutPlaintext", + "kms:DescribeKey" + ], + "Condition": { + "ForAllValues:StringEquals": { + "kms:EncryptionContextKeys": [ + "aws:ebs:id" + ] + }, + "StringLike": { + "kms:ViaService": [ + "ec2.*.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "kms:CreateGrant", + "Condition": { + "Bool": { + "kms:GrantIsForAWSResource": true + }, + "StringLike": { + "kms:ViaService": [ + "ec2.*.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" + }, + { + "Action": [ + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:ModifyLaunchTemplate" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "ssm.amazonaws.com" } }, "Effect": "Allow", @@ -12031,62 +21244,458 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/aws-service-role/", "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NE22WISEW", + "PolicyName": "AWSServiceRoleForImageBuilder", + "UpdateDate": "2020-12-04T23:27:05+00:00", + "VersionId": "v12" + }, + "AWSServiceRoleForIoTSiteWise": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise", + "AttachmentCount": 0, + "CreateDate": "2018-11-14T19:19:17+00:00", + "DefaultVersionId": "v7", + "Document": { + "Statement": [ + { + "Action": [ + "greengrass:GetAssociatedRole", + "greengrass:GetCoreDefinition", + "greengrass:GetCoreDefinitionVersion", + "greengrass:GetGroup", + "greengrass:GetGroupVersion" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJGQU4DZIQP6HLYQPE", "PolicyName": "AWSServiceRoleForIoTSiteWise", - "UpdateDate": "2019-02-11T20:49:09+00:00", - "VersionId": "v3" + "UpdateDate": "2020-04-25T02:15:01+00:00", + "VersionId": "v7" + }, + "AWSServiceRoleForLogDeliveryPolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForLogDeliveryPolicy", + "AttachmentCount": 0, + "CreateDate": "2019-10-04T17:31:19+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "firehose:PutRecord", + "firehose:PutRecordBatch", + "firehose:ListTagsForDeliveryStream" + ], + "Condition": { + "StringEquals": { + "firehose:ResourceTag/LogDeliveryEnabled": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EMA7ANTDG", + "PolicyName": "AWSServiceRoleForLogDeliveryPolicy", + "UpdateDate": "2020-07-27T19:38:52+00:00", + "VersionId": "v2" + }, + "AWSServiceRoleForMonitronPolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForMonitronPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-02T19:06:08+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sso:GetManagedApplicationInstance", + "sso:GetProfile", + "sso:ListProfiles", + "sso:AssociateProfile", + "sso:ListDirectoryAssociations", + "sso-directory:DescribeUsers", + "sso-directory:SearchUsers" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NYRIH2RCH", + "PolicyName": "AWSServiceRoleForMonitronPolicy", + "UpdateDate": "2020-12-02T19:06:08+00:00", + "VersionId": "v1" + }, + "AWSServiceRoleForSMS": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForSMS", + "AttachmentCount": 0, + "CreateDate": "2019-08-06T18:39:29+00:00", + "DefaultVersionId": "v10", + "Document": { + "Statement": [ + { + "Action": [ + "cloudformation:CreateChangeSet", + "cloudformation:CreateStack" + ], + "Condition": { + "ForAllValues:StringEquals": { + "cloudformation:ResourceTypes": [ + "AWS::EC2::Instance", + "AWS::ApplicationInsights::Application", + "AWS::ResourceGroups::Group" + ] + }, + "Null": { + "cloudformation:ResourceTypes": "false" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" + }, + { + "Action": [ + "cloudformation:DeleteStack", + "cloudformation:ExecuteChangeSet", + "cloudformation:DeleteChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:GetTemplate" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" + }, + { + "Action": [ + "cloudformation:ValidateTemplate", + "s3:ListAllMyBuckets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:PutLifecycleConfiguration" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::sms-app-*" + }, + { + "Action": [ + "sms:CreateReplicationJob", + "sms:DeleteReplicationJob", + "sms:GetReplicationJobs", + "sms:GetReplicationRuns", + "sms:GetServers", + "sms:ImportServerCatalog", + "sms:StartOnDemandReplicationRun", + "sms:UpdateReplicationJob" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ssm:SendCommand", + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*::document/AWS-RunRemoteScript", + "arn:aws:s3:::sms-app-*" + ] + }, + { + "Action": "ssm:SendCommand", + "Condition": { + "StringEquals": { + "ssm:resourceTag/UseForSMSApplicationValidation": [ + "true" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": [ + "ssm:CancelCommand", + "ssm:GetCommandInvocation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CopySnapshot" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action": "ec2:CopySnapshot", + "Condition": { + "StringLike": { + "aws:RequestTag/SMSJobId": [ + "sms-*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action": [ + "ec2:ModifySnapshotAttribute", + "ec2:DeleteSnapshot" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/SMSJobId": [ + "sms-*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action": [ + "ec2:CopyImage", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeSnapshotAttribute", + "ec2:DeregisterImage", + "ec2:ImportImage", + "ec2:DescribeImportImageTasks", + "ec2:GetEbsEncryptionByDefault" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:GetRole", + "iam:GetInstanceProfile" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DisassociateIamInstanceProfile", + "ec2:AssociateIamInstanceProfile", + "ec2:ReplaceIamInstanceProfileAssociation" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "ec2.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEqualsIfExists": { + "iam:PassedToService": "cloudformation.amazonaws.com" + }, + "StringLike": { + "iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:RunInstances" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": [ + "ec2:ModifyInstanceAttribute", + "ec2:StopInstances", + "ec2:StartInstances", + "ec2:TerminateInstances" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "applicationinsights:Describe*", + "applicationinsights:List*", + "cloudformation:ListStackResources" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "applicationinsights:CreateApplication", + "applicationinsights:CreateComponent", + "applicationinsights:UpdateApplication", + "applicationinsights:DeleteApplication", + "applicationinsights:UpdateComponentConfiguration", + "applicationinsights:DeleteComponent" + ], + "Effect": "Allow", + "Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" + }, + { + "Action": [ + "resource-groups:CreateGroup", + "resource-groups:GetGroup", + "resource-groups:UpdateGroup", + "resource-groups:DeleteGroup" + ], + "Condition": { + "StringLike": { + "aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:resource-groups:*:*:group/sms-app-*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "application-insights.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OSYRD2VJZ", + "PolicyName": "AWSServiceRoleForSMS", + "UpdateDate": "2020-10-15T17:28:13+00:00", + "VersionId": "v10" }, "AWSShieldDRTAccessPolicy": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy", "AttachmentCount": 0, "CreateDate": "2018-06-05T22:29:39+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v6", "Document": { "Statement": [ { "Action": [ "cloudfront:List*", - "elasticloadbalancing:List*", "route53:List*", - "cloudfront:Describe*", "elasticloadbalancing:Describe*", - "route53:Describe*", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "cloudfront:GetDistribution*", "globalaccelerator:ListAccelerators", - "globalaccelerator:DescribeAccelerator" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:*", - "arn:aws:cloudfront::*:*", - "arn:aws:route53:::hostedzone/*", - "arn:aws:cloudwatch:*:*:*:*", - "arn:aws:globalaccelerator::*:*" - ], - "Sid": "DRTAccessProtectedResources" - }, - { - "Action": [ - "waf:*", - "waf-regional:*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:waf:*", - "arn:aws:waf-regional:*" - ], - "Sid": "DRTManageMitigations" - }, - { - "Action": [ - "shield:*" + "globalaccelerator:DescribeAccelerator", + "ec2:DescribeRegions", + "ec2:DescribeAddresses" ], "Effect": "Allow", "Resource": "*", - "Sid": "DRTManageProtections" + "Sid": "SRTAccessProtectedResources" + }, + { + "Action": [ + "shield:*", + "waf:*", + "wafv2:*", + "waf-regional:*", + "elasticloadbalancing:SetWebACL", + "cloudfront:UpdateDistribution", + "apigateway:SetWebACL" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SRTManageProtections" } ], "Version": "2012-10-17" @@ -12097,8 +21706,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJWNCSZ4PARLO37VVY", "PolicyName": "AWSShieldDRTAccessPolicy", - "UpdateDate": "2019-02-11T17:08:57+00:00", - "VersionId": "v3" + "UpdateDate": "2020-12-15T17:28:15+00:00", + "VersionId": "v6" }, "AWSStepFunctionsConsoleFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess", @@ -12264,6 +21873,32 @@ aws_managed_policies_data = """ "UpdateDate": "2015-02-06T18:41:10+00:00", "VersionId": "v1" }, + "AWSStorageGatewayServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSStorageGatewayServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2021-02-17T19:03:19+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "fsx:ListTagsForResource" + ], + "Effect": "Allow", + "Resource": "arn:aws:fsx:*:*:backup/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4E4ZEKWU2U", + "PolicyName": "AWSStorageGatewayServiceRolePolicy", + "UpdateDate": "2021-02-17T19:03:19+00:00", + "VersionId": "v1" + }, "AWSSupportAccess": { "Arn": "arn:aws:iam::aws:policy/AWSSupportAccess", "AttachmentCount": 0, @@ -12294,7 +21929,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", "AttachmentCount": 1, "CreateDate": "2018-04-19T18:04:44+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v14", "Document": { "Statement": [ { @@ -12304,10 +21939,30 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": [ "arn:aws:apigateway:*::/account", + "arn:aws:apigateway:*::/apis", + "arn:aws:apigateway:*::/apis/*", + "arn:aws:apigateway:*::/apis/*/authorizers", + "arn:aws:apigateway:*::/apis/*/authorizers/*", + "arn:aws:apigateway:*::/apis/*/deployments", + "arn:aws:apigateway:*::/apis/*/deployments/*", + "arn:aws:apigateway:*::/apis/*/integrations", + "arn:aws:apigateway:*::/apis/*/integrations/*", + "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", + "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", + "arn:aws:apigateway:*::/apis/*/models", + "arn:aws:apigateway:*::/apis/*/models/*", + "arn:aws:apigateway:*::/apis/*/routes", + "arn:aws:apigateway:*::/apis/*/routes/*", + "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", + "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", + "arn:aws:apigateway:*::/apis/*/stages", + "arn:aws:apigateway:*::/apis/*/stages/*", "arn:aws:apigateway:*::/clientcertificates", "arn:aws:apigateway:*::/clientcertificates/*", "arn:aws:apigateway:*::/domainnames", "arn:aws:apigateway:*::/domainnames/*", + "arn:aws:apigateway:*::/domainnames/*/apimappings", + "arn:aws:apigateway:*::/domainnames/*/apimappings/*", "arn:aws:apigateway:*::/domainnames/*/basepathmappings", "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", "arn:aws:apigateway:*::/restapis", @@ -12350,6 +22005,10 @@ aws_managed_policies_data = """ "a4b:searchProfiles", "a4b:searchRooms", "a4b:searchSkillGroups", + "access-analyzer:getFinding", + "access-analyzer:listAnalyzers", + "access-analyzer:listArchiveRules", + "access-analyzer:listFindings", "acm-pca:describeCertificateAuthority", "acm-pca:describeCertificateAuthorityAuditReport", "acm-pca:getCertificate", @@ -12361,9 +22020,27 @@ aws_managed_policies_data = """ "acm:getCertificate", "acm:listCertificates", "acm:listTagsForCertificate", + "amplify:getApp", + "amplify:getBranch", + "amplify:getDomainAssociation", + "amplify:getJob", + "amplify:getWebhook", + "amplify:listApps", + "amplify:listWebhooks", "application-autoscaling:describeScalableTargets", "application-autoscaling:describeScalingActivities", "application-autoscaling:describeScalingPolicies", + "application-autoscaling:describeScheduledActions", + "appmesh:describeMesh", + "appmesh:describeRoute", + "appmesh:describeVirtualNode", + "appmesh:describeVirtualRouter", + "appmesh:describeVirtualService", + "appmesh:listMeshes", + "appmesh:listRoutes", + "appmesh:listVirtualNodes", + "appmesh:listVirtualRouters", + "appmesh:listVirtualServices", "appstream:describeDirectoryConfigs", "appstream:describeFleets", "appstream:describeImageBuilders", @@ -12388,8 +22065,11 @@ aws_managed_policies_data = """ "athena:batchGetQueryExecution", "athena:getNamedQuery", "athena:getQueryExecution", + "athena:getWorkGroup", "athena:listNamedQueries", "athena:listQueryExecutions", + "athena:listTagsForResource", + "athena:listWorkGroups", "autoscaling-plans:describeScalingPlanResources", "autoscaling-plans:describeScalingPlans", "autoscaling-plans:getScalingPlanResourceForecastData", @@ -12399,10 +22079,10 @@ aws_managed_policies_data = """ "autoscaling:describeAutoScalingInstances", "autoscaling:describeAutoScalingNotificationTypes", "autoscaling:describeLaunchConfigurations", - "autoscaling:describeLifecycleHooks", "autoscaling:describeLifecycleHookTypes", - "autoscaling:describeLoadBalancers", + "autoscaling:describeLifecycleHooks", "autoscaling:describeLoadBalancerTargetGroups", + "autoscaling:describeLoadBalancers", "autoscaling:describeMetricCollectionTypes", "autoscaling:describeNotificationConfigurations", "autoscaling:describePolicies", @@ -12411,11 +22091,45 @@ aws_managed_policies_data = """ "autoscaling:describeScheduledActions", "autoscaling:describeTags", "autoscaling:describeTerminationPolicyTypes", + "backup:describeBackupJob", + "backup:describeBackupVault", + "backup:describeProtectedResource", + "backup:describeRecoveryPoint", + "backup:describeRestoreJob", + "backup:getBackupPlan", + "backup:getBackupPlanFromJSON", + "backup:getBackupPlanFromTemplate", + "backup:getBackupSelection", + "backup:getBackupVaultAccessPolicy", + "backup:getBackupVaultNotifications", + "backup:getRecoveryPointRestoreMetadata", + "backup:getSupportedResourceTypes", + "backup:listBackupJobs", + "backup:listBackupPlanTemplates", + "backup:listBackupPlanVersions", + "backup:listBackupPlans", + "backup:listBackupSelections", + "backup:listBackupVaults", + "backup:listProtectedResources", + "backup:listRecoveryPointsByBackupVault", + "backup:listRecoveryPointsByResource", + "backup:listRestoreJobs", + "backup:listTags", "batch:describeComputeEnvironments", "batch:describeJobDefinitions", "batch:describeJobQueues", "batch:describeJobs", "batch:listJobs", + "braket:getDevice", + "braket:getQuantumTask", + "braket:searchDevices", + "braket:searchQuantumTasks", + "budgets:viewBudget", + "ce:getCostAndUsage", + "ce:getDimensionValues", + "ce:getReservationCoverage", + "ce:getReservationUtilization", + "ce:getTags", "cloud9:describeEnvironmentMemberships", "cloud9:describeEnvironments", "cloud9:listEnvironments", @@ -12427,9 +22141,9 @@ aws_managed_policies_data = """ "cloudformation:describeStackInstance", "cloudformation:describeStackResource", "cloudformation:describeStackResources", - "cloudformation:describeStacks", "cloudformation:describeStackSet", "cloudformation:describeStackSetOperation", + "cloudformation:describeStacks", "cloudformation:estimateTemplateCost", "cloudformation:getStackPolicy", "cloudformation:getTemplate", @@ -12439,10 +22153,10 @@ aws_managed_policies_data = """ "cloudformation:listImports", "cloudformation:listStackInstances", "cloudformation:listStackResources", - "cloudformation:listStacks", "cloudformation:listStackSetOperationResults", "cloudformation:listStackSetOperations", "cloudformation:listStackSets", + "cloudformation:listStacks", "cloudfront:getCloudFrontOriginAccessIdentity", "cloudfront:getCloudFrontOriginAccessIdentityConfig", "cloudfront:getDistribution", @@ -12468,9 +22182,12 @@ aws_managed_policies_data = """ "cloudsearch:listDomainNames", "cloudtrail:describeTrails", "cloudtrail:getEventSelectors", + "cloudtrail:getInsightSelectors", + "cloudtrail:getTrail", "cloudtrail:getTrailStatus", "cloudtrail:listPublicKeys", "cloudtrail:listTags", + "cloudtrail:listTrails", "cloudtrail:lookupEvents", "cloudwatch:describeAlarmHistory", "cloudwatch:describeAlarms", @@ -12480,19 +22197,39 @@ aws_managed_policies_data = """ "cloudwatch:getMetricStatistics", "cloudwatch:listDashboards", "cloudwatch:listMetrics", + "codeartifact:describeDomain", + "codeartifact:describePackageVersion", + "codeartifact:describeRepository", + "codeartifact:getDomainPermissionsPolicy", + "codeartifact:getRepositoryEndPoint", + "codeartifact:getRepositoryPermissionsPolicy", + "codeartifact:listDomains", + "codeartifact:listPackageVersionAssets", + "codeartifact:listPackageVersions", + "codeartifact:listPackages", + "codeartifact:listRepositories", + "codeartifact:listRepositoriesInDomain", + "codebuild:batchGetBuildBatches", "codebuild:batchGetBuilds", "codebuild:batchGetProjects", + "codebuild:listBuildBatches", + "codebuild:listBuildBatchesForProject", "codebuild:listBuilds", "codebuild:listBuildsForProject", "codebuild:listCuratedEnvironmentImages", "codebuild:listProjects", + "codebuild:listSourceCredentials", "codecommit:batchGetRepositories", "codecommit:getBranch", "codecommit:getRepository", "codecommit:getRepositoryTriggers", "codecommit:listBranches", "codecommit:listRepositories", + "codedeploy:batchGetApplicationRevisions", "codedeploy:batchGetApplications", + "codedeploy:batchGetDeploymentGroups", + "codedeploy:batchGetDeploymentInstances", + "codedeploy:batchGetDeploymentTargets", "codedeploy:batchGetDeployments", "codedeploy:batchGetOnPremisesInstances", "codedeploy:getApplication", @@ -12501,20 +22238,26 @@ aws_managed_policies_data = """ "codedeploy:getDeploymentConfig", "codedeploy:getDeploymentGroup", "codedeploy:getDeploymentInstance", + "codedeploy:getDeploymentTarget", "codedeploy:getOnPremisesInstance", "codedeploy:listApplicationRevisions", "codedeploy:listApplications", "codedeploy:listDeploymentConfigs", "codedeploy:listDeploymentGroups", "codedeploy:listDeploymentInstances", + "codedeploy:listDeploymentTargets", "codedeploy:listDeployments", + "codedeploy:listGitHubAccountTokenNames", "codedeploy:listOnPremisesInstances", "codepipeline:getJobDetails", "codepipeline:getPipeline", "codepipeline:getPipelineExecution", "codepipeline:getPipelineState", + "codepipeline:listActionExecutions", "codepipeline:listActionTypes", + "codepipeline:listPipelineExecutions", "codepipeline:listPipelines", + "codepipeline:listWebhooks", "codestar:describeProject", "codestar:listProjects", "codestar:listResources", @@ -12549,25 +22292,69 @@ aws_managed_policies_data = """ "cognito-sync:getIdentityPoolConfiguration", "cognito-sync:listDatasets", "cognito-sync:listIdentityPoolUsage", + "compute-optimizer:getAutoScalingGroupRecommendations", + "compute-optimizer:getEC2InstanceRecommendations", + "compute-optimizer:getEC2RecommendationProjectedMetrics", + "compute-optimizer:getEnrollmentStatus", + "compute-optimizer:getRecommendationSummaries", "config:describeConfigRuleEvaluationStatus", "config:describeConfigRules", - "config:describeConfigurationRecorders", "config:describeConfigurationRecorderStatus", - "config:describeDeliveryChannels", + "config:describeConfigurationRecorders", "config:describeDeliveryChannelStatus", + "config:describeDeliveryChannels", "config:getResourceConfigHistory", "config:listDiscoveredResources", + "connect:describeUser", + "connect:getCurrentMetricData", + "connect:getMetricData", + "connect:listRoutingProfiles", + "connect:listSecurityProfiles", + "connect:listUsers", + "controltower:describeAccountFactoryConfig", + "controltower:describeCoreService", + "controltower:describeGuardrail", + "controltower:describeGuardrailForTarget", + "controltower:describeManagedAccount", + "controltower:describeSingleSignOn", + "controltower:getAvailableUpdates", + "controltower:getHomeRegion", + "controltower:getLandingZoneStatus", + "controltower:listDirectoryGroups", + "controltower:listGuardrailViolations", + "controltower:listGuardrailsForTarget", + "controltower:listManagedAccounts", + "controltower:listManagedAccountsForGuardrail", + "controltower:listManagedAccountsForParent", + "controltower:listManagedOrganizationalUnits", + "controltower:listManagedOrganizationalUnitsForGuardrail", "datapipeline:describeObjects", "datapipeline:describePipelines", "datapipeline:getPipelineDefinition", "datapipeline:listPipelines", "datapipeline:queryObjects", + "datasync:describeAgent", + "datasync:describeLocationEfs", + "datasync:describeLocationFsxWindows", + "datasync:describeLocationNfs", + "datasync:describeLocationS3", + "datasync:describeLocationSmb", + "datasync:describeTask", + "datasync:describeTaskExecution", + "datasync:listAgents", + "datasync:listLocations", + "datasync:listTaskExecutions", + "datasync:listTasks", "dax:describeClusters", "dax:describeDefaultParameters", "dax:describeEvents", "dax:describeParameterGroups", "dax:describeParameters", "dax:describeSubnetGroups", + "detective:getMembers", + "detective:listGraphs", + "detective:listInvitations", + "detective:listMembers", "devicefarm:getAccountSettings", "devicefarm:getDevice", "devicefarm:getDevicePool", @@ -12578,6 +22365,8 @@ aws_managed_policies_data = """ "devicefarm:getRun", "devicefarm:getSuite", "devicefarm:getTest", + "devicefarm:getTestGridProject", + "devicefarm:getTestGridSession", "devicefarm:getUpload", "devicefarm:listArtifacts", "devicefarm:listDevicePools", @@ -12588,6 +22377,10 @@ aws_managed_policies_data = """ "devicefarm:listRuns", "devicefarm:listSamples", "devicefarm:listSuites", + "devicefarm:listTestGridProjects", + "devicefarm:listTestGridSessionActions", + "devicefarm:listTestGridSessionArtifacts", + "devicefarm:listTestGridSessions", "devicefarm:listTests", "devicefarm:listUniqueProblems", "devicefarm:listUploads", @@ -12601,8 +22394,8 @@ aws_managed_policies_data = """ "dlm:getLifecyclePolicy", "dms:describeAccountAttributes", "dms:describeConnections", - "dms:describeEndpoints", "dms:describeEndpointTypes", + "dms:describeEndpoints", "dms:describeOrderableReplicationInstances", "dms:describeRefreshSchemasStatus", "dms:describeReplicationInstances", @@ -12637,29 +22430,47 @@ aws_managed_policies_data = """ "ec2:describeAvailabilityZones", "ec2:describeBundleTasks", "ec2:describeByoipCidrs", + "ec2:describeCapacityReservations", "ec2:describeClassicLinkInstances", + "ec2:describeClientVpnAuthorizationRules", + "ec2:describeClientVpnConnections", + "ec2:describeClientVpnEndpoints", + "ec2:describeClientVpnRoutes", + "ec2:describeClientVpnTargetNetworks", + "ec2:describeCoipPools", "ec2:describeConversionTasks", "ec2:describeCustomerGateways", "ec2:describeDhcpOptions", "ec2:describeElasticGpus", + "ec2:describeExportImageTasks", "ec2:describeExportTasks", + "ec2:describeFastSnapshotRestores", + "ec2:describeFleetHistory", + "ec2:describeFleetInstances", + "ec2:describeFleets", "ec2:describeFlowLogs", "ec2:describeHostReservationOfferings", "ec2:describeHostReservations", "ec2:describeHosts", - "ec2:describeIdentityIdFormat", "ec2:describeIdFormat", + "ec2:describeIdentityIdFormat", "ec2:describeImageAttribute", "ec2:describeImages", "ec2:describeImportImageTasks", "ec2:describeImportSnapshotTasks", "ec2:describeInstanceAttribute", - "ec2:describeInstances", "ec2:describeInstanceStatus", + "ec2:describeInstances", "ec2:describeInternetGateways", "ec2:describeKeyPairs", - "ec2:describeLaunchTemplates", "ec2:describeLaunchTemplateVersions", + "ec2:describeLaunchTemplates", + "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "ec2:describeLocalGatewayRouteTableVpcAssociations", + "ec2:describeLocalGatewayRouteTables", + "ec2:describeLocalGatewayVirtualInterfaceGroups", + "ec2:describeLocalGatewayVirtualInterfaces", + "ec2:describeLocalGateways", "ec2:describeMovingAddresses", "ec2:describeNatGateways", "ec2:describeNetworkAcls", @@ -12686,27 +22497,39 @@ aws_managed_policies_data = """ "ec2:describeSpotPriceHistory", "ec2:describeSubnets", "ec2:describeTags", + "ec2:describeTrafficMirrorFilters", + "ec2:describeTrafficMirrorSessions", + "ec2:describeTrafficMirrorTargets", + "ec2:describeTransitGatewayAttachments", + "ec2:describeTransitGatewayRouteTables", + "ec2:describeTransitGatewayVpcAttachments", + "ec2:describeTransitGateways", "ec2:describeVolumeAttribute", + "ec2:describeVolumeStatus", "ec2:describeVolumes", "ec2:describeVolumesModifications", - "ec2:describeVolumeStatus", "ec2:describeVpcAttribute", "ec2:describeVpcClassicLink", "ec2:describeVpcClassicLinkDnsSupport", "ec2:describeVpcEndpointConnectionNotifications", "ec2:describeVpcEndpointConnections", - "ec2:describeVpcEndpoints", "ec2:describeVpcEndpointServiceConfigurations", "ec2:describeVpcEndpointServicePermissions", "ec2:describeVpcEndpointServices", + "ec2:describeVpcEndpoints", "ec2:describeVpcPeeringConnections", "ec2:describeVpcs", "ec2:describeVpnConnections", "ec2:describeVpnGateways", + "ec2:getCoipPoolUsage", "ec2:getConsoleScreenshot", "ec2:getReservedInstancesExchangeQuote", + "ec2:getTransitGatewayAttachmentPropagations", + "ec2:getTransitGatewayRouteTableAssociations", + "ec2:getTransitGatewayRouteTablePropagations", "ec2:modifyReservedInstances", "ec2:purchaseReservedInstancesOffering", + "ec2:searchLocalGatewayRoutes", "ecr:batchCheckLayerAvailability", "ecr:describeImages", "ecr:describeRepositories", @@ -12723,7 +22546,13 @@ aws_managed_policies_data = """ "ecs:listTaskDefinitions", "ecs:listTasks", "eks:describeCluster", + "eks:describeFargateProfile", + "eks:describeNodegroup", + "eks:describeUpdate", "eks:listClusters", + "eks:listFargateProfiles", + "eks:listNodegroups", + "eks:listUpdates", "elasticache:describeCacheClusters", "elasticache:describeCacheEngineVersions", "elasticache:describeCacheParameterGroups", @@ -12739,8 +22568,8 @@ aws_managed_policies_data = """ "elasticache:listAllowedNodeTypeModifications", "elasticache:listTagsForResource", "elasticbeanstalk:checkDNSAvailability", - "elasticbeanstalk:describeApplications", "elasticbeanstalk:describeApplicationVersions", + "elasticbeanstalk:describeApplications", "elasticbeanstalk:describeConfigurationOptions", "elasticbeanstalk:describeConfigurationSettings", "elasticbeanstalk:describeEnvironmentHealth", @@ -12754,10 +22583,14 @@ aws_managed_policies_data = """ "elasticbeanstalk:listAvailableSolutionStacks", "elasticbeanstalk:listPlatformVersions", "elasticbeanstalk:validateConfigurationSettings", + "elasticfilesystem:describeAccessPoints", + "elasticfilesystem:describeFileSystemPolicy", "elasticfilesystem:describeFileSystems", - "elasticfilesystem:describeMountTargets", + "elasticfilesystem:describeLifecycleConfiguration", "elasticfilesystem:describeMountTargetSecurityGroups", + "elasticfilesystem:describeMountTargets", "elasticfilesystem:describeTags", + "elasticfilesystem:listTagsForResource", "elasticloadbalancing:describeInstanceHealth", "elasticloadbalancing:describeListenerCertificates", "elasticloadbalancing:describeListeners", @@ -12799,6 +22632,30 @@ aws_managed_policies_data = """ "events:testEventPattern", "firehose:describeDeliveryStream", "firehose:listDeliveryStreams", + "fms:getAdminAccount", + "fms:getComplianceDetail", + "fms:getNotificationChannel", + "fms:getPolicy", + "fms:getProtectionStatus", + "fms:listComplianceStatus", + "fms:listMemberAccounts", + "fms:listPolicies", + "forecast:describeDataset", + "forecast:describeDatasetGroup", + "forecast:describeDatasetImportJob", + "forecast:describeForecast", + "forecast:describeForecastExportJob", + "forecast:describePredictor", + "forecast:getAccuracyMetrics", + "forecast:listDatasetGroups", + "forecast:listDatasetImportJobs", + "forecast:listDatasets", + "forecast:listForecastExportJobs", + "forecast:listForecasts", + "forecast:listPredictors", + "fsx:describeBackups", + "fsx:describeFileSystems", + "fsx:listTagsForResource", "glacier:describeJob", "glacier:describeVault", "glacier:getDataRetrievalPolicy", @@ -12808,6 +22665,13 @@ aws_managed_policies_data = """ "glacier:listJobs", "glacier:listTagsForVault", "glacier:listVaults", + "globalaccelerator:describeAccelerator", + "globalaccelerator:describeAcceleratorAttributes", + "globalaccelerator:describeEndpointGroup", + "globalaccelerator:describeListener", + "globalaccelerator:listAccelerators", + "globalaccelerator:listEndpointGroups", + "globalaccelerator:listListeners", "glue:batchGetPartition", "glue:getCatalogImportStatus", "glue:getClassifier", @@ -12828,8 +22692,8 @@ aws_managed_policies_data = """ "glue:getPartition", "glue:getPartitions", "glue:getTable", - "glue:getTables", "glue:getTableVersions", + "glue:getTables", "glue:getTrigger", "glue:getTriggers", "glue:getUserDefinedFunction", @@ -12851,41 +22715,41 @@ aws_managed_policies_data = """ "greengrass:getServiceRoleForAccount", "greengrass:getSubscriptionDefinition", "greengrass:getSubscriptionDefinitionVersion", - "greengrass:listCoreDefinitions", "greengrass:listCoreDefinitionVersions", + "greengrass:listCoreDefinitions", "greengrass:listDeployments", - "greengrass:listDeviceDefinitions", "greengrass:listDeviceDefinitionVersions", - "greengrass:listFunctionDefinitions", + "greengrass:listDeviceDefinitions", "greengrass:listFunctionDefinitionVersions", - "greengrass:listGroups", + "greengrass:listFunctionDefinitions", "greengrass:listGroupVersions", - "greengrass:listLoggerDefinitions", + "greengrass:listGroups", "greengrass:listLoggerDefinitionVersions", - "greengrass:listResourceDefinitions", + "greengrass:listLoggerDefinitions", "greengrass:listResourceDefinitionVersions", - "greengrass:listSubscriptionDefinitions", + "greengrass:listResourceDefinitions", "greengrass:listSubscriptionDefinitionVersions", + "greengrass:listSubscriptionDefinitions", "guardduty:getDetector", "guardduty:getFindings", "guardduty:getFindingsStatistics", - "guardduty:getInvitationsCount", "guardduty:getIPSet", + "guardduty:getInvitationsCount", "guardduty:getMasterAccount", "guardduty:getMembers", "guardduty:getThreatIntelSet", "guardduty:listDetectors", "guardduty:listFindings", - "guardduty:listInvitations", "guardduty:listIPSets", + "guardduty:listInvitations", "guardduty:listMembers", "guardduty:listThreatIntelSets", "health:describeAffectedEntities", "health:describeEntityAggregates", "health:describeEventAggregates", "health:describeEventDetails", - "health:describeEvents", "health:describeEventTypes", + "health:describeEvents", "iam:getAccessKeyLastUsed", "iam:getAccountAuthorizationDetails", "iam:getAccountPasswordPolicy", @@ -12903,8 +22767,8 @@ aws_managed_policies_data = """ "iam:getRole", "iam:getRolePolicy", "iam:getSAMLProvider", - "iam:getServerCertificate", "iam:getSSHPublicKey", + "iam:getServerCertificate", "iam:getUser", "iam:getUserPolicy", "iam:listAccessKeys", @@ -12925,14 +22789,33 @@ aws_managed_policies_data = """ "iam:listRolePolicies", "iam:listRoles", "iam:listSAMLProviders", + "iam:listSSHPublicKeys", "iam:listServerCertificates", "iam:listSigningCertificates", - "iam:listSSHPublicKeys", "iam:listUserPolicies", "iam:listUsers", "iam:listVirtualMFADevices", "iam:simulateCustomPolicy", "iam:simulatePrincipalPolicy", + "imagebuilder:getComponent", + "imagebuilder:getComponentPolicy", + "imagebuilder:getDistributionConfiguration", + "imagebuilder:getImage", + "imagebuilder:getImagePipeline", + "imagebuilder:getImagePolicy", + "imagebuilder:getImageRecipe", + "imagebuilder:getImageRecipePolicy", + "imagebuilder:getInfrastructureConfiguration", + "imagebuilder:listComponentBuildVersions", + "imagebuilder:listComponents", + "imagebuilder:listDistributionConfigurations", + "imagebuilder:listImageBuildVersions", + "imagebuilder:listImagePipelineImages", + "imagebuilder:listImagePipelines", + "imagebuilder:listImageRecipes", + "imagebuilder:listImages", + "imagebuilder:listInfrastructureConfigurations", + "imagebuilder:listTagsForResource", "importexport:getStatus", "importexport:listJobs", "inspector:describeAssessmentRuns", @@ -12958,6 +22841,7 @@ aws_managed_policies_data = """ "iot:describeJobExecution", "iot:describeThing", "iot:describeThingGroup", + "iot:describeTunnel", "iot:getEffectivePolicies", "iot:getIndexingConfiguration", "iot:getLoggingOptions", @@ -12985,14 +22869,48 @@ aws_managed_policies_data = """ "iot:listThingGroupsForThing", "iot:listThingPrincipals", "iot:listThingRegistrationTasks", - "iot:listThings", "iot:listThingTypes", + "iot:listThings", "iot:listTopicRules", + "iot:listTunnels", "iot:listV2LoggingLevels", + "iotevents:describeDetector", + "iotevents:describeDetectorModel", + "iotevents:describeInput", + "iotevents:describeLoggingOptions", + "iotevents:listDetectorModelVersions", + "iotevents:listDetectorModels", + "iotevents:listDetectors", + "iotevents:listInputs", + "iotsitewise:describeAccessPolicy", + "iotsitewise:describeAsset", + "iotsitewise:describeAssetModel", + "iotsitewise:describeAssetProperty", + "iotsitewise:describeDashboard", + "iotsitewise:describeGateway", + "iotsitewise:describeGatewayCapabilityConfiguration", + "iotsitewise:describeLoggingOptions", + "iotsitewise:describePortal", + "iotsitewise:describeProject", + "iotsitewise:listAccessPolicies", + "iotsitewise:listAssetModels", + "iotsitewise:listAssociatedAssets", + "iotsitewise:listDashboards", + "iotsitewise:listGateways", + "iotsitewise:listPortals", + "iotsitewise:listProjectAssets", + "iotsitewise:listProjects", "kafka:describeCluster", "kafka:getBootstrapBrokers", "kafka:listClusters", "kafka:listNodes", + "kendra:describeDataSource", + "kendra:describeFaq", + "kendra:describeIndex", + "kendra:getDataSourceSyncJobHistory", + "kendra:listDataSources", + "kendra:listFaqs", + "kendra:listIndices", "kinesis:describeStream", "kinesis:listStreams", "kinesis:listTagsForStream", @@ -13011,41 +22929,60 @@ aws_managed_policies_data = """ "lambda:getAlias", "lambda:getEventSourceMapping", "lambda:getFunction", + "lambda:getFunctionConcurrency", "lambda:getFunctionConfiguration", + "lambda:getFunctionEventInvokeConfig", + "lambda:getLayerVersion", + "lambda:getLayerVersionPolicy", "lambda:getPolicy", + "lambda:getProvisionedConcurrencyConfig", "lambda:listAliases", "lambda:listEventSourceMappings", + "lambda:listFunctionEventInvokeConfigs", "lambda:listFunctions", + "lambda:listLayerVersions", + "lambda:listLayers", + "lambda:listProvisionedConcurrencyConfigs", "lambda:listVersionsByFunction", + "launchwizard:describeProvisionedApp", + "launchwizard:describeProvisioningEvents", + "launchwizard:listProvisionedApps", "lex:getBot", "lex:getBotAlias", "lex:getBotAliases", "lex:getBotChannelAssociation", "lex:getBotChannelAssociations", - "lex:getBots", "lex:getBotVersions", + "lex:getBots", "lex:getBuiltinIntent", "lex:getBuiltinIntents", "lex:getBuiltinSlotTypes", "lex:getIntent", - "lex:getIntents", "lex:getIntentVersions", + "lex:getIntents", "lex:getSlotType", - "lex:getSlotTypes", "lex:getSlotTypeVersions", + "lex:getSlotTypes", + "license-manager:getLicenseConfiguration", + "license-manager:getServiceSettings", + "license-manager:listAssociationsForLicenseConfiguration", + "license-manager:listFailuresForLicenseConfigurationOperations", + "license-manager:listLicenseConfigurations", + "license-manager:listLicenseSpecificationsForResource", + "license-manager:listResourceInventory", + "license-manager:listUsageForLicenseConfiguration", "lightsail:getActiveNames", "lightsail:getBlueprints", "lightsail:getBundles", "lightsail:getDomain", "lightsail:getDomains", "lightsail:getInstance", - "lightsail:getInstanceAccessDetails", "lightsail:getInstanceMetricData", "lightsail:getInstancePortStates", - "lightsail:getInstances", "lightsail:getInstanceSnapshot", "lightsail:getInstanceSnapshots", "lightsail:getInstanceState", + "lightsail:getInstances", "lightsail:getKeyPair", "lightsail:getKeyPairs", "lightsail:getOperation", @@ -13059,6 +22996,7 @@ aws_managed_policies_data = """ "logs:describeLogGroups", "logs:describeLogStreams", "logs:describeMetricFilters", + "logs:describeQueries", "logs:describeSubscriptionFilters", "logs:testMetricFilter", "machinelearning:describeBatchPredictions", @@ -13069,46 +23007,74 @@ aws_managed_policies_data = """ "machinelearning:getDataSource", "machinelearning:getEvaluation", "machinelearning:getMLModel", + "managedblockchain:getMember", + "managedblockchain:getNetwork", + "managedblockchain:getNode", + "managedblockchain:listMembers", + "managedblockchain:listNetworks", + "managedblockchain:listNodes", "mediaconvert:describeEndpoints", "mediaconvert:getJob", "mediaconvert:getJobTemplate", "mediaconvert:getPreset", "mediaconvert:getQueue", - "mediaconvert:listJobs", "mediaconvert:listJobTemplates", + "mediaconvert:listJobs", "medialive:describeChannel", "medialive:describeInput", + "medialive:describeInputDevice", "medialive:describeInputSecurityGroup", + "medialive:describeMultiplex", "medialive:describeOffering", "medialive:describeReservation", "medialive:describeSchedule", "medialive:listChannels", - "medialive:listInputs", + "medialive:listInputDevices", "medialive:listInputSecurityGroups", + "medialive:listInputs", + "medialive:listMultiplexes", "medialive:listOfferings", + "medialive:listReservations", "mediapackage:describeChannel", "mediapackage:describeOriginEndpoint", "mediapackage:listChannels", "mediapackage:listOriginEndpoints", "mediastore:describeContainer", + "mediastore:describeObject", "mediastore:getContainerPolicy", + "mediastore:getCorsPolicy", "mediastore:listContainers", + "mediastore:listItems", + "mediatailor:getPlaybackConfiguration", + "mediatailor:listPlaybackConfigurations", + "mobiletargeting:getAdmChannel", "mobiletargeting:getApnsChannel", + "mobiletargeting:getApnsSandboxChannel", + "mobiletargeting:getApnsVoipChannel", + "mobiletargeting:getApnsVoipSandboxChannel", + "mobiletargeting:getApp", "mobiletargeting:getApplicationSettings", + "mobiletargeting:getApps", + "mobiletargeting:getBaiduChannel", "mobiletargeting:getCampaign", "mobiletargeting:getCampaignActivities", - "mobiletargeting:getCampaigns", "mobiletargeting:getCampaignVersion", "mobiletargeting:getCampaignVersions", + "mobiletargeting:getCampaigns", + "mobiletargeting:getEmailChannel", "mobiletargeting:getEndpoint", + "mobiletargeting:getEventStream", + "mobiletargeting:getExportJob", + "mobiletargeting:getExportJobs", "mobiletargeting:getGcmChannel", "mobiletargeting:getImportJob", "mobiletargeting:getImportJobs", "mobiletargeting:getSegment", "mobiletargeting:getSegmentImportJobs", - "mobiletargeting:getSegments", "mobiletargeting:getSegmentVersion", "mobiletargeting:getSegmentVersions", + "mobiletargeting:getSegments", + "mobiletargeting:getSmsChannel", "mq:describeBroker", "mq:describeConfiguration", "mq:describeConfigurationRevision", @@ -13117,6 +23083,13 @@ aws_managed_policies_data = """ "mq:listConfigurationRevisions", "mq:listConfigurations", "mq:listUsers", + "networkmanager:describeGlobalNetworks", + "networkmanager:getCustomerGatewayAssociations", + "networkmanager:getDevices", + "networkmanager:getLinkAssociations", + "networkmanager:getLinks", + "networkmanager:getSites", + "networkmanager:getTransitGatewayRegistrations", "opsworks-cm:describeAccountAttributes", "opsworks-cm:describeBackups", "opsworks-cm:describeEvents", @@ -13138,21 +23111,66 @@ aws_managed_policies_data = """ "opsworks:describeRdsDbInstances", "opsworks:describeServiceErrors", "opsworks:describeStackProvisioningParameters", - "opsworks:describeStacks", "opsworks:describeStackSummary", + "opsworks:describeStacks", "opsworks:describeTimeBasedAutoScaling", "opsworks:describeUserProfiles", "opsworks:describeVolumes", "opsworks:getHostnameSuggestion", + "outposts:getOutpost", + "outposts:getOutpostInstanceTypes", + "outposts:listOutposts", + "outposts:listSites", + "personalize:describeAlgorithm", + "personalize:describeCampaign", + "personalize:describeDataset", + "personalize:describeDatasetGroup", + "personalize:describeDatasetImportJob", + "personalize:describeEventTracker", + "personalize:describeFeatureTransformation", + "personalize:describeRecipe", + "personalize:describeSchema", + "personalize:describeSolution", + "personalize:describeSolutionVersion", + "personalize:listCampaigns", + "personalize:listDatasetGroups", + "personalize:listDatasetImportJobs", + "personalize:listDatasets", + "personalize:listEventTrackers", + "personalize:listRecipes", + "personalize:listSchemas", + "personalize:listSolutionVersions", + "personalize:listSolutions", "polly:describeVoices", "polly:getLexicon", "polly:listLexicons", + "pricing:describeServices", + "pricing:getAttributeValues", + "pricing:getProducts", + "quicksight:describeDashboard", + "quicksight:describeDashboardPermissions", + "quicksight:describeGroup", + "quicksight:describeIAMPolicyAssignment", + "quicksight:describeTemplate", + "quicksight:describeTemplateAlias", + "quicksight:describeTemplatePermissions", + "quicksight:describeUser", + "quicksight:listDashboards", + "quicksight:listGroupMemberships", + "quicksight:listGroups", + "quicksight:listIAMPolicyAssignments", + "quicksight:listIAMPolicyAssignmentsForUser", + "quicksight:listTemplateAliases", + "quicksight:listTemplateVersions", + "quicksight:listTemplates", + "quicksight:listUserGroups", + "quicksight:listUsers", "rds:describeAccountAttributes", "rds:describeCertificates", "rds:describeDBClusterParameterGroups", "rds:describeDBClusterParameters", - "rds:describeDBClusters", "rds:describeDBClusterSnapshots", + "rds:describeDBClusters", "rds:describeDBEngineVersions", "rds:describeDBInstances", "rds:describeDBParameterGroups", @@ -13164,8 +23182,8 @@ aws_managed_policies_data = """ "rds:describeEngineDefaultClusterParameters", "rds:describeEngineDefaultParameters", "rds:describeEventCategories", - "rds:describeEvents", "rds:describeEventSubscriptions", + "rds:describeEvents", "rds:describeOptionGroupOptions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", @@ -13175,15 +23193,15 @@ aws_managed_policies_data = """ "rds:listTagsForResource", "redshift:describeClusterParameterGroups", "redshift:describeClusterParameters", - "redshift:describeClusters", "redshift:describeClusterSecurityGroups", "redshift:describeClusterSnapshots", "redshift:describeClusterSubnetGroups", "redshift:describeClusterVersions", + "redshift:describeClusters", "redshift:describeDefaultClusterParameters", "redshift:describeEventCategories", - "redshift:describeEvents", "redshift:describeEventSubscriptions", + "redshift:describeEvents", "redshift:describeHsmClientCertificates", "redshift:describeHsmConfigurations", "redshift:describeLoggingStatus", @@ -13192,12 +23210,21 @@ aws_managed_policies_data = """ "redshift:describeReservedNodes", "redshift:describeResize", "redshift:describeSnapshotCopyGrants", + "redshift:describeStorage", "redshift:describeTableRestoreStatus", "redshift:describeTags", "rekognition:listCollections", "rekognition:listFaces", + "resource-groups:getGroup", + "resource-groups:getGroupQuery", + "resource-groups:getTags", + "resource-groups:listGroupResources", + "resource-groups:listGroups", + "resource-groups:searchResources", + "robomaker:batchDescribeSimulationJob", "robomaker:describeDeploymentJob", "robomaker:describeFleet", + "robomaker:describeRobot", "robomaker:describeRobotApplication", "robomaker:describeSimulationApplication", "robomaker:describeSimulationJob", @@ -13264,33 +23291,79 @@ aws_managed_policies_data = """ "s3:getLifecycleConfiguration", "s3:getMetricsConfiguration", "s3:getReplicationConfiguration", - "s3:headBucket", "s3:listAllMyBuckets", + "s3:listBucket", "s3:listBucketMultipartUploads", + "sagemaker:describeAlgorithm", + "sagemaker:describeApp", + "sagemaker:describeAutoMLJob", + "sagemaker:describeCompilationJob", + "sagemaker:describeDomain", "sagemaker:describeEndpoint", "sagemaker:describeEndpointConfig", + "sagemaker:describeExperiment", + "sagemaker:describeHumanTaskUi", "sagemaker:describeHyperParameterTuningJob", + "sagemaker:describeLabelingJob", "sagemaker:describeModel", + "sagemaker:describeModelPackage", + "sagemaker:describeMonitoringSchedule", "sagemaker:describeNotebookInstance", "sagemaker:describeNotebookInstanceLifecycleConfig", + "sagemaker:describeProcessingJob", + "sagemaker:describeSubscribedWorkteam", "sagemaker:describeTrainingJob", "sagemaker:describeTransformJob", + "sagemaker:describeTrial", + "sagemaker:describeTrialComponent", + "sagemaker:describeUserProfile", + "sagemaker:describeWorkteam", + "sagemaker:listAlgorithms", + "sagemaker:listApps", + "sagemaker:listAutoMLJobs", + "sagemaker:listCandidatesForAutoMLJob", + "sagemaker:listCodeRepositories", + "sagemaker:listCompilationJobs", + "sagemaker:listDomains", "sagemaker:listEndpointConfigs", "sagemaker:listEndpoints", + "sagemaker:listExperiments", + "sagemaker:listFlowDefinitions", + "sagemaker:listHumanTaskUis", "sagemaker:listHyperParameterTuningJobs", + "sagemaker:listLabelingJobs", + "sagemaker:listLabelingJobsForWorkteam", + "sagemaker:listModelPackages", "sagemaker:listModels", + "sagemaker:listMonitoringExecutions", + "sagemaker:listMonitoringSchedules", "sagemaker:listNotebookInstanceLifecycleConfigs", "sagemaker:listNotebookInstances", + "sagemaker:listProcessingJobs", + "sagemaker:listSubscribedWorkteams", "sagemaker:listTags", "sagemaker:listTrainingJobs", "sagemaker:listTrainingJobsForHyperParameterTuningJob", "sagemaker:listTransformJobs", + "sagemaker:listTrialComponents", + "sagemaker:listTrials", + "sagemaker:listUserProfiles", + "sagemaker:listWorkteams", "sdb:domainMetadata", "sdb:listDomains", "secretsmanager:describeSecret", "secretsmanager:getResourcePolicy", - "secretsmanager:listSecrets", "secretsmanager:listSecretVersionIds", + "secretsmanager:listSecrets", + "securityhub:getEnabledStandards", + "securityhub:getFindings", + "securityhub:getInsightResults", + "securityhub:getInsights", + "securityhub:getMasterAccount", + "securityhub:getMembers", + "securityhub:listEnabledProductsForImport", + "securityhub:listInvitations", + "securityhub:listMembers", "servicecatalog:describeConstraint", "servicecatalog:describePortfolio", "servicecatalog:describeProduct", @@ -13310,9 +23383,31 @@ aws_managed_policies_data = """ "servicecatalog:listRecordHistory", "servicecatalog:scanProvisionedProducts", "servicecatalog:searchProducts", + "servicequotas:getAWSDefaultServiceQuota", + "servicequotas:getAssociationForServiceQuotaTemplate", + "servicequotas:getRequestedServiceQuotaChange", + "servicequotas:getServiceQuota", + "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", + "servicequotas:listAWSDefaultServiceQuotas", + "servicequotas:listRequestedServiceQuotaChangeHistory", + "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", + "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", + "servicequotas:listServiceQuotas", + "servicequotas:listServices", "ses:describeActiveReceiptRuleSet", "ses:describeReceiptRule", "ses:describeReceiptRuleSet", + "ses:getAccount", + "ses:getBlacklistReports", + "ses:getConfigurationSet", + "ses:getConfigurationSetEventDestinations", + "ses:getDedicatedIp", + "ses:getDedicatedIps", + "ses:getDeliverabilityDashboardOptions", + "ses:getDeliverabilityTestReport", + "ses:getDomainDeliverabilityCampaign", + "ses:getDomainStatisticsReport", + "ses:getEmailIdentity", "ses:getIdentityDkimAttributes", "ses:getIdentityMailFromDomainAttributes", "ses:getIdentityNotificationAttributes", @@ -13320,16 +23415,23 @@ aws_managed_policies_data = """ "ses:getIdentityVerificationAttributes", "ses:getSendQuota", "ses:getSendStatistics", + "ses:listConfigurationSets", + "ses:listDedicatedIpPools", + "ses:listDeliverabilityTestReports", + "ses:listDomainDeliverabilityCampaigns", + "ses:listEmailIdentities", "ses:listIdentities", "ses:listIdentityPolicies", "ses:listReceiptFilters", "ses:listReceiptRuleSets", + "ses:listTagsForResource", "ses:listVerifiedEmailAddresses", "shield:describeAttack", "shield:describeProtection", "shield:describeSubscription", "shield:listAttacks", "shield:listProtections", + "sms-voice:getConfigurationSetEventDestinations", "sms:getConnectors", "sms:getReplicationJobs", "sms:getReplicationRuns", @@ -13357,7 +23459,10 @@ aws_managed_policies_data = """ "sqs:listQueues", "ssm:describeActivations", "ssm:describeAssociation", + "ssm:describeAssociationExecutionTargets", + "ssm:describeAssociationExecutions", "ssm:describeAutomationExecutions", + "ssm:describeAutomationStepExecutions", "ssm:describeAvailablePatches", "ssm:describeDocument", "ssm:describeDocumentPermission", @@ -13365,43 +23470,54 @@ aws_managed_policies_data = """ "ssm:describeEffectivePatchesForPatchBaseline", "ssm:describeInstanceAssociationsStatus", "ssm:describeInstanceInformation", - "ssm:describeInstancePatches", "ssm:describeInstancePatchStates", "ssm:describeInstancePatchStatesForPatchGroup", - "ssm:describeMaintenanceWindowExecutions", + "ssm:describeInstancePatches", + "ssm:describeInventoryDeletions", "ssm:describeMaintenanceWindowExecutionTaskInvocations", "ssm:describeMaintenanceWindowExecutionTasks", - "ssm:describeMaintenanceWindows", + "ssm:describeMaintenanceWindowExecutions", + "ssm:describeMaintenanceWindowSchedule", "ssm:describeMaintenanceWindowTargets", "ssm:describeMaintenanceWindowTasks", + "ssm:describeMaintenanceWindows", + "ssm:describeMaintenanceWindowsForTarget", "ssm:describeParameters", "ssm:describePatchBaselines", - "ssm:describePatchGroups", "ssm:describePatchGroupState", + "ssm:describePatchGroups", + "ssm:describePatchProperties", + "ssm:describeSessions", "ssm:getAutomationExecution", "ssm:getCommandInvocation", + "ssm:getConnectionStatus", "ssm:getDefaultPatchBaseline", "ssm:getDeployablePatchSnapshotForInstance", - "ssm:getDocument", - "ssm:getInventory", "ssm:getInventorySchema", "ssm:getMaintenanceWindow", "ssm:getMaintenanceWindowExecution", "ssm:getMaintenanceWindowExecutionTask", - "ssm:getParameterHistory", - "ssm:getParameters", + "ssm:getMaintenanceWindowExecutionTaskInvocation", + "ssm:getMaintenanceWindowTask", "ssm:getPatchBaseline", "ssm:getPatchBaselineForPatchGroup", + "ssm:getServiceSetting", + "ssm:labelParameterVersion", + "ssm:listAssociationVersions", "ssm:listAssociations", "ssm:listCommandInvocations", "ssm:listCommands", - "ssm:listDocuments", + "ssm:listComplianceItems", + "ssm:listComplianceSummaries", "ssm:listDocumentVersions", - "ssm:listInventoryEntries", + "ssm:listDocuments", + "ssm:listResourceComplianceSummaries", + "ssm:listResourceDataSync", "ssm:listTagsForResource", "states:describeActivity", "states:describeExecution", "states:describeStateMachine", + "states:describeStateMachineForExecution", "states:getExecutionHistory", "states:listActivities", "states:listExecutions", @@ -13430,6 +23546,10 @@ aws_managed_policies_data = """ "storagegateway:listVolumeInitiators", "storagegateway:listVolumeRecoveryPoints", "storagegateway:listVolumes", + "swf:countClosedWorkflowExecutions", + "swf:countOpenWorkflowExecutions", + "swf:countPendingActivityTasks", + "swf:countPendingDecisionTasks", "swf:describeActivityType", "swf:describeDomain", "swf:describeWorkflowExecution", @@ -13474,12 +23594,60 @@ aws_managed_policies_data = """ "waf:listSqlInjectionMatchSets", "waf:listWebACLs", "waf:listXssMatchSets", + "wafv2:checkCapacity", + "wafv2:describeManagedRuleGroup", + "wafv2:getIPSet", + "wafv2:getLoggingConfiguration", + "wafv2:getPermissionPolicy", + "wafv2:getRateBasedStatementManagedKeys", + "wafv2:getRegexPatternSet", + "wafv2:getRuleGroup", + "wafv2:getSampledRequests", + "wafv2:getWebACL", + "wafv2:getWebACLForResource", + "wafv2:listAvailableManagedRuleGroups", + "wafv2:listIPSets", + "wafv2:listLoggingConfigurations", + "wafv2:listRegexPatternSets", + "wafv2:listResourcesForWebACL", + "wafv2:listRuleGroups", + "wafv2:listTagsForResource", + "wafv2:listWebACLs", "workdocs:checkAlias", "workdocs:describeAvailableDirectories", "workdocs:describeInstances", + "worklink:describeAuditStreamConfiguration", + "worklink:describeCompanyNetworkConfiguration", + "worklink:describeDevice", + "worklink:describeDevicePolicyConfiguration", + "worklink:describeDomain", + "worklink:describeFleetMetadata", + "worklink:describeIdentityProviderConfiguration", + "worklink:describeWebsiteCertificateAuthority", + "worklink:listDevices", + "worklink:listDomains", + "worklink:listFleets", + "worklink:listWebsiteAuthorizationProviders", + "worklink:listWebsiteCertificateAuthorities", + "workmail:describeGroup", + "workmail:describeOrganization", + "workmail:describeResource", + "workmail:describeUser", + "workmail:listAliases", + "workmail:listGroupMembers", + "workmail:listGroups", + "workmail:listMailboxPermissions", + "workmail:listOrganizations", + "workmail:listResourceDelegates", + "workmail:listResources", + "workmail:listUsers", + "workspaces:describeAccount", + "workspaces:describeAccountModifications", + "workspaces:describeIpGroups", "workspaces:describeTags", "workspaces:describeWorkspaceBundles", "workspaces:describeWorkspaceDirectories", + "workspaces:describeWorkspaceImages", "workspaces:describeWorkspaces", "workspaces:describeWorkspacesConnectionStatus" ], @@ -13491,15 +23659,1395 @@ aws_managed_policies_data = """ ], "Version": "2012-10-17" }, - "IsAttachable": false, + "IsAttachable": true, "IsDefaultVersion": true, "Path": "/aws-service-role/", "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ7W6266ELXF5MISDS", "PolicyName": "AWSSupportServiceRolePolicy", - "UpdateDate": "2019-02-06T18:06:11+00:00", + "UpdateDate": "2021-01-28T20:00:15+00:00", + "VersionId": "v14" + }, + "AWSSystemsManagerAccountDiscoveryServicePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-10-24T17:21:05+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListDelegatedServicesForAccount", + "organizations:ListDelegatedAdministrators" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BPDSHIWK5", + "PolicyName": "AWSSystemsManagerAccountDiscoveryServicePolicy", + "UpdateDate": "2020-05-27T18:04:51+00:00", + "VersionId": "v2" + }, + "AWSSystemsManagerChangeManagementServicePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerChangeManagementServicePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-07T22:21:57+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ssm:CreateAssociation", + "ssm:DeleteAssociation", + "ssm:CreateOpsItem", + "ssm:GetOpsItem", + "ssm:UpdateOpsItem", + "ssm:StartAutomationExecution", + "ssm:StopAutomationExecution", + "ssm:GetAutomationExecution", + "ssm:GetCalendarState", + "ssm:GetDocument" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "cloudwatch:DescribeAlarms" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "sso:ListDirectoryAssociations" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "sso-directory:DescribeUsers", + "sso-directory:IsMemberInGroup" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "iam:GetGroup", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "ssm.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MZTL6DXTC", + "PolicyName": "AWSSystemsManagerChangeManagementServicePolicy", + "UpdateDate": "2020-12-07T22:21:57+00:00", + "VersionId": "v1" + }, + "AWSThinkboxAWSPortalAdminPolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-05-27T19:41:02+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:AttachInternetGateway", + "ec2:AssociateAddress", + "ec2:AssociateRouteTable", + "ec2:AllocateAddress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateFleet", + "ec2:CreateLaunchTemplate", + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreatePlacementGroup", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeAddresses", + "ec2:DescribeFleets", + "ec2:DescribeFleetHistory", + "ec2:DescribeFleetInstances", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeRouteTables", + "ec2:DescribeNatGateways", + "ec2:DescribeTags", + "ec2:DescribeKeyPairs", + "ec2:DescribePlacementGroups", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeRegions", + "ec2:DescribeSpotFleetRequestHistory", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSpotFleetInstances", + "ec2:DescribeSpotFleetRequests", + "ec2:DescribeSpotPriceHistory", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "ec2:GetConsoleOutput", + "ec2:ImportKeyPair", + "ec2:ReleaseAddress", + "ec2:RequestSpotFleet", + "ec2:CancelSpotFleetRequests", + "ec2:DisassociateAddress", + "ec2:DeleteFleets", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteVpc", + "ec2:DeletePlacementGroup", + "ec2:DeleteVpcEndpoints", + "ec2:DeleteInternetGateway", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DisassociateRouteTable", + "ec2:DeleteSubnet", + "ec2:DeleteNatGateway", + "ec2:DetachInternetGateway", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyFleet", + "ec2:ModifySpotFleetRequest", + "ec2:ModifyVpcAttribute" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:RunInstances", + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:launch-template/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:placement-group/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*::image/*" + ] + }, + { + "Action": "ec2:RunInstances", + "Condition": { + "StringLike": { + "ec2:InstanceProfile": "arn:aws:iam::*:instance-profile/AWSPortal*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": "ec2:TerminateInstances", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/aws:cloudformation:logical-id": "ReverseForwarder" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:TerminateInstances", + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:TerminateInstances", + "Condition": { + "StringLike": { + "ec2:PlacementGroup": "*DeadlinePlacementGroup*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Condition": { + "StringLike": { + "ec2:PlacementGroup": "*DeadlinePlacementGroup*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Condition": { + "StringLike": { + "ec2:CreateAction": "RunInstances" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:internet-gateway/*", + "arn:aws:ec2:*:*:route-table/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:natgateway/*" + ] + }, + { + "Action": [ + "iam:GetUser" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:GetInstanceProfile" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:instance-profile/AWSPortal*" + ] + }, + { + "Action": [ + "iam:GetPolicy", + "iam:ListEntitiesForPolicy", + "iam:ListPolicyVersions" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:policy/AWSPortal*" + ] + }, + { + "Action": [ + "iam:GetRole", + "iam:GetRolePolicy" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/AWSPortal*", + "arn:aws:iam::*:role/DeadlineSpot*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "ec2.amazonaws.com", + "ec2fleet.amazonaws.com", + "spot.amazonaws.com", + "spotfleet.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/AWSPortal*", + "arn:aws:iam::*:role/DeadlineSpot*" + ] + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "ec2fleet.amazonaws.com", + "spot.amazonaws.com", + "spotfleet.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/*" + }, + { + "Action": [ + "s3:CreateBucket", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketVersioning", + "s3:PutBucketAcl", + "s3:PutBucketCORS", + "s3:PutBucketVersioning", + "s3:GetBucketAcl", + "s3:GetObject", + "s3:PutBucketLogging", + "s3:PutBucketTagging", + "s3:PutObject", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:PutEncryptionConfiguration", + "s3:PutLifecycleConfiguration", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:DeleteBucketPolicy", + "s3:DeleteObjectVersion" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3::*:awsportal*", + "arn:aws:s3::*:stack*", + "arn:aws:s3::*:aws-portal-cache*", + "arn:aws:s3::*:logs-for-aws-portal-cache*", + "arn:aws:s3::*:logs-for-stack*" + ] + }, + { + "Action": [ + "s3:ListAllMyBuckets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "dynamodb:Scan" + ], + "Effect": "Allow", + "Resource": "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + }, + { + "Action": [ + "cloudformation:CreateStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResources", + "cloudformation:DeleteStack", + "cloudformation:DeleteChangeSet", + "cloudformation:ListStackResources", + "cloudformation:CreateChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:ExecuteChangeSet", + "cloudformation:UpdateTerminationProtection" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/stack*/*", + "arn:aws:cloudformation:*:*:stack/Deadline*/*" + ] + }, + { + "Action": [ + "cloudformation:EstimateTemplateCost", + "cloudformation:DescribeStacks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "logs:PutRetentionPolicy", + "logs:DeleteRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/thinkbox*" + }, + { + "Action": [ + "logs:DescribeLogGroups", + "logs:CreateLogGroup" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:Encrypt", + "kms:GenerateDataKey" + ], + "Condition": { + "StringLike": { + "kms:ViaService": [ + "s3.*.amazonaws.com", + "secretsmanager.*.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "secretsmanager:CreateSecret" + ], + "Condition": { + "StringLike": { + "secretsmanager:Name": [ + "rcs-tls-pw*" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "secretsmanager:DeleteSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:TagResource" + ], + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BVM3T5TP2", + "PolicyName": "AWSThinkboxAWSPortalAdminPolicy", + "UpdateDate": "2020-08-20T17:16:03+00:00", "VersionId": "v4" }, + "AWSThinkboxAWSPortalGatewayPolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalGatewayPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-05-27T19:05:00+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:/thinkbox*" + ] + }, + { + "Action": [ + "logs:CreateLogGroup" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::aws-portal-cache*" + ] + }, + { + "Action": "dynamodb:Scan", + "Effect": "Allow", + "Resource": [ + "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + ] + }, + { + "Action": [ + "s3:ListBucket", + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::stack*" + ] + }, + { + "Action": [ + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::stack*/gateway_certs/*" + ] + }, + { + "Action": [ + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw-stack*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FP27FM4BH", + "PolicyName": "AWSThinkboxAWSPortalGatewayPolicy", + "UpdateDate": "2020-06-30T16:02:07+00:00", + "VersionId": "v2" + }, + "AWSThinkboxAWSPortalWorkerPolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalWorkerPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-05-27T19:15:05+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DescribeTags" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "ec2:TerminateInstances" + ], + "Condition": { + "StringEquals": { + "ec2:ResourceTag/DeadlineRole": "DeadlineRenderNode" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": [ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::aws-portal-cache*" + ] + }, + { + "Action": [ + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::stack*/gateway_certs/*" + ] + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:/thinkbox*" + ] + }, + { + "Action": [ + "logs:CreateLogGroup" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "sqs:SendMessage", + "sqs:GetQueueUrl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sqs:*:*:DeadlineAWS*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PI3G53MMS", + "PolicyName": "AWSThinkboxAWSPortalWorkerPolicy", + "UpdateDate": "2020-12-07T23:27:47+00:00", + "VersionId": "v4" + }, + "AWSThinkboxAssetServerPolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAssetServerPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-05-27T19:18:53+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:GetLogEvents" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:/thinkbox*" + ] + }, + { + "Action": [ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::aws-portal-cache*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KDWZE3HCT", + "PolicyName": "AWSThinkboxAssetServerPolicy", + "UpdateDate": "2020-05-27T19:18:53+00:00", + "VersionId": "v1" + }, + "AWSThinkboxDeadlineResourceTrackerAccessPolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAccessPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-05-27T19:25:05+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "dynamodb:ListStreams" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "dynamodb:BatchWriteItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeStream", + "dynamodb:DescribeTable", + "dynamodb:GetItem", + "dynamodb:GetRecords", + "dynamodb:GetShardIterator", + "dynamodb:PutItem", + "dynamodb:Scan", + "dynamodb:UpdateItem", + "dynamodb:UpdateTable" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", + "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", + "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + ] + }, + { + "Action": [ + "ec2:CancelSpotFleetRequests", + "ec2:DeleteFleets", + "ec2:DescribeFleetInstances", + "ec2:DescribeFleets", + "ec2:DescribeInstances", + "ec2:DescribeSpotFleetInstances", + "ec2:DescribeSpotFleetRequests" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "ec2:RebootInstances", + "ec2:TerminateInstances" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/DeadlineTrackedAWSResource": "*" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": [ + "events:PutEvents" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:events:*:*:event-bus/default" + ] + }, + { + "Action": [ + "lambda:InvokeFunction" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" + ] + }, + { + "Action": [ + "logs:CreateLogGroup" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:/aws/lambda/DeadlineResourceTracker*" + ] + }, + { + "Action": [ + "sqs:DeleteMessage", + "sqs:GetQueueAttributes", + "sqs:ReceiveMessage" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sqs:*:*:DeadlineAWSComputeNodeStateMessageQueue*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OUKJ73IOS", + "PolicyName": "AWSThinkboxDeadlineResourceTrackerAccessPolicy", + "UpdateDate": "2020-05-27T19:25:05+00:00", + "VersionId": "v1" + }, + "AWSThinkboxDeadlineResourceTrackerAdminPolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAdminPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-05-27T19:29:09+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "cloudformation:ListStacks" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:UpdateStack", + "cloudformation:DescribeStacks", + "cloudformation:UpdateTerminationProtection" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/DeadlineResourceTracker*" + ] + }, + { + "Action": [ + "dynamodb:CreateTable", + "dynamodb:DeleteTable", + "dynamodb:DescribeTable", + "dynamodb:ListTagsOfResource", + "dynamodb:TagResource", + "dynamodb:UntagResource" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", + "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", + "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + ] + }, + { + "Action": [ + "dynamodb:BatchWriteItem", + "dynamodb:Scan" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + ] + }, + { + "Action": [ + "events:DeleteRule", + "events:DescribeRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:events:*:*:rule/DeadlineResourceTracker*" + ] + }, + { + "Action": [ + "iam:GetRole", + "iam:ListAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/DeadlineResourceTracker*" + ] + }, + { + "Action": [ + "iam:GetUser" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "dynamodb.application-autoscaling.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "lambda.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/DeadlineResourceTrackerAccess*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "application-autoscaling.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable" + ] + }, + { + "Action": [ + "lambda:GetEventSourceMapping" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "lambda:CreateEventSourceMapping", + "lambda:DeleteEventSourceMapping" + ], + "Condition": { + "StringLike": { + "lambda:FunctionArn": [ + "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "lambda:AddPermission", + "lambda:RemovePermission" + ], + "Condition": { + "StringLike": { + "lambda:Principal": "events.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" + ] + }, + { + "Action": [ + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" + ] + }, + { + "Action": [ + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*/deadline_aws_resource_tracker-*.zip", + "arn:aws:s3:::*/DeadlineAWSResourceTrackerTemplate-*.yaml" + ] + }, + { + "Action": [ + "sqs:CreateQueue", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:ListQueueTags", + "sqs:TagQueue", + "sqs:UntagQueue" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*", + "arn:aws:sqs:*:*:DeadlineResourceTracker*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FKWWNUOP2", + "PolicyName": "AWSThinkboxDeadlineResourceTrackerAdminPolicy", + "UpdateDate": "2020-10-06T19:06:57+00:00", + "VersionId": "v2" + }, + "AWSThinkboxDeadlineSpotEventPluginAdminPolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginAdminPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-05-27T19:38:34+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:CancelSpotFleetRequests", + "ec2:DescribeSpotFleetInstances", + "ec2:DescribeSpotFleetRequests", + "ec2:ModifySpotFleetRequest", + "ec2:RequestSpotFleet" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Condition": { + "StringEquals": { + "ec2:CreateAction": "RunInstances" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": [ + "ec2:RunInstances" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "ec2:TerminateInstances" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "spot.amazonaws.com", + "spotfleet.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/*" + ] + }, + { + "Action": [ + "iam:GetInstanceProfile" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:instance-profile/*" + ] + }, + { + "Action": [ + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", + "arn:aws:iam::*:role/DeadlineSpot*" + ] + }, + { + "Action": [ + "iam:GetUser" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringLike": { + "iam:PassedToService": "ec2.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", + "arn:aws:iam::*:role/DeadlineSpot*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MNSGMZZZZ", + "PolicyName": "AWSThinkboxDeadlineSpotEventPluginAdminPolicy", + "UpdateDate": "2020-05-27T19:38:34+00:00", + "VersionId": "v1" + }, + "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy": { + "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginWorkerPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-05-27T19:35:00+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DescribeInstances", + "ec2:DescribeTags" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "ec2:TerminateInstances" + ], + "Condition": { + "StringEquals": { + "ec2:ResourceTag/DeadlineTrackedAWSResource": "SpotEventPlugin" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": [ + "ec2:TerminateInstances" + ], + "Condition": { + "StringEquals": { + "ec2:ResourceTag/DeadlineResourceTracker": "SpotEventPlugin" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": [ + "sqs:GetQueueUrl", + "sqs:SendMessage" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JS2KSV4B2", + "PolicyName": "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy", + "UpdateDate": "2020-12-07T23:31:31+00:00", + "VersionId": "v2" + }, + "AWSTransferConsoleFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSTransferConsoleFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-14T19:33:25+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "transfer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "acm:ListCertificates", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "health:DescribeEventAggregates", + "iam:GetPolicyVersion", + "iam:ListPolicies", + "iam:ListRoles", + "route53:ListHostedZones", + "s3:ListAllMyBuckets", + "transfer:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KYSTLCO3J", + "PolicyName": "AWSTransferConsoleFullAccess", + "UpdateDate": "2020-12-14T19:33:25+00:00", + "VersionId": "v1" + }, + "AWSTransferFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSTransferFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-14T19:37:23+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "transfer:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "transfer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeVpcEndpoints", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeAddresses" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KGELFKPYK", + "PolicyName": "AWSTransferFullAccess", + "UpdateDate": "2020-12-14T19:37:23+00:00", + "VersionId": "v1" + }, "AWSTransferLoggingAccess": { "Arn": "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess", "AttachmentCount": 0, @@ -13529,11 +25077,76 @@ aws_managed_policies_data = """ "UpdateDate": "2019-01-14T15:32:50+00:00", "VersionId": "v1" }, + "AWSTransferReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSTransferReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-08-27T17:54:51+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "transfer:DescribeUser", + "transfer:DescribeServer", + "transfer:ListUsers", + "transfer:ListServers", + "transfer:TestIdentityProvider", + "transfer:ListTagsForResource" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ITRAALBSI", + "PolicyName": "AWSTransferReadOnlyAccess", + "UpdateDate": "2020-08-27T17:54:51+00:00", + "VersionId": "v1" + }, + "AWSTrustedAdvisorReportingServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorReportingServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-19T17:41:13+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NCBYW5OGK", + "PolicyName": "AWSTrustedAdvisorReportingServiceRolePolicy", + "UpdateDate": "2020-09-11T21:36:48+00:00", + "VersionId": "v2" + }, "AWSTrustedAdvisorServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", "AttachmentCount": 1, "CreateDate": "2018-02-22T21:24:25+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -13563,6 +25176,7 @@ aws_managed_policies_data = """ "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DescribeLaunchTemplateVersions", + "elasticloadbalancing:DescribeAccountLimits", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", @@ -13610,11 +25224,12 @@ aws_managed_policies_data = """ "s3:GetBucketVersioning", "s3:GetBucketPublicAccessBlock", "s3:ListBucket", - "s3:ListObjects", "s3:ListAllMyBuckets", "ses:GetSendQuota", "sqs:ListQueues", - "cloudwatch:GetMetricStatistics" + "cloudwatch:GetMetricStatistics", + "ce:GetReservationPurchaseRecommendation", + "ce:GetSavingsPlansPurchaseRecommendation" ], "Effect": "Allow", "Resource": "*" @@ -13628,8 +25243,38 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJH4QJ2WMHBOB47BUE", "PolicyName": "AWSTrustedAdvisorServiceRolePolicy", - "UpdateDate": "2019-01-22T19:58:36+00:00", - "VersionId": "v5" + "UpdateDate": "2020-04-08T16:15:31+00:00", + "VersionId": "v8" + }, + "AWSVPCS2SVpnServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCS2SVpnServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-08-06T14:13:58+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "acm:ExportCertificate", + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm-pca:DescribeCertificateAuthority" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "0" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ENV7ZVNT6", + "PolicyName": "AWSVPCS2SVpnServiceRolePolicy", + "UpdateDate": "2019-08-06T14:13:58+00:00", + "VersionId": "v1" }, "AWSVPCTransitGatewayServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCTransitGatewayServiceRolePolicy", @@ -13662,18 +25307,104 @@ aws_managed_policies_data = """ "UpdateDate": "2018-11-26T16:21:17+00:00", "VersionId": "v1" }, + "AWSWAFConsoleFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-04-06T18:38:38+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "apigateway:GET", + "apigateway:SetWebACL", + "cloudfront:ListDistributions", + "cloudfront:ListDistributionsByWebACLId", + "cloudfront:UpdateDistribution", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:DescribeRegions", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:SetWebACL", + "appsync:ListGraphqlApis", + "appsync:SetWebACL", + "waf-regional:*", + "waf:*", + "wafv2:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AZOTQ7KAT", + "PolicyName": "AWSWAFConsoleFullAccess", + "UpdateDate": "2020-10-01T20:13:57+00:00", + "VersionId": "v2" + }, + "AWSWAFConsoleReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-04-06T18:43:24+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "apigateway:GET", + "cloudfront:ListDistributions", + "cloudfront:ListDistributionsByWebACLId", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:DescribeRegions", + "elasticloadbalancing:DescribeLoadBalancers", + "appsync:ListGraphqlApis", + "waf-regional:Get*", + "waf-regional:List*", + "waf:Get*", + "waf:List*", + "wafv2:Describe*", + "wafv2:Get*", + "wafv2:List*", + "wafv2:CheckCapacity" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NCJLTIT64", + "PolicyName": "AWSWAFConsoleReadOnlyAccess", + "UpdateDate": "2020-10-01T20:13:54+00:00", + "VersionId": "v3" + }, "AWSWAFFullAccess": { "Arn": "arn:aws:iam::aws:policy/AWSWAFFullAccess", "AttachmentCount": 0, "CreateDate": "2015-10-06T20:44:00+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v5", "Document": { "Statement": [ { "Action": [ "waf:*", "waf-regional:*", - "elasticloadbalancing:SetWebACL" + "wafv2:*", + "elasticloadbalancing:SetWebACL", + "apigateway:SetWebACL", + "appsync:SetWebACL" ], "Effect": "Allow", "Resource": "*" @@ -13687,14 +25418,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJMIKIAFXZEGOLRH7C", "PolicyName": "AWSWAFFullAccess", - "UpdateDate": "2016-12-07T21:33:25+00:00", - "VersionId": "v2" + "UpdateDate": "2020-10-01T20:13:54+00:00", + "VersionId": "v5" }, "AWSWAFReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-10-06T20:43:45+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -13702,7 +25433,11 @@ aws_managed_policies_data = """ "waf:Get*", "waf:List*", "waf-regional:Get*", - "waf-regional:List*" + "waf-regional:List*", + "wafv2:Get*", + "wafv2:List*", + "wafv2:Describe*", + "wafv2:CheckCapacity" ], "Effect": "Allow", "Resource": "*" @@ -13716,8 +25451,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAINZVDMX2SBF7EU2OC", "PolicyName": "AWSWAFReadOnlyAccess", - "UpdateDate": "2016-12-07T21:30:54+00:00", - "VersionId": "v2" + "UpdateDate": "2020-06-22T22:38:54+00:00", + "VersionId": "v4" }, "AWSXRayDaemonWriteAccess": { "Arn": "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess", @@ -13783,7 +25518,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2016-12-01T18:27:02+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -13797,7 +25532,12 @@ aws_managed_policies_data = """ "xray:GetTraceSummaries", "xray:GetGroups", "xray:GetGroup", - "xray:GetTimeSeriesServiceStatistics" + "xray:ListTagsForResource", + "xray:GetTimeSeriesServiceStatistics", + "xray:GetInsightSummaries", + "xray:GetInsight", + "xray:GetInsightEvents", + "xray:GetInsightImpactGraph" ], "Effect": "Allow", "Resource": [ @@ -13813,8 +25553,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIH4OFXWPS6ZX6OPGQ", "PolicyName": "AWSXrayReadOnlyAccess", - "UpdateDate": "2019-04-30T18:11:46+00:00", - "VersionId": "v4" + "UpdateDate": "2020-09-03T22:19:40+00:00", + "VersionId": "v5" }, "AWSXrayWriteOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess", @@ -13848,9 +25588,485 @@ aws_managed_policies_data = """ "UpdateDate": "2018-08-28T23:03:04+00:00", "VersionId": "v2" }, + "AWS_ConfigRole": { + "Arn": "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole", + "AttachmentCount": 0, + "CreateDate": "2020-09-15T20:30:30+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm:ListTagsForCertificate", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribePolicies", + "autoscaling:DescribeScheduledActions", + "autoscaling:DescribeTags", + "backup:ListBackupPlans", + "backup:ListBackupSelections", + "backup:GetBackupSelection", + "cloudfront:ListTagsForResource", + "cloudformation:DescribeType", + "cloudformation:ListTypes", + "cloudtrail:DescribeTrails", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetTrailStatus", + "cloudtrail:ListTags", + "cloudwatch:DescribeAlarms", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:ListPipelines", + "config:BatchGet*", + "config:Describe*", + "config:Get*", + "config:List*", + "config:Put*", + "config:Select*", + "dax:DescribeClusters", + "dms:DescribeReplicationInstances", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "dynamodb:ListTagsOfResource", + "ec2:Describe*", + "ec2:GetEbsEncryptionByDefault", + "ecr:DescribeRepositories", + "ecr:GetLifecyclePolicy", + "ecr:GetRepositoryPolicy", + "ecr:ListTagsForResource", + "ecs:DescribeClusters", + "ecs:DescribeServices", + "ecs:DescribeTaskDefinition", + "ecs:DescribeTaskSets", + "ecs:ListClusters", + "ecs:ListServices", + "ecs:ListTagsForResource", + "ecs:ListTaskDefinitions", + "eks:DescribeCluster", + "eks:DescribeNodegroup", + "eks:ListClusters", + "eks:ListNodegroups", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeReplicationGroups", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListInstances", + "es:DescribeElasticsearchDomain", + "es:DescribeElasticsearchDomains", + "es:ListDomainNames", + "es:ListTags", + "guardduty:GetDetector", + "guardduty:GetFindings", + "guardduty:GetMasterAccount", + "guardduty:ListDetectors", + "guardduty:ListFindings", + "iam:GenerateCredentialReport", + "iam:GetAccountAuthorizationDetails", + "iam:GetAccountPasswordPolicy", + "iam:GetAccountSummary", + "iam:GetCredentialReport", + "iam:GetGroup", + "iam:GetGroupPolicy", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetUser", + "iam:GetUserPolicy", + "iam:ListAttachedGroupPolicies", + "iam:ListAttachedRolePolicies", + "iam:ListAttachedUserPolicies", + "iam:ListEntitiesForPolicy", + "iam:ListGroupPolicies", + "iam:ListGroupsForUser", + "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:ListUserPolicies", + "iam:ListVirtualMFADevices", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:ListKeys", + "kms:ListResourceTags", + "lambda:GetAlias", + "lambda:GetFunction", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListFunctions", + "logs:DescribeLogGroups", + "organizations:DescribeOrganization", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBInstances", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSnapshotAttributes", + "rds:DescribeDBSnapshots", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEventSubscriptions", + "rds:ListTagsForResource", + "redshift:DescribeClusterParameterGroups", + "redshift:DescribeClusterParameters", + "redshift:DescribeClusterSecurityGroups", + "redshift:DescribeClusterSnapshots", + "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeClusters", + "redshift:DescribeEventSubscriptions", + "redshift:DescribeLoggingStatus", + "s3:GetAccelerateConfiguration", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketNotification", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketRequestPayment", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetReplicationConfiguration", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeNotebookInstance", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListNotebookInstances", + "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", + "securityhub:describeHub", + "shield:DescribeDRTAccess", + "shield:DescribeProtection", + "shield:DescribeSubscription", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListTagsForResource", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:ListQueues", + "sqs:ListQueueTags", + "ssm:DescribeAutomationExecutions", + "ssm:DescribeDocument", + "ssm:GetAutomationExecution", + "ssm:GetDocument", + "storagegateway:ListGateways", + "storagegateway:ListVolumes", + "support:DescribeCases", + "tag:GetResources", + "waf:GetLoggingConfiguration", + "waf:GetWebACL", + "wafv2:GetLoggingConfiguration", + "waf-regional:GetLoggingConfiguration", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PP7QZ4FBG", + "PolicyName": "AWS_ConfigRole", + "UpdateDate": "2021-01-29T19:24:13+00:00", + "VersionId": "v3" + }, + "AWS_Config_Role": { + "Arn": "arn:aws:iam::aws:policy/AWS_Config_Role", + "AttachmentCount": 0, + "CreateDate": "2020-07-23T19:03:40+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm:ListTagsForCertificate", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribePolicies", + "autoscaling:DescribeScheduledActions", + "autoscaling:DescribeTags", + "backup:ListBackupPlans", + "backup:ListBackupSelections", + "backup:GetBackupSelection", + "cloudfront:ListTagsForResource", + "cloudformation:describeType", + "cloudformation:listTypes", + "cloudtrail:DescribeTrails", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetTrailStatus", + "cloudtrail:ListTags", + "cloudwatch:DescribeAlarms", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:ListPipelines", + "config:BatchGet*", + "config:Describe*", + "config:Get*", + "config:List*", + "config:Put*", + "config:Select*", + "dax:DescribeClusters", + "dms:DescribeReplicationInstances", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "dynamodb:ListTagsOfResource", + "ec2:Describe*", + "ec2:GetEbsEncryptionByDefault", + "eks:DescribeCluster", + "eks:ListClusters", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeReplicationGroups", + "elasticfilesystem:DescribeFileSystems", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListInstances", + "es:DescribeElasticsearchDomain", + "es:DescribeElasticsearchDomains", + "es:ListDomainNames", + "es:ListTags", + "guardduty:GetDetector", + "guardduty:GetFindings", + "guardduty:GetMasterAccount", + "guardduty:ListDetectors", + "guardduty:ListFindings", + "iam:GenerateCredentialReport", + "iam:GetAccountAuthorizationDetails", + "iam:GetAccountPasswordPolicy", + "iam:GetAccountSummary", + "iam:GetCredentialReport", + "iam:GetGroup", + "iam:GetGroupPolicy", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetUser", + "iam:GetUserPolicy", + "iam:ListAttachedGroupPolicies", + "iam:ListAttachedRolePolicies", + "iam:ListAttachedUserPolicies", + "iam:ListEntitiesForPolicy", + "iam:ListGroupPolicies", + "iam:ListGroupsForUser", + "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:ListUserPolicies", + "iam:ListVirtualMFADevices", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:ListKeys", + "kms:ListResourceTags", + "lambda:GetAlias", + "lambda:GetFunction", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListFunctions", + "logs:DescribeLogGroups", + "organizations:DescribeOrganization", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBInstances", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSnapshotAttributes", + "rds:DescribeDBSnapshots", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEventSubscriptions", + "rds:ListTagsForResource", + "redshift:DescribeClusterParameterGroups", + "redshift:DescribeClusterParameters", + "redshift:DescribeClusterSecurityGroups", + "redshift:DescribeClusterSnapshots", + "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeClusters", + "redshift:DescribeEventSubscriptions", + "redshift:DescribeLoggingStatus", + "s3:GetAccelerateConfiguration", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketNotification", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketRequestPayment", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetReplicationConfiguration", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeNotebookInstance", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListNotebookInstances", + "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", + "securityhub:describeHub", + "shield:DescribeDRTAccess", + "shield:DescribeProtection", + "shield:DescribeSubscription", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListTagsForResource", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:ListQueues", + "sqs:ListQueueTags", + "ssm:DescribeAutomationExecutions", + "ssm:DescribeDocument", + "ssm:GetAutomationExecution", + "ssm:GetDocument", + "storagegateway:ListGateways", + "storagegateway:ListVolumes", + "support:DescribeCases", + "waf:GetLoggingConfiguration", + "waf:GetWebACL", + "wafv2:GetLoggingConfiguration", + "waf-regional:GetLoggingConfiguration", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4L4CLM3T52", + "PolicyName": "AWS_Config_Role", + "UpdateDate": "2020-07-23T19:03:40+00:00", + "VersionId": "v1" + }, + "AccessAnalyzerServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-12-02T17:13:10+00:00", + "DefaultVersionId": "v5", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DescribeAddresses", + "ec2:DescribeByoipCidrs", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "iam:GetRole", + "iam:ListRoles", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeys", + "lambda:GetLayerVersionPolicy", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListFunctions", + "lambda:ListLayers", + "lambda:ListLayerVersions", + "lambda:ListVersionsByFunction", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListChildren", + "organizations:ListDelegatedAdministrators", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListParents", + "organizations:ListRoots", + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyStatus", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetBucketPolicyStatus", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:ListAccessPoints", + "s3:ListAllMyBuckets", + "sns:GetTopicAttributes", + "sns:ListTopics", + "secretsmanager:DescribeSecret", + "secretsmanager:GetResourcePolicy", + "secretsmanager:ListSecrets", + "sqs:GetQueueAttributes", + "sqs:ListQueues" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CAIXDDRI2", + "PolicyName": "AccessAnalyzerServiceRolePolicy", + "UpdateDate": "2020-11-24T20:58:37+00:00", + "VersionId": "v5" + }, "AdministratorAccess": { "Arn": "arn:aws:iam::aws:policy/AdministratorAccess", - "AttachmentCount": 1, + "AttachmentCount": 7, "CreateDate": "2015-02-06T18:39:46+00:00", "DefaultVersionId": "v1", "Document": { @@ -13872,6 +26088,616 @@ aws_managed_policies_data = """ "UpdateDate": "2015-02-06T18:39:46+00:00", "VersionId": "v1" }, + "AdministratorAccess-AWSElasticBeanstalk": { + "Arn": "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk", + "AttachmentCount": 0, + "CreateDate": "2021-01-22T19:36:54+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "acm:Describe*", + "acm:List*", + "autoscaling:Describe*", + "cloudformation:Describe*", + "cloudformation:Estimate*", + "cloudformation:Get*", + "cloudformation:List*", + "cloudformation:Validate*", + "cloudtrail:LookupEvents", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "codecommit:Get*", + "codecommit:UploadArchive", + "ec2:AllocateAddress", + "ec2:AssociateAddress", + "ec2:AuthorizeSecurityGroup*", + "ec2:CreateLaunchTemplate*", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DeleteLaunchTemplate*", + "ec2:DeleteSecurityGroup", + "ec2:DeleteTags", + "ec2:Describe*", + "ec2:DisassociateAddress", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroup*", + "ecs:CreateCluster", + "ecs:DeRegisterTaskDefinition", + "ecs:Describe*", + "ecs:List*", + "ecs:RegisterTaskDefinition", + "elasticbeanstalk:*", + "elasticloadbalancing:Describe*", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfiles", + "iam:ListRolePolicies", + "iam:ListRoles", + "iam:ListServerCertificates", + "logs:Describe*", + "rds:Describe*", + "s3:ListAllMyBuckets", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "sqs:ListQueues" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "autoscaling:*" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" + ] + }, + { + "Action": [ + "cloudformation:CancelUpdateStack", + "cloudformation:ContinueUpdateRollback", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:GetTemplate", + "cloudformation:ListStackResources", + "cloudformation:SignalResource", + "cloudformation:TagResource", + "cloudformation:UntagResource", + "cloudformation:UpdateStack" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/awseb-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ] + }, + { + "Action": [ + "cloudwatch:DeleteAlarms", + "cloudwatch:PutMetricAlarm" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudwatch:*:*:alarm:awseb-*", + "arn:aws:cloudwatch:*:*:alarm:eb-*" + ] + }, + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:CreateProject", + "codebuild:DeleteProject", + "codebuild:StartBuild" + ], + "Effect": "Allow", + "Resource": "arn:aws:codebuild:*:*:project/Elastic-Beanstalk-*" + }, + { + "Action": [ + "dynamodb:CreateTable", + "dynamodb:DeleteTable", + "dynamodb:DescribeTable", + "dynamodb:TagResource" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:dynamodb:*:*:table/awseb-e-*", + "arn:aws:dynamodb:*:*:table/eb-*" + ] + }, + { + "Action": [ + "ec2:RebootInstances", + "ec2:TerminateInstances" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:cloudformation:stack-id": [ + "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": "ec2:RunInstances", + "Condition": { + "ArnLike": { + "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecs:DeleteCluster" + ], + "Effect": "Allow", + "Resource": "arn:aws:ecs:*:*:cluster/awseb-*" + }, + { + "Action": [ + "elasticloadbalancing:*Rule", + "elasticloadbalancing:*Tags", + "elasticloadbalancing:SetRulePriorities", + "elasticloadbalancing:SetSecurityGroups" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*" + ] + }, + { + "Action": [ + "elasticloadbalancing:*" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*", + "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", + "arn:aws:elasticloadbalancing:*:*:listener/eb-*", + "arn:aws:elasticloadbalancing:*:*:listener/*/awseb-*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/*/eb-*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/eb-*/*/*/*" + ] + }, + { + "Action": [ + "iam:AddRoleToInstanceProfile", + "iam:CreateInstanceProfile", + "iam:CreateRole" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-elasticbeanstalk*", + "arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*" + ] + }, + { + "Action": [ + "iam:AttachRolePolicy" + ], + "Condition": { + "StringLike": { + "iam:PolicyArn": [ + "arn:aws:iam::aws:policy/AWSElasticBeanstalk*", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "elasticbeanstalk.amazonaws.com", + "ec2.amazonaws.com", + "autoscaling.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "ecs.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": [ + "autoscaling.amazonaws.com", + "elasticbeanstalk.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "managedupdates.elasticbeanstalk.amazonaws.com", + "maintenance.elasticbeanstalk.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*", + "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", + "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*", + "arn:aws:iam::*:role/aws-service-role/managedupdates.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", + "arn:aws:iam::*:role/aws-service-role/maintenance.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" + ] + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" + }, + { + "Action": [ + "rds:*DBSubnetGroup", + "rds:AuthorizeDBSecurityGroupIngress", + "rds:CreateDBInstance", + "rds:CreateDBSecurityGroup", + "rds:DeleteDBInstance", + "rds:DeleteDBSecurityGroup", + "rds:ModifyDBInstance", + "rds:RestoreDBInstanceFromDBSnapshot" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:rds:*:*:db:*", + "arn:aws:rds:*:*:secgrp:awseb-e-*", + "arn:aws:rds:*:*:secgrp:eb-*", + "arn:aws:rds:*:*:snapshot:*", + "arn:aws:rds:*:*:subgrp:awseb-e-*", + "arn:aws:rds:*:*:subgrp:eb-*" + ] + }, + { + "Action": [ + "s3:Delete*", + "s3:Get*", + "s3:Put*" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::elasticbeanstalk-*/*" + }, + { + "Action": [ + "s3:CreateBucket", + "s3:GetBucket*", + "s3:ListBucket", + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::elasticbeanstalk-*" + }, + { + "Action": [ + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:GetTopicAttributes", + "sns:Publish", + "sns:SetTopicAttributes", + "sns:Subscribe", + "sns:Unsubscribe" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" + }, + { + "Action": [ + "sqs:*QueueAttributes", + "sqs:CreateQueue", + "sqs:DeleteQueue", + "sqs:SendMessage", + "sqs:TagQueue" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sqs:*:*:awseb-e-*", + "arn:aws:sqs:*:*:eb-*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AX52KWGWY", + "PolicyName": "AdministratorAccess-AWSElasticBeanstalk", + "UpdateDate": "2021-01-22T19:36:54+00:00", + "VersionId": "v1" + }, + "AdministratorAccess-Amplify": { + "Arn": "arn:aws:iam::aws:policy/AdministratorAccess-Amplify", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T19:03:08+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "cloudformation:CreateChangeSet", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:ExecuteChangeSet", + "cloudformation:GetTemplate", + "cloudformation:UpdateStack" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/amplify-*" + ], + "Sid": "CLICloudformationPolicy" + }, + { + "Action": [ + "iam:CreateRole", + "iam:ListRoleTags", + "iam:TagRole", + "iam:AttachRolePolicy", + "iam:CreatePolicy", + "iam:DeletePolicy", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:PutRolePolicy", + "iam:UpdateRole", + "iam:GetRole", + "iam:GetPolicy", + "iam:GetRolePolicy", + "iam:PassRole", + "iam:ListPolicyVersions", + "appsync:CreateApiKey", + "appsync:CreateDataSource", + "appsync:CreateFunction", + "appsync:CreateResolver", + "appsync:CreateType", + "appsync:DeleteApiKey", + "appsync:DeleteDataSource", + "appsync:DeleteFunction", + "appsync:DeleteResolver", + "appsync:DeleteType", + "appsync:GetDataSource", + "appsync:GetFunction", + "appsync:GetIntrospectionSchema", + "appsync:GetResolver", + "appsync:GetSchemaCreationStatus", + "appsync:GetType", + "appsync:GraphQL", + "appsync:ListApiKeys", + "appsync:ListDataSources", + "appsync:ListFunctions", + "appsync:ListGraphqlApis", + "appsync:ListResolvers", + "appsync:ListResolversByFunction", + "appsync:ListTypes", + "appsync:StartSchemaCreation", + "appsync:UpdateApiKey", + "appsync:UpdateDataSource", + "appsync:UpdateFunction", + "appsync:UpdateResolver", + "appsync:UpdateType", + "appsync:TagResource", + "appsync:CreateGraphqlApi", + "appsync:DeleteGraphqlApi", + "appsync:GetGraphqlApi", + "appsync:ListTagsForResource", + "appsync:UpdateGraphqlApi", + "apigateway:DELETE", + "apigateway:GET", + "apigateway:PATCH", + "apigateway:POST", + "apigateway:PUT", + "cognito-idp:CreateUserPool", + "cognito-identity:CreateIdentityPool", + "cognito-identity:DeleteIdentityPool", + "cognito-identity:DescribeIdentity", + "cognito-identity:DescribeIdentityPool", + "cognito-identity:SetIdentityPoolRoles", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:UpdateIdentityPool", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:DeleteGroup", + "cognito-idp:DeleteUserPool", + "cognito-idp:DeleteUserPoolClient", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:ListTagsForResource", + "cognito-idp:ListUserPoolClients", + "cognito-idp:UpdateUserPoolClient", + "cognito-idp:CreateGroup", + "cognito-idp:DeleteGroup", + "cognito-identity:TagResource", + "cognito-idp:TagResource", + "cognito-idp:UpdateUserPool", + "lambda:AddPermission", + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:InvokeAsync", + "lambda:InvokeFunction", + "lambda:RemovePermission", + "lambda:UpdateFunctionCode", + "lambda:UpdateFunctionConfiguration", + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource", + "lambda:DeleteFunction", + "lambda:AddLayerVersionPermission", + "lambda:CreateEventSourceMapping", + "lambda:DeleteEventSourceMapping", + "lambda:DeleteLayerVersion", + "lambda:GetEventSourceMapping", + "lambda:GetLayerVersion", + "lambda:ListEventSourceMappings", + "lambda:ListLayerVersions", + "lambda:PublishLayerVersion", + "lambda:RemoveLayerVersionPermission", + "dynamodb:CreateTable", + "dynamodb:DeleteItem", + "dynamodb:DeleteTable", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeTable", + "dynamodb:DescribeTimeToLive", + "dynamodb:ListStreams", + "dynamodb:PutItem", + "dynamodb:TagResource", + "dynamodb:ListTagsOfResource", + "dynamodb:UpdateContinuousBackups", + "dynamodb:UpdateItem", + "dynamodb:UpdateTable", + "dynamodb:UpdateTimeToLive", + "s3:CreateBucket", + "s3:ListBucket", + "s3:PutBucketAcl", + "s3:PutBucketCORS", + "s3:PutBucketNotification", + "s3:PutBucketPolicy", + "s3:PutBucketWebsite", + "s3:PutObjectAcl", + "cloudfront:CreateCloudFrontOriginAccessIdentity", + "cloudfront:CreateDistribution", + "cloudfront:DeleteCloudFrontOriginAccessIdentity", + "cloudfront:DeleteDistribution", + "cloudfront:GetCloudFrontOriginAccessIdentity", + "cloudfront:GetCloudFrontOriginAccessIdentityConfig", + "cloudfront:GetDistribution", + "cloudfront:GetDistributionConfig", + "cloudfront:TagResource", + "cloudfront:UntagResource", + "cloudfront:UpdateCloudFrontOriginAccessIdentity", + "cloudfront:UpdateDistribution", + "events:DeleteRule", + "events:DescribeRule", + "events:ListRuleNamesByTarget", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "mobiletargeting:GetApp", + "kinesis:AddTagsToStream", + "kinesis:CreateStream", + "kinesis:DeleteStream", + "kinesis:DescribeStream", + "kinesis:PutRecords" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CLIManageviaCFNPolicy" + }, + { + "Action": [ + "appsync:GetIntrospectionSchema", + "appsync:GraphQL", + "appsync:UpdateApiKey", + "appsync:ListApiKeys", + "s3:PutObject", + "s3:GetObject", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:DeleteBucket", + "s3:DeleteBucketPolicy", + "s3:DeleteBucketWebsite", + "s3:DeleteObject", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "sts:AssumeRole", + "iam:PutRolePolicy", + "iam:CreatePolicy", + "iam:AttachRolePolicy", + "mobiletargeting:*", + "amplify:CreateApp", + "amplify:CreateBackendEnvironment", + "amplify:GetApp", + "amplify:GetBackendEnvironment", + "amplify:ListApps", + "amplify:ListBackendEnvironments", + "amplify:CreateBranch", + "amplify:GetBranch", + "amplify:UpdateApp", + "amplify:ListBranches", + "amplify:ListDomainAssociations", + "amplify:DeleteBranch", + "amplify:DeleteApp", + "amplify:DeleteBackendEnvironment", + "amplifybackend:*", + "cognito-idp:AdminAddUserToGroup", + "cognito-idp:AdminCreateUser", + "cognito-idp:CreateGroup", + "cognito-idp:DeleteGroup", + "cognito-idp:DeleteUser", + "cognito-idp:ListUsers", + "cognito-idp:AdminGetUser", + "cognito-idp:ListUsersInGroup", + "cognito-idp:AdminDisableUser", + "cognito-idp:AdminRemoveUserFromGroup", + "cognito-idp:AdminResetUserPassword", + "cognito-idp:AdminListGroupsForUser", + "cognito-idp:ListGroups", + "cognito-idp:AdminDeleteUser", + "cognito-idp:AdminListUserAuthEvents", + "cognito-idp:AdminDeleteUser", + "cognito-idp:AdminConfirmSignUp", + "cognito-idp:AdminEnableUser", + "cognito-idp:AdminUpdateUserAttributes", + "cognito-idp:DescribeIdentityProvider" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CLISDKCalls" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AML23RALR", + "PolicyName": "AdministratorAccess-Amplify", + "UpdateDate": "2021-01-13T22:36:27+00:00", + "VersionId": "v2" + }, "AlexaForBusinessDeviceSetup": { "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup", "AttachmentCount": 0, @@ -13915,7 +26741,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessFullAccess", "AttachmentCount": 0, "CreateDate": "2017-11-30T16:47:09+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -13955,13 +26781,13 @@ aws_managed_policies_data = """ "secretsmanager:UpdateSecret" ], "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*" + "Resource": "arn:aws:secretsmanager:*:*:secret:A4B*" }, { "Action": "secretsmanager:CreateSecret", "Condition": { "StringLike": { - "secretsmanager:Name": "A4BNetworkProfile*" + "secretsmanager:Name": "A4B*" } }, "Effect": "Allow", @@ -13976,8 +26802,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAILUT3JGG7WRIMVNH2", "PolicyName": "AlexaForBusinessFullAccess", - "UpdateDate": "2019-05-20T21:32:33+00:00", - "VersionId": "v4" + "UpdateDate": "2020-07-01T21:01:55+00:00", + "VersionId": "v5" }, "AlexaForBusinessGatewayExecution": { "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution", @@ -14028,6 +26854,113 @@ aws_managed_policies_data = """ "UpdateDate": "2017-11-30T16:47:19+00:00", "VersionId": "v1" }, + "AlexaForBusinessLifesizeDelegatedAccessPolicy": { + "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessLifesizeDelegatedAccessPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-06-04T19:46:56+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "a4b:DisassociateDeviceFromRoom", + "a4b:DeleteDevice", + "a4b:UpdateDevice", + "a4b:GetDevice" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL" + ] + }, + { + "Action": [ + "a4b:RegisterAVSDevice" + ], + "Condition": { + "StringEquals": { + "a4b:amazonId": [ + "A2IWO7UEGWV4TL" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "a4b:SearchDevices" + ], + "Condition": { + "ForAllValues:StringLike": { + "a4b:filters_deviceType": [ + "*A2IWO7UEGWV4TL" + ] + }, + "Null": { + "a4b:filters_deviceType": "false" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "a4b:AssociateDeviceWithRoom" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL", + "arn:aws:a4b:us-east-1:*:room/*" + ] + }, + { + "Action": [ + "a4b:GetRoom", + "a4b:GetAddressBook", + "a4b:SearchRooms", + "a4b:CreateContact", + "a4b:CreateRoom", + "a4b:UpdateContact", + "a4b:ListConferenceProviders", + "a4b:DeleteRoom", + "a4b:CreateAddressBook", + "a4b:DisassociateContactFromAddressBook", + "a4b:CreateConferenceProvider", + "a4b:PutConferencePreference", + "a4b:DeleteAddressBook", + "a4b:AssociateContactWithAddressBook", + "a4b:DeleteContact", + "a4b:SearchProfiles", + "a4b:UpdateProfile", + "a4b:GetContact" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": "arn:aws:kms:*:*:key/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HXQBRRIQV", + "PolicyName": "AlexaForBusinessLifesizeDelegatedAccessPolicy", + "UpdateDate": "2020-06-12T20:31:59+00:00", + "VersionId": "v2" + }, "AlexaForBusinessNetworkProfileServicePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AlexaForBusinessNetworkProfileServicePolicy", "AttachmentCount": 0, @@ -14070,18 +27003,103 @@ aws_managed_policies_data = """ "UpdateDate": "2019-04-05T21:57:56+00:00", "VersionId": "v2" }, + "AlexaForBusinessPolyDelegatedAccessPolicy": { + "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessPolyDelegatedAccessPolicy", + "AttachmentCount": 0, + "CreateDate": "2019-10-16T19:48:45+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "a4b:DisassociateDeviceFromRoom", + "a4b:DeleteDevice", + "a4b:UpdateDevice", + "a4b:GetDevice" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", + "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD" + ] + }, + { + "Action": [ + "a4b:RegisterAVSDevice" + ], + "Condition": { + "StringEquals": { + "a4b:amazonId": [ + "A238TWV36W3S92", + "A1FUZ1SC53VJXD" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "a4b:SearchDevices" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "a4b:AssociateDeviceWithRoom" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", + "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD", + "arn:aws:a4b:us-east-1:*:room/*" + ] + }, + { + "Action": [ + "a4b:GetRoom", + "a4b:SearchRooms", + "a4b:CreateRoom", + "a4b:GetProfile", + "a4b:SearchSkillGroups", + "a4b:DisassociateSkillGroupFromRoom", + "a4b:AssociateSkillGroupWithRoom", + "a4b:GetSkillGroup", + "a4b:SearchProfiles", + "a4b:GetAddressBook", + "a4b:UpdateRoom" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FIHC2UP5Z", + "PolicyName": "AlexaForBusinessPolyDelegatedAccessPolicy", + "UpdateDate": "2019-10-16T19:48:45+00:00", + "VersionId": "v1" + }, "AlexaForBusinessReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2017-11-30T16:47:12+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ "a4b:Get*", "a4b:List*", - "a4b:Describe*", "a4b:Search*" ], "Effect": "Allow", @@ -14096,12 +27114,12 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI6BKSTB4XMLPBFFJ2", "PolicyName": "AlexaForBusinessReadOnlyAccess", - "UpdateDate": "2018-06-25T23:52:33+00:00", - "VersionId": "v2" + "UpdateDate": "2019-11-20T00:25:33+00:00", + "VersionId": "v3" }, "AmazonAPIGatewayAdministrator": { "Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator", - "AttachmentCount": 1, + "AttachmentCount": 0, "CreateDate": "2015-07-09T17:34:45+00:00", "DefaultVersionId": "v1", "Document": { @@ -14154,7 +27172,7 @@ aws_managed_policies_data = """ }, "AmazonAPIGatewayPushToCloudWatchLogs": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", - "AttachmentCount": 1, + "AttachmentCount": 0, "CreateDate": "2015-11-11T23:41:46+00:00", "DefaultVersionId": "v1", "Document": { @@ -14184,11 +27202,165 @@ aws_managed_policies_data = """ "UpdateDate": "2015-11-11T23:41:46+00:00", "VersionId": "v1" }, + "AmazonAppFlowFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonAppFlowFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-02T23:30:14+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": "appflow:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:ListRoles", + "Effect": "Allow", + "Resource": "*", + "Sid": "ListRolesForRedshift" + }, + { + "Action": [ + "kms:ListKeys", + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "KMSListAccess" + }, + { + "Action": [ + "kms:CreateGrant" + ], + "Condition": { + "Bool": { + "kms:GrantIsForAWSResource": "true" + }, + "StringLike": { + "kms:ViaService": "appflow.*.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "KMSGrantAccess" + }, + { + "Action": [ + "kms:ListGrants" + ], + "Condition": { + "StringLike": { + "kms:ViaService": "appflow.*.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "KMSListGrantAccess" + }, + { + "Action": [ + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation", + "s3:GetBucketPolicy" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "S3ReadAccess" + }, + { + "Action": [ + "s3:PutBucketPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::appflow-*", + "Sid": "S3PutBucketPolicyAccess" + }, + { + "Action": "secretsmanager:CreateSecret", + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "appflow.amazonaws.com" + ] + }, + "StringLike": { + "secretsmanager:Name": "appflow!*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "SecretsManagerCreateSecretAccess" + }, + { + "Action": [ + "secretsmanager:PutResourcePolicy" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "appflow.amazonaws.com" + ] + }, + "StringEqualsIgnoreCase": { + "secretsmanager:ResourceTag/aws:secretsmanager:owningService": "appflow" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "SecretsManagerPutResourcePolicyAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PGBU2ALC4", + "PolicyName": "AmazonAppFlowFullAccess", + "UpdateDate": "2020-12-07T22:49:15+00:00", + "VersionId": "v2" + }, + "AmazonAppFlowReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonAppFlowReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-02T23:26:51+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "appflow:DescribeConnectors", + "appflow:DescribeConnectorProfiles", + "appflow:DescribeFlows", + "appflow:DescribeFlowExecution", + "appflow:DescribeConnectorFields", + "appflow:ListConnectorFields", + "appflow:ListTagsForResource" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CCGEQPIQI", + "PolicyName": "AmazonAppFlowReadOnlyAccess", + "UpdateDate": "2020-06-02T23:26:51+00:00", + "VersionId": "v1" + }, "AmazonAppStreamFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:09+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -14204,7 +27376,10 @@ aws_managed_policies_data = """ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget" + "application-autoscaling:RegisterScalableTarget", + "application-autoscaling:DescribeScheduledActions", + "application-autoscaling:PutScheduledAction", + "application-autoscaling:DeleteScheduledAction" ], "Effect": "Allow", "Resource": "*" @@ -14224,7 +27399,8 @@ aws_managed_policies_data = """ "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", - "ec2:DescribeVpcs" + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints" ], "Effect": "Allow", "Resource": "*" @@ -14263,8 +27439,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJLZZXU2YQVGL4QDNC", "PolicyName": "AmazonAppStreamFullAccess", - "UpdateDate": "2018-09-10T17:29:25+00:00", - "VersionId": "v3" + "UpdateDate": "2020-08-28T17:24:35+00:00", + "VersionId": "v6" }, "AmazonAppStreamReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess", @@ -14298,7 +27474,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess", "AttachmentCount": 0, "CreateDate": "2016-11-19T04:17:37+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -14314,7 +27490,9 @@ aws_managed_policies_data = """ "ec2:DisassociateAddress", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", - "s3:ListAllMyBuckets" + "ec2:DescribeVpcEndpoints", + "s3:ListAllMyBuckets", + "ds:DescribeDirectories" ], "Effect": "Allow", "Resource": "*" @@ -14328,6 +27506,7 @@ aws_managed_policies_data = """ "s3:DeleteObject", "s3:GetObjectVersion", "s3:DeleteObjectVersion", + "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:PutEncryptionConfiguration" ], @@ -14347,14 +27526,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAISBRZ7LMMCBYEF3SE", "PolicyName": "AmazonAppStreamServiceAccess", - "UpdateDate": "2019-01-17T20:22:45+00:00", - "VersionId": "v5" + "UpdateDate": "2020-06-26T16:33:54+00:00", + "VersionId": "v8" }, "AmazonAthenaFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess", "AttachmentCount": 0, "CreateDate": "2016-11-30T16:46:01+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -14450,6 +27629,15 @@ aws_managed_policies_data = """ "Resource": [ "*" ] + }, + { + "Action": [ + "lakeformation:GetDataAccess" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" @@ -14460,19 +27648,73 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIPJMLMD4C7RYZ6XCK", "PolicyName": "AmazonAthenaFullAccess", - "UpdateDate": "2019-02-19T00:13:03+00:00", - "VersionId": "v5" + "UpdateDate": "2019-08-08T17:52:27+00:00", + "VersionId": "v6" }, - "AmazonChimeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonChimeFullAccess", + "AmazonAugmentedAIFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIFullAccess", "AttachmentCount": 0, - "CreateDate": "2017-11-01T22:15:43+00:00", + "CreateDate": "2019-12-03T16:21:56+00:00", "DefaultVersionId": "v1", "Document": { "Statement": [ { "Action": [ - "chime:*" + "sagemaker:*HumanLoop", + "sagemaker:*HumanLoops", + "sagemaker:*FlowDefinition", + "sagemaker:*FlowDefinitions", + "sagemaker:*HumanTaskUi", + "sagemaker:*HumanTaskUis" + ], + "Condition": { + "StringEqualsIfExists": { + "sagemaker:WorkteamType": [ + "private-crowd", + "vendor-crowd" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "sagemaker.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HJOEBWQWI", + "PolicyName": "AmazonAugmentedAIFullAccess", + "UpdateDate": "2019-12-03T16:21:56+00:00", + "VersionId": "v1" + }, + "AmazonAugmentedAIHumanLoopFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIHumanLoopFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T16:20:47+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sagemaker:*HumanLoop", + "sagemaker:*HumanLoops" ], "Effect": "Allow", "Resource": "*" @@ -14484,55 +27726,345 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4DLDNVPZG4", + "PolicyName": "AmazonAugmentedAIHumanLoopFullAccess", + "UpdateDate": "2019-12-03T16:20:47+00:00", + "VersionId": "v1" + }, + "AmazonAugmentedAIIntegratedAPIAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIIntegratedAPIAccess", + "AttachmentCount": 0, + "CreateDate": "2020-04-22T20:47:32+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sagemaker:*HumanLoop", + "sagemaker:*HumanLoops", + "sagemaker:*FlowDefinition", + "sagemaker:*FlowDefinitions", + "sagemaker:*HumanTaskUi", + "sagemaker:*HumanTaskUis" + ], + "Condition": { + "StringEqualsIfExists": { + "sagemaker:WorkteamType": [ + "private-crowd", + "vendor-crowd" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "textract:AnalyzeDocument" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "rekognition:DetectModerationLabels" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "sagemaker.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4A7KC4RFTV", + "PolicyName": "AmazonAugmentedAIIntegratedAPIAccess", + "UpdateDate": "2020-04-22T20:47:32+00:00", + "VersionId": "v1" + }, + "AmazonBraketFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonBraketFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-08-06T20:12:37+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::amazon-braket-*" + }, + { + "Action": [ + "logs:Describe*", + "logs:Get*", + "logs:List*", + "logs:StartQuery", + "logs:StopQuery", + "logs:TestMetricFilter", + "logs:FilterLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/braket:*" + }, + { + "Action": [ + "iam:ListRoles", + "iam:ListRolePolicies", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sagemaker:ListNotebookInstances" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sagemaker:CreatePresignedNotebookInstanceUrl", + "sagemaker:CreateNotebookInstance", + "sagemaker:DeleteNotebookInstance", + "sagemaker:DescribeNotebookInstance", + "sagemaker:StartNotebookInstance", + "sagemaker:StopNotebookInstance", + "sagemaker:UpdateNotebookInstance", + "sagemaker:ListTags", + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ], + "Effect": "Allow", + "Resource": "arn:aws:sagemaker:*:*:notebook-instance/amazon-braket-*" + }, + { + "Action": [ + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:CreateNotebookInstanceLifecycleConfig", + "sagemaker:DeleteNotebookInstanceLifecycleConfig", + "sagemaker:ListNotebookInstanceLifecycleConfigs", + "sagemaker:UpdateNotebookInstanceLifecycleConfig" + ], + "Effect": "Allow", + "Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/amazon-braket-*" + }, + { + "Action": "braket:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "braket.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/braket.amazonaws.com/AWSServiceRoleForAmazonBraket*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringLike": { + "iam:PassedToService": [ + "sagemaker.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/service-role/AmazonBraketServiceSageMakerNotebookRole*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HUAKO7NZO", + "PolicyName": "AmazonBraketFullAccess", + "UpdateDate": "2021-02-18T07:48:38+00:00", + "VersionId": "v2" + }, + "AmazonBraketServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonBraketServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-08-04T17:12:23+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "s3:PutObject", + "s3:GetObject", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::amazon-braket-*" + }, + { + "Action": [ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/braket:*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NIYU42I3S", + "PolicyName": "AmazonBraketServiceRolePolicy", + "UpdateDate": "2020-08-06T20:10:42+00:00", + "VersionId": "v2" + }, + "AmazonChimeFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonChimeFullAccess", + "AttachmentCount": 0, + "CreateDate": "2017-11-01T22:15:43+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "chime:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:DescribeResourcePolicies", + "logs:PutResourcePolicy", + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sns:CreateTopic", + "sns:GetTopicAttributes" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*" + ] + }, + { + "Action": [ + "sqs:GetQueueAttributes", + "sqs:CreateQueue" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*" + ] + }, + { + "Action": [ + "kinesis:ListStreams" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kinesis:DescribeStream" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:kinesis:*:*:stream/chime-chat-*", + "arn:aws:kinesis:*:*:stream/chime-messaging-*" + ] + }, + { + "Action": [ + "s3:GetEncryptionConfiguration", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::chime-chat-*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIUJFSAKUERNORYRWO", "PolicyName": "AmazonChimeFullAccess", - "UpdateDate": "2017-11-01T22:15:43+00:00", - "VersionId": "v1" + "UpdateDate": "2020-12-14T21:00:52+00:00", + "VersionId": "v3" }, "AmazonChimeReadOnly": { "Arn": "arn:aws:iam::aws:policy/AmazonChimeReadOnly", "AttachmentCount": 0, "CreateDate": "2017-11-01T22:04:17+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v10", "Document": { "Statement": [ { "Action": [ - "chime:ListAccounts", - "chime:GetAccount", - "chime:GetAccountSettings", - "chime:ListUsers", - "chime:GetUser", - "chime:GetUserByEmail", - "chime:ListDomains", - "chime:GetDomain", - "chime:ListGroups", - "chime:ListDirectories", - "chime:ListCDRBucket", - "chime:GetCDRBucket", - "chime:ListDelegates", - "chime:GetAccountResource", - "chime:ValidateDelegate", - "chime:ListAccountUsageReportData", - "chime:GetUserActivityReportData", - "chime:GetGlobalSettings", - "chime:GetPhoneNumber", - "chime:GetPhoneNumberOrder", - "chime:GetUserSettings", - "chime:GetVoiceConnector", - "chime:GetVoiceConnectorOrigination", - "chime:GetVoiceConnectorTermination", - "chime:GetVoiceConnectorTerminationHealth", - "chime:ListPhoneNumberOrders", - "chime:ListPhoneNumbers", - "chime:ListVoiceConnectorTerminationCredentials", - "chime:ListVoiceConnectors", - "chime:SearchAvailablePhoneNumbers", - "chime:GetTelephonyLimits", - "chime:ListCallingRegions", - "chime:GetBot", - "chime:ListBots", - "chime:GetEventsConfiguration" + "chime:List*", + "chime:Get*", + "chime:Describe*", + "chime:SearchAvailablePhoneNumbers" ], "Effect": "Allow", "Resource": "*" @@ -14546,14 +28078,91 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJLBFZZFABRXVWRTCI", "PolicyName": "AmazonChimeReadOnly", - "UpdateDate": "2019-05-13T20:34:08+00:00", - "VersionId": "v6" + "UpdateDate": "2020-12-14T20:53:57+00:00", + "VersionId": "v10" + }, + "AmazonChimeSDK": { + "Arn": "arn:aws:iam::aws:policy/AmazonChimeSDK", + "AttachmentCount": 0, + "CreateDate": "2020-02-04T21:53:37+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "chime:CreateMeeting", + "chime:CreateMeetingWithAttendees", + "chime:DeleteMeeting", + "chime:GetMeeting", + "chime:ListMeetings", + "chime:CreateAttendee", + "chime:BatchCreateAttendee", + "chime:DeleteAttendee", + "chime:GetAttendee", + "chime:ListAttendees", + "chime:ListAttendeeTags", + "chime:ListMeetingTags", + "chime:ListTagsForResource", + "chime:TagAttendee", + "chime:TagMeeting", + "chime:TagResource", + "chime:UntagAttendee", + "chime:UntagMeeting", + "chime:UntagResource" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ACM6EA4B7", + "PolicyName": "AmazonChimeSDK", + "UpdateDate": "2020-09-18T21:07:30+00:00", + "VersionId": "v3" + }, + "AmazonChimeServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-09-30T22:25:06+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": "chime.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NA5XMV3PI", + "PolicyName": "AmazonChimeServiceRolePolicy", + "UpdateDate": "2019-09-30T22:25:06+00:00", + "VersionId": "v1" }, "AmazonChimeUserManagement": { "Arn": "arn:aws:iam::aws:policy/AmazonChimeUserManagement", "AttachmentCount": 0, "CreateDate": "2017-11-01T22:17:26+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -14566,6 +28175,7 @@ aws_managed_policies_data = """ "chime:GetUser", "chime:GetUserByEmail", "chime:InviteUsers", + "chime:InviteUsersFromProvider", "chime:SuspendUsers", "chime:ActivateUsers", "chime:UpdateUserLicenses", @@ -14591,7 +28201,10 @@ aws_managed_policies_data = """ "chime:GetPhoneNumber", "chime:ListPhoneNumbers", "chime:GetUserSettings", - "chime:UpdateUserSettings" + "chime:UpdateUserSettings", + "chime:CreateUser", + "chime:AssociateSigninDelegateGroupsWithAccount", + "chime:DisassociateSigninDelegateGroupsFromAccount" ], "Effect": "Allow", "Resource": "*" @@ -14605,8 +28218,36 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJGLHVUHNMQPSDGSOO", "PolicyName": "AmazonChimeUserManagement", - "UpdateDate": "2019-03-18T12:17:58+00:00", - "VersionId": "v6" + "UpdateDate": "2020-02-18T19:26:10+00:00", + "VersionId": "v8" + }, + "AmazonChimeVoiceConnectorServiceLinkedRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeVoiceConnectorServiceLinkedRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-09-30T22:16:42+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "chime:GetVoiceConnector*" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GP44ZBY4P", + "PolicyName": "AmazonChimeVoiceConnectorServiceLinkedRolePolicy", + "UpdateDate": "2019-09-30T22:16:42+00:00", + "VersionId": "v1" }, "AmazonCloudDirectoryFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess", @@ -14667,6 +28308,351 @@ aws_managed_policies_data = """ "UpdateDate": "2017-02-28T23:42:06+00:00", "VersionId": "v1" }, + "AmazonCodeGuruProfilerAgentAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerAgentAccess", + "AttachmentCount": 0, + "CreateDate": "2021-02-05T22:11:56+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "codeguru-profiler:ConfigureAgent", + "codeguru-profiler:PostAgentProfile" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NJEGTVMFC", + "PolicyName": "AmazonCodeGuruProfilerAgentAccess", + "UpdateDate": "2021-02-05T22:11:56+00:00", + "VersionId": "v1" + }, + "AmazonCodeGuruProfilerFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T10:13:27+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "codeguru-profiler:*", + "iam:ListRoles", + "iam:ListUsers", + "sns:ListTopics", + "codeguru:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "codeguru-profiler.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*AWSServiceRoleForCodeGuruProfiler*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FVCBNS424", + "PolicyName": "AmazonCodeGuruProfilerFullAccess", + "UpdateDate": "2020-07-15T03:23:08+00:00", + "VersionId": "v4" + }, + "AmazonCodeGuruProfilerReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T10:30:15+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "codeguru:Get*", + "codeguru-profiler:BatchGet*", + "codeguru-profiler:Describe*", + "codeguru-profiler:Get*", + "codeguru-profiler:List*", + "iam:ListRoles", + "iam:ListUsers" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LUSUINUHE", + "PolicyName": "AmazonCodeGuruProfilerReadOnlyAccess", + "UpdateDate": "2020-06-27T23:52:52+00:00", + "VersionId": "v3" + }, + "AmazonCodeGuruReviewerFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T08:33:47+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "codeguru-reviewer:*", + "codeguru:*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AmazonCodeGuruReviewerFullAccess" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", + "Sid": "AmazonCodeGuruReviewerSLRCreation" + }, + { + "Action": [ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", + "Sid": "AmazonCodeGuruReviewerSLRDeletion" + }, + { + "Action": [ + "codecommit:ListRepositories" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeCommitAccess" + }, + { + "Action": [ + "codecommit:TagResource", + "codecommit:UntagResource" + ], + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": "codeguru-reviewer" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeCommitTagManagement" + }, + { + "Action": [ + "codestar-connections:TagResource", + "codestar-connections:UntagResource", + "codestar-connections:ListTagsForResource" + ], + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": "codeguru-reviewer" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeConnectTagManagement" + }, + { + "Action": [ + "codestar-connections:UseConnection", + "codestar-connections:ListConnections", + "codestar-connections:PassConnection" + ], + "Condition": { + "ForAllValues:StringEquals": { + "codestar-connections:ProviderAction": [ + "ListRepositories", + "ListOwners" + ] + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CodeConnectManagedRules" + }, + { + "Action": [ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:RemoveTargets" + ], + "Condition": { + "StringEquals": { + "events:ManagedBy": "codeguru-reviewer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudWatchEventsManagedRules" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ENLFBTHWM", + "PolicyName": "AmazonCodeGuruReviewerFullAccess", + "UpdateDate": "2020-08-29T04:16:08+00:00", + "VersionId": "v3" + }, + "AmazonCodeGuruReviewerReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T08:48:24+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "codeguru:Get*", + "codeguru-reviewer:List*", + "codeguru-reviewer:Describe*", + "codeguru-reviewer:Get*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AmazonCodeGuruReviewerReadOnlyAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FOJ4PYG77", + "PolicyName": "AmazonCodeGuruReviewerReadOnlyAccess", + "UpdateDate": "2020-08-29T04:15:32+00:00", + "VersionId": "v2" + }, + "AmazonCodeGuruReviewerServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCodeGuruReviewerServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T05:31:12+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "codecommit:GetRepository", + "codecommit:GetBranch", + "codecommit:DescribePullRequestEvents", + "codecommit:GetCommentsForPullRequest", + "codecommit:GetDifferences", + "codecommit:GetPullRequest", + "codecommit:ListPullRequests", + "codecommit:PostCommentForPullRequest", + "codecommit:GitPull", + "codecommit:UntagResource" + ], + "Condition": { + "StringLike": { + "aws:ResourceTag/codeguru-reviewer": "enabled" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AccessCodeGuruReviewerEnabledRepositories" + }, + { + "Action": [ + "codestar-connections:UseConnection" + ], + "Condition": { + "ForAllValues:StringEquals": { + "codestar-connections:ProviderAction": [ + "ListBranches", + "GetBranch", + "ListRepositories", + "ListOwners", + "ListPullRequests", + "GetPullRequest", + "ListPullRequestComments", + "ListPullRequestCommits", + "ListCommitFiles", + "ListBranchCommits", + "CreatePullRequestDiffComment", + "GitPull" + ] + }, + "Null": { + "aws:ResourceTag/codeguru-reviewer": "false" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AccessCodeGuruReviewerEnabledConnections" + }, + { + "Action": [ + "events:DeleteRule", + "events:RemoveTargets" + ], + "Condition": { + "StringEquals": { + "events:ManagedBy": "codeguru-reviewer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudWatchEventsResourceCleanup" + }, + { + "Action": [ + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::codeguru-reviewer-*", + "arn:aws:s3:::codeguru-reviewer-*/*" + ], + "Sid": "AllowGuruS3GetObject" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NJY3GAUD2", + "PolicyName": "AmazonCodeGuruReviewerServiceRolePolicy", + "UpdateDate": "2020-11-27T15:09:46+00:00", + "VersionId": "v4" + }, "AmazonCognitoDeveloperAuthenticatedIdentities": { "Arn": "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities", "AttachmentCount": 0, @@ -14730,11 +28716,37 @@ aws_managed_policies_data = """ "UpdateDate": "2019-03-21T21:32:25+00:00", "VersionId": "v1" }, + "AmazonCognitoIdpServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-06-26T22:30:20+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cognito-idp:Describe*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LEUDXVZDR", + "PolicyName": "AmazonCognitoIdpServiceRolePolicy", + "UpdateDate": "2020-06-26T22:30:20+00:00", + "VersionId": "v1" + }, "AmazonCognitoPowerUser": { "Arn": "arn:aws:iam::aws:policy/AmazonCognitoPowerUser", "AttachmentCount": 0, "CreateDate": "2015-03-24T17:14:56+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -14744,7 +28756,20 @@ aws_managed_policies_data = """ "cognito-sync:*", "iam:ListRoles", "iam:ListOpenIdConnectProviders", - "sns:ListPlatformApplications" + "sns:ListPlatformApplications", + "iam:GetRole", + "iam:ListOpenIDConnectProviders", + "iam:ListRoles", + "iam:ListSAMLProviders", + "iam:GetSAMLProvider", + "kinesis:ListStreams", + "lambda:GetPolicy", + "lambda:ListFunctions", + "sns:ListPlatformApplications", + "ses:ListIdentities", + "ses:GetIdentityVerificationAttributes", + "mobiletargeting:GetApps", + "acm:ListCertificates" ], "Effect": "Allow", "Resource": "*" @@ -14753,7 +28778,10 @@ aws_managed_policies_data = """ "Action": "iam:CreateServiceLinkedRole", "Condition": { "StringEquals": { - "iam:AWSServiceName": "email.cognito-idp.amazonaws.com" + "iam:AWSServiceName": [ + "cognito-idp.amazonaws.com", + "email.cognito-idp.amazonaws.com" + ] } }, "Effect": "Allow", @@ -14765,7 +28793,10 @@ aws_managed_policies_data = """ "iam:GetServiceLinkedRoleDeletionStatus" ], "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*" + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp*", + "arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*" + ] } ], "Version": "2012-10-17" @@ -14776,14 +28807,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJKW5H2HNCPGCYGR6Y", "PolicyName": "AmazonCognitoPowerUser", - "UpdateDate": "2019-03-29T22:06:46+00:00", - "VersionId": "v3" + "UpdateDate": "2021-01-12T16:56:15+00:00", + "VersionId": "v5" }, "AmazonCognitoReadOnly": { "Arn": "arn:aws:iam::aws:policy/AmazonCognitoReadOnly", "AttachmentCount": 0, "CreateDate": "2015-03-24T17:06:46+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -14792,9 +28823,10 @@ aws_managed_policies_data = """ "cognito-identity:Get*", "cognito-identity:List*", "cognito-idp:Describe*", - "cognito-idp:AdminGetUser", + "cognito-idp:AdminGet*", "cognito-idp:AdminList*", "cognito-idp:List*", + "cognito-idp:Get*", "cognito-sync:Describe*", "cognito-sync:Get*", "cognito-sync:List*", @@ -14814,76 +28846,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJBFTRZD2GQGJHSVQK", "PolicyName": "AmazonCognitoReadOnly", - "UpdateDate": "2019-02-16T00:18:11+00:00", - "VersionId": "v3" - }, - "AmazonConnectFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonConnectFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-10-17T20:59:39+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "connect:*", - "ds:CreateAlias", - "ds:AuthorizeApplication", - "ds:CreateIdentityPoolDirectory", - "ds:DeleteDirectory", - "ds:DescribeDirectories", - "ds:UnauthorizeApplication", - "firehose:DescribeDeliveryStream", - "firehose:ListDeliveryStreams", - "kinesis:DescribeStream", - "kinesis:ListStreams", - "kms:DescribeKey", - "kms:CreateGrant", - "kms:ListAliases", - "lex:GetBots", - "logs:CreateLogGroup", - "s3:CreateBucket", - "s3:GetBucketLocation", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "connect.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:PutRolePolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIPZZCFFD55NYGBAJI", - "PolicyName": "AmazonConnectFullAccess", - "UpdateDate": "2018-10-17T22:28:01+00:00", - "VersionId": "v2" + "UpdateDate": "2019-08-01T19:21:04+00:00", + "VersionId": "v4" }, "AmazonConnectReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonConnectReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2018-10-17T21:00:44+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -14910,14 +28880,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIVZMH7VU6YYKRY6ZU", "PolicyName": "AmazonConnectReadOnlyAccess", - "UpdateDate": "2018-10-17T21:00:44+00:00", - "VersionId": "v1" + "UpdateDate": "2019-11-06T22:10:18+00:00", + "VersionId": "v3" }, "AmazonConnectServiceLinkedRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-09-07T00:21:43+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -14935,6 +28905,40 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*" + }, + { + "Action": [ + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:DeleteObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::amazon-connect-*/*" + ] + }, + { + "Action": [ + "s3:GetBucketLocation", + "s3:GetBucketAcl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::amazon-connect-*" + ] + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:/aws/connect/*:*" + ] } ], "Version": "2012-10-17" @@ -14945,8 +28949,82 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ6R6FMTSRUJSKI72Y", "PolicyName": "AmazonConnectServiceLinkedRolePolicy", - "UpdateDate": "2018-09-25T21:29:18+00:00", - "VersionId": "v2" + "UpdateDate": "2020-10-08T01:40:01+00:00", + "VersionId": "v3" + }, + "AmazonConnect_FullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonConnect_FullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-20T19:54:21+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "connect:*", + "ds:CreateAlias", + "ds:AuthorizeApplication", + "ds:CreateIdentityPoolDirectory", + "ds:DeleteDirectory", + "ds:DescribeDirectories", + "ds:UnauthorizeApplication", + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams", + "kinesis:DescribeStream", + "kinesis:ListStreams", + "kms:DescribeKey", + "kms:ListAliases", + "lex:GetBots", + "logs:CreateLogGroup", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "lambda:ListFunctions", + "ds:CheckAlias" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:CreateBucket", + "s3:GetBucketAcl" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::amazon-connect-*" + }, + { + "Action": [ + "servicequotas:GetServiceQuota" + ], + "Effect": "Allow", + "Resource": "arn:aws:servicequotas:*:*:connect/*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "connect.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:DeleteServiceLinkedRole", + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JXAE7KLRO", + "PolicyName": "AmazonConnect_FullAccess", + "UpdateDate": "2020-11-20T19:54:21+00:00", + "VersionId": "v1" }, "AmazonDMSCloudWatchLogsRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole", @@ -15021,7 +29099,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role", "AttachmentCount": 0, "CreateDate": "2016-04-20T17:05:56+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -15036,6 +29114,11 @@ aws_managed_policies_data = """ "s3:GetObjectVersion", "s3:GetBucketPolicy", "s3:PutBucketPolicy", + "s3:GetBucketAcl", + "s3:PutBucketVersioning", + "s3:GetBucketVersioning", + "s3:PutLifecycleConfiguration", + "s3:GetLifecycleConfiguration", "s3:DeleteBucketPolicy" ], "Effect": "Allow", @@ -15050,8 +29133,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI3CCUQ4U5WNC5F6B6", "PolicyName": "AmazonDMSRedshiftS3Role", - "UpdateDate": "2016-04-20T17:05:56+00:00", - "VersionId": "v1" + "UpdateDate": "2019-07-08T18:19:14+00:00", + "VersionId": "v3" }, "AmazonDMSVPCManagementRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole", @@ -15124,11 +29207,267 @@ aws_managed_policies_data = """ "UpdateDate": "2015-09-02T00:09:20+00:00", "VersionId": "v1" }, + "AmazonDetectiveFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonDetectiveFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-04-30T17:57:15+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "detective:*", + "organizations:DescribeOrganization", + "organizations:ListAccounts" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "guardduty:ArchiveFindings" + ], + "Effect": "Allow", + "Resource": "arn:aws:guardduty:*:*:detector/*" + }, + { + "Action": [ + "guardduty:ListDetectors" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IRLX3QVOO", + "PolicyName": "AmazonDetectiveFullAccess", + "UpdateDate": "2020-10-21T22:07:28+00:00", + "VersionId": "v2" + }, + "AmazonDevOpsGuruFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T16:38:12+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "devops-guru:*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "DevOpsGuruFullAccess" + }, + { + "Action": [ + "cloudformation:DescribeStacks", + "cloudformation:ListStacks" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudFormationListStacksAccess" + }, + { + "Action": [ + "cloudwatch:GetMetricData" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudWatchGetMetricDataAccess" + }, + { + "Action": [ + "sns:ListTopics" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SnsListTopicsAccess" + }, + { + "Action": [ + "sns:CreateTopic", + "sns:GetTopicAttributes", + "sns:SetTopicAttributes", + "sns:Publish" + ], + "Effect": "Allow", + "Resource": "arn:aws:sns:*:*:DevOps-Guru-*", + "Sid": "SnsTopicOperations" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "devops-guru.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", + "Sid": "DevOpsGuruSlrCreation" + }, + { + "Action": [ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", + "Sid": "DevOpsGuruSlrDeletion" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BQEAUGTMM", + "PolicyName": "AmazonDevOpsGuruFullAccess", + "UpdateDate": "2020-12-01T16:38:12+00:00", + "VersionId": "v1" + }, + "AmazonDevOpsGuruReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T16:34:40+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "devops-guru:DescribeAccountHealth", + "devops-guru:DescribeAccountOverview", + "devops-guru:DescribeAnomaly", + "devops-guru:DescribeInsight", + "devops-guru:DescribeResourceCollectionHealth", + "devops-guru:DescribeServiceIntegration", + "devops-guru:GetResourceCollection", + "devops-guru:ListAnomaliesForInsight", + "devops-guru:ListEvents", + "devops-guru:ListInsights", + "devops-guru:ListNotificationChannels", + "devops-guru:ListRecommendations", + "devops-guru:SearchInsights" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "DevOpsGuruReadOnlyAccess" + }, + { + "Action": [ + "cloudformation:DescribeStacks", + "cloudformation:ListStacks" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudFormationListStacksAccess" + }, + { + "Action": [ + "cloudwatch:GetMetricData" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudWatchGetMetricDataAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JK4QO3QK6", + "PolicyName": "AmazonDevOpsGuruReadOnlyAccess", + "UpdateDate": "2020-12-01T16:34:40+00:00", + "VersionId": "v1" + }, + "AmazonDevOpsGuruServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T10:24:42+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudtrail:LookupEvents", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "cloudwatch:DescribeAnomalyDetectors", + "cloudwatch:DescribeAlarms", + "cloudwatch:ListDashboards", + "cloudwatch:GetDashboard", + "cloudformation:GetTemplate", + "cloudformation:ListStacks", + "cloudformation:ListStackResources", + "cloudformation:DescribeStacks", + "cloudformation:ListImports", + "codedeploy:BatchGetDeployments", + "codedeploy:GetDeploymentGroup", + "codedeploy:ListDeployments", + "config:DescribeConfigurationRecorderStatus", + "config:GetResourceConfigHistory", + "events:ListRuleNamesByTarget", + "xray:GetServiceGraph" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule" + ], + "Effect": "Allow", + "Resource": "arn:aws:events:*:*:rule/DevOps-Guru-managed-*", + "Sid": "AllowPutTargetsOnASpecificRule" + }, + { + "Action": [ + "ssm:CreateOpsItem" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowCreateOpsItem" + }, + { + "Action": [ + "ssm:GetOpsItem", + "ssm:UpdateOpsItem" + ], + "Condition": { + "StringEquals": { + "aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated": "true" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowAccessOpsItem" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LOGPH224B", + "PolicyName": "AmazonDevOpsGuruServiceRolePolicy", + "UpdateDate": "2020-12-01T10:24:42+00:00", + "VersionId": "v1" + }, "AmazonDocDBConsoleFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonDocDBConsoleFullAccess", "AttachmentCount": 0, "CreateDate": "2019-01-09T20:37:28+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -15254,7 +29593,6 @@ aws_managed_policies_data = """ "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", - "kms:ListKeysForService", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", @@ -15286,8 +29624,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJHV6VMSNDDHJ3ESNI", "PolicyName": "AmazonDocDBConsoleFullAccess", - "UpdateDate": "2019-01-09T20:37:28+00:00", - "VersionId": "v1" + "UpdateDate": "2019-10-21T18:57:02+00:00", + "VersionId": "v2" }, "AmazonDocDBFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonDocDBFullAccess", @@ -15503,9 +29841,9 @@ aws_managed_policies_data = """ }, "AmazonDynamoDBFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", - "AttachmentCount": 0, + "AttachmentCount": 2, "CreateDate": "2015-02-06T18:40:11+00:00", - "DefaultVersionId": "v9", + "DefaultVersionId": "v15", "Document": { "Statement": [ { @@ -15526,6 +29864,7 @@ aws_managed_policies_data = """ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", + "cloudwatch:GetMetricData", "datapipeline:ActivatePipeline", "datapipeline:CreatePipeline", "datapipeline:DeletePipeline", @@ -15540,6 +29879,8 @@ aws_managed_policies_data = """ "ec2:DescribeSecurityGroups", "iam:GetRole", "iam:ListRoles", + "kms:DescribeKey", + "kms:ListAliases", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptions", @@ -15561,11 +29902,19 @@ aws_managed_policies_data = """ "resource-groups:GetGroupQuery", "resource-groups:DeleteGroup", "resource-groups:CreateGroup", - "tag:GetResources" + "tag:GetResources", + "kinesis:ListStreams", + "kinesis:DescribeStream", + "kinesis:DescribeStreamSummary" ], "Effect": "Allow", "Resource": "*" }, + { + "Action": "cloudwatch:GetInsightRuleReport", + "Effect": "Allow", + "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" + }, { "Action": [ "iam:PassRole" @@ -15574,6 +29923,7 @@ aws_managed_policies_data = """ "StringLike": { "iam:PassedToService": [ "application-autoscaling.amazonaws.com", + "application-autoscaling.amazonaws.com.cn", "dax.amazonaws.com" ] } @@ -15590,7 +29940,9 @@ aws_managed_policies_data = """ "iam:AWSServiceName": [ "replication.dynamodb.amazonaws.com", "dax.amazonaws.com", - "dynamodb.application-autoscaling.amazonaws.com" + "dynamodb.application-autoscaling.amazonaws.com", + "contributorinsights.dynamodb.amazonaws.com", + "kinesisreplication.dynamodb.amazonaws.com" ] } }, @@ -15606,8 +29958,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAINUGF2JSOSUY76KYA", "PolicyName": "AmazonDynamoDBFullAccess", - "UpdateDate": "2019-05-08T21:20:48+00:00", - "VersionId": "v9" + "UpdateDate": "2021-01-29T17:38:30+00:00", + "VersionId": "v15" }, "AmazonDynamoDBFullAccesswithDataPipeline": { "Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline", @@ -15712,7 +30064,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:12+00:00", - "DefaultVersionId": "v8", + "DefaultVersionId": "v13", "Document": { "Statement": [ { @@ -15725,6 +30077,7 @@ aws_managed_policies_data = """ "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", + "cloudwatch:GetMetricData", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", @@ -15736,6 +30089,7 @@ aws_managed_policies_data = """ "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", + "dynamodb:PartiQLSelect", "dax:Describe*", "dax:List*", "dax:GetItem", @@ -15747,6 +30101,8 @@ aws_managed_policies_data = """ "ec2:DescribeSecurityGroups", "iam:GetRole", "iam:ListRoles", + "kms:DescribeKey", + "kms:ListAliases", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "lambda:ListFunctions", @@ -15756,10 +30112,18 @@ aws_managed_policies_data = """ "resource-groups:ListGroupResources", "resource-groups:GetGroup", "resource-groups:GetGroupQuery", - "tag:GetResources" + "tag:GetResources", + "kinesis:ListStreams", + "kinesis:DescribeStream", + "kinesis:DescribeStreamSummary" ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": "cloudwatch:GetInsightRuleReport", + "Effect": "Allow", + "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" } ], "Version": "2012-10-17" @@ -15770,14 +30134,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIY2XFNA232XJ6J7X2", "PolicyName": "AmazonDynamoDBReadOnlyAccess", - "UpdateDate": "2019-05-08T21:15:48+00:00", - "VersionId": "v8" + "UpdateDate": "2021-01-27T01:01:47+00:00", + "VersionId": "v13" }, "AmazonEC2ContainerRegistryFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess", "AttachmentCount": 0, "CreateDate": "2015-12-21T17:06:48+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -15787,6 +30151,20 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "replication.ecr.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -15797,14 +30175,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIESRL7KD7IIVF6V4W", "PolicyName": "AmazonEC2ContainerRegistryFullAccess", - "UpdateDate": "2017-11-10T17:54:49+00:00", - "VersionId": "v2" + "UpdateDate": "2020-12-05T00:04:19+00:00", + "VersionId": "v3" }, "AmazonEC2ContainerRegistryPowerUser": { "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser", "AttachmentCount": 0, "CreateDate": "2015-12-21T17:05:33+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -15817,6 +30195,10 @@ aws_managed_policies_data = """ "ecr:ListImages", "ecr:DescribeImages", "ecr:BatchGetImage", + "ecr:GetLifecyclePolicy", + "ecr:GetLifecyclePolicyPreview", + "ecr:ListTagsForResource", + "ecr:DescribeImageScanFindings", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", @@ -15834,14 +30216,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJDNE5PIHROIBGGDDW", "PolicyName": "AmazonEC2ContainerRegistryPowerUser", - "UpdateDate": "2016-10-11T22:28:07+00:00", - "VersionId": "v2" + "UpdateDate": "2019-12-10T20:48:08+00:00", + "VersionId": "v3" }, "AmazonEC2ContainerRegistryReadOnly": { "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", "AttachmentCount": 0, "CreateDate": "2015-12-21T17:04:15+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -15853,7 +30235,11 @@ aws_managed_policies_data = """ "ecr:DescribeRepositories", "ecr:ListImages", "ecr:DescribeImages", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetLifecyclePolicy", + "ecr:GetLifecyclePolicyPreview", + "ecr:ListTagsForResource", + "ecr:DescribeImageScanFindings" ], "Effect": "Allow", "Resource": "*" @@ -15867,8 +30253,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIFYZPA37OOHVIH7KQ", "PolicyName": "AmazonEC2ContainerRegistryReadOnly", - "UpdateDate": "2016-10-11T22:08:43+00:00", - "VersionId": "v2" + "UpdateDate": "2019-12-10T20:56:32+00:00", + "VersionId": "v3" }, "AmazonEC2ContainerServiceAutoscaleRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole", @@ -15949,51 +30335,6 @@ aws_managed_policies_data = """ "UpdateDate": "2018-05-22T19:13:11+00:00", "VersionId": "v2" }, - "AmazonEC2ContainerServiceFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-04-24T16:54:35+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:Describe*", - "autoscaling:UpdateAutoScalingGroup", - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStack*", - "cloudformation:UpdateStack", - "cloudwatch:GetMetricStatistics", - "ec2:Describe*", - "elasticloadbalancing:*", - "ecs:*", - "events:DescribeRule", - "events:DeleteRule", - "events:ListRuleNamesByTarget", - "events:ListTargetsByRule", - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets", - "iam:ListInstanceProfiles", - "iam:ListRoles", - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJALOYVTPDZEMIACSM", - "PolicyName": "AmazonEC2ContainerServiceFullAccess", - "UpdateDate": "2017-06-08T00:18:56+00:00", - "VersionId": "v4" - }, "AmazonEC2ContainerServiceRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole", "AttachmentCount": 0, @@ -16028,13 +30369,14 @@ aws_managed_policies_data = """ }, "AmazonEC2ContainerServiceforEC2Role": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2015-03-19T18:45:18+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v6", "Document": { "Statement": [ { "Action": [ + "ec2:DescribeTags", "ecs:CreateCluster", "ecs:DeregisterContainerInstance", "ecs:DiscoverPollEndpoint", @@ -16062,8 +30404,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJLYJCVHC7TQHCSQDS", "PolicyName": "AmazonEC2ContainerServiceforEC2Role", - "UpdateDate": "2017-05-17T23:09:13+00:00", - "VersionId": "v5" + "UpdateDate": "2019-06-13T19:11:37+00:00", + "VersionId": "v6" }, "AmazonEC2FullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess", @@ -16164,17 +30506,158 @@ aws_managed_policies_data = """ "UpdateDate": "2015-02-06T18:40:17+00:00", "VersionId": "v1" }, - "AmazonEC2ReportsAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess", + "AmazonEC2RolePolicyForLaunchWizard": { + "Arn": "arn:aws:iam::aws:policy/AmazonEC2RolePolicyForLaunchWizard", "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:16+00:00", - "DefaultVersionId": "v1", + "CreateDate": "2019-11-13T08:05:53+00:00", + "DefaultVersionId": "v7", "Document": { "Statement": [ { - "Action": "ec2-reports:*", + "Action": [ + "ec2:AttachVolume", + "ec2:RebootInstances", + "ec2:StartInstances", + "ec2:StopInstances" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/LaunchWizardResourceGroupID": "*" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": [ + "ec2:ReplaceRoute" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/LaunchWizardApplicationType": "*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:route-table/*" + }, + { + "Action": [ + "ec2:DescribeAddresses", + "ec2:AssociateAddress", + "ec2:DescribeInstances", + "ec2:DescribeImages", + "ec2:DescribeRegions", + "ec2:DescribeVolumes", + "ec2:DescribeRouteTables", + "ec2:ModifyInstanceAttribute", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricData", + "ssm:GetCommandInvocation" + ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:CreateVolume" + ], + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "LaunchWizardResourceGroupID", + "LaunchWizardApplicationType" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:GetBucketLocation", + "logs:PutLogEvents", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:*", + "arn:aws:s3:::launchwizard*", + "arn:aws:s3:::aws-sap-data-provider/config.properties" + ] + }, + { + "Action": "logs:Create*", + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:*" + }, + { + "Action": [ + "ec2:Describe*", + "cloudformation:DescribeStackResources", + "cloudformation:SignalResource", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStacks" + ], + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": "LaunchWizardResourceGroupID" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "dynamodb:BatchGetItem", + "dynamodb:PutItem", + "sqs:ReceiveMessage", + "sqs:SendMessage", + "dynamodb:Scan", + "s3:ListBucket", + "dynamodb:Query", + "dynamodb:UpdateItem", + "dynamodb:DeleteTable", + "dynamodb:CreateTable", + "s3:GetObject", + "dynamodb:DescribeTable", + "s3:GetBucketLocation", + "dynamodb:UpdateTable" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::launchwizard*", + "arn:aws:dynamodb:*:*:table/LaunchWizard*", + "arn:aws:sqs:*:*:LaunchWizard*" + ] + }, + { + "Action": "ssm:SendCommand", + "Condition": { + "StringLike": { + "ssm:resourceTag/LaunchWizardApplicationType": "*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": [ + "ssm:SendCommand", + "ssm:GetDocument" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/AWSSAP-InstallBackint" + ] } ], "Version": "2012-10-17" @@ -16183,10 +30666,10 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIU6NBZVF2PCRW36ZW", - "PolicyName": "AmazonEC2ReportsAccess", - "UpdateDate": "2015-02-06T18:40:16+00:00", - "VersionId": "v1" + "PolicyId": "ANPAZKAPJZG4CBGI56NFS", + "PolicyName": "AmazonEC2RolePolicyForLaunchWizard", + "UpdateDate": "2020-10-09T22:28:01+00:00", + "VersionId": "v7" }, "AmazonEC2RoleforAWSCodeDeploy": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy", @@ -16216,6 +30699,48 @@ aws_managed_policies_data = """ "UpdateDate": "2017-03-20T17:14:10+00:00", "VersionId": "v2" }, + "AmazonEC2RoleforAWSCodeDeployLimited": { + "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeployLimited", + "AttachmentCount": 0, + "CreateDate": "2020-08-24T17:55:18+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::*/CodeDeploy/*" + }, + { + "Action": [ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:ListBucket" + ], + "Condition": { + "StringEquals": { + "s3:ExistingObjectTag/UseWithCodeDeploy": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NN2A7WC6C", + "PolicyName": "AmazonEC2RoleforAWSCodeDeployLimited", + "UpdateDate": "2020-08-24T17:55:18+00:00", + "VersionId": "v1" + }, "AmazonEC2RoleforDataPipelineRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole", "AttachmentCount": 0, @@ -16416,62 +30941,11 @@ aws_managed_policies_data = """ "UpdateDate": "2019-02-18T19:17:03+00:00", "VersionId": "v3" }, - "AmazonEC2SpotFleetRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole", - "AttachmentCount": 0, - "CreateDate": "2015-05-18T23:28:05+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeSubnets", - "ec2:RequestSpotInstances", - "ec2:TerminateInstances", - "ec2:DescribeInstanceStatus", - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "elasticloadbalancing:RegisterInstancesWithLoadBalancer" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" - ] - }, - { - "Action": [ - "elasticloadbalancing:RegisterTargets" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIMRTKHWK7ESSNETSW", - "PolicyName": "AmazonEC2SpotFleetRole", - "UpdateDate": "2017-11-07T19:14:10+00:00", - "VersionId": "v4" - }, "AmazonEC2SpotFleetTaggingRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole", "AttachmentCount": 0, "CreateDate": "2017-06-29T18:19:29+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -16481,7 +30955,8 @@ aws_managed_policies_data = """ "ec2:RequestSpotInstances", "ec2:TerminateInstances", "ec2:DescribeInstanceStatus", - "ec2:CreateTags" + "ec2:CreateTags", + "ec2:RunInstances" ], "Effect": "Allow", "Resource": [ @@ -16518,7 +30993,7 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": [ - "*" + "arn:aws:elasticloadbalancing:*:*:*/*" ] } ], @@ -16530,14 +31005,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ5U6UMLCEYLX5OLC4", "PolicyName": "AmazonEC2SpotFleetTaggingRole", - "UpdateDate": "2017-11-17T22:51:17+00:00", - "VersionId": "v4" + "UpdateDate": "2020-04-23T19:30:49+00:00", + "VersionId": "v5" }, "AmazonECSServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2017-10-14T01:18:58+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -16570,6 +31045,50 @@ aws_managed_policies_data = """ "Resource": "*", "Sid": "ECSTaskManagement" }, + { + "Action": [ + "autoscaling:Describe*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AutoScaling" + }, + { + "Action": [ + "autoscaling:DeletePolicy", + "autoscaling:PutScalingPolicy", + "autoscaling:SetInstanceProtection", + "autoscaling:UpdateAutoScalingGroup" + ], + "Condition": { + "Null": { + "autoscaling:ResourceTag/AmazonECSManaged": "false" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "AutoScalingManagement" + }, + { + "Action": [ + "autoscaling-plans:CreateScalingPlan", + "autoscaling-plans:DeleteScalingPlan", + "autoscaling-plans:DescribeScalingPlans" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AutoScalingPlanManagement" + }, + { + "Action": [ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudwatch:*:*:alarm:*", + "Sid": "CWAlarmManagement" + }, { "Action": [ "ec2:CreateTags" @@ -16577,6 +31096,45 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "arn:aws:ec2:*:*:network-interface/*", "Sid": "ECSTagging" + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:DescribeLogGroups", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*", + "Sid": "CWLogGroupManagement" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*", + "Sid": "CWLogStreamManagement" + }, + { + "Action": [ + "ssm:DescribeSessions" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ExecuteCommandSessionManagement" + }, + { + "Action": [ + "ssm:StartSession" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ecs:*:*:task/*", + "arn:aws:ssm:*:*:document/AmazonECS-ExecuteInteractiveCommand" + ], + "Sid": "ExecuteCommand" } ], "Version": "2012-10-17" @@ -16587,12 +31145,12 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIVUWKCAI7URU4WUEI", "PolicyName": "AmazonECSServiceRolePolicy", - "UpdateDate": "2018-10-18T23:18:18+00:00", - "VersionId": "v5" + "UpdateDate": "2021-01-13T20:04:13+00:00", + "VersionId": "v8" }, "AmazonECSTaskExecutionRolePolicy": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2017-11-16T18:48:22+00:00", "DefaultVersionId": "v1", "Document": { @@ -16625,7 +31183,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonECS_FullAccess", "AttachmentCount": 0, "CreateDate": "2017-11-07T21:36:54+00:00", - "DefaultVersionId": "v15", + "DefaultVersionId": "v19", "Document": { "Statement": [ { @@ -16637,44 +31195,47 @@ aws_managed_policies_data = """ "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", - "autoscaling:UpdateAutoScalingGroup", + "appmesh:DescribeVirtualGateway", + "appmesh:DescribeVirtualNode", + "appmesh:ListMeshes", + "appmesh:ListVirtualGateways", + "appmesh:ListVirtualNodes", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:Describe*", + "autoscaling:UpdateAutoScalingGroup", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStack*", "cloudformation:UpdateStack", - "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", + "codedeploy:BatchGetApplicationRevisions", + "codedeploy:BatchGetApplications", + "codedeploy:BatchGetDeploymentGroups", + "codedeploy:BatchGetDeployments", + "codedeploy:ContinueDeployment", "codedeploy:CreateApplication", "codedeploy:CreateDeployment", "codedeploy:CreateDeploymentGroup", "codedeploy:GetApplication", + "codedeploy:GetApplicationRevision", "codedeploy:GetDeployment", + "codedeploy:GetDeploymentConfig", "codedeploy:GetDeploymentGroup", + "codedeploy:GetDeploymentTarget", + "codedeploy:ListApplicationRevisions", "codedeploy:ListApplications", + "codedeploy:ListDeploymentConfigs", "codedeploy:ListDeploymentGroups", "codedeploy:ListDeployments", - "codedeploy:StopDeployment", - "codedeploy:GetDeploymentTarget", "codedeploy:ListDeploymentTargets", - "codedeploy:GetDeploymentConfig", - "codedeploy:GetApplicationRevision", "codedeploy:RegisterApplicationRevision", - "codedeploy:BatchGetApplicationRevisions", - "codedeploy:BatchGetDeploymentGroups", - "codedeploy:BatchGetDeployments", - "codedeploy:BatchGetApplications", - "codedeploy:ListApplicationRevisions", - "codedeploy:ListDeploymentConfigs", - "codedeploy:ContinueDeployment", - "sns:ListTopics", - "lambda:ListFunctions", + "codedeploy:StopDeployment", "ec2:AssociateRouteTable", "ec2:AttachInternetGateway", "ec2:AuthorizeSecurityGroupIngress", @@ -16694,8 +31255,11 @@ aws_managed_policies_data = """ "ec2:DisassociateRouteTable", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", - "ec2:RunInstances", "ec2:RequestSpotFleet", + "ec2:RunInstances", + "ecs:*", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateRule", @@ -16708,34 +31272,36 @@ aws_managed_policies_data = """ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTargetGroups", - "ecs:*", - "events:DescribeRule", "events:DeleteRule", + "events:DescribeRule", "events:ListRuleNamesByTarget", "events:ListTargetsByRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", + "fsx:DescribeFileSystems", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRoles", + "lambda:ListFunctions", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:FilterLogEvents", - "route53:GetHostedZone", - "route53:ListHostedZonesByName", "route53:CreateHostedZone", "route53:DeleteHostedZone", "route53:GetHealthCheck", + "route53:GetHostedZone", + "route53:ListHostedZonesByName", "servicediscovery:CreatePrivateDnsNamespace", "servicediscovery:CreateService", + "servicediscovery:DeleteService", "servicediscovery:GetNamespace", "servicediscovery:GetOperation", "servicediscovery:GetService", "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:UpdateService", - "servicediscovery:DeleteService" + "sns:ListTopics" ], "Effect": "Allow", "Resource": [ @@ -16744,9 +31310,9 @@ aws_managed_policies_data = """ }, { "Action": [ - "ssm:GetParametersByPath", + "ssm:GetParameter", "ssm:GetParameters", - "ssm:GetParameter" + "ssm:GetParametersByPath" ], "Effect": "Allow", "Resource": "arn:aws:ssm:*:*:parameter/aws/service/ecs*" @@ -16815,11 +31381,11 @@ aws_managed_policies_data = """ "Condition": { "StringLike": { "iam:AWSServiceName": [ + "autoscaling.amazonaws.com", "ecs.amazonaws.com", - "spot.amazonaws.com", - "spotfleet.amazonaws.com", "ecs.application-autoscaling.amazonaws.com", - "autoscaling.amazonaws.com" + "spot.amazonaws.com", + "spotfleet.amazonaws.com" ] } }, @@ -16835,14 +31401,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ7S7AN6YQPTJC7IFS", "PolicyName": "AmazonECS_FullAccess", - "UpdateDate": "2019-02-04T18:44:48+00:00", - "VersionId": "v15" + "UpdateDate": "2020-10-12T21:02:23+00:00", + "VersionId": "v19" }, "AmazonEKSClusterPolicy": { "Arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "AttachmentCount": 0, "CreateDate": "2018-05-27T21:06:14+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -16866,6 +31432,7 @@ aws_managed_policies_data = """ "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", "ec2:DetachVolume", "ec2:ModifyInstanceAttribute", "ec2:ModifyVolume", @@ -16925,14 +31492,77 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIBTLDQMIC6UOIGFWA", "PolicyName": "AmazonEKSClusterPolicy", - "UpdateDate": "2019-05-22T22:04:46+00:00", - "VersionId": "v3" + "UpdateDate": "2020-02-21T20:10:11+00:00", + "VersionId": "v4" + }, + "AmazonEKSFargatePodExecutionRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-22T04:34:29+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FJRXZH7YQ", + "PolicyName": "AmazonEKSFargatePodExecutionRolePolicy", + "UpdateDate": "2019-11-22T04:34:29+00:00", + "VersionId": "v1" + }, + "AmazonEKSForFargateServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-22T04:36:25+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeDhcpOptions", + "ec2:DescribeRouteTables" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JAUTVFICB", + "PolicyName": "AmazonEKSForFargateServiceRolePolicy", + "UpdateDate": "2019-11-22T04:36:25+00:00", + "VersionId": "v1" }, "AmazonEKSServicePolicy": { "Arn": "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", "AttachmentCount": 0, "CreateDate": "2018-05-27T21:08:21+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -16942,11 +31572,13 @@ aws_managed_policies_data = """ "ec2:DeleteNetworkInterface", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", + "ec2:DetachNetworkInterface", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", - "iam:ListAttachedRolePolicies" + "iam:ListAttachedRolePolicies", + "eks:UpdateClusterVersion" ], "Effect": "Allow", "Resource": "*" @@ -16984,6 +31616,16 @@ aws_managed_policies_data = """ "Action": "logs:PutLogEvents", "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "eks.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -16994,8 +31636,160 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJFCNXU6HPGCIVXYDI", "PolicyName": "AmazonEKSServicePolicy", - "UpdateDate": "2019-02-26T21:01:48+00:00", - "VersionId": "v3" + "UpdateDate": "2020-05-27T19:27:03+00:00", + "VersionId": "v6" + }, + "AmazonEKSServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-02-21T20:10:47+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:CreateNetworkInterfacePermission", + "iam:ListAttachedRolePolicies", + "ec2:CreateSecurityGroup" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupIngress" + ], + "Condition": { + "ForAnyValue:StringLike": { + "ec2:ResourceTag/Name": "eks-cluster-sg*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:security-group/*" + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition": { + "ForAnyValue:StringLike": { + "aws:TagKeys": [ + "kubernetes.io/cluster/*" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Action": [ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition": { + "ForAnyValue:StringLike": { + "aws:RequestTag/Name": "eks-cluster-sg*", + "aws:TagKeys": [ + "kubernetes.io/cluster/*" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action": "route53:AssociateVPCWithHostedZone", + "Effect": "Allow", + "Resource": "arn:aws:route53:::hostedzone/*" + }, + { + "Action": "logs:CreateLogGroup", + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*" + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KZBLSP26Y", + "PolicyName": "AmazonEKSServiceRolePolicy", + "UpdateDate": "2020-05-27T19:30:19+00:00", + "VersionId": "v2" + }, + "AmazonEKSVPCResourceController": { + "Arn": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController", + "AttachmentCount": 0, + "CreateDate": "2020-08-12T00:55:34+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "ec2:CreateNetworkInterfacePermission", + "Condition": { + "ForAnyValue:StringEquals": { + "ec2:ResourceTag/eks:eni:owner": "eks-vpc-resource-controller" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface", + "ec2:AttachNetworkInterface", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssignPrivateIpAddresses" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PBOFT2NNA", + "PolicyName": "AmazonEKSVPCResourceController", + "UpdateDate": "2020-08-12T00:55:34+00:00", + "VersionId": "v1" }, "AmazonEKSWorkerNodePolicy": { "Arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", @@ -17034,7 +31828,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", "AttachmentCount": 0, "CreateDate": "2018-05-27T21:07:42+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -17044,9 +31838,12 @@ aws_managed_policies_data = """ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeInstances", + "ec2:DescribeTags", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeInstanceTypes", "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute" + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:UnassignPrivateIpAddresses" ], "Effect": "Allow", "Resource": "*" @@ -17069,20 +31866,22 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJWLAS474LDBXNNTM4", "PolicyName": "AmazonEKS_CNI_Policy", - "UpdateDate": "2018-05-31T22:16:00+00:00", - "VersionId": "v2" + "UpdateDate": "2020-04-20T20:52:01+00:00", + "VersionId": "v4" }, "AmazonEMRCleanupPolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRCleanupPolicy", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2017-09-26T23:54:19+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ "ec2:DescribeInstances", + "ec2:DescribeLaunchTemplates", "ec2:DescribeSpotInstanceRequests", + "ec2:DeleteLaunchTemplate", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances", "ec2:CancelSpotInstanceRequests", @@ -17091,7 +31890,9 @@ aws_managed_policies_data = """ "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:DetachVolume", - "ec2:DeleteVolume" + "ec2:DeleteVolume", + "ec2:DescribePlacementGroups", + "ec2:DeletePlacementGroup" ], "Effect": "Allow", "Resource": "*" @@ -17105,7 +31906,38 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI4YEZURRMKACW56EA", "PolicyName": "AmazonEMRCleanupPolicy", - "UpdateDate": "2017-09-26T23:54:19+00:00", + "UpdateDate": "2020-09-29T21:11:54+00:00", + "VersionId": "v3" + }, + "AmazonEMRContainersServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRContainersServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-09T00:38:19+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "eks:DescribeCluster", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4P24YZ52G4", + "PolicyName": "AmazonEMRContainersServiceRolePolicy", + "UpdateDate": "2020-12-09T00:38:19+00:00", "VersionId": "v1" }, "AmazonESCognitoAccess": { @@ -17268,15 +32100,202 @@ aws_managed_policies_data = """ "UpdateDate": "2015-02-06T18:40:21+00:00", "VersionId": "v1" }, - "AmazonElasticFileSystemFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess", + "AmazonElasticContainerRegistryPublicFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess", "AttachmentCount": 0, - "CreateDate": "2015-05-27T16:22:28+00:00", - "DefaultVersionId": "v3", + "CreateDate": "2020-12-01T17:25:52+00:00", + "DefaultVersionId": "v1", "Document": { "Statement": [ { "Action": [ + "ecr-public:*", + "sts:GetServiceBearerToken" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4F2SFMTI3G", + "PolicyName": "AmazonElasticContainerRegistryPublicFullAccess", + "UpdateDate": "2020-12-01T17:25:52+00:00", + "VersionId": "v1" + }, + "AmazonElasticContainerRegistryPublicPowerUser": { + "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicPowerUser", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T16:16:54+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ecr-public:GetAuthorizationToken", + "sts:GetServiceBearerToken", + "ecr-public:BatchCheckLayerAvailability", + "ecr-public:GetRepositoryPolicy", + "ecr-public:DescribeRepositories", + "ecr-public:DescribeRegistries", + "ecr-public:DescribeImages", + "ecr-public:DescribeImageTags", + "ecr-public:GetRepositoryCatalogData", + "ecr-public:GetRegistryCatalogData", + "ecr-public:InitiateLayerUpload", + "ecr-public:UploadLayerPart", + "ecr-public:CompleteLayerUpload", + "ecr-public:PutImage" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4P6F7N3OP7", + "PolicyName": "AmazonElasticContainerRegistryPublicPowerUser", + "UpdateDate": "2020-12-01T16:16:54+00:00", + "VersionId": "v1" + }, + "AmazonElasticContainerRegistryPublicReadOnly": { + "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T17:27:04+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ecr-public:GetAuthorizationToken", + "sts:GetServiceBearerToken", + "ecr-public:BatchCheckLayerAvailability", + "ecr-public:GetRepositoryPolicy", + "ecr-public:DescribeRepositories", + "ecr-public:DescribeRegistries", + "ecr-public:DescribeImages", + "ecr-public:DescribeImageTags", + "ecr-public:GetRepositoryCatalogData", + "ecr-public:GetRegistryCatalogData" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AD7UYLF25", + "PolicyName": "AmazonElasticContainerRegistryPublicReadOnly", + "UpdateDate": "2020-12-01T17:27:04+00:00", + "VersionId": "v1" + }, + "AmazonElasticFileSystemClientFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-01-13T16:27:00+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientMount", + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite", + "elasticfilesystem:DescribeMountTargets" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KAMR2MLDF", + "PolicyName": "AmazonElasticFileSystemClientFullAccess", + "UpdateDate": "2020-01-13T16:27:00+00:00", + "VersionId": "v1" + }, + "AmazonElasticFileSystemClientReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-01-13T16:24:36+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientMount", + "elasticfilesystem:DescribeMountTargets" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LBXR6UPYS", + "PolicyName": "AmazonElasticFileSystemClientReadOnlyAccess", + "UpdateDate": "2020-01-13T16:24:36+00:00", + "VersionId": "v1" + }, + "AmazonElasticFileSystemClientReadWriteAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess", + "AttachmentCount": 0, + "CreateDate": "2020-01-13T16:21:55+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "elasticfilesystem:ClientMount", + "elasticfilesystem:ClientWrite", + "elasticfilesystem:DescribeMountTargets" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4H74P6RBOF", + "PolicyName": "AmazonElasticFileSystemClientReadWriteAccess", + "UpdateDate": "2020-01-13T16:21:55+00:00", + "VersionId": "v1" + }, + "AmazonElasticFileSystemFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess", + "AttachmentCount": 0, + "CreateDate": "2015-05-27T16:22:28+00:00", + "DefaultVersionId": "v6", + "Document": { + "Statement": [ + { + "Action": [ + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:GetMetricData", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeAvailabilityZones", @@ -17287,12 +32306,50 @@ aws_managed_policies_data = """ "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", - "elasticfilesystem:*", + "elasticfilesystem:CreateFileSystem", + "elasticfilesystem:CreateMountTarget", + "elasticfilesystem:CreateTags", + "elasticfilesystem:CreateAccessPoint", + "elasticfilesystem:DeleteFileSystem", + "elasticfilesystem:DeleteMountTarget", + "elasticfilesystem:DeleteTags", + "elasticfilesystem:DeleteAccessPoint", + "elasticfilesystem:DeleteFileSystemPolicy", + "elasticfilesystem:DescribeBackupPolicy", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeFileSystemPolicy", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticfilesystem:DescribeTags", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:ModifyMountTargetSecurityGroups", + "elasticfilesystem:PutBackupPolicy", + "elasticfilesystem:PutLifecycleConfiguration", + "elasticfilesystem:PutFileSystemPolicy", + "elasticfilesystem:UpdateFileSystem", + "elasticfilesystem:TagResource", + "elasticfilesystem:UntagResource", + "elasticfilesystem:ListTagsForResource", + "elasticfilesystem:Backup", + "elasticfilesystem:Restore", "kms:DescribeKey", "kms:ListAliases" ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": [ + "elasticfilesystem.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -17303,18 +32360,20 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJKXTMNVQGIDNCKPBC", "PolicyName": "AmazonElasticFileSystemFullAccess", - "UpdateDate": "2017-08-14T10:18:34+00:00", - "VersionId": "v3" + "UpdateDate": "2020-07-16T16:46:23+00:00", + "VersionId": "v6" }, "AmazonElasticFileSystemReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-05-27T16:25:25+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v5", "Document": { "Statement": [ { "Action": [ + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:GetMetricData", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", @@ -17322,7 +32381,15 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", - "elasticfilesystem:Describe*", + "elasticfilesystem:DescribeBackupPolicy", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeFileSystemPolicy", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticfilesystem:DescribeTags", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:ListTagsForResource", "kms:ListAliases" ], "Effect": "Allow", @@ -17337,9 +32404,185 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIPN5S4NE5JJOKVC4Y", "PolicyName": "AmazonElasticFileSystemReadOnlyAccess", - "UpdateDate": "2017-08-14T10:09:49+00:00", + "UpdateDate": "2020-07-16T16:46:50+00:00", + "VersionId": "v5" + }, + "AmazonElasticFileSystemServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-05T16:52:41+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "backup-storage:MountCapsule", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "tag:GetResources" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": "arn:aws:kms:*:*:key/*" + }, + { + "Action": [ + "backup:CreateBackupVault", + "backup:PutBackupVaultAccessPolicy" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:backup:*:*:backup-vault:aws/efs/automatic-backup-vault" + ] + }, + { + "Action": [ + "backup:CreateBackupPlan", + "backup:CreateBackupSelection" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:backup:*:*:backup-plan:*" + ] + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": [ + "backup.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringLike": { + "iam:PassedToService": "backup.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FXCJYWBN7", + "PolicyName": "AmazonElasticFileSystemServiceRolePolicy", + "UpdateDate": "2020-07-16T19:27:41+00:00", "VersionId": "v3" }, + "AmazonElasticFileSystemsUtils": { + "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils", + "AttachmentCount": 0, + "CreateDate": "2020-09-29T15:16:47+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticfilesystem:DescribeMountTargets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeAvailabilityZones" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KVOAQRKXW", + "PolicyName": "AmazonElasticFileSystemsUtils", + "UpdateDate": "2020-09-29T15:16:47+00:00", + "VersionId": "v1" + }, "AmazonElasticMapReduceEditorsRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceEditorsRole", "AttachmentCount": 0, @@ -17398,7 +32641,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:22+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v7", "Document": { "Statement": [ { @@ -17442,10 +32685,7 @@ aws_managed_policies_data = """ "iam:PassRole", "kms:List*", "s3:*", - "sdb:*", - "support:CreateCase", - "support:DescribeServices", - "support:DescribeSeverityLevels" + "sdb:*" ], "Effect": "Allow", "Resource": "*" @@ -17472,20 +32712,55 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIZP5JFP3AMSGINBB2", "PolicyName": "AmazonElasticMapReduceFullAccess", - "UpdateDate": "2018-01-23T19:40:00+00:00", - "VersionId": "v6" + "UpdateDate": "2019-10-11T15:19:30+00:00", + "VersionId": "v7" + }, + "AmazonElasticMapReducePlacementGroupPolicy": { + "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReducePlacementGroupPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-09-29T00:37:08+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DeletePlacementGroup", + "ec2:DescribePlacementGroups" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CreatePlacementGroup" + ], + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:placement-group/EMR_*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LC2KU77YD", + "PolicyName": "AmazonElasticMapReducePlacementGroupPolicy", + "UpdateDate": "2020-09-29T00:37:08+00:00", + "VersionId": "v1" }, "AmazonElasticMapReduceReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:23+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ "elasticmapreduce:Describe*", "elasticmapreduce:List*", + "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:ViewEventsFromAllClustersInConsole", "s3:GetObject", "s3:ListAllMyBuckets", @@ -17505,14 +32780,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIHP6NH2S6GYFCOINC", "PolicyName": "AmazonElasticMapReduceReadOnlyAccess", - "UpdateDate": "2017-05-22T23:00:19+00:00", - "VersionId": "v2" + "UpdateDate": "2020-07-29T23:14:09+00:00", + "VersionId": "v3" }, "AmazonElasticMapReduceRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2015-02-06T18:41:20+00:00", - "DefaultVersionId": "v9", + "DefaultVersionId": "v10", "Document": { "Statement": [ { @@ -17520,9 +32795,12 @@ aws_managed_policies_data = """ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelSpotInstanceRequests", + "ec2:CreateFleet", + "ec2:CreateLaunchTemplate", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateTags", + "ec2:DeleteLaunchTemplate", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DeleteTags", @@ -17533,6 +32811,7 @@ aws_managed_policies_data = """ "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", + "ec2:DescribeLaunchTemplates", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", @@ -17603,12 +32882,12 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIDI2BQT2LKXZG36TW", "PolicyName": "AmazonElasticMapReduceRole", - "UpdateDate": "2017-12-12T00:47:45+00:00", - "VersionId": "v9" + "UpdateDate": "2020-06-24T22:24:20+00:00", + "VersionId": "v10" }, "AmazonElasticMapReduceforAutoScalingRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2016-11-18T01:09:10+00:00", "DefaultVersionId": "v1", "Document": { @@ -17636,7 +32915,7 @@ aws_managed_policies_data = """ }, "AmazonElasticMapReduceforEC2Role": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2015-02-06T18:41:21+00:00", "DefaultVersionId": "v3", "Document": { @@ -17709,14 +32988,15 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:41:26+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "s3:ListBucket", - "s3:Put*", "s3:Get*", + "s3:PutObject", + "s3:PutObjectAcl", "s3:*MultipartUpload*" ], "Effect": "Allow", @@ -17734,20 +33014,6 @@ aws_managed_policies_data = """ "*" ], "Sid": "2" - }, - { - "Action": [ - "s3:*Policy*", - "sns:*Permission*", - "sns:*Delete*", - "s3:*Delete*", - "sns:*Remove*" - ], - "Effect": "Deny", - "Resource": [ - "*" - ], - "Sid": "3" } ], "Version": "2012-10-17" @@ -17758,14 +33024,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJNW3WMKVXFJ2KPIQ2", "PolicyName": "AmazonElasticTranscoderRole", - "UpdateDate": "2015-02-06T18:41:26+00:00", - "VersionId": "v1" + "UpdateDate": "2019-06-13T22:48:22+00:00", + "VersionId": "v2" }, "AmazonElasticTranscoder_FullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_FullAccess", "AttachmentCount": 0, "CreateDate": "2018-04-27T18:59:35+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -17773,7 +33039,6 @@ aws_managed_policies_data = """ "elastictranscoder:*", "s3:ListAllMyBuckets", "s3:ListBucket", - "s3:ListObjects", "iam:ListRoles", "sns:ListTopics" ], @@ -17803,14 +33068,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAICFT6XVF3RSR4E7JG", "PolicyName": "AmazonElasticTranscoder_FullAccess", - "UpdateDate": "2018-04-27T18:59:35+00:00", - "VersionId": "v1" + "UpdateDate": "2019-06-10T22:51:51+00:00", + "VersionId": "v2" }, "AmazonElasticTranscoder_JobsSubmitter": { "Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_JobsSubmitter", "AttachmentCount": 0, "CreateDate": "2018-06-07T21:12:16+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -17821,7 +33086,6 @@ aws_managed_policies_data = """ "elastictranscoder:*Preset", "s3:ListAllMyBuckets", "s3:ListBucket", - "s3:ListObjects", "iam:ListRoles", "sns:ListTopics" ], @@ -17837,14 +33101,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ7AUMMRQOVZRI734S", "PolicyName": "AmazonElasticTranscoder_JobsSubmitter", - "UpdateDate": "2018-06-07T21:12:16+00:00", - "VersionId": "v1" + "UpdateDate": "2019-06-10T22:49:34+00:00", + "VersionId": "v2" }, "AmazonElasticTranscoder_ReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_ReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2018-06-07T21:09:56+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -17853,7 +33117,6 @@ aws_managed_policies_data = """ "elastictranscoder:List*", "s3:ListAllMyBuckets", "s3:ListBucket", - "s3:ListObjects", "iam:ListRoles", "sns:ListTopics" ], @@ -17869,14 +33132,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI3R3CR6KVEWD4DPFY", "PolicyName": "AmazonElasticTranscoder_ReadOnlyAccess", - "UpdateDate": "2018-06-07T21:09:56+00:00", - "VersionId": "v1" + "UpdateDate": "2019-06-10T22:48:32+00:00", + "VersionId": "v2" }, "AmazonElasticsearchServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-07-07T00:15:31+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -17887,7 +33150,9 @@ aws_managed_policies_data = """ "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", - "ec2:DescribeVpcs" + "ec2:DescribeVpcs", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates" ], "Effect": "Allow", "Resource": "*", @@ -17902,18 +33167,310 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJFEWZPHXKLCVHEUIC", "PolicyName": "AmazonElasticsearchServiceRolePolicy", - "UpdateDate": "2018-02-08T21:38:27+00:00", + "UpdateDate": "2020-08-31T10:30:23+00:00", + "VersionId": "v3" + }, + "AmazonEventBridgeApiDestinationsServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2021-02-11T20:52:05+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue" + ], + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:*:*:secret:events!connection/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GHQV22EVJ", + "PolicyName": "AmazonEventBridgeApiDestinationsServiceRolePolicy", + "UpdateDate": "2021-02-11T20:52:05+00:00", + "VersionId": "v1" + }, + "AmazonEventBridgeFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-07-11T14:08:55+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "events:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringLike": { + "iam:PassedToService": "events.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BUM4GCASI", + "PolicyName": "AmazonEventBridgeFullAccess", + "UpdateDate": "2019-07-11T14:08:55+00:00", + "VersionId": "v1" + }, + "AmazonEventBridgeReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-07-11T13:59:07+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "events:DescribeRule", + "events:DescribeEventBus", + "events:DescribeEventSource", + "events:ListEventBuses", + "events:ListEventSources", + "events:ListRuleNamesByTarget", + "events:ListRules", + "events:ListTargetsByRule", + "events:TestEventPattern", + "events:DescribeArchive", + "events:ListArchives", + "events:DescribeReplay", + "events:ListReplays" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BDMP3LZME", + "PolicyName": "AmazonEventBridgeReadOnlyAccess", + "UpdateDate": "2020-11-06T03:15:41+00:00", + "VersionId": "v2" + }, + "AmazonEventBridgeSchemasFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-11-28T23:12:53+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "schemas:*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AmazonEventBridgeSchemasFullAccess" + }, + { + "Action": [ + "events:PutRule", + "events:PutTargets", + "events:EnableRule", + "events:DisableRule", + "events:DeleteRule", + "events:RemoveTargets", + "events:ListTargetsByRule" + ], + "Effect": "Allow", + "Resource": "arn:aws:events:*:*:rule/*Schemas*", + "Sid": "AmazonEventBridgeManageRule" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas", + "Sid": "IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JF3KP3V5J", + "PolicyName": "AmazonEventBridgeSchemasFullAccess", + "UpdateDate": "2019-11-28T23:12:53+00:00", + "VersionId": "v1" + }, + "AmazonEventBridgeSchemasReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-11-28T23:05:57+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "schemas:ListDiscoverers", + "schemas:DescribeDiscoverer", + "schemas:ListRegistries", + "schemas:DescribeRegistry", + "schemas:SearchSchemas", + "schemas:ListSchemas", + "schemas:ListSchemaVersions", + "schemas:DescribeSchema", + "schemas:GetDiscoveredSchema", + "schemas:DescribeCodeBinding", + "schemas:GetCodeBindingSource", + "schemas:ListTagsForResource", + "schemas:GetResourcePolicy" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AmazonEventBridgeSchemasReadOnlyAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JK7CLVFIU", + "PolicyName": "AmazonEventBridgeSchemasReadOnlyAccess", + "UpdateDate": "2020-05-01T00:50:53+00:00", + "VersionId": "v2" + }, + "AmazonEventBridgeSchemasServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeSchemasServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-27T01:10:40+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "events:PutRule", + "events:PutTargets", + "events:EnableRule", + "events:DisableRule", + "events:DeleteRule", + "events:RemoveTargets", + "events:ListTargetsByRule" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:events:*:*:rule/*Schemas-*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GZI6BHNDI", + "PolicyName": "AmazonEventBridgeSchemasServiceRolePolicy", + "UpdateDate": "2019-11-27T01:10:40+00:00", + "VersionId": "v1" + }, + "AmazonFISServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFISServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-21T21:18:19+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "events:PutRule", + "events:DeleteRule", + "events:DescribeRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Condition": { + "StringEquals": { + "events:ManagedBy": "fis.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "EventBridge" + }, + { + "Action": [ + "tag:GetResources" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "Tagging" + }, + { + "Action": [ + "cloudwatch:DescribeAlarms" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudWatch" + }, + { + "Action": [ + "ec2:DescribeInstances", + "iam:GetUser", + "iam:GetRole", + "iam:ListUsers", + "iam:ListRoles", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances", + "ecs:DescribeClusters", + "eks:DescribeNodegroup" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "DescribeUserResources" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JLZR2TQJD", + "PolicyName": "AmazonFISServiceRolePolicy", + "UpdateDate": "2021-01-18T15:40:47+00:00", "VersionId": "v2" }, "AmazonFSxConsoleFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleFullAccess", "AttachmentCount": 0, "CreateDate": "2018-11-28T16:36:05+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ + "cloudwatch:DescribeAlarms", "ds:DescribeDirectories", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeSecurityGroups", @@ -17921,7 +33478,7 @@ aws_managed_policies_data = """ "ec2:DescribeVpcs", "fsx:*", "kms:ListAliases", - "s3:HeadBucket" + "s3:ListBucket" ], "Effect": "Allow", "Resource": "*" @@ -17959,18 +33516,19 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAITDDJ23Y5UZ2WCZRQ", "PolicyName": "AmazonFSxConsoleFullAccess", - "UpdateDate": "2018-11-28T16:36:05+00:00", - "VersionId": "v1" + "UpdateDate": "2020-01-21T16:42:58+00:00", + "VersionId": "v3" }, "AmazonFSxConsoleReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2018-11-28T16:35:24+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ + "cloudwatch:DescribeAlarms", "ds:DescribeDirectories", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeSecurityGroups", @@ -17992,8 +33550,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJQUISIZNHGLA6YQFM", "PolicyName": "AmazonFSxConsoleReadOnlyAccess", - "UpdateDate": "2018-11-28T16:35:24+00:00", - "VersionId": "v1" + "UpdateDate": "2019-09-10T13:17:59+00:00", + "VersionId": "v2" }, "AmazonFSxFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonFSxFullAccess", @@ -18077,21 +33635,24 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFSxServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-11-28T10:38:37+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ "cloudwatch:PutMetricData", "ds:AuthorizeApplication", + "ds:GetAuthorizedApplicationDetails", "ds:UnauthorizeApplication", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", + "ec2:DescribeAddresses", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", + "ec2:DisassociateAddress", "route53:AssociateVPCWithHostedZone" ], "Effect": "Allow", @@ -18106,8 +33667,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIVQ24YKVRBV5IYQ5G", "PolicyName": "AmazonFSxServiceRolePolicy", - "UpdateDate": "2018-11-28T10:38:37+00:00", - "VersionId": "v1" + "UpdateDate": "2020-11-12T20:19:45+00:00", + "VersionId": "v3" }, "AmazonForecastFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonForecastFullAccess", @@ -18147,6 +33708,67 @@ aws_managed_policies_data = """ "UpdateDate": "2019-01-18T01:52:29+00:00", "VersionId": "v1" }, + "AmazonFraudDetectorFullAccessPolicy": { + "Arn": "arn:aws:iam::aws:policy/AmazonFraudDetectorFullAccessPolicy", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T22:46:26+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "frauddetector:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sagemaker:ListEndpoints", + "sagemaker:DescribeEndpoint" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:ListRoles" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": "frauddetector.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AAPDEABT6", + "PolicyName": "AmazonFraudDetectorFullAccessPolicy", + "UpdateDate": "2019-12-03T22:46:26+00:00", + "VersionId": "v1" + }, "AmazonFreeRTOSFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonFreeRTOSFullAccess", "AttachmentCount": 0, @@ -18177,7 +33799,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/AmazonFreeRTOSOTAUpdate", "AttachmentCount": 0, "CreateDate": "2018-08-27T22:43:07+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -18201,6 +33823,7 @@ aws_managed_policies_data = """ }, { "Action": [ + "s3:ListBucketVersions", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketLocation" @@ -18210,7 +33833,8 @@ aws_managed_policies_data = """ }, { "Action": [ - "iot:DeleteJob" + "iot:DeleteJob", + "iot:DescribeJob" ], "Effect": "Allow", "Resource": "arn:aws:iot:*:*:job/AFR_OTA*" @@ -18239,8 +33863,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAINC2TXHAYDOK3SWMU", "PolicyName": "AmazonFreeRTOSOTAUpdate", - "UpdateDate": "2018-08-27T22:43:07+00:00", - "VersionId": "v1" + "UpdateDate": "2020-12-18T17:47:30+00:00", + "VersionId": "v3" }, "AmazonGlacierFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonGlacierFullAccess", @@ -18307,7 +33931,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess", "AttachmentCount": 0, "CreateDate": "2017-11-28T22:31:30+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -18324,6 +33948,19 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "organizations:EnableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator", + "organizations:ListDelegatedAdministrators", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount", + "organizations:DescribeOrganization" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -18334,23 +33971,35 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIKUTKSN4KC63VDQUM", "PolicyName": "AmazonGuardDutyFullAccess", - "UpdateDate": "2017-11-28T22:31:30+00:00", - "VersionId": "v1" + "UpdateDate": "2021-02-16T23:39:53+00:00", + "VersionId": "v2" }, "AmazonGuardDutyReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2017-11-28T22:29:40+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ + "guardduty:Describe*", "guardduty:Get*", "guardduty:List*" ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "organizations:ListDelegatedAdministrators", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount", + "organizations:DescribeOrganization" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -18361,20 +34010,30 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIVMCEDV336RWUSNHG", "PolicyName": "AmazonGuardDutyReadOnlyAccess", - "UpdateDate": "2018-04-25T21:07:17+00:00", - "VersionId": "v2" + "UpdateDate": "2021-02-16T23:37:57+00:00", + "VersionId": "v3" }, "AmazonGuardDutyServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-11-28T20:12:59+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ "ec2:DescribeInstances", - "ec2:DescribeImages" + "ec2:DescribeImages", + "organizations:ListAccounts", + "organizations:DescribeAccount", + "s3:GetBucketPublicAccessBlock", + "s3:GetEncryptionConfiguration", + "s3:GetBucketTagging", + "s3:GetAccountPublicAccessBlock", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "s3:GetBucketPolicyStatus" ], "Effect": "Allow", "Resource": "*" @@ -18388,9 +34047,285 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIHZREZOWNSSA6FWQO", "PolicyName": "AmazonGuardDutyServiceRolePolicy", - "UpdateDate": "2017-11-28T20:12:59+00:00", + "UpdateDate": "2020-05-14T20:25:50+00:00", + "VersionId": "v3" + }, + "AmazonHealthLakeFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeFullAccess", + "AttachmentCount": 0, + "CreateDate": "2021-02-17T01:07:05+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "healthlake:*", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation", + "iam:ListRoles" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "healthlake.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OMJS7NARX", + "PolicyName": "AmazonHealthLakeFullAccess", + "UpdateDate": "2021-02-17T01:07:05+00:00", "VersionId": "v1" }, + "AmazonHealthLakeReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2021-02-17T02:43:31+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "healthlake:ListFHIRDatastores", + "healthlake:DescribeFHIRDatastore", + "healthlake:DescribeFHIRImportJob", + "healthlake:DescribeFHIRExportJob", + "healthlake:GetCapabilities", + "healthlake:ReadResource", + "healthlake:SearchWithGet", + "healthlake:SearchWithPost" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MIFB6JFLV", + "PolicyName": "AmazonHealthLakeReadOnlyAccess", + "UpdateDate": "2021-02-17T02:43:31+00:00", + "VersionId": "v1" + }, + "AmazonHoneycodeFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-24T20:28:11+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "honeycode:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ECUH6WAX6", + "PolicyName": "AmazonHoneycodeFullAccess", + "UpdateDate": "2020-06-24T20:28:11+00:00", + "VersionId": "v1" + }, + "AmazonHoneycodeReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-24T20:28:16+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "honeycode:List*", + "honeycode:Get*", + "honeycode:Describe*", + "honeycode:Query*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CRFGMHZ3B", + "PolicyName": "AmazonHoneycodeReadOnlyAccess", + "UpdateDate": "2020-12-01T17:27:53+00:00", + "VersionId": "v2" + }, + "AmazonHoneycodeServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonHoneycodeServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-11-18T18:03:08+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sso:GetManagedApplicationInstance" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4COQCKOKUQ", + "PolicyName": "AmazonHoneycodeServiceRolePolicy", + "UpdateDate": "2020-11-18T18:03:08+00:00", + "VersionId": "v1" + }, + "AmazonHoneycodeTeamAssociationFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-24T20:28:27+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "honeycode:ListTeamAssociations", + "honeycode:ApproveTeamAssociation", + "honeycode:RejectTeamAssociation" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JH4KLR35J", + "PolicyName": "AmazonHoneycodeTeamAssociationFullAccess", + "UpdateDate": "2020-06-24T20:28:27+00:00", + "VersionId": "v1" + }, + "AmazonHoneycodeTeamAssociationReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-24T20:27:46+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "honeycode:ListTeamAssociations" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KRI4FOLPG", + "PolicyName": "AmazonHoneycodeTeamAssociationReadOnlyAccess", + "UpdateDate": "2020-06-24T20:27:46+00:00", + "VersionId": "v1" + }, + "AmazonHoneycodeWorkbookFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-24T20:28:46+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "honeycode:GetScreenData", + "honeycode:InvokeScreenAutomation", + "honeycode:BatchCreateTableRows", + "honeycode:BatchDeleteTableRows", + "honeycode:BatchUpdateTableRows", + "honeycode:BatchUpsertTableRows", + "honeycode:DescribeTableDataImportJob", + "honeycode:ListTableColumns", + "honeycode:ListTableRows", + "honeycode:ListTables", + "honeycode:QueryTableRows", + "honeycode:StartTableDataImportJob" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OQLA2WKSW", + "PolicyName": "AmazonHoneycodeWorkbookFullAccess", + "UpdateDate": "2020-12-01T17:30:06+00:00", + "VersionId": "v2" + }, + "AmazonHoneycodeWorkbookReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-24T20:28:07+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "honeycode:GetScreenData", + "honeycode:DescribeTableDataImportJob", + "honeycode:ListTableColumns", + "honeycode:ListTableRows", + "honeycode:ListTables", + "honeycode:QueryTableRows" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GUHKYOSNH", + "PolicyName": "AmazonHoneycodeWorkbookReadOnlyAccess", + "UpdateDate": "2020-12-01T17:32:49+00:00", + "VersionId": "v2" + }, "AmazonInspectorFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonInspectorFullAccess", "AttachmentCount": 0, @@ -18450,7 +34385,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-10-07T17:08:01+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -18458,7 +34393,6 @@ aws_managed_policies_data = """ "inspector:Describe*", "inspector:Get*", "inspector:List*", - "inspector:LocalizeText", "inspector:Preview*", "ec2:DescribeInstances", "ec2:DescribeTags", @@ -18478,14 +34412,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJXQNTHTEJ2JFRN2SE", "PolicyName": "AmazonInspectorReadOnlyAccess", - "UpdateDate": "2017-09-12T16:53:06+00:00", - "VersionId": "v3" + "UpdateDate": "2019-10-01T15:17:54+00:00", + "VersionId": "v4" }, "AmazonInspectorServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspectorServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-11-21T15:48:27+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -18515,6 +34449,16 @@ aws_managed_policies_data = """ "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", + "ec2:DescribeManagedPrefixLists", + "ec2:GetManagedPrefixListEntries", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeTransitGateways", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:SearchTransitGatewayRoutes", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:GetTransitGatewayRouteTablePropagations", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", @@ -18535,8 +34479,223 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJKBMSBWLU2TGXHHUQ", "PolicyName": "AmazonInspectorServiceRolePolicy", - "UpdateDate": "2018-05-10T18:36:01+00:00", - "VersionId": "v4" + "UpdateDate": "2020-09-11T17:12:02+00:00", + "VersionId": "v5" + }, + "AmazonKendraFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonKendraFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T16:15:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "kendra.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:ListRoles" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:ListKeys", + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "secretsmanager:ListSecrets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cloudwatch:GetMetricData" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:DescribeSecret" + ], + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:*:*:secret:AmazonKendra-*" + }, + { + "Action": "kendra:*", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BK2ALV3AM", + "PolicyName": "AmazonKendraFullAccess", + "UpdateDate": "2019-12-03T16:15:37+00:00", + "VersionId": "v1" + }, + "AmazonKendraReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonKendraReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T16:13:45+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "kendra:Describe*", + "kendra:List*", + "kendra:Query" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4POKTT2LDN", + "PolicyName": "AmazonKendraReadOnlyAccess", + "UpdateDate": "2019-12-03T16:13:45+00:00", + "VersionId": "v1" + }, + "AmazonKeyspacesFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-04-23T17:06:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cassandra:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeleteScheduledAction", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "application-autoscaling:PutScheduledAction", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HMS72N6JG", + "PolicyName": "AmazonKeyspacesFullAccess", + "UpdateDate": "2020-04-23T17:06:37+00:00", + "VersionId": "v1" + }, + "AmazonKeyspacesReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-04-23T17:07:14+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cassandra:Select" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "cloudwatch:DescribeAlarms" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LHLFMFIPN", + "PolicyName": "AmazonKeyspacesReadOnlyAccess", + "UpdateDate": "2020-04-23T17:07:14+00:00", + "VersionId": "v1" }, "AmazonKinesisAnalyticsFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess", @@ -18830,11 +34989,628 @@ aws_managed_policies_data = """ "UpdateDate": "2017-12-01T23:14:32+00:00", "VersionId": "v1" }, + "AmazonLambdaRolePolicyForLaunchWizardSAP": { + "Arn": "arn:aws:iam::aws:policy/AmazonLambdaRolePolicyForLaunchWizardSAP", + "AttachmentCount": 0, + "CreateDate": "2020-03-30T20:25:12+00:00", + "DefaultVersionId": "v5", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:CreateRoute", + "ec2:DeleteRoute" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/LaunchWizardApplicationType": "*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:route-table/*" + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Condition": { + "ForAllValues:StringLike": { + "aws:TagKeys": "LaunchWizard*" + }, + "StringLike": { + "ec2:ResourceTag/LaunchWizardApplicationType": "*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ssm:GetParameter" + ], + "Effect": "Allow", + "Resource": "arn:aws:ssm:*:*:parameter/LaunchWizard*" + }, + { + "Action": [ + "ssm:GetDocument", + "ssm:sendCommand" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*:*:document/AWS-RunShellScript" + ] + }, + { + "Action": [ + "ssm:SendCommand" + ], + "Condition": { + "StringLike": { + "ssm:resourceTag/LaunchWizardApplicationType": "*" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action": [ + "ssm:ListCommands", + "ec2:DescribeVpcs", + "ec2:DescribeRouteTables", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "ec2:DescribeInstanceAttribute", + "ec2:ModifyInstanceAttribute" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:GetObjectVersionAcl", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:DeleteObject", + "s3:DeleteObjectVersion", + "s3:DeleteBucket" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::launchwizard*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NMJOHL3TN", + "PolicyName": "AmazonLambdaRolePolicyForLaunchWizardSAP", + "UpdateDate": "2020-12-04T16:00:56+00:00", + "VersionId": "v5" + }, + "AmazonLaunchWizard_Fullaccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonLaunchWizard_Fullaccess", + "AttachmentCount": 0, + "CreateDate": "2020-08-06T17:47:30+00:00", + "DefaultVersionId": "v8", + "Document": { + "Statement": [ + { + "Action": "applicationinsights:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "resource-groups:List*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "route53:ChangeResourceRecordSets", + "route53:GetChange", + "route53:ListResourceRecordSets", + "route53:ListHostedZones", + "route53:ListHostedZonesByName" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cloudwatch:List*", + "cloudwatch:Get*", + "cloudwatch:Describe*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateVpc", + "ec2:CreateKeyPair", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSubnet" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:AllocateAddress", + "ec2:AllocateHosts", + "ec2:AssignPrivateIpAddresses", + "ec2:AssociateAddress", + "ec2:CreateDhcpOptions", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateVolume", + "ec2:CreateVpcEndpoint", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:ModifyInstanceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVolumeAttribute", + "ec2:ModifyVpcAttribute", + "ec2:AssociateDhcpOptions", + "ec2:AssociateSubnetCidrBlock", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:AttachVolume", + "ec2:DeleteDhcpOptions", + "ec2:DeleteInternetGateway", + "ec2:DeleteKeyPair", + "ec2:DeleteNatGateway", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVolume", + "ec2:DeleteVpc", + "ec2:DetachInternetGateway", + "ec2:DetachVolume", + "ec2:DeleteSnapshot", + "ec2:AssociateRouteTable", + "ec2:AssociateVpcCidrBlock", + "ec2:DeleteNetworkAcl", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSubnet", + "ec2:DetachNetworkInterface", + "ec2:DisassociateAddress", + "ec2:DisassociateVpcCidrBlock", + "ec2:GetLaunchTemplateData", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifyVolume", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:GetConsoleOutput", + "ec2:GetPasswordData", + "ec2:ReleaseAddress", + "ec2:ReplaceRoute", + "ec2:ReplaceRouteTableAssociation", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DisassociateIamInstanceProfile", + "ec2:DisassociateRouteTable", + "ec2:DisassociateSubnetCidrBlock", + "elasticfilesystem:DeleteFileSystem", + "elasticfilesystem:DeleteMountTarget", + "ds:AddIpRoutes", + "ds:CreateComputer", + "ds:CreateMicrosoftAD", + "ds:DeleteDirectory" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": "launchwizard.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cloudformation:DescribeStack*", + "cloudformation:Get*", + "cloudformation:ListStacks", + "cloudformation:SignalResource", + "cloudformation:DeleteStack" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stack/LaunchWizard*/*", + "arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*" + ] + }, + { + "Action": [ + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:CreateInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:AddRoleToInstanceProfile" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", + "arn:aws:iam::*:instance-profile/LaunchWizard*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEqualsIfExists": { + "iam:PassedToService": [ + "lambda.amazonaws.com", + "ec2.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", + "arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard*", + "arn:aws:iam::*:instance-profile/LaunchWizard*" + ] + }, + { + "Action": [ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:UpdateAutoScalingGroup", + "logs:CreateLogStream", + "logs:DeleteLogGroup", + "logs:DeleteLogStream", + "logs:DescribeLog*", + "logs:PutLogEvents", + "resource-groups:CreateGroup", + "resource-groups:DeleteGroup", + "sns:ListSubscriptionsByTopic", + "sns:Publish", + "ssm:DeleteDocument", + "ssm:DeleteParameter*", + "ssm:DescribeDocument*", + "ssm:GetDocument", + "ssm:PutParameter" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:resource-groups:*:*:group/LaunchWizard*", + "arn:aws:sns:*:*:*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*", + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*", + "arn:aws:ssm:*:*:parameter/LaunchWizard*", + "arn:aws:ssm:*:*:document/LaunchWizard*", + "arn:aws:logs:*:*:log-group:*:*:*", + "arn:aws:logs:*:*:log-group:LaunchWizard*" + ] + }, + { + "Action": "ssm:SendCommand", + "Condition": { + "ForAllValues:StringLike": { + "aws:TagKeys": "LaunchWizard*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:DeleteLogStream", + "logs:GetLogEvents", + "logs:PutLogEvents", + "ssm:AddTagsToResource", + "ssm:DescribeDocument", + "ssm:GetDocument", + "ssm:ListTagsForResource", + "ssm:RemoveTagsFromResource" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:*:*:*", + "arn:aws:logs:*:*:log-group:LaunchWizard*", + "arn:aws:ssm:*:*:parameter/LaunchWizard*", + "arn:aws:ssm:*:*:document/LaunchWizard*" + ] + }, + { + "Action": [ + "autoscaling:Describe*", + "cloudformation:DescribeAccountLimits", + "cloudformation:DescribeStackDriftDetectionStatus", + "cloudformation:List*", + "ds:Describe*", + "ds:ListAuthorizedApplications", + "ec2:Describe*", + "ec2:Get*", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetUser", + "iam:GetPolicyVersion", + "iam:GetPolicy", + "iam:List*", + "logs:CreateLogGroup", + "logs:GetLogDelivery", + "logs:GetLogRecord", + "logs:ListLogDeliveries", + "resource-groups:Get*", + "resource-groups:List*", + "servicequotas:GetServiceQuota", + "servicequotas:ListServiceQuotas", + "sns:ListSubscriptions", + "sns:ListTopics", + "ssm:CreateDocument", + "ssm:DescribeAutomation*", + "ssm:DescribeInstanceInformation", + "ssm:DescribeParameters", + "ssm:GetAutomationExecution", + "ssm:GetCommandInvocation", + "ssm:GetParameter*", + "ssm:GetConnectionStatus", + "ssm:ListCommand*", + "ssm:ListDocument*", + "ssm:ListInstanceAssociations", + "ssm:SendAutomationSignal", + "ssm:StartAutomationExecution", + "ssm:StopAutomationExecution", + "tag:Get*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "logs:GetLog*", + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:*:*:*", + "arn:aws:logs:*:*:log-group:LaunchWizard*" + ] + }, + { + "Action": [ + "cloudformation:List*", + "cloudformation:Describe*" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stack/LaunchWizard*/" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "autoscaling.amazonaws.com", + "application-insights.amazonaws.com", + "events.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "launchwizard:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sqs:TagQueue", + "sqs:GetQueueUrl", + "sqs:AddPermission", + "sqs:ListQueues", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:ListQueueTags", + "sqs:CreateQueue", + "sqs:SetQueueAttributes" + ], + "Effect": "Allow", + "Resource": "arn:aws:sqs:*:*:LaunchWizard*" + }, + { + "Action": [ + "cloudwatch:PutMetricAlarm", + "iam:GetInstanceProfile", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudwatch:*:*:alarm:LaunchWizard*", + "arn:aws:iam::*:instance-profile/LaunchWizard*" + ] + }, + { + "Action": [ + "cloudformation:CreateStack", + "route53:ListHostedZones", + "ec2:CreateSecurityGroup", + "ec2:AuthorizeSecurityGroupIngress", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:CreateFileSystem", + "elasticfilesystem:CreateMountTarget", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetObject", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::launchwizard*", + "arn:aws:s3:::launchwizard*/*", + "arn:aws:s3:::aws-sap-data-provider/config.properties" + ] + }, + { + "Action": "cloudformation:TagResource", + "Condition": { + "ForAllValues:StringLike": { + "aws:TagKeys": "LaunchWizard*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:CreateBucket", + "s3:PutBucketVersioning", + "s3:DeleteBucket", + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:InvokeFunction" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:function:LaunchWizard*", + "arn:aws:s3:::launchwizard*" + ] + }, + { + "Action": [ + "dynamodb:CreateTable", + "dynamodb:DescribeTable", + "dynamodb:DeleteTable" + ], + "Effect": "Allow", + "Resource": "arn:aws:dynamodb:*:*:table/LaunchWizard*" + }, + { + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource", + "secretsmanager:UntagResource", + "secretsmanager:PutResourcePolicy", + "secretsmanager:DeleteResourcePolicy", + "secretsmanager:ListSecretVersionIds" + ], + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:*:*:secret:LaunchWizard*" + }, + { + "Action": [ + "secretsmanager:GetRandomPassword", + "secretsmanager:ListSecrets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ssm:CreateOpsMetadata" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ssm:DeleteOpsMetadata", + "Effect": "Allow", + "Resource": "arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ABPQ7BLC2", + "PolicyName": "AmazonLaunchWizard_Fullaccess", + "UpdateDate": "2021-02-12T17:06:05+00:00", + "VersionId": "v8" + }, + "AmazonLexChannelsAccess": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexChannelsAccess", + "AttachmentCount": 0, + "CreateDate": "2021-01-13T20:12:46+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "lex:ListBots" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HVR6S6UVL", + "PolicyName": "AmazonLexChannelsAccess", + "UpdateDate": "2021-01-13T20:12:46+00:00", + "VersionId": "v1" + }, "AmazonLexFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonLexFullAccess", "AttachmentCount": 0, "CreateDate": "2017-04-11T23:20:36+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -18855,6 +35631,11 @@ aws_managed_policies_data = """ "*" ] }, + { + "Action": "kendra:ListIndices", + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "lambda:AddPermission", @@ -18941,6 +35722,22 @@ aws_managed_policies_data = """ "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" ] }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringLike": { + "iam:PassedToService": [ + "lex.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" + ] + }, { "Action": [ "iam:DetachRolePolicy" @@ -18964,8 +35761,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJVLXDHKVC23HRTKSI", "PolicyName": "AmazonLexFullAccess", - "UpdateDate": "2017-11-15T23:55:07+00:00", - "VersionId": "v4" + "UpdateDate": "2020-05-29T15:21:00+00:00", + "VersionId": "v6" }, "AmazonLexReadOnly": { "Arn": "arn:aws:iam::aws:policy/AmazonLexReadOnly", @@ -19013,13 +35810,16 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly", "AttachmentCount": 0, "CreateDate": "2017-04-11T23:06:24+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "lex:PostContent", - "lex:PostText" + "lex:PostText", + "lex:PutSession", + "lex:GetSession", + "lex:DeleteSession" ], "Effect": "Allow", "Resource": "*" @@ -19033,14 +35833,140 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJVZGB5CM3N6YWJHBE", "PolicyName": "AmazonLexRunBotsOnly", - "UpdateDate": "2017-04-11T23:06:24+00:00", + "UpdateDate": "2020-05-12T19:26:15+00:00", + "VersionId": "v2" + }, + "AmazonLexV2BotPolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy", + "AttachmentCount": 0, + "CreateDate": "2021-01-13T20:10:29+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "polly:SynthesizeSpeech" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4DXFCYFGBA", + "PolicyName": "AmazonLexV2BotPolicy", + "UpdateDate": "2021-01-13T20:10:29+00:00", "VersionId": "v1" }, + "AmazonMCSFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonMCSFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T13:45:25+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget", + "application-autoscaling:PutScheduledAction", + "application-autoscaling:DeleteScheduledAction", + "application-autoscaling:DescribeScheduledActions" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cassandra:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4K6JRQY7NV", + "PolicyName": "AmazonMCSFullAccess", + "UpdateDate": "2020-04-17T19:19:29+00:00", + "VersionId": "v2" + }, + "AmazonMCSReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonMCSReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T13:46:21+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "cassandra:Select" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "cloudwatch:DescribeAlarms" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4F6NKMXCNS", + "PolicyName": "AmazonMCSReadOnlyAccess", + "UpdateDate": "2020-04-17T19:21:34+00:00", + "VersionId": "v2" + }, "AmazonMQApiFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonMQApiFullAccess", "AttachmentCount": 0, "CreateDate": "2018-12-18T20:31:31+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -19070,6 +35996,16 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" ] + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "mq.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -19080,8 +36016,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI4CMO533EBV3L2GW4", "PolicyName": "AmazonMQApiFullAccess", - "UpdateDate": "2018-12-18T20:31:31+00:00", - "VersionId": "v1" + "UpdateDate": "2020-11-04T16:45:35+00:00", + "VersionId": "v2" }, "AmazonMQApiReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonMQApiReadOnlyAccess", @@ -19118,7 +36054,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonMQFullAccess", "AttachmentCount": 0, "CreateDate": "2017-11-28T15:28:29+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -19151,6 +36087,16 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" ] + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "mq.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -19161,8 +36107,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJLKBROJNQYDDXOOGG", "PolicyName": "AmazonMQFullAccess", - "UpdateDate": "2018-12-18T20:33:17+00:00", - "VersionId": "v4" + "UpdateDate": "2020-11-04T16:34:09+00:00", + "VersionId": "v5" }, "AmazonMQReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonMQReadOnlyAccess", @@ -19195,11 +36141,99 @@ aws_managed_policies_data = """ "UpdateDate": "2017-11-28T19:02:03+00:00", "VersionId": "v2" }, + "AmazonMQServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMQServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-11-04T16:07:17+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DescribeVpcEndpoints" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CreateVpcEndpoint" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action": [ + "ec2:CreateVpcEndpoint" + ], + "Condition": { + "StringEquals": { + "aws:RequestTag/AMQManaged": "true" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:vpc-endpoint/*" + ] + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CreateVpcEndpoint" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action": [ + "ec2:DeleteVpcEndpoints" + ], + "Condition": { + "StringEquals": { + "ec2:ResourceTag/AMQManaged": "true" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action": [ + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream", + "logs:CreateLogGroup" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LFY3JJDI6", + "PolicyName": "AmazonMQServiceRolePolicy", + "UpdateDate": "2020-11-04T16:07:17+00:00", + "VersionId": "v1" + }, "AmazonMSKFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonMSKFullAccess", "AttachmentCount": 0, "CreateDate": "2019-01-14T22:07:52+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -19209,7 +36243,17 @@ aws_managed_policies_data = """ "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "kms:DescribeKey", - "kms:CreateGrant" + "kms:CreateGrant", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "S3:GetBucketPolicy", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "firehose:TagDeliveryStream" ], "Effect": "Allow", "Resource": "*" @@ -19231,6 +36275,16 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "delivery.logs.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery*" } ], "Version": "2012-10-17" @@ -19241,8 +36295,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJERQQQTWI5OMENTQE", "PolicyName": "AmazonMSKFullAccess", - "UpdateDate": "2019-01-14T22:07:52+00:00", - "VersionId": "v1" + "UpdateDate": "2020-03-14T00:45:51+00:00", + "VersionId": "v3" }, "AmazonMSKReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonMSKReadOnlyAccess", @@ -19277,6 +36331,100 @@ aws_managed_policies_data = """ "UpdateDate": "2019-01-14T22:28:45+00:00", "VersionId": "v1" }, + "AmazonMWAAServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMWAAServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-11-24T14:13:41+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:airflow-*:*" + }, + { + "Action": [ + "ec2:AttachNetworkInterface", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:DetachNetworkInterface" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:CreateVpcEndpoint", + "Condition": { + "ForAnyValue:StringEquals": { + "aws:TagKeys": "AmazonMWAAManaged" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action": [ + "ec2:ModifyVpcEndpoint", + "ec2:DeleteVpcEndpoints" + ], + "Condition": { + "Null": { + "aws:ResourceTag/AmazonMWAAManaged": false + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action": [ + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcEndpoint" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "ForAnyValue:StringEquals": { + "aws:TagKeys": "AmazonMWAAManaged" + }, + "StringEquals": { + "ec2:CreateAction": "CreateVpcEndpoint" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JU5RBMG7W", + "PolicyName": "AmazonMWAAServiceRolePolicy", + "UpdateDate": "2020-11-24T14:13:41+00:00", + "VersionId": "v1" + }, "AmazonMachineLearningBatchPredictionsAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess", "AttachmentCount": 0, @@ -19443,10 +36591,10 @@ aws_managed_policies_data = """ "UpdateDate": "2015-04-09T17:44:06+00:00", "VersionId": "v1" }, - "AmazonMachineLearningRoleforRedshiftDataSource": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource", + "AmazonMachineLearningRoleforRedshiftDataSourceV3": { + "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSourceV3", "AttachmentCount": 0, - "CreateDate": "2015-04-09T17:05:26+00:00", + "CreateDate": "2020-06-24T18:00:09+00:00", "DefaultVersionId": "v1", "Document": { "Statement": [ @@ -19462,15 +36610,21 @@ aws_managed_policies_data = """ "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:ModifyCluster", - "redshift:RevokeClusterSecurityGroupIngress", - "s3:GetBucketLocation", - "s3:GetBucketPolicy", - "s3:GetObject", - "s3:PutBucketPolicy", - "s3:PutObject" + "redshift:RevokeClusterSecurityGroupIngress" ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "s3:PutBucketPolicy", + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:GetObject", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::amazon-machine-learning*" } ], "Version": "2012-10-17" @@ -19479,21 +36633,22 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/service-role/", "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQ5UDYYMNN42BM4AK", - "PolicyName": "AmazonMachineLearningRoleforRedshiftDataSource", - "UpdateDate": "2015-04-09T17:05:26+00:00", + "PolicyId": "ANPAZKAPJZG4DIXIZO4E2", + "PolicyName": "AmazonMachineLearningRoleforRedshiftDataSourceV3", + "UpdateDate": "2020-06-24T18:00:09+00:00", "VersionId": "v1" }, "AmazonMacieFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonMacieFullAccess", "AttachmentCount": 0, "CreateDate": "2017-08-14T14:54:30+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ - "macie:*" + "macie:*", + "macie2:*" ], "Effect": "Allow", "Resource": "*" @@ -19517,8 +36672,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJJF2N5FR6S5TZN5OA", "PolicyName": "AmazonMacieFullAccess", - "UpdateDate": "2018-06-28T15:54:57+00:00", - "VersionId": "v2" + "UpdateDate": "2020-05-13T19:05:16+00:00", + "VersionId": "v3" }, "AmazonMacieHandshakeRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieHandshakeRole", @@ -19580,7 +36735,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMacieServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-06-19T22:17:38+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -19591,8 +36746,26 @@ aws_managed_policies_data = """ "cloudtrail:ListTags", "cloudtrail:LookupEvents", "iam:ListAccountAliases", - "s3:Get*", - "s3:List*" + "organizations:DescribeAccount", + "organizations:ListAccounts", + "s3:GetAccountPublicAccessBlock", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketPolicy", + "s3:GetBucketPolicyStatus", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetReplicationConfiguration", + "s3:ListBucket", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectTagging" ], "Effect": "Allow", "Resource": "*" @@ -19619,7 +36792,6 @@ aws_managed_policies_data = """ "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", - "s3:DeleteReplicationConfiguration", "s3:PutBucketPolicy" ], "Effect": "Allow", @@ -19638,14 +36810,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJPLHONRH2HP2H6TNQ", "PolicyName": "AmazonMacieServiceRolePolicy", - "UpdateDate": "2018-06-19T22:17:38+00:00", - "VersionId": "v1" + "UpdateDate": "2020-07-17T21:31:07+00:00", + "VersionId": "v4" }, "AmazonMacieSetupRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieSetupRole", "AttachmentCount": 0, "CreateDate": "2017-08-14T14:53:34+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -19685,7 +36857,6 @@ aws_managed_policies_data = """ "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", - "s3:DeleteReplicationConfiguration", "s3:PutBucketPolicy" ], "Effect": "Allow", @@ -19704,8 +36875,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ5DC6UBVKND7ADSKA", "PolicyName": "AmazonMacieSetupRole", - "UpdateDate": "2017-08-14T14:53:34+00:00", - "VersionId": "v1" + "UpdateDate": "2019-09-27T18:41:21+00:00", + "VersionId": "v2" }, "AmazonManagedBlockchainConsoleFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainConsoleFullAccess", @@ -19797,74 +36968,41 @@ aws_managed_policies_data = """ "UpdateDate": "2019-04-30T18:17:31+00:00", "VersionId": "v1" }, - "AmazonMechanicalTurkCrowdFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkCrowdFullAccess", + "AmazonManagedBlockchainServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonManagedBlockchainServiceRolePolicy", "AttachmentCount": 0, - "CreateDate": "2017-10-05T18:07:21+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "crowd:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "CrowdApiFullAccess" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "crowd.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIPM7C67S54NPAHQ4Q", - "PolicyName": "AmazonMechanicalTurkCrowdFullAccess", - "UpdateDate": "2018-09-28T21:08:53+00:00", - "VersionId": "v2" - }, - "AmazonMechanicalTurkCrowdReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkCrowdReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2017-10-05T18:10:56+00:00", + "CreateDate": "2020-01-17T19:51:28+00:00", "DefaultVersionId": "v1", "Document": { "Statement": [ { "Action": [ - "crowd:GetTask" + "logs:CreateLogGroup" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" ], "Effect": "Allow", "Resource": [ - "*" - ], - "Sid": "CrowdApiReadOnlyAccess" + "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*:log-stream:*" + ] } ], "Version": "2012-10-17" }, "IsAttachable": true, "IsDefaultVersion": true, - "Path": "/", + "Path": "/aws-service-role/", "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAID5UNRAAANDGAW4CY", - "PolicyName": "AmazonMechanicalTurkCrowdReadOnlyAccess", - "UpdateDate": "2017-10-05T18:10:56+00:00", + "PolicyId": "ANPAZKAPJZG4MMO7477QN", + "PolicyName": "AmazonManagedBlockchainServiceRolePolicy", + "UpdateDate": "2020-01-17T19:51:28+00:00", "VersionId": "v1" }, "AmazonMechanicalTurkFullAccess": { @@ -19899,13 +37037,12 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly", "AttachmentCount": 0, "CreateDate": "2015-12-11T19:08:28+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ "mechanicalturk:Get*", - "mechanicalturk:Search*", "mechanicalturk:List*" ], "Effect": "Allow", @@ -19922,8 +37059,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIO5IY3G3WXSX5PPRM", "PolicyName": "AmazonMechanicalTurkReadOnly", - "UpdateDate": "2017-02-27T21:45:50+00:00", - "VersionId": "v2" + "UpdateDate": "2019-09-25T21:06:26+00:00", + "VersionId": "v3" }, "AmazonMobileAnalyticsFinancialReportAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess", @@ -20024,6 +37161,77 @@ aws_managed_policies_data = """ "UpdateDate": "2015-02-06T18:40:37+00:00", "VersionId": "v1" }, + "AmazonMonitronFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonMonitronFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-02T22:40:28+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "monitron.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "monitron:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:ListKeys", + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "kms:CreateGrant", + "Condition": { + "Bool": { + "kms:GrantIsForAWSResource": true + }, + "StringLike": { + "kms:ViaService": [ + "monitron.*.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "ds:DescribeDirectories", + "ds:DescribeTrusts" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AWSSSOPermissions" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MHDVZEITQ", + "PolicyName": "AmazonMonitronFullAccess", + "UpdateDate": "2020-12-02T22:40:28+00:00", + "VersionId": "v1" + }, "AmazonPersonalizeFullAccess": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonPersonalizeFullAccess", "AttachmentCount": 0, @@ -20144,28 +37352,295 @@ aws_managed_policies_data = """ "UpdateDate": "2018-07-17T16:41:07+00:00", "VersionId": "v2" }, - "AmazonRDSBetaServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSBetaServiceRolePolicy", + "AmazonPrometheusConsoleFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusConsoleFullAccess", "AttachmentCount": 0, - "CreateDate": "2018-05-02T19:41:04+00:00", - "DefaultVersionId": "v3", + "CreateDate": "2020-12-15T18:11:10+00:00", + "DefaultVersionId": "v1", "Document": { "Statement": [ { "Action": [ + "aps:CreateWorkspace", + "aps:DescribeWorkspace", + "aps:UpdateWorkspaceAlias", + "aps:DeleteWorkspace", + "aps:ListWorkspaces" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4P7IR2JZ6H", + "PolicyName": "AmazonPrometheusConsoleFullAccess", + "UpdateDate": "2020-12-15T18:11:10+00:00", + "VersionId": "v1" + }, + "AmazonPrometheusFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-15T18:10:46+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "aps:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4POZK2DGLM", + "PolicyName": "AmazonPrometheusFullAccess", + "UpdateDate": "2020-12-15T18:10:46+00:00", + "VersionId": "v1" + }, + "AmazonPrometheusQueryAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusQueryAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-19T01:02:58+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "aps:GetLabels", + "aps:GetMetricMetadata", + "aps:GetSeries", + "aps:QueryMetrics" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GQ2MT4E46", + "PolicyName": "AmazonPrometheusQueryAccess", + "UpdateDate": "2020-12-19T01:02:58+00:00", + "VersionId": "v1" + }, + "AmazonPrometheusRemoteWriteAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-19T01:04:32+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "aps:RemoteWrite" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JHMXH2L3T", + "PolicyName": "AmazonPrometheusRemoteWriteAccess", + "UpdateDate": "2020-12-19T01:04:32+00:00", + "VersionId": "v1" + }, + "AmazonQLDBConsoleFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonQLDBConsoleFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-09-05T18:24:20+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "qldb:CreateLedger", + "qldb:UpdateLedger", + "qldb:DeleteLedger", + "qldb:ListLedgers", + "qldb:DescribeLedger", + "qldb:ExportJournalToS3", + "qldb:ListJournalS3Exports", + "qldb:ListJournalS3ExportsForLedger", + "qldb:DescribeJournalS3Export", + "qldb:CancelJournalKinesisStream", + "qldb:DescribeJournalKinesisStream", + "qldb:ListJournalKinesisStreamsForLedger", + "qldb:StreamJournalToKinesis", + "qldb:GetBlock", + "qldb:GetDigest", + "qldb:GetRevision", + "qldb:GetBlock", + "qldb:TagResource", + "qldb:UntagResource", + "qldb:ListTagsForResource", + "qldb:SendCommand", + "qldb:ExecuteStatement", + "qldb:ShowCatalog", + "qldb:InsertSampleData" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "dbqms:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kinesis:ListStreams", + "kinesis:DescribeStream" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4H2DEHAFRU", + "PolicyName": "AmazonQLDBConsoleFullAccess", + "UpdateDate": "2020-05-19T17:45:54+00:00", + "VersionId": "v2" + }, + "AmazonQLDBFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonQLDBFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-09-05T18:23:32+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "qldb:CreateLedger", + "qldb:UpdateLedger", + "qldb:DeleteLedger", + "qldb:ListLedgers", + "qldb:DescribeLedger", + "qldb:ExportJournalToS3", + "qldb:ListJournalS3Exports", + "qldb:ListJournalS3ExportsForLedger", + "qldb:DescribeJournalS3Export", + "qldb:CancelJournalKinesisStream", + "qldb:DescribeJournalKinesisStream", + "qldb:ListJournalKinesisStreamsForLedger", + "qldb:StreamJournalToKinesis", + "qldb:GetBlock", + "qldb:GetDigest", + "qldb:GetRevision", + "qldb:GetBlock", + "qldb:TagResource", + "qldb:UntagResource", + "qldb:ListTagsForResource", + "qldb:SendCommand" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HHBBWGE2J", + "PolicyName": "AmazonQLDBFullAccess", + "UpdateDate": "2020-05-19T17:47:10+00:00", + "VersionId": "v2" + }, + "AmazonQLDBReadOnly": { + "Arn": "arn:aws:iam::aws:policy/AmazonQLDBReadOnly", + "AttachmentCount": 0, + "CreateDate": "2019-09-05T18:19:24+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "qldb:ListLedgers", + "qldb:DescribeLedger", + "qldb:ListJournalS3Exports", + "qldb:ListJournalS3ExportsForLedger", + "qldb:DescribeJournalS3Export", + "qldb:DescribeJournalKinesisStream", + "qldb:ListJournalKinesisStreamsForLedger", + "qldb:GetBlock", + "qldb:GetDigest", + "qldb:GetRevision", + "qldb:GetBlock", + "qldb:ListTagsForResource" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IC74JOQJR", + "PolicyName": "AmazonQLDBReadOnly", + "UpdateDate": "2020-05-19T17:47:55+00:00", + "VersionId": "v2" + }, + "AmazonRDSBetaServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSBetaServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2018-05-02T19:41:04+00:00", + "DefaultVersionId": "v5", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:AllocateAddress", + "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", + "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", + "ec2:DisassociateAddress", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyVpcEndpoint", + "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupIngress", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", @@ -20200,6 +37675,18 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" ] + }, + { + "Action": [ + "cloudwatch:PutMetricData" + ], + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "AWS/RDS" + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -20210,14 +37697,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ36CJAE6OYAR4YEK4", "PolicyName": "AmazonRDSBetaServiceRolePolicy", - "UpdateDate": "2018-07-05T18:29:48+00:00", - "VersionId": "v3" + "UpdateDate": "2020-11-18T22:40:34+00:00", + "VersionId": "v5" }, "AmazonRDSDataFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess", "AttachmentCount": 0, "CreateDate": "2018-11-20T21:29:36+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -20244,7 +37731,6 @@ aws_managed_policies_data = """ "dbqms:DescribeQueryHistory", "dbqms:UpdateQueryHistory", "dbqms:DeleteQueryHistory", - "dbqms:DescribeQueryHistory", "rds-data:ExecuteSql", "rds-data:ExecuteStatement", "rds-data:BatchExecuteStatement", @@ -20269,8 +37755,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ5HUMNZCSW4IC74T6", "PolicyName": "AmazonRDSDataFullAccess", - "UpdateDate": "2019-05-30T17:11:26+00:00", - "VersionId": "v2" + "UpdateDate": "2019-11-20T21:58:46+00:00", + "VersionId": "v3" }, "AmazonRDSDirectoryServiceAccess": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess", @@ -20348,7 +37834,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonRDSFullAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:52+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -20367,16 +37853,22 @@ aws_managed_policies_data = """ "cloudwatch:DeleteAlarms", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", + "ec2:GetCoipPoolUsage", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish", "logs:DescribeLogStreams", - "logs:GetLogEvents" + "logs:GetLogEvents", + "outposts:GetOutpostInstanceTypes" ], "Effect": "Allow", "Resource": "*" @@ -20408,30 +37900,46 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI3R4QMOG6Q5A4VWVG", "PolicyName": "AmazonRDSFullAccess", - "UpdateDate": "2018-04-09T17:42:48+00:00", - "VersionId": "v6" + "UpdateDate": "2020-11-24T19:30:26+00:00", + "VersionId": "v8" }, "AmazonRDSPreviewServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSPreviewServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-05-31T18:02:00+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v4", "Document": { "Statement": [ { "Action": [ + "rds:CrossRegionCommunication" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:AllocateAddress", + "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", + "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", + "ec2:DisassociateAddress", "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupIngress" ], "Effect": "Allow", @@ -20463,6 +37971,18 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" ] + }, + { + "Action": [ + "cloudwatch:PutMetricData" + ], + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "AWS/RDS" + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -20473,8 +37993,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIZHJJBU3675JOUEMQ", "PolicyName": "AmazonRDSPreviewServiceRolePolicy", - "UpdateDate": "2018-05-31T18:02:00+00:00", - "VersionId": "v1" + "UpdateDate": "2020-11-19T19:54:51+00:00", + "VersionId": "v4" }, "AmazonRDSReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess", @@ -20523,24 +38043,40 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-01-08T18:17:46+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v9", "Document": { "Statement": [ { "Action": [ + "rds:CrossRegionCommunication" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:AllocateAddress", + "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", + "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", + "ec2:DisassociateAddress", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyVpcEndpoint", + "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupIngress", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", @@ -20597,6 +38133,18 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:kinesis:*:*:stream/aws-rds-das-*" ] + }, + { + "Action": [ + "cloudwatch:PutMetricData" + ], + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "AWS/RDS" + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -20607,14 +38155,90 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIPEU5ZOBJWKWHUIBA", "PolicyName": "AmazonRDSServiceRolePolicy", - "UpdateDate": "2019-04-16T20:12:27+00:00", - "VersionId": "v6" + "UpdateDate": "2020-11-21T00:08:24+00:00", + "VersionId": "v9" + }, + "AmazonRedshiftDataFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-09-09T19:23:55+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "redshift-data:ExecuteStatement", + "redshift-data:CancelStatement", + "redshift-data:ListStatements", + "redshift-data:GetStatementResult", + "redshift-data:DescribeStatement", + "redshift-data:ListDatabases", + "redshift-data:ListSchemas", + "redshift-data:ListTables", + "redshift-data:DescribeTable" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "DataAPIPermissions" + }, + { + "Action": [ + "secretsmanager:GetSecretValue" + ], + "Condition": { + "StringLike": { + "secretsmanager:ResourceTag/RedshiftDataFullAccess": "*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "SecretsManagerPermissions" + }, + { + "Action": "redshift:GetClusterCredentials", + "Effect": "Allow", + "Resource": [ + "arn:aws:redshift:*:*:dbname:*/*", + "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" + ], + "Sid": "GetCredentialsForAPIUser" + }, + { + "Action": "redshift:CreateClusterUser", + "Effect": "Deny", + "Resource": [ + "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" + ], + "Sid": "DenyCreateAPIUser" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "redshift-data.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/redshift-data.amazonaws.com/AWSServiceRoleForRedshift", + "Sid": "ServiceLinkedRole" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PX5LA5SG6", + "PolicyName": "AmazonRedshiftDataFullAccess", + "UpdateDate": "2020-09-09T19:23:55+00:00", + "VersionId": "v1" }, "AmazonRedshiftFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:50+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -20635,7 +38259,12 @@ aws_managed_policies_data = """ "cloudwatch:List*", "cloudwatch:PutMetricAlarm", "cloudwatch:EnableAlarmActions", - "cloudwatch:DisableAlarmActions" + "cloudwatch:DisableAlarmActions", + "tag:GetResources", + "tag:UntagResources", + "tag:GetTagValues", + "tag:GetTagKeys", + "tag:TagResources" ], "Effect": "Allow", "Resource": "*" @@ -20649,6 +38278,45 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift" + }, + { + "Action": [ + "redshift-data:ExecuteStatement", + "redshift-data:CancelStatement", + "redshift-data:ListStatements", + "redshift-data:GetStatementResult", + "redshift-data:DescribeStatement", + "redshift-data:ListDatabases", + "redshift-data:ListSchemas", + "redshift-data:ListTables", + "redshift-data:DescribeTable" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "DataAPIPermissions" + }, + { + "Action": [ + "secretsmanager:ListSecrets" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SecretsManagerListPermissions" + }, + { + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:TagResource" + ], + "Condition": { + "StringLike": { + "secretsmanager:ResourceTag/RedshiftDataFullAccess": "*" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "SecretsManagerCreateGetPermissions" } ], "Version": "2012-10-17" @@ -20659,14 +38327,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAISEKCHH4YDB46B5ZO", "PolicyName": "AmazonRedshiftFullAccess", - "UpdateDate": "2017-09-19T18:27:44+00:00", - "VersionId": "v2" + "UpdateDate": "2020-09-09T19:51:19+00:00", + "VersionId": "v4" }, "AmazonRedshiftQueryEditor": { "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditor", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2018-10-04T22:50:32+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -20689,6 +38357,57 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "redshift-data:ExecuteStatement", + "redshift-data:ListDatabases", + "redshift-data:ListSchemas", + "redshift-data:ListTables", + "redshift-data:DescribeTable" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "DataAPIPermissions" + }, + { + "Action": [ + "redshift-data:GetStatementResult", + "redshift-data:CancelStatement", + "redshift-data:DescribeStatement", + "redshift-data:ListStatements" + ], + "Condition": { + "StringEquals": { + "redshift-data:statement-owner-iam-userid": "${aws:userid}" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "DataAPIIAMSessionPermissionsRestriction" + }, + { + "Action": [ + "secretsmanager:ListSecrets" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SecretsManagerListPermissions" + }, + { + "Action": [ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:TagResource" + ], + "Condition": { + "StringEquals": { + "secretsmanager:ResourceTag/RedshiftQueryOwner": "${aws:userid}" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:secretsmanager:*:*:secret:*", + "Sid": "SecretsManagerCreateGetPermissions" } ], "Version": "2012-10-17" @@ -20699,8 +38418,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAINVFHHP7CWVHTGBGM", "PolicyName": "AmazonRedshiftQueryEditor", - "UpdateDate": "2018-10-04T22:50:32+00:00", - "VersionId": "v1" + "UpdateDate": "2021-02-16T19:33:45+00:00", + "VersionId": "v4" }, "AmazonRedshiftReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess", @@ -20743,9 +38462,9 @@ aws_managed_policies_data = """ }, "AmazonRedshiftServiceLinkedRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRedshiftServiceLinkedRolePolicy", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2017-09-18T19:19:45+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -20758,7 +38477,11 @@ aws_managed_policies_data = """ "ec2:DisassociateAddress", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute" + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeVpcEndpoints", + "ec2:ModifyVpcEndpoint" ], "Effect": "Allow", "Resource": "*" @@ -20772,7 +38495,56 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJPY2VXNRUYOY3SRZS", "PolicyName": "AmazonRedshiftServiceLinkedRolePolicy", - "UpdateDate": "2017-09-25T21:20:15+00:00", + "UpdateDate": "2020-09-15T20:44:31+00:00", + "VersionId": "v3" + }, + "AmazonRekognitionCustomLabelsFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonRekognitionCustomLabelsFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-01-08T19:18:34+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::*custom-labels*" + }, + { + "Action": [ + "rekognition:CreateProject", + "rekognition:CreateProjectVersion", + "rekognition:StartProjectVersion", + "rekognition:StopProjectVersion", + "rekognition:DescribeProjects", + "rekognition:DescribeProjectVersions", + "rekognition:DetectCustomLabels", + "rekognition:DeleteProject", + "rekognition:DeleteProjectVersion" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OJEQDEQQQ", + "PolicyName": "AmazonRekognitionCustomLabelsFullAccess", + "UpdateDate": "2020-04-17T17:26:10+00:00", "VersionId": "v2" }, "AmazonRekognitionFullAccess": { @@ -20805,7 +38577,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2016-11-30T14:58:06+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -20827,8 +38599,14 @@ aws_managed_policies_data = """ "rekognition:GetPersonTracking", "rekognition:GetCelebrityRecognition", "rekognition:GetFaceSearch", + "rekognition:GetTextDetection", + "rekognition:GetSegmentDetection", "rekognition:DescribeStreamProcessor", - "rekognition:ListStreamProcessors" + "rekognition:ListStreamProcessors", + "rekognition:DescribeProjects", + "rekognition:DescribeProjectVersions", + "rekognition:DetectCustomLabels", + "rekognition:DetectProtectiveEquipment" ], "Effect": "Allow", "Resource": "*" @@ -20842,8 +38620,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAILWSUHXUY4ES43SA4", "PolicyName": "AmazonRekognitionReadOnlyAccess", - "UpdateDate": "2017-12-06T23:28:39+00:00", - "VersionId": "v2" + "UpdateDate": "2020-10-15T22:07:44+00:00", + "VersionId": "v6" }, "AmazonRekognitionServiceRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonRekognitionServiceRole", @@ -21130,7 +38908,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverFullAccess", "AttachmentCount": 0, "CreateDate": "2019-05-30T18:10:50+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -21143,7 +38921,8 @@ aws_managed_policies_data = """ "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcs" + "ec2:DescribeVpcs", + "ec2:DescribeAvailabilityZones" ], "Effect": "Allow", "Resource": [ @@ -21159,21 +38938,21 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAZKAPJZG4MZN2MQCY3", "PolicyName": "AmazonRoute53ResolverFullAccess", - "UpdateDate": "2019-05-30T18:10:50+00:00", - "VersionId": "v1" + "UpdateDate": "2020-07-17T19:03:27+00:00", + "VersionId": "v2" }, "AmazonRoute53ResolverReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2019-05-30T18:11:31+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "route53resolver:Get*", "route53resolver:List*", - "ec2:DescribeNetworkInterface", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeSubnets" @@ -21192,12 +38971,12 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAZKAPJZG4CARVKYCWY", "PolicyName": "AmazonRoute53ResolverReadOnlyAccess", - "UpdateDate": "2019-05-30T18:11:31+00:00", - "VersionId": "v1" + "UpdateDate": "2019-09-27T16:37:48+00:00", + "VersionId": "v2" }, "AmazonS3FullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonS3FullAccess", - "AttachmentCount": 0, + "AttachmentCount": 3, "CreateDate": "2015-02-06T18:40:58+00:00", "DefaultVersionId": "v1", "Document": { @@ -21219,9 +38998,116 @@ aws_managed_policies_data = """ "UpdateDate": "2015-02-06T18:40:58+00:00", "VersionId": "v1" }, + "AmazonS3OutpostsFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-10-02T17:26:30+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "s3-outposts:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "datasync:ListTasks", + "datasync:ListLocations", + "datasync:DescribeTask", + "datasync:DescribeLocation*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeNetworkInterfaces" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "outposts:ListOutposts", + "outposts:GetOutpost" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BKMLUXKOR", + "PolicyName": "AmazonS3OutpostsFullAccess", + "UpdateDate": "2020-10-02T17:26:30+00:00", + "VersionId": "v1" + }, + "AmazonS3OutpostsReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-10-02T18:55:58+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "s3-outposts:Get*", + "s3-outposts:List*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "datasync:ListTasks", + "datasync:ListLocations", + "datasync:DescribeTask", + "datasync:DescribeLocation*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeNetworkInterfaces" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "outposts:ListOutposts", + "outposts:GetOutpost" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PJ2AX4CUB", + "PolicyName": "AmazonS3OutpostsReadOnlyAccess", + "UpdateDate": "2020-10-02T18:55:58+00:00", + "VersionId": "v1" + }, "AmazonS3ReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", - "AttachmentCount": 0, + "AttachmentCount": 2, "CreateDate": "2015-02-06T18:40:59+00:00", "DefaultVersionId": "v1", "Document": { @@ -21386,7 +39272,7 @@ aws_managed_policies_data = """ }, "AmazonSQSFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonSQSFullAccess", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2015-02-06T18:41:07+00:00", "DefaultVersionId": "v1", "Document": { @@ -21572,7 +39458,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonSSMFullAccess", "AttachmentCount": 0, "CreateDate": "2015-05-29T17:39:47+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -21605,6 +39491,16 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*" + }, + { + "Action": [ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -21615,14 +39511,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJA7V6HI4ISQFMDYAG", "PolicyName": "AmazonSSMFullAccess", - "UpdateDate": "2018-07-23T22:53:18+00:00", - "VersionId": "v3" + "UpdateDate": "2019-11-20T20:08:56+00:00", + "VersionId": "v4" }, "AmazonSSMMaintenanceWindowRole": { "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole", "AttachmentCount": 0, "CreateDate": "2016-12-01T15:57:54+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -21636,8 +39532,7 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": [ "*" - ], - "Sid": "Stmt1477803259000" + ] }, { "Action": [ @@ -21647,8 +39542,7 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:lambda:*:*:function:SSM*", "arn:aws:lambda:*:*:function:*:SSM*" - ], - "Sid": "Stmt1477803259001" + ] }, { "Action": [ @@ -21659,8 +39553,26 @@ aws_managed_policies_data = """ "Resource": [ "arn:aws:states:*:*:stateMachine:SSM*", "arn:aws:states:*:*:execution:SSM*" + ] + }, + { + "Action": [ + "resource-groups:ListGroups", + "resource-groups:ListGroupResources" ], - "Sid": "Stmt1477803259002" + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "tag:GetResources" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" @@ -21671,8 +39583,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJV3JNYSTZ47VOXYME", "PolicyName": "AmazonSSMMaintenanceWindowRole", - "UpdateDate": "2017-08-09T20:49:14+00:00", - "VersionId": "v2" + "UpdateDate": "2019-07-27T00:16:05+00:00", + "VersionId": "v3" }, "AmazonSSMManagedInstanceCore": { "Arn": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", @@ -21736,6 +39648,45 @@ aws_managed_policies_data = """ "UpdateDate": "2019-05-23T16:54:21+00:00", "VersionId": "v2" }, + "AmazonSSMPatchAssociation": { + "Arn": "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation", + "AttachmentCount": 0, + "CreateDate": "2020-05-13T16:00:42+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "ssm:DescribeEffectivePatchesForPatchBaseline", + "Effect": "Allow", + "Resource": "arn:aws:ssm:*:*:patchbaseline/*" + }, + { + "Action": "ssm:GetPatchBaseline", + "Effect": "Allow", + "Resource": "arn:aws:ssm:*:*:patchbaseline/*" + }, + { + "Action": "tag:GetResources", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ssm:DescribePatchBaselines", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EWLEL5ZX7", + "PolicyName": "AmazonSSMPatchAssociation", + "UpdateDate": "2020-05-13T16:00:42+00:00", + "VersionId": "v1" + }, "AmazonSSMReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess", "AttachmentCount": 0, @@ -21768,7 +39719,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-11-13T19:20:08+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v11", "Document": { "Statement": [ { @@ -21780,7 +39731,9 @@ aws_managed_policies_data = """ "ssm:SendCommand", "ssm:GetAutomationExecution", "ssm:GetParameters", - "ssm:StartAutomationExecution" + "ssm:StartAutomationExecution", + "ssm:ListTagsForResource", + "ssm:GetCalendarState" ], "Effect": "Allow", "Resource": [ @@ -21822,7 +39775,18 @@ aws_managed_policies_data = """ { "Action": [ "resource-groups:ListGroups", - "resource-groups:ListGroupResources" + "resource-groups:ListGroupResources", + "resource-groups:GetGroupQuery" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources" ], "Effect": "Allow", "Resource": [ @@ -21838,6 +39802,47 @@ aws_managed_policies_data = """ "*" ] }, + { + "Action": [ + "config:SelectResourceConfig" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "compute-optimizer:GetEC2InstanceRecommendations" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "support:DescribeTrustedAdvisorChecks", + "support:DescribeTrustedAdvisorCheckSummaries", + "support:DescribeTrustedAdvisorCheckResult", + "support:DescribeCases" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "config:DescribeComplianceByConfigRule", + "config:DescribeComplianceByResource", + "config:DescribeRemediationConfigurations" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": "iam:PassRole", "Condition": { @@ -21849,6 +39854,34 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "*" + }, + { + "Action": "organizations:DescribeOrganization", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "cloudformation:ListStackSets", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cloudformation:ListStackInstances", + "cloudformation:DescribeStackSetOperation", + "cloudformation:DeleteStackSet" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*" + }, + { + "Action": "cloudformation:DeleteStackInstances", + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*", + "arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-SSM*:*", + "arn:aws:cloudformation:*:*:type/resource/*" + ] } ], "Version": "2012-10-17" @@ -21859,14 +39892,562 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIXJ26NUGBA3TCV7EC", "PolicyName": "AmazonSSMServiceRolePolicy", - "UpdateDate": "2018-07-25T22:14:20+00:00", - "VersionId": "v3" + "UpdateDate": "2021-01-05T23:57:10+00:00", + "VersionId": "v11" + }, + "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-11-27T18:48:07+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "apigateway:GET", + "apigateway:POST", + "apigateway:PUT", + "apigateway:PATCH", + "apigateway:DELETE" + ], + "Condition": { + "StringLike": { + "aws:ResourceTag/sagemaker:launch-source": "*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "apigateway:POST" + ], + "Condition": { + "ForAnyValue:StringLike": { + "aws:TagKeys": [ + "sagemaker:launch-source" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "apigateway:PATCH" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:apigateway:*::/account" + ] + }, + { + "Action": [ + "cloudformation:CreateStack", + "cloudformation:UpdateStack", + "cloudformation:DeleteStack" + ], + "Condition": { + "ArnLikeIfExists": { + "cloudformation:RoleArn": [ + "arn:aws:sts::*:assumed-role/AmazonSageMakerServiceCatalog*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stack/SC-*" + }, + { + "Action": [ + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stack/SC-*" + }, + { + "Action": [ + "cloudformation:GetTemplateSummary", + "cloudformation:ValidateTemplate" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "codebuild:CreateProject", + "codebuild:DeleteProject", + "codebuild:UpdateProject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:codebuild:*:*:project/sagemaker-*" + ] + }, + { + "Action": [ + "codecommit:CreateCommit", + "codecommit:CreateRepository", + "codecommit:DeleteRepository", + "codecommit:GetRepository", + "codecommit:TagResource" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:codecommit:*:*:sagemaker-*" + ] + }, + { + "Action": [ + "codecommit:ListRepositories" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "codepipeline:CreatePipeline", + "codepipeline:DeletePipeline", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:StartPipelineExecution", + "codepipeline:TagResource", + "codepipeline:UpdatePipeline" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:codepipeline:*:*:sagemaker-*" + ] + }, + { + "Action": [ + "cognito-idp:CreateUserPool" + ], + "Condition": { + "ForAnyValue:StringLike": { + "aws:TagKeys": [ + "sagemaker:launch-source" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cognito-idp:CreateGroup", + "cognito-idp:CreateUserPoolDomain", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:DeleteGroup", + "cognito-idp:DeleteUserPool", + "cognito-idp:DeleteUserPoolClient", + "cognito-idp:DeleteUserPoolDomain", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:UpdateUserPool", + "cognito-idp:UpdateUserPoolClient" + ], + "Condition": { + "StringLike": { + "aws:ResourceTag/sagemaker:launch-source": "*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ecr:CreateRepository", + "ecr:DeleteRepository" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ecr:*:*:repository/sagemaker-*" + ] + }, + { + "Action": [ + "events:DescribeRule", + "events:DeleteRule", + "events:DisableRule", + "events:EnableRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:events:*:*:rule/sagemaker-*" + ] + }, + { + "Action": [ + "firehose:CreateDeliveryStream", + "firehose:DeleteDeliveryStream", + "firehose:DescribeDeliveryStream", + "firehose:StartDeliveryStreamEncryption", + "firehose:StopDeliveryStreamEncryption", + "firehose:UpdateDestination" + ], + "Effect": "Allow", + "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*" + }, + { + "Action": [ + "glue:CreateDatabase", + "glue:DeleteDatabase" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/sagemaker-*", + "arn:aws:glue:*:*:table/sagemaker-*", + "arn:aws:glue:*:*:userDefinedFunction/sagemaker-*" + ] + }, + { + "Action": [ + "glue:CreateClassifier", + "glue:DeleteClassifier", + "glue:DeleteCrawler", + "glue:DeleteJob", + "glue:DeleteTrigger", + "glue:DeleteWorkflow", + "glue:StopCrawler" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "glue:CreateWorkflow" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:workflow/sagemaker-*" + ] + }, + { + "Action": [ + "glue:CreateJob" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:job/sagemaker-*" + ] + }, + { + "Action": [ + "glue:CreateCrawler", + "glue:GetCrawler" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:crawler/sagemaker-*" + ] + }, + { + "Action": [ + "glue:CreateTrigger", + "glue:GetTrigger" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:trigger/sagemaker-*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalog*" + ] + }, + { + "Action": [ + "lambda:AddPermission", + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:InvokeFunction", + "lambda:RemovePermission" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:function:sagemaker-*" + ] + }, + { + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DeleteLogGroup", + "logs:DeleteLogStream", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:PutRetentionPolicy" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:*:*:log-group:/aws/apigateway/AccessLogs/*", + "arn:aws:logs:*:*:log-group::log-stream:*" + ] + }, + { + "Action": "s3:GetObject", + "Condition": { + "StringEquals": { + "s3:ExistingObjectTag/servicecatalog:provisioning": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetObject", + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::sagemaker-*" + ] + }, + { + "Action": [ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteBucketPolicy", + "s3:GetBucketPolicy", + "s3:PutBucketAcl", + "s3:PutBucketNotification", + "s3:PutBucketPolicy", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketLogging", + "s3:PutEncryptionConfiguration" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::sagemaker-*" + }, + { + "Action": [ + "sagemaker:CreateEndpoint", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateModel", + "sagemaker:CreateWorkteam", + "sagemaker:DeleteEndpoint", + "sagemaker:DeleteEndpointConfig", + "sagemaker:DeleteModel", + "sagemaker:DeleteWorkteam", + "sagemaker:DescribeModel", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeWorkteam" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sagemaker:*:*:*" + ] + }, + { + "Action": [ + "states:CreateStateMachine", + "states:DeleteStateMachine", + "states:UpdateStateMachine" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:states:*:*:stateMachine:sagemaker-*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NAOSKQH4V", + "PolicyName": "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy", + "UpdateDate": "2020-11-27T18:48:07+00:00", + "VersionId": "v1" + }, + "AmazonSageMakerCoreServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerCoreServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-21T21:40:47+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:CreateNetworkInterfacePermission" + ], + "Condition": { + "StringEquals": { + "ec2:AuthorizedService": "sagemaker.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MMWQCSNKX", + "PolicyName": "AmazonSageMakerCoreServiceRolePolicy", + "UpdateDate": "2020-12-21T21:40:47+00:00", + "VersionId": "v1" + }, + "AmazonSageMakerEdgeDeviceFleetPolicy": { + "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerEdgeDeviceFleetPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-08T16:17:22+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "s3:PutObject", + "s3:GetBucketLocation" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ], + "Sid": "DeviceS3Access" + }, + { + "Action": [ + "sagemaker:SendHeartbeat", + "sagemaker:GetDeviceRegistration" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "SageMakerEdgeApis" + }, + { + "Action": [ + "iot:CreateRoleAlias", + "iot:DescribeRoleAlias", + "iot:UpdateRoleAlias", + "iot:ListTagsForResource", + "iot:TagResource" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iot:*:*:rolealias/SageMakerEdge*" + ], + "Sid": "CreateIoTRoleAlias" + }, + { + "Action": [ + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/*SageMaker*", + "arn:aws:iam::*:role/*Sagemaker*", + "arn:aws:iam::*:role/*sagemaker*" + ], + "Sid": "CreateIoTRoleAliasIamPermissionsGetRole" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEqualsIfExists": { + "iam:PassedToService": [ + "iot.amazonaws.com", + "credentials.iot.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/*SageMaker*", + "arn:aws:iam::*:role/*Sagemaker*", + "arn:aws:iam::*:role/*sagemaker*" + ], + "Sid": "CreateIoTRoleAliasIamPermissionsPassRole" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CPENAJLBT", + "PolicyName": "AmazonSageMakerEdgeDeviceFleetPolicy", + "UpdateDate": "2020-12-08T16:17:22+00:00", + "VersionId": "v1" + }, + "AmazonSageMakerFeatureStoreAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFeatureStoreAccess", + "AttachmentCount": 0, + "CreateDate": "2020-12-01T16:24:05+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "s3:PutObject", + "s3:GetBucketAcl" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FO5MQNGJU", + "PolicyName": "AmazonSageMakerFeatureStoreAccess", + "UpdateDate": "2020-12-01T16:24:05+00:00", + "VersionId": "v1" }, "AmazonSageMakerFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess", "AttachmentCount": 0, "CreateDate": "2017-11-29T13:07:59+00:00", - "DefaultVersionId": "v11", + "DefaultVersionId": "v18", "Document": { "Statement": [ { @@ -21874,8 +40455,41 @@ aws_managed_policies_data = """ "sagemaker:*" ], "Effect": "Allow", + "NotResource": [ + "arn:aws:sagemaker:*:*:domain/*", + "arn:aws:sagemaker:*:*:user-profile/*", + "arn:aws:sagemaker:*:*:app/*", + "arn:aws:sagemaker:*:*:flow-definition/*" + ] + }, + { + "Action": [ + "sagemaker:CreatePresignedDomainUrl", + "sagemaker:DescribeDomain", + "sagemaker:ListDomains", + "sagemaker:DescribeUserProfile", + "sagemaker:ListUserProfiles", + "sagemaker:*App", + "sagemaker:ListApps" + ], + "Effect": "Allow", "Resource": "*" }, + { + "Action": "sagemaker:*", + "Condition": { + "StringEqualsIfExists": { + "sagemaker:WorkteamType": [ + "private-crowd", + "vendor-crowd" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:sagemaker:*:*:flow-definition/*" + ] + }, { "Action": [ "application-autoscaling:DeleteScalingPolicy", @@ -21889,6 +40503,7 @@ aws_managed_policies_data = """ "application-autoscaling:PutScheduledAction", "application-autoscaling:RegisterScalableTarget", "aws-marketplace:ViewSubscriptions", + "cloudformation:GetTemplateSummary", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", @@ -21899,8 +40514,7 @@ aws_managed_policies_data = """ "codecommit:BatchGetRepositories", "codecommit:CreateRepository", "codecommit:GetRepository", - "codecommit:ListBranches", - "codecommit:ListRepositories", + "codecommit:List*", "cognito-idp:AdminAddUserToGroup", "cognito-idp:AdminCreateUser", "cognito-idp:AdminDeleteUser", @@ -21913,12 +40527,7 @@ aws_managed_policies_data = """ "cognito-idp:CreateUserPoolDomain", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", - "cognito-idp:ListGroups", - "cognito-idp:ListIdentityProviders", - "cognito-idp:ListUserPoolClients", - "cognito-idp:ListUserPools", - "cognito-idp:ListUsers", - "cognito-idp:ListUsersInGroup", + "cognito-idp:List*", "cognito-idp:UpdateUserPool", "cognito-idp:UpdateUserPoolClient", "ec2:CreateNetworkInterface", @@ -21936,30 +40545,53 @@ aws_managed_policies_data = """ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:CreateRepository", + "ecr:Describe*", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer", - "ecr:Describe*", + "ecr:StartImageScan", "elastic-inference:Connect", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets", + "fsx:DescribeFileSystems", "glue:CreateJob", "glue:DeleteJob", - "glue:GetJob", - "glue:GetJobRun", - "glue:GetJobRuns", - "glue:GetJobs", + "glue:GetJob*", + "glue:GetTable*", + "glue:GetWorkflowRun", "glue:ResetJobBookmark", "glue:StartJobRun", + "glue:StartWorkflowRun", "glue:UpdateJob", "groundtruthlabeling:*", "iam:ListRoles", "kms:DescribeKey", "kms:ListAliases", "lambda:ListFunctions", + "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", - "logs:DescribeLogStreams", + "logs:DeleteLogDelivery", + "logs:Describe*", + "logs:GetLogDelivery", "logs:GetLogEvents", + "logs:ListLogDeliveries", "logs:PutLogEvents", - "sns:ListTopics" + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "robomaker:CreateSimulationApplication", + "robomaker:DescribeSimulationApplication", + "robomaker:DeleteSimulationApplication", + "robomaker:CreateSimulationJob", + "robomaker:DescribeSimulationJob", + "robomaker:CancelSimulationJob", + "secretsmanager:ListSecrets", + "servicecatalog:Describe*", + "servicecatalog:List*", + "servicecatalog:ScanProvisionedProducts", + "servicecatalog:SearchProducts", + "servicecatalog:SearchProvisionedProducts", + "sns:ListTopics", + "tag:GetResources" ], "Effect": "Allow", "Resource": "*" @@ -21976,7 +40608,9 @@ aws_managed_policies_data = """ "ecr:PutImage" ], "Effect": "Allow", - "Resource": "arn:aws:ecr:*:*:repository/*sagemaker*" + "Resource": [ + "arn:aws:ecr:*:*:repository/*sagemaker*" + ] }, { "Action": [ @@ -21992,10 +40626,28 @@ aws_managed_policies_data = """ }, { "Action": [ - "secretsmanager:ListSecrets" + "codebuild:BatchGetBuilds", + "codebuild:StartBuild" ], "Effect": "Allow", - "Resource": "*" + "Resource": [ + "arn:aws:codebuild:*:*:project/sagemaker*", + "arn:aws:codebuild:*:*:build/*" + ] + }, + { + "Action": [ + "states:DescribeExecution", + "states:GetExecutionHistory", + "states:StartExecution", + "states:StopExecution", + "states:UpdateStateMachine" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:states:*:*:statemachine:*sagemaker*", + "arn:aws:states:*:*:execution:*sagemaker*:*" + ] }, { "Action": [ @@ -22023,31 +40675,30 @@ aws_managed_policies_data = """ }, { "Action": [ - "robomaker:CreateSimulationApplication", - "robomaker:DescribeSimulationApplication", - "robomaker:DeleteSimulationApplication" + "servicecatalog:ProvisionProduct" ], "Effect": "Allow", - "Resource": [ - "*" - ] + "Resource": "*" }, { "Action": [ - "robomaker:CreateSimulationJob", - "robomaker:DescribeSimulationJob", - "robomaker:CancelSimulationJob" + "servicecatalog:TerminateProvisionedProduct", + "servicecatalog:UpdateProvisionedProduct" ], + "Condition": { + "StringEquals": { + "servicecatalog:userLevel": "self" + } + }, "Effect": "Allow", - "Resource": [ - "*" - ] + "Resource": "*" }, { "Action": [ "s3:GetObject", "s3:PutObject", - "s3:DeleteObject" + "s3:DeleteObject", + "s3:AbortMultipartUpload" ], "Effect": "Allow", "Resource": [ @@ -22059,11 +40710,13 @@ aws_managed_policies_data = """ }, { "Action": [ - "s3:CreateBucket", - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:ListAllMyBuckets" + "s3:GetObject" ], + "Condition": { + "StringEqualsIgnoreCase": { + "s3:ExistingObjectTag/SageMaker": "true" + } + }, "Effect": "Allow", "Resource": "*" }, @@ -22072,13 +40725,25 @@ aws_managed_policies_data = """ "s3:GetObject" ], "Condition": { - "StringEqualsIgnoreCase": { - "s3:ExistingObjectTag/SageMaker": "true" + "StringEquals": { + "s3:ExistingObjectTag/servicecatalog:provisioning": "true" } }, "Effect": "Allow", "Resource": "*" }, + { + "Action": [ + "s3:CreateBucket", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:GetBucketCors", + "s3:PutBucketCors" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "lambda:InvokeFunction" @@ -22132,12 +40797,102 @@ aws_managed_policies_data = """ "iam:PassedToService": [ "sagemaker.amazonaws.com", "glue.amazonaws.com", - "robomaker.amazonaws.com" + "robomaker.amazonaws.com", + "states.amazonaws.com" ] } }, "Effect": "Allow", - "Resource": "*" + "Resource": "arn:aws:iam::*:role/*" + }, + { + "Action": [ + "athena:ListDataCatalogs", + "athena:ListDatabases", + "athena:ListTableMetadata", + "athena:GetQueryExecution", + "athena:GetQueryResults", + "athena:StartQueryExecution", + "athena:StopQueryExecution" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "glue:CreateTable" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", + "arn:aws:glue:*:*:table/sagemaker_featurestore/*", + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*" + ] + }, + { + "Action": [ + "glue:DeleteTable" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*" + ] + }, + { + "Action": [ + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:table/*", + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*" + ] + }, + { + "Action": [ + "glue:CreateDatabase", + "glue:GetDatabase" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/sagemaker_featurestore", + "arn:aws:glue:*:*:database/sagemaker_processing", + "arn:aws:glue:*:*:database/default", + "arn:aws:glue:*:*:database/sagemaker_data_wrangler" + ] + }, + { + "Action": [ + "redshift-data:ExecuteStatement", + "redshift-data:DescribeStatement", + "redshift-data:CancelStatement", + "redshift-data:GetStatementResult", + "redshift-data:ListSchemas", + "redshift-data:ListTables" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "redshift:GetClusterCredentials" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", + "arn:aws:redshift:*:*:dbname:*" + ] } ], "Version": "2012-10-17" @@ -22148,16 +40903,310 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJZ5IWYMXO5QDB4QOG", "PolicyName": "AmazonSageMakerFullAccess", - "UpdateDate": "2019-05-09T04:44:05+00:00", - "VersionId": "v11" + "UpdateDate": "2020-12-01T16:31:19+00:00", + "VersionId": "v18" + }, + "AmazonSageMakerGroundTruthExecution": { + "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerGroundTruthExecution", + "AttachmentCount": 0, + "CreateDate": "2020-07-09T19:30:20+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "lambda:InvokeFunction" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:function:*GtRecipe*", + "arn:aws:lambda:*:*:function:*LabelingFunction*", + "arn:aws:lambda:*:*:function:*SageMaker*", + "arn:aws:lambda:*:*:function:*sagemaker*", + "arn:aws:lambda:*:*:function:*Sagemaker*" + ], + "Sid": "CustomLabelingJobs" + }, + { + "Action": [ + "s3:AbortMultipartUpload", + "s3:GetObject", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*GroundTruth*", + "arn:aws:s3:::*Groundtruth*", + "arn:aws:s3:::*groundtruth*", + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ] + }, + { + "Action": [ + "s3:GetObject" + ], + "Condition": { + "StringEqualsIgnoreCase": { + "s3:ExistingObjectTag/SageMaker": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetBucketLocation", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cloudwatch:PutMetricData", + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudWatch" + }, + { + "Action": [ + "sqs:CreateQueue", + "sqs:DeleteMessage", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage", + "sqs:SendMessage", + "sqs:SendMessageBatch", + "sqs:SetQueueAttributes" + ], + "Effect": "Allow", + "Resource": "arn:aws:sqs:*:*:*GroundTruth*", + "Sid": "StreamingQueue" + }, + { + "Action": "sns:Subscribe", + "Condition": { + "StringEquals": { + "sns:Protocol": "sqs" + }, + "StringLike": { + "sns:Endpoint": "arn:aws:sqs:*:*:*GroundTruth*" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:sns:*:*:*GroundTruth*", + "arn:aws:sns:*:*:*Groundtruth*", + "arn:aws:sns:*:*:*groundTruth*", + "arn:aws:sns:*:*:*groundtruth*", + "arn:aws:sns:*:*:*SageMaker*", + "arn:aws:sns:*:*:*Sagemaker*", + "arn:aws:sns:*:*:*sageMaker*", + "arn:aws:sns:*:*:*sagemaker*" + ], + "Sid": "StreamingTopicSubscribe" + }, + { + "Action": [ + "sns:Publish" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:sns:*:*:*GroundTruth*", + "arn:aws:sns:*:*:*Groundtruth*", + "arn:aws:sns:*:*:*groundTruth*", + "arn:aws:sns:*:*:*groundtruth*", + "arn:aws:sns:*:*:*SageMaker*", + "arn:aws:sns:*:*:*Sagemaker*", + "arn:aws:sns:*:*:*sageMaker*", + "arn:aws:sns:*:*:*sagemaker*" + ], + "Sid": "StreamingTopic" + }, + { + "Action": [ + "sns:Unsubscribe" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "StreamingTopicUnsubscribe" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FYNFSJXO3", + "PolicyName": "AmazonSageMakerGroundTruthExecution", + "UpdateDate": "2020-07-09T19:30:20+00:00", + "VersionId": "v1" + }, + "AmazonSageMakerMechanicalTurkAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerMechanicalTurkAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T16:19:36+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sagemaker:*FlowDefinition", + "sagemaker:*FlowDefinitions" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AYDBKMMDV", + "PolicyName": "AmazonSageMakerMechanicalTurkAccess", + "UpdateDate": "2019-12-03T16:19:36+00:00", + "VersionId": "v1" + }, + "AmazonSageMakerNotebooksServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerNotebooksServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-10-18T20:27:37+00:00", + "DefaultVersionId": "v5", + "Document": { + "Statement": [ + { + "Action": "elasticfilesystem:CreateFileSystem", + "Condition": { + "StringLike": { + "aws:RequestTag/ManagedByAmazonSageMakerResource": "*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticfilesystem:CreateMountTarget", + "elasticfilesystem:DeleteFileSystem", + "elasticfilesystem:DeleteMountTarget" + ], + "Condition": { + "StringLike": { + "aws:ResourceTag/ManagedByAmazonSageMakerResource": "*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "ec2:CreateTags", + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteNetworkInterface", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/ManagedByAmazonSageMakerResource": "*" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sso:CreateManagedApplicationInstance", + "sso:DeleteManagedApplicationInstance", + "sso:GetManagedApplicationInstance" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sagemaker:CreateUserProfile", + "sagemaker:DescribeUserProfile" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MYB7OEJED", + "PolicyName": "AmazonSageMakerNotebooksServiceRolePolicy", + "UpdateDate": "2020-08-28T22:39:39+00:00", + "VersionId": "v5" }, "AmazonSageMakerReadOnly": { "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerReadOnly", "AttachmentCount": 0, "CreateDate": "2017-11-29T13:07:09+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v9", "Document": { "Statement": [ + { + "Action": [ + "sagemaker:Describe*", + "sagemaker:List*", + "sagemaker:BatchGetMetrics", + "sagemaker:GetDeviceRegistration", + "sagemaker:GetDeviceFleetReport", + "sagemaker:GetSearchSuggestions", + "sagemaker:GetRecord", + "sagemaker:Search" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "application-autoscaling:DescribeScalableTargets", @@ -22165,7 +41214,6 @@ aws_managed_policies_data = """ "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "aws-marketplace:ViewSubscriptions", - "aws-marketplace:ViewSubscriptions", "cloudwatch:DescribeAlarms", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", @@ -22175,11 +41223,7 @@ aws_managed_policies_data = """ "cognito-idp:ListUserPools", "cognito-idp:ListUsers", "cognito-idp:ListUsersInGroup", - "ecr:Describe*", - "sagemaker:Describe*", - "sagemaker:GetSearchSuggestions", - "sagemaker:List*", - "sagemaker:Search" + "ecr:Describe*" ], "Effect": "Allow", "Resource": "*" @@ -22193,8 +41237,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJTZ2FTFCQ6CFLQA2O", "PolicyName": "AmazonSageMakerReadOnly", - "UpdateDate": "2019-01-04T22:22:07+00:00", - "VersionId": "v5" + "UpdateDate": "2020-12-08T16:17:08+00:00", + "VersionId": "v9" }, "AmazonSumerianFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonSumerianFullAccess", @@ -22274,6 +41318,161 @@ aws_managed_policies_data = """ "UpdateDate": "2018-11-28T19:12:16+00:00", "VersionId": "v1" }, + "AmazonTimestreamConsoleFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamConsoleFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-09-30T21:47:18+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "timestream:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:DescribeKey", + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:CreateGrant" + ], + "Condition": { + "Bool": { + "kms:GrantIsForAWSResource": true + }, + "ForAnyValue:StringEquals": { + "kms:EncryptionContextKeys": "aws:timestream:database-name" + }, + "StringLike": { + "kms:ViaService": "timestream.*.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "dbqms:CreateFavoriteQuery", + "dbqms:DescribeFavoriteQueries", + "dbqms:UpdateFavoriteQuery", + "dbqms:DeleteFavoriteQueries", + "dbqms:GetQueryString", + "dbqms:CreateQueryHistory", + "dbqms:DescribeQueryHistory", + "dbqms:UpdateQueryHistory", + "dbqms:DeleteQueryHistory", + "dbqms:DescribeQueryHistory" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AZJLUKMAZ", + "PolicyName": "AmazonTimestreamConsoleFullAccess", + "UpdateDate": "2020-09-30T21:47:18+00:00", + "VersionId": "v1" + }, + "AmazonTimestreamFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-09-30T21:47:14+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "timestream:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:CreateGrant" + ], + "Condition": { + "Bool": { + "kms:GrantIsForAWSResource": true + }, + "ForAnyValue:StringEquals": { + "kms:EncryptionContextKeys": "aws:timestream:database-name" + }, + "StringLike": { + "kms:ViaService": "timestream.*.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CGYUJBH4V", + "PolicyName": "AmazonTimestreamFullAccess", + "UpdateDate": "2020-09-30T21:47:14+00:00", + "VersionId": "v1" + }, + "AmazonTimestreamReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-09-30T21:47:08+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "timestream:CancelQuery", + "timestream:DescribeDatabase", + "timestream:DescribeEndpoints", + "timestream:DescribeTable", + "timestream:ListDatabases", + "timestream:ListMeasures", + "timestream:ListTables", + "timestream:ListTagsForResource", + "timestream:Select", + "timestream:SelectValues" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4I7VUQXAEJ", + "PolicyName": "AmazonTimestreamReadOnlyAccess", + "UpdateDate": "2020-09-30T21:47:08+00:00", + "VersionId": "v1" + }, "AmazonTranscribeFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonTranscribeFullAccess", "AttachmentCount": 0, @@ -22340,7 +41539,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonVPCCrossAccountNetworkInterfaceOperations", "AttachmentCount": 0, "CreateDate": "2017-07-18T20:47:16+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -22366,6 +41565,7 @@ aws_managed_policies_data = """ "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeAvailabilityZones", + "ec2:DescribeRegions", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], @@ -22393,8 +41593,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ53Y4ZY5OHP4CNRJC", "PolicyName": "AmazonVPCCrossAccountNetworkInterfaceOperations", - "UpdateDate": "2019-01-07T19:16:23+00:00", - "VersionId": "v3" + "UpdateDate": "2020-06-16T14:16:49+00:00", + "VersionId": "v4" }, "AmazonVPCFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonVPCFullAccess", @@ -22621,11 +41821,69 @@ aws_managed_policies_data = """ "UpdateDate": "2018-03-07T18:34:42+00:00", "VersionId": "v6" }, + "AmazonWorkDocsFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-04-16T23:05:11+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "workdocs:*", + "ds:DescribeDirectories", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GTERAZYCR", + "PolicyName": "AmazonWorkDocsFullAccess", + "UpdateDate": "2020-04-16T23:05:11+00:00", + "VersionId": "v1" + }, + "AmazonWorkDocsReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-01-08T23:49:59+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "workdocs:Describe*", + "ds:DescribeDirectories", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EDG6WGO5A", + "PolicyName": "AmazonWorkDocsReadOnlyAccess", + "UpdateDate": "2020-01-08T23:49:59+00:00", + "VersionId": "v1" + }, "AmazonWorkLinkFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkFullAccess", "AttachmentCount": 0, "CreateDate": "2019-01-23T18:52:09+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -22633,7 +41891,7 @@ aws_managed_policies_data = """ "worklink:*" ], "Effect": "Allow", - "Resource": "arn:aws:worklink:*" + "Resource": "arn:aws:worklink:*:*:*" } ], "Version": "2012-10-17" @@ -22644,23 +41902,24 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJM4ITL7TEVURHCQSY", "PolicyName": "AmazonWorkLinkFullAccess", - "UpdateDate": "2019-01-23T18:52:09+00:00", - "VersionId": "v1" + "UpdateDate": "2019-09-23T18:37:42+00:00", + "VersionId": "v2" }, "AmazonWorkLinkReadOnly": { "Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkReadOnly", "AttachmentCount": 0, "CreateDate": "2019-01-23T19:07:10+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { "Action": [ "worklink:Describe*", - "worklink:List*" + "worklink:List*", + "worklink:Search*" ], "Effect": "Allow", - "Resource": "arn:aws:worklink:*" + "Resource": "arn:aws:worklink:*:*:*" } ], "Version": "2012-10-17" @@ -22671,14 +41930,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIANQMFGU4EUUZKFQ4", "PolicyName": "AmazonWorkLinkReadOnly", - "UpdateDate": "2019-01-23T19:07:10+00:00", - "VersionId": "v1" + "UpdateDate": "2019-09-23T18:37:21+00:00", + "VersionId": "v3" }, "AmazonWorkLinkServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkLinkServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2019-03-18T18:00:16+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -22699,6 +41958,15 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:kinesis:*:*:stream/AmazonWorkLink-*" + }, + { + "Action": [ + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -22709,8 +41977,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAINJJP6CO7ATFCV4CU", "PolicyName": "AmazonWorkLinkServiceRolePolicy", - "UpdateDate": "2019-03-18T18:00:16+00:00", - "VersionId": "v1" + "UpdateDate": "2020-02-07T20:48:49+00:00", + "VersionId": "v2" }, "AmazonWorkMailEventsServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkMailEventsServiceRolePolicy", @@ -22744,7 +42012,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:41+00:00", - "DefaultVersionId": "v6", + "DefaultVersionId": "v10", "Document": { "Statement": [ { @@ -22754,11 +42022,8 @@ aws_managed_policies_data = """ "ds:CreateAlias", "ds:CreateDirectory", "ds:CreateIdentityPoolDirectory", - "ds:CreateDomain", - "ds:DeleteAlias", "ds:DeleteDirectory", "ds:DescribeDirectories", - "ds:ExtendDirectory", "ds:GetDirectoryLimits", "ds:ListAuthorizedApplications", "ds:UnauthorizeApplication", @@ -22773,7 +42038,6 @@ aws_managed_policies_data = """ "ec2:DeleteSubnet", "ec2:DeleteVpc", "ec2:DescribeAvailabilityZones", - "ec2:DescribeDomains", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeVpcs", @@ -22785,6 +42049,7 @@ aws_managed_policies_data = """ "route53:ChangeResourceRecordSets", "route53:ListHostedZones", "route53:ListResourceRecordSets", + "route53:GetHostedZone", "route53domains:CheckDomainAvailability", "route53domains:ListDomains", "ses:*", @@ -22792,7 +42057,8 @@ aws_managed_policies_data = """ "iam:ListRoles", "logs:DescribeLogGroups", "logs:CreateLogGroup", - "logs:PutRetentionPolicy" + "logs:PutRetentionPolicy", + "cloudwatch:GetMetricData" ], "Effect": "Allow", "Resource": "*" @@ -22834,14 +42100,66 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJQVKNMT7SVATQ4AUY", "PolicyName": "AmazonWorkMailFullAccess", - "UpdateDate": "2019-05-13T15:21:29+00:00", - "VersionId": "v6" + "UpdateDate": "2020-12-21T14:13:40+00:00", + "VersionId": "v10" + }, + "AmazonWorkMailMessageFlowFullAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowFullAccess", + "AttachmentCount": 0, + "CreateDate": "2021-02-11T11:08:35+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "workmailmessageflow:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ORQUVJL66", + "PolicyName": "AmazonWorkMailMessageFlowFullAccess", + "UpdateDate": "2021-02-11T11:08:35+00:00", + "VersionId": "v1" + }, + "AmazonWorkMailMessageFlowReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2021-01-28T12:40:08+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "workmailmessageflow:Get*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4M6UETQLYG", + "PolicyName": "AmazonWorkMailMessageFlowReadOnlyAccess", + "UpdateDate": "2021-01-28T12:40:08+00:00", + "VersionId": "v1" }, "AmazonWorkMailReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:42+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -22854,7 +42172,8 @@ aws_managed_policies_data = """ "workmail:Search*", "lambda:ListFunctions", "iam:ListRoles", - "logs:DescribeLogGroups" + "logs:DescribeLogGroups", + "cloudwatch:GetMetricData" ], "Effect": "Allow", "Resource": "*" @@ -22868,8 +42187,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJHF7J65E2QFKCWAJM", "PolicyName": "AmazonWorkMailReadOnlyAccess", - "UpdateDate": "2019-05-13T15:12:46+00:00", - "VersionId": "v3" + "UpdateDate": "2019-07-25T08:24:50+00:00", + "VersionId": "v4" }, "AmazonWorkSpacesAdmin": { "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin", @@ -22937,6 +42256,62 @@ aws_managed_policies_data = """ "UpdateDate": "2015-04-09T14:03:18+00:00", "VersionId": "v1" }, + "AmazonWorkSpacesSelfServiceAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess", + "AttachmentCount": 0, + "CreateDate": "2019-06-27T19:22:52+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "workspaces:RebootWorkspaces", + "workspaces:RebuildWorkspaces", + "workspaces:ModifyWorkspaceProperties" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MLHUSTJAF", + "PolicyName": "AmazonWorkSpacesSelfServiceAccess", + "UpdateDate": "2019-06-27T19:22:52+00:00", + "VersionId": "v1" + }, + "AmazonWorkSpacesServiceAccess": { + "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess", + "AttachmentCount": 0, + "CreateDate": "2019-06-27T19:19:09+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4KRXBM753F", + "PolicyName": "AmazonWorkSpacesServiceAccess", + "UpdateDate": "2020-03-18T23:32:10+00:00", + "VersionId": "v2" + }, "AmazonZocaloFullAccess": { "Arn": "arn:aws:iam::aws:policy/AmazonZocaloFullAccess", "AttachmentCount": 0, @@ -23397,9 +42772,9 @@ aws_managed_policies_data = """ }, "AutoScalingServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy", - "AttachmentCount": 0, + "AttachmentCount": 1, "CreateDate": "2018-01-08T23:10:55+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -23414,6 +42789,8 @@ aws_managed_policies_data = """ "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect": "Allow", @@ -23473,6 +42850,23 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "*", "Sid": "SNSManagement" + }, + { + "Action": [ + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "events:DeleteRule", + "events:DescribeRule" + ], + "Condition": { + "StringEquals": { + "events:ManagedBy": "autoscaling.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*", + "Sid": "EventBridgeRuleManagement" } ], "Version": "2012-10-17" @@ -23483,27 +42877,123 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIC5D2V7MRWBMHGD7G", "PolicyName": "AutoScalingServiceRolePolicy", - "UpdateDate": "2018-10-31T18:19:10+00:00", + "UpdateDate": "2021-02-05T01:37:46+00:00", + "VersionId": "v4" + }, + "AwsGlueDataBrewFullAccessPolicy": { + "Arn": "arn:aws:iam::aws:policy/AwsGlueDataBrewFullAccessPolicy", + "AttachmentCount": 0, + "CreateDate": "2020-11-11T16:51:39+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "databrew:*", + "glue:GetDatabases", + "glue:GetPartitions", + "glue:GetTable", + "glue:GetTables", + "glue:GetDataCatalogEncryptionSettings", + "dataexchange:ListDataSets", + "dataexchange:ListDataSetRevisions", + "dataexchange:ListRevisionAssets", + "dataexchange:CreateJob", + "dataexchange:StartJob", + "dataexchange:GetJob", + "kms:DescribeKey", + "kms:ListKeys", + "kms:ListAliases", + "s3:ListAllMyBuckets", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetEncryptionConfiguration", + "sts:GetCallerIdentity", + "cloudtrail:LookupEvents", + "iam:ListRoles", + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "s3:ListBucket", + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::databrew-public-datasets-*" + ] + }, + { + "Action": [ + "kms:GenerateDataKey" + ], + "Condition": { + "StringLike": { + "kms:ViaService": "s3.*.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "databrew.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ACNRIK7M3", + "PolicyName": "AwsGlueDataBrewFullAccessPolicy", + "UpdateDate": "2020-11-12T23:04:55+00:00", "VersionId": "v2" }, "Billing": { "Arn": "arn:aws:iam::aws:policy/job-function/Billing", "AttachmentCount": 0, "CreateDate": "2016-11-10T17:33:18+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v5", "Document": { "Statement": [ { "Action": [ "aws-portal:*Billing", - "awsbillingconsole:*Billing", "aws-portal:*Usage", - "awsbillingconsole:*Usage", "aws-portal:*PaymentMethods", - "awsbillingconsole:*PaymentMethods", "budgets:ViewBudget", "budgets:ModifyBudget", - "cur:*" + "ce:UpdatePreferences", + "ce:CreateReport", + "ce:UpdateReport", + "ce:DeleteReport", + "ce:CreateNotificationSubscription", + "ce:UpdateNotificationSubscription", + "ce:DeleteNotificationSubscription", + "cur:DescribeReportDefinitions", + "cur:PutReportDefinition", + "cur:ModifyReportDefinition", + "cur:DeleteReportDefinition", + "purchase-orders:*PurchaseOrders" ], "Effect": "Allow", "Resource": "*" @@ -23517,14 +43007,67 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIFTHXT6FFMIRT7ZEA", "PolicyName": "Billing", - "UpdateDate": "2018-02-06T23:46:37+00:00", - "VersionId": "v2" + "UpdateDate": "2020-10-05T20:37:01+00:00", + "VersionId": "v5" + }, + "CertificateManagerServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/CertificateManagerServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-06-25T17:56:49+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "acm-pca:IssueCertificate", + "acm-pca:GetCertificate" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4G2T4BX7CL", + "PolicyName": "CertificateManagerServiceRolePolicy", + "UpdateDate": "2020-06-25T17:56:49+00:00", + "VersionId": "v1" + }, + "ClientVPNServiceConnectionsRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceConnectionsRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-08-12T19:48:06+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "lambda:InvokeFunction" + ], + "Effect": "Allow", + "Resource": "arn:aws:lambda:*:*:function:AWSClientVPN-*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PG4VWZTEZ", + "PolicyName": "ClientVPNServiceConnectionsRolePolicy", + "UpdateDate": "2020-08-12T19:48:06+00:00", + "VersionId": "v1" }, "ClientVPNServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-12-10T21:20:25+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -23541,14 +43084,15 @@ aws_managed_policies_data = """ "ds:AuthorizeApplication", "ds:DescribeDirectories", "ds:GetDirectoryLimits", - "ds:ListAuthorizedApplications", "ds:UnauthorizeApplication", "logs:DescribeLogStreams", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "acm:GetCertificate", - "acm:DescribeCertificate" + "acm:DescribeCertificate", + "iam:GetSAMLProvider", + "lambda:GetFunctionConfiguration" ], "Effect": "Allow", "Resource": "*" @@ -23562,14 +43106,93 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI2SV25KUCYQYS5N74", "PolicyName": "ClientVPNServiceRolePolicy", - "UpdateDate": "2019-01-16T22:22:28+00:00", - "VersionId": "v2" + "UpdateDate": "2020-08-12T19:39:34+00:00", + "VersionId": "v5" + }, + "CloudFormationStackSetsOrgAdminServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgAdminServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-12-10T00:20:05+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "organizations:List*", + "organizations:Describe*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "AllowsAWSOrganizationsReadAPIs" + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/stacksets-exec-*", + "Sid": "AllowAssumeRoleInMemberAccounts" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JEQ3CDBDV", + "PolicyName": "CloudFormationStackSetsOrgAdminServiceRolePolicy", + "UpdateDate": "2019-12-10T00:20:05+00:00", + "VersionId": "v1" + }, + "CloudFormationStackSetsOrgMemberServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-12-09T23:52:37+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "iam:CreateRole", + "iam:DeleteRole", + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/stacksets-exec-*" + ] + }, + { + "Action": [ + "iam:DetachRolePolicy", + "iam:AttachRolePolicy" + ], + "Condition": { + "StringEquals": { + "iam:PolicyARN": "arn:aws:iam::aws:policy/AdministratorAccess" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/stacksets-exec-*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LHV6H6QDU", + "PolicyName": "CloudFormationStackSetsOrgMemberServiceRolePolicy", + "UpdateDate": "2019-12-09T23:52:37+00:00", + "VersionId": "v1" }, "CloudFrontFullAccess": { "Arn": "arn:aws:iam::aws:policy/CloudFrontFullAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:39:50+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -23585,10 +43208,27 @@ aws_managed_policies_data = """ "cloudfront:*", "iam:ListServerCertificates", "waf:ListWebACLs", - "waf:GetWebACL" + "waf:GetWebACL", + "wafv2:ListWebACLs", + "wafv2:GetWebACL", + "kinesis:ListStreams" ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "kinesis:DescribeStream" + ], + "Effect": "Allow", + "Resource": "arn:aws:kinesis:*:*:*" + }, + { + "Action": [ + "iam:ListRoles" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:*" } ], "Version": "2012-10-17" @@ -23599,14 +43239,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIPRV52SH6HDCCFY6U", "PolicyName": "CloudFrontFullAccess", - "UpdateDate": "2016-01-21T17:03:57+00:00", - "VersionId": "v3" + "UpdateDate": "2020-09-03T20:18:42+00:00", + "VersionId": "v6" }, "CloudFrontReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:39:55+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -23617,7 +43257,9 @@ aws_managed_policies_data = """ "iam:ListServerCertificates", "route53:List*", "waf:ListWebACLs", - "waf:GetWebACL" + "waf:GetWebACL", + "wafv2:ListWebACLs", + "wafv2:GetWebACL" ], "Effect": "Allow", "Resource": "*" @@ -23631,8 +43273,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJJZMNYOTZCNQP36LG", "PolicyName": "CloudFrontReadOnlyAccess", - "UpdateDate": "2016-01-21T17:03:28+00:00", - "VersionId": "v3" + "UpdateDate": "2020-02-19T19:49:16+00:00", + "VersionId": "v4" }, "CloudHSMServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudHSMServiceRolePolicy", @@ -23758,6 +43400,34 @@ aws_managed_policies_data = """ "UpdateDate": "2018-10-24T21:21:44+00:00", "VersionId": "v1" }, + "CloudWatch-CrossAccountAccess": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudWatch-CrossAccountAccess", + "AttachmentCount": 0, + "CreateDate": "2019-07-23T09:59:27+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/CloudWatch-CrossAccountSharing*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4OV6AFDA5J", + "PolicyName": "CloudWatch-CrossAccountAccess", + "UpdateDate": "2019-07-23T09:59:27+00:00", + "VersionId": "v1" + }, "CloudWatchActionsEC2Access": { "Arn": "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access", "AttachmentCount": 0, @@ -23832,12 +43502,13 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy", "AttachmentCount": 0, "CreateDate": "2018-03-07T01:06:44+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "cloudwatch:PutMetricData", + "ec2:DescribeVolumes", "ec2:DescribeTags", "logs:PutLogEvents", "logs:DescribeLogStreams", @@ -23864,9 +43535,141 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIGOPKN7KRDAKTLG4I", "PolicyName": "CloudWatchAgentServerPolicy", - "UpdateDate": "2018-03-07T01:06:44+00:00", + "UpdateDate": "2019-10-17T23:08:51+00:00", + "VersionId": "v2" + }, + "CloudWatchApplicationInsightsFullAccess": { + "Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-24T18:44:14+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "applicationinsights:*", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "application-insights.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MSQN23AKX", + "PolicyName": "CloudWatchApplicationInsightsFullAccess", + "UpdateDate": "2020-11-24T18:44:14+00:00", "VersionId": "v1" }, + "CloudWatchApplicationInsightsReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-24T18:48:00+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "applicationinsights:Describe*", + "applicationinsights:List*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AX4TJYLSI", + "PolicyName": "CloudWatchApplicationInsightsReadOnlyAccess", + "UpdateDate": "2020-11-24T18:48:00+00:00", + "VersionId": "v1" + }, + "CloudWatchAutomaticDashboardsAccess": { + "Arn": "arn:aws:iam::aws:policy/CloudWatchAutomaticDashboardsAccess", + "AttachmentCount": 0, + "CreateDate": "2019-07-23T10:01:08+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "autoscaling:DescribeAutoScalingGroups", + "cloudfront:GetDistribution", + "cloudfront:ListDistributions", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ecs:DescribeClusters", + "ecs:DescribeContainerInstances", + "ecs:ListClusters", + "ecs:ListContainerInstances", + "ecs:ListServices", + "elasticache:DescribeCacheClusters", + "elasticbeanstalk:DescribeEnvironments", + "elasticfilesystem:DescribeFileSystems", + "elasticloadbalancing:DescribeLoadBalancers", + "kinesis:DescribeStream", + "kinesis:ListStreams", + "lambda:GetFunction", + "lambda:ListFunctions", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances", + "resource-groups:ListGroupResources", + "resource-groups:ListGroups", + "route53:GetHealthCheck", + "route53:ListHealthChecks", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ListQueues", + "tag:GetResources" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "apigateway:GET" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:apigateway:*::/restapis*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JFCXGSE2Q", + "PolicyName": "CloudWatchAutomaticDashboardsAccess", + "UpdateDate": "2020-12-18T17:48:20+00:00", + "VersionId": "v3" + }, "CloudWatchEventsBuiltInTargetExecutionAccess": { "Arn": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess", "AttachmentCount": 0, @@ -24065,6 +43868,38 @@ aws_managed_policies_data = """ "UpdateDate": "2018-08-09T19:10:43+00:00", "VersionId": "v3" }, + "CloudWatchLambdaInsightsExecutionRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-10-07T19:27:06+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "logs:CreateLogGroup", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda-insights:*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EDWWYYDS6", + "PolicyName": "CloudWatchLambdaInsightsExecutionRolePolicy", + "UpdateDate": "2020-10-07T19:27:06+00:00", + "VersionId": "v1" + }, "CloudWatchLogsFullAccess": { "Arn": "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess", "AttachmentCount": 0, @@ -24127,7 +43962,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:40:01+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -24138,6 +43973,8 @@ aws_managed_policies_data = """ "cloudwatch:List*", "logs:Get*", "logs:List*", + "logs:StartQuery", + "logs:StopQuery", "logs:Describe*", "logs:TestMetricFilter", "logs:FilterLogEvents", @@ -24156,14 +43993,215 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJN23PDQP7SZQAE3QE", "PolicyName": "CloudWatchReadOnlyAccess", - "UpdateDate": "2018-05-10T21:40:42+00:00", - "VersionId": "v3" + "UpdateDate": "2020-07-17T17:49:09+00:00", + "VersionId": "v4" + }, + "CloudWatchSyntheticsFullAccess": { + "Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-11-25T17:39:46+00:00", + "DefaultVersionId": "v5", + "Document": { + "Statement": [ + { + "Action": [ + "synthetics:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:CreateBucket", + "s3:PutBucketEncryption", + "s3:PutEncryptionConfiguration" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::cw-syn-results-*" + ] + }, + { + "Action": [ + "iam:ListRoles", + "s3:ListAllMyBuckets", + "s3:GetBucketLocation", + "xray:GetTraceSummaries", + "xray:BatchGetTraces", + "apigateway:GET" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetObject", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::cw-syn-*" + }, + { + "Action": [ + "s3:GetObjectVersion" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::aws-synthetics-library-*" + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "lambda.amazonaws.com", + "synthetics.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" + ] + }, + { + "Action": [ + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" + ] + }, + { + "Action": [ + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudwatch:*:*:alarm:Synthetics-*" + ] + }, + { + "Action": [ + "cloudwatch:DescribeAlarms" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:cloudwatch:*:*:alarm:*" + ] + }, + { + "Action": [ + "lambda:CreateFunction", + "lambda:AddPermission", + "lambda:PublishVersion", + "lambda:UpdateFunctionConfiguration", + "lambda:GetFunctionConfiguration" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:function:cwsyn-*" + ] + }, + { + "Action": [ + "lambda:GetLayerVersionByArn", + "lambda:GetLayerVersion", + "lambda:PublishLayerVersion" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:lambda:*:*:layer:cwsyn-*", + "arn:aws:lambda:*:*:layer:Synthetics:*" + ] + }, + { + "Action": [ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "sns:ListTopics" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "sns:CreateTopic", + "sns:Subscribe", + "sns:ListSubscriptionsByTopic" + ], + "Effect": "Allow", + "Resource": [ + "arn:*:sns:*:*:Synthetics-*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MAGQWEZP4", + "PolicyName": "CloudWatchSyntheticsFullAccess", + "UpdateDate": "2021-01-27T20:12:41+00:00", + "VersionId": "v5" + }, + "CloudWatchSyntheticsReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-11-25T17:45:40+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "synthetics:Describe*", + "synthetics:Get*", + "synthetics:List*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4C7XDT2FFB", + "PolicyName": "CloudWatchSyntheticsReadOnlyAccess", + "UpdateDate": "2020-03-06T19:26:01+00:00", + "VersionId": "v2" }, "CloudwatchApplicationInsightsServiceLinkedRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-12-01T16:22:12+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v12", "Document": { "Statement": [ { @@ -24173,7 +44211,10 @@ aws_managed_policies_data = """ "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms" + "cloudwatch:DeleteAlarms", + "cloudwatch:PutAnomalyDetector", + "cloudwatch:DeleteAnomalyDetector", + "cloudwatch:DescribeAnomalyDetectors" ], "Effect": "Allow", "Resource": [ @@ -24182,6 +44223,7 @@ aws_managed_policies_data = """ }, { "Action": [ + "logs:FilterLogEvents", "logs:GetLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups" @@ -24204,7 +44246,8 @@ aws_managed_policies_data = """ "Action": [ "cloudFormation:CreateStack", "cloudFormation:UpdateStack", - "cloudFormation:DeleteStack" + "cloudFormation:DeleteStack", + "cloudFormation:DescribeStackResources" ], "Effect": "Allow", "Resource": [ @@ -24265,7 +44308,9 @@ aws_managed_policies_data = """ "Action": [ "ssm:PutParameter", "ssm:DeleteParameter", - "ssm:AddTagsToResource" + "ssm:AddTagsToResource", + "ssm:RemoveTagsFromResource", + "ssm:GetParameters" ], "Effect": "Allow", "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-ApplicationInsights-*" @@ -24302,7 +44347,122 @@ aws_managed_policies_data = """ }, { "Action": [ - "ec2:DescribeInstances" + "ssm:ListCommandInvocations" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "ssm:SendCommand", + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ssm:*:*:document/AWSEC2-CheckPerformanceCounterSets", + "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", + "arn:aws:ssm:*:*:document/AWSEC2-DetectWorkload" + ] + }, + { + "Action": [ + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ec2:DescribeVolumeStatus" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "rds:DescribeDBInstances", + "rds:DescribeDBClusters" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "lambda:GetFunctionConfiguration", + "lambda:ListEventSourceMappings" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "events:DeleteRule" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:events:*:*:rule/AmazonCloudWatch-ApplicationInsights-*" + ] + }, + { + "Action": [ + "xray:GetServiceGraph", + "xray:GetTraceSummaries", + "xray:GetTimeSeriesServiceStatistics", + "xray:GetTraceGraph" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "dynamodb:DescribeTable", + "dynamodb:DescribeContributorInsights", + "dynamodb:DescribeTimeToLive" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "application-autoscaling:DescribeScalableTargets" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "s3:GetMetricsConfiguration", + "s3:GetReplicationConfiguration" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "states:DescribeExecution", + "states:DescribeStateMachine", + "states:GetExecutionHistory" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "apigateway:GET" ], "Effect": "Allow", "Resource": [ @@ -24318,8 +44478,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJH3SHQERZRQMQOQ44", "PolicyName": "CloudwatchApplicationInsightsServiceLinkedRolePolicy", - "UpdateDate": "2019-05-24T18:26:41+00:00", - "VersionId": "v3" + "UpdateDate": "2021-01-19T20:27:15+00:00", + "VersionId": "v12" }, "ComprehendDataAccessRolePolicy": { "Arn": "arn:aws:iam::aws:policy/service-role/ComprehendDataAccessRolePolicy", @@ -24411,7 +44571,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/ComprehendReadOnly", "AttachmentCount": 0, "CreateDate": "2017-11-29T18:10:19+00:00", - "DefaultVersionId": "v5", + "DefaultVersionId": "v7", "Document": { "Statement": [ { @@ -24422,10 +44582,12 @@ aws_managed_policies_data = """ "comprehend:BatchDetectEntities", "comprehend:DetectKeyPhrases", "comprehend:BatchDetectKeyPhrases", + "comprehend:DetectPiiEntities", "comprehend:DetectSentiment", "comprehend:BatchDetectSentiment", "comprehend:DetectSyntax", "comprehend:BatchDetectSyntax", + "comprehend:ClassifyDocument", "comprehend:DescribeTopicsDetectionJob", "comprehend:ListTopicsDetectionJobs", "comprehend:DescribeDominantLanguageDetectionJob", @@ -24434,6 +44596,8 @@ aws_managed_policies_data = """ "comprehend:ListEntitiesDetectionJobs", "comprehend:DescribeKeyPhrasesDetectionJob", "comprehend:ListKeyPhrasesDetectionJobs", + "comprehend:DescribePiiEntitiesDetectionJob", + "comprehend:ListPiiEntitiesDetectionJobs", "comprehend:DescribeSentimentDetectionJob", "comprehend:ListSentimentDetectionJobs", "comprehend:DescribeDocumentClassifier", @@ -24441,7 +44605,10 @@ aws_managed_policies_data = """ "comprehend:DescribeDocumentClassificationJob", "comprehend:ListDocumentClassificationJobs", "comprehend:DescribeEntityRecognizer", - "comprehend:ListEntityRecognizers" + "comprehend:ListEntityRecognizers", + "comprehend:ListTagsForResource", + "comprehend:DescribeEndpoint", + "comprehend:ListEndpoints" ], "Effect": "Allow", "Resource": "*" @@ -24455,8 +44622,204 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJIUV5K2YCHQBBAH7G", "PolicyName": "ComprehendReadOnly", - "UpdateDate": "2018-11-20T01:54:51+00:00", - "VersionId": "v5" + "UpdateDate": "2020-09-17T19:01:28+00:00", + "VersionId": "v7" + }, + "ComputeOptimizerReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/ComputeOptimizerReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-03-07T00:11:02+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "compute-optimizer:DescribeRecommendationExportJobs", + "compute-optimizer:GetEnrollmentStatus", + "compute-optimizer:GetRecommendationSummaries", + "compute-optimizer:GetEC2InstanceRecommendations", + "compute-optimizer:GetEC2RecommendationProjectedMetrics", + "compute-optimizer:GetAutoScalingGroupRecommendations", + "compute-optimizer:GetEBSVolumeRecommendations", + "compute-optimizer:GetLambdaFunctionRecommendations", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "autoscaling:DescribeAutoScalingGroups", + "lambda:ListFunctions", + "lambda:ListProvisionedConcurrencyConfigs", + "cloudwatch:GetMetricData", + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:DescribeAccount" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FI27MEARJ", + "PolicyName": "ComputeOptimizerReadOnlyAccess", + "UpdateDate": "2020-12-23T18:00:54+00:00", + "VersionId": "v3" + }, + "ComputeOptimizerServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-12-03T08:45:19+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "compute-optimizer:*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ComputeOptimizerFullAccess" + }, + { + "Action": [ + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "AwsOrgsAccess" + }, + { + "Action": [ + "cloudwatch:GetMetricData" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "CloudWatchAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4HPOQZNRNJ", + "PolicyName": "ComputeOptimizerServiceRolePolicy", + "UpdateDate": "2019-12-03T08:45:19+00:00", + "VersionId": "v1" + }, + "ConfigConformsServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-07-25T21:38:05+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "config:PutConfigRule", + "config:DeleteConfigRule", + "config:DescribeConfigRules" + ], + "Effect": "Allow", + "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*" + }, + { + "Action": [ + "config:DescribeRemediationConfigurations", + "config:DeleteRemediationConfiguration", + "config:PutRemediationConfigurations" + ], + "Effect": "Allow", + "Resource": "arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.amazonaws.com*" + }, + { + "Action": [ + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/*" + }, + { + "Action": [ + "iam:GetRole" + ], + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringLike": { + "iam:AWSServiceName": "remediation.config.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "ssm.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ssm:DescribeDocument", + "ssm:GetDocument" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:PutObject", + "s3:PutObjectAcl", + "s3:GetObject", + "s3:GetBucketAcl" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::awsconfigconforms*" + }, + { + "Action": [ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:GetStackPolicy", + "cloudformation:SetStackPolicy", + "cloudformation:UpdateStack", + "cloudformation:UpdateTerminationProtection", + "cloudformation:ValidateTemplate", + "cloudformation:ListStackResources" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudformation:*:*:stack/awsconfigconforms-*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4BCH3IIJPN", + "PolicyName": "ConfigConformsServiceRolePolicy", + "UpdateDate": "2019-11-13T18:29:21+00:00", + "VersionId": "v4" }, "DAXServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/DAXServiceRolePolicy", @@ -24499,7 +44862,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/job-function/DataScientist", "AttachmentCount": 0, "CreateDate": "2016-11-10T17:28:48+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -24527,6 +44890,7 @@ aws_managed_policies_data = """ "elasticmapreduce:*", "es:*", "firehose:*", + "fsx:DescribeFileSystems", "iam:GetInstanceProfile", "iam:GetRole", "iam:GetPolicy", @@ -24552,8 +44916,7 @@ aws_managed_policies_data = """ "s3:CreateBucket", "sns:CreateTopic", "sns:Get*", - "sns:List*", - "sagemaker:*" + "sns:List*" ], "Effect": "Allow", "Resource": "*" @@ -24565,6 +44928,7 @@ aws_managed_policies_data = """ "s3:Get*", "s3:List*", "s3:PutAccelerateConfiguration", + "s3:PutBucketCors", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketTagging", @@ -24611,6 +44975,47 @@ aws_managed_policies_data = """ }, "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "sagemaker:*" + ], + "Effect": "Allow", + "NotResource": [ + "arn:aws:sagemaker:*:*:domain/*", + "arn:aws:sagemaker:*:*:user-profile/*", + "arn:aws:sagemaker:*:*:app/*", + "arn:aws:sagemaker:*:*:flow-definition/*" + ] + }, + { + "Action": [ + "sagemaker:CreatePresignedDomainUrl", + "sagemaker:DescribeDomain", + "sagemaker:ListDomains", + "sagemaker:DescribeUserProfile", + "sagemaker:ListUserProfiles", + "sagemaker:*App", + "sagemaker:ListApps" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "sagemaker:*FlowDefinition", + "sagemaker:*FlowDefinitions" + ], + "Condition": { + "StringEqualsIfExists": { + "sagemaker:WorkteamType": [ + "private-crowd", + "vendor-crowd" + ] + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -24621,8 +45026,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ5YHI2BQW7EQFYDXS", "PolicyName": "DataScientist", - "UpdateDate": "2019-01-18T19:26:23+00:00", - "VersionId": "v3" + "UpdateDate": "2019-12-03T16:48:34+00:00", + "VersionId": "v5" }, "DatabaseAdministrator": { "Arn": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator", @@ -24737,11 +45142,83 @@ aws_managed_policies_data = """ "UpdateDate": "2019-01-08T00:48:02+00:00", "VersionId": "v2" }, + "DynamoDBCloudWatchContributorInsightsServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-15T21:13:58+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "cloudwatch:DeleteInsightRules", + "cloudwatch:PutInsightRule" + ], + "Effect": "Allow", + "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" + }, + { + "Action": [ + "cloudwatch:DescribeInsightRules" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4G4VWJTRGV", + "PolicyName": "DynamoDBCloudWatchContributorInsightsServiceRolePolicy", + "UpdateDate": "2019-11-15T21:13:58+00:00", + "VersionId": "v1" + }, + "DynamoDBKinesisReplicationServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-11-12T00:43:25+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "kms:GenerateDataKey", + "Condition": { + "StringLike": { + "kms:ViaService": "kinesis.*.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kinesis:PutRecord", + "kinesis:PutRecords", + "kinesis:DescribeStream" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4A745YPIYL", + "PolicyName": "DynamoDBKinesisReplicationServiceRolePolicy", + "UpdateDate": "2020-11-12T00:43:25+00:00", + "VersionId": "v1" + }, "DynamoDBReplicationServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-11-09T23:55:34+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -24751,11 +45228,14 @@ aws_managed_policies_data = """ "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", + "dynamodb:UpdateTable", "dynamodb:Scan", "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:DescribeTimeToLive", + "dynamodb:UpdateTimeToLive", + "dynamodb:DescribeLimits", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:PutScalingPolicy", @@ -24787,14 +45267,296 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJCUNRXL4BWASNJED2", "PolicyName": "DynamoDBReplicationServiceRolePolicy", - "UpdateDate": "2018-07-02T21:48:12+00:00", + "UpdateDate": "2020-09-09T18:43:04+00:00", + "VersionId": "v6" + }, + "EC2FleetTimeShiftableServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/EC2FleetTimeShiftableServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-12-23T19:47:15+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:DescribeInstances", + "ec2:RunInstances", + "ec2:CreateFleet" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "iam:PassRole" + ], + "Condition": { + "StringEquals": { + "iam:PassedToService": [ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:spot-instances-request/*" + ] + }, + { + "Action": [ + "ec2:TerminateInstances" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:ec2:fleet-id": "*" + } + }, + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IU3TFNWBH", + "PolicyName": "EC2FleetTimeShiftableServiceRolePolicy", + "UpdateDate": "2019-12-23T19:47:15+00:00", + "VersionId": "v1" + }, + "EC2InstanceConnect": { + "Arn": "arn:aws:iam::aws:policy/EC2InstanceConnect", + "AttachmentCount": 0, + "CreateDate": "2019-06-27T18:53:34+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ec2:DescribeInstances", + "ec2-instance-connect:SendSSHPublicKey" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "EC2InstanceConnect" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PBRCMEYY5", + "PolicyName": "EC2InstanceConnect", + "UpdateDate": "2019-06-27T18:53:34+00:00", + "VersionId": "v1" + }, + "EC2InstanceProfileForImageBuilder": { + "Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder", + "AttachmentCount": 0, + "CreateDate": "2019-12-01T19:08:23+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "imagebuilder:GetComponent" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "imagebuilder.amazonaws.com" + ], + "kms:EncryptionContextKeys": "aws:imagebuilder:arn" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::ec2imagebuilder*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EJC2UPLYL", + "PolicyName": "EC2InstanceProfileForImageBuilder", + "UpdateDate": "2020-08-27T16:40:50+00:00", "VersionId": "v3" }, + "EC2InstanceProfileForImageBuilderECRContainerBuilds": { + "Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds", + "AttachmentCount": 0, + "CreateDate": "2020-12-11T19:48:15+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "imagebuilder:GetComponent", + "imagebuilder:GetContainerRecipe", + "ecr:GetAuthorizationToken", + "ecr:BatchGetImage", + "ecr:InitiateLayerUpload", + "ecr:UploadLayerPart", + "ecr:CompleteLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:PutImage" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt" + ], + "Condition": { + "ForAnyValue:StringEquals": { + "aws:CalledVia": [ + "imagebuilder.amazonaws.com" + ], + "kms:EncryptionContextKeys": "aws:imagebuilder:arn" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "s3:GetObject" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::ec2imagebuilder*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4C32QNC6KD", + "PolicyName": "EC2InstanceProfileForImageBuilderECRContainerBuilds", + "UpdateDate": "2020-12-11T19:48:15+00:00", + "VersionId": "v1" + }, + "ECRReplicationServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-12-04T22:11:28+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "ecr:CreateRepository", + "ecr:ReplicateImage" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NS3XDKIDR", + "PolicyName": "ECRReplicationServiceRolePolicy", + "UpdateDate": "2020-12-04T22:11:28+00:00", + "VersionId": "v1" + }, + "Ec2ImageBuilderCrossAccountDistributionAccess": { + "Arn": "arn:aws:iam::aws:policy/Ec2ImageBuilderCrossAccountDistributionAccess", + "AttachmentCount": 0, + "CreateDate": "2020-09-30T19:22:54+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "ec2:CreateTags", + "Effect": "Allow", + "Resource": "arn:aws:ec2:*::image/*" + }, + { + "Action": [ + "ec2:DescribeImages", + "ec2:CopyImage", + "ec2:ModifyImageAttribute" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4PHZOLIXKT", + "PolicyName": "Ec2ImageBuilderCrossAccountDistributionAccess", + "UpdateDate": "2020-09-30T19:22:54+00:00", + "VersionId": "v1" + }, "ElastiCacheServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2017-12-07T17:50:04+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -24810,7 +45572,12 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress" + "ec2:RevokeSecurityGroupIngress", + "cloudwatch:PutMetricData", + "outposts:GetOutpost", + "outposts:GetOutpostInstanceTypes", + "outposts:ListOutposts", + "outposts:ListSites" ], "Effect": "Allow", "Resource": "*" @@ -24824,14 +45591,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIML5LIBUZBVCSF7PI", "PolicyName": "ElastiCacheServiceRolePolicy", - "UpdateDate": "2017-12-07T17:50:04+00:00", - "VersionId": "v1" + "UpdateDate": "2020-02-06T21:27:13+00:00", + "VersionId": "v3" }, "ElasticLoadBalancingFullAccess": { "Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess", "AttachmentCount": 0, "CreateDate": "2018-09-20T20:42:07+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -24852,6 +45619,8 @@ aws_managed_policies_data = """ "ec2:DescribeNetworkInterfaces", "ec2:DescribeClassicLinkInstances", "ec2:DescribeRouteTables", + "ec2:DescribeCoipPools", + "ec2:GetCoipPoolUsage", "cognito-idp:DescribeUserPoolClient" ], "Effect": "Allow", @@ -24876,8 +45645,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIDPMLA3IUIOQCISJ4", "PolicyName": "ElasticLoadBalancingFullAccess", - "UpdateDate": "2019-03-25T21:33:12+00:00", - "VersionId": "v4" + "UpdateDate": "2020-12-04T20:01:39+00:00", + "VersionId": "v5" }, "ElasticLoadBalancingReadOnly": { "Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingReadOnly", @@ -24912,11 +45681,201 @@ aws_managed_policies_data = """ "UpdateDate": "2018-09-20T20:17:09+00:00", "VersionId": "v1" }, + "ElementalActivationsDownloadSoftwareAccess": { + "Arn": "arn:aws:iam::aws:policy/ElementalActivationsDownloadSoftwareAccess", + "AttachmentCount": 0, + "CreateDate": "2020-09-08T17:26:09+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "elemental-activations:Get*", + "elemental-activations:Download*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IQVGBB6WY", + "PolicyName": "ElementalActivationsDownloadSoftwareAccess", + "UpdateDate": "2020-09-08T17:26:09+00:00", + "VersionId": "v1" + }, + "ElementalActivationsFullAccess": { + "Arn": "arn:aws:iam::aws:policy/ElementalActivationsFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-06-04T21:00:13+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "elemental-activations:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IYX6A6CKJ", + "PolicyName": "ElementalActivationsFullAccess", + "UpdateDate": "2020-06-04T21:00:13+00:00", + "VersionId": "v1" + }, + "ElementalActivationsGenerateLicenses": { + "Arn": "arn:aws:iam::aws:policy/ElementalActivationsGenerateLicenses", + "AttachmentCount": 0, + "CreateDate": "2020-08-28T18:28:58+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "elemental-activations:Get*", + "elemental-activations:GenerateLicenses", + "elemental-activations:StartFileUpload", + "elemental-activations:CompleteFileUpload" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LVMPXPYYJ", + "PolicyName": "ElementalActivationsGenerateLicenses", + "UpdateDate": "2020-08-28T18:28:58+00:00", + "VersionId": "v1" + }, + "ElementalActivationsReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/ElementalActivationsReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-08-28T16:51:01+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "elemental-activations:Get*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JBRIPMTYG", + "PolicyName": "ElementalActivationsReadOnlyAccess", + "UpdateDate": "2020-08-28T16:51:01+00:00", + "VersionId": "v1" + }, + "ElementalAppliancesSoftwareFullAccess": { + "Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-07-31T16:28:53+00:00", + "DefaultVersionId": "v4", + "Document": { + "Statement": [ + { + "Action": [ + "elemental-appliances-software:*", + "elemental-activations:CompleteAccountRegistration" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4DHARJPIR5", + "PolicyName": "ElementalAppliancesSoftwareFullAccess", + "UpdateDate": "2021-02-05T21:01:25+00:00", + "VersionId": "v4" + }, + "ElementalAppliancesSoftwareReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2020-04-01T22:31:09+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "elemental-appliances-software:List*", + "elemental-appliances-software:Get*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4CLKYU5WOM", + "PolicyName": "ElementalAppliancesSoftwareReadOnlyAccess", + "UpdateDate": "2020-04-01T22:31:09+00:00", + "VersionId": "v1" + }, + "ElementalSupportCenterFullAccess": { + "Arn": "arn:aws:iam::aws:policy/ElementalSupportCenterFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-11-25T18:08:30+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "elemental-support-cases:*", + "elemental-support-content:*", + "elemental-activations:CompleteAccountRegistration" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ECPR57WVQ", + "PolicyName": "ElementalSupportCenterFullAccess", + "UpdateDate": "2021-02-05T21:02:54+00:00", + "VersionId": "v2" + }, "FMSServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/FMSServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-03-28T23:01:12+00:00", - "DefaultVersionId": "v7", + "DefaultVersionId": "v17", "Document": { "Statement": [ { @@ -24935,7 +45894,8 @@ aws_managed_policies_data = """ "waf-regional:AssociateWebACL", "waf-regional:DisassociateWebACL", "elasticloadbalancing:SetWebACL", - "apigateway:SetWebACL" + "apigateway:SetWebACL", + "elasticloadbalancing:SetSecurityGroups" ], "Effect": "Allow", "Resource": [ @@ -24947,6 +45907,19 @@ aws_managed_policies_data = """ "arn:aws:apigateway:*::/restapis/*/stages/*" ] }, + { + "Action": [ + "wafv2:PutLoggingConfiguration", + "wafv2:GetLoggingConfiguration", + "wafv2:ListLoggingConfigurations", + "wafv2:DeleteLoggingConfiguration" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:wafv2:*:*:regional/webacl/*", + "arn:aws:wafv2:*:*:global/webacl/*" + ] + }, { "Action": [ "waf:CreateWebACL", @@ -24960,6 +45933,13 @@ aws_managed_policies_data = """ "arn:aws:waf-regional:*" ] }, + { + "Action": [ + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer" + ], + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "waf:PutPermissionPolicy", @@ -24981,7 +45961,8 @@ aws_managed_policies_data = """ "Action": [ "cloudfront:GetDistribution", "cloudfront:UpdateDistribution", - "cloudfront:ListDistributionsByWebACLId" + "cloudfront:ListDistributionsByWebACLId", + "cloudfront:ListDistributions" ], "Effect": "Allow", "Resource": "*" @@ -25009,7 +45990,9 @@ aws_managed_policies_data = """ "config:DescribeDeliveryChannels", "config:DescribeDeliveryChannelStatus", "config:GetComplianceSummaryByConfigRule", - "config:GetDiscoveredResourceCounts" + "config:GetDiscoveredResourceCounts", + "config:PutEvaluations", + "config:SelectResourceConfig" ], "Effect": "Allow", "Resource": "*" @@ -25028,7 +46011,13 @@ aws_managed_policies_data = """ "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", - "organizations:ListAccounts" + "organizations:ListAccounts", + "organizations:DescribeOrganizationalUnit", + "organizations:ListChildren", + "organizations:ListRoots", + "organizations:ListParents", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListAWSServiceAccessForOrganization" ], "Effect": "Allow", "Resource": [ @@ -25053,6 +46042,313 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:UpdateSecurityGroupRuleDescriptionsEgress", + "ec2:UpdateSecurityGroupRuleDescriptionsIngress", + "ec2:DescribeNetworkInterfaceAttribute" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action": [ + "ec2:CreateTags" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action": [ + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroupReferences", + "ec2:DescribeSecurityGroups", + "ec2:DescribeStaleSecurityGroups", + "ec2:DescribeNetworkInterfaces", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": [ + "wafv2:TagResource", + "wafv2:ListResourcesForWebACL", + "wafv2:AssociateWebACL", + "wafv2:ListTagsForResource", + "wafv2:UntagResource", + "wafv2:GetWebACL", + "wafv2:DisassociateFirewallManager", + "wafv2:DeleteWebACL", + "wafv2:DisassociateWebACL" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:wafv2:*:*:global/webacl/*", + "arn:aws:wafv2:*:*:regional/webacl/*" + ] + }, + { + "Action": [ + "wafv2:UpdateWebACL", + "wafv2:CreateWebACL", + "wafv2:DeleteFirewallManagerRuleGroups", + "wafv2:PutFirewallManagerRuleGroups" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:wafv2:*:*:global/webacl/*", + "arn:aws:wafv2:*:*:regional/webacl/*", + "arn:aws:wafv2:*:*:global/rulegroup/*", + "arn:aws:wafv2:*:*:regional/rulegroup/*", + "arn:aws:wafv2:*:*:global/managedruleset/*", + "arn:aws:wafv2:*:*:regional/managedruleset/*", + "arn:aws:wafv2:*:*:global/ipset/*", + "arn:aws:wafv2:*:*:regional/ipset/*", + "arn:aws:wafv2:*:*:global/regexpatternset/*", + "arn:aws:wafv2:*:*:regional/regexpatternset/*" + ] + }, + { + "Action": [ + "wafv2:PutPermissionPolicy", + "wafv2:GetPermissionPolicy", + "wafv2:DeletePermissionPolicy" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:wafv2:*:*:global/rulegroup/*", + "arn:aws:wafv2:*:*:regional/rulegroup/*" + ] + }, + { + "Action": [ + "cloudfront:ListTagsForResource" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "wafv2:GetWebACLForResource" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:wafv2:*:*:regional/webacl/*" + ] + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "Name", + "FMManaged" + ] + }, + "StringEquals": { + "ec2:CreateAction": "CreateRouteTable" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:route-table/*" + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "Name", + "FMManaged" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Action": "ec2:DeleteRouteTable", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/FMManaged": "true" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:route-table/*" + }, + { + "Action": [ + "ec2:AssociateRouteTable", + "ec2:CreateSubnet", + "ec2:CreateRouteTable", + "ec2:DeleteSubnet", + "ec2:DisassociateRouteTable", + "ec2:ReplaceRouteTableAssociation" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeInternetGateways", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcEndpoints" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ram:TagResource" + ], + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "Name", + "FMManaged" + ] + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ram:*:*:resource-share/*" + ] + }, + { + "Action": [ + "ram:AssociateResourceShare", + "ram:UpdateResourceShare", + "ram:DeleteResourceShare" + ], + "Condition": { + "StringEquals": { + "aws:ResourceTag/FMManaged": "true" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ram:*:*:resource-share/*" + }, + { + "Action": "ram:CreateResourceShare", + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "Name", + "FMManaged" + ] + }, + "StringEquals": { + "aws:RequestTag/FMManaged": [ + "true" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ram:GetResourceShareAssociations", + "ram:GetResourceShares" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "ram" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": [ + "network-firewall.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:GetRole", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "network-firewall:TagResource" + ], + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": [ + "Name", + "FMManaged" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "network-firewall:AssociateSubnets", + "network-firewall:CreateFirewall", + "network-firewall:CreateFirewallPolicy", + "network-firewall:DisassociateSubnets", + "network-firewall:UpdateFirewallDeleteProtection", + "network-firewall:UpdateFirewallPolicy", + "network-firewall:UpdateFirewallPolicyChangeProtection", + "network-firewall:UpdateSubnetChangeProtection", + "network-firewall:AssociateFirewallPolicy", + "network-firewall:DescribeFirewall", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:DescribeRuleGroup", + "network-firewall:ListFirewallPolicies", + "network-firewall:ListFirewalls", + "network-firewall:ListRuleGroups", + "network-firewall:PutResourcePolicy", + "network-firewall:DescribeResourcePolicy", + "network-firewall:DeleteResourcePolicy" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "network-firewall:DeleteFirewallPolicy", + "network-firewall:DeleteFirewall" + ], + "Condition": { + "StringEquals": { + "aws:ResourceTag/FMManaged": "true" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "logs:ListLogDeliveries" + ], + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -25063,8 +46359,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI62NTGYJB446ACUEA", "PolicyName": "FMSServiceRolePolicy", - "UpdateDate": "2019-03-08T18:02:51+00:00", - "VersionId": "v7" + "UpdateDate": "2020-11-17T17:35:16+00:00", + "VersionId": "v17" }, "FSxDeleteServiceLinkedRoleAccess": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/FSxDeleteServiceLinkedRoleAccess", @@ -25094,17 +46390,69 @@ aws_managed_policies_data = """ "UpdateDate": "2018-11-28T10:40:24+00:00", "VersionId": "v1" }, - "GlobalAcceleratorFullAccess": { - "Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess", + "GameLiftGameServerGroupPolicy": { + "Arn": "arn:aws:iam::aws:policy/GameLiftGameServerGroupPolicy", "AttachmentCount": 0, - "CreateDate": "2018-11-27T02:44:44+00:00", - "DefaultVersionId": "v1", + "CreateDate": "2020-04-03T23:12:19+00:00", + "DefaultVersionId": "v3", "Document": { "Statement": [ + { + "Action": "ec2:TerminateInstances", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/GameLift": "GameServerGroups" + } + }, + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ - "globalaccelerator:*" + "autoscaling:CompleteLifecycleAction", + "autoscaling:ResumeProcesses", + "autoscaling:EnterStandby", + "autoscaling:SetInstanceProtection", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:SuspendProcesses", + "autoscaling:DetachInstances" ], + "Condition": { + "StringEquals": { + "aws:ResourceTag/GameLift": "GameServerGroups" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeImages", + "ec2:DescribeInstances", + "autoscaling:DescribeAutoScalingGroups", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeSubnets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": [ + "arn:*:sns:*:*:ActivatingLifecycleHookTopic-*", + "arn:*:sns:*:*:TerminatingLifecycleHookTopic-*" + ] + }, + { + "Action": [ + "cloudwatch:PutMetricData" + ], + "Condition": { + "StringEquals": { + "cloudwatch:namespace": "AWS/GameLift" + } + }, "Effect": "Allow", "Resource": "*" } @@ -25115,10 +46463,62 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JTX4JYBF6", + "PolicyName": "GameLiftGameServerGroupPolicy", + "UpdateDate": "2020-05-13T17:27:43+00:00", + "VersionId": "v3" + }, + "GlobalAcceleratorFullAccess": { + "Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess", + "AttachmentCount": 0, + "CreateDate": "2018-11-27T02:44:44+00:00", + "DefaultVersionId": "v6", + "Document": { + "Statement": [ + { + "Action": [ + "globalaccelerator:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "elasticloadbalancing:DescribeLoadBalancers", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeAddresses", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeRegions", + "ec2:DescribeSubnets" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "globalaccelerator.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:iam::*:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJ3NSRQKPB42BCNRT6", "PolicyName": "GlobalAcceleratorFullAccess", - "UpdateDate": "2018-11-27T02:44:44+00:00", - "VersionId": "v1" + "UpdateDate": "2020-12-04T19:17:26+00:00", + "VersionId": "v6" }, "GlobalAcceleratorReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorReadOnlyAccess", @@ -25176,15 +46576,185 @@ aws_managed_policies_data = """ "UpdateDate": "2018-12-18T00:59:43+00:00", "VersionId": "v2" }, - "IAMFullAccess": { - "Arn": "arn:aws:iam::aws:policy/IAMFullAccess", + "Health_OrganizationsServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/Health_OrganizationsServiceRolePolicy", "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:38+00:00", + "CreateDate": "2019-12-16T13:28:21+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": "organizations:ListAccounts", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "organizations:ListAWSServiceAccessForOrganization", + "Effect": "Allow", + "Resource": "*", + "Sid": "ListAWSServiceAccessForOrganization0" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4EZKGOJYHQ", + "PolicyName": "Health_OrganizationsServiceRolePolicy", + "UpdateDate": "2020-06-08T12:48:44+00:00", + "VersionId": "v2" + }, + "IAMAccessAdvisorReadOnly": { + "Arn": "arn:aws:iam::aws:policy/IAMAccessAdvisorReadOnly", + "AttachmentCount": 0, + "CreateDate": "2019-06-21T19:33:45+00:00", "DefaultVersionId": "v1", "Document": { "Statement": [ { - "Action": "iam:*", + "Action": [ + "iam:ListRoles", + "iam:ListUsers", + "iam:ListGroups", + "iam:ListPolicies", + "iam:ListPoliciesGrantingServiceAccess", + "iam:GenerateServiceLastAccessedDetails", + "iam:GenerateOrganizationsAccessReport", + "iam:GenerateCredentialReport", + "iam:GetRole", + "iam:GetPolicy", + "iam:GetServiceLastAccessedDetails", + "iam:GetServiceLastAccessedDetailsWithEntities", + "iam:GetOrganizationsAccessReport", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribePolicy", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListPoliciesForTarget", + "organizations:ListRoots", + "organizations:ListPolicies", + "organizations:ListTargetsForPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FNDX5PG6Z", + "PolicyName": "IAMAccessAdvisorReadOnly", + "UpdateDate": "2019-06-21T19:33:45+00:00", + "VersionId": "v1" + }, + "IAMAccessAnalyzerFullAccess": { + "Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerFullAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-02T17:12:40+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "access-analyzer:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:CreateServiceLinkedRole", + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "access-analyzer.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListChildren", + "organizations:ListDelegatedAdministrators", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListParents", + "organizations:ListRoots" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4MAZGHIYZN", + "PolicyName": "IAMAccessAnalyzerFullAccess", + "UpdateDate": "2019-12-02T17:12:40+00:00", + "VersionId": "v1" + }, + "IAMAccessAnalyzerReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-12-02T17:12:53+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "access-analyzer:Get*", + "access-analyzer:List*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GY4R3GAPM", + "PolicyName": "IAMAccessAnalyzerReadOnlyAccess", + "UpdateDate": "2019-12-02T17:12:53+00:00", + "VersionId": "v1" + }, + "IAMFullAccess": { + "Arn": "arn:aws:iam::aws:policy/IAMFullAccess", + "AttachmentCount": 0, + "CreateDate": "2015-02-06T18:40:38+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "iam:*", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribePolicy", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListPoliciesForTarget", + "organizations:ListRoots", + "organizations:ListPolicies", + "organizations:ListTargetsForPolicy" + ], "Effect": "Allow", "Resource": "*" } @@ -25197,8 +46767,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI7XKCFMBPM3QQRRVQ", "PolicyName": "IAMFullAccess", - "UpdateDate": "2015-02-06T18:40:38+00:00", - "VersionId": "v1" + "UpdateDate": "2019-06-21T19:40:00+00:00", + "VersionId": "v2" }, "IAMReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/IAMReadOnlyAccess", @@ -25263,7 +46833,7 @@ aws_managed_policies_data = """ }, "IAMUserChangePassword": { "Arn": "arn:aws:iam::aws:policy/IAMUserChangePassword", - "AttachmentCount": 1, + "AttachmentCount": 0, "CreateDate": "2016-11-15T00:25:16+00:00", "DefaultVersionId": "v2", "Document": { @@ -25326,11 +46896,39 @@ aws_managed_policies_data = """ "UpdateDate": "2015-07-09T17:08:54+00:00", "VersionId": "v1" }, + "IVSRecordToS3": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/IVSRecordToS3", + "AttachmentCount": 0, + "CreateDate": "2020-12-05T00:10:43+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::AWSIVS_*/ivs/*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4M65NGVKOJ", + "PolicyName": "IVSRecordToS3", + "UpdateDate": "2020-12-05T00:10:43+00:00", + "VersionId": "v1" + }, "KafkaServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy", "AttachmentCount": 0, "CreateDate": "2018-11-15T23:31:48+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -25341,10 +46939,26 @@ aws_managed_policies_data = """ "ec2:AttachNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DetachNetworkInterface", - "acm-pca:GetCertificateAuthorityCertificate" + "acm-pca:GetCertificateAuthorityCertificate", + "secretsmanager:ListSecrets" ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "secretsmanager:GetResourcePolicy", + "secretsmanager:PutResourcePolicy", + "secretsmanager:DeleteResourcePolicy", + "secretsmanager:DescribeSecret" + ], + "Condition": { + "ArnLike": { + "secretsmanager:SecretId": "arn:*:secretsmanager:*:*:secret:AmazonMSK_*" + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -25355,14 +46969,42 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJUXPRZ76MAP2EVQJU", "PolicyName": "KafkaServiceRolePolicy", - "UpdateDate": "2019-05-23T19:58:58+00:00", - "VersionId": "v2" + "UpdateDate": "2020-08-26T20:40:53+00:00", + "VersionId": "v3" }, - "LexBotPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy", + "LakeFormationDataAccessServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy", "AttachmentCount": 0, - "CreateDate": "2017-02-17T22:18:13+00:00", + "CreateDate": "2019-06-20T20:46:19+00:00", "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "s3:ListAllMyBuckets" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4N342E3KHW", + "PolicyName": "LakeFormationDataAccessServiceRolePolicy", + "UpdateDate": "2019-06-20T20:46:19+00:00", + "VersionId": "v1" + }, + "LexBotPolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy", + "AttachmentCount": 0, + "CreateDate": "2017-02-17T22:18:13+00:00", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -25373,6 +47015,15 @@ aws_managed_policies_data = """ "Resource": [ "*" ] + }, + { + "Action": [ + "comprehend:DetectSentiment" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" @@ -25383,8 +47034,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJJ3NZRBBQKSESXXJC", "PolicyName": "LexBotPolicy", - "UpdateDate": "2017-02-17T22:18:13+00:00", - "VersionId": "v1" + "UpdateDate": "2019-11-13T22:29:16+00:00", + "VersionId": "v2" }, "LexChannelPolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy", @@ -25449,11 +47100,209 @@ aws_managed_policies_data = """ "UpdateDate": "2018-09-28T16:35:54+00:00", "VersionId": "v1" }, + "MediaPackageServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/MediaPackageServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-09-18T17:45:47+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*:log-stream:*" + }, + { + "Action": [ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams" + ], + "Effect": "Allow", + "Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4GXH4HDK6N", + "PolicyName": "MediaPackageServiceRolePolicy", + "UpdateDate": "2020-09-18T17:45:47+00:00", + "VersionId": "v1" + }, + "MigrationHubDMSAccessServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubDMSAccessServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-06-12T17:50:39+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": "mgh:CreateProgressUpdateStream", + "Effect": "Allow", + "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS" + }, + { + "Action": [ + "mgh:DescribeMigrationTask", + "mgh:AssociateDiscoveredResource", + "mgh:ListDiscoveredResources", + "mgh:ImportMigrationTask", + "mgh:ListCreatedArtifacts", + "mgh:DisassociateDiscoveredResource", + "mgh:AssociateCreatedArtifact", + "mgh:NotifyMigrationTaskState", + "mgh:DisassociateCreatedArtifact", + "mgh:PutResourceAttributes" + ], + "Effect": "Allow", + "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/migrationTask/*" + }, + { + "Action": [ + "mgh:ListMigrationTasks", + "mgh:NotifyApplicationState", + "mgh:DescribeApplicationState", + "mgh:GetHomeRegion" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IV7DIZ555", + "PolicyName": "MigrationHubDMSAccessServiceRolePolicy", + "UpdateDate": "2019-10-07T17:57:44+00:00", + "VersionId": "v2" + }, + "MigrationHubSMSAccessServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubSMSAccessServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-06-12T18:30:28+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": "mgh:CreateProgressUpdateStream", + "Effect": "Allow", + "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS" + }, + { + "Action": [ + "mgh:DescribeMigrationTask", + "mgh:AssociateDiscoveredResource", + "mgh:ListDiscoveredResources", + "mgh:ImportMigrationTask", + "mgh:ListCreatedArtifacts", + "mgh:DisassociateDiscoveredResource", + "mgh:AssociateCreatedArtifact", + "mgh:NotifyMigrationTaskState", + "mgh:DisassociateCreatedArtifact", + "mgh:PutResourceAttributes" + ], + "Effect": "Allow", + "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/migrationTask/*" + }, + { + "Action": [ + "mgh:ListMigrationTasks", + "mgh:NotifyApplicationState", + "mgh:DescribeApplicationState", + "mgh:GetHomeRegion" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4JCW2B2IGB", + "PolicyName": "MigrationHubSMSAccessServiceRolePolicy", + "UpdateDate": "2019-10-07T18:02:22+00:00", + "VersionId": "v2" + }, + "MigrationHubServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-06-12T17:22:16+00:00", + "DefaultVersionId": "v3", + "Document": { + "Statement": [ + { + "Action": [ + "discovery:ListConfigurations", + "discovery:DescribeConfigurations" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Action": "ec2:CreateTags", + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": "aws:migrationhub:source-id" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action": "dms:AddTagsToResource", + "Condition": { + "ForAllValues:StringEquals": { + "aws:TagKeys": "aws:migrationhub:source-id" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:dms:*:*:endpoint:*" + ] + }, + { + "Action": [ + "ec2:DescribeInstanceAttribute" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4NWLJ3LLW3", + "PolicyName": "MigrationHubServiceRolePolicy", + "UpdateDate": "2020-08-06T18:08:46+00:00", + "VersionId": "v3" + }, "NeptuneConsoleFullAccess": { "Arn": "arn:aws:iam::aws:policy/NeptuneConsoleFullAccess", "AttachmentCount": 0, "CreateDate": "2018-06-19T21:35:19+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -25463,12 +47312,15 @@ aws_managed_policies_data = """ ], "Condition": { "StringEquals": { - "rds:DatabaseEngine": "graphdb" + "rds:DatabaseEngine": [ + "graphdb", + "neptune" + ] } }, "Effect": "Allow", "Resource": [ - "arn:aws:rds:*" + "arn:aws:rds:*:*:*" ] }, { @@ -25592,7 +47444,6 @@ aws_managed_policies_data = """ "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "iam:ListRoles", - "iam:PassRole", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", @@ -25608,6 +47459,16 @@ aws_managed_policies_data = """ "*" ] }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:passedToService": "rds.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, { "Action": "iam:CreateServiceLinkedRole", "Condition": { @@ -25627,14 +47488,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJWTD4ELX2KRNICUVQ", "PolicyName": "NeptuneConsoleFullAccess", - "UpdateDate": "2018-11-06T21:19:54+00:00", - "VersionId": "v2" + "UpdateDate": "2020-09-02T17:25:07+00:00", + "VersionId": "v4" }, "NeptuneFullAccess": { "Arn": "arn:aws:iam::aws:policy/NeptuneFullAccess", "AttachmentCount": 0, "CreateDate": "2018-05-30T19:17:31+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -25644,12 +47505,15 @@ aws_managed_policies_data = """ ], "Condition": { "StringEquals": { - "rds:DatabaseEngine": "graphdb" + "rds:DatabaseEngine": [ + "graphdb", + "neptune" + ] } }, "Effect": "Allow", "Resource": [ - "arn:aws:rds:*" + "arn:aws:rds:*:*:*" ] }, { @@ -25731,7 +47595,6 @@ aws_managed_policies_data = """ "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", - "iam:PassRole", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", @@ -25747,6 +47610,16 @@ aws_managed_policies_data = """ "*" ] }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:passedToService": "rds.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, { "Action": "iam:CreateServiceLinkedRole", "Condition": { @@ -25766,8 +47639,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIXSDEYRCNJRC6ITFK", "PolicyName": "NeptuneFullAccess", - "UpdateDate": "2018-11-06T21:21:19+00:00", - "VersionId": "v3" + "UpdateDate": "2020-09-02T17:24:56+00:00", + "VersionId": "v5" }, "NeptuneReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/NeptuneReadOnlyAccess", @@ -25860,7 +47733,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/job-function/NetworkAdministrator", "AttachmentCount": 0, "CreateDate": "2016-11-10T17:31:35+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v8", "Document": { "Statement": [ { @@ -25878,6 +47751,9 @@ aws_managed_policies_data = """ "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", + "ec2:CreateCarrierGateway", + "ec2:DeleteCarrierGateway", + "ec2:DescribeCarrierGateways", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", @@ -26046,7 +47922,7 @@ aws_managed_policies_data = """ "Action": [ "s3:ListBucket", "s3:GetBucketLocation", - "s3:GetBucketWebsiteConfiguration" + "s3:GetBucketWebsite" ], "Effect": "Allow", "Resource": [ @@ -26061,6 +47937,58 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/flow-logs-*" + }, + { + "Action": [ + "networkmanager:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:AcceptTransitGatewayVpcAttachment", + "ec2:AssociateTransitGatewayRouteTable", + "ec2:CreateTransitGateway", + "ec2:CreateTransitGatewayRoute", + "ec2:CreateTransitGatewayRouteTable", + "ec2:CreateTransitGatewayVpcAttachment", + "ec2:DeleteTransitGateway", + "ec2:DeleteTransitGatewayRoute", + "ec2:DeleteTransitGatewayRouteTable", + "ec2:DeleteTransitGatewayVpcAttachment", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTransitGateways", + "ec2:DisableTransitGatewayRouteTablePropagation", + "ec2:DisassociateTransitGatewayRouteTable", + "ec2:EnableTransitGatewayRouteTablePropagation", + "ec2:ExportTransitGatewayRoutes", + "ec2:GetTransitGatewayAttachmentPropagations", + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:ModifyTransitGatewayVpcAttachment", + "ec2:RejectTransitGatewayVpcAttachment", + "ec2:ReplaceTransitGatewayRoute", + "ec2:SearchTransitGatewayRoutes" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringLike": { + "iam:AWSServiceName": [ + "transitgateway.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" } ], "Version": "2012-10-17" @@ -26071,8 +47999,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJPNMADZFJCVPJVZA2", "PolicyName": "NetworkAdministrator", - "UpdateDate": "2018-12-13T19:43:41+00:00", - "VersionId": "v3" + "UpdateDate": "2020-09-24T23:55:10+00:00", + "VersionId": "v8" }, "PowerUserAccess": { "Arn": "arn:aws:iam::aws:policy/PowerUserAccess", @@ -26117,13 +48045,12 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly", "AttachmentCount": 0, "CreateDate": "2017-06-12T18:18:38+00:00", - "DefaultVersionId": "v3", + "DefaultVersionId": "v4", "Document": { "Statement": [ { "Action": [ - "s3:GetObject", - "s3:GetObjectMetadata" + "s3:GetObject" ], "Effect": "Allow", "Resource": [ @@ -26148,26 +48075,25 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIFWG3L3WDMR4I7ZJW", "PolicyName": "QuickSightAccessForS3StorageManagementAnalyticsReadOnly", - "UpdateDate": "2017-07-21T00:02:14+00:00", - "VersionId": "v3" + "UpdateDate": "2019-10-08T23:53:11+00:00", + "VersionId": "v4" }, "RDSCloudHsmAuthorizationRole": { "Arn": "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:41:29+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "cloudhsm:CreateLunaClient", - "cloudhsm:GetClientConfiguration", "cloudhsm:DeleteLunaClient", - "cloudhsm:DescribeLunaClient", - "cloudhsm:ModifyLunaClient", "cloudhsm:DescribeHapg", + "cloudhsm:DescribeLunaClient", + "cloudhsm:GetConfig", "cloudhsm:ModifyHapg", - "cloudhsm:GetConfig" + "cloudhsm:ModifyLunaClient" ], "Effect": "Allow", "Resource": "*" @@ -26181,22 +48107,30 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIWKFXRLQG2ROKKXLE", "PolicyName": "RDSCloudHsmAuthorizationRole", - "UpdateDate": "2015-02-06T18:41:29+00:00", - "VersionId": "v1" + "UpdateDate": "2019-09-26T22:14:29+00:00", + "VersionId": "v2" }, "ReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/ReadOnlyAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:39:48+00:00", - "DefaultVersionId": "v50", + "DefaultVersionId": "v73", "Document": { "Statement": [ { "Action": [ "a4b:Get*", "a4b:List*", - "a4b:Describe*", "a4b:Search*", + "access-analyzer:GetAnalyzedResource", + "access-analyzer:GetAnalyzer", + "access-analyzer:GetArchiveRule", + "access-analyzer:GetFinding", + "access-analyzer:ListAnalyzedResources", + "access-analyzer:ListAnalyzers", + "access-analyzer:ListArchiveRules", + "access-analyzer:ListFindings", + "access-analyzer:ListTagsForResource", "acm:Describe*", "acm:Get*", "acm:List*", @@ -26213,6 +48147,8 @@ aws_managed_policies_data = """ "amplify:ListJobs", "apigateway:GET", "application-autoscaling:Describe*", + "applicationinsights:Describe*", + "applicationinsights:List*", "appmesh:Describe*", "appmesh:List*", "appstream:Describe*", @@ -26226,8 +48162,26 @@ aws_managed_policies_data = """ "athena:List*", "athena:Batch*", "athena:Get*", + "aws-portal:View*", + "backup:Describe*", + "backup:Get*", + "backup:List*", "batch:List*", "batch:Describe*", + "braket:GetDevice", + "braket:GetQuantumTask", + "braket:SearchDevices", + "braket:SearchQuantumTasks", + "budgets:Describe*", + "budgets:View*", + "cassandra:Select", + "chatbot:Describe*", + "chatbot:Get*", + "chime:Get*", + "chime:List*", + "chime:Retrieve*", + "chime:Search*", + "chime:Validate*", "cloud9:Describe*", "cloud9:List*", "clouddirectory:List*", @@ -26239,7 +48193,6 @@ aws_managed_policies_data = """ "cloudformation:Get*", "cloudformation:List*", "cloudformation:Estimate*", - "cloudformation:Preview*", "cloudfront:Get*", "cloudfront:List*", "cloudhsm:List*", @@ -26254,7 +48207,25 @@ aws_managed_policies_data = """ "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", + "codeartifact:DescribeDomain", + "codeartifact:DescribePackageVersion", + "codeartifact:DescribeRepository", + "codeartifact:GetAuthorizationToken", + "codeartifact:GetDomainPermissionsPolicy", + "codeartifact:GetPackageVersionAsset", + "codeartifact:GetPackageVersionReadme", + "codeartifact:GetRepositoryEndpoint", + "codeartifact:GetRepositoryPermissionsPolicy", + "codeartifact:ListDomains", + "codeartifact:ListPackages", + "codeartifact:ListPackageVersionAssets", + "codeartifact:ListPackageVersionDependencies", + "codeartifact:ListPackageVersions", + "codeartifact:ListRepositories", + "codeartifact:ListRepositoriesInDomain", "codebuild:BatchGet*", + "codebuild:DescribeCodeCoverages", + "codebuild:DescribeTestCases", "codebuild:List*", "codecommit:BatchGet*", "codecommit:Describe*", @@ -26264,14 +48235,36 @@ aws_managed_policies_data = """ "codedeploy:BatchGet*", "codedeploy:Get*", "codedeploy:List*", + "codeguru-profiler:Describe*", + "codeguru-profiler:Get*", + "codeguru-profiler:List*", + "codeguru-reviewer:Describe*", + "codeguru-reviewer:Get*", + "codeguru-reviewer:List*", "codepipeline:List*", "codepipeline:Get*", "codestar:List*", "codestar:Describe*", "codestar:Get*", "codestar:Verify*", + "codestar-notifications:describeNotificationRule", + "codestar-notifications:listEventTypes", + "codestar-notifications:listNotificationRules", + "codestar-notifications:listTagsForResource", + "codestar-notifications:ListTargets", + "compute-optimizer:DescribeRecommendationExportJobs", + "compute-optimizer:GetAutoScalingGroupRecommendations", + "compute-optimizer:GetEBSVolumeRecommendations", + "compute-optimizer:GetEC2InstanceRecommendations", + "compute-optimizer:GetEC2RecommendationProjectedMetrics", + "compute-optimizer:GetEnrollmentStatus", + "compute-optimizer:GetLambdaFunctionRecommendations", + "compute-optimizer:GetRecommendationSummaries", "cognito-identity:Describe*", - "cognito-identity:Get*", + "cognito-identity:GetCredentialsForIdentity", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:GetOpenIdToken", + "cognito-identity:GetOpenIdTokenForDeveloperIdentity", "cognito-identity:List*", "cognito-identity:Lookup*", "cognito-sync:List*", @@ -26287,9 +48280,12 @@ aws_managed_policies_data = """ "config:Describe*", "config:Get*", "config:List*", + "config:SelectResourceConfig", "connect:List*", "connect:Describe*", "connect:GetFederationToken", + "dataexchange:Get*", + "dataexchange:List*", "datasync:Describe*", "datasync:List*", "datapipeline:Describe*", @@ -26304,9 +48300,31 @@ aws_managed_policies_data = """ "dax:ListTags", "dax:Query", "dax:Scan", - "directconnect:Describe*", + "deepcomposer:GetComposition", + "deepcomposer:GetModel", + "deepcomposer:GetSampleModel", + "deepcomposer:ListCompositions", + "deepcomposer:ListModels", + "deepcomposer:ListSampleModels", + "deepcomposer:ListTrainingTopics", + "detective:Get*", + "detective:List*", "devicefarm:List*", "devicefarm:Get*", + "devops-guru:DescribeAccountHealth", + "devops-guru:DescribeAccountOverview", + "devops-guru:DescribeAnomaly", + "devops-guru:DescribeInsight", + "devops-guru:DescribeResourceCollectionHealth", + "devops-guru:DescribeServiceIntegration", + "devops-guru:GetResourceCollection", + "devops-guru:ListAnomaliesForInsight", + "devops-guru:ListEvents", + "devops-guru:ListInsights", + "devops-guru:ListNotificationChannels", + "devops-guru:ListRecommendations", + "devops-guru:SearchInsights", + "directconnect:Describe*", "discovery:Describe*", "discovery:List*", "discovery:Get*", @@ -26336,10 +48354,8 @@ aws_managed_policies_data = """ "ecr:List*", "ecs:Describe*", "ecs:List*", - "eks:DescribeCluster", - "eks:DescribeUpdates", - "eks:ListClusters", - "eks:ListUpdates", + "eks:Describe*", + "eks:List*", "elasticache:Describe*", "elasticache:List*", "elasticbeanstalk:Check*", @@ -26351,10 +48367,13 @@ aws_managed_policies_data = """ "elasticfilesystem:Describe*", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", + "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:List*", "elasticmapreduce:View*", "elastictranscoder:List*", "elastictranscoder:Read*", + "elemental-appliances-software:Get*", + "elemental-appliances-software:List*", "es:Describe*", "es:List*", "es:Get*", @@ -26367,6 +48386,8 @@ aws_managed_policies_data = """ "firehose:List*", "fsx:Describe*", "fsx:List*", + "freertos:Describe*", + "freertos:List*", "gamelift:List*", "gamelift:Get*", "gamelift:Describe*", @@ -26378,7 +48399,11 @@ aws_managed_policies_data = """ "glacier:Get*", "globalaccelerator:Describe*", "globalaccelerator:List*", + "glue:BatchGetDevEndpoints", + "glue:BatchGetJobs", "glue:BatchGetPartition", + "glue:BatchGetTriggers", + "glue:BatchGetWorkflows", "glue:GetCatalogImportStatus", "glue:GetClassifier", "glue:GetClassifiers", @@ -26392,10 +48417,15 @@ aws_managed_policies_data = """ "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", + "glue:GetJobBookmark", "glue:GetJobs", "glue:GetJobRun", "glue:GetJobRuns", "glue:GetMapping", + "glue:GetMLTaskRun", + "glue:GetMLTaskRuns", + "glue:GetMLTransform", + "glue:GetMLTransforms", "glue:GetPartition", "glue:GetPartitions", "glue:GetPlan", @@ -26411,24 +48441,33 @@ aws_managed_policies_data = """ "glue:GetTriggers", "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions", + "glue:GetWorkflow", + "glue:GetWorkflowRun", + "glue:GetWorkflowRunProperties", + "glue:GetWorkflowRuns", + "glue:ListCrawlers", + "glue:ListDevEndpoints", + "glue:ListJobs", + "glue:ListMLTransforms", + "glue:ListTriggers", + "glue:ListWorkflows", "greengrass:Get*", "greengrass:List*", "guardduty:Get*", "guardduty:List*", "health:Describe*", - "health:Get*", - "health:List*", "iam:Generate*", "iam:Get*", "iam:List*", "iam:Simulate*", + "imagebuilder:Get*", + "imagebuilder:List*", "importexport:Get*", "importexport:List*", "inspector:Describe*", "inspector:Get*", "inspector:List*", "inspector:Preview*", - "inspector:LocalizeText", "iot:Describe*", "iot:Get*", "iot:List*", @@ -26436,9 +48475,44 @@ aws_managed_policies_data = """ "iotanalytics:List*", "iotanalytics:Get*", "iotanalytics:SampleChannelData", + "iotsitewise:Describe*", + "iotsitewise:Get*", + "iotsitewise:List*", + "iotwireless:GetDestination", + "iotwireless:GetDeviceProfile", + "iotwireless:GetPartnerAccount", + "iotwireless:GetServiceEndpoint", + "iotwireless:GetServiceProfile", + "iotwireless:GetWirelessDevice", + "iotwireless:GetWirelessDeviceStatistics", + "iotwireless:GetWirelessGateway", + "iotwireless:GetWirelessGatewayCertificate", + "iotwireless:GetWirelessGatewayFirmwareInformation", + "iotwireless:GetWirelessGatewayStatistics", + "iotwireless:GetWirelessGatewayTask", + "iotwireless:GetWirelessGatewayTaskDefinition", + "iotwireless:ListDestinations", + "iotwireless:ListDeviceProfiles", + "iotwireless:ListPartnerAccounts", + "iotwireless:ListServiceProfiles", + "iotwireless:ListTagsForResource", + "iotwireless:ListWirelessDevices", + "iotwireless:ListWirelessGateways", + "iotwireless:ListWirelessGatewayTaskDefinitions", "kafka:Describe*", "kafka:List*", "kafka:Get*", + "kendra:DescribeDataSource", + "kendra:DescribeFaq", + "kendra:DescribeIndex", + "kendra:DescribeThesaurus", + "kendra:ListDataSources", + "kendra:ListDataSourceSyncJobs", + "kendra:ListFaqs", + "kendra:ListIndices", + "kendra:ListTagsForResource", + "kendra:ListThesauri", + "kendra:Query", "kinesisanalytics:Describe*", "kinesisanalytics:Discover*", "kinesisanalytics:Get*", @@ -26455,6 +48529,8 @@ aws_managed_policies_data = """ "lambda:List*", "lambda:Get*", "lex:Get*", + "license-manager:Get*", + "license-manager:List*", "lightsail:GetActiveNames", "lightsail:GetBlueprints", "lightsail:GetBundles", @@ -26494,22 +48570,25 @@ aws_managed_policies_data = """ "lightsail:GetRelationalDatabases", "lightsail:GetRelationalDatabaseSnapshot", "lightsail:GetRelationalDatabaseSnapshots", - "lightsail:GetResources", "lightsail:GetStaticIp", "lightsail:GetStaticIps", - "lightsail:GetTagKeys", - "lightsail:GetTagValues", "lightsail:Is*", - "lightsail:List*", "logs:Describe*", "logs:Get*", "logs:FilterLogEvents", "logs:ListTagsLogGroup", "logs:StartQuery", + "logs:StopQuery", "logs:TestMetricFilter", "machinelearning:Describe*", "machinelearning:Get*", + "mediaconvert:DescribeEndpoints", + "mediaconvert:Get*", + "mediaconvert:List*", + "mediapackage:List*", + "mediapackage:Describe*", "mgh:Describe*", + "mgh:GetHomeRegion", "mgh:List*", "mobileanalytics:Get*", "mobilehub:Describe*", @@ -26520,19 +48599,37 @@ aws_managed_policies_data = """ "mobilehub:Validate*", "mobilehub:Verify*", "mobiletargeting:Get*", + "mobiletargeting:List*", "mq:Describe*", "mq:List*", "opsworks:Describe*", "opsworks:Get*", + "opsworks-cm:List*", "opsworks-cm:Describe*", "organizations:Describe*", "organizations:List*", + "outposts:Get*", + "outposts:List*", + "personalize:Describe*", + "personalize:Get*", + "personalize:List*", "pi:DescribeDimensionKeys", "pi:GetResourceMetrics", "polly:Describe*", "polly:Get*", "polly:List*", "polly:SynthesizeSpeech", + "qldb:ListLedgers", + "qldb:DescribeLedger", + "qldb:ListJournalS3Exports", + "qldb:ListJournalS3ExportsForLedger", + "qldb:DescribeJournalS3Export", + "qldb:GetBlock", + "qldb:GetDigest", + "qldb:GetRevision", + "qldb:ListTagsForResource", + "ram:Get*", + "ram:List*", "rekognition:CompareFaces", "rekognition:Detect*", "rekognition:List*", @@ -26543,12 +48640,12 @@ aws_managed_policies_data = """ "redshift:Describe*", "redshift:GetReservedNodeExchangeOfferings", "redshift:View*", - "resource-groups:Describe*", "resource-groups:Get*", "resource-groups:List*", "resource-groups:Search*", "robomaker:BatchDescribe*", "robomaker:Describe*", + "robomaker:Get*", "robomaker:List*", "route53:Get*", "route53:List*", @@ -26557,34 +48654,62 @@ aws_managed_policies_data = """ "route53domains:Get*", "route53domains:List*", "route53domains:View*", + "route53resolver:Get*", + "route53resolver:List*", "s3:Get*", "s3:List*", - "s3:Head*", "sagemaker:Describe*", + "sagemaker:GetSearchSuggestions", "sagemaker:List*", + "sagemaker:Search", + "schemas:Describe*", + "schemas:Get*", + "schemas:List*", + "schemas:Search*", "sdb:Get*", "sdb:List*", "sdb:Select*", "secretsmanager:List*", "secretsmanager:Describe*", "secretsmanager:GetResourcePolicy", + "securityhub:Describe*", "securityhub:Get*", "securityhub:List*", "serverlessrepo:List*", "serverlessrepo:Get*", "serverlessrepo:SearchApplications", + "servicecatalog:Describe*", + "servicecatalog:GetApplication", + "servicecatalog:GetAttributeGroup", "servicecatalog:List*", "servicecatalog:Scan*", "servicecatalog:Search*", - "servicecatalog:Describe*", "servicediscovery:Get*", "servicediscovery:List*", + "servicequotas:GetAssociationForServiceQuotaTemplate", + "servicequotas:GetAWSDefaultServiceQuota", + "servicequotas:GetRequestedServiceQuotaChange", + "servicequotas:GetServiceQuota", + "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", + "servicequotas:ListAWSDefaultServiceQuotas", + "servicequotas:ListRequestedServiceQuotaChangeHistory", + "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", + "servicequotas:ListServices", + "servicequotas:ListServiceQuotas", + "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", "ses:Get*", "ses:List*", "ses:Describe*", "shield:Describe*", "shield:Get*", "shield:List*", + "signer:DescribeSigningJob", + "signer:GetSigningPlatform", + "signer:GetSigningProfile", + "signer:ListSigningJobs", + "signer:ListSigningPlatforms", + "signer:ListSigningProfiles", + "signer:ListTagsForResource", "snowball:Get*", "snowball:Describe*", "snowball:List*", @@ -26597,16 +48722,28 @@ aws_managed_policies_data = """ "ssm:Describe*", "ssm:Get*", "ssm:List*", + "sso:Get*", + "sso:Describe*", + "sso:List*", + "sso:Search*", + "sso-directory:Describe*", + "sso-directory:List*", + "sso-directory:Search*", "states:List*", "states:Describe*", "states:GetExecutionHistory", "storagegateway:Describe*", "storagegateway:List*", - "sts:Get*", + "sts:GetAccessKeyInfo", + "sts:GetCallerIdentity", + "sts:GetSessionToken", "swf:Count*", "swf:Describe*", "swf:Get*", "swf:List*", + "synthetics:Describe*", + "synthetics:Get*", + "synthetics:List*", "tag:Get*", "transfer:Describe*", "transfer:List*", @@ -26616,6 +48753,10 @@ aws_managed_policies_data = """ "trustedadvisor:Describe*", "waf:Get*", "waf:List*", + "wafv2:CheckCapacity", + "wafv2:Describe*", + "wafv2:Get*", + "wafv2:List*", "waf-regional:List*", "waf-regional:Get*", "workdocs:Describe*", @@ -26643,14 +48784,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAILL3HVNFSB6DCOWYQ", "PolicyName": "ReadOnlyAccess", - "UpdateDate": "2019-06-03T20:01:28+00:00", - "VersionId": "v50" + "UpdateDate": "2021-01-14T20:07:47+00:00", + "VersionId": "v73" }, "ResourceGroupsandTagEditorFullAccess": { "Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:39:53+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v5", "Document": { "Statement": [ { @@ -26660,8 +48801,6 @@ aws_managed_policies_data = """ "tag:getTagValues", "tag:TagResources", "tag:UntagResources", - "tag:AddResourceTags", - "tag:RemoveResourceTags", "resource-groups:*", "cloudformation:DescribeStacks", "cloudformation:ListStackResources" @@ -26678,8 +48817,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJNOS54ZFXN4T2Y34A", "PolicyName": "ResourceGroupsandTagEditorFullAccess", - "UpdateDate": "2019-03-07T21:54:03+00:00", - "VersionId": "v4" + "UpdateDate": "2019-10-02T23:57:57+00:00", + "VersionId": "v5" }, "ResourceGroupsandTagEditorReadOnlyAccess": { "Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess", @@ -26714,11 +48853,76 @@ aws_managed_policies_data = """ "UpdateDate": "2019-03-07T19:43:17+00:00", "VersionId": "v2" }, + "Route53ResolverServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-08-12T17:47:24+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "s3:GetBucketPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AEMJZANMJ", + "PolicyName": "Route53ResolverServiceRolePolicy", + "UpdateDate": "2020-08-12T17:47:24+00:00", + "VersionId": "v1" + }, + "S3StorageLensServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/S3StorageLensServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2020-11-18T18:15:40+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": [ + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators" + ], + "Effect": "Allow", + "Resource": [ + "*" + ], + "Sid": "AwsOrgsAccess" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IHOVJESMS", + "PolicyName": "S3StorageLensServiceRolePolicy", + "UpdateDate": "2020-11-18T18:15:40+00:00", + "VersionId": "v1" + }, "SecretsManagerReadWrite": { "Arn": "arn:aws:iam::aws:policy/SecretsManagerReadWrite", "AttachmentCount": 0, "CreateDate": "2018-04-04T18:05:29+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v3", "Document": { "Statement": [ { @@ -26738,6 +48942,7 @@ aws_managed_policies_data = """ "lambda:ListFunctions", "rds:DescribeDBClusters", "rds:DescribeDBInstances", + "redshift:DescribeClusters", "tag:GetResources" ], "Effect": "Allow", @@ -26756,7 +48961,8 @@ aws_managed_policies_data = """ }, { "Action": [ - "serverlessrepo:CreateCloudFormationChangeSet" + "serverlessrepo:CreateCloudFormationChangeSet", + "serverlessrepo:GetApplication" ], "Effect": "Allow", "Resource": "arn:aws:serverlessrepo:*:*:applications/SecretsManager*" @@ -26766,7 +48972,10 @@ aws_managed_policies_data = """ "s3:GetObject" ], "Effect": "Allow", - "Resource": "arn:aws:s3:::awsserverlessrepo-changesets*" + "Resource": [ + "arn:aws:s3:::awsserverlessrepo-changesets*", + "arn:aws:s3:::secrets-manager-rotation-apps-*/*" + ] } ], "Version": "2012-10-17" @@ -26777,24 +48986,34 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI3VG7CI5BIQZQ6G2E", "PolicyName": "SecretsManagerReadWrite", - "UpdateDate": "2018-05-03T20:02:35+00:00", - "VersionId": "v2" + "UpdateDate": "2020-06-24T18:01:22+00:00", + "VersionId": "v3" }, "SecurityAudit": { "Arn": "arn:aws:iam::aws:policy/SecurityAudit", "AttachmentCount": 0, "CreateDate": "2015-02-06T18:41:01+00:00", - "DefaultVersionId": "v27", + "DefaultVersionId": "v34", "Document": { "Statement": [ { "Action": [ + "access-analyzer:GetAnalyzedResource", + "access-analyzer:GetAnalyzer", + "access-analyzer:GetArchiveRule", + "access-analyzer:GetFinding", + "access-analyzer:ListAnalyzedResources", + "access-analyzer:ListAnalyzers", + "access-analyzer:ListArchiveRules", + "access-analyzer:ListFindings", + "access-analyzer:ListTagsForResource", "acm:Describe*", "acm:List*", "application-autoscaling:Describe*", "appmesh:Describe*", "appmesh:List*", "appsync:List*", + "athena:GetWorkGroup", "athena:List*", "autoscaling:Describe*", "batch:DescribeComputeEnvironments", @@ -26868,6 +49087,14 @@ aws_managed_policies_data = """ "dynamodb:ListStreams", "dynamodb:ListTables", "ec2:Describe*", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGateways", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:GetManagedPrefixListAssociations", + "ec2:GetManagedPrefixListEntries", "ecr:DescribeRepositories", "ecr:GetRepositoryPolicy", "ecs:Describe*", @@ -26931,6 +49158,7 @@ aws_managed_policies_data = """ "lambda:List*", "license-manager:List*", "lightsail:GetInstances", + "lightsail:GetLoadBalancers", "logs:Describe*", "logs:ListTagsLogGroup", "machinelearning:DescribeMLModels", @@ -26961,7 +49189,11 @@ aws_managed_policies_data = """ "route53domains:ListOperations", "route53domains:ListTagsForDomain", "route53resolver:List*", + "route53resolver:Get*", "s3:GetAccelerateConfiguration", + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetAnalyticsConfiguration", "s3:GetBucket*", @@ -26971,8 +49203,8 @@ aws_managed_policies_data = """ "s3:GetMetricsConfiguration", "s3:GetObjectAcl", "s3:GetObjectVersionAcl", - "s3:GetPublicAccessBlock", "s3:GetReplicationConfiguration", + "s3:ListAccessPoints", "s3:ListAllMyBuckets", "sagemaker:Describe*", "sagemaker:List*", @@ -26981,13 +49213,16 @@ aws_managed_policies_data = """ "secretsmanager:GetResourcePolicy", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", + "securityhub:Describe*", "securityhub:Get*", "securityhub:List*", "serverlessrepo:GetApplicationPolicy", "serverlessrepo:List*", "ses:GetIdentityDkimAttributes", + "ses:GetIdentityPolicies", "ses:GetIdentityVerificationAttributes", "ses:ListIdentities", + "ses:ListIdentityPolicies", "ses:ListVerifiedEmailAddresses", "shield:Describe*", "shield:List*", @@ -26995,12 +49230,14 @@ aws_managed_policies_data = """ "snowball:ListJobs", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", + "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListDeadLetterSourceQueues", "sqs:ListQueues", "sqs:ListQueueTags", "ssm:Describe*", + "ssm:GetAutomationExecution", "ssm:ListDocuments", "sso:DescribePermissionsPolicies", "sso:List*", @@ -27026,27 +49263,81 @@ aws_managed_policies_data = """ "transfer:List*", "translate:List*", "trustedadvisor:Describe*", + "waf:GetWebACL", "waf:ListWebACLs", + "waf:ListTagsForResource", + "wafv2:GetWebACL", + "wafv2:ListAvailableManagedRuleGroups", + "wafv2:ListIPSets", + "wafv2:ListLoggingConfigurations", + "wafv2:ListRegexPatternSets", + "wafv2:ListResourcesForWebACL", + "wafv2:ListRuleGroups", + "wafv2:ListTagsForResource", + "wafv2:ListWebACLs", + "waf-regional:GetWebACL", + "waf-regional:ListResourcesForWebACL", + "waf-regional:ListTagsForResource", "waf-regional:ListWebACLs", - "workspaces:Describe*" + "workspaces:Describe*", + "cloudsearch:DescribeDomainEndpointOptions", + "cloudwatch:ListTagsForResource", + "detective:ListGraphs", + "detective:ListMembers", + "detective:GetGraphIngestState", + "dynamodb:ListTagsOfResource", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGateways", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:GetManagedPrefixListAssociations", + "ec2:GetManagedPrefixListEntries", + "ecr:DescribeImages", + "ecr:GetLifecyclePolicy", + "ecr:ListTagsForResource", + "eks:DescribeNodeGroup", + "eks:ListNodeGroups", + "elasticache:ListTagsForResource", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:ListTagsForResource", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "es:ListElasticsearchInstanceTypeDetails", + "es:ListElasticsearchVersions", + "es:ListTags", + "events:TestEventPattern", + "glue:GetDataCatalogEncryptionSettings", + "glue:GetDevEndpoints", + "guardduty:DescribePublishingDestination", + "secretsmanager:DescribeSecret", + "sns:ListTagsForResource", + "ssm:ListTagsForResource" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "apigateway:HEAD", - "apigateway:GET", - "apigateway:OPTIONS" + "apigateway:GET" ], "Effect": "Allow", "Resource": [ + "arn:aws:apigateway:*::/apis", + "arn:aws:apigateway:*::/apis/*/stages", + "arn:aws:apigateway:*::/apis/*/stages/*", + "arn:aws:apigateway:*::/apis/*/routes", + "arn:aws:apigateway:*::/clientcertificates/*", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/authorizers", "arn:aws:apigateway:*::/restapis/*/authorizers/*", + "arn:aws:apigateway:*::/restapis/*/documentation/versions", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/resources/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", + "arn:aws:apigateway:*::/restapis/*/stages", + "arn:aws:apigateway:*::/restapis/*/stages/*", + "arn:aws:apigateway:*::/tags/*", "arn:aws:apigateway:*::/vpclinks" ] } @@ -27059,8 +49350,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIX2T3QCXHR2OGGCTO", "PolicyName": "SecurityAudit", - "UpdateDate": "2019-04-29T18:33:52+00:00", - "VersionId": "v27" + "UpdateDate": "2020-12-15T00:04:54+00:00", + "VersionId": "v34" }, "ServerMigrationConnector": { "Arn": "arn:aws:iam::aws:policy/ServerMigrationConnector", @@ -27135,11 +49426,90 @@ aws_managed_policies_data = """ "UpdateDate": "2016-10-24T21:45:56+00:00", "VersionId": "v1" }, + "ServerMigrationServiceConsoleFullAccess": { + "Arn": "arn:aws:iam::aws:policy/ServerMigrationServiceConsoleFullAccess", + "AttachmentCount": 0, + "CreateDate": "2020-05-09T17:18:57+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "sms:*" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "cloudformation:ListStacks", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackResources" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:ListAllMyBuckets", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "s3:GetObject", + "Effect": "Allow", + "Resource": "arn:aws:s3:::sms-app-*/*" + }, + { + "Action": [ + "ec2:DescribeKeyPairs", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:ListRoles" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "sms.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:GetInstanceProfile", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4IIEMRGEYB", + "PolicyName": "ServerMigrationServiceConsoleFullAccess", + "UpdateDate": "2020-07-20T22:00:37+00:00", + "VersionId": "v2" + }, "ServerMigrationServiceLaunchRole": { "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceLaunchRole", "AttachmentCount": 0, "CreateDate": "2018-11-26T19:53:06+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -27150,7 +49520,7 @@ aws_managed_policies_data = """ "ec2:TerminateInstances" ], "Condition": { - "ForAllValues:StringLike": { + "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } }, @@ -27162,6 +49532,30 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "arn:aws:ec2:*:*:instance/*" }, + { + "Action": [ + "ec2:DisassociateIamInstanceProfile", + "ec2:AssociateIamInstanceProfile", + "ec2:ReplaceIamInstanceProfileAssociation" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "ec2.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": "*" + }, { "Action": [ "ec2:RunInstances", @@ -27169,6 +49563,57 @@ aws_managed_policies_data = """ ], "Effect": "Allow", "Resource": "*" + }, + { + "Action": [ + "applicationinsights:Describe*", + "applicationinsights:List*", + "cloudformation:ListStackResources", + "cloudformation:DescribeStacks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "applicationinsights:CreateApplication", + "applicationinsights:CreateComponent", + "applicationinsights:UpdateApplication", + "applicationinsights:DeleteApplication", + "applicationinsights:UpdateComponentConfiguration", + "applicationinsights:DeleteComponent" + ], + "Effect": "Allow", + "Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" + }, + { + "Action": [ + "resource-groups:CreateGroup", + "resource-groups:GetGroup", + "resource-groups:UpdateGroup", + "resource-groups:DeleteGroup" + ], + "Condition": { + "StringLike": { + "aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:resource-groups:*:*:group/sms-app-*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" + ], + "Condition": { + "StringEquals": { + "iam:AWSServiceName": "application-insights.amazonaws.com" + } + }, + "Effect": "Allow", + "Resource": [ + "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" + ] } ], "Version": "2012-10-17" @@ -27179,28 +49624,60 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIIIAAMVUCBR2OLXZO", "PolicyName": "ServerMigrationServiceLaunchRole", - "UpdateDate": "2018-11-26T19:53:06+00:00", + "UpdateDate": "2020-10-15T17:29:00+00:00", + "VersionId": "v4" + }, + "ServerMigrationServiceRoleForInstanceValidation": { + "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRoleForInstanceValidation", + "AttachmentCount": 0, + "CreateDate": "2020-07-20T22:25:07+00:00", + "DefaultVersionId": "v1", + "Document": { + "Statement": [ + { + "Action": "s3:GetObject", + "Effect": "Allow", + "Resource": "arn:aws:s3:::sms-app-*/*" + }, + { + "Action": "sms:NotifyAppValidationOutput", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4LJMOLEWUV", + "PolicyName": "ServerMigrationServiceRoleForInstanceValidation", + "UpdateDate": "2020-07-20T22:25:07+00:00", "VersionId": "v1" }, - "ServerMigrationServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRole", + "ServerMigration_ServiceRole": { + "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigration_ServiceRole", "AttachmentCount": 0, - "CreateDate": "2016-10-24T21:19:00+00:00", - "DefaultVersionId": "v3", + "CreateDate": "2020-08-11T20:41:44+00:00", + "DefaultVersionId": "v2", "Document": { "Statement": [ { "Action": [ "cloudformation:CreateChangeSet", - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:ExecuteChangeSet" + "cloudformation:CreateStack" ], "Condition": { - "ForAllValues:StringLikeIfExists": { + "ForAllValues:StringEquals": { "cloudformation:ResourceTypes": [ - "AWS::EC2::*" + "AWS::EC2::Instance", + "AWS::ApplicationInsights::Application", + "AWS::ResourceGroups::Group" ] + }, + "Null": { + "cloudformation:ResourceTypes": "false" } }, "Effect": "Allow", @@ -27208,9 +49685,13 @@ aws_managed_policies_data = """ }, { "Action": [ + "cloudformation:DeleteStack", + "cloudformation:ExecuteChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate" ], @@ -27219,9 +49700,7 @@ aws_managed_policies_data = """ }, { "Action": [ - "cloudformation:DescribeStacks", "cloudformation:ValidateTemplate", - "cloudformation:DescribeStackResource", "s3:ListAllMyBuckets" ], "Effect": "Allow", @@ -27238,8 +49717,7 @@ aws_managed_policies_data = """ "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl", - "s3:PutLifecycleConfiguration", - "s3:ListAllMyBuckets" + "s3:PutLifecycleConfiguration" ], "Effect": "Allow", "Resource": "arn:aws:s3:::sms-app-*" @@ -27258,28 +49736,124 @@ aws_managed_policies_data = """ "Effect": "Allow", "Resource": "*" }, + { + "Action": "ssm:SendCommand", + "Effect": "Allow", + "Resource": [ + "arn:aws:ssm:*::document/AWS-RunRemoteScript", + "arn:aws:s3:::sms-app-*" + ] + }, + { + "Action": "ssm:SendCommand", + "Condition": { + "StringEquals": { + "ssm:resourceTag/UseForSMSApplicationValidation": [ + "true" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, { "Action": [ - "ec2:ModifySnapshotAttribute", - "ec2:CopySnapshot", - "ec2:CopyImage", - "ec2:Describe*", - "ec2:DeleteSnapshot", - "ec2:DeregisterImage", - "ec2:CreateTags", - "ec2:DeleteTags" + "ssm:CancelCommand", + "ssm:GetCommandInvocation" ], "Effect": "Allow", "Resource": "*" }, { - "Action": "iam:GetRole", + "Action": "ec2:CreateTags", + "Condition": { + "StringEquals": { + "ec2:CreateAction": "CopySnapshot" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action": "ec2:CopySnapshot", + "Condition": { + "StringLike": { + "aws:RequestTag/SMSJobId": [ + "sms-*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action": [ + "ec2:ModifySnapshotAttribute", + "ec2:DeleteSnapshot" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/SMSJobId": [ + "sms-*" + ] + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action": [ + "ec2:CopyImage", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeSnapshotAttribute", + "ec2:DeregisterImage", + "ec2:ImportImage", + "ec2:DescribeImportImageTasks", + "ec2:GetEbsEncryptionByDefault" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:GetRole", + "iam:GetInstanceProfile" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DisassociateIamInstanceProfile", + "ec2:AssociateIamInstanceProfile", + "ec2:ReplaceIamInstanceProfileAssociation" + ], + "Condition": { + "StringLike": { + "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect": "Allow", + "Resource": "arn:aws:ec2:*:*:instance/*" + }, + { + "Action": "iam:PassRole", + "Condition": { + "StringEquals": { + "iam:PassedToService": "ec2.amazonaws.com" + } + }, "Effect": "Allow", "Resource": "*" }, { "Action": "iam:PassRole", "Condition": { + "StringEqualsIfExists": { + "iam:PassedToService": "cloudformation.amazonaws.com" + }, "StringLike": { "iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } @@ -27294,121 +49868,76 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/service-role/", "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJMBH3M6BO63XFW2D4", - "PolicyName": "ServerMigrationServiceRole", - "UpdateDate": "2018-11-26T19:33:29+00:00", - "VersionId": "v3" + "PolicyId": "ANPAZKAPJZG4NKLZNDFDI", + "PolicyName": "ServerMigration_ServiceRole", + "UpdateDate": "2020-10-15T17:26:32+00:00", + "VersionId": "v2" }, - "ServiceCatalogAdminReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/ServiceCatalogAdminReadOnlyAccess", + "ServiceQuotasFullAccess": { + "Arn": "arn:aws:iam::aws:policy/ServiceQuotasFullAccess", "AttachmentCount": 0, - "CreateDate": "2015-09-29T18:40:35+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "catalog-admin:DescribeConstraints", - "catalog-admin:DescribeListingForProduct", - "catalog-admin:DescribeListings", - "catalog-admin:DescribePortfolios", - "catalog-admin:DescribeProductVersions", - "catalog-admin:GetPortfolioCount", - "catalog-admin:GetPortfolios", - "catalog-admin:GetProductCounts", - "catalog-admin:ListAllPortfolioConstraints", - "catalog-admin:ListPortfolioConstraints", - "catalog-admin:ListPortfolios", - "catalog-admin:ListPrincipalConstraints", - "catalog-admin:ListProductConstraints", - "catalog-admin:ListResourceUsers", - "catalog-admin:ListTagsForResource", - "catalog-admin:SearchListings", - "catalog-user:*", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStacks", - "cloudformation:GetTemplateSummary", - "iam:GetGroup", - "iam:GetRole", - "iam:GetUser", - "iam:ListGroups", - "iam:ListRoles", - "iam:ListUsers", - "s3:GetObject", - "servicecatalog:DescribeTagOption", - "servicecatalog:GetTagOptionMigrationStatus", - "servicecatalog:ListResourcesForTagOption", - "servicecatalog:ListTagOptions", - "servicecatalog:AccountLevelDescribeRecord", - "servicecatalog:AccountLevelListRecordHistory", - "servicecatalog:AccountLevelScanProvisionedProducts", - "servicecatalog:DescribeProduct", - "servicecatalog:DescribeProductView", - "servicecatalog:DescribeProvisioningParameters", - "servicecatalog:DescribeProvisionedProduct", - "servicecatalog:DescribeRecord", - "servicecatalog:ListLaunchPaths", - "servicecatalog:ListRecordHistory", - "servicecatalog:ScanProvisionedProducts", - "servicecatalog:SearchProducts", - "servicecatalog:DescribeConstraint", - "servicecatalog:DescribeProductAsAdmin", - "servicecatalog:DescribePortfolio", - "servicecatalog:DescribeProvisioningArtifact", - "servicecatalog:ListAcceptedPortfolioShares", - "servicecatalog:ListConstraintsForPortfolio", - "servicecatalog:ListPortfolioAccess", - "servicecatalog:ListPortfolios", - "servicecatalog:ListPortfoliosForProduct", - "servicecatalog:ListPrincipalsForPortfolio", - "servicecatalog:ListProvisioningArtifacts", - "servicecatalog:SearchProductsAsAdmin" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7XOUSS75M4LIPKO4", - "PolicyName": "ServiceCatalogAdminReadOnlyAccess", - "UpdateDate": "2017-08-08T18:57:36+00:00", - "VersionId": "v5" - }, - "ServiceCatalogEndUserAccess": { - "Arn": "arn:aws:iam::aws:policy/ServiceCatalogEndUserAccess", - "AttachmentCount": 0, - "CreateDate": "2015-09-29T18:41:33+00:00", + "CreateDate": "2019-06-24T15:44:35+00:00", "DefaultVersionId": "v4", "Document": { "Statement": [ { "Action": [ - "catalog-user:*", - "s3:GetObject", - "servicecatalog:DescribeProduct", - "servicecatalog:DescribeProductView", - "servicecatalog:DescribeProvisioningParameters", - "servicecatalog:ListLaunchPaths", - "servicecatalog:SearchProducts" + "autoscaling:DescribeAccountLimits", + "cloudformation:DescribeAccountLimits", + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricAlarm", + "dynamodb:DescribeLimits", + "elasticloadbalancing:DescribeAccountLimits", + "iam:GetAccountSummary", + "kinesis:DescribeLimits", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "rds:DescribeAccountAttributes", + "route53:GetAccountLimit", + "tag:GetTagKeys", + "tag:GetTagValues", + "servicequotas:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "servicecatalog:ListRecordHistory", - "servicecatalog:DescribeProvisionedProduct", - "servicecatalog:DescribeRecord", - "servicecatalog:ScanProvisionedProducts" + "cloudwatch:DeleteAlarms" + ], + "Condition": { + "Null": { + "aws:ResourceTag/ServiceQuotaMonitor": "false" + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "organizations:EnableAWSServiceAccess" + ], + "Condition": { + "StringLike": { + "organizations:ServicePrincipal": [ + "servicequotas.amazonaws.com" + ] + } + }, + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "iam:CreateServiceLinkedRole" ], "Condition": { "StringEquals": { - "servicecatalog:userLevel": "self" + "iam:AWSServiceName": "servicequotas.amazonaws.com" } }, "Effect": "Allow", @@ -27421,11 +49950,91 @@ aws_managed_policies_data = """ "IsDefaultVersion": true, "Path": "/", "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ56OMCO72RI4J5FSA", - "PolicyName": "ServiceCatalogEndUserAccess", - "UpdateDate": "2017-08-08T18:58:57+00:00", + "PolicyId": "ANPAZKAPJZG4CGHQWENW3", + "PolicyName": "ServiceQuotasFullAccess", + "UpdateDate": "2021-02-04T21:29:43+00:00", "VersionId": "v4" }, + "ServiceQuotasReadOnlyAccess": { + "Arn": "arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess", + "AttachmentCount": 0, + "CreateDate": "2019-06-24T15:31:06+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "autoscaling:DescribeAccountLimits", + "cloudformation:DescribeAccountLimits", + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "dynamodb:DescribeLimits", + "elasticloadbalancing:DescribeAccountLimits", + "iam:GetAccountSummary", + "kinesis:DescribeLimits", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "rds:DescribeAccountAttributes", + "route53:GetAccountLimit", + "tag:GetTagKeys", + "tag:GetTagValues", + "servicequotas:GetAssociationForServiceQuotaTemplate", + "servicequotas:GetAWSDefaultServiceQuota", + "servicequotas:GetRequestedServiceQuotaChange", + "servicequotas:GetServiceQuota", + "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", + "servicequotas:ListAWSDefaultServiceQuotas", + "servicequotas:ListRequestedServiceQuotaChangeHistory", + "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", + "servicequotas:ListServices", + "servicequotas:ListServiceQuotas", + "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", + "servicequotas:ListTagsForResource" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4ITU2HGGUJ", + "PolicyName": "ServiceQuotasReadOnlyAccess", + "UpdateDate": "2020-12-21T18:11:57+00:00", + "VersionId": "v2" + }, + "ServiceQuotasServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-05-22T20:44:17+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "support:*" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4FCG7EVJIR", + "PolicyName": "ServiceQuotasServiceRolePolicy", + "UpdateDate": "2019-06-24T14:52:56+00:00", + "VersionId": "v2" + }, "SimpleWorkflowFullAccess": { "Arn": "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess", "AttachmentCount": 0, @@ -27456,7 +50065,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/job-function/SupportUser", "AttachmentCount": 0, "CreateDate": "2016-11-10T17:21:53+00:00", - "DefaultVersionId": "v2", + "DefaultVersionId": "v4", "Document": { "Statement": [ { @@ -27503,6 +50112,7 @@ aws_managed_policies_data = """ "cognito-identity:LookupDeveloperIdentity", "cognito-identity:Describe*", "cognito-idp:Describe*", + "cognito-idp:List*", "cognito-sync:Describe*", "cognito-sync:GetBulkPublishDetails", "cognito-sync:GetCognitoEvents", @@ -27546,7 +50156,6 @@ aws_managed_policies_data = """ "ec2:DescribeNatGateways", "ec2:DescribeReservedInstancesModifications", "ec2:DescribeTags", - "ec2:GetFlowLogsCount", "ecr:GetRepositoryPolicy", "ecr:BatchCheckLayerAvailability", "ecr:DescribeRepositories", @@ -27590,11 +50199,8 @@ aws_managed_policies_data = """ "iam:List*", "importexport:GetStatus", "importexport:ListJobs", - "importexport:GetJobDetail", "inspector:Describe*", "inspector:List*", - "inspector:GetAssessmentTelemetry", - "inspector:LocalizeText", "iot:Describe*", "iot:Get*", "iot:List*", @@ -27676,14 +50282,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAI3V4GSSN5SJY3P2RO", "PolicyName": "SupportUser", - "UpdateDate": "2017-05-17T23:11:51+00:00", - "VersionId": "v2" + "UpdateDate": "2020-08-18T22:30:18+00:00", + "VersionId": "v4" }, "SystemAdministrator": { "Arn": "arn:aws:iam::aws:policy/job-function/SystemAdministrator", "AttachmentCount": 0, "CreateDate": "2016-11-10T17:23:56+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -27733,6 +50339,8 @@ aws_managed_policies_data = """ "ec2:CreateInstanceExportTask", "ec2:CreateInternetGateway", "ec2:CreateKeyPair", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreatePlacementGroup", @@ -27752,6 +50360,8 @@ aws_managed_policies_data = """ "ec2:CreateVpnGateway", "ec2:DeleteFlowLogs", "ec2:DeleteKeyPair", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteNatGateway", "ec2:DeleteNetworkInterface", "ec2:DeletePlacementGroup", @@ -27778,6 +50388,7 @@ aws_managed_policies_data = """ "ec2:EnableVpcClassicLinkDnsSupport", "ec2:GetConsoleOutput", "ec2:GetHostReservationPurchasePreview", + "ec2:GetLaunchTemplateData", "ec2:GetPasswordData", "ec2:Import*", "ec2:Modify*", @@ -27930,7 +50541,6 @@ aws_managed_policies_data = """ "arn:aws:iam::*:role/rds-monitoring-role", "arn:aws:iam::*:role/ec2-sysadmin-*", "arn:aws:iam::*:role/ecr-sysadmin-*", - "arn:aws:iam::*:role/lamdba-sysadmin-*", "arn:aws:iam::*:role/lambda-sysadmin-*" ] } @@ -27943,62 +50553,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAITJPEZXCYCBXANDSW", "PolicyName": "SystemAdministrator", - "UpdateDate": "2018-10-08T21:33:45+00:00", - "VersionId": "v4" - }, - "TagPoliciesServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/TagPoliciesServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-10-26T20:02:52+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:ListAccounts", - "organizations:ListAccountsForParent", - "organizations:ListChildren", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListRoots", - "organizations:ListParents" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "organizations:DisableAWSServiceAccess" - ], - "Condition": { - "ForAllValues:StringLike": { - "organizations:ServicePrincipal": [ - "tagpolicies.tag.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJGGCZXCABSYJA7UBI", - "PolicyName": "TagPoliciesServiceRolePolicy", - "UpdateDate": "2019-05-10T21:38:33+00:00", - "VersionId": "v2" + "UpdateDate": "2020-08-24T20:05:29+00:00", + "VersionId": "v6" }, "TranslateFullAccess": { "Arn": "arn:aws:iam::aws:policy/TranslateFullAccess", "AttachmentCount": 0, "CreateDate": "2018-11-27T23:36:20+00:00", - "DefaultVersionId": "v1", + "DefaultVersionId": "v2", "Document": { "Statement": [ { @@ -28006,7 +50568,12 @@ aws_managed_policies_data = """ "translate:*", "comprehend:DetectDominantLanguage", "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics" + "cloudwatch:ListMetrics", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation", + "iam:ListRoles", + "iam:GetRole" ], "Effect": "Allow", "Resource": "*" @@ -28020,14 +50587,14 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAIAPOAEI2VFQYUK5RY", "PolicyName": "TranslateFullAccess", - "UpdateDate": "2018-11-27T23:36:20+00:00", - "VersionId": "v1" + "UpdateDate": "2020-01-08T21:22:27+00:00", + "VersionId": "v2" }, "TranslateReadOnly": { "Arn": "arn:aws:iam::aws:policy/TranslateReadOnly", "AttachmentCount": 0, "CreateDate": "2017-11-29T18:22:00+00:00", - "DefaultVersionId": "v4", + "DefaultVersionId": "v6", "Document": { "Statement": [ { @@ -28035,6 +50602,10 @@ aws_managed_policies_data = """ "translate:TranslateText", "translate:GetTerminology", "translate:ListTerminologies", + "translate:ListTextTranslationJobs", + "translate:DescribeTextTranslationJob", + "translate:GetParallelData", + "translate:ListParallelData", "comprehend:DetectDominantLanguage", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" @@ -28051,8 +50622,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAJYAMZMTQNWUDJKY2E", "PolicyName": "TranslateReadOnly", - "UpdateDate": "2018-11-27T23:29:08+00:00", - "VersionId": "v4" + "UpdateDate": "2020-11-23T17:31:06+00:00", + "VersionId": "v6" }, "VMImportExportRoleForAWSConnector": { "Arn": "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector", @@ -28098,7 +50669,7 @@ aws_managed_policies_data = """ "Arn": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess", "AttachmentCount": 0, "CreateDate": "2016-11-10T17:20:15+00:00", - "DefaultVersionId": "v7", + "DefaultVersionId": "v10", "Document": { "Statement": [ { @@ -28149,8 +50720,6 @@ aws_managed_policies_data = """ "dax:DescribeParameterGroups", "dax:DescribeParameters", "dax:DescribeSubnetGroups", - "dax:DescribeTable", - "dax:ListTables", "dax:ListTags", "devicefarm:List*", "directconnect:Describe*", @@ -28220,6 +50789,8 @@ aws_managed_policies_data = """ "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticfilesystem:DescribeFileSystems", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:List*", "elastictranscoder:List*", "es:DescribeElasticsearchDomain", @@ -28281,6 +50852,8 @@ aws_managed_policies_data = """ "route53:List*", "route53:Get*", "route53domains:List*", + "route53resolver:Get*", + "route53resolver:List*", "s3:ListAllMyBuckets", "s3:ListBucket", "sagemaker:Describe*", @@ -28303,6 +50876,7 @@ aws_managed_policies_data = """ "trustedadvisor:Describe*", "waf:List*", "waf-regional:List*", + "wafv2:List*", "workdocs:DescribeAvailableDirectories", "workdocs:DescribeInstances", "workmail:Describe*", @@ -28320,8 +50894,8 @@ aws_managed_policies_data = """ "PermissionsBoundaryUsageCount": 0, "PolicyId": "ANPAID22R6XPJATWOFDK6", "PolicyName": "ViewOnlyAccess", - "UpdateDate": "2018-10-15T18:34:54+00:00", - "VersionId": "v7" + "UpdateDate": "2020-08-18T22:51:43+00:00", + "VersionId": "v10" }, "WAFLoggingServiceRolePolicy": { "Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFLoggingServiceRolePolicy", @@ -28381,6 +50955,40 @@ aws_managed_policies_data = """ "UpdateDate": "2018-08-24T18:40:55+00:00", "VersionId": "v1" }, + "WAFV2LoggingServiceRolePolicy": { + "Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFV2LoggingServiceRolePolicy", + "AttachmentCount": 0, + "CreateDate": "2019-11-07T00:40:56+00:00", + "DefaultVersionId": "v2", + "Document": { + "Statement": [ + { + "Action": [ + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect": "Allow", + "Resource": [ + "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" + ] + }, + { + "Action": "organizations:DescribeOrganization", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "IsAttachable": true, + "IsDefaultVersion": true, + "Path": "/aws-service-role/", + "PermissionsBoundaryUsageCount": 0, + "PolicyId": "ANPAZKAPJZG4AHQ3ASNCX", + "PolicyName": "WAFV2LoggingServiceRolePolicy", + "UpdateDate": "2020-07-23T17:04:25+00:00", + "VersionId": "v2" + }, "WellArchitectedConsoleFullAccess": { "Arn": "arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess", "AttachmentCount": 0, diff --git a/tests/test_iam/test_iam.py b/tests/test_iam/test_iam.py index ab4eb23a7..4ea24c1cb 100644 --- a/tests/test_iam/test_iam.py +++ b/tests/test_iam/test_iam.py @@ -674,20 +674,15 @@ def test_get_aws_managed_policy_version(): @mock_iam -def test_get_aws_managed_policy_v4_version(): +def test_get_aws_managed_policy_v6_version(): conn = boto3.client("iam", region_name="us-east-1") managed_policy_arn = "arn:aws:iam::aws:policy/job-function/SystemAdministrator" - managed_policy_version_create_date = datetime.strptime( - "2018-10-08T21:33:45+00:00", "%Y-%m-%dT%H:%M:%S+00:00" - ) with pytest.raises(ClientError): conn.get_policy_version( PolicyArn=managed_policy_arn, VersionId="v2-does-not-exist" ) - retrieved = conn.get_policy_version(PolicyArn=managed_policy_arn, VersionId="v4") - retrieved["PolicyVersion"]["CreateDate"].replace(tzinfo=None).should.equal( - managed_policy_version_create_date - ) + retrieved = conn.get_policy_version(PolicyArn=managed_policy_arn, VersionId="v6") + retrieved["PolicyVersion"]["CreateDate"].replace(tzinfo=None).should.be.an(datetime) retrieved["PolicyVersion"]["Document"].should.be.an(dict)