aws-iam-managed-policies 0.0.486 → 0.0.487
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/managedPolicies.json +2824 -556
- package/package.json +1 -1
|
@@ -246158,8 +246158,8 @@
|
|
|
246158
246158
|
},
|
|
246159
246159
|
"AmazonGuardDutyFullAccess": {
|
|
246160
246160
|
"arn": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess",
|
|
246161
|
-
"latestVersionId": "
|
|
246162
|
-
"versionsCount":
|
|
246161
|
+
"latestVersionId": "v7",
|
|
246162
|
+
"versionsCount": 7,
|
|
246163
246163
|
"versions": {
|
|
246164
246164
|
"v1": {
|
|
246165
246165
|
"createdDate": "2017-11-28T22:31:30.000Z",
|
|
@@ -246418,10 +246418,75 @@
|
|
|
246418
246418
|
}
|
|
246419
246419
|
]
|
|
246420
246420
|
}
|
|
246421
|
+
},
|
|
246422
|
+
"v7": {
|
|
246423
|
+
"createdDate": "2017-11-28T22:31:30.000Z",
|
|
246424
|
+
"document": {
|
|
246425
|
+
"Version": "2012-10-17",
|
|
246426
|
+
"Statement": [
|
|
246427
|
+
{
|
|
246428
|
+
"Sid": "AmazonGuardDutyFullAccessSid1",
|
|
246429
|
+
"Effect": "Allow",
|
|
246430
|
+
"Action": "guardduty:*",
|
|
246431
|
+
"Resource": "*"
|
|
246432
|
+
},
|
|
246433
|
+
{
|
|
246434
|
+
"Sid": "CreateServiceLinkedRoleSid1",
|
|
246435
|
+
"Effect": "Allow",
|
|
246436
|
+
"Action": "iam:CreateServiceLinkedRole",
|
|
246437
|
+
"Resource": "*",
|
|
246438
|
+
"Condition": {
|
|
246439
|
+
"StringLike": {
|
|
246440
|
+
"iam:AWSServiceName": [
|
|
246441
|
+
"guardduty.amazonaws.com",
|
|
246442
|
+
"malware-protection.guardduty.amazonaws.com"
|
|
246443
|
+
]
|
|
246444
|
+
}
|
|
246445
|
+
}
|
|
246446
|
+
},
|
|
246447
|
+
{
|
|
246448
|
+
"Sid": "ActionsForOrganizationsSid1",
|
|
246449
|
+
"Effect": "Allow",
|
|
246450
|
+
"Action": [
|
|
246451
|
+
"organizations:EnableAWSServiceAccess",
|
|
246452
|
+
"organizations:RegisterDelegatedAdministrator",
|
|
246453
|
+
"organizations:ListDelegatedAdministrators",
|
|
246454
|
+
"organizations:ListAWSServiceAccessForOrganization",
|
|
246455
|
+
"organizations:DescribeOrganizationalUnit",
|
|
246456
|
+
"organizations:DescribeAccount",
|
|
246457
|
+
"organizations:DescribeOrganization",
|
|
246458
|
+
"organizations:ListAccounts"
|
|
246459
|
+
],
|
|
246460
|
+
"Resource": "*"
|
|
246461
|
+
},
|
|
246462
|
+
{
|
|
246463
|
+
"Sid": "IamGetRoleSid1",
|
|
246464
|
+
"Effect": "Allow",
|
|
246465
|
+
"Action": "iam:GetRole",
|
|
246466
|
+
"Resource": "arn:aws:iam::*:role/*AWSServiceRoleForAmazonGuardDutyMalwareProtection"
|
|
246467
|
+
},
|
|
246468
|
+
{
|
|
246469
|
+
"Sid": "AllowPassRoleToMalwareProtection",
|
|
246470
|
+
"Effect": "Allow",
|
|
246471
|
+
"Action": [
|
|
246472
|
+
"iam:PassRole"
|
|
246473
|
+
],
|
|
246474
|
+
"Resource": "arn:aws:iam::*:role/*",
|
|
246475
|
+
"Condition": {
|
|
246476
|
+
"StringEquals": {
|
|
246477
|
+
"iam:PassedToService": [
|
|
246478
|
+
"malware-protection-plan.guardduty.amazonaws.com",
|
|
246479
|
+
"malware-protection.guardduty.amazonaws.com"
|
|
246480
|
+
]
|
|
246481
|
+
}
|
|
246482
|
+
}
|
|
246483
|
+
}
|
|
246484
|
+
]
|
|
246485
|
+
}
|
|
246421
246486
|
}
|
|
246422
246487
|
},
|
|
246423
246488
|
"createdDate": "2017-11-28T22:31:30.000Z",
|
|
246424
|
-
"lastUpdatedDate": "
|
|
246489
|
+
"lastUpdatedDate": "2025-11-20T02:19:08.000Z"
|
|
246425
246490
|
},
|
|
246426
246491
|
"AmazonSageMakerReadOnly": {
|
|
246427
246492
|
"arn": "arn:aws:iam::aws:policy/AmazonSageMakerReadOnly",
|
|
@@ -348773,8 +348838,8 @@
|
|
|
348773
348838
|
},
|
|
348774
348839
|
"AWSLicenseManagerServiceRolePolicy": {
|
|
348775
348840
|
"arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerServiceRolePolicy",
|
|
348776
|
-
"latestVersionId": "
|
|
348777
|
-
"versionsCount":
|
|
348841
|
+
"latestVersionId": "v8",
|
|
348842
|
+
"versionsCount": 8,
|
|
348778
348843
|
"versions": {
|
|
348779
348844
|
"v1": {
|
|
348780
348845
|
"createdDate": "2018-11-26T19:02:53.000Z",
|
|
@@ -349605,151 +349670,169 @@
|
|
|
349605
349670
|
}
|
|
349606
349671
|
]
|
|
349607
349672
|
}
|
|
349608
|
-
}
|
|
349609
|
-
|
|
349610
|
-
|
|
349611
|
-
"lastUpdatedDate": "2021-07-30T01:43:19.000Z"
|
|
349612
|
-
},
|
|
349613
|
-
"AWSLicenseManagerMasterAccountRolePolicy": {
|
|
349614
|
-
"arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy",
|
|
349615
|
-
"latestVersionId": "v5",
|
|
349616
|
-
"versionsCount": 5,
|
|
349617
|
-
"versions": {
|
|
349618
|
-
"v1": {
|
|
349619
|
-
"createdDate": "2018-11-26T19:03:51.000Z",
|
|
349673
|
+
},
|
|
349674
|
+
"v8": {
|
|
349675
|
+
"createdDate": "2018-11-26T19:02:53.000Z",
|
|
349620
349676
|
"document": {
|
|
349621
349677
|
"Version": "2012-10-17",
|
|
349622
349678
|
"Statement": [
|
|
349623
349679
|
{
|
|
349624
|
-
"Sid": "
|
|
349680
|
+
"Sid": "IAMPermissions",
|
|
349681
|
+
"Effect": "Allow",
|
|
349682
|
+
"Action": [
|
|
349683
|
+
"iam:CreateServiceLinkedRole"
|
|
349684
|
+
],
|
|
349685
|
+
"Resource": [
|
|
349686
|
+
"arn:aws:iam::*:role/aws-service-role/license-management.marketplace.amazonaws.com/AWSServiceRoleForMarketplaceLicenseManagement"
|
|
349687
|
+
],
|
|
349688
|
+
"Condition": {
|
|
349689
|
+
"StringEquals": {
|
|
349690
|
+
"iam:AWSServiceName": "license-management.marketplace.amazonaws.com"
|
|
349691
|
+
}
|
|
349692
|
+
}
|
|
349693
|
+
},
|
|
349694
|
+
{
|
|
349695
|
+
"Sid": "IAMPermissionsForCreatingMemberSLR",
|
|
349696
|
+
"Effect": "Allow",
|
|
349697
|
+
"Action": [
|
|
349698
|
+
"iam:CreateServiceLinkedRole"
|
|
349699
|
+
],
|
|
349700
|
+
"Resource": [
|
|
349701
|
+
"arn:*:iam::*:role/aws-service-role/license-manager.member-account.amazonaws.com/AWSServiceRoleForAWSLicenseManagerMemberAccountRole"
|
|
349702
|
+
],
|
|
349703
|
+
"Condition": {
|
|
349704
|
+
"StringEquals": {
|
|
349705
|
+
"iam:AWSServiceName": "license-manager.member-account.amazonaws.com"
|
|
349706
|
+
}
|
|
349707
|
+
}
|
|
349708
|
+
},
|
|
349709
|
+
{
|
|
349710
|
+
"Sid": "S3BucketPermissions1",
|
|
349625
349711
|
"Effect": "Allow",
|
|
349626
349712
|
"Action": [
|
|
349627
349713
|
"s3:GetBucketLocation",
|
|
349628
|
-
"s3:ListBucket"
|
|
349629
|
-
"s3:GetLifecycleConfiguration",
|
|
349630
|
-
"s3:PutLifecycleConfiguration",
|
|
349631
|
-
"s3:GetBucketPolicy",
|
|
349632
|
-
"s3:PutBucketPolicy"
|
|
349714
|
+
"s3:ListBucket"
|
|
349633
349715
|
],
|
|
349634
349716
|
"Resource": [
|
|
349635
349717
|
"arn:aws:s3:::aws-license-manager-service-*"
|
|
349636
349718
|
]
|
|
349637
349719
|
},
|
|
349638
349720
|
{
|
|
349639
|
-
"Sid": "
|
|
349721
|
+
"Sid": "S3BucketPermissions2",
|
|
349640
349722
|
"Effect": "Allow",
|
|
349641
349723
|
"Action": [
|
|
349642
|
-
"s3:
|
|
349643
|
-
|
|
349644
|
-
|
|
349645
|
-
"
|
|
349646
|
-
|
|
349724
|
+
"s3:ListAllMyBuckets"
|
|
349725
|
+
],
|
|
349726
|
+
"Resource": [
|
|
349727
|
+
"*"
|
|
349728
|
+
]
|
|
349729
|
+
},
|
|
349730
|
+
{
|
|
349731
|
+
"Sid": "S3ObjectPermissions",
|
|
349732
|
+
"Effect": "Allow",
|
|
349733
|
+
"Action": [
|
|
349734
|
+
"s3:PutObject"
|
|
349647
349735
|
],
|
|
349648
349736
|
"Resource": [
|
|
349649
349737
|
"arn:aws:s3:::aws-license-manager-service-*"
|
|
349650
349738
|
]
|
|
349651
349739
|
},
|
|
349652
349740
|
{
|
|
349653
|
-
"Sid": "
|
|
349741
|
+
"Sid": "SNSAccountPermissions",
|
|
349654
349742
|
"Effect": "Allow",
|
|
349655
349743
|
"Action": [
|
|
349656
|
-
"
|
|
349744
|
+
"sns:Publish"
|
|
349657
349745
|
],
|
|
349658
349746
|
"Resource": [
|
|
349659
|
-
"arn:aws:
|
|
349747
|
+
"arn:aws:sns:*:*:aws-license-manager-service-*"
|
|
349660
349748
|
]
|
|
349661
349749
|
},
|
|
349662
349750
|
{
|
|
349663
|
-
"Sid": "
|
|
349751
|
+
"Sid": "SNSTopicPermissions",
|
|
349664
349752
|
"Effect": "Allow",
|
|
349665
349753
|
"Action": [
|
|
349666
|
-
"
|
|
349667
|
-
"athena:GetQueryResults",
|
|
349668
|
-
"athena:StartQueryExecution"
|
|
349754
|
+
"sns:ListTopics"
|
|
349669
349755
|
],
|
|
349670
349756
|
"Resource": [
|
|
349671
349757
|
"*"
|
|
349672
349758
|
]
|
|
349673
349759
|
},
|
|
349674
349760
|
{
|
|
349675
|
-
"Sid": "
|
|
349761
|
+
"Sid": "EC2Permissions",
|
|
349676
349762
|
"Effect": "Allow",
|
|
349677
349763
|
"Action": [
|
|
349678
|
-
"
|
|
349679
|
-
"
|
|
349680
|
-
"
|
|
349764
|
+
"ec2:DescribeInstances",
|
|
349765
|
+
"ec2:DescribeImages",
|
|
349766
|
+
"ec2:DescribeHosts"
|
|
349681
349767
|
],
|
|
349682
349768
|
"Resource": [
|
|
349683
349769
|
"*"
|
|
349684
349770
|
]
|
|
349685
349771
|
},
|
|
349686
349772
|
{
|
|
349687
|
-
"Sid": "
|
|
349773
|
+
"Sid": "SSMPermissions",
|
|
349688
349774
|
"Effect": "Allow",
|
|
349689
349775
|
"Action": [
|
|
349690
|
-
"
|
|
349691
|
-
"
|
|
349692
|
-
"
|
|
349693
|
-
"
|
|
349694
|
-
"organizations:ListParents",
|
|
349695
|
-
"organizations:ListAccountsForParent",
|
|
349696
|
-
"organizations:ListRoots",
|
|
349697
|
-
"organizations:ListAWSServiceAccessForOrganization"
|
|
349776
|
+
"ssm:ListInventoryEntries",
|
|
349777
|
+
"ssm:GetInventory",
|
|
349778
|
+
"ssm:CreateAssociation",
|
|
349779
|
+
"ssm:GetCommandInvocation"
|
|
349698
349780
|
],
|
|
349699
349781
|
"Resource": [
|
|
349700
349782
|
"*"
|
|
349701
349783
|
]
|
|
349702
349784
|
},
|
|
349703
349785
|
{
|
|
349704
|
-
"Sid": "
|
|
349786
|
+
"Sid": "SSMSendCommandPermission",
|
|
349705
349787
|
"Effect": "Allow",
|
|
349706
349788
|
"Action": [
|
|
349707
|
-
"
|
|
349708
|
-
"ram:GetResourceShareAssociations",
|
|
349709
|
-
"ram:TagResource"
|
|
349789
|
+
"ssm:SendCommand"
|
|
349710
349790
|
],
|
|
349711
349791
|
"Resource": [
|
|
349712
|
-
"
|
|
349792
|
+
"arn:aws:ec2:*:*:instance/*",
|
|
349793
|
+
"arn:aws:ssm:*:*:managed-instance/*",
|
|
349794
|
+
"arn:aws:ssm:*::document/AWSLicenseManager-*"
|
|
349713
349795
|
]
|
|
349714
349796
|
},
|
|
349715
349797
|
{
|
|
349716
|
-
"Sid": "
|
|
349798
|
+
"Sid": "OrganizationPermissions",
|
|
349717
349799
|
"Effect": "Allow",
|
|
349718
349800
|
"Action": [
|
|
349719
|
-
"
|
|
349801
|
+
"organizations:ListAWSServiceAccessForOrganization",
|
|
349802
|
+
"organizations:DescribeOrganization",
|
|
349803
|
+
"organizations:ListDelegatedAdministrators"
|
|
349720
349804
|
],
|
|
349721
349805
|
"Resource": [
|
|
349722
349806
|
"*"
|
|
349723
|
-
]
|
|
349724
|
-
"Condition": {
|
|
349725
|
-
"StringEquals": {
|
|
349726
|
-
"aws:RequestTag/Service": "LicenseManager"
|
|
349727
|
-
}
|
|
349728
|
-
}
|
|
349807
|
+
]
|
|
349729
349808
|
},
|
|
349730
349809
|
{
|
|
349731
|
-
"Sid": "
|
|
349810
|
+
"Sid": "LicenseManagerPermissions",
|
|
349732
349811
|
"Effect": "Allow",
|
|
349733
349812
|
"Action": [
|
|
349734
|
-
"
|
|
349735
|
-
"
|
|
349736
|
-
"
|
|
349737
|
-
"
|
|
349813
|
+
"license-manager:GetServiceSettings",
|
|
349814
|
+
"license-manager:GetLicense*",
|
|
349815
|
+
"license-manager:UpdateLicenseSpecificationsForResource",
|
|
349816
|
+
"license-manager:List*"
|
|
349738
349817
|
],
|
|
349739
349818
|
"Resource": [
|
|
349740
349819
|
"*"
|
|
349741
|
-
]
|
|
349742
|
-
"Condition": {
|
|
349743
|
-
"StringEquals": {
|
|
349744
|
-
"ram:ResourceTag/Service": "LicenseManager"
|
|
349745
|
-
}
|
|
349746
|
-
}
|
|
349820
|
+
]
|
|
349747
349821
|
}
|
|
349748
349822
|
]
|
|
349749
349823
|
}
|
|
349750
|
-
}
|
|
349751
|
-
|
|
349752
|
-
|
|
349824
|
+
}
|
|
349825
|
+
},
|
|
349826
|
+
"createdDate": "2018-11-26T19:02:53.000Z",
|
|
349827
|
+
"lastUpdatedDate": "2025-11-19T18:34:07.000Z"
|
|
349828
|
+
},
|
|
349829
|
+
"AWSLicenseManagerMasterAccountRolePolicy": {
|
|
349830
|
+
"arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy",
|
|
349831
|
+
"latestVersionId": "v5",
|
|
349832
|
+
"versionsCount": 5,
|
|
349833
|
+
"versions": {
|
|
349834
|
+
"v1": {
|
|
349835
|
+
"createdDate": "2018-11-26T19:03:51.000Z",
|
|
349753
349836
|
"document": {
|
|
349754
349837
|
"Version": "2012-10-17",
|
|
349755
349838
|
"Statement": [
|
|
@@ -349877,61 +349960,194 @@
|
|
|
349877
349960
|
"ram:ResourceTag/Service": "LicenseManager"
|
|
349878
349961
|
}
|
|
349879
349962
|
}
|
|
349880
|
-
},
|
|
349881
|
-
{
|
|
349882
|
-
"Sid": "IamPermission",
|
|
349883
|
-
"Effect": "Allow",
|
|
349884
|
-
"Action": [
|
|
349885
|
-
"iam:GetRole",
|
|
349886
|
-
"iam:PassRole"
|
|
349887
|
-
],
|
|
349888
|
-
"Resource": [
|
|
349889
|
-
"arn:aws:iam::*:role/*"
|
|
349890
|
-
],
|
|
349891
|
-
"Condition": {
|
|
349892
|
-
"StringEquals": {
|
|
349893
|
-
"iam:PassedToService": "byol.amazonaws.com"
|
|
349894
|
-
}
|
|
349895
|
-
}
|
|
349896
|
-
},
|
|
349897
|
-
{
|
|
349898
|
-
"Sid": "CloudformationPermission",
|
|
349899
|
-
"Effect": "Allow",
|
|
349900
|
-
"Action": [
|
|
349901
|
-
"cloudformation:UpdateStack",
|
|
349902
|
-
"cloudformation:CreateStack",
|
|
349903
|
-
"cloudformation:DeleteStack",
|
|
349904
|
-
"cloudformation:DescribeStacks"
|
|
349905
|
-
],
|
|
349906
|
-
"Resource": [
|
|
349907
|
-
"arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*"
|
|
349908
|
-
]
|
|
349909
|
-
},
|
|
349910
|
-
{
|
|
349911
|
-
"Sid": "GlueUpdatePermissions",
|
|
349912
|
-
"Effect": "Allow",
|
|
349913
|
-
"Action": [
|
|
349914
|
-
"glue:CreateTable",
|
|
349915
|
-
"glue:UpdateTable",
|
|
349916
|
-
"glue:DeleteTable",
|
|
349917
|
-
"glue:UpdateJob",
|
|
349918
|
-
"glue:UpdateCrawler"
|
|
349919
|
-
],
|
|
349920
|
-
"Resource": [
|
|
349921
|
-
"arn:aws:glue:*:*:catalog",
|
|
349922
|
-
"arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler",
|
|
349923
|
-
"arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob",
|
|
349924
|
-
"arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*",
|
|
349925
|
-
"arn:aws:glue:*:*:table/license_manager_resource_sync/*",
|
|
349926
|
-
"arn:aws:glue:*:*:database/license_manager_resource_inventory_db",
|
|
349927
|
-
"arn:aws:glue:*:*:database/license_manager_resource_sync"
|
|
349928
|
-
]
|
|
349929
349963
|
}
|
|
349930
349964
|
]
|
|
349931
349965
|
}
|
|
349932
349966
|
},
|
|
349933
|
-
"
|
|
349934
|
-
"createdDate": "2019-08-
|
|
349967
|
+
"v2": {
|
|
349968
|
+
"createdDate": "2019-08-22T20:05:35.000Z",
|
|
349969
|
+
"document": {
|
|
349970
|
+
"Version": "2012-10-17",
|
|
349971
|
+
"Statement": [
|
|
349972
|
+
{
|
|
349973
|
+
"Sid": "S3BucketPermissions",
|
|
349974
|
+
"Effect": "Allow",
|
|
349975
|
+
"Action": [
|
|
349976
|
+
"s3:GetBucketLocation",
|
|
349977
|
+
"s3:ListBucket",
|
|
349978
|
+
"s3:GetLifecycleConfiguration",
|
|
349979
|
+
"s3:PutLifecycleConfiguration",
|
|
349980
|
+
"s3:GetBucketPolicy",
|
|
349981
|
+
"s3:PutBucketPolicy"
|
|
349982
|
+
],
|
|
349983
|
+
"Resource": [
|
|
349984
|
+
"arn:aws:s3:::aws-license-manager-service-*"
|
|
349985
|
+
]
|
|
349986
|
+
},
|
|
349987
|
+
{
|
|
349988
|
+
"Sid": "S3ObjectPermissions1",
|
|
349989
|
+
"Effect": "Allow",
|
|
349990
|
+
"Action": [
|
|
349991
|
+
"s3:AbortMultipartUpload",
|
|
349992
|
+
"s3:PutObject",
|
|
349993
|
+
"s3:GetObject",
|
|
349994
|
+
"s3:ListBucketMultipartUploads",
|
|
349995
|
+
"s3:ListMultipartUploadParts"
|
|
349996
|
+
],
|
|
349997
|
+
"Resource": [
|
|
349998
|
+
"arn:aws:s3:::aws-license-manager-service-*"
|
|
349999
|
+
]
|
|
350000
|
+
},
|
|
350001
|
+
{
|
|
350002
|
+
"Sid": "S3ObjectPermissions2",
|
|
350003
|
+
"Effect": "Allow",
|
|
350004
|
+
"Action": [
|
|
350005
|
+
"s3:DeleteObject"
|
|
350006
|
+
],
|
|
350007
|
+
"Resource": [
|
|
350008
|
+
"arn:aws:s3:::aws-license-manager-service-*/resource_sync/*"
|
|
350009
|
+
]
|
|
350010
|
+
},
|
|
350011
|
+
{
|
|
350012
|
+
"Sid": "AthenaPermissions",
|
|
350013
|
+
"Effect": "Allow",
|
|
350014
|
+
"Action": [
|
|
350015
|
+
"athena:GetQueryExecution",
|
|
350016
|
+
"athena:GetQueryResults",
|
|
350017
|
+
"athena:StartQueryExecution"
|
|
350018
|
+
],
|
|
350019
|
+
"Resource": [
|
|
350020
|
+
"*"
|
|
350021
|
+
]
|
|
350022
|
+
},
|
|
350023
|
+
{
|
|
350024
|
+
"Sid": "GluePermissions",
|
|
350025
|
+
"Effect": "Allow",
|
|
350026
|
+
"Action": [
|
|
350027
|
+
"glue:GetTable",
|
|
350028
|
+
"glue:GetPartition",
|
|
350029
|
+
"glue:GetPartitions"
|
|
350030
|
+
],
|
|
350031
|
+
"Resource": [
|
|
350032
|
+
"*"
|
|
350033
|
+
]
|
|
350034
|
+
},
|
|
350035
|
+
{
|
|
350036
|
+
"Sid": "OrganizationPermissions",
|
|
350037
|
+
"Effect": "Allow",
|
|
350038
|
+
"Action": [
|
|
350039
|
+
"organizations:DescribeOrganization",
|
|
350040
|
+
"organizations:ListAccounts",
|
|
350041
|
+
"organizations:DescribeAccount",
|
|
350042
|
+
"organizations:ListChildren",
|
|
350043
|
+
"organizations:ListParents",
|
|
350044
|
+
"organizations:ListAccountsForParent",
|
|
350045
|
+
"organizations:ListRoots",
|
|
350046
|
+
"organizations:ListAWSServiceAccessForOrganization"
|
|
350047
|
+
],
|
|
350048
|
+
"Resource": [
|
|
350049
|
+
"*"
|
|
350050
|
+
]
|
|
350051
|
+
},
|
|
350052
|
+
{
|
|
350053
|
+
"Sid": "RAMPermissions1",
|
|
350054
|
+
"Effect": "Allow",
|
|
350055
|
+
"Action": [
|
|
350056
|
+
"ram:GetResourceShares",
|
|
350057
|
+
"ram:GetResourceShareAssociations",
|
|
350058
|
+
"ram:TagResource"
|
|
350059
|
+
],
|
|
350060
|
+
"Resource": [
|
|
350061
|
+
"*"
|
|
350062
|
+
]
|
|
350063
|
+
},
|
|
350064
|
+
{
|
|
350065
|
+
"Sid": "RAMPermissions2",
|
|
350066
|
+
"Effect": "Allow",
|
|
350067
|
+
"Action": [
|
|
350068
|
+
"ram:CreateResourceShare"
|
|
350069
|
+
],
|
|
350070
|
+
"Resource": [
|
|
350071
|
+
"*"
|
|
350072
|
+
],
|
|
350073
|
+
"Condition": {
|
|
350074
|
+
"StringEquals": {
|
|
350075
|
+
"aws:RequestTag/Service": "LicenseManager"
|
|
350076
|
+
}
|
|
350077
|
+
}
|
|
350078
|
+
},
|
|
350079
|
+
{
|
|
350080
|
+
"Sid": "RAMPermissions3",
|
|
350081
|
+
"Effect": "Allow",
|
|
350082
|
+
"Action": [
|
|
350083
|
+
"ram:AssociateResourceShare",
|
|
350084
|
+
"ram:DisassociateResourceShare",
|
|
350085
|
+
"ram:UpdateResourceShare",
|
|
350086
|
+
"ram:DeleteResourceShare"
|
|
350087
|
+
],
|
|
350088
|
+
"Resource": [
|
|
350089
|
+
"*"
|
|
350090
|
+
],
|
|
350091
|
+
"Condition": {
|
|
350092
|
+
"StringEquals": {
|
|
350093
|
+
"ram:ResourceTag/Service": "LicenseManager"
|
|
350094
|
+
}
|
|
350095
|
+
}
|
|
350096
|
+
},
|
|
350097
|
+
{
|
|
350098
|
+
"Sid": "IamPermission",
|
|
350099
|
+
"Effect": "Allow",
|
|
350100
|
+
"Action": [
|
|
350101
|
+
"iam:GetRole",
|
|
350102
|
+
"iam:PassRole"
|
|
350103
|
+
],
|
|
350104
|
+
"Resource": [
|
|
350105
|
+
"arn:aws:iam::*:role/*"
|
|
350106
|
+
],
|
|
350107
|
+
"Condition": {
|
|
350108
|
+
"StringEquals": {
|
|
350109
|
+
"iam:PassedToService": "byol.amazonaws.com"
|
|
350110
|
+
}
|
|
350111
|
+
}
|
|
350112
|
+
},
|
|
350113
|
+
{
|
|
350114
|
+
"Sid": "CloudformationPermission",
|
|
350115
|
+
"Effect": "Allow",
|
|
350116
|
+
"Action": [
|
|
350117
|
+
"cloudformation:UpdateStack",
|
|
350118
|
+
"cloudformation:CreateStack",
|
|
350119
|
+
"cloudformation:DeleteStack",
|
|
350120
|
+
"cloudformation:DescribeStacks"
|
|
350121
|
+
],
|
|
350122
|
+
"Resource": [
|
|
350123
|
+
"arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*"
|
|
350124
|
+
]
|
|
350125
|
+
},
|
|
350126
|
+
{
|
|
350127
|
+
"Sid": "GlueUpdatePermissions",
|
|
350128
|
+
"Effect": "Allow",
|
|
350129
|
+
"Action": [
|
|
350130
|
+
"glue:CreateTable",
|
|
350131
|
+
"glue:UpdateTable",
|
|
350132
|
+
"glue:DeleteTable",
|
|
350133
|
+
"glue:UpdateJob",
|
|
350134
|
+
"glue:UpdateCrawler"
|
|
350135
|
+
],
|
|
350136
|
+
"Resource": [
|
|
350137
|
+
"arn:aws:glue:*:*:catalog",
|
|
350138
|
+
"arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler",
|
|
350139
|
+
"arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob",
|
|
350140
|
+
"arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*",
|
|
350141
|
+
"arn:aws:glue:*:*:table/license_manager_resource_sync/*",
|
|
350142
|
+
"arn:aws:glue:*:*:database/license_manager_resource_inventory_db",
|
|
350143
|
+
"arn:aws:glue:*:*:database/license_manager_resource_sync"
|
|
350144
|
+
]
|
|
350145
|
+
}
|
|
350146
|
+
]
|
|
350147
|
+
}
|
|
350148
|
+
},
|
|
350149
|
+
"v3": {
|
|
350150
|
+
"createdDate": "2019-08-29T22:56:41.000Z",
|
|
349935
350151
|
"document": {
|
|
349936
350152
|
"Version": "2012-10-17",
|
|
349937
350153
|
"Statement": [
|
|
@@ -397547,8 +397763,8 @@
|
|
|
397547
397763
|
},
|
|
397548
397764
|
"AWSPrivateMarketplaceRequests": {
|
|
397549
397765
|
"arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceRequests",
|
|
397550
|
-
"latestVersionId": "
|
|
397551
|
-
"versionsCount":
|
|
397766
|
+
"latestVersionId": "v2",
|
|
397767
|
+
"versionsCount": 2,
|
|
397552
397768
|
"versions": {
|
|
397553
397769
|
"v1": {
|
|
397554
397770
|
"createdDate": "2019-10-28T21:44:03.000Z",
|
|
@@ -397566,94 +397782,172 @@
|
|
|
397566
397782
|
}
|
|
397567
397783
|
]
|
|
397568
397784
|
}
|
|
397569
|
-
}
|
|
397570
|
-
|
|
397571
|
-
|
|
397572
|
-
"lastUpdatedDate": "2019-10-28T21:44:03.000Z"
|
|
397573
|
-
},
|
|
397574
|
-
"AWSForWordPressPluginPolicy": {
|
|
397575
|
-
"arn": "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy",
|
|
397576
|
-
"latestVersionId": "v2",
|
|
397577
|
-
"versionsCount": 2,
|
|
397578
|
-
"versions": {
|
|
397579
|
-
"v1": {
|
|
397580
|
-
"createdDate": "2019-10-30T00:27:46.000Z",
|
|
397785
|
+
},
|
|
397786
|
+
"v2": {
|
|
397787
|
+
"createdDate": "2019-10-28T21:44:03.000Z",
|
|
397581
397788
|
"document": {
|
|
397582
397789
|
"Version": "2012-10-17",
|
|
397583
397790
|
"Statement": [
|
|
397584
397791
|
{
|
|
397585
|
-
"Sid": "
|
|
397792
|
+
"Sid": "LegacyPrivateMarketplaceRequestsPermissions",
|
|
397586
397793
|
"Effect": "Allow",
|
|
397587
397794
|
"Action": [
|
|
397588
|
-
"
|
|
397589
|
-
"
|
|
397590
|
-
"
|
|
397591
|
-
"translate:TranslateText"
|
|
397795
|
+
"aws-marketplace:CreatePrivateMarketplaceRequests",
|
|
397796
|
+
"aws-marketplace:ListPrivateMarketplaceRequests",
|
|
397797
|
+
"aws-marketplace:DescribePrivateMarketplaceRequests"
|
|
397592
397798
|
],
|
|
397593
397799
|
"Resource": "*"
|
|
397594
397800
|
},
|
|
397595
397801
|
{
|
|
397596
|
-
"Sid": "
|
|
397802
|
+
"Sid": "PrivateMarketplaceManageRequestsPermissions",
|
|
397597
397803
|
"Effect": "Allow",
|
|
397598
397804
|
"Action": [
|
|
397599
|
-
"
|
|
397600
|
-
"s3:GetBucketAcl",
|
|
397601
|
-
"s3:GetBucketPolicy",
|
|
397602
|
-
"s3:PutObject",
|
|
397603
|
-
"s3:DeleteObject",
|
|
397604
|
-
"s3:CreateBucket",
|
|
397605
|
-
"s3:PutObjectAcl"
|
|
397805
|
+
"aws-marketplace:StartChangeSet"
|
|
397606
397806
|
],
|
|
397607
397807
|
"Resource": [
|
|
397608
|
-
"arn:aws:
|
|
397609
|
-
"arn:aws:
|
|
397808
|
+
"arn:aws:aws-marketplace:*:*:AWSMarketplace/ProductProcurementRequest/*",
|
|
397809
|
+
"arn:aws:aws-marketplace:*:*:AWSMarketplace/ChangeSet/*"
|
|
397810
|
+
],
|
|
397811
|
+
"Condition": {
|
|
397812
|
+
"StringEquals": {
|
|
397813
|
+
"catalog:ChangeType": [
|
|
397814
|
+
"CreateProductProcurementRequest",
|
|
397815
|
+
"CancelProductProcurementRequest"
|
|
397816
|
+
]
|
|
397817
|
+
}
|
|
397818
|
+
}
|
|
397819
|
+
},
|
|
397820
|
+
{
|
|
397821
|
+
"Sid": "PrivateMarketplaceReadRequestsPermissions",
|
|
397822
|
+
"Effect": "Allow",
|
|
397823
|
+
"Action": [
|
|
397824
|
+
"aws-marketplace:DescribeEntity"
|
|
397825
|
+
],
|
|
397826
|
+
"Resource": [
|
|
397827
|
+
"arn:aws:aws-marketplace:*:*:AWSMarketplace/ProductProcurementRequest/*"
|
|
397610
397828
|
]
|
|
397611
397829
|
},
|
|
397612
397830
|
{
|
|
397613
|
-
"Sid": "
|
|
397831
|
+
"Sid": "PrivateMarketplaceListRequestsPermissions",
|
|
397614
397832
|
"Effect": "Allow",
|
|
397615
397833
|
"Action": [
|
|
397616
|
-
"
|
|
397617
|
-
"
|
|
397618
|
-
"acm:RequestCertificate",
|
|
397619
|
-
"cloudformation:CreateStack",
|
|
397620
|
-
"cloudfront:ListDistributions"
|
|
397834
|
+
"aws-marketplace:ListEntities",
|
|
397835
|
+
"aws-marketplace:ListChangeSets"
|
|
397621
397836
|
],
|
|
397622
|
-
"Resource": "*"
|
|
397623
|
-
"Condition": {
|
|
397624
|
-
"StringEquals": {
|
|
397625
|
-
"aws:RequestedRegion": "us-east-1"
|
|
397626
|
-
}
|
|
397627
|
-
}
|
|
397837
|
+
"Resource": "*"
|
|
397628
397838
|
},
|
|
397629
397839
|
{
|
|
397630
|
-
"Sid": "
|
|
397840
|
+
"Sid": "PrivateMarketplaceReadChangeSetPermissions",
|
|
397631
397841
|
"Effect": "Allow",
|
|
397632
397842
|
"Action": [
|
|
397633
|
-
"
|
|
397634
|
-
"cloudformation:DescribeStackEvents",
|
|
397635
|
-
"cloudformation:DescribeStackResources",
|
|
397636
|
-
"cloudformation:UpdateStack",
|
|
397637
|
-
"cloudfront:CreateDistribution",
|
|
397638
|
-
"cloudfront:CreateInvalidation",
|
|
397639
|
-
"cloudfront:DeleteDistribution",
|
|
397640
|
-
"cloudfront:GetDistribution",
|
|
397641
|
-
"cloudfront:GetInvalidation",
|
|
397642
|
-
"cloudfront:TagResource",
|
|
397643
|
-
"cloudfront:UpdateDistribution"
|
|
397843
|
+
"aws-marketplace:DescribeChangeSet"
|
|
397644
397844
|
],
|
|
397645
|
-
"Resource":
|
|
397646
|
-
|
|
397647
|
-
|
|
397648
|
-
|
|
397649
|
-
|
|
397650
|
-
|
|
397845
|
+
"Resource": [
|
|
397846
|
+
"arn:aws:aws-marketplace:*:*:AWSMarketplace/ChangeSet/*"
|
|
397847
|
+
]
|
|
397848
|
+
},
|
|
397849
|
+
{
|
|
397850
|
+
"Sid": "PrivateMarketplaceTaggingRequestsPermissions",
|
|
397851
|
+
"Effect": "Allow",
|
|
397852
|
+
"Action": [
|
|
397853
|
+
"aws-marketplace:TagResource",
|
|
397854
|
+
"aws-marketplace:UntagResource",
|
|
397855
|
+
"aws-marketplace:ListTagsForResource"
|
|
397856
|
+
],
|
|
397857
|
+
"Resource": [
|
|
397858
|
+
"arn:aws:aws-marketplace:*:*:AWSMarketplace/ProductProcurementRequest/*"
|
|
397859
|
+
]
|
|
397651
397860
|
}
|
|
397652
397861
|
]
|
|
397653
397862
|
}
|
|
397654
|
-
}
|
|
397655
|
-
|
|
397656
|
-
|
|
397863
|
+
}
|
|
397864
|
+
},
|
|
397865
|
+
"createdDate": "2019-10-28T21:44:03.000Z",
|
|
397866
|
+
"lastUpdatedDate": "2025-11-19T19:19:11.000Z"
|
|
397867
|
+
},
|
|
397868
|
+
"AWSForWordPressPluginPolicy": {
|
|
397869
|
+
"arn": "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy",
|
|
397870
|
+
"latestVersionId": "v2",
|
|
397871
|
+
"versionsCount": 2,
|
|
397872
|
+
"versions": {
|
|
397873
|
+
"v1": {
|
|
397874
|
+
"createdDate": "2019-10-30T00:27:46.000Z",
|
|
397875
|
+
"document": {
|
|
397876
|
+
"Version": "2012-10-17",
|
|
397877
|
+
"Statement": [
|
|
397878
|
+
{
|
|
397879
|
+
"Sid": "Permissions1",
|
|
397880
|
+
"Effect": "Allow",
|
|
397881
|
+
"Action": [
|
|
397882
|
+
"s3:HeadBucket",
|
|
397883
|
+
"polly:SynthesizeSpeech",
|
|
397884
|
+
"polly:DescribeVoices",
|
|
397885
|
+
"translate:TranslateText"
|
|
397886
|
+
],
|
|
397887
|
+
"Resource": "*"
|
|
397888
|
+
},
|
|
397889
|
+
{
|
|
397890
|
+
"Sid": "Permissions2",
|
|
397891
|
+
"Effect": "Allow",
|
|
397892
|
+
"Action": [
|
|
397893
|
+
"s3:ListBucket",
|
|
397894
|
+
"s3:GetBucketAcl",
|
|
397895
|
+
"s3:GetBucketPolicy",
|
|
397896
|
+
"s3:PutObject",
|
|
397897
|
+
"s3:DeleteObject",
|
|
397898
|
+
"s3:CreateBucket",
|
|
397899
|
+
"s3:PutObjectAcl"
|
|
397900
|
+
],
|
|
397901
|
+
"Resource": [
|
|
397902
|
+
"arn:aws:s3:::audio_for_wordpress*",
|
|
397903
|
+
"arn:aws:s3:::audio-for-wordpress*"
|
|
397904
|
+
]
|
|
397905
|
+
},
|
|
397906
|
+
{
|
|
397907
|
+
"Sid": "Permissions3",
|
|
397908
|
+
"Effect": "Allow",
|
|
397909
|
+
"Action": [
|
|
397910
|
+
"acm:AddTagsToCertificate",
|
|
397911
|
+
"acm:DescribeCertificate",
|
|
397912
|
+
"acm:RequestCertificate",
|
|
397913
|
+
"cloudformation:CreateStack",
|
|
397914
|
+
"cloudfront:ListDistributions"
|
|
397915
|
+
],
|
|
397916
|
+
"Resource": "*",
|
|
397917
|
+
"Condition": {
|
|
397918
|
+
"StringEquals": {
|
|
397919
|
+
"aws:RequestedRegion": "us-east-1"
|
|
397920
|
+
}
|
|
397921
|
+
}
|
|
397922
|
+
},
|
|
397923
|
+
{
|
|
397924
|
+
"Sid": "Permissions4",
|
|
397925
|
+
"Effect": "Allow",
|
|
397926
|
+
"Action": [
|
|
397927
|
+
"cloudformation:DeleteStack",
|
|
397928
|
+
"cloudformation:DescribeStackEvents",
|
|
397929
|
+
"cloudformation:DescribeStackResources",
|
|
397930
|
+
"cloudformation:UpdateStack",
|
|
397931
|
+
"cloudfront:CreateDistribution",
|
|
397932
|
+
"cloudfront:CreateInvalidation",
|
|
397933
|
+
"cloudfront:DeleteDistribution",
|
|
397934
|
+
"cloudfront:GetDistribution",
|
|
397935
|
+
"cloudfront:GetInvalidation",
|
|
397936
|
+
"cloudfront:TagResource",
|
|
397937
|
+
"cloudfront:UpdateDistribution"
|
|
397938
|
+
],
|
|
397939
|
+
"Resource": "*",
|
|
397940
|
+
"Condition": {
|
|
397941
|
+
"StringEquals": {
|
|
397942
|
+
"aws:ResourceTag/createdBy": "AWSForWordPressPlugin"
|
|
397943
|
+
}
|
|
397944
|
+
}
|
|
397945
|
+
}
|
|
397946
|
+
]
|
|
397947
|
+
}
|
|
397948
|
+
},
|
|
397949
|
+
"v2": {
|
|
397950
|
+
"createdDate": "2020-01-20T23:20:47.000Z",
|
|
397657
397951
|
"document": {
|
|
397658
397952
|
"Version": "2012-10-17",
|
|
397659
397953
|
"Statement": [
|
|
@@ -405169,8 +405463,8 @@
|
|
|
405169
405463
|
},
|
|
405170
405464
|
"AWSBackupFullAccess": {
|
|
405171
405465
|
"arn": "arn:aws:iam::aws:policy/AWSBackupFullAccess",
|
|
405172
|
-
"latestVersionId": "
|
|
405173
|
-
"versionsCount":
|
|
405466
|
+
"latestVersionId": "v22",
|
|
405467
|
+
"versionsCount": 22,
|
|
405174
405468
|
"versions": {
|
|
405175
405469
|
"v2": {
|
|
405176
405470
|
"createdDate": "2020-01-13T18:40:45.000Z",
|
|
@@ -409097,22 +409391,430 @@
|
|
|
409097
409391
|
]
|
|
409098
409392
|
}
|
|
409099
409393
|
},
|
|
409100
|
-
"v16": {
|
|
409394
|
+
"v16": {
|
|
409395
|
+
"createdDate": "2019-11-18T22:21:52.000Z",
|
|
409396
|
+
"document": {
|
|
409397
|
+
"Version": "2012-10-17",
|
|
409398
|
+
"Statement": [
|
|
409399
|
+
{
|
|
409400
|
+
"Effect": "Allow",
|
|
409401
|
+
"Action": "backup:*",
|
|
409402
|
+
"Resource": "*"
|
|
409403
|
+
},
|
|
409404
|
+
{
|
|
409405
|
+
"Effect": "Allow",
|
|
409406
|
+
"Action": "backup-storage:*",
|
|
409407
|
+
"Resource": "*"
|
|
409408
|
+
},
|
|
409409
|
+
{
|
|
409410
|
+
"Effect": "Allow",
|
|
409411
|
+
"Action": [
|
|
409412
|
+
"rds:DescribeDBSnapshots",
|
|
409413
|
+
"rds:ListTagsForResource",
|
|
409414
|
+
"rds:DescribeDBInstances",
|
|
409415
|
+
"rds:describeDBEngineVersions",
|
|
409416
|
+
"rds:describeOptionGroups",
|
|
409417
|
+
"rds:describeOrderableDBInstanceOptions",
|
|
409418
|
+
"rds:describeDBSubnetGroups",
|
|
409419
|
+
"rds:describeDBClusterSnapshots",
|
|
409420
|
+
"rds:describeDBClusters",
|
|
409421
|
+
"rds:describeDBParameterGroups",
|
|
409422
|
+
"rds:DescribeDBClusterParameterGroups",
|
|
409423
|
+
"rds:DescribeDBInstanceAutomatedBackups",
|
|
409424
|
+
"rds:DescribeDBClusterAutomatedBackups"
|
|
409425
|
+
],
|
|
409426
|
+
"Resource": "*"
|
|
409427
|
+
},
|
|
409428
|
+
{
|
|
409429
|
+
"Effect": "Allow",
|
|
409430
|
+
"Action": [
|
|
409431
|
+
"rds:DeleteDBSnapshot",
|
|
409432
|
+
"rds:DeleteDBClusterSnapshot"
|
|
409433
|
+
],
|
|
409434
|
+
"Resource": "*",
|
|
409435
|
+
"Condition": {
|
|
409436
|
+
"ForAnyValue:StringEquals": {
|
|
409437
|
+
"aws:CalledVia": [
|
|
409438
|
+
"backup.amazonaws.com"
|
|
409439
|
+
]
|
|
409440
|
+
}
|
|
409441
|
+
}
|
|
409442
|
+
},
|
|
409443
|
+
{
|
|
409444
|
+
"Effect": "Allow",
|
|
409445
|
+
"Action": [
|
|
409446
|
+
"dynamodb:ListBackups",
|
|
409447
|
+
"dynamodb:ListTables"
|
|
409448
|
+
],
|
|
409449
|
+
"Resource": "*"
|
|
409450
|
+
},
|
|
409451
|
+
{
|
|
409452
|
+
"Effect": "Allow",
|
|
409453
|
+
"Action": [
|
|
409454
|
+
"dynamodb:DeleteBackup"
|
|
409455
|
+
],
|
|
409456
|
+
"Resource": "*",
|
|
409457
|
+
"Condition": {
|
|
409458
|
+
"ForAnyValue:StringEquals": {
|
|
409459
|
+
"aws:CalledVia": [
|
|
409460
|
+
"backup.amazonaws.com"
|
|
409461
|
+
]
|
|
409462
|
+
}
|
|
409463
|
+
}
|
|
409464
|
+
},
|
|
409465
|
+
{
|
|
409466
|
+
"Effect": "Allow",
|
|
409467
|
+
"Action": [
|
|
409468
|
+
"elasticfilesystem:DescribeFilesystems"
|
|
409469
|
+
],
|
|
409470
|
+
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
|
|
409471
|
+
},
|
|
409472
|
+
{
|
|
409473
|
+
"Effect": "Allow",
|
|
409474
|
+
"Action": [
|
|
409475
|
+
"ec2:DescribeSnapshots",
|
|
409476
|
+
"ec2:DescribeVolumes",
|
|
409477
|
+
"ec2:describeAvailabilityZones",
|
|
409478
|
+
"ec2:DescribeVpcs",
|
|
409479
|
+
"ec2:DescribeAccountAttributes",
|
|
409480
|
+
"ec2:DescribeSecurityGroups",
|
|
409481
|
+
"ec2:DescribeImages",
|
|
409482
|
+
"ec2:DescribeSubnets",
|
|
409483
|
+
"ec2:DescribePlacementGroups",
|
|
409484
|
+
"ec2:DescribeInstances",
|
|
409485
|
+
"ec2:DescribeInstanceTypes",
|
|
409486
|
+
"ec2:DescribeVpcEndpoints"
|
|
409487
|
+
],
|
|
409488
|
+
"Resource": "*"
|
|
409489
|
+
},
|
|
409490
|
+
{
|
|
409491
|
+
"Effect": "Allow",
|
|
409492
|
+
"Action": [
|
|
409493
|
+
"ec2:DeleteSnapshot",
|
|
409494
|
+
"ec2:DeregisterImage"
|
|
409495
|
+
],
|
|
409496
|
+
"Resource": "*",
|
|
409497
|
+
"Condition": {
|
|
409498
|
+
"ForAnyValue:StringEquals": {
|
|
409499
|
+
"aws:CalledVia": [
|
|
409500
|
+
"backup.amazonaws.com"
|
|
409501
|
+
]
|
|
409502
|
+
}
|
|
409503
|
+
}
|
|
409504
|
+
},
|
|
409505
|
+
{
|
|
409506
|
+
"Effect": "Allow",
|
|
409507
|
+
"Action": [
|
|
409508
|
+
"tag:GetTagKeys",
|
|
409509
|
+
"tag:GetTagValues",
|
|
409510
|
+
"tag:GetResources"
|
|
409511
|
+
],
|
|
409512
|
+
"Resource": "*"
|
|
409513
|
+
},
|
|
409514
|
+
{
|
|
409515
|
+
"Effect": "Allow",
|
|
409516
|
+
"Action": [
|
|
409517
|
+
"storagegateway:DescribeCachediSCSIVolumes",
|
|
409518
|
+
"storagegateway:DescribeStorediSCSIVolumes"
|
|
409519
|
+
],
|
|
409520
|
+
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
|
|
409521
|
+
},
|
|
409522
|
+
{
|
|
409523
|
+
"Effect": "Allow",
|
|
409524
|
+
"Action": [
|
|
409525
|
+
"storagegateway:ListGateways"
|
|
409526
|
+
],
|
|
409527
|
+
"Resource": "arn:aws:storagegateway:*:*:*"
|
|
409528
|
+
},
|
|
409529
|
+
{
|
|
409530
|
+
"Effect": "Allow",
|
|
409531
|
+
"Action": [
|
|
409532
|
+
"storagegateway:DescribeGatewayInformation",
|
|
409533
|
+
"storagegateway:ListVolumes",
|
|
409534
|
+
"storagegateway:ListLocalDisks"
|
|
409535
|
+
],
|
|
409536
|
+
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
|
|
409537
|
+
},
|
|
409538
|
+
{
|
|
409539
|
+
"Effect": "Allow",
|
|
409540
|
+
"Action": [
|
|
409541
|
+
"iam:ListRoles",
|
|
409542
|
+
"iam:GetRole"
|
|
409543
|
+
],
|
|
409544
|
+
"Resource": "*"
|
|
409545
|
+
},
|
|
409546
|
+
{
|
|
409547
|
+
"Effect": "Allow",
|
|
409548
|
+
"Action": "iam:PassRole",
|
|
409549
|
+
"Resource": [
|
|
409550
|
+
"arn:aws:iam::*:role/*AwsBackup*",
|
|
409551
|
+
"arn:aws:iam::*:role/*AWSBackup*"
|
|
409552
|
+
],
|
|
409553
|
+
"Condition": {
|
|
409554
|
+
"StringLike": {
|
|
409555
|
+
"iam:PassedToService": "backup.amazonaws.com"
|
|
409556
|
+
}
|
|
409557
|
+
}
|
|
409558
|
+
},
|
|
409559
|
+
{
|
|
409560
|
+
"Effect": "Allow",
|
|
409561
|
+
"Action": "organizations:DescribeOrganization",
|
|
409562
|
+
"Resource": "*"
|
|
409563
|
+
},
|
|
409564
|
+
{
|
|
409565
|
+
"Effect": "Allow",
|
|
409566
|
+
"Action": [
|
|
409567
|
+
"kms:ListKeys",
|
|
409568
|
+
"kms:DescribeKey",
|
|
409569
|
+
"kms:GenerateDataKey",
|
|
409570
|
+
"kms:ListAliases"
|
|
409571
|
+
],
|
|
409572
|
+
"Resource": "*"
|
|
409573
|
+
},
|
|
409574
|
+
{
|
|
409575
|
+
"Effect": "Allow",
|
|
409576
|
+
"Action": [
|
|
409577
|
+
"kms:CreateGrant"
|
|
409578
|
+
],
|
|
409579
|
+
"Resource": "*",
|
|
409580
|
+
"Condition": {
|
|
409581
|
+
"ForAnyValue:StringEquals": {
|
|
409582
|
+
"kms:EncryptionContextKeys": "aws:backup:backup-vault"
|
|
409583
|
+
},
|
|
409584
|
+
"Bool": {
|
|
409585
|
+
"kms:GrantIsForAWSResource": true
|
|
409586
|
+
},
|
|
409587
|
+
"StringLike": {
|
|
409588
|
+
"kms:ViaService": "backup.*.amazonaws.com"
|
|
409589
|
+
}
|
|
409590
|
+
}
|
|
409591
|
+
},
|
|
409592
|
+
{
|
|
409593
|
+
"Effect": "Allow",
|
|
409594
|
+
"Action": [
|
|
409595
|
+
"ssm:CancelCommand",
|
|
409596
|
+
"ssm:GetCommandInvocation"
|
|
409597
|
+
],
|
|
409598
|
+
"Resource": "*"
|
|
409599
|
+
},
|
|
409600
|
+
{
|
|
409601
|
+
"Effect": "Allow",
|
|
409602
|
+
"Action": "ssm:SendCommand",
|
|
409603
|
+
"Resource": [
|
|
409604
|
+
"arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
|
|
409605
|
+
"arn:aws:ec2:*:*:instance/*"
|
|
409606
|
+
]
|
|
409607
|
+
},
|
|
409608
|
+
{
|
|
409609
|
+
"Effect": "Allow",
|
|
409610
|
+
"Action": "fsx:DescribeFileSystems",
|
|
409611
|
+
"Resource": "*"
|
|
409612
|
+
},
|
|
409613
|
+
{
|
|
409614
|
+
"Effect": "Allow",
|
|
409615
|
+
"Action": "fsx:DescribeBackups",
|
|
409616
|
+
"Resource": "*"
|
|
409617
|
+
},
|
|
409618
|
+
{
|
|
409619
|
+
"Effect": "Allow",
|
|
409620
|
+
"Action": "fsx:DescribeVolumes",
|
|
409621
|
+
"Resource": "arn:aws:fsx:*:*:volume/*/*"
|
|
409622
|
+
},
|
|
409623
|
+
{
|
|
409624
|
+
"Effect": "Allow",
|
|
409625
|
+
"Action": "fsx:DescribeStorageVirtualMachines",
|
|
409626
|
+
"Resource": "arn:aws:fsx:*:*:storage-virtual-machine/*/*"
|
|
409627
|
+
},
|
|
409628
|
+
{
|
|
409629
|
+
"Effect": "Allow",
|
|
409630
|
+
"Action": "fsx:DeleteBackup",
|
|
409631
|
+
"Resource": "arn:aws:fsx:*:*:backup/*",
|
|
409632
|
+
"Condition": {
|
|
409633
|
+
"ForAnyValue:StringEquals": {
|
|
409634
|
+
"aws:CalledVia": [
|
|
409635
|
+
"backup.amazonaws.com"
|
|
409636
|
+
]
|
|
409637
|
+
}
|
|
409638
|
+
}
|
|
409639
|
+
},
|
|
409640
|
+
{
|
|
409641
|
+
"Effect": "Allow",
|
|
409642
|
+
"Action": "ds:DescribeDirectories",
|
|
409643
|
+
"Resource": "*"
|
|
409644
|
+
},
|
|
409645
|
+
{
|
|
409646
|
+
"Effect": "Allow",
|
|
409647
|
+
"Action": "iam:CreateServiceLinkedRole",
|
|
409648
|
+
"Resource": "*",
|
|
409649
|
+
"Condition": {
|
|
409650
|
+
"StringEquals": {
|
|
409651
|
+
"iam:AWSServiceName": "backup.amazonaws.com"
|
|
409652
|
+
}
|
|
409653
|
+
}
|
|
409654
|
+
},
|
|
409655
|
+
{
|
|
409656
|
+
"Effect": "Allow",
|
|
409657
|
+
"Action": [
|
|
409658
|
+
"backup-gateway:AssociateGatewayToServer",
|
|
409659
|
+
"backup-gateway:CreateGateway",
|
|
409660
|
+
"backup-gateway:DeleteGateway",
|
|
409661
|
+
"backup-gateway:DeleteHypervisor",
|
|
409662
|
+
"backup-gateway:DisassociateGatewayFromServer",
|
|
409663
|
+
"backup-gateway:ImportHypervisorConfiguration",
|
|
409664
|
+
"backup-gateway:ListGateways",
|
|
409665
|
+
"backup-gateway:ListHypervisors",
|
|
409666
|
+
"backup-gateway:ListTagsForResource",
|
|
409667
|
+
"backup-gateway:ListVirtualMachines",
|
|
409668
|
+
"backup-gateway:PutMaintenanceStartTime",
|
|
409669
|
+
"backup-gateway:TagResource",
|
|
409670
|
+
"backup-gateway:TestHypervisorConfiguration",
|
|
409671
|
+
"backup-gateway:UntagResource",
|
|
409672
|
+
"backup-gateway:UpdateGatewayInformation",
|
|
409673
|
+
"backup-gateway:UpdateHypervisor"
|
|
409674
|
+
],
|
|
409675
|
+
"Resource": "*"
|
|
409676
|
+
},
|
|
409677
|
+
{
|
|
409678
|
+
"Effect": "Allow",
|
|
409679
|
+
"Action": [
|
|
409680
|
+
"backup-gateway:GetHypervisor",
|
|
409681
|
+
"backup-gateway:GetHypervisorPropertyMappings",
|
|
409682
|
+
"backup-gateway:PutHypervisorPropertyMappings",
|
|
409683
|
+
"backup-gateway:StartVirtualMachinesMetadataSync"
|
|
409684
|
+
],
|
|
409685
|
+
"Resource": "arn:aws:backup-gateway:*:*:hypervisor/*"
|
|
409686
|
+
},
|
|
409687
|
+
{
|
|
409688
|
+
"Effect": "Allow",
|
|
409689
|
+
"Action": [
|
|
409690
|
+
"backup-gateway:GetVirtualMachine"
|
|
409691
|
+
],
|
|
409692
|
+
"Resource": "arn:aws:backup-gateway:*:*:vm/*"
|
|
409693
|
+
},
|
|
409694
|
+
{
|
|
409695
|
+
"Effect": "Allow",
|
|
409696
|
+
"Action": [
|
|
409697
|
+
"backup-gateway:GetBandwidthRateLimitSchedule",
|
|
409698
|
+
"backup-gateway:GetGateway",
|
|
409699
|
+
"backup-gateway:PutBandwidthRateLimitSchedule"
|
|
409700
|
+
],
|
|
409701
|
+
"Resource": "arn:aws:backup-gateway:*:*:gateway/*"
|
|
409702
|
+
},
|
|
409703
|
+
{
|
|
409704
|
+
"Effect": "Allow",
|
|
409705
|
+
"Action": "cloudwatch:GetMetricData",
|
|
409706
|
+
"Resource": "*"
|
|
409707
|
+
},
|
|
409708
|
+
{
|
|
409709
|
+
"Effect": "Allow",
|
|
409710
|
+
"Action": [
|
|
409711
|
+
"timestream:ListTables",
|
|
409712
|
+
"timestream:ListDatabases"
|
|
409713
|
+
],
|
|
409714
|
+
"Resource": [
|
|
409715
|
+
"arn:aws:timestream:*:*:database/*"
|
|
409716
|
+
]
|
|
409717
|
+
},
|
|
409718
|
+
{
|
|
409719
|
+
"Effect": "Allow",
|
|
409720
|
+
"Action": [
|
|
409721
|
+
"timestream:DescribeEndpoints"
|
|
409722
|
+
],
|
|
409723
|
+
"Resource": "*"
|
|
409724
|
+
},
|
|
409725
|
+
{
|
|
409726
|
+
"Effect": "Allow",
|
|
409727
|
+
"Action": [
|
|
409728
|
+
"s3:ListAllMyBuckets"
|
|
409729
|
+
],
|
|
409730
|
+
"Resource": "arn:aws:s3:::*"
|
|
409731
|
+
},
|
|
409732
|
+
{
|
|
409733
|
+
"Effect": "Allow",
|
|
409734
|
+
"Action": [
|
|
409735
|
+
"redshift:DescribeClusters",
|
|
409736
|
+
"redshift:DescribeClusterSubnetGroups",
|
|
409737
|
+
"redshift:DescribeClusterSnapshots",
|
|
409738
|
+
"redshift:DescribeSnapshotSchedules"
|
|
409739
|
+
],
|
|
409740
|
+
"Resource": [
|
|
409741
|
+
"arn:aws:redshift:*:*:cluster:*",
|
|
409742
|
+
"arn:aws:redshift:*:*:subnetgroup:*",
|
|
409743
|
+
"arn:aws:redshift:*:*:snapshot:*/*",
|
|
409744
|
+
"arn:aws:redshift:*:*:snapshotschedule:*"
|
|
409745
|
+
]
|
|
409746
|
+
},
|
|
409747
|
+
{
|
|
409748
|
+
"Effect": "Allow",
|
|
409749
|
+
"Action": [
|
|
409750
|
+
"redshift:DescribeNodeConfigurationOptions",
|
|
409751
|
+
"redshift:DescribeOrderableClusterOptions",
|
|
409752
|
+
"redshift:DescribeClusterParameterGroups",
|
|
409753
|
+
"redshift:DescribeClusterTracks"
|
|
409754
|
+
],
|
|
409755
|
+
"Resource": "*"
|
|
409756
|
+
},
|
|
409757
|
+
{
|
|
409758
|
+
"Effect": "Allow",
|
|
409759
|
+
"Action": [
|
|
409760
|
+
"ec2:DescribeAddresses"
|
|
409761
|
+
],
|
|
409762
|
+
"Resource": "*"
|
|
409763
|
+
},
|
|
409764
|
+
{
|
|
409765
|
+
"Effect": "Allow",
|
|
409766
|
+
"Action": [
|
|
409767
|
+
"cloudformation:ListStacks"
|
|
409768
|
+
],
|
|
409769
|
+
"Resource": [
|
|
409770
|
+
"arn:aws:cloudformation:*:*:stack/*"
|
|
409771
|
+
]
|
|
409772
|
+
},
|
|
409773
|
+
{
|
|
409774
|
+
"Effect": "Allow",
|
|
409775
|
+
"Action": [
|
|
409776
|
+
"ssm-sap:GetOperation",
|
|
409777
|
+
"ssm-sap:ListDatabases"
|
|
409778
|
+
],
|
|
409779
|
+
"Resource": "*"
|
|
409780
|
+
},
|
|
409781
|
+
{
|
|
409782
|
+
"Effect": "Allow",
|
|
409783
|
+
"Action": [
|
|
409784
|
+
"ssm-sap:GetDatabase",
|
|
409785
|
+
"ssm-sap:ListTagsForResource"
|
|
409786
|
+
],
|
|
409787
|
+
"Resource": "arn:aws:ssm-sap:*:*:*"
|
|
409788
|
+
},
|
|
409789
|
+
{
|
|
409790
|
+
"Effect": "Allow",
|
|
409791
|
+
"Action": [
|
|
409792
|
+
"ram:GetResourceShareAssociations"
|
|
409793
|
+
],
|
|
409794
|
+
"Resource": "*"
|
|
409795
|
+
}
|
|
409796
|
+
]
|
|
409797
|
+
}
|
|
409798
|
+
},
|
|
409799
|
+
"v17": {
|
|
409101
409800
|
"createdDate": "2019-11-18T22:21:52.000Z",
|
|
409102
409801
|
"document": {
|
|
409103
409802
|
"Version": "2012-10-17",
|
|
409104
409803
|
"Statement": [
|
|
409105
409804
|
{
|
|
409805
|
+
"Sid": "AwsBackupAllAccessPermissions",
|
|
409106
409806
|
"Effect": "Allow",
|
|
409107
409807
|
"Action": "backup:*",
|
|
409108
409808
|
"Resource": "*"
|
|
409109
409809
|
},
|
|
409110
409810
|
{
|
|
409811
|
+
"Sid": "AwsBackupStorageAllAccessPermissions",
|
|
409111
409812
|
"Effect": "Allow",
|
|
409112
409813
|
"Action": "backup-storage:*",
|
|
409113
409814
|
"Resource": "*"
|
|
409114
409815
|
},
|
|
409115
409816
|
{
|
|
409817
|
+
"Sid": "RdsPermissions",
|
|
409116
409818
|
"Effect": "Allow",
|
|
409117
409819
|
"Action": [
|
|
409118
409820
|
"rds:DescribeDBSnapshots",
|
|
@@ -409132,6 +409834,7 @@
|
|
|
409132
409834
|
"Resource": "*"
|
|
409133
409835
|
},
|
|
409134
409836
|
{
|
|
409837
|
+
"Sid": "RdsDeletePermissions",
|
|
409135
409838
|
"Effect": "Allow",
|
|
409136
409839
|
"Action": [
|
|
409137
409840
|
"rds:DeleteDBSnapshot",
|
|
@@ -409147,6 +409850,7 @@
|
|
|
409147
409850
|
}
|
|
409148
409851
|
},
|
|
409149
409852
|
{
|
|
409853
|
+
"Sid": "DynamoDbPermissions",
|
|
409150
409854
|
"Effect": "Allow",
|
|
409151
409855
|
"Action": [
|
|
409152
409856
|
"dynamodb:ListBackups",
|
|
@@ -409155,6 +409859,7 @@
|
|
|
409155
409859
|
"Resource": "*"
|
|
409156
409860
|
},
|
|
409157
409861
|
{
|
|
409862
|
+
"Sid": "DynamoDbDeleteBackupPermissions",
|
|
409158
409863
|
"Effect": "Allow",
|
|
409159
409864
|
"Action": [
|
|
409160
409865
|
"dynamodb:DeleteBackup"
|
|
@@ -409169,6 +409874,7 @@
|
|
|
409169
409874
|
}
|
|
409170
409875
|
},
|
|
409171
409876
|
{
|
|
409877
|
+
"Sid": "EfsFileSystemPermissions",
|
|
409172
409878
|
"Effect": "Allow",
|
|
409173
409879
|
"Action": [
|
|
409174
409880
|
"elasticfilesystem:DescribeFilesystems"
|
|
@@ -409176,6 +409882,7 @@
|
|
|
409176
409882
|
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
|
|
409177
409883
|
},
|
|
409178
409884
|
{
|
|
409885
|
+
"Sid": "Ec2Permissions",
|
|
409179
409886
|
"Effect": "Allow",
|
|
409180
409887
|
"Action": [
|
|
409181
409888
|
"ec2:DescribeSnapshots",
|
|
@@ -409189,11 +409896,13 @@
|
|
|
409189
409896
|
"ec2:DescribePlacementGroups",
|
|
409190
409897
|
"ec2:DescribeInstances",
|
|
409191
409898
|
"ec2:DescribeInstanceTypes",
|
|
409192
|
-
"ec2:DescribeVpcEndpoints"
|
|
409899
|
+
"ec2:DescribeVpcEndpoints",
|
|
409900
|
+
"ec2:DescribeAddresses"
|
|
409193
409901
|
],
|
|
409194
409902
|
"Resource": "*"
|
|
409195
409903
|
},
|
|
409196
409904
|
{
|
|
409905
|
+
"Sid": "Ec2DeletePermissions",
|
|
409197
409906
|
"Effect": "Allow",
|
|
409198
409907
|
"Action": [
|
|
409199
409908
|
"ec2:DeleteSnapshot",
|
|
@@ -409209,6 +409918,7 @@
|
|
|
409209
409918
|
}
|
|
409210
409919
|
},
|
|
409211
409920
|
{
|
|
409921
|
+
"Sid": "ResourceGroupTaggingPermissions",
|
|
409212
409922
|
"Effect": "Allow",
|
|
409213
409923
|
"Action": [
|
|
409214
409924
|
"tag:GetTagKeys",
|
|
@@ -409218,6 +409928,7 @@
|
|
|
409218
409928
|
"Resource": "*"
|
|
409219
409929
|
},
|
|
409220
409930
|
{
|
|
409931
|
+
"Sid": "StorageGatewayVolumePermissions",
|
|
409221
409932
|
"Effect": "Allow",
|
|
409222
409933
|
"Action": [
|
|
409223
409934
|
"storagegateway:DescribeCachediSCSIVolumes",
|
|
@@ -409226,6 +409937,7 @@
|
|
|
409226
409937
|
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
|
|
409227
409938
|
},
|
|
409228
409939
|
{
|
|
409940
|
+
"Sid": "StorageGatewayPermissions",
|
|
409229
409941
|
"Effect": "Allow",
|
|
409230
409942
|
"Action": [
|
|
409231
409943
|
"storagegateway:ListGateways"
|
|
@@ -409233,6 +409945,7 @@
|
|
|
409233
409945
|
"Resource": "arn:aws:storagegateway:*:*:*"
|
|
409234
409946
|
},
|
|
409235
409947
|
{
|
|
409948
|
+
"Sid": "StorageGatewayGatewayPermissions",
|
|
409236
409949
|
"Effect": "Allow",
|
|
409237
409950
|
"Action": [
|
|
409238
409951
|
"storagegateway:DescribeGatewayInformation",
|
|
@@ -409242,6 +409955,7 @@
|
|
|
409242
409955
|
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
|
|
409243
409956
|
},
|
|
409244
409957
|
{
|
|
409958
|
+
"Sid": "IamRolePermissions",
|
|
409245
409959
|
"Effect": "Allow",
|
|
409246
409960
|
"Action": [
|
|
409247
409961
|
"iam:ListRoles",
|
|
@@ -409250,6 +409964,7 @@
|
|
|
409250
409964
|
"Resource": "*"
|
|
409251
409965
|
},
|
|
409252
409966
|
{
|
|
409967
|
+
"Sid": "IamPassRolePermissions",
|
|
409253
409968
|
"Effect": "Allow",
|
|
409254
409969
|
"Action": "iam:PassRole",
|
|
409255
409970
|
"Resource": [
|
|
@@ -409257,17 +409972,22 @@
|
|
|
409257
409972
|
"arn:aws:iam::*:role/*AWSBackup*"
|
|
409258
409973
|
],
|
|
409259
409974
|
"Condition": {
|
|
409260
|
-
"
|
|
409261
|
-
"iam:PassedToService":
|
|
409975
|
+
"StringEquals": {
|
|
409976
|
+
"iam:PassedToService": [
|
|
409977
|
+
"backup.amazonaws.com",
|
|
409978
|
+
"restore-testing.backup.amazonaws.com"
|
|
409979
|
+
]
|
|
409262
409980
|
}
|
|
409263
409981
|
}
|
|
409264
409982
|
},
|
|
409265
409983
|
{
|
|
409984
|
+
"Sid": "AwsOrganizationsPermissions",
|
|
409266
409985
|
"Effect": "Allow",
|
|
409267
409986
|
"Action": "organizations:DescribeOrganization",
|
|
409268
409987
|
"Resource": "*"
|
|
409269
409988
|
},
|
|
409270
409989
|
{
|
|
409990
|
+
"Sid": "KmsPermissions",
|
|
409271
409991
|
"Effect": "Allow",
|
|
409272
409992
|
"Action": [
|
|
409273
409993
|
"kms:ListKeys",
|
|
@@ -409278,6 +409998,7 @@
|
|
|
409278
409998
|
"Resource": "*"
|
|
409279
409999
|
},
|
|
409280
410000
|
{
|
|
410001
|
+
"Sid": "KmsCreateGrantPermissions",
|
|
409281
410002
|
"Effect": "Allow",
|
|
409282
410003
|
"Action": [
|
|
409283
410004
|
"kms:CreateGrant"
|
|
@@ -409296,6 +410017,7 @@
|
|
|
409296
410017
|
}
|
|
409297
410018
|
},
|
|
409298
410019
|
{
|
|
410020
|
+
"Sid": "SystemManagerCommandPermissions",
|
|
409299
410021
|
"Effect": "Allow",
|
|
409300
410022
|
"Action": [
|
|
409301
410023
|
"ssm:CancelCommand",
|
|
@@ -409304,6 +410026,7 @@
|
|
|
409304
410026
|
"Resource": "*"
|
|
409305
410027
|
},
|
|
409306
410028
|
{
|
|
410029
|
+
"Sid": "SystemManagerSendCommandPermissions",
|
|
409307
410030
|
"Effect": "Allow",
|
|
409308
410031
|
"Action": "ssm:SendCommand",
|
|
409309
410032
|
"Resource": [
|
|
@@ -409312,26 +410035,18 @@
|
|
|
409312
410035
|
]
|
|
409313
410036
|
},
|
|
409314
410037
|
{
|
|
410038
|
+
"Sid": "FsxPermissions",
|
|
409315
410039
|
"Effect": "Allow",
|
|
409316
|
-
"Action":
|
|
409317
|
-
|
|
409318
|
-
|
|
409319
|
-
|
|
409320
|
-
|
|
409321
|
-
|
|
410040
|
+
"Action": [
|
|
410041
|
+
"fsx:DescribeFileSystems",
|
|
410042
|
+
"fsx:DescribeBackups",
|
|
410043
|
+
"fsx:DescribeVolumes",
|
|
410044
|
+
"fsx:DescribeStorageVirtualMachines"
|
|
410045
|
+
],
|
|
409322
410046
|
"Resource": "*"
|
|
409323
410047
|
},
|
|
409324
410048
|
{
|
|
409325
|
-
"
|
|
409326
|
-
"Action": "fsx:DescribeVolumes",
|
|
409327
|
-
"Resource": "arn:aws:fsx:*:*:volume/*/*"
|
|
409328
|
-
},
|
|
409329
|
-
{
|
|
409330
|
-
"Effect": "Allow",
|
|
409331
|
-
"Action": "fsx:DescribeStorageVirtualMachines",
|
|
409332
|
-
"Resource": "arn:aws:fsx:*:*:storage-virtual-machine/*/*"
|
|
409333
|
-
},
|
|
409334
|
-
{
|
|
410049
|
+
"Sid": "FsxDeletePermissions",
|
|
409335
410050
|
"Effect": "Allow",
|
|
409336
410051
|
"Action": "fsx:DeleteBackup",
|
|
409337
410052
|
"Resource": "arn:aws:fsx:*:*:backup/*",
|
|
@@ -409344,21 +410059,27 @@
|
|
|
409344
410059
|
}
|
|
409345
410060
|
},
|
|
409346
410061
|
{
|
|
410062
|
+
"Sid": "DirectoryServicePermissions",
|
|
409347
410063
|
"Effect": "Allow",
|
|
409348
410064
|
"Action": "ds:DescribeDirectories",
|
|
409349
410065
|
"Resource": "*"
|
|
409350
410066
|
},
|
|
409351
410067
|
{
|
|
410068
|
+
"Sid": "IamCreateServiceLinkedRolePermissions",
|
|
409352
410069
|
"Effect": "Allow",
|
|
409353
410070
|
"Action": "iam:CreateServiceLinkedRole",
|
|
409354
410071
|
"Resource": "*",
|
|
409355
410072
|
"Condition": {
|
|
409356
410073
|
"StringEquals": {
|
|
409357
|
-
"iam:AWSServiceName":
|
|
410074
|
+
"iam:AWSServiceName": [
|
|
410075
|
+
"backup.amazonaws.com",
|
|
410076
|
+
"restore-testing.backup.amazonaws.com"
|
|
410077
|
+
]
|
|
409358
410078
|
}
|
|
409359
410079
|
}
|
|
409360
410080
|
},
|
|
409361
410081
|
{
|
|
410082
|
+
"Sid": "BackupGatewayPermissions",
|
|
409362
410083
|
"Effect": "Allow",
|
|
409363
410084
|
"Action": [
|
|
409364
410085
|
"backup-gateway:AssociateGatewayToServer",
|
|
@@ -409381,6 +410102,7 @@
|
|
|
409381
410102
|
"Resource": "*"
|
|
409382
410103
|
},
|
|
409383
410104
|
{
|
|
410105
|
+
"Sid": "BackupGatewayHypervisorPermissions",
|
|
409384
410106
|
"Effect": "Allow",
|
|
409385
410107
|
"Action": [
|
|
409386
410108
|
"backup-gateway:GetHypervisor",
|
|
@@ -409391,6 +410113,7 @@
|
|
|
409391
410113
|
"Resource": "arn:aws:backup-gateway:*:*:hypervisor/*"
|
|
409392
410114
|
},
|
|
409393
410115
|
{
|
|
410116
|
+
"Sid": "BackupGatewayVirtualMachinePermissions",
|
|
409394
410117
|
"Effect": "Allow",
|
|
409395
410118
|
"Action": [
|
|
409396
410119
|
"backup-gateway:GetVirtualMachine"
|
|
@@ -409398,6 +410121,7 @@
|
|
|
409398
410121
|
"Resource": "arn:aws:backup-gateway:*:*:vm/*"
|
|
409399
410122
|
},
|
|
409400
410123
|
{
|
|
410124
|
+
"Sid": "BackupGatewayGatewayPermissions",
|
|
409401
410125
|
"Effect": "Allow",
|
|
409402
410126
|
"Action": [
|
|
409403
410127
|
"backup-gateway:GetBandwidthRateLimitSchedule",
|
|
@@ -409407,11 +410131,13 @@
|
|
|
409407
410131
|
"Resource": "arn:aws:backup-gateway:*:*:gateway/*"
|
|
409408
410132
|
},
|
|
409409
410133
|
{
|
|
410134
|
+
"Sid": "CloudWatchPermissions",
|
|
409410
410135
|
"Effect": "Allow",
|
|
409411
410136
|
"Action": "cloudwatch:GetMetricData",
|
|
409412
410137
|
"Resource": "*"
|
|
409413
410138
|
},
|
|
409414
410139
|
{
|
|
410140
|
+
"Sid": "TimestreamDatabasePermissions",
|
|
409415
410141
|
"Effect": "Allow",
|
|
409416
410142
|
"Action": [
|
|
409417
410143
|
"timestream:ListTables",
|
|
@@ -409422,6 +410148,7 @@
|
|
|
409422
410148
|
]
|
|
409423
410149
|
},
|
|
409424
410150
|
{
|
|
410151
|
+
"Sid": "TimestreamPermissions",
|
|
409425
410152
|
"Effect": "Allow",
|
|
409426
410153
|
"Action": [
|
|
409427
410154
|
"timestream:DescribeEndpoints"
|
|
@@ -409429,6 +410156,7 @@
|
|
|
409429
410156
|
"Resource": "*"
|
|
409430
410157
|
},
|
|
409431
410158
|
{
|
|
410159
|
+
"Sid": "S3BucketPermissions",
|
|
409432
410160
|
"Effect": "Allow",
|
|
409433
410161
|
"Action": [
|
|
409434
410162
|
"s3:ListAllMyBuckets"
|
|
@@ -409436,6 +410164,7 @@
|
|
|
409436
410164
|
"Resource": "arn:aws:s3:::*"
|
|
409437
410165
|
},
|
|
409438
410166
|
{
|
|
410167
|
+
"Sid": "RedshiftResourcesPermissions",
|
|
409439
410168
|
"Effect": "Allow",
|
|
409440
410169
|
"Action": [
|
|
409441
410170
|
"redshift:DescribeClusters",
|
|
@@ -409451,6 +410180,7 @@
|
|
|
409451
410180
|
]
|
|
409452
410181
|
},
|
|
409453
410182
|
{
|
|
410183
|
+
"Sid": "RedshiftPermissions",
|
|
409454
410184
|
"Effect": "Allow",
|
|
409455
410185
|
"Action": [
|
|
409456
410186
|
"redshift:DescribeNodeConfigurationOptions",
|
|
@@ -409461,13 +410191,7 @@
|
|
|
409461
410191
|
"Resource": "*"
|
|
409462
410192
|
},
|
|
409463
410193
|
{
|
|
409464
|
-
"
|
|
409465
|
-
"Action": [
|
|
409466
|
-
"ec2:DescribeAddresses"
|
|
409467
|
-
],
|
|
409468
|
-
"Resource": "*"
|
|
409469
|
-
},
|
|
409470
|
-
{
|
|
410194
|
+
"Sid": "CloudFormationStackPermissions",
|
|
409471
410195
|
"Effect": "Allow",
|
|
409472
410196
|
"Action": [
|
|
409473
410197
|
"cloudformation:ListStacks"
|
|
@@ -409477,22 +410201,18 @@
|
|
|
409477
410201
|
]
|
|
409478
410202
|
},
|
|
409479
410203
|
{
|
|
410204
|
+
"Sid": "SystemsManagerForSapPermissions",
|
|
409480
410205
|
"Effect": "Allow",
|
|
409481
410206
|
"Action": [
|
|
409482
410207
|
"ssm-sap:GetOperation",
|
|
409483
|
-
"ssm-sap:ListDatabases"
|
|
409484
|
-
],
|
|
409485
|
-
"Resource": "*"
|
|
409486
|
-
},
|
|
409487
|
-
{
|
|
409488
|
-
"Effect": "Allow",
|
|
409489
|
-
"Action": [
|
|
410208
|
+
"ssm-sap:ListDatabases",
|
|
409490
410209
|
"ssm-sap:GetDatabase",
|
|
409491
410210
|
"ssm-sap:ListTagsForResource"
|
|
409492
410211
|
],
|
|
409493
|
-
"Resource": "
|
|
410212
|
+
"Resource": "*"
|
|
409494
410213
|
},
|
|
409495
410214
|
{
|
|
410215
|
+
"Sid": "ResourceAccessManagerPermissions",
|
|
409496
410216
|
"Effect": "Allow",
|
|
409497
410217
|
"Action": [
|
|
409498
410218
|
"ram:GetResourceShareAssociations"
|
|
@@ -409502,7 +410222,7 @@
|
|
|
409502
410222
|
]
|
|
409503
410223
|
}
|
|
409504
410224
|
},
|
|
409505
|
-
"
|
|
410225
|
+
"v18": {
|
|
409506
410226
|
"createdDate": "2019-11-18T22:21:52.000Z",
|
|
409507
410227
|
"document": {
|
|
409508
410228
|
"Version": "2012-10-17",
|
|
@@ -409655,11 +410375,18 @@
|
|
|
409655
410375
|
"Effect": "Allow",
|
|
409656
410376
|
"Action": [
|
|
409657
410377
|
"storagegateway:DescribeGatewayInformation",
|
|
409658
|
-
"storagegateway:ListVolumes",
|
|
409659
410378
|
"storagegateway:ListLocalDisks"
|
|
409660
410379
|
],
|
|
409661
410380
|
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
|
|
409662
410381
|
},
|
|
410382
|
+
{
|
|
410383
|
+
"Sid": "StorageGatewayGatewayStarPermissions",
|
|
410384
|
+
"Effect": "Allow",
|
|
410385
|
+
"Action": [
|
|
410386
|
+
"storagegateway:ListVolumes"
|
|
410387
|
+
],
|
|
410388
|
+
"Resource": "*"
|
|
410389
|
+
},
|
|
409663
410390
|
{
|
|
409664
410391
|
"Sid": "IamRolePermissions",
|
|
409665
410392
|
"Effect": "Allow",
|
|
@@ -409928,7 +410655,7 @@
|
|
|
409928
410655
|
]
|
|
409929
410656
|
}
|
|
409930
410657
|
},
|
|
409931
|
-
"
|
|
410658
|
+
"v19": {
|
|
409932
410659
|
"createdDate": "2019-11-18T22:21:52.000Z",
|
|
409933
410660
|
"document": {
|
|
409934
410661
|
"Version": "2012-10-17",
|
|
@@ -410329,6 +411056,52 @@
|
|
|
410329
411056
|
],
|
|
410330
411057
|
"Resource": "*"
|
|
410331
411058
|
},
|
|
411059
|
+
{
|
|
411060
|
+
"Sid": "RedshiftServerlessListPermissions",
|
|
411061
|
+
"Effect": "Allow",
|
|
411062
|
+
"Action": [
|
|
411063
|
+
"redshift-serverless:ListNamespaces",
|
|
411064
|
+
"redshift-serverless:ListSnapshots",
|
|
411065
|
+
"redshift-serverless:ListWorkgroups"
|
|
411066
|
+
],
|
|
411067
|
+
"Resource": [
|
|
411068
|
+
"*"
|
|
411069
|
+
]
|
|
411070
|
+
},
|
|
411071
|
+
{
|
|
411072
|
+
"Sid": "RedshiftServerlessGetPermissions",
|
|
411073
|
+
"Effect": "Allow",
|
|
411074
|
+
"Action": [
|
|
411075
|
+
"redshift-serverless:GetNamespace",
|
|
411076
|
+
"redshift-serverless:GetSnapshot",
|
|
411077
|
+
"redshift-serverless:GetWorkgroup"
|
|
411078
|
+
],
|
|
411079
|
+
"Resource": [
|
|
411080
|
+
"arn:aws:redshift-serverless:*:*:namespace/*",
|
|
411081
|
+
"arn:aws:redshift-serverless:*:*:workgroup/*",
|
|
411082
|
+
"arn:aws:redshift-serverless:*:*:snapshot/*"
|
|
411083
|
+
]
|
|
411084
|
+
},
|
|
411085
|
+
{
|
|
411086
|
+
"Sid": "RedshiftServerlessDeletetPermissions",
|
|
411087
|
+
"Effect": "Allow",
|
|
411088
|
+
"Action": [
|
|
411089
|
+
"redshift-serverless:DeleteSnapshot"
|
|
411090
|
+
],
|
|
411091
|
+
"Resource": [
|
|
411092
|
+
"arn:aws:redshift-serverless:*:*:snapshot/*"
|
|
411093
|
+
],
|
|
411094
|
+
"Condition": {
|
|
411095
|
+
"Null": {
|
|
411096
|
+
"aws:ResourceTag/aws:backup:source-resource": "false"
|
|
411097
|
+
},
|
|
411098
|
+
"ForAnyValue:StringEquals": {
|
|
411099
|
+
"aws:CalledVia": [
|
|
411100
|
+
"backup.amazonaws.com"
|
|
411101
|
+
]
|
|
411102
|
+
}
|
|
411103
|
+
}
|
|
411104
|
+
},
|
|
410332
411105
|
{
|
|
410333
411106
|
"Sid": "CloudFormationStackPermissions",
|
|
410334
411107
|
"Effect": "Allow",
|
|
@@ -410361,7 +411134,7 @@
|
|
|
410361
411134
|
]
|
|
410362
411135
|
}
|
|
410363
411136
|
},
|
|
410364
|
-
"
|
|
411137
|
+
"v20": {
|
|
410365
411138
|
"createdDate": "2019-11-18T22:21:52.000Z",
|
|
410366
411139
|
"document": {
|
|
410367
411140
|
"Version": "2012-10-17",
|
|
@@ -410836,11 +411609,21 @@
|
|
|
410836
411609
|
"ram:GetResourceShareAssociations"
|
|
410837
411610
|
],
|
|
410838
411611
|
"Resource": "*"
|
|
411612
|
+
},
|
|
411613
|
+
{
|
|
411614
|
+
"Sid": "DSQLDescribePermissions",
|
|
411615
|
+
"Effect": "Allow",
|
|
411616
|
+
"Action": [
|
|
411617
|
+
"dsql:GetCluster",
|
|
411618
|
+
"dsql:ListClusters",
|
|
411619
|
+
"dsql:ListTagsForResource"
|
|
411620
|
+
],
|
|
411621
|
+
"Resource": "*"
|
|
410839
411622
|
}
|
|
410840
411623
|
]
|
|
410841
411624
|
}
|
|
410842
411625
|
},
|
|
410843
|
-
"
|
|
411626
|
+
"v21": {
|
|
410844
411627
|
"createdDate": "2019-11-18T22:21:52.000Z",
|
|
410845
411628
|
"document": {
|
|
410846
411629
|
"Version": "2012-10-17",
|
|
@@ -411325,11 +412108,21 @@
|
|
|
411325
412108
|
"dsql:ListTagsForResource"
|
|
411326
412109
|
],
|
|
411327
412110
|
"Resource": "*"
|
|
412111
|
+
},
|
|
412112
|
+
{
|
|
412113
|
+
"Sid": "EKSClusterPermissions",
|
|
412114
|
+
"Effect": "Allow",
|
|
412115
|
+
"Action": [
|
|
412116
|
+
"eks:ListClusters",
|
|
412117
|
+
"eks:ListTagsForResource",
|
|
412118
|
+
"eks:DescribeCluster"
|
|
412119
|
+
],
|
|
412120
|
+
"Resource": "arn:aws:eks:*:*:cluster/*"
|
|
411328
412121
|
}
|
|
411329
412122
|
]
|
|
411330
412123
|
}
|
|
411331
412124
|
},
|
|
411332
|
-
"
|
|
412125
|
+
"v22": {
|
|
411333
412126
|
"createdDate": "2019-11-18T22:21:52.000Z",
|
|
411334
412127
|
"document": {
|
|
411335
412128
|
"Version": "2012-10-17",
|
|
@@ -411824,18 +412617,32 @@
|
|
|
411824
412617
|
"eks:DescribeCluster"
|
|
411825
412618
|
],
|
|
411826
412619
|
"Resource": "arn:aws:eks:*:*:cluster/*"
|
|
412620
|
+
},
|
|
412621
|
+
{
|
|
412622
|
+
"Sid": "IamPassRolePermissionsForGuardDuty",
|
|
412623
|
+
"Effect": "Allow",
|
|
412624
|
+
"Action": "iam:PassRole",
|
|
412625
|
+
"Resource": [
|
|
412626
|
+
"arn:aws:iam::*:role/*AwsBackupGuardDuty*",
|
|
412627
|
+
"arn:aws:iam::*:role/*AWSBackupGuardDuty*"
|
|
412628
|
+
],
|
|
412629
|
+
"Condition": {
|
|
412630
|
+
"StringEquals": {
|
|
412631
|
+
"iam:PassedToService": "malware-protection.guardduty.amazonaws.com"
|
|
412632
|
+
}
|
|
412633
|
+
}
|
|
411827
412634
|
}
|
|
411828
412635
|
]
|
|
411829
412636
|
}
|
|
411830
412637
|
}
|
|
411831
412638
|
},
|
|
411832
412639
|
"createdDate": "2019-11-18T22:21:52.000Z",
|
|
411833
|
-
"lastUpdatedDate": "2025-11-
|
|
412640
|
+
"lastUpdatedDate": "2025-11-20T03:34:07.000Z"
|
|
411834
412641
|
},
|
|
411835
412642
|
"AWSBackupOperatorAccess": {
|
|
411836
412643
|
"arn": "arn:aws:iam::aws:policy/AWSBackupOperatorAccess",
|
|
411837
|
-
"latestVersionId": "
|
|
411838
|
-
"versionsCount":
|
|
412644
|
+
"latestVersionId": "v20",
|
|
412645
|
+
"versionsCount": 20,
|
|
411839
412646
|
"versions": {
|
|
411840
412647
|
"v1": {
|
|
411841
412648
|
"createdDate": "2019-11-18T22:23:17.000Z",
|
|
@@ -411889,7 +412696,134 @@
|
|
|
411889
412696
|
"Action": [
|
|
411890
412697
|
"ec2:DescribeSnapshots",
|
|
411891
412698
|
"ec2:DescribeVolumes",
|
|
411892
|
-
"ec2:describeAvailabilityZones"
|
|
412699
|
+
"ec2:describeAvailabilityZones"
|
|
412700
|
+
],
|
|
412701
|
+
"Effect": "Allow",
|
|
412702
|
+
"Resource": "*"
|
|
412703
|
+
},
|
|
412704
|
+
{
|
|
412705
|
+
"Action": [
|
|
412706
|
+
"tag:GetTagKeys",
|
|
412707
|
+
"tag:GetTagValues",
|
|
412708
|
+
"tag:GetResources"
|
|
412709
|
+
],
|
|
412710
|
+
"Effect": "Allow",
|
|
412711
|
+
"Resource": "*"
|
|
412712
|
+
},
|
|
412713
|
+
{
|
|
412714
|
+
"Effect": "Allow",
|
|
412715
|
+
"Action": [
|
|
412716
|
+
"storagegateway:DescribeCachediSCSIVolumes",
|
|
412717
|
+
"storagegateway:DescribeStorediSCSIVolumes"
|
|
412718
|
+
],
|
|
412719
|
+
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
|
|
412720
|
+
},
|
|
412721
|
+
{
|
|
412722
|
+
"Effect": "Allow",
|
|
412723
|
+
"Action": [
|
|
412724
|
+
"storagegateway:ListGateways"
|
|
412725
|
+
],
|
|
412726
|
+
"Resource": "arn:aws:storagegateway:*:*:*"
|
|
412727
|
+
},
|
|
412728
|
+
{
|
|
412729
|
+
"Effect": "Allow",
|
|
412730
|
+
"Action": [
|
|
412731
|
+
"storagegateway:DescribeGatewayInformation",
|
|
412732
|
+
"storagegateway:ListVolumes",
|
|
412733
|
+
"storagegateway:ListLocalDisks"
|
|
412734
|
+
],
|
|
412735
|
+
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
|
|
412736
|
+
},
|
|
412737
|
+
{
|
|
412738
|
+
"Action": [
|
|
412739
|
+
"iam:ListRoles",
|
|
412740
|
+
"iam:GetRole"
|
|
412741
|
+
],
|
|
412742
|
+
"Effect": "Allow",
|
|
412743
|
+
"Resource": "*"
|
|
412744
|
+
},
|
|
412745
|
+
{
|
|
412746
|
+
"Effect": "Allow",
|
|
412747
|
+
"Action": "iam:PassRole",
|
|
412748
|
+
"Resource": [
|
|
412749
|
+
"arn:aws:iam::*:role/*AwsBackup*",
|
|
412750
|
+
"arn:aws:iam::*:role/*AWSBackup*"
|
|
412751
|
+
],
|
|
412752
|
+
"Condition": {
|
|
412753
|
+
"StringLike": {
|
|
412754
|
+
"iam:PassedToService": "backup.amazonaws.com"
|
|
412755
|
+
}
|
|
412756
|
+
}
|
|
412757
|
+
}
|
|
412758
|
+
]
|
|
412759
|
+
}
|
|
412760
|
+
},
|
|
412761
|
+
"v3": {
|
|
412762
|
+
"createdDate": "2020-05-29T21:52:16.000Z",
|
|
412763
|
+
"document": {
|
|
412764
|
+
"Version": "2012-10-17",
|
|
412765
|
+
"Statement": [
|
|
412766
|
+
{
|
|
412767
|
+
"Effect": "Allow",
|
|
412768
|
+
"Action": [
|
|
412769
|
+
"backup:Get*",
|
|
412770
|
+
"backup:List*",
|
|
412771
|
+
"backup:Describe*",
|
|
412772
|
+
"backup:CreateBackupSelection",
|
|
412773
|
+
"backup:DeleteBackupSelection",
|
|
412774
|
+
"backup:GetRecoveryPointRestoreMetadata",
|
|
412775
|
+
"backup:StartBackupJob",
|
|
412776
|
+
"backup:StartRestoreJob",
|
|
412777
|
+
"backup:StartCopyJob"
|
|
412778
|
+
],
|
|
412779
|
+
"Resource": "*"
|
|
412780
|
+
},
|
|
412781
|
+
{
|
|
412782
|
+
"Action": [
|
|
412783
|
+
"rds:DescribeDBSnapshots",
|
|
412784
|
+
"rds:ListTagsForResource",
|
|
412785
|
+
"rds:DescribeDBInstances",
|
|
412786
|
+
"rds:describeDBSnapshots",
|
|
412787
|
+
"rds:describeDBEngineVersions",
|
|
412788
|
+
"rds:describeOptionGroups",
|
|
412789
|
+
"rds:describeOrderableDBInstanceOptions",
|
|
412790
|
+
"rds:describeDBSubnetGroups",
|
|
412791
|
+
"rds:DescribeDBClusterSnapshots",
|
|
412792
|
+
"rds:DescribeDBClusters",
|
|
412793
|
+
"rds:DescribeDBParameterGroups",
|
|
412794
|
+
"rds:DescribeDBClusterParameterGroups"
|
|
412795
|
+
],
|
|
412796
|
+
"Effect": "Allow",
|
|
412797
|
+
"Resource": "*"
|
|
412798
|
+
},
|
|
412799
|
+
{
|
|
412800
|
+
"Action": [
|
|
412801
|
+
"dynamodb:ListBackups",
|
|
412802
|
+
"dynamodb:ListTables"
|
|
412803
|
+
],
|
|
412804
|
+
"Effect": "Allow",
|
|
412805
|
+
"Resource": "*"
|
|
412806
|
+
},
|
|
412807
|
+
{
|
|
412808
|
+
"Action": [
|
|
412809
|
+
"elasticfilesystem:DescribeFilesystems"
|
|
412810
|
+
],
|
|
412811
|
+
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*",
|
|
412812
|
+
"Effect": "Allow"
|
|
412813
|
+
},
|
|
412814
|
+
{
|
|
412815
|
+
"Action": [
|
|
412816
|
+
"ec2:DescribeSnapshots",
|
|
412817
|
+
"ec2:DescribeVolumes",
|
|
412818
|
+
"ec2:describeAvailabilityZones",
|
|
412819
|
+
"ec2:DescribeVpcs",
|
|
412820
|
+
"ec2:DescribeAccountAttributes",
|
|
412821
|
+
"ec2:DescribeSecurityGroups",
|
|
412822
|
+
"ec2:DescribeImages",
|
|
412823
|
+
"ec2:DescribeSubnets",
|
|
412824
|
+
"ec2:DescribePlacementGroups",
|
|
412825
|
+
"ec2:DescribeInstances",
|
|
412826
|
+
"ec2:DescribeInstanceTypes"
|
|
411893
412827
|
],
|
|
411894
412828
|
"Effect": "Allow",
|
|
411895
412829
|
"Resource": "*"
|
|
@@ -411951,8 +412885,8 @@
|
|
|
411951
412885
|
]
|
|
411952
412886
|
}
|
|
411953
412887
|
},
|
|
411954
|
-
"
|
|
411955
|
-
"createdDate": "2020-
|
|
412888
|
+
"v2": {
|
|
412889
|
+
"createdDate": "2020-01-13T16:15:02.000Z",
|
|
411956
412890
|
"document": {
|
|
411957
412891
|
"Version": "2012-10-17",
|
|
411958
412892
|
"Statement": [
|
|
@@ -411980,11 +412914,7 @@
|
|
|
411980
412914
|
"rds:describeDBEngineVersions",
|
|
411981
412915
|
"rds:describeOptionGroups",
|
|
411982
412916
|
"rds:describeOrderableDBInstanceOptions",
|
|
411983
|
-
"rds:describeDBSubnetGroups"
|
|
411984
|
-
"rds:DescribeDBClusterSnapshots",
|
|
411985
|
-
"rds:DescribeDBClusters",
|
|
411986
|
-
"rds:DescribeDBParameterGroups",
|
|
411987
|
-
"rds:DescribeDBClusterParameterGroups"
|
|
412917
|
+
"rds:describeDBSubnetGroups"
|
|
411988
412918
|
],
|
|
411989
412919
|
"Effect": "Allow",
|
|
411990
412920
|
"Resource": "*"
|
|
@@ -412078,8 +413008,8 @@
|
|
|
412078
413008
|
]
|
|
412079
413009
|
}
|
|
412080
413010
|
},
|
|
412081
|
-
"
|
|
412082
|
-
"createdDate": "2020-
|
|
413011
|
+
"v4": {
|
|
413012
|
+
"createdDate": "2020-06-24T16:24:21.000Z",
|
|
412083
413013
|
"document": {
|
|
412084
413014
|
"Version": "2012-10-17",
|
|
412085
413015
|
"Statement": [
|
|
@@ -412107,7 +413037,11 @@
|
|
|
412107
413037
|
"rds:describeDBEngineVersions",
|
|
412108
413038
|
"rds:describeOptionGroups",
|
|
412109
413039
|
"rds:describeOrderableDBInstanceOptions",
|
|
412110
|
-
"rds:describeDBSubnetGroups"
|
|
413040
|
+
"rds:describeDBSubnetGroups",
|
|
413041
|
+
"rds:DescribeDBClusterSnapshots",
|
|
413042
|
+
"rds:DescribeDBClusters",
|
|
413043
|
+
"rds:DescribeDBParameterGroups",
|
|
413044
|
+
"rds:DescribeDBClusterParameterGroups"
|
|
412111
413045
|
],
|
|
412112
413046
|
"Effect": "Allow",
|
|
412113
413047
|
"Resource": "*"
|
|
@@ -412197,12 +413131,17 @@
|
|
|
412197
413131
|
"iam:PassedToService": "backup.amazonaws.com"
|
|
412198
413132
|
}
|
|
412199
413133
|
}
|
|
413134
|
+
},
|
|
413135
|
+
{
|
|
413136
|
+
"Effect": "Allow",
|
|
413137
|
+
"Action": "organizations:DescribeOrganization",
|
|
413138
|
+
"Resource": "*"
|
|
412200
413139
|
}
|
|
412201
413140
|
]
|
|
412202
413141
|
}
|
|
412203
413142
|
},
|
|
412204
|
-
"
|
|
412205
|
-
"createdDate": "2020-
|
|
413143
|
+
"v5": {
|
|
413144
|
+
"createdDate": "2020-09-14T22:35:03.000Z",
|
|
412206
413145
|
"document": {
|
|
412207
413146
|
"Version": "2012-10-17",
|
|
412208
413147
|
"Statement": [
|
|
@@ -412329,12 +413268,28 @@
|
|
|
412329
413268
|
"Effect": "Allow",
|
|
412330
413269
|
"Action": "organizations:DescribeOrganization",
|
|
412331
413270
|
"Resource": "*"
|
|
413271
|
+
},
|
|
413272
|
+
{
|
|
413273
|
+
"Effect": "Allow",
|
|
413274
|
+
"Action": [
|
|
413275
|
+
"ssm:CancelCommand",
|
|
413276
|
+
"ssm:GetCommandInvocation"
|
|
413277
|
+
],
|
|
413278
|
+
"Resource": "*"
|
|
413279
|
+
},
|
|
413280
|
+
{
|
|
413281
|
+
"Effect": "Allow",
|
|
413282
|
+
"Action": "ssm:SendCommand",
|
|
413283
|
+
"Resource": [
|
|
413284
|
+
"arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
|
|
413285
|
+
"arn:aws:ec2:*:*:instance/*"
|
|
413286
|
+
]
|
|
412332
413287
|
}
|
|
412333
413288
|
]
|
|
412334
413289
|
}
|
|
412335
413290
|
},
|
|
412336
|
-
"
|
|
412337
|
-
"createdDate": "2020-
|
|
413291
|
+
"v6": {
|
|
413292
|
+
"createdDate": "2020-11-09T16:43:44.000Z",
|
|
412338
413293
|
"document": {
|
|
412339
413294
|
"Version": "2012-10-17",
|
|
412340
413295
|
"Statement": [
|
|
@@ -412477,12 +413432,27 @@
|
|
|
412477
413432
|
"arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
|
|
412478
413433
|
"arn:aws:ec2:*:*:instance/*"
|
|
412479
413434
|
]
|
|
413435
|
+
},
|
|
413436
|
+
{
|
|
413437
|
+
"Action": "fsx:DescribeBackups",
|
|
413438
|
+
"Effect": "Allow",
|
|
413439
|
+
"Resource": "arn:aws:fsx:*:*:backup/*"
|
|
413440
|
+
},
|
|
413441
|
+
{
|
|
413442
|
+
"Action": "fsx:DescribeFileSystems",
|
|
413443
|
+
"Effect": "Allow",
|
|
413444
|
+
"Resource": "arn:aws:fsx:*:*:file-system/*"
|
|
413445
|
+
},
|
|
413446
|
+
{
|
|
413447
|
+
"Action": "ds:DescribeDirectories",
|
|
413448
|
+
"Effect": "Allow",
|
|
413449
|
+
"Resource": "*"
|
|
412480
413450
|
}
|
|
412481
413451
|
]
|
|
412482
413452
|
}
|
|
412483
413453
|
},
|
|
412484
|
-
"
|
|
412485
|
-
"createdDate": "
|
|
413454
|
+
"v7": {
|
|
413455
|
+
"createdDate": "2021-03-10T18:31:50.000Z",
|
|
412486
413456
|
"document": {
|
|
412487
413457
|
"Version": "2012-10-17",
|
|
412488
413458
|
"Statement": [
|
|
@@ -412514,7 +413484,8 @@
|
|
|
412514
413484
|
"rds:DescribeDBClusterSnapshots",
|
|
412515
413485
|
"rds:DescribeDBClusters",
|
|
412516
413486
|
"rds:DescribeDBParameterGroups",
|
|
412517
|
-
"rds:DescribeDBClusterParameterGroups"
|
|
413487
|
+
"rds:DescribeDBClusterParameterGroups",
|
|
413488
|
+
"rds:DescribeDBInstanceAutomatedBackups"
|
|
412518
413489
|
],
|
|
412519
413490
|
"Effect": "Allow",
|
|
412520
413491
|
"Resource": "*"
|
|
@@ -412644,8 +413615,8 @@
|
|
|
412644
413615
|
]
|
|
412645
413616
|
}
|
|
412646
413617
|
},
|
|
412647
|
-
"
|
|
412648
|
-
"createdDate": "2021-
|
|
413618
|
+
"v8": {
|
|
413619
|
+
"createdDate": "2021-11-23T22:00:28.000Z",
|
|
412649
413620
|
"document": {
|
|
412650
413621
|
"Version": "2012-10-17",
|
|
412651
413622
|
"Statement": [
|
|
@@ -412657,7 +413628,6 @@
|
|
|
412657
413628
|
"backup:Describe*",
|
|
412658
413629
|
"backup:CreateBackupSelection",
|
|
412659
413630
|
"backup:DeleteBackupSelection",
|
|
412660
|
-
"backup:GetRecoveryPointRestoreMetadata",
|
|
412661
413631
|
"backup:StartBackupJob",
|
|
412662
413632
|
"backup:StartRestoreJob",
|
|
412663
413633
|
"backup:StartCopyJob"
|
|
@@ -412669,7 +413639,6 @@
|
|
|
412669
413639
|
"rds:DescribeDBSnapshots",
|
|
412670
413640
|
"rds:ListTagsForResource",
|
|
412671
413641
|
"rds:DescribeDBInstances",
|
|
412672
|
-
"rds:describeDBSnapshots",
|
|
412673
413642
|
"rds:describeDBEngineVersions",
|
|
412674
413643
|
"rds:describeOptionGroups",
|
|
412675
413644
|
"rds:describeOrderableDBInstanceOptions",
|
|
@@ -412804,12 +413773,22 @@
|
|
|
412804
413773
|
"Action": "ds:DescribeDirectories",
|
|
412805
413774
|
"Effect": "Allow",
|
|
412806
413775
|
"Resource": "*"
|
|
413776
|
+
},
|
|
413777
|
+
{
|
|
413778
|
+
"Effect": "Allow",
|
|
413779
|
+
"Action": [
|
|
413780
|
+
"backup-gateway:ListGateways",
|
|
413781
|
+
"backup-gateway:ListHypervisors",
|
|
413782
|
+
"backup-gateway:ListTagsForResource",
|
|
413783
|
+
"backup-gateway:ListVirtualMachines"
|
|
413784
|
+
],
|
|
413785
|
+
"Resource": "*"
|
|
412807
413786
|
}
|
|
412808
413787
|
]
|
|
412809
413788
|
}
|
|
412810
413789
|
},
|
|
412811
|
-
"
|
|
412812
|
-
"createdDate": "
|
|
413790
|
+
"v9": {
|
|
413791
|
+
"createdDate": "2022-05-13T17:57:32.000Z",
|
|
412813
413792
|
"document": {
|
|
412814
413793
|
"Version": "2012-10-17",
|
|
412815
413794
|
"Statement": [
|
|
@@ -412962,6 +413941,16 @@
|
|
|
412962
413941
|
"Effect": "Allow",
|
|
412963
413942
|
"Resource": "arn:aws:fsx:*:*:file-system/*"
|
|
412964
413943
|
},
|
|
413944
|
+
{
|
|
413945
|
+
"Effect": "Allow",
|
|
413946
|
+
"Action": "fsx:DescribeVolumes",
|
|
413947
|
+
"Resource": "arn:aws:fsx:*:*:volume/*/*"
|
|
413948
|
+
},
|
|
413949
|
+
{
|
|
413950
|
+
"Effect": "Allow",
|
|
413951
|
+
"Action": "fsx:DescribeStorageVirtualMachines",
|
|
413952
|
+
"Resource": "arn:aws:fsx:*:*:storage-virtual-machine/*/*"
|
|
413953
|
+
},
|
|
412965
413954
|
{
|
|
412966
413955
|
"Action": "ds:DescribeDirectories",
|
|
412967
413956
|
"Effect": "Allow",
|
|
@@ -412980,8 +413969,8 @@
|
|
|
412980
413969
|
]
|
|
412981
413970
|
}
|
|
412982
413971
|
},
|
|
412983
|
-
"
|
|
412984
|
-
"createdDate": "2022-
|
|
413972
|
+
"v10": {
|
|
413973
|
+
"createdDate": "2022-06-01T17:35:31.000Z",
|
|
412985
413974
|
"document": {
|
|
412986
413975
|
"Version": "2012-10-17",
|
|
412987
413976
|
"Statement": [
|
|
@@ -413044,7 +414033,8 @@
|
|
|
413044
414033
|
"ec2:DescribeSubnets",
|
|
413045
414034
|
"ec2:DescribePlacementGroups",
|
|
413046
414035
|
"ec2:DescribeInstances",
|
|
413047
|
-
"ec2:DescribeInstanceTypes"
|
|
414036
|
+
"ec2:DescribeInstanceTypes",
|
|
414037
|
+
"ec2:DescribeVpcEndpoints"
|
|
413048
414038
|
],
|
|
413049
414039
|
"Effect": "Allow",
|
|
413050
414040
|
"Resource": "*"
|
|
@@ -413158,12 +414148,17 @@
|
|
|
413158
414148
|
"backup-gateway:ListVirtualMachines"
|
|
413159
414149
|
],
|
|
413160
414150
|
"Resource": "*"
|
|
414151
|
+
},
|
|
414152
|
+
{
|
|
414153
|
+
"Effect": "Allow",
|
|
414154
|
+
"Action": "backup-gateway:GetGateway",
|
|
414155
|
+
"Resource": "arn:aws:backup-gateway:*:*:gateway/*"
|
|
413161
414156
|
}
|
|
413162
414157
|
]
|
|
413163
414158
|
}
|
|
413164
414159
|
},
|
|
413165
|
-
"
|
|
413166
|
-
"createdDate": "2022-
|
|
414160
|
+
"v11": {
|
|
414161
|
+
"createdDate": "2022-08-24T22:03:30.000Z",
|
|
413167
414162
|
"document": {
|
|
413168
414163
|
"Version": "2012-10-17",
|
|
413169
414164
|
"Statement": [
|
|
@@ -413346,12 +414341,17 @@
|
|
|
413346
414341
|
"Effect": "Allow",
|
|
413347
414342
|
"Action": "backup-gateway:GetGateway",
|
|
413348
414343
|
"Resource": "arn:aws:backup-gateway:*:*:gateway/*"
|
|
414344
|
+
},
|
|
414345
|
+
{
|
|
414346
|
+
"Effect": "Allow",
|
|
414347
|
+
"Action": "cloudwatch:GetMetricData",
|
|
414348
|
+
"Resource": "*"
|
|
413349
414349
|
}
|
|
413350
414350
|
]
|
|
413351
414351
|
}
|
|
413352
414352
|
},
|
|
413353
|
-
"
|
|
413354
|
-
"createdDate": "2022-
|
|
414353
|
+
"v12": {
|
|
414354
|
+
"createdDate": "2022-11-10T22:52:47.000Z",
|
|
413355
414355
|
"document": {
|
|
413356
414356
|
"Version": "2012-10-17",
|
|
413357
414357
|
"Statement": [
|
|
@@ -413415,7 +414415,8 @@
|
|
|
413415
414415
|
"ec2:DescribePlacementGroups",
|
|
413416
414416
|
"ec2:DescribeInstances",
|
|
413417
414417
|
"ec2:DescribeInstanceTypes",
|
|
413418
|
-
"ec2:DescribeVpcEndpoints"
|
|
414418
|
+
"ec2:DescribeVpcEndpoints",
|
|
414419
|
+
"ec2:DescribeAddresses"
|
|
413419
414420
|
],
|
|
413420
414421
|
"Effect": "Allow",
|
|
413421
414422
|
"Resource": "*"
|
|
@@ -413539,12 +414540,87 @@
|
|
|
413539
414540
|
"Effect": "Allow",
|
|
413540
414541
|
"Action": "cloudwatch:GetMetricData",
|
|
413541
414542
|
"Resource": "*"
|
|
414543
|
+
},
|
|
414544
|
+
{
|
|
414545
|
+
"Effect": "Allow",
|
|
414546
|
+
"Action": [
|
|
414547
|
+
"timestream:ListDatabases",
|
|
414548
|
+
"timestream:ListTables"
|
|
414549
|
+
],
|
|
414550
|
+
"Resource": [
|
|
414551
|
+
"arn:aws:timestream:*:*:database/*/table/*",
|
|
414552
|
+
"arn:aws:timestream:*:*:database/*"
|
|
414553
|
+
]
|
|
414554
|
+
},
|
|
414555
|
+
{
|
|
414556
|
+
"Effect": "Allow",
|
|
414557
|
+
"Action": [
|
|
414558
|
+
"timestream:DescribeEndpoints"
|
|
414559
|
+
],
|
|
414560
|
+
"Resource": "*"
|
|
414561
|
+
},
|
|
414562
|
+
{
|
|
414563
|
+
"Effect": "Allow",
|
|
414564
|
+
"Action": [
|
|
414565
|
+
"s3:ListAllMyBuckets"
|
|
414566
|
+
],
|
|
414567
|
+
"Resource": "arn:aws:s3:::*"
|
|
414568
|
+
},
|
|
414569
|
+
{
|
|
414570
|
+
"Effect": "Allow",
|
|
414571
|
+
"Action": [
|
|
414572
|
+
"redshift:DescribeClusters",
|
|
414573
|
+
"redshift:DescribeClusterSubnetGroups",
|
|
414574
|
+
"redshift:DescribeClusterSnapshots",
|
|
414575
|
+
"redshift:DescribeSnapshotSchedules"
|
|
414576
|
+
],
|
|
414577
|
+
"Resource": [
|
|
414578
|
+
"arn:aws:redshift:*:*:cluster:*",
|
|
414579
|
+
"arn:aws:redshift:*:*:subnetgroup:*",
|
|
414580
|
+
"arn:aws:redshift:*:*:snapshot:*/*",
|
|
414581
|
+
"arn:aws:redshift:*:*:snapshotschedule:*"
|
|
414582
|
+
]
|
|
414583
|
+
},
|
|
414584
|
+
{
|
|
414585
|
+
"Effect": "Allow",
|
|
414586
|
+
"Action": [
|
|
414587
|
+
"redshift:DescribeNodeConfigurationOptions",
|
|
414588
|
+
"redshift:DescribeOrderableClusterOptions",
|
|
414589
|
+
"redshift:DescribeClusterParameterGroups",
|
|
414590
|
+
"redshift:DescribeClusterTracks"
|
|
414591
|
+
],
|
|
414592
|
+
"Resource": "*"
|
|
414593
|
+
},
|
|
414594
|
+
{
|
|
414595
|
+
"Effect": "Allow",
|
|
414596
|
+
"Action": [
|
|
414597
|
+
"cloudformation:ListStacks"
|
|
414598
|
+
],
|
|
414599
|
+
"Resource": [
|
|
414600
|
+
"arn:aws:cloudformation:*:*:stack/*"
|
|
414601
|
+
]
|
|
414602
|
+
},
|
|
414603
|
+
{
|
|
414604
|
+
"Effect": "Allow",
|
|
414605
|
+
"Action": [
|
|
414606
|
+
"ssm-sap:GetOperation",
|
|
414607
|
+
"ssm-sap:ListDatabases"
|
|
414608
|
+
],
|
|
414609
|
+
"Resource": "*"
|
|
414610
|
+
},
|
|
414611
|
+
{
|
|
414612
|
+
"Effect": "Allow",
|
|
414613
|
+
"Action": [
|
|
414614
|
+
"ssm-sap:GetDatabase",
|
|
414615
|
+
"ssm-sap:ListTagsForResource"
|
|
414616
|
+
],
|
|
414617
|
+
"Resource": "arn:aws:ssm-sap:*:*:*"
|
|
413542
414618
|
}
|
|
413543
414619
|
]
|
|
413544
414620
|
}
|
|
413545
414621
|
},
|
|
413546
|
-
"
|
|
413547
|
-
"createdDate": "
|
|
414622
|
+
"v14": {
|
|
414623
|
+
"createdDate": "2023-08-08T18:19:48.000Z",
|
|
413548
414624
|
"document": {
|
|
413549
414625
|
"Version": "2012-10-17",
|
|
413550
414626
|
"Statement": [
|
|
@@ -413563,6 +414639,7 @@
|
|
|
413563
414639
|
"Resource": "*"
|
|
413564
414640
|
},
|
|
413565
414641
|
{
|
|
414642
|
+
"Effect": "Allow",
|
|
413566
414643
|
"Action": [
|
|
413567
414644
|
"rds:DescribeDBSnapshots",
|
|
413568
414645
|
"rds:ListTagsForResource",
|
|
@@ -413577,25 +414654,25 @@
|
|
|
413577
414654
|
"rds:DescribeDBClusterParameterGroups",
|
|
413578
414655
|
"rds:DescribeDBInstanceAutomatedBackups"
|
|
413579
414656
|
],
|
|
413580
|
-
"Effect": "Allow",
|
|
413581
414657
|
"Resource": "*"
|
|
413582
414658
|
},
|
|
413583
414659
|
{
|
|
414660
|
+
"Effect": "Allow",
|
|
413584
414661
|
"Action": [
|
|
413585
414662
|
"dynamodb:ListBackups",
|
|
413586
414663
|
"dynamodb:ListTables"
|
|
413587
414664
|
],
|
|
413588
|
-
"Effect": "Allow",
|
|
413589
414665
|
"Resource": "*"
|
|
413590
414666
|
},
|
|
413591
414667
|
{
|
|
414668
|
+
"Effect": "Allow",
|
|
413592
414669
|
"Action": [
|
|
413593
414670
|
"elasticfilesystem:DescribeFilesystems"
|
|
413594
414671
|
],
|
|
413595
|
-
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
|
|
413596
|
-
"Effect": "Allow"
|
|
414672
|
+
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
|
|
413597
414673
|
},
|
|
413598
414674
|
{
|
|
414675
|
+
"Effect": "Allow",
|
|
413599
414676
|
"Action": [
|
|
413600
414677
|
"ec2:DescribeSnapshots",
|
|
413601
414678
|
"ec2:DescribeVolumes",
|
|
@@ -413611,16 +414688,15 @@
|
|
|
413611
414688
|
"ec2:DescribeVpcEndpoints",
|
|
413612
414689
|
"ec2:DescribeAddresses"
|
|
413613
414690
|
],
|
|
413614
|
-
"Effect": "Allow",
|
|
413615
414691
|
"Resource": "*"
|
|
413616
414692
|
},
|
|
413617
414693
|
{
|
|
414694
|
+
"Effect": "Allow",
|
|
413618
414695
|
"Action": [
|
|
413619
414696
|
"tag:GetTagKeys",
|
|
413620
414697
|
"tag:GetTagValues",
|
|
413621
414698
|
"tag:GetResources"
|
|
413622
414699
|
],
|
|
413623
|
-
"Effect": "Allow",
|
|
413624
414700
|
"Resource": "*"
|
|
413625
414701
|
},
|
|
413626
414702
|
{
|
|
@@ -413648,11 +414724,11 @@
|
|
|
413648
414724
|
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
|
|
413649
414725
|
},
|
|
413650
414726
|
{
|
|
414727
|
+
"Effect": "Allow",
|
|
413651
414728
|
"Action": [
|
|
413652
414729
|
"iam:ListRoles",
|
|
413653
414730
|
"iam:GetRole"
|
|
413654
414731
|
],
|
|
413655
|
-
"Effect": "Allow",
|
|
413656
414732
|
"Resource": "*"
|
|
413657
414733
|
},
|
|
413658
414734
|
{
|
|
@@ -413690,13 +414766,13 @@
|
|
|
413690
414766
|
]
|
|
413691
414767
|
},
|
|
413692
414768
|
{
|
|
413693
|
-
"Action": "fsx:DescribeBackups",
|
|
413694
414769
|
"Effect": "Allow",
|
|
414770
|
+
"Action": "fsx:DescribeBackups",
|
|
413695
414771
|
"Resource": "arn:aws:fsx:*:*:backup/*"
|
|
413696
414772
|
},
|
|
413697
414773
|
{
|
|
413698
|
-
"Action": "fsx:DescribeFileSystems",
|
|
413699
414774
|
"Effect": "Allow",
|
|
414775
|
+
"Action": "fsx:DescribeFileSystems",
|
|
413700
414776
|
"Resource": "arn:aws:fsx:*:*:file-system/*"
|
|
413701
414777
|
},
|
|
413702
414778
|
{
|
|
@@ -413710,8 +414786,8 @@
|
|
|
413710
414786
|
"Resource": "arn:aws:fsx:*:*:storage-virtual-machine/*/*"
|
|
413711
414787
|
},
|
|
413712
414788
|
{
|
|
413713
|
-
"Action": "ds:DescribeDirectories",
|
|
413714
414789
|
"Effect": "Allow",
|
|
414790
|
+
"Action": "ds:DescribeDirectories",
|
|
413715
414791
|
"Resource": "*"
|
|
413716
414792
|
},
|
|
413717
414793
|
{
|
|
@@ -413726,7 +414802,25 @@
|
|
|
413726
414802
|
},
|
|
413727
414803
|
{
|
|
413728
414804
|
"Effect": "Allow",
|
|
413729
|
-
"Action":
|
|
414805
|
+
"Action": [
|
|
414806
|
+
"backup-gateway:GetHypervisor",
|
|
414807
|
+
"backup-gateway:GetHypervisorPropertyMappings"
|
|
414808
|
+
],
|
|
414809
|
+
"Resource": "arn:aws:backup-gateway:*:*:hypervisor/*"
|
|
414810
|
+
},
|
|
414811
|
+
{
|
|
414812
|
+
"Effect": "Allow",
|
|
414813
|
+
"Action": [
|
|
414814
|
+
"backup-gateway:GetVirtualMachine"
|
|
414815
|
+
],
|
|
414816
|
+
"Resource": "arn:aws:backup-gateway:*:*:vm/*"
|
|
414817
|
+
},
|
|
414818
|
+
{
|
|
414819
|
+
"Effect": "Allow",
|
|
414820
|
+
"Action": [
|
|
414821
|
+
"backup-gateway:GetBandwidthRateLimitSchedule",
|
|
414822
|
+
"backup-gateway:GetGateway"
|
|
414823
|
+
],
|
|
413730
414824
|
"Resource": "arn:aws:backup-gateway:*:*:gateway/*"
|
|
413731
414825
|
},
|
|
413732
414826
|
{
|
|
@@ -413741,7 +414835,6 @@
|
|
|
413741
414835
|
"timestream:ListTables"
|
|
413742
414836
|
],
|
|
413743
414837
|
"Resource": [
|
|
413744
|
-
"arn:aws:timestream:*:*:database/*/table/*",
|
|
413745
414838
|
"arn:aws:timestream:*:*:database/*"
|
|
413746
414839
|
]
|
|
413747
414840
|
},
|
|
@@ -413808,12 +414901,19 @@
|
|
|
413808
414901
|
"ssm-sap:ListTagsForResource"
|
|
413809
414902
|
],
|
|
413810
414903
|
"Resource": "arn:aws:ssm-sap:*:*:*"
|
|
414904
|
+
},
|
|
414905
|
+
{
|
|
414906
|
+
"Effect": "Allow",
|
|
414907
|
+
"Action": [
|
|
414908
|
+
"ram:GetResourceShareAssociations"
|
|
414909
|
+
],
|
|
414910
|
+
"Resource": "*"
|
|
413811
414911
|
}
|
|
413812
414912
|
]
|
|
413813
414913
|
}
|
|
413814
414914
|
},
|
|
413815
|
-
"
|
|
413816
|
-
"createdDate": "
|
|
414915
|
+
"v13": {
|
|
414916
|
+
"createdDate": "2022-12-15T20:13:00.000Z",
|
|
413817
414917
|
"document": {
|
|
413818
414918
|
"Version": "2012-10-17",
|
|
413819
414919
|
"Statement": [
|
|
@@ -413832,7 +414932,6 @@
|
|
|
413832
414932
|
"Resource": "*"
|
|
413833
414933
|
},
|
|
413834
414934
|
{
|
|
413835
|
-
"Effect": "Allow",
|
|
413836
414935
|
"Action": [
|
|
413837
414936
|
"rds:DescribeDBSnapshots",
|
|
413838
414937
|
"rds:ListTagsForResource",
|
|
@@ -413847,25 +414946,25 @@
|
|
|
413847
414946
|
"rds:DescribeDBClusterParameterGroups",
|
|
413848
414947
|
"rds:DescribeDBInstanceAutomatedBackups"
|
|
413849
414948
|
],
|
|
414949
|
+
"Effect": "Allow",
|
|
413850
414950
|
"Resource": "*"
|
|
413851
414951
|
},
|
|
413852
414952
|
{
|
|
413853
|
-
"Effect": "Allow",
|
|
413854
414953
|
"Action": [
|
|
413855
414954
|
"dynamodb:ListBackups",
|
|
413856
414955
|
"dynamodb:ListTables"
|
|
413857
414956
|
],
|
|
414957
|
+
"Effect": "Allow",
|
|
413858
414958
|
"Resource": "*"
|
|
413859
414959
|
},
|
|
413860
414960
|
{
|
|
413861
|
-
"Effect": "Allow",
|
|
413862
414961
|
"Action": [
|
|
413863
414962
|
"elasticfilesystem:DescribeFilesystems"
|
|
413864
414963
|
],
|
|
413865
|
-
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
|
|
414964
|
+
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*",
|
|
414965
|
+
"Effect": "Allow"
|
|
413866
414966
|
},
|
|
413867
414967
|
{
|
|
413868
|
-
"Effect": "Allow",
|
|
413869
414968
|
"Action": [
|
|
413870
414969
|
"ec2:DescribeSnapshots",
|
|
413871
414970
|
"ec2:DescribeVolumes",
|
|
@@ -413881,15 +414980,16 @@
|
|
|
413881
414980
|
"ec2:DescribeVpcEndpoints",
|
|
413882
414981
|
"ec2:DescribeAddresses"
|
|
413883
414982
|
],
|
|
414983
|
+
"Effect": "Allow",
|
|
413884
414984
|
"Resource": "*"
|
|
413885
414985
|
},
|
|
413886
414986
|
{
|
|
413887
|
-
"Effect": "Allow",
|
|
413888
414987
|
"Action": [
|
|
413889
414988
|
"tag:GetTagKeys",
|
|
413890
414989
|
"tag:GetTagValues",
|
|
413891
414990
|
"tag:GetResources"
|
|
413892
414991
|
],
|
|
414992
|
+
"Effect": "Allow",
|
|
413893
414993
|
"Resource": "*"
|
|
413894
414994
|
},
|
|
413895
414995
|
{
|
|
@@ -413917,11 +415017,11 @@
|
|
|
413917
415017
|
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
|
|
413918
415018
|
},
|
|
413919
415019
|
{
|
|
413920
|
-
"Effect": "Allow",
|
|
413921
415020
|
"Action": [
|
|
413922
415021
|
"iam:ListRoles",
|
|
413923
415022
|
"iam:GetRole"
|
|
413924
415023
|
],
|
|
415024
|
+
"Effect": "Allow",
|
|
413925
415025
|
"Resource": "*"
|
|
413926
415026
|
},
|
|
413927
415027
|
{
|
|
@@ -413959,13 +415059,13 @@
|
|
|
413959
415059
|
]
|
|
413960
415060
|
},
|
|
413961
415061
|
{
|
|
413962
|
-
"Effect": "Allow",
|
|
413963
415062
|
"Action": "fsx:DescribeBackups",
|
|
415063
|
+
"Effect": "Allow",
|
|
413964
415064
|
"Resource": "arn:aws:fsx:*:*:backup/*"
|
|
413965
415065
|
},
|
|
413966
415066
|
{
|
|
413967
|
-
"Effect": "Allow",
|
|
413968
415067
|
"Action": "fsx:DescribeFileSystems",
|
|
415068
|
+
"Effect": "Allow",
|
|
413969
415069
|
"Resource": "arn:aws:fsx:*:*:file-system/*"
|
|
413970
415070
|
},
|
|
413971
415071
|
{
|
|
@@ -413979,8 +415079,8 @@
|
|
|
413979
415079
|
"Resource": "arn:aws:fsx:*:*:storage-virtual-machine/*/*"
|
|
413980
415080
|
},
|
|
413981
415081
|
{
|
|
413982
|
-
"Effect": "Allow",
|
|
413983
415082
|
"Action": "ds:DescribeDirectories",
|
|
415083
|
+
"Effect": "Allow",
|
|
413984
415084
|
"Resource": "*"
|
|
413985
415085
|
},
|
|
413986
415086
|
{
|
|
@@ -414028,6 +415128,7 @@
|
|
|
414028
415128
|
"timestream:ListTables"
|
|
414029
415129
|
],
|
|
414030
415130
|
"Resource": [
|
|
415131
|
+
"arn:aws:timestream:*:*:database/*/table/*",
|
|
414031
415132
|
"arn:aws:timestream:*:*:database/*"
|
|
414032
415133
|
]
|
|
414033
415134
|
},
|
|
@@ -414094,19 +415195,12 @@
|
|
|
414094
415195
|
"ssm-sap:ListTagsForResource"
|
|
414095
415196
|
],
|
|
414096
415197
|
"Resource": "arn:aws:ssm-sap:*:*:*"
|
|
414097
|
-
},
|
|
414098
|
-
{
|
|
414099
|
-
"Effect": "Allow",
|
|
414100
|
-
"Action": [
|
|
414101
|
-
"ram:GetResourceShareAssociations"
|
|
414102
|
-
],
|
|
414103
|
-
"Resource": "*"
|
|
414104
415198
|
}
|
|
414105
415199
|
]
|
|
414106
415200
|
}
|
|
414107
415201
|
},
|
|
414108
|
-
"
|
|
414109
|
-
"createdDate": "
|
|
415202
|
+
"v15": {
|
|
415203
|
+
"createdDate": "2019-11-18T22:23:17.000Z",
|
|
414110
415204
|
"document": {
|
|
414111
415205
|
"Version": "2012-10-17",
|
|
414112
415206
|
"Statement": [
|
|
@@ -414125,6 +415219,7 @@
|
|
|
414125
415219
|
"Resource": "*"
|
|
414126
415220
|
},
|
|
414127
415221
|
{
|
|
415222
|
+
"Effect": "Allow",
|
|
414128
415223
|
"Action": [
|
|
414129
415224
|
"rds:DescribeDBSnapshots",
|
|
414130
415225
|
"rds:ListTagsForResource",
|
|
@@ -414137,27 +415232,28 @@
|
|
|
414137
415232
|
"rds:DescribeDBClusters",
|
|
414138
415233
|
"rds:DescribeDBParameterGroups",
|
|
414139
415234
|
"rds:DescribeDBClusterParameterGroups",
|
|
414140
|
-
"rds:DescribeDBInstanceAutomatedBackups"
|
|
415235
|
+
"rds:DescribeDBInstanceAutomatedBackups",
|
|
415236
|
+
"rds:DescribeDBClusterAutomatedBackups"
|
|
414141
415237
|
],
|
|
414142
|
-
"Effect": "Allow",
|
|
414143
415238
|
"Resource": "*"
|
|
414144
415239
|
},
|
|
414145
415240
|
{
|
|
415241
|
+
"Effect": "Allow",
|
|
414146
415242
|
"Action": [
|
|
414147
415243
|
"dynamodb:ListBackups",
|
|
414148
415244
|
"dynamodb:ListTables"
|
|
414149
415245
|
],
|
|
414150
|
-
"Effect": "Allow",
|
|
414151
415246
|
"Resource": "*"
|
|
414152
415247
|
},
|
|
414153
415248
|
{
|
|
415249
|
+
"Effect": "Allow",
|
|
414154
415250
|
"Action": [
|
|
414155
415251
|
"elasticfilesystem:DescribeFilesystems"
|
|
414156
415252
|
],
|
|
414157
|
-
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
|
|
414158
|
-
"Effect": "Allow"
|
|
415253
|
+
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
|
|
414159
415254
|
},
|
|
414160
415255
|
{
|
|
415256
|
+
"Effect": "Allow",
|
|
414161
415257
|
"Action": [
|
|
414162
415258
|
"ec2:DescribeSnapshots",
|
|
414163
415259
|
"ec2:DescribeVolumes",
|
|
@@ -414173,16 +415269,15 @@
|
|
|
414173
415269
|
"ec2:DescribeVpcEndpoints",
|
|
414174
415270
|
"ec2:DescribeAddresses"
|
|
414175
415271
|
],
|
|
414176
|
-
"Effect": "Allow",
|
|
414177
415272
|
"Resource": "*"
|
|
414178
415273
|
},
|
|
414179
415274
|
{
|
|
415275
|
+
"Effect": "Allow",
|
|
414180
415276
|
"Action": [
|
|
414181
415277
|
"tag:GetTagKeys",
|
|
414182
415278
|
"tag:GetTagValues",
|
|
414183
415279
|
"tag:GetResources"
|
|
414184
415280
|
],
|
|
414185
|
-
"Effect": "Allow",
|
|
414186
415281
|
"Resource": "*"
|
|
414187
415282
|
},
|
|
414188
415283
|
{
|
|
@@ -414210,11 +415305,11 @@
|
|
|
414210
415305
|
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
|
|
414211
415306
|
},
|
|
414212
415307
|
{
|
|
415308
|
+
"Effect": "Allow",
|
|
414213
415309
|
"Action": [
|
|
414214
415310
|
"iam:ListRoles",
|
|
414215
415311
|
"iam:GetRole"
|
|
414216
415312
|
],
|
|
414217
|
-
"Effect": "Allow",
|
|
414218
415313
|
"Resource": "*"
|
|
414219
415314
|
},
|
|
414220
415315
|
{
|
|
@@ -414252,13 +415347,13 @@
|
|
|
414252
415347
|
]
|
|
414253
415348
|
},
|
|
414254
415349
|
{
|
|
414255
|
-
"Action": "fsx:DescribeBackups",
|
|
414256
415350
|
"Effect": "Allow",
|
|
415351
|
+
"Action": "fsx:DescribeBackups",
|
|
414257
415352
|
"Resource": "arn:aws:fsx:*:*:backup/*"
|
|
414258
415353
|
},
|
|
414259
415354
|
{
|
|
414260
|
-
"Action": "fsx:DescribeFileSystems",
|
|
414261
415355
|
"Effect": "Allow",
|
|
415356
|
+
"Action": "fsx:DescribeFileSystems",
|
|
414262
415357
|
"Resource": "arn:aws:fsx:*:*:file-system/*"
|
|
414263
415358
|
},
|
|
414264
415359
|
{
|
|
@@ -414272,8 +415367,8 @@
|
|
|
414272
415367
|
"Resource": "arn:aws:fsx:*:*:storage-virtual-machine/*/*"
|
|
414273
415368
|
},
|
|
414274
415369
|
{
|
|
414275
|
-
"Action": "ds:DescribeDirectories",
|
|
414276
415370
|
"Effect": "Allow",
|
|
415371
|
+
"Action": "ds:DescribeDirectories",
|
|
414277
415372
|
"Resource": "*"
|
|
414278
415373
|
},
|
|
414279
415374
|
{
|
|
@@ -414321,7 +415416,6 @@
|
|
|
414321
415416
|
"timestream:ListTables"
|
|
414322
415417
|
],
|
|
414323
415418
|
"Resource": [
|
|
414324
|
-
"arn:aws:timestream:*:*:database/*/table/*",
|
|
414325
415419
|
"arn:aws:timestream:*:*:database/*"
|
|
414326
415420
|
]
|
|
414327
415421
|
},
|
|
@@ -414388,16 +415482,24 @@
|
|
|
414388
415482
|
"ssm-sap:ListTagsForResource"
|
|
414389
415483
|
],
|
|
414390
415484
|
"Resource": "arn:aws:ssm-sap:*:*:*"
|
|
415485
|
+
},
|
|
415486
|
+
{
|
|
415487
|
+
"Effect": "Allow",
|
|
415488
|
+
"Action": [
|
|
415489
|
+
"ram:GetResourceShareAssociations"
|
|
415490
|
+
],
|
|
415491
|
+
"Resource": "*"
|
|
414391
415492
|
}
|
|
414392
415493
|
]
|
|
414393
415494
|
}
|
|
414394
415495
|
},
|
|
414395
|
-
"
|
|
415496
|
+
"v16": {
|
|
414396
415497
|
"createdDate": "2019-11-18T22:23:17.000Z",
|
|
414397
415498
|
"document": {
|
|
414398
415499
|
"Version": "2012-10-17",
|
|
414399
415500
|
"Statement": [
|
|
414400
415501
|
{
|
|
415502
|
+
"Sid": "AwsBackupAllAccess",
|
|
414401
415503
|
"Effect": "Allow",
|
|
414402
415504
|
"Action": [
|
|
414403
415505
|
"backup:Get*",
|
|
@@ -414412,6 +415514,7 @@
|
|
|
414412
415514
|
"Resource": "*"
|
|
414413
415515
|
},
|
|
414414
415516
|
{
|
|
415517
|
+
"Sid": "RDSDescribeAccess",
|
|
414415
415518
|
"Effect": "Allow",
|
|
414416
415519
|
"Action": [
|
|
414417
415520
|
"rds:DescribeDBSnapshots",
|
|
@@ -414431,6 +415534,7 @@
|
|
|
414431
415534
|
"Resource": "*"
|
|
414432
415535
|
},
|
|
414433
415536
|
{
|
|
415537
|
+
"Sid": "DynamoDBAccess",
|
|
414434
415538
|
"Effect": "Allow",
|
|
414435
415539
|
"Action": [
|
|
414436
415540
|
"dynamodb:ListBackups",
|
|
@@ -414439,6 +415543,7 @@
|
|
|
414439
415543
|
"Resource": "*"
|
|
414440
415544
|
},
|
|
414441
415545
|
{
|
|
415546
|
+
"Sid": "EFSAccess",
|
|
414442
415547
|
"Effect": "Allow",
|
|
414443
415548
|
"Action": [
|
|
414444
415549
|
"elasticfilesystem:DescribeFilesystems"
|
|
@@ -414446,6 +415551,7 @@
|
|
|
414446
415551
|
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
|
|
414447
415552
|
},
|
|
414448
415553
|
{
|
|
415554
|
+
"Sid": "EC2Access",
|
|
414449
415555
|
"Effect": "Allow",
|
|
414450
415556
|
"Action": [
|
|
414451
415557
|
"ec2:DescribeSnapshots",
|
|
@@ -414465,6 +415571,7 @@
|
|
|
414465
415571
|
"Resource": "*"
|
|
414466
415572
|
},
|
|
414467
415573
|
{
|
|
415574
|
+
"Sid": "TagReadAccess",
|
|
414468
415575
|
"Effect": "Allow",
|
|
414469
415576
|
"Action": [
|
|
414470
415577
|
"tag:GetTagKeys",
|
|
@@ -414474,6 +415581,7 @@
|
|
|
414474
415581
|
"Resource": "*"
|
|
414475
415582
|
},
|
|
414476
415583
|
{
|
|
415584
|
+
"Sid": "StorageGatewaySCSIAccess",
|
|
414477
415585
|
"Effect": "Allow",
|
|
414478
415586
|
"Action": [
|
|
414479
415587
|
"storagegateway:DescribeCachediSCSIVolumes",
|
|
@@ -414482,6 +415590,7 @@
|
|
|
414482
415590
|
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
|
|
414483
415591
|
},
|
|
414484
415592
|
{
|
|
415593
|
+
"Sid": "StorageGatewayReadAccess",
|
|
414485
415594
|
"Effect": "Allow",
|
|
414486
415595
|
"Action": [
|
|
414487
415596
|
"storagegateway:ListGateways"
|
|
@@ -414489,15 +415598,24 @@
|
|
|
414489
415598
|
"Resource": "arn:aws:storagegateway:*:*:*"
|
|
414490
415599
|
},
|
|
414491
415600
|
{
|
|
415601
|
+
"Sid": "StorageGatewayDiskReadAccess",
|
|
414492
415602
|
"Effect": "Allow",
|
|
414493
415603
|
"Action": [
|
|
414494
415604
|
"storagegateway:DescribeGatewayInformation",
|
|
414495
|
-
"storagegateway:ListVolumes",
|
|
414496
415605
|
"storagegateway:ListLocalDisks"
|
|
414497
415606
|
],
|
|
414498
415607
|
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
|
|
414499
415608
|
},
|
|
414500
415609
|
{
|
|
415610
|
+
"Sid": "StorageGatewayVolumeReadAccess",
|
|
415611
|
+
"Effect": "Allow",
|
|
415612
|
+
"Action": [
|
|
415613
|
+
"storagegateway:ListVolumes"
|
|
415614
|
+
],
|
|
415615
|
+
"Resource": "*"
|
|
415616
|
+
},
|
|
415617
|
+
{
|
|
415618
|
+
"Sid": "IAMRoleAccess",
|
|
414501
415619
|
"Effect": "Allow",
|
|
414502
415620
|
"Action": [
|
|
414503
415621
|
"iam:ListRoles",
|
|
@@ -414506,6 +415624,7 @@
|
|
|
414506
415624
|
"Resource": "*"
|
|
414507
415625
|
},
|
|
414508
415626
|
{
|
|
415627
|
+
"Sid": "PassRoleAccess",
|
|
414509
415628
|
"Effect": "Allow",
|
|
414510
415629
|
"Action": "iam:PassRole",
|
|
414511
415630
|
"Resource": [
|
|
@@ -414519,11 +415638,13 @@
|
|
|
414519
415638
|
}
|
|
414520
415639
|
},
|
|
414521
415640
|
{
|
|
415641
|
+
"Sid": "OrganizationsAccess",
|
|
414522
415642
|
"Effect": "Allow",
|
|
414523
415643
|
"Action": "organizations:DescribeOrganization",
|
|
414524
415644
|
"Resource": "*"
|
|
414525
415645
|
},
|
|
414526
415646
|
{
|
|
415647
|
+
"Sid": "SSMReadAccess",
|
|
414527
415648
|
"Effect": "Allow",
|
|
414528
415649
|
"Action": [
|
|
414529
415650
|
"ssm:CancelCommand",
|
|
@@ -414532,6 +415653,7 @@
|
|
|
414532
415653
|
"Resource": "*"
|
|
414533
415654
|
},
|
|
414534
415655
|
{
|
|
415656
|
+
"Sid": "SSMComandAccess",
|
|
414535
415657
|
"Effect": "Allow",
|
|
414536
415658
|
"Action": "ssm:SendCommand",
|
|
414537
415659
|
"Resource": [
|
|
@@ -414540,31 +415662,37 @@
|
|
|
414540
415662
|
]
|
|
414541
415663
|
},
|
|
414542
415664
|
{
|
|
415665
|
+
"Sid": "FSXDescribeAccess",
|
|
414543
415666
|
"Effect": "Allow",
|
|
414544
415667
|
"Action": "fsx:DescribeBackups",
|
|
414545
415668
|
"Resource": "arn:aws:fsx:*:*:backup/*"
|
|
414546
415669
|
},
|
|
414547
415670
|
{
|
|
415671
|
+
"Sid": "FSxFileAccess",
|
|
414548
415672
|
"Effect": "Allow",
|
|
414549
415673
|
"Action": "fsx:DescribeFileSystems",
|
|
414550
415674
|
"Resource": "arn:aws:fsx:*:*:file-system/*"
|
|
414551
415675
|
},
|
|
414552
415676
|
{
|
|
415677
|
+
"Sid": "FSxVolumeAccess",
|
|
414553
415678
|
"Effect": "Allow",
|
|
414554
415679
|
"Action": "fsx:DescribeVolumes",
|
|
414555
415680
|
"Resource": "arn:aws:fsx:*:*:volume/*/*"
|
|
414556
415681
|
},
|
|
414557
415682
|
{
|
|
415683
|
+
"Sid": "FSxMachineAccess",
|
|
414558
415684
|
"Effect": "Allow",
|
|
414559
415685
|
"Action": "fsx:DescribeStorageVirtualMachines",
|
|
414560
415686
|
"Resource": "arn:aws:fsx:*:*:storage-virtual-machine/*/*"
|
|
414561
415687
|
},
|
|
414562
415688
|
{
|
|
415689
|
+
"Sid": "DirectoryServiceAccess",
|
|
414563
415690
|
"Effect": "Allow",
|
|
414564
415691
|
"Action": "ds:DescribeDirectories",
|
|
414565
415692
|
"Resource": "*"
|
|
414566
415693
|
},
|
|
414567
415694
|
{
|
|
415695
|
+
"Sid": "BackupGatewayListAccess",
|
|
414568
415696
|
"Effect": "Allow",
|
|
414569
415697
|
"Action": [
|
|
414570
415698
|
"backup-gateway:ListGateways",
|
|
@@ -414575,6 +415703,7 @@
|
|
|
414575
415703
|
"Resource": "*"
|
|
414576
415704
|
},
|
|
414577
415705
|
{
|
|
415706
|
+
"Sid": "BackupGatewayHypervisorAccess",
|
|
414578
415707
|
"Effect": "Allow",
|
|
414579
415708
|
"Action": [
|
|
414580
415709
|
"backup-gateway:GetHypervisor",
|
|
@@ -414583,6 +415712,7 @@
|
|
|
414583
415712
|
"Resource": "arn:aws:backup-gateway:*:*:hypervisor/*"
|
|
414584
415713
|
},
|
|
414585
415714
|
{
|
|
415715
|
+
"Sid": "BackupGatewayMachineAccess",
|
|
414586
415716
|
"Effect": "Allow",
|
|
414587
415717
|
"Action": [
|
|
414588
415718
|
"backup-gateway:GetVirtualMachine"
|
|
@@ -414590,6 +415720,7 @@
|
|
|
414590
415720
|
"Resource": "arn:aws:backup-gateway:*:*:vm/*"
|
|
414591
415721
|
},
|
|
414592
415722
|
{
|
|
415723
|
+
"Sid": "BackupGatewayAccess",
|
|
414593
415724
|
"Effect": "Allow",
|
|
414594
415725
|
"Action": [
|
|
414595
415726
|
"backup-gateway:GetBandwidthRateLimitSchedule",
|
|
@@ -414598,11 +415729,13 @@
|
|
|
414598
415729
|
"Resource": "arn:aws:backup-gateway:*:*:gateway/*"
|
|
414599
415730
|
},
|
|
414600
415731
|
{
|
|
415732
|
+
"Sid": "CloudWatchAccess",
|
|
414601
415733
|
"Effect": "Allow",
|
|
414602
415734
|
"Action": "cloudwatch:GetMetricData",
|
|
414603
415735
|
"Resource": "*"
|
|
414604
415736
|
},
|
|
414605
415737
|
{
|
|
415738
|
+
"Sid": "TimestreamListAccess",
|
|
414606
415739
|
"Effect": "Allow",
|
|
414607
415740
|
"Action": [
|
|
414608
415741
|
"timestream:ListDatabases",
|
|
@@ -414613,6 +415746,7 @@
|
|
|
414613
415746
|
]
|
|
414614
415747
|
},
|
|
414615
415748
|
{
|
|
415749
|
+
"Sid": "TimestreamDescribeAccess",
|
|
414616
415750
|
"Effect": "Allow",
|
|
414617
415751
|
"Action": [
|
|
414618
415752
|
"timestream:DescribeEndpoints"
|
|
@@ -414620,6 +415754,7 @@
|
|
|
414620
415754
|
"Resource": "*"
|
|
414621
415755
|
},
|
|
414622
415756
|
{
|
|
415757
|
+
"Sid": "S3ListAccess",
|
|
414623
415758
|
"Effect": "Allow",
|
|
414624
415759
|
"Action": [
|
|
414625
415760
|
"s3:ListAllMyBuckets"
|
|
@@ -414627,6 +415762,7 @@
|
|
|
414627
415762
|
"Resource": "arn:aws:s3:::*"
|
|
414628
415763
|
},
|
|
414629
415764
|
{
|
|
415765
|
+
"Sid": "RedshiftAccess",
|
|
414630
415766
|
"Effect": "Allow",
|
|
414631
415767
|
"Action": [
|
|
414632
415768
|
"redshift:DescribeClusters",
|
|
@@ -414642,6 +415778,7 @@
|
|
|
414642
415778
|
]
|
|
414643
415779
|
},
|
|
414644
415780
|
{
|
|
415781
|
+
"Sid": "RedshiftOptionsAccess",
|
|
414645
415782
|
"Effect": "Allow",
|
|
414646
415783
|
"Action": [
|
|
414647
415784
|
"redshift:DescribeNodeConfigurationOptions",
|
|
@@ -414652,6 +415789,7 @@
|
|
|
414652
415789
|
"Resource": "*"
|
|
414653
415790
|
},
|
|
414654
415791
|
{
|
|
415792
|
+
"Sid": "CloudFormationAccess",
|
|
414655
415793
|
"Effect": "Allow",
|
|
414656
415794
|
"Action": [
|
|
414657
415795
|
"cloudformation:ListStacks"
|
|
@@ -414661,6 +415799,7 @@
|
|
|
414661
415799
|
]
|
|
414662
415800
|
},
|
|
414663
415801
|
{
|
|
415802
|
+
"Sid": "SAPAccess",
|
|
414664
415803
|
"Effect": "Allow",
|
|
414665
415804
|
"Action": [
|
|
414666
415805
|
"ssm-sap:GetOperation",
|
|
@@ -414669,6 +415808,7 @@
|
|
|
414669
415808
|
"Resource": "*"
|
|
414670
415809
|
},
|
|
414671
415810
|
{
|
|
415811
|
+
"Sid": "SAPDatabaseAccess",
|
|
414672
415812
|
"Effect": "Allow",
|
|
414673
415813
|
"Action": [
|
|
414674
415814
|
"ssm-sap:GetDatabase",
|
|
@@ -414677,6 +415817,7 @@
|
|
|
414677
415817
|
"Resource": "arn:aws:ssm-sap:*:*:*"
|
|
414678
415818
|
},
|
|
414679
415819
|
{
|
|
415820
|
+
"Sid": "RAMAccess",
|
|
414680
415821
|
"Effect": "Allow",
|
|
414681
415822
|
"Action": [
|
|
414682
415823
|
"ram:GetResourceShareAssociations"
|
|
@@ -414686,7 +415827,7 @@
|
|
|
414686
415827
|
]
|
|
414687
415828
|
}
|
|
414688
415829
|
},
|
|
414689
|
-
"
|
|
415830
|
+
"v17": {
|
|
414690
415831
|
"createdDate": "2019-11-18T22:23:17.000Z",
|
|
414691
415832
|
"document": {
|
|
414692
415833
|
"Version": "2012-10-17",
|
|
@@ -414981,6 +416122,32 @@
|
|
|
414981
416122
|
],
|
|
414982
416123
|
"Resource": "*"
|
|
414983
416124
|
},
|
|
416125
|
+
{
|
|
416126
|
+
"Sid": "RedshiftServerlessListPermissions",
|
|
416127
|
+
"Effect": "Allow",
|
|
416128
|
+
"Action": [
|
|
416129
|
+
"redshift-serverless:ListNamespaces",
|
|
416130
|
+
"redshift-serverless:ListSnapshots",
|
|
416131
|
+
"redshift-serverless:ListWorkgroups"
|
|
416132
|
+
],
|
|
416133
|
+
"Resource": [
|
|
416134
|
+
"*"
|
|
416135
|
+
]
|
|
416136
|
+
},
|
|
416137
|
+
{
|
|
416138
|
+
"Sid": "RedshiftServerlessGetPermissions",
|
|
416139
|
+
"Effect": "Allow",
|
|
416140
|
+
"Action": [
|
|
416141
|
+
"redshift-serverless:GetNamespace",
|
|
416142
|
+
"redshift-serverless:GetSnapshot",
|
|
416143
|
+
"redshift-serverless:GetWorkgroup"
|
|
416144
|
+
],
|
|
416145
|
+
"Resource": [
|
|
416146
|
+
"arn:aws:redshift-serverless:*:*:namespace/*",
|
|
416147
|
+
"arn:aws:redshift-serverless:*:*:workgroup/*",
|
|
416148
|
+
"arn:aws:redshift-serverless:*:*:snapshot/*"
|
|
416149
|
+
]
|
|
416150
|
+
},
|
|
414984
416151
|
{
|
|
414985
416152
|
"Sid": "CloudFormationAccess",
|
|
414986
416153
|
"Effect": "Allow",
|
|
@@ -415020,7 +416187,7 @@
|
|
|
415020
416187
|
]
|
|
415021
416188
|
}
|
|
415022
416189
|
},
|
|
415023
|
-
"
|
|
416190
|
+
"v18": {
|
|
415024
416191
|
"createdDate": "2019-11-18T22:23:17.000Z",
|
|
415025
416192
|
"document": {
|
|
415026
416193
|
"Version": "2012-10-17",
|
|
@@ -415376,11 +416543,21 @@
|
|
|
415376
416543
|
"ram:GetResourceShareAssociations"
|
|
415377
416544
|
],
|
|
415378
416545
|
"Resource": "*"
|
|
416546
|
+
},
|
|
416547
|
+
{
|
|
416548
|
+
"Sid": "DSQLDescribePermissions",
|
|
416549
|
+
"Effect": "Allow",
|
|
416550
|
+
"Action": [
|
|
416551
|
+
"dsql:GetCluster",
|
|
416552
|
+
"dsql:ListClusters",
|
|
416553
|
+
"dsql:ListTagsForResource"
|
|
416554
|
+
],
|
|
416555
|
+
"Resource": "*"
|
|
415379
416556
|
}
|
|
415380
416557
|
]
|
|
415381
416558
|
}
|
|
415382
416559
|
},
|
|
415383
|
-
"
|
|
416560
|
+
"v19": {
|
|
415384
416561
|
"createdDate": "2019-11-18T22:23:17.000Z",
|
|
415385
416562
|
"document": {
|
|
415386
416563
|
"Version": "2012-10-17",
|
|
@@ -415746,11 +416923,21 @@
|
|
|
415746
416923
|
"dsql:ListTagsForResource"
|
|
415747
416924
|
],
|
|
415748
416925
|
"Resource": "*"
|
|
416926
|
+
},
|
|
416927
|
+
{
|
|
416928
|
+
"Sid": "EKSClusterPermissions",
|
|
416929
|
+
"Effect": "Allow",
|
|
416930
|
+
"Action": [
|
|
416931
|
+
"eks:ListClusters",
|
|
416932
|
+
"eks:ListTagsForResource",
|
|
416933
|
+
"eks:DescribeCluster"
|
|
416934
|
+
],
|
|
416935
|
+
"Resource": "arn:aws:eks:*:*:cluster/*"
|
|
415749
416936
|
}
|
|
415750
416937
|
]
|
|
415751
416938
|
}
|
|
415752
416939
|
},
|
|
415753
|
-
"
|
|
416940
|
+
"v20": {
|
|
415754
416941
|
"createdDate": "2019-11-18T22:23:17.000Z",
|
|
415755
416942
|
"document": {
|
|
415756
416943
|
"Version": "2012-10-17",
|
|
@@ -415766,7 +416953,8 @@
|
|
|
415766
416953
|
"backup:DeleteBackupSelection",
|
|
415767
416954
|
"backup:StartBackupJob",
|
|
415768
416955
|
"backup:StartRestoreJob",
|
|
415769
|
-
"backup:StartCopyJob"
|
|
416956
|
+
"backup:StartCopyJob",
|
|
416957
|
+
"backup:StartScanJob"
|
|
415770
416958
|
],
|
|
415771
416959
|
"Resource": "*"
|
|
415772
416960
|
},
|
|
@@ -416126,13 +417314,27 @@
|
|
|
416126
417314
|
"eks:DescribeCluster"
|
|
416127
417315
|
],
|
|
416128
417316
|
"Resource": "arn:aws:eks:*:*:cluster/*"
|
|
417317
|
+
},
|
|
417318
|
+
{
|
|
417319
|
+
"Sid": "IamPassRolePermissionsForGuardDuty",
|
|
417320
|
+
"Effect": "Allow",
|
|
417321
|
+
"Action": "iam:PassRole",
|
|
417322
|
+
"Resource": [
|
|
417323
|
+
"arn:aws:iam::*:role/*AwsBackupGuardDuty*",
|
|
417324
|
+
"arn:aws:iam::*:role/*AWSBackupGuardDuty*"
|
|
417325
|
+
],
|
|
417326
|
+
"Condition": {
|
|
417327
|
+
"StringEquals": {
|
|
417328
|
+
"iam:PassedToService": "malware-protection.guardduty.amazonaws.com"
|
|
417329
|
+
}
|
|
417330
|
+
}
|
|
416129
417331
|
}
|
|
416130
417332
|
]
|
|
416131
417333
|
}
|
|
416132
417334
|
}
|
|
416133
417335
|
},
|
|
416134
417336
|
"createdDate": "2019-11-18T22:23:17.000Z",
|
|
416135
|
-
"lastUpdatedDate": "2025-11-
|
|
417337
|
+
"lastUpdatedDate": "2025-11-20T03:34:08.000Z"
|
|
416136
417338
|
},
|
|
416137
417339
|
"AWSTrustedAdvisorReportingServiceRolePolicy": {
|
|
416138
417340
|
"arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorReportingServiceRolePolicy",
|
|
@@ -761959,8 +763161,8 @@
|
|
|
761959
763161
|
},
|
|
761960
763162
|
"CostOptimizationHubReadOnlyAccess": {
|
|
761961
763163
|
"arn": "arn:aws:iam::aws:policy/CostOptimizationHubReadOnlyAccess",
|
|
761962
|
-
"latestVersionId": "
|
|
761963
|
-
"versionsCount":
|
|
763164
|
+
"latestVersionId": "v2",
|
|
763165
|
+
"versionsCount": 2,
|
|
761964
763166
|
"versions": {
|
|
761965
763167
|
"v1": {
|
|
761966
763168
|
"createdDate": "2023-12-13T18:04:15.000Z",
|
|
@@ -761981,10 +763183,31 @@
|
|
|
761981
763183
|
}
|
|
761982
763184
|
]
|
|
761983
763185
|
}
|
|
763186
|
+
},
|
|
763187
|
+
"v2": {
|
|
763188
|
+
"createdDate": "2023-12-13T18:04:15.000Z",
|
|
763189
|
+
"document": {
|
|
763190
|
+
"Version": "2012-10-17",
|
|
763191
|
+
"Statement": [
|
|
763192
|
+
{
|
|
763193
|
+
"Sid": "CostOptimizationHubReadOnlyAccess",
|
|
763194
|
+
"Effect": "Allow",
|
|
763195
|
+
"Action": [
|
|
763196
|
+
"cost-optimization-hub:ListEnrollmentStatuses",
|
|
763197
|
+
"cost-optimization-hub:GetPreferences",
|
|
763198
|
+
"cost-optimization-hub:GetRecommendation",
|
|
763199
|
+
"cost-optimization-hub:ListRecommendations",
|
|
763200
|
+
"cost-optimization-hub:ListRecommendationSummaries",
|
|
763201
|
+
"cost-optimization-hub:ListEfficiencyMetrics"
|
|
763202
|
+
],
|
|
763203
|
+
"Resource": "*"
|
|
763204
|
+
}
|
|
763205
|
+
]
|
|
763206
|
+
}
|
|
761984
763207
|
}
|
|
761985
763208
|
},
|
|
761986
763209
|
"createdDate": "2023-12-13T18:04:15.000Z",
|
|
761987
|
-
"lastUpdatedDate": "
|
|
763210
|
+
"lastUpdatedDate": "2025-11-19T16:49:08.000Z"
|
|
761988
763211
|
},
|
|
761989
763212
|
"IVSFullAccess": {
|
|
761990
763213
|
"arn": "arn:aws:iam::aws:policy/IVSFullAccess",
|
|
@@ -762014,8 +763237,8 @@
|
|
|
762014
763237
|
},
|
|
762015
763238
|
"CostOptimizationHubAdminAccess": {
|
|
762016
763239
|
"arn": "arn:aws:iam::aws:policy/CostOptimizationHubAdminAccess",
|
|
762017
|
-
"latestVersionId": "
|
|
762018
|
-
"versionsCount":
|
|
763240
|
+
"latestVersionId": "v2",
|
|
763241
|
+
"versionsCount": 2,
|
|
762019
763242
|
"versions": {
|
|
762020
763243
|
"v1": {
|
|
762021
763244
|
"createdDate": "2023-12-19T00:03:51.000Z",
|
|
@@ -762068,10 +763291,63 @@
|
|
|
762068
763291
|
}
|
|
762069
763292
|
]
|
|
762070
763293
|
}
|
|
763294
|
+
},
|
|
763295
|
+
"v2": {
|
|
763296
|
+
"createdDate": "2023-12-19T00:03:51.000Z",
|
|
763297
|
+
"document": {
|
|
763298
|
+
"Version": "2012-10-17",
|
|
763299
|
+
"Statement": [
|
|
763300
|
+
{
|
|
763301
|
+
"Sid": "CostOptimizationHubAdminAccess",
|
|
763302
|
+
"Effect": "Allow",
|
|
763303
|
+
"Action": [
|
|
763304
|
+
"cost-optimization-hub:ListEnrollmentStatuses",
|
|
763305
|
+
"cost-optimization-hub:UpdateEnrollmentStatus",
|
|
763306
|
+
"cost-optimization-hub:GetPreferences",
|
|
763307
|
+
"cost-optimization-hub:UpdatePreferences",
|
|
763308
|
+
"cost-optimization-hub:GetRecommendation",
|
|
763309
|
+
"cost-optimization-hub:ListRecommendations",
|
|
763310
|
+
"cost-optimization-hub:ListRecommendationSummaries",
|
|
763311
|
+
"cost-optimization-hub:ListEfficiencyMetrics"
|
|
763312
|
+
],
|
|
763313
|
+
"Resource": "*"
|
|
763314
|
+
},
|
|
763315
|
+
{
|
|
763316
|
+
"Sid": "AllowCreationOfServiceLinkedRoleForCostOptimizationHub",
|
|
763317
|
+
"Effect": "Allow",
|
|
763318
|
+
"Action": [
|
|
763319
|
+
"iam:CreateServiceLinkedRole"
|
|
763320
|
+
],
|
|
763321
|
+
"Resource": [
|
|
763322
|
+
"arn:aws:iam::*:role/aws-service-role/cost-optimization-hub.bcm.amazonaws.com/AWSServiceRoleForCostOptimizationHub"
|
|
763323
|
+
],
|
|
763324
|
+
"Condition": {
|
|
763325
|
+
"StringLike": {
|
|
763326
|
+
"iam:AWSServiceName": "cost-optimization-hub.bcm.amazonaws.com"
|
|
763327
|
+
}
|
|
763328
|
+
}
|
|
763329
|
+
},
|
|
763330
|
+
{
|
|
763331
|
+
"Sid": "AllowAWSServiceAccessForCostOptimizationHub",
|
|
763332
|
+
"Effect": "Allow",
|
|
763333
|
+
"Action": [
|
|
763334
|
+
"organizations:EnableAWSServiceAccess"
|
|
763335
|
+
],
|
|
763336
|
+
"Resource": "*",
|
|
763337
|
+
"Condition": {
|
|
763338
|
+
"StringLike": {
|
|
763339
|
+
"organizations:ServicePrincipal": [
|
|
763340
|
+
"cost-optimization-hub.bcm.amazonaws.com"
|
|
763341
|
+
]
|
|
763342
|
+
}
|
|
763343
|
+
}
|
|
763344
|
+
}
|
|
763345
|
+
]
|
|
763346
|
+
}
|
|
762071
763347
|
}
|
|
762072
763348
|
},
|
|
762073
763349
|
"createdDate": "2023-12-19T00:03:51.000Z",
|
|
762074
|
-
"lastUpdatedDate": "
|
|
763350
|
+
"lastUpdatedDate": "2025-11-19T17:19:09.000Z"
|
|
762075
763351
|
},
|
|
762076
763352
|
"CloudWatchNetworkMonitorServiceRolePolicy": {
|
|
762077
763353
|
"arn": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchNetworkMonitorServiceRolePolicy",
|
|
@@ -785364,8 +786640,8 @@
|
|
|
785364
786640
|
},
|
|
785365
786641
|
"SecurityLakeResourceManagementServiceRolePolicy": {
|
|
785366
786642
|
"arn": "arn:aws:iam::aws:policy/aws-service-role/SecurityLakeResourceManagementServiceRolePolicy",
|
|
785367
|
-
"latestVersionId": "
|
|
785368
|
-
"versionsCount":
|
|
786643
|
+
"latestVersionId": "v3",
|
|
786644
|
+
"versionsCount": 3,
|
|
785369
786645
|
"versions": {
|
|
785370
786646
|
"v1": {
|
|
785371
786647
|
"createdDate": "2024-11-14T22:10:14.000Z",
|
|
@@ -785428,225 +786704,462 @@
|
|
|
785428
786704
|
}
|
|
785429
786705
|
},
|
|
785430
786706
|
{
|
|
785431
|
-
"Sid": "AllowListLambdaEventSourceMappings",
|
|
785432
|
-
"Effect": "Allow",
|
|
785433
|
-
"Action": [
|
|
785434
|
-
"lambda:ListEventSourceMappings"
|
|
785435
|
-
],
|
|
785436
|
-
"Resource": "*",
|
|
785437
|
-
"Condition": {
|
|
785438
|
-
"StringEquals": {
|
|
785439
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785440
|
-
}
|
|
785441
|
-
}
|
|
785442
|
-
},
|
|
785443
|
-
{
|
|
785444
|
-
"Sid": "AllowUpdateLambdaEventSourceMapping",
|
|
785445
|
-
"Effect": "Allow",
|
|
785446
|
-
"Action": [
|
|
785447
|
-
"lambda:UpdateEventSourceMapping"
|
|
785448
|
-
],
|
|
785449
|
-
"Resource": "*",
|
|
785450
|
-
"Condition": {
|
|
785451
|
-
"StringEquals": {
|
|
785452
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785453
|
-
},
|
|
785454
|
-
"StringLike": {
|
|
785455
|
-
"lambda:FunctionArn": "arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*"
|
|
785456
|
-
}
|
|
785457
|
-
}
|
|
785458
|
-
},
|
|
785459
|
-
{
|
|
785460
|
-
"Sid": "AllowUpdateLambdaConfigs",
|
|
785461
|
-
"Effect": "Allow",
|
|
785462
|
-
"Action": [
|
|
785463
|
-
"lambda:UpdateFunctionConfiguration"
|
|
785464
|
-
],
|
|
785465
|
-
"Resource": "arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*",
|
|
785466
|
-
"Condition": {
|
|
785467
|
-
"StringEquals": {
|
|
785468
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785469
|
-
}
|
|
785470
|
-
}
|
|
785471
|
-
},
|
|
785472
|
-
{
|
|
785473
|
-
"Sid": "ManageSecurityLakeGlueResources",
|
|
786707
|
+
"Sid": "AllowListLambdaEventSourceMappings",
|
|
786708
|
+
"Effect": "Allow",
|
|
786709
|
+
"Action": [
|
|
786710
|
+
"lambda:ListEventSourceMappings"
|
|
786711
|
+
],
|
|
786712
|
+
"Resource": "*",
|
|
786713
|
+
"Condition": {
|
|
786714
|
+
"StringEquals": {
|
|
786715
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786716
|
+
}
|
|
786717
|
+
}
|
|
786718
|
+
},
|
|
786719
|
+
{
|
|
786720
|
+
"Sid": "AllowUpdateLambdaEventSourceMapping",
|
|
786721
|
+
"Effect": "Allow",
|
|
786722
|
+
"Action": [
|
|
786723
|
+
"lambda:UpdateEventSourceMapping"
|
|
786724
|
+
],
|
|
786725
|
+
"Resource": "*",
|
|
786726
|
+
"Condition": {
|
|
786727
|
+
"StringEquals": {
|
|
786728
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786729
|
+
},
|
|
786730
|
+
"StringLike": {
|
|
786731
|
+
"lambda:FunctionArn": "arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*"
|
|
786732
|
+
}
|
|
786733
|
+
}
|
|
786734
|
+
},
|
|
786735
|
+
{
|
|
786736
|
+
"Sid": "AllowUpdateLambdaConfigs",
|
|
786737
|
+
"Effect": "Allow",
|
|
786738
|
+
"Action": [
|
|
786739
|
+
"lambda:UpdateFunctionConfiguration"
|
|
786740
|
+
],
|
|
786741
|
+
"Resource": "arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*",
|
|
786742
|
+
"Condition": {
|
|
786743
|
+
"StringEquals": {
|
|
786744
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786745
|
+
}
|
|
786746
|
+
}
|
|
786747
|
+
},
|
|
786748
|
+
{
|
|
786749
|
+
"Sid": "ManageSecurityLakeGlueResources",
|
|
786750
|
+
"Effect": "Allow",
|
|
786751
|
+
"Action": [
|
|
786752
|
+
"glue:CreatePartition",
|
|
786753
|
+
"glue:BatchCreatePartition",
|
|
786754
|
+
"glue:GetTable",
|
|
786755
|
+
"glue:GetTables",
|
|
786756
|
+
"glue:UpdateTable",
|
|
786757
|
+
"glue:GetDatabase"
|
|
786758
|
+
],
|
|
786759
|
+
"Resource": [
|
|
786760
|
+
"arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*",
|
|
786761
|
+
"arn:aws:glue:*:*:database/amazon_security_lake_glue_db*",
|
|
786762
|
+
"arn:aws:glue:*:*:catalog"
|
|
786763
|
+
],
|
|
786764
|
+
"Condition": {
|
|
786765
|
+
"StringEquals": {
|
|
786766
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786767
|
+
}
|
|
786768
|
+
}
|
|
786769
|
+
},
|
|
786770
|
+
{
|
|
786771
|
+
"Sid": "AllowDataLakeConfigurationManagement",
|
|
786772
|
+
"Effect": "Allow",
|
|
786773
|
+
"Action": [
|
|
786774
|
+
"s3:ListBucket",
|
|
786775
|
+
"s3:PutObject",
|
|
786776
|
+
"s3:GetObjectAttributes",
|
|
786777
|
+
"s3:GetBucketNotification",
|
|
786778
|
+
"s3:PutBucketNotification",
|
|
786779
|
+
"s3:GetLifecycleConfiguration",
|
|
786780
|
+
"s3:PutLifecycleConfiguration",
|
|
786781
|
+
"s3:GetEncryptionConfiguration",
|
|
786782
|
+
"s3:GetReplicationConfiguration"
|
|
786783
|
+
],
|
|
786784
|
+
"Resource": [
|
|
786785
|
+
"arn:aws:s3:::aws-security-data-lake*"
|
|
786786
|
+
],
|
|
786787
|
+
"Condition": {
|
|
786788
|
+
"StringEquals": {
|
|
786789
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786790
|
+
}
|
|
786791
|
+
}
|
|
786792
|
+
},
|
|
786793
|
+
{
|
|
786794
|
+
"Sid": "AllowMetaDataCompactionAndManagement",
|
|
786795
|
+
"Effect": "Allow",
|
|
786796
|
+
"Action": [
|
|
786797
|
+
"s3:GetObject",
|
|
786798
|
+
"s3:DeleteObject",
|
|
786799
|
+
"s3:RestoreObject"
|
|
786800
|
+
],
|
|
786801
|
+
"Resource": [
|
|
786802
|
+
"arn:aws:s3:::aws-security-data-lake*/metadata/*.avro",
|
|
786803
|
+
"arn:aws:s3:::aws-security-data-lake*/metadata/*.metadata.json"
|
|
786804
|
+
],
|
|
786805
|
+
"Condition": {
|
|
786806
|
+
"StringEquals": {
|
|
786807
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786808
|
+
}
|
|
786809
|
+
}
|
|
786810
|
+
},
|
|
786811
|
+
{
|
|
786812
|
+
"Sid": "ReadSecurityLakeLambdaLogs",
|
|
786813
|
+
"Effect": "Allow",
|
|
786814
|
+
"Action": [
|
|
786815
|
+
"logs:DescribeLogStreams",
|
|
786816
|
+
"logs:StartQuery",
|
|
786817
|
+
"logs:GetLogEvents",
|
|
786818
|
+
"logs:GetQueryResults",
|
|
786819
|
+
"logs:GetLogRecord"
|
|
786820
|
+
],
|
|
786821
|
+
"Resource": [
|
|
786822
|
+
"arn:aws:logs:*:*:log-group:/aws/lambda/AmazonSecurityLakeMetastoreManager-*-*"
|
|
786823
|
+
],
|
|
786824
|
+
"Condition": {
|
|
786825
|
+
"StringEquals": {
|
|
786826
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786827
|
+
}
|
|
786828
|
+
}
|
|
786829
|
+
},
|
|
786830
|
+
{
|
|
786831
|
+
"Sid": "ManageSecurityLakeSQSQueue",
|
|
786832
|
+
"Effect": "Allow",
|
|
786833
|
+
"Action": [
|
|
786834
|
+
"sqs:StartMessageMoveTask",
|
|
786835
|
+
"sqs:DeleteMessage",
|
|
786836
|
+
"sqs:GetQueueUrl",
|
|
786837
|
+
"sqs:ListDeadLetterSourceQueues",
|
|
786838
|
+
"sqs:ChangeMessageVisibility",
|
|
786839
|
+
"sqs:ListMessageMoveTasks",
|
|
786840
|
+
"sqs:ReceiveMessage",
|
|
786841
|
+
"sqs:SendMessage",
|
|
786842
|
+
"sqs:GetQueueAttributes",
|
|
786843
|
+
"sqs:SetQueueAttributes"
|
|
786844
|
+
],
|
|
786845
|
+
"Resource": [
|
|
786846
|
+
"arn:aws:sqs:*:*:SecurityLake_*",
|
|
786847
|
+
"arn:aws:sqs:*:*:AmazonSecurityLakeManager-*"
|
|
786848
|
+
],
|
|
786849
|
+
"Condition": {
|
|
786850
|
+
"StringEquals": {
|
|
786851
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786852
|
+
}
|
|
786853
|
+
}
|
|
786854
|
+
},
|
|
786855
|
+
{
|
|
786856
|
+
"Sid": "AllowDataLakeManagement",
|
|
786857
|
+
"Effect": "Allow",
|
|
786858
|
+
"Action": [
|
|
786859
|
+
"lakeformation:GetDataLakeSettings",
|
|
786860
|
+
"lakeformation:ListPermissions"
|
|
786861
|
+
],
|
|
786862
|
+
"Resource": "*",
|
|
786863
|
+
"Condition": {
|
|
786864
|
+
"StringEquals": {
|
|
786865
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786866
|
+
}
|
|
786867
|
+
}
|
|
786868
|
+
}
|
|
786869
|
+
]
|
|
786870
|
+
}
|
|
786871
|
+
},
|
|
786872
|
+
"v2": {
|
|
786873
|
+
"createdDate": "2024-11-14T22:10:14.000Z",
|
|
786874
|
+
"document": {
|
|
786875
|
+
"Version": "2012-10-17",
|
|
786876
|
+
"Statement": [
|
|
786877
|
+
{
|
|
786878
|
+
"Sid": "ReadEventBridgeRules",
|
|
786879
|
+
"Effect": "Allow",
|
|
786880
|
+
"Action": [
|
|
786881
|
+
"events:ListRules"
|
|
786882
|
+
],
|
|
786883
|
+
"Resource": "*",
|
|
786884
|
+
"Condition": {
|
|
786885
|
+
"StringEquals": {
|
|
786886
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786887
|
+
}
|
|
786888
|
+
}
|
|
786889
|
+
},
|
|
786890
|
+
{
|
|
786891
|
+
"Sid": "ManageSecurityLakeEventRules",
|
|
786892
|
+
"Effect": "Allow",
|
|
786893
|
+
"Action": [
|
|
786894
|
+
"events:PutRule"
|
|
786895
|
+
],
|
|
786896
|
+
"Resource": "arn:aws:events:*:*:rule/AmazonSecurityLake-*",
|
|
786897
|
+
"Condition": {
|
|
786898
|
+
"StringEquals": {
|
|
786899
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786900
|
+
}
|
|
786901
|
+
}
|
|
786902
|
+
},
|
|
786903
|
+
{
|
|
786904
|
+
"Sid": "ManageSecurityLakeLambdaConfigurations",
|
|
786905
|
+
"Effect": "Allow",
|
|
786906
|
+
"Action": [
|
|
786907
|
+
"lambda:GetEventSourceMapping",
|
|
786908
|
+
"lambda:GetFunction",
|
|
786909
|
+
"lambda:PutFunctionConcurrency",
|
|
786910
|
+
"lambda:GetProvisionedConcurrencyConfig",
|
|
786911
|
+
"lambda:GetFunctionConcurrency",
|
|
786912
|
+
"lambda:GetRuntimeManagementConfig",
|
|
786913
|
+
"lambda:PutProvisionedConcurrencyConfig",
|
|
786914
|
+
"lambda:PublishVersion",
|
|
786915
|
+
"lambda:DeleteFunctionConcurrency",
|
|
786916
|
+
"lambda:DeleteEventSourceMapping",
|
|
786917
|
+
"lambda:GetAlias",
|
|
786918
|
+
"lambda:GetPolicy",
|
|
786919
|
+
"lambda:GetFunctionConfiguration",
|
|
786920
|
+
"lambda:UpdateFunctionConfiguration"
|
|
786921
|
+
],
|
|
786922
|
+
"Resource": [
|
|
786923
|
+
"arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*",
|
|
786924
|
+
"arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*"
|
|
786925
|
+
],
|
|
786926
|
+
"Condition": {
|
|
786927
|
+
"StringEquals": {
|
|
786928
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786929
|
+
}
|
|
786930
|
+
}
|
|
786931
|
+
},
|
|
786932
|
+
{
|
|
786933
|
+
"Sid": "AllowListLambdaEventSourceMappings",
|
|
786934
|
+
"Effect": "Allow",
|
|
786935
|
+
"Action": [
|
|
786936
|
+
"lambda:ListEventSourceMappings"
|
|
786937
|
+
],
|
|
786938
|
+
"Resource": "*",
|
|
786939
|
+
"Condition": {
|
|
786940
|
+
"StringEquals": {
|
|
786941
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786942
|
+
}
|
|
786943
|
+
}
|
|
786944
|
+
},
|
|
786945
|
+
{
|
|
786946
|
+
"Sid": "AllowUpdateLambdaEventSourceMapping",
|
|
786947
|
+
"Effect": "Allow",
|
|
786948
|
+
"Action": [
|
|
786949
|
+
"lambda:UpdateEventSourceMapping"
|
|
786950
|
+
],
|
|
786951
|
+
"Resource": "*",
|
|
786952
|
+
"Condition": {
|
|
786953
|
+
"StringEquals": {
|
|
786954
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786955
|
+
},
|
|
786956
|
+
"ArnLike": {
|
|
786957
|
+
"lambda:FunctionArn": "arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*"
|
|
786958
|
+
}
|
|
786959
|
+
}
|
|
786960
|
+
},
|
|
786961
|
+
{
|
|
786962
|
+
"Sid": "AllowUpdateLambdaConfigs",
|
|
786963
|
+
"Effect": "Allow",
|
|
786964
|
+
"Action": [
|
|
786965
|
+
"lambda:UpdateFunctionConfiguration"
|
|
786966
|
+
],
|
|
786967
|
+
"Resource": "arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*",
|
|
786968
|
+
"Condition": {
|
|
786969
|
+
"StringEquals": {
|
|
786970
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786971
|
+
}
|
|
786972
|
+
}
|
|
786973
|
+
},
|
|
786974
|
+
{
|
|
786975
|
+
"Sid": "ManageSecurityLakeGlueResources",
|
|
786976
|
+
"Effect": "Allow",
|
|
786977
|
+
"Action": [
|
|
786978
|
+
"glue:CreatePartition",
|
|
786979
|
+
"glue:BatchCreatePartition",
|
|
786980
|
+
"glue:GetTable",
|
|
786981
|
+
"glue:GetTables",
|
|
786982
|
+
"glue:UpdateTable",
|
|
786983
|
+
"glue:GetDatabase"
|
|
786984
|
+
],
|
|
786985
|
+
"Resource": [
|
|
786986
|
+
"arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*",
|
|
786987
|
+
"arn:aws:glue:*:*:database/amazon_security_lake_glue_db*",
|
|
786988
|
+
"arn:aws:glue:*:*:catalog"
|
|
786989
|
+
],
|
|
786990
|
+
"Condition": {
|
|
786991
|
+
"StringEquals": {
|
|
786992
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
786993
|
+
}
|
|
786994
|
+
}
|
|
786995
|
+
},
|
|
786996
|
+
{
|
|
786997
|
+
"Sid": "AllowDataLakeConfigurationManagement",
|
|
786998
|
+
"Effect": "Allow",
|
|
786999
|
+
"Action": [
|
|
787000
|
+
"s3:ListBucket",
|
|
787001
|
+
"s3:PutObject",
|
|
787002
|
+
"s3:GetObjectAttributes",
|
|
787003
|
+
"s3:GetBucketNotification",
|
|
787004
|
+
"s3:PutBucketNotification",
|
|
787005
|
+
"s3:GetLifecycleConfiguration",
|
|
787006
|
+
"s3:PutLifecycleConfiguration",
|
|
787007
|
+
"s3:GetEncryptionConfiguration",
|
|
787008
|
+
"s3:GetReplicationConfiguration"
|
|
787009
|
+
],
|
|
787010
|
+
"Resource": [
|
|
787011
|
+
"arn:aws:s3:::aws-security-data-lake*"
|
|
787012
|
+
],
|
|
787013
|
+
"Condition": {
|
|
787014
|
+
"StringEquals": {
|
|
787015
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
787016
|
+
}
|
|
787017
|
+
}
|
|
787018
|
+
},
|
|
787019
|
+
{
|
|
787020
|
+
"Sid": "AllowMetaDataCompactionAndManagement",
|
|
787021
|
+
"Effect": "Allow",
|
|
787022
|
+
"Action": [
|
|
787023
|
+
"s3:GetObject",
|
|
787024
|
+
"s3:DeleteObject",
|
|
787025
|
+
"s3:RestoreObject"
|
|
787026
|
+
],
|
|
787027
|
+
"Resource": [
|
|
787028
|
+
"arn:aws:s3:::aws-security-data-lake*/metadata/*.avro",
|
|
787029
|
+
"arn:aws:s3:::aws-security-data-lake*/metadata/*.metadata.json"
|
|
787030
|
+
],
|
|
787031
|
+
"Condition": {
|
|
787032
|
+
"StringEquals": {
|
|
787033
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
787034
|
+
}
|
|
787035
|
+
}
|
|
787036
|
+
},
|
|
787037
|
+
{
|
|
787038
|
+
"Sid": "ReadSecurityLakeLambdaLogs",
|
|
787039
|
+
"Effect": "Allow",
|
|
787040
|
+
"Action": [
|
|
787041
|
+
"logs:DescribeLogStreams",
|
|
787042
|
+
"logs:StartQuery",
|
|
787043
|
+
"logs:GetLogEvents",
|
|
787044
|
+
"logs:GetQueryResults",
|
|
787045
|
+
"logs:GetLogRecord"
|
|
787046
|
+
],
|
|
787047
|
+
"Resource": [
|
|
787048
|
+
"arn:aws:logs:*:*:log-group:/aws/lambda/AmazonSecurityLakeMetastoreManager-*-*"
|
|
787049
|
+
],
|
|
787050
|
+
"Condition": {
|
|
787051
|
+
"StringEquals": {
|
|
787052
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
787053
|
+
}
|
|
787054
|
+
}
|
|
787055
|
+
},
|
|
787056
|
+
{
|
|
787057
|
+
"Sid": "ManageSecurityLakeSQSQueue",
|
|
787058
|
+
"Effect": "Allow",
|
|
787059
|
+
"Action": [
|
|
787060
|
+
"sqs:StartMessageMoveTask",
|
|
787061
|
+
"sqs:DeleteMessage",
|
|
787062
|
+
"sqs:GetQueueUrl",
|
|
787063
|
+
"sqs:ListDeadLetterSourceQueues",
|
|
787064
|
+
"sqs:ChangeMessageVisibility",
|
|
787065
|
+
"sqs:ListMessageMoveTasks",
|
|
787066
|
+
"sqs:ReceiveMessage",
|
|
787067
|
+
"sqs:SendMessage",
|
|
787068
|
+
"sqs:GetQueueAttributes",
|
|
787069
|
+
"sqs:SetQueueAttributes"
|
|
787070
|
+
],
|
|
787071
|
+
"Resource": [
|
|
787072
|
+
"arn:aws:sqs:*:*:SecurityLake_*",
|
|
787073
|
+
"arn:aws:sqs:*:*:AmazonSecurityLakeManager-*"
|
|
787074
|
+
],
|
|
787075
|
+
"Condition": {
|
|
787076
|
+
"StringEquals": {
|
|
787077
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
787078
|
+
}
|
|
787079
|
+
}
|
|
787080
|
+
},
|
|
787081
|
+
{
|
|
787082
|
+
"Sid": "AllowDataLakeManagement",
|
|
787083
|
+
"Effect": "Allow",
|
|
787084
|
+
"Action": [
|
|
787085
|
+
"lakeformation:GetDataLakeSettings",
|
|
787086
|
+
"lakeformation:ListPermissions"
|
|
787087
|
+
],
|
|
787088
|
+
"Resource": "*",
|
|
787089
|
+
"Condition": {
|
|
787090
|
+
"StringEquals": {
|
|
787091
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
787092
|
+
}
|
|
787093
|
+
}
|
|
787094
|
+
}
|
|
787095
|
+
]
|
|
787096
|
+
}
|
|
787097
|
+
},
|
|
787098
|
+
"v3": {
|
|
787099
|
+
"createdDate": "2024-11-14T22:10:14.000Z",
|
|
787100
|
+
"document": {
|
|
787101
|
+
"Version": "2012-10-17",
|
|
787102
|
+
"Statement": [
|
|
787103
|
+
{
|
|
787104
|
+
"Sid": "ReadEventBridgeRules",
|
|
787105
|
+
"Effect": "Allow",
|
|
787106
|
+
"Action": [
|
|
787107
|
+
"events:ListRules"
|
|
787108
|
+
],
|
|
787109
|
+
"Resource": "*",
|
|
787110
|
+
"Condition": {
|
|
787111
|
+
"StringEquals": {
|
|
787112
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
787113
|
+
}
|
|
787114
|
+
}
|
|
787115
|
+
},
|
|
787116
|
+
{
|
|
787117
|
+
"Sid": "ManageSecurityLakeEventRules",
|
|
787118
|
+
"Effect": "Allow",
|
|
787119
|
+
"Action": [
|
|
787120
|
+
"events:PutRule"
|
|
787121
|
+
],
|
|
787122
|
+
"Resource": "arn:aws:events:*:*:rule/AmazonSecurityLake-*",
|
|
787123
|
+
"Condition": {
|
|
787124
|
+
"StringEquals": {
|
|
787125
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
787126
|
+
}
|
|
787127
|
+
}
|
|
787128
|
+
},
|
|
787129
|
+
{
|
|
787130
|
+
"Sid": "ManageSecurityLakeLambdaConfigurations",
|
|
787131
|
+
"Effect": "Allow",
|
|
787132
|
+
"Action": [
|
|
787133
|
+
"lambda:GetEventSourceMapping",
|
|
787134
|
+
"lambda:GetFunction",
|
|
787135
|
+
"lambda:PutFunctionConcurrency",
|
|
787136
|
+
"lambda:GetProvisionedConcurrencyConfig",
|
|
787137
|
+
"lambda:GetFunctionConcurrency",
|
|
787138
|
+
"lambda:GetRuntimeManagementConfig",
|
|
787139
|
+
"lambda:PutProvisionedConcurrencyConfig",
|
|
787140
|
+
"lambda:PublishVersion",
|
|
787141
|
+
"lambda:DeleteFunctionConcurrency",
|
|
787142
|
+
"lambda:DeleteEventSourceMapping",
|
|
787143
|
+
"lambda:GetAlias",
|
|
787144
|
+
"lambda:GetPolicy",
|
|
787145
|
+
"lambda:GetFunctionConfiguration",
|
|
787146
|
+
"lambda:UpdateFunctionConfiguration"
|
|
787147
|
+
],
|
|
787148
|
+
"Resource": [
|
|
787149
|
+
"arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*",
|
|
787150
|
+
"arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*"
|
|
787151
|
+
],
|
|
787152
|
+
"Condition": {
|
|
787153
|
+
"StringEquals": {
|
|
787154
|
+
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
787155
|
+
}
|
|
787156
|
+
}
|
|
787157
|
+
},
|
|
787158
|
+
{
|
|
787159
|
+
"Sid": "DeletePartitionUpdaterLambda",
|
|
785474
787160
|
"Effect": "Allow",
|
|
785475
|
-
"Action":
|
|
785476
|
-
|
|
785477
|
-
"glue:BatchCreatePartition",
|
|
785478
|
-
"glue:GetTable",
|
|
785479
|
-
"glue:GetTables",
|
|
785480
|
-
"glue:UpdateTable",
|
|
785481
|
-
"glue:GetDatabase"
|
|
785482
|
-
],
|
|
785483
|
-
"Resource": [
|
|
785484
|
-
"arn:aws:glue:*:*:table/amazon_security_lake_glue_db*/*",
|
|
785485
|
-
"arn:aws:glue:*:*:database/amazon_security_lake_glue_db*",
|
|
785486
|
-
"arn:aws:glue:*:*:catalog"
|
|
785487
|
-
],
|
|
785488
|
-
"Condition": {
|
|
785489
|
-
"StringEquals": {
|
|
785490
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785491
|
-
}
|
|
785492
|
-
}
|
|
785493
|
-
},
|
|
785494
|
-
{
|
|
785495
|
-
"Sid": "AllowDataLakeConfigurationManagement",
|
|
785496
|
-
"Effect": "Allow",
|
|
785497
|
-
"Action": [
|
|
785498
|
-
"s3:ListBucket",
|
|
785499
|
-
"s3:PutObject",
|
|
785500
|
-
"s3:GetObjectAttributes",
|
|
785501
|
-
"s3:GetBucketNotification",
|
|
785502
|
-
"s3:PutBucketNotification",
|
|
785503
|
-
"s3:GetLifecycleConfiguration",
|
|
785504
|
-
"s3:PutLifecycleConfiguration",
|
|
785505
|
-
"s3:GetEncryptionConfiguration",
|
|
785506
|
-
"s3:GetReplicationConfiguration"
|
|
785507
|
-
],
|
|
785508
|
-
"Resource": [
|
|
785509
|
-
"arn:aws:s3:::aws-security-data-lake*"
|
|
785510
|
-
],
|
|
785511
|
-
"Condition": {
|
|
785512
|
-
"StringEquals": {
|
|
785513
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785514
|
-
}
|
|
785515
|
-
}
|
|
785516
|
-
},
|
|
785517
|
-
{
|
|
785518
|
-
"Sid": "AllowMetaDataCompactionAndManagement",
|
|
785519
|
-
"Effect": "Allow",
|
|
785520
|
-
"Action": [
|
|
785521
|
-
"s3:GetObject",
|
|
785522
|
-
"s3:DeleteObject",
|
|
785523
|
-
"s3:RestoreObject"
|
|
785524
|
-
],
|
|
785525
|
-
"Resource": [
|
|
785526
|
-
"arn:aws:s3:::aws-security-data-lake*/metadata/*.avro",
|
|
785527
|
-
"arn:aws:s3:::aws-security-data-lake*/metadata/*.metadata.json"
|
|
785528
|
-
],
|
|
785529
|
-
"Condition": {
|
|
785530
|
-
"StringEquals": {
|
|
785531
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785532
|
-
}
|
|
785533
|
-
}
|
|
785534
|
-
},
|
|
785535
|
-
{
|
|
785536
|
-
"Sid": "ReadSecurityLakeLambdaLogs",
|
|
785537
|
-
"Effect": "Allow",
|
|
785538
|
-
"Action": [
|
|
785539
|
-
"logs:DescribeLogStreams",
|
|
785540
|
-
"logs:StartQuery",
|
|
785541
|
-
"logs:GetLogEvents",
|
|
785542
|
-
"logs:GetQueryResults",
|
|
785543
|
-
"logs:GetLogRecord"
|
|
785544
|
-
],
|
|
785545
|
-
"Resource": [
|
|
785546
|
-
"arn:aws:logs:*:*:log-group:/aws/lambda/AmazonSecurityLakeMetastoreManager-*-*"
|
|
785547
|
-
],
|
|
785548
|
-
"Condition": {
|
|
785549
|
-
"StringEquals": {
|
|
785550
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785551
|
-
}
|
|
785552
|
-
}
|
|
785553
|
-
},
|
|
785554
|
-
{
|
|
785555
|
-
"Sid": "ManageSecurityLakeSQSQueue",
|
|
785556
|
-
"Effect": "Allow",
|
|
785557
|
-
"Action": [
|
|
785558
|
-
"sqs:StartMessageMoveTask",
|
|
785559
|
-
"sqs:DeleteMessage",
|
|
785560
|
-
"sqs:GetQueueUrl",
|
|
785561
|
-
"sqs:ListDeadLetterSourceQueues",
|
|
785562
|
-
"sqs:ChangeMessageVisibility",
|
|
785563
|
-
"sqs:ListMessageMoveTasks",
|
|
785564
|
-
"sqs:ReceiveMessage",
|
|
785565
|
-
"sqs:SendMessage",
|
|
785566
|
-
"sqs:GetQueueAttributes",
|
|
785567
|
-
"sqs:SetQueueAttributes"
|
|
785568
|
-
],
|
|
785569
|
-
"Resource": [
|
|
785570
|
-
"arn:aws:sqs:*:*:SecurityLake_*",
|
|
785571
|
-
"arn:aws:sqs:*:*:AmazonSecurityLakeManager-*"
|
|
785572
|
-
],
|
|
785573
|
-
"Condition": {
|
|
785574
|
-
"StringEquals": {
|
|
785575
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785576
|
-
}
|
|
785577
|
-
}
|
|
785578
|
-
},
|
|
785579
|
-
{
|
|
785580
|
-
"Sid": "AllowDataLakeManagement",
|
|
785581
|
-
"Effect": "Allow",
|
|
785582
|
-
"Action": [
|
|
785583
|
-
"lakeformation:GetDataLakeSettings",
|
|
785584
|
-
"lakeformation:ListPermissions"
|
|
785585
|
-
],
|
|
785586
|
-
"Resource": "*",
|
|
785587
|
-
"Condition": {
|
|
785588
|
-
"StringEquals": {
|
|
785589
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785590
|
-
}
|
|
785591
|
-
}
|
|
785592
|
-
}
|
|
785593
|
-
]
|
|
785594
|
-
}
|
|
785595
|
-
},
|
|
785596
|
-
"v2": {
|
|
785597
|
-
"createdDate": "2024-11-14T22:10:14.000Z",
|
|
785598
|
-
"document": {
|
|
785599
|
-
"Version": "2012-10-17",
|
|
785600
|
-
"Statement": [
|
|
785601
|
-
{
|
|
785602
|
-
"Sid": "ReadEventBridgeRules",
|
|
785603
|
-
"Effect": "Allow",
|
|
785604
|
-
"Action": [
|
|
785605
|
-
"events:ListRules"
|
|
785606
|
-
],
|
|
785607
|
-
"Resource": "*",
|
|
785608
|
-
"Condition": {
|
|
785609
|
-
"StringEquals": {
|
|
785610
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785611
|
-
}
|
|
785612
|
-
}
|
|
785613
|
-
},
|
|
785614
|
-
{
|
|
785615
|
-
"Sid": "ManageSecurityLakeEventRules",
|
|
785616
|
-
"Effect": "Allow",
|
|
785617
|
-
"Action": [
|
|
785618
|
-
"events:PutRule"
|
|
785619
|
-
],
|
|
785620
|
-
"Resource": "arn:aws:events:*:*:rule/AmazonSecurityLake-*",
|
|
785621
|
-
"Condition": {
|
|
785622
|
-
"StringEquals": {
|
|
785623
|
-
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
785624
|
-
}
|
|
785625
|
-
}
|
|
785626
|
-
},
|
|
785627
|
-
{
|
|
785628
|
-
"Sid": "ManageSecurityLakeLambdaConfigurations",
|
|
785629
|
-
"Effect": "Allow",
|
|
785630
|
-
"Action": [
|
|
785631
|
-
"lambda:GetEventSourceMapping",
|
|
785632
|
-
"lambda:GetFunction",
|
|
785633
|
-
"lambda:PutFunctionConcurrency",
|
|
785634
|
-
"lambda:GetProvisionedConcurrencyConfig",
|
|
785635
|
-
"lambda:GetFunctionConcurrency",
|
|
785636
|
-
"lambda:GetRuntimeManagementConfig",
|
|
785637
|
-
"lambda:PutProvisionedConcurrencyConfig",
|
|
785638
|
-
"lambda:PublishVersion",
|
|
785639
|
-
"lambda:DeleteFunctionConcurrency",
|
|
785640
|
-
"lambda:DeleteEventSourceMapping",
|
|
785641
|
-
"lambda:GetAlias",
|
|
785642
|
-
"lambda:GetPolicy",
|
|
785643
|
-
"lambda:GetFunctionConfiguration",
|
|
785644
|
-
"lambda:UpdateFunctionConfiguration"
|
|
785645
|
-
],
|
|
785646
|
-
"Resource": [
|
|
785647
|
-
"arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*",
|
|
785648
|
-
"arn:aws:lambda:*:*:function:AmazonSecurityLakeMetastoreManager-*-*"
|
|
785649
|
-
],
|
|
787161
|
+
"Action": "lambda:DeleteFunction",
|
|
787162
|
+
"Resource": "arn:aws:lambda:*:*:function:SecurityLake_Glue_Partition_Updater_Lambda*",
|
|
785650
787163
|
"Condition": {
|
|
785651
787164
|
"StringEquals": {
|
|
785652
787165
|
"aws:ResourceAccount": "${aws:PrincipalAccount}"
|
|
@@ -785821,7 +787334,7 @@
|
|
|
785821
787334
|
}
|
|
785822
787335
|
},
|
|
785823
787336
|
"createdDate": "2024-11-14T22:10:14.000Z",
|
|
785824
|
-
"lastUpdatedDate": "2025-
|
|
787337
|
+
"lastUpdatedDate": "2025-11-19T18:49:07.000Z"
|
|
785825
787338
|
},
|
|
785826
787339
|
"SQSUnlockQueuePolicy": {
|
|
785827
787340
|
"arn": "arn:aws:iam::aws:policy/root-task/SQSUnlockQueuePolicy",
|
|
@@ -789768,8 +791281,8 @@
|
|
|
789768
791281
|
},
|
|
789769
791282
|
"AWSPartnerCentralFullAccess": {
|
|
789770
791283
|
"arn": "arn:aws:iam::aws:policy/AWSPartnerCentralFullAccess",
|
|
789771
|
-
"latestVersionId": "
|
|
789772
|
-
"versionsCount":
|
|
791284
|
+
"latestVersionId": "v3",
|
|
791285
|
+
"versionsCount": 3,
|
|
789773
791286
|
"versions": {
|
|
789774
791287
|
"v1": {
|
|
789775
791288
|
"createdDate": "2024-11-18T23:33:28.000Z",
|
|
@@ -789879,10 +791392,83 @@
|
|
|
789879
791392
|
}
|
|
789880
791393
|
]
|
|
789881
791394
|
}
|
|
791395
|
+
},
|
|
791396
|
+
"v3": {
|
|
791397
|
+
"createdDate": "2024-11-18T23:33:28.000Z",
|
|
791398
|
+
"document": {
|
|
791399
|
+
"Version": "2012-10-17",
|
|
791400
|
+
"Statement": [
|
|
791401
|
+
{
|
|
791402
|
+
"Sid": "PassAWSPartnerCentralRole",
|
|
791403
|
+
"Effect": "Allow",
|
|
791404
|
+
"Action": [
|
|
791405
|
+
"iam:PassRole"
|
|
791406
|
+
],
|
|
791407
|
+
"Resource": "arn:aws:iam::*:role/PartnerCentralRoleFor*",
|
|
791408
|
+
"Condition": {
|
|
791409
|
+
"StringEquals": {
|
|
791410
|
+
"iam:PassedToService": "partnercentral-account-management.amazonaws.com"
|
|
791411
|
+
}
|
|
791412
|
+
}
|
|
791413
|
+
},
|
|
791414
|
+
{
|
|
791415
|
+
"Sid": "PartnerUserRoleAssociation",
|
|
791416
|
+
"Effect": "Allow",
|
|
791417
|
+
"Action": [
|
|
791418
|
+
"iam:ListRoles",
|
|
791419
|
+
"Partnercentral-account-management:AssociatePartnerUser",
|
|
791420
|
+
"Partnercentral-account-management:DisassociatePartnerUser"
|
|
791421
|
+
],
|
|
791422
|
+
"Resource": "*"
|
|
791423
|
+
},
|
|
791424
|
+
{
|
|
791425
|
+
"Sid": "AWSPartnerCentralAccess",
|
|
791426
|
+
"Effect": "Allow",
|
|
791427
|
+
"Action": [
|
|
791428
|
+
"partnercentral:*"
|
|
791429
|
+
],
|
|
791430
|
+
"Resource": "*",
|
|
791431
|
+
"Condition": {
|
|
791432
|
+
"StringEquals": {
|
|
791433
|
+
"partnercentral:Catalog": [
|
|
791434
|
+
"AWS",
|
|
791435
|
+
"Sandbox"
|
|
791436
|
+
]
|
|
791437
|
+
}
|
|
791438
|
+
}
|
|
791439
|
+
},
|
|
791440
|
+
{
|
|
791441
|
+
"Sid": "PassAWSPartnerCentralSnapshotJobRole",
|
|
791442
|
+
"Effect": "Allow",
|
|
791443
|
+
"Action": [
|
|
791444
|
+
"iam:PassRole"
|
|
791445
|
+
],
|
|
791446
|
+
"Resource": [
|
|
791447
|
+
"arn:aws:iam::*:role/*"
|
|
791448
|
+
],
|
|
791449
|
+
"Condition": {
|
|
791450
|
+
"StringEquals": {
|
|
791451
|
+
"iam:PassedToService": "resource-snapshot-job.partnercentral-selling.amazonaws.com"
|
|
791452
|
+
}
|
|
791453
|
+
}
|
|
791454
|
+
},
|
|
791455
|
+
{
|
|
791456
|
+
"Sid": "ChannelBillingTransferRoleAccess",
|
|
791457
|
+
"Effect": "Allow",
|
|
791458
|
+
"Action": [
|
|
791459
|
+
"sts:AssumeRole"
|
|
791460
|
+
],
|
|
791461
|
+
"Resource": [
|
|
791462
|
+
"arn:aws:iam::*:role/PartnerCentralChannelBillingTransferManagement",
|
|
791463
|
+
"arn:aws:iam::*:role/PartnerCentralChannelBillingTransferReadOnly"
|
|
791464
|
+
]
|
|
791465
|
+
}
|
|
791466
|
+
]
|
|
791467
|
+
}
|
|
789882
791468
|
}
|
|
789883
791469
|
},
|
|
789884
791470
|
"createdDate": "2024-11-18T23:33:28.000Z",
|
|
789885
|
-
"lastUpdatedDate": "
|
|
791471
|
+
"lastUpdatedDate": "2025-11-19T16:34:12.000Z"
|
|
789886
791472
|
},
|
|
789887
791473
|
"AWSMarketplaceSellerOfferManagement": {
|
|
789888
791474
|
"arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerOfferManagement",
|
|
@@ -940834,8 +942420,8 @@
|
|
|
940834
942420
|
},
|
|
940835
942421
|
"AmazonGuardDutyFullAccess_v2": {
|
|
940836
942422
|
"arn": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess_v2",
|
|
940837
|
-
"latestVersionId": "
|
|
940838
|
-
"versionsCount":
|
|
942423
|
+
"latestVersionId": "v2",
|
|
942424
|
+
"versionsCount": 2,
|
|
940839
942425
|
"versions": {
|
|
940840
942426
|
"v1": {
|
|
940841
942427
|
"createdDate": "2025-06-04T20:22:07.000Z",
|
|
@@ -940913,10 +942499,92 @@
|
|
|
940913
942499
|
}
|
|
940914
942500
|
]
|
|
940915
942501
|
}
|
|
942502
|
+
},
|
|
942503
|
+
"v2": {
|
|
942504
|
+
"createdDate": "2025-06-04T20:22:07.000Z",
|
|
942505
|
+
"document": {
|
|
942506
|
+
"Version": "2012-10-17",
|
|
942507
|
+
"Statement": [
|
|
942508
|
+
{
|
|
942509
|
+
"Sid": "GuardDutyFullAccess",
|
|
942510
|
+
"Effect": "Allow",
|
|
942511
|
+
"Action": "guardduty:*",
|
|
942512
|
+
"Resource": "*"
|
|
942513
|
+
},
|
|
942514
|
+
{
|
|
942515
|
+
"Sid": "CreateGuardDutyServiceLinkedRole",
|
|
942516
|
+
"Effect": "Allow",
|
|
942517
|
+
"Action": "iam:CreateServiceLinkedRole",
|
|
942518
|
+
"Resource": "*",
|
|
942519
|
+
"Condition": {
|
|
942520
|
+
"StringEquals": {
|
|
942521
|
+
"iam:AWSServiceName": [
|
|
942522
|
+
"guardduty.amazonaws.com",
|
|
942523
|
+
"malware-protection.guardduty.amazonaws.com"
|
|
942524
|
+
]
|
|
942525
|
+
}
|
|
942526
|
+
}
|
|
942527
|
+
},
|
|
942528
|
+
{
|
|
942529
|
+
"Sid": "GuardDutyOrganizationsReadOnly",
|
|
942530
|
+
"Effect": "Allow",
|
|
942531
|
+
"Action": [
|
|
942532
|
+
"organizations:ListAWSServiceAccessForOrganization",
|
|
942533
|
+
"organizations:DescribeOrganizationalUnit",
|
|
942534
|
+
"organizations:DescribeAccount",
|
|
942535
|
+
"organizations:DescribeOrganization",
|
|
942536
|
+
"organizations:ListAccounts"
|
|
942537
|
+
],
|
|
942538
|
+
"Resource": "*"
|
|
942539
|
+
},
|
|
942540
|
+
{
|
|
942541
|
+
"Sid": "GuardDutyOrganizationsAdminAccess",
|
|
942542
|
+
"Effect": "Allow",
|
|
942543
|
+
"Action": [
|
|
942544
|
+
"organizations:EnableAWSServiceAccess",
|
|
942545
|
+
"organizations:DisableAWSServiceAccess",
|
|
942546
|
+
"organizations:RegisterDelegatedAdministrator",
|
|
942547
|
+
"organizations:DeregisterDelegatedAdministrator",
|
|
942548
|
+
"organizations:ListDelegatedAdministrators"
|
|
942549
|
+
],
|
|
942550
|
+
"Resource": "*",
|
|
942551
|
+
"Condition": {
|
|
942552
|
+
"StringEquals": {
|
|
942553
|
+
"organizations:ServicePrincipal": [
|
|
942554
|
+
"guardduty.amazonaws.com",
|
|
942555
|
+
"malware-protection.guardduty.amazonaws.com"
|
|
942556
|
+
]
|
|
942557
|
+
}
|
|
942558
|
+
}
|
|
942559
|
+
},
|
|
942560
|
+
{
|
|
942561
|
+
"Sid": "GuardDutyIamRoleAccess",
|
|
942562
|
+
"Effect": "Allow",
|
|
942563
|
+
"Action": "iam:GetRole",
|
|
942564
|
+
"Resource": "arn:aws:iam::*:role/*AWSServiceRoleForAmazonGuardDutyMalwareProtection"
|
|
942565
|
+
},
|
|
942566
|
+
{
|
|
942567
|
+
"Sid": "AllowPassRoleToMalwareProtection",
|
|
942568
|
+
"Effect": "Allow",
|
|
942569
|
+
"Action": [
|
|
942570
|
+
"iam:PassRole"
|
|
942571
|
+
],
|
|
942572
|
+
"Resource": "arn:aws:iam::*:role/*",
|
|
942573
|
+
"Condition": {
|
|
942574
|
+
"StringEquals": {
|
|
942575
|
+
"iam:PassedToService": [
|
|
942576
|
+
"malware-protection-plan.guardduty.amazonaws.com",
|
|
942577
|
+
"malware-protection.guardduty.amazonaws.com"
|
|
942578
|
+
]
|
|
942579
|
+
}
|
|
942580
|
+
}
|
|
942581
|
+
}
|
|
942582
|
+
]
|
|
942583
|
+
}
|
|
940916
942584
|
}
|
|
940917
942585
|
},
|
|
940918
942586
|
"createdDate": "2025-06-04T20:22:07.000Z",
|
|
940919
|
-
"lastUpdatedDate": "2025-
|
|
942587
|
+
"lastUpdatedDate": "2025-11-20T02:19:08.000Z"
|
|
940920
942588
|
},
|
|
940921
942589
|
"AWSSecurityHubV2ServiceRolePolicy": {
|
|
940922
942590
|
"arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubV2ServiceRolePolicy",
|
|
@@ -962508,5 +964176,605 @@
|
|
|
962508
964176
|
},
|
|
962509
964177
|
"createdDate": "2025-11-15T20:34:07.000Z",
|
|
962510
964178
|
"lastUpdatedDate": "2025-11-15T20:34:07.000Z"
|
|
964179
|
+
},
|
|
964180
|
+
"AmazonSageMakerSpacesRouterPolicy": {
|
|
964181
|
+
"arn": "arn:aws:iam::aws:policy/AmazonSageMakerSpacesRouterPolicy",
|
|
964182
|
+
"latestVersionId": "v1",
|
|
964183
|
+
"versionsCount": 1,
|
|
964184
|
+
"versions": {
|
|
964185
|
+
"v1": {
|
|
964186
|
+
"createdDate": "2025-11-19T04:34:07.000Z",
|
|
964187
|
+
"document": {
|
|
964188
|
+
"Version": "2012-10-17",
|
|
964189
|
+
"Statement": [
|
|
964190
|
+
{
|
|
964191
|
+
"Sid": "KMSDescribeKey",
|
|
964192
|
+
"Effect": "Allow",
|
|
964193
|
+
"Action": [
|
|
964194
|
+
"kms:DescribeKey"
|
|
964195
|
+
],
|
|
964196
|
+
"Resource": "arn:aws:kms:*:*:key/*"
|
|
964197
|
+
},
|
|
964198
|
+
{
|
|
964199
|
+
"Sid": "KMSKeyOperations",
|
|
964200
|
+
"Effect": "Allow",
|
|
964201
|
+
"Action": [
|
|
964202
|
+
"kms:GenerateDataKey",
|
|
964203
|
+
"kms:Decrypt"
|
|
964204
|
+
],
|
|
964205
|
+
"Resource": "arn:aws:kms:*:*:key/*",
|
|
964206
|
+
"Condition": {
|
|
964207
|
+
"StringEquals": {
|
|
964208
|
+
"kms:EncryptionContext:sagemaker:component": "amazon-sagemaker-spaces",
|
|
964209
|
+
"kms:EncryptionContext:sagemaker:eks-cluster-arn": "${aws:PrincipalTag/eks-cluster-arn}"
|
|
964210
|
+
}
|
|
964211
|
+
}
|
|
964212
|
+
}
|
|
964213
|
+
]
|
|
964214
|
+
}
|
|
964215
|
+
}
|
|
964216
|
+
},
|
|
964217
|
+
"createdDate": "2025-11-19T04:34:07.000Z",
|
|
964218
|
+
"lastUpdatedDate": "2025-11-19T04:34:07.000Z"
|
|
964219
|
+
},
|
|
964220
|
+
"AmazonSageMakerSpacesControllerPolicy": {
|
|
964221
|
+
"arn": "arn:aws:iam::aws:policy/AmazonSageMakerSpacesControllerPolicy",
|
|
964222
|
+
"latestVersionId": "v1",
|
|
964223
|
+
"versionsCount": 1,
|
|
964224
|
+
"versions": {
|
|
964225
|
+
"v1": {
|
|
964226
|
+
"createdDate": "2025-11-19T04:34:09.000Z",
|
|
964227
|
+
"document": {
|
|
964228
|
+
"Version": "2012-10-17",
|
|
964229
|
+
"Statement": [
|
|
964230
|
+
{
|
|
964231
|
+
"Sid": "AllowOperatorToSSMCreateActivationForSpaces",
|
|
964232
|
+
"Effect": "Allow",
|
|
964233
|
+
"Action": [
|
|
964234
|
+
"ssm:CreateActivation"
|
|
964235
|
+
],
|
|
964236
|
+
"Resource": "*",
|
|
964237
|
+
"Condition": {
|
|
964238
|
+
"StringEquals": {
|
|
964239
|
+
"aws:RequestTag/sagemaker.amazonaws.com/managed-by": "amazon-sagemaker-spaces",
|
|
964240
|
+
"aws:RequestTag/sagemaker.amazonaws.com/eks-cluster-arn": "${aws:PrincipalTag/eks-cluster-arn}"
|
|
964241
|
+
}
|
|
964242
|
+
}
|
|
964243
|
+
},
|
|
964244
|
+
{
|
|
964245
|
+
"Sid": "AllowOperatorToSSMDescribeActivations",
|
|
964246
|
+
"Effect": "Allow",
|
|
964247
|
+
"Action": [
|
|
964248
|
+
"ssm:DescribeActivations"
|
|
964249
|
+
],
|
|
964250
|
+
"Resource": "*"
|
|
964251
|
+
},
|
|
964252
|
+
{
|
|
964253
|
+
"Sid": "AllowOperatorToSSMDescribeSessions",
|
|
964254
|
+
"Effect": "Allow",
|
|
964255
|
+
"Action": [
|
|
964256
|
+
"ssm:DescribeSessions"
|
|
964257
|
+
],
|
|
964258
|
+
"Resource": "*"
|
|
964259
|
+
},
|
|
964260
|
+
{
|
|
964261
|
+
"Sid": "AllowOperatorToSSMDeleteActivation",
|
|
964262
|
+
"Effect": "Allow",
|
|
964263
|
+
"Action": [
|
|
964264
|
+
"ssm:DeleteActivation"
|
|
964265
|
+
],
|
|
964266
|
+
"Resource": "*"
|
|
964267
|
+
},
|
|
964268
|
+
{
|
|
964269
|
+
"Sid": "AllowOperatorToAddTagsToActivation",
|
|
964270
|
+
"Effect": "Allow",
|
|
964271
|
+
"Action": "ssm:AddTagsToResource",
|
|
964272
|
+
"Resource": [
|
|
964273
|
+
"arn:aws:ssm:*:*:managed-instance/*",
|
|
964274
|
+
"arn:aws:iam::*:role/sagemaker-space-*"
|
|
964275
|
+
],
|
|
964276
|
+
"Condition": {
|
|
964277
|
+
"StringEquals": {
|
|
964278
|
+
"aws:RequestTag/sagemaker.amazonaws.com/managed-by": "amazon-sagemaker-spaces",
|
|
964279
|
+
"aws:RequestTag/sagemaker.amazonaws.com/eks-cluster-arn": "${aws:PrincipalTag/eks-cluster-arn}"
|
|
964280
|
+
}
|
|
964281
|
+
}
|
|
964282
|
+
},
|
|
964283
|
+
{
|
|
964284
|
+
"Sid": "AllowOperatorToSSMDescribeManagedNodes",
|
|
964285
|
+
"Effect": "Allow",
|
|
964286
|
+
"Action": [
|
|
964287
|
+
"ssm:DescribeInstanceInformation"
|
|
964288
|
+
],
|
|
964289
|
+
"Resource": "*"
|
|
964290
|
+
},
|
|
964291
|
+
{
|
|
964292
|
+
"Sid": "AllowOperatorToSSMDeregisterWorkspaceInstances",
|
|
964293
|
+
"Effect": "Allow",
|
|
964294
|
+
"Action": [
|
|
964295
|
+
"ssm:DeregisterManagedInstance"
|
|
964296
|
+
],
|
|
964297
|
+
"Resource": "arn:aws:ssm:*:*:managed-instance/*",
|
|
964298
|
+
"Condition": {
|
|
964299
|
+
"StringEquals": {
|
|
964300
|
+
"ssm:resourceTag/sagemaker.amazonaws.com/managed-by": "amazon-sagemaker-spaces",
|
|
964301
|
+
"ssm:resourceTag/sagemaker.amazonaws.com/eks-cluster-arn": "${aws:PrincipalTag/eks-cluster-arn}"
|
|
964302
|
+
}
|
|
964303
|
+
}
|
|
964304
|
+
},
|
|
964305
|
+
{
|
|
964306
|
+
"Sid": "AllowOperatorToPassSsmManagedNodeRole",
|
|
964307
|
+
"Effect": "Allow",
|
|
964308
|
+
"Action": "iam:PassRole",
|
|
964309
|
+
"Resource": "arn:aws:iam::*:role/sagemaker-space-*",
|
|
964310
|
+
"Condition": {
|
|
964311
|
+
"StringEquals": {
|
|
964312
|
+
"iam:PassedToService": "ssm.amazonaws.com"
|
|
964313
|
+
}
|
|
964314
|
+
}
|
|
964315
|
+
},
|
|
964316
|
+
{
|
|
964317
|
+
"Sid": "AllowOperatorToSSMStartSession",
|
|
964318
|
+
"Effect": "Allow",
|
|
964319
|
+
"Action": [
|
|
964320
|
+
"ssm:StartSession"
|
|
964321
|
+
],
|
|
964322
|
+
"Resource": "arn:aws:ssm:*:*:managed-instance/*",
|
|
964323
|
+
"Condition": {
|
|
964324
|
+
"StringEquals": {
|
|
964325
|
+
"ssm:resourceTag/sagemaker.amazonaws.com/managed-by": "amazon-sagemaker-spaces",
|
|
964326
|
+
"ssm:resourceTag/sagemaker.amazonaws.com/eks-cluster-arn": "${aws:PrincipalTag/eks-cluster-arn}"
|
|
964327
|
+
}
|
|
964328
|
+
}
|
|
964329
|
+
},
|
|
964330
|
+
{
|
|
964331
|
+
"Sid": "AllowStartSessionDocuments",
|
|
964332
|
+
"Effect": "Allow",
|
|
964333
|
+
"Action": [
|
|
964334
|
+
"ssm:StartSession"
|
|
964335
|
+
],
|
|
964336
|
+
"Resource": [
|
|
964337
|
+
"arn:aws:ssm:*::document/AWS-StartSSHSession",
|
|
964338
|
+
"arn:aws:ssm:*:*:document/SageMaker-Space*"
|
|
964339
|
+
]
|
|
964340
|
+
},
|
|
964341
|
+
{
|
|
964342
|
+
"Sid": "KMSDescribeKey",
|
|
964343
|
+
"Effect": "Allow",
|
|
964344
|
+
"Action": [
|
|
964345
|
+
"kms:DescribeKey"
|
|
964346
|
+
],
|
|
964347
|
+
"Resource": "arn:aws:kms:*:*:key/*"
|
|
964348
|
+
},
|
|
964349
|
+
{
|
|
964350
|
+
"Sid": "KMSKeyOperations",
|
|
964351
|
+
"Effect": "Allow",
|
|
964352
|
+
"Action": [
|
|
964353
|
+
"kms:GenerateDataKey",
|
|
964354
|
+
"kms:Decrypt"
|
|
964355
|
+
],
|
|
964356
|
+
"Resource": "arn:aws:kms:*:*:key/*",
|
|
964357
|
+
"Condition": {
|
|
964358
|
+
"StringEquals": {
|
|
964359
|
+
"kms:EncryptionContext:sagemaker:component": "amazon-sagemaker-spaces",
|
|
964360
|
+
"kms:EncryptionContext:sagemaker:eks-cluster-arn": "${aws:PrincipalTag/eks-cluster-arn}"
|
|
964361
|
+
}
|
|
964362
|
+
}
|
|
964363
|
+
},
|
|
964364
|
+
{
|
|
964365
|
+
"Sid": "AllowOperatorToSSMDescribeDocument",
|
|
964366
|
+
"Effect": "Allow",
|
|
964367
|
+
"Action": [
|
|
964368
|
+
"ssm:DescribeDocument"
|
|
964369
|
+
],
|
|
964370
|
+
"Resource": [
|
|
964371
|
+
"arn:aws:ssm:*:*:document/SageMaker-Space*"
|
|
964372
|
+
]
|
|
964373
|
+
},
|
|
964374
|
+
{
|
|
964375
|
+
"Sid": "AllowOperatorToSSMCreateDocument",
|
|
964376
|
+
"Effect": "Allow",
|
|
964377
|
+
"Action": [
|
|
964378
|
+
"ssm:CreateDocument"
|
|
964379
|
+
],
|
|
964380
|
+
"Resource": "arn:aws:ssm:*:*:document/SageMaker-Space*",
|
|
964381
|
+
"Condition": {
|
|
964382
|
+
"StringEquals": {
|
|
964383
|
+
"aws:RequestTag/sagemaker.amazonaws.com/managed-by": "amazon-sagemaker-spaces",
|
|
964384
|
+
"aws:RequestTag/sagemaker.amazonaws.com/eks-cluster-arn": "${aws:PrincipalTag/eks-cluster-arn}"
|
|
964385
|
+
}
|
|
964386
|
+
}
|
|
964387
|
+
},
|
|
964388
|
+
{
|
|
964389
|
+
"Sid": "AllowOperatorToEnableAdvancedTierForManagedInstances",
|
|
964390
|
+
"Effect": "Allow",
|
|
964391
|
+
"Action": [
|
|
964392
|
+
"ssm:UpdateServiceSetting",
|
|
964393
|
+
"ssm:GetServiceSetting",
|
|
964394
|
+
"ssm:ResetServiceSetting"
|
|
964395
|
+
],
|
|
964396
|
+
"Resource": "arn:aws:ssm:*:*:servicesetting/ssm/managed-instance/activation-tier"
|
|
964397
|
+
},
|
|
964398
|
+
{
|
|
964399
|
+
"Sid": "AllowOperatorToAddTagsToSSMDocument",
|
|
964400
|
+
"Effect": "Allow",
|
|
964401
|
+
"Action": "ssm:AddTagsToResource",
|
|
964402
|
+
"Resource": "arn:aws:ssm:*:*:document/SageMaker-Space*",
|
|
964403
|
+
"Condition": {
|
|
964404
|
+
"StringEquals": {
|
|
964405
|
+
"aws:RequestTag/sagemaker.amazonaws.com/managed-by": "amazon-sagemaker-spaces"
|
|
964406
|
+
}
|
|
964407
|
+
}
|
|
964408
|
+
}
|
|
964409
|
+
]
|
|
964410
|
+
}
|
|
964411
|
+
}
|
|
964412
|
+
},
|
|
964413
|
+
"createdDate": "2025-11-19T04:34:09.000Z",
|
|
964414
|
+
"lastUpdatedDate": "2025-11-19T04:34:09.000Z"
|
|
964415
|
+
},
|
|
964416
|
+
"AWSPartnerCentralChannelHandshakeApprovalManagement": {
|
|
964417
|
+
"arn": "arn:aws:iam::aws:policy/AWSPartnerCentralChannelHandshakeApprovalManagement",
|
|
964418
|
+
"latestVersionId": "v1",
|
|
964419
|
+
"versionsCount": 1,
|
|
964420
|
+
"versions": {
|
|
964421
|
+
"v1": {
|
|
964422
|
+
"createdDate": "2025-11-19T16:34:07.000Z",
|
|
964423
|
+
"document": {
|
|
964424
|
+
"Version": "2012-10-17",
|
|
964425
|
+
"Statement": [
|
|
964426
|
+
{
|
|
964427
|
+
"Sid": "ChannelHandshakeManagement",
|
|
964428
|
+
"Effect": "Allow",
|
|
964429
|
+
"Action": [
|
|
964430
|
+
"partnercentral:ListChannelHandshakes",
|
|
964431
|
+
"partnercentral:AcceptChannelHandshake",
|
|
964432
|
+
"partnercentral:RejectChannelHandshake"
|
|
964433
|
+
],
|
|
964434
|
+
"Resource": "*",
|
|
964435
|
+
"Condition": {
|
|
964436
|
+
"StringEquals": {
|
|
964437
|
+
"partnercentral:Catalog": [
|
|
964438
|
+
"AWS",
|
|
964439
|
+
"Sandbox"
|
|
964440
|
+
]
|
|
964441
|
+
}
|
|
964442
|
+
}
|
|
964443
|
+
}
|
|
964444
|
+
]
|
|
964445
|
+
}
|
|
964446
|
+
}
|
|
964447
|
+
},
|
|
964448
|
+
"createdDate": "2025-11-19T16:34:07.000Z",
|
|
964449
|
+
"lastUpdatedDate": "2025-11-19T16:34:07.000Z"
|
|
964450
|
+
},
|
|
964451
|
+
"AWSPartnerCentralChannelManagement": {
|
|
964452
|
+
"arn": "arn:aws:iam::aws:policy/AWSPartnerCentralChannelManagement",
|
|
964453
|
+
"latestVersionId": "v1",
|
|
964454
|
+
"versionsCount": 1,
|
|
964455
|
+
"versions": {
|
|
964456
|
+
"v1": {
|
|
964457
|
+
"createdDate": "2025-11-19T16:34:09.000Z",
|
|
964458
|
+
"document": {
|
|
964459
|
+
"Version": "2012-10-17",
|
|
964460
|
+
"Statement": [
|
|
964461
|
+
{
|
|
964462
|
+
"Sid": "ChannelManagement",
|
|
964463
|
+
"Effect": "Allow",
|
|
964464
|
+
"Action": [
|
|
964465
|
+
"partnercentral:CreateProgramManagementAccount",
|
|
964466
|
+
"partnercentral:UpdateProgramManagementAccount",
|
|
964467
|
+
"partnercentral:DeleteProgramManagementAccount",
|
|
964468
|
+
"partnercentral:ListProgramManagementAccounts",
|
|
964469
|
+
"partnercentral:GetProgramManagementAccount",
|
|
964470
|
+
"partnercentral:CreateRelationship",
|
|
964471
|
+
"partnercentral:UpdateRelationship",
|
|
964472
|
+
"partnercentral:DeleteRelationship",
|
|
964473
|
+
"partnercentral:GetRelationship",
|
|
964474
|
+
"partnercentral:ListRelationships",
|
|
964475
|
+
"partnercentral:CreateChannelHandshake",
|
|
964476
|
+
"partnercentral:AcceptChannelHandshake",
|
|
964477
|
+
"partnercentral:RejectChannelHandshake",
|
|
964478
|
+
"partnercentral:CancelChannelHandshake",
|
|
964479
|
+
"partnercentral:ListChannelHandshakes"
|
|
964480
|
+
],
|
|
964481
|
+
"Resource": "*",
|
|
964482
|
+
"Condition": {
|
|
964483
|
+
"StringEquals": {
|
|
964484
|
+
"partnercentral:Catalog": [
|
|
964485
|
+
"AWS",
|
|
964486
|
+
"Sandbox"
|
|
964487
|
+
]
|
|
964488
|
+
}
|
|
964489
|
+
}
|
|
964490
|
+
},
|
|
964491
|
+
{
|
|
964492
|
+
"Sid": "ChannelBillingTransferRoleAccess",
|
|
964493
|
+
"Effect": "Allow",
|
|
964494
|
+
"Action": [
|
|
964495
|
+
"sts:AssumeRole"
|
|
964496
|
+
],
|
|
964497
|
+
"Resource": [
|
|
964498
|
+
"arn:aws:iam::*:role/PartnerCentralChannelBillingTransferManagement",
|
|
964499
|
+
"arn:aws:iam::*:role/PartnerCentralChannelBillingTransferReadOnly"
|
|
964500
|
+
]
|
|
964501
|
+
},
|
|
964502
|
+
{
|
|
964503
|
+
"Sid": "TaggingAccess",
|
|
964504
|
+
"Effect": "Allow",
|
|
964505
|
+
"Action": [
|
|
964506
|
+
"partnercentral:TagResource",
|
|
964507
|
+
"partnercentral:UntagResource",
|
|
964508
|
+
"partnercentral:ListTagsForResource"
|
|
964509
|
+
],
|
|
964510
|
+
"Resource": [
|
|
964511
|
+
"arn:aws:partnercentral:*:*:catalog/*/program-management-account/*",
|
|
964512
|
+
"arn:aws:partnercentral:*:*:catalog/*/channel-handshake/*"
|
|
964513
|
+
],
|
|
964514
|
+
"Condition": {
|
|
964515
|
+
"StringEquals": {
|
|
964516
|
+
"partnercentral:Catalog": [
|
|
964517
|
+
"AWS",
|
|
964518
|
+
"Sandbox"
|
|
964519
|
+
]
|
|
964520
|
+
}
|
|
964521
|
+
}
|
|
964522
|
+
}
|
|
964523
|
+
]
|
|
964524
|
+
}
|
|
964525
|
+
}
|
|
964526
|
+
},
|
|
964527
|
+
"createdDate": "2025-11-19T16:34:09.000Z",
|
|
964528
|
+
"lastUpdatedDate": "2025-11-19T16:34:09.000Z"
|
|
964529
|
+
},
|
|
964530
|
+
"SignInLocalDevelopmentAccess": {
|
|
964531
|
+
"arn": "arn:aws:iam::aws:policy/SignInLocalDevelopmentAccess",
|
|
964532
|
+
"latestVersionId": "v1",
|
|
964533
|
+
"versionsCount": 1,
|
|
964534
|
+
"versions": {
|
|
964535
|
+
"v1": {
|
|
964536
|
+
"createdDate": "2025-11-19T18:34:09.000Z",
|
|
964537
|
+
"document": {
|
|
964538
|
+
"Version": "2012-10-17",
|
|
964539
|
+
"Statement": [
|
|
964540
|
+
{
|
|
964541
|
+
"Effect": "Allow",
|
|
964542
|
+
"Action": [
|
|
964543
|
+
"signin:AuthorizeOAuth2Access",
|
|
964544
|
+
"signin:CreateOAuth2Token"
|
|
964545
|
+
],
|
|
964546
|
+
"Resource": "arn:aws:signin:*:*:oauth2/public-client/*"
|
|
964547
|
+
}
|
|
964548
|
+
]
|
|
964549
|
+
}
|
|
964550
|
+
}
|
|
964551
|
+
},
|
|
964552
|
+
"createdDate": "2025-11-19T18:34:09.000Z",
|
|
964553
|
+
"lastUpdatedDate": "2025-11-19T18:34:09.000Z"
|
|
964554
|
+
},
|
|
964555
|
+
"AWSBackupServiceRolePolicyForScans": {
|
|
964556
|
+
"arn": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForScans",
|
|
964557
|
+
"latestVersionId": "v1",
|
|
964558
|
+
"versionsCount": 1,
|
|
964559
|
+
"versions": {
|
|
964560
|
+
"v1": {
|
|
964561
|
+
"createdDate": "2025-11-20T03:34:10.000Z",
|
|
964562
|
+
"document": {
|
|
964563
|
+
"Version": "2012-10-17",
|
|
964564
|
+
"Statement": [
|
|
964565
|
+
{
|
|
964566
|
+
"Sid": "GuardDutyMalwareScanPermissions",
|
|
964567
|
+
"Effect": "Allow",
|
|
964568
|
+
"Action": [
|
|
964569
|
+
"guardduty:StartMalwareScan",
|
|
964570
|
+
"guardduty:GetMalwareScan"
|
|
964571
|
+
],
|
|
964572
|
+
"Resource": "*"
|
|
964573
|
+
},
|
|
964574
|
+
{
|
|
964575
|
+
"Sid": "IAMPassPermissions",
|
|
964576
|
+
"Effect": "Allow",
|
|
964577
|
+
"Action": "iam:PassRole",
|
|
964578
|
+
"Resource": "*",
|
|
964579
|
+
"Condition": {
|
|
964580
|
+
"StringEquals": {
|
|
964581
|
+
"iam:PassedToService": "malware-protection.guardduty.amazonaws.com"
|
|
964582
|
+
}
|
|
964583
|
+
}
|
|
964584
|
+
},
|
|
964585
|
+
{
|
|
964586
|
+
"Sid": "EC2ReadAPIPermissions",
|
|
964587
|
+
"Effect": "Allow",
|
|
964588
|
+
"Action": [
|
|
964589
|
+
"ec2:DescribeImages",
|
|
964590
|
+
"ec2:DescribeSnapshots"
|
|
964591
|
+
],
|
|
964592
|
+
"Resource": "*"
|
|
964593
|
+
}
|
|
964594
|
+
]
|
|
964595
|
+
}
|
|
964596
|
+
}
|
|
964597
|
+
},
|
|
964598
|
+
"createdDate": "2025-11-20T03:34:10.000Z",
|
|
964599
|
+
"lastUpdatedDate": "2025-11-20T03:34:10.000Z"
|
|
964600
|
+
},
|
|
964601
|
+
"AWSBackupGuardDutyRolePolicyForScans": {
|
|
964602
|
+
"arn": "arn:aws:iam::aws:policy/AWSBackupGuardDutyRolePolicyForScans",
|
|
964603
|
+
"latestVersionId": "v1",
|
|
964604
|
+
"versionsCount": 1,
|
|
964605
|
+
"versions": {
|
|
964606
|
+
"v1": {
|
|
964607
|
+
"createdDate": "2025-11-20T03:34:12.000Z",
|
|
964608
|
+
"document": {
|
|
964609
|
+
"Version": "2012-10-17",
|
|
964610
|
+
"Statement": [
|
|
964611
|
+
{
|
|
964612
|
+
"Sid": "EBSDirectReadAPIPermissions",
|
|
964613
|
+
"Effect": "Allow",
|
|
964614
|
+
"Action": [
|
|
964615
|
+
"ebs:ListSnapshotBlocks",
|
|
964616
|
+
"ebs:ListChangedBlocks",
|
|
964617
|
+
"ebs:GetSnapshotBlock"
|
|
964618
|
+
],
|
|
964619
|
+
"Resource": "arn:aws:ec2:*::snapshot/*",
|
|
964620
|
+
"Condition": {
|
|
964621
|
+
"Null": {
|
|
964622
|
+
"aws:ResourceTag/aws:backup:source-resource": "false"
|
|
964623
|
+
},
|
|
964624
|
+
"StringLike": {
|
|
964625
|
+
"aws:ResourceTag/aws:backup:source-resource": "*"
|
|
964626
|
+
}
|
|
964627
|
+
}
|
|
964628
|
+
},
|
|
964629
|
+
{
|
|
964630
|
+
"Sid": "CreateGrantForEncryptedVolumeCreation",
|
|
964631
|
+
"Effect": "Allow",
|
|
964632
|
+
"Action": "kms:CreateGrant",
|
|
964633
|
+
"Resource": "arn:aws:kms:*:*:key/*",
|
|
964634
|
+
"Condition": {
|
|
964635
|
+
"StringLike": {
|
|
964636
|
+
"kms:EncryptionContext:aws:guardduty:id": "snap-*",
|
|
964637
|
+
"kms:ViaService": [
|
|
964638
|
+
"guardduty.*.amazonaws.com",
|
|
964639
|
+
"backup.*.amazonaws.com"
|
|
964640
|
+
]
|
|
964641
|
+
},
|
|
964642
|
+
"ForAllValues:StringEquals": {
|
|
964643
|
+
"kms:GrantOperations": [
|
|
964644
|
+
"Decrypt",
|
|
964645
|
+
"CreateGrant",
|
|
964646
|
+
"GenerateDataKeyWithoutPlaintext",
|
|
964647
|
+
"ReEncryptFrom",
|
|
964648
|
+
"ReEncryptTo",
|
|
964649
|
+
"RetireGrant",
|
|
964650
|
+
"DescribeKey"
|
|
964651
|
+
]
|
|
964652
|
+
},
|
|
964653
|
+
"Null": {
|
|
964654
|
+
"kms:GrantOperations": "false"
|
|
964655
|
+
}
|
|
964656
|
+
}
|
|
964657
|
+
},
|
|
964658
|
+
{
|
|
964659
|
+
"Sid": "CreateGrantForReEncryptAndEBSDirect",
|
|
964660
|
+
"Effect": "Allow",
|
|
964661
|
+
"Action": "kms:CreateGrant",
|
|
964662
|
+
"Resource": "arn:aws:kms:*:*:key/*",
|
|
964663
|
+
"Condition": {
|
|
964664
|
+
"StringLike": {
|
|
964665
|
+
"kms:EncryptionContext:aws:ebs:id": "snap-*",
|
|
964666
|
+
"kms:ViaService": [
|
|
964667
|
+
"guardduty.*.amazonaws.com",
|
|
964668
|
+
"backup.*.amazonaws.com"
|
|
964669
|
+
]
|
|
964670
|
+
},
|
|
964671
|
+
"ForAllValues:StringEquals": {
|
|
964672
|
+
"kms:GrantOperations": [
|
|
964673
|
+
"Decrypt",
|
|
964674
|
+
"ReEncryptFrom",
|
|
964675
|
+
"ReEncryptTo",
|
|
964676
|
+
"RetireGrant",
|
|
964677
|
+
"DescribeKey"
|
|
964678
|
+
]
|
|
964679
|
+
},
|
|
964680
|
+
"Null": {
|
|
964681
|
+
"kms:GrantOperations": "false"
|
|
964682
|
+
}
|
|
964683
|
+
}
|
|
964684
|
+
},
|
|
964685
|
+
{
|
|
964686
|
+
"Sid": "DescribeKeyPermissions",
|
|
964687
|
+
"Effect": "Allow",
|
|
964688
|
+
"Action": "kms:DescribeKey",
|
|
964689
|
+
"Resource": "arn:aws:kms:*:*:key/*"
|
|
964690
|
+
},
|
|
964691
|
+
{
|
|
964692
|
+
"Sid": "EC2ReadAPIPermissions",
|
|
964693
|
+
"Effect": "Allow",
|
|
964694
|
+
"Action": [
|
|
964695
|
+
"ec2:DescribeImages",
|
|
964696
|
+
"ec2:DescribeSnapshots"
|
|
964697
|
+
],
|
|
964698
|
+
"Resource": "*"
|
|
964699
|
+
},
|
|
964700
|
+
{
|
|
964701
|
+
"Sid": "ShareSnapshotPermissions",
|
|
964702
|
+
"Effect": "Allow",
|
|
964703
|
+
"Action": [
|
|
964704
|
+
"ec2:ModifySnapshotAttribute"
|
|
964705
|
+
],
|
|
964706
|
+
"Resource": "arn:aws:ec2:*:*:snapshot/*",
|
|
964707
|
+
"Condition": {
|
|
964708
|
+
"Null": {
|
|
964709
|
+
"aws:ResourceTag/aws:backup:source-resource": "false"
|
|
964710
|
+
},
|
|
964711
|
+
"StringLike": {
|
|
964712
|
+
"aws:ResourceTag/aws:backup:source-resource": "*"
|
|
964713
|
+
}
|
|
964714
|
+
}
|
|
964715
|
+
},
|
|
964716
|
+
{
|
|
964717
|
+
"Sid": "ShareSnapshotKMSPermissions",
|
|
964718
|
+
"Effect": "Allow",
|
|
964719
|
+
"Action": [
|
|
964720
|
+
"kms:ReEncryptTo",
|
|
964721
|
+
"kms:ReEncryptFrom"
|
|
964722
|
+
],
|
|
964723
|
+
"Resource": "arn:aws:kms:*:*:key/*",
|
|
964724
|
+
"Condition": {
|
|
964725
|
+
"StringLike": {
|
|
964726
|
+
"kms:EncryptionContext:aws:ebs:id": [
|
|
964727
|
+
"vol-*",
|
|
964728
|
+
"snap-*"
|
|
964729
|
+
],
|
|
964730
|
+
"kms:ViaService": "ec2.*.amazonaws.com"
|
|
964731
|
+
}
|
|
964732
|
+
}
|
|
964733
|
+
},
|
|
964734
|
+
{
|
|
964735
|
+
"Sid": "CreateBackupAccessPointPermissions",
|
|
964736
|
+
"Effect": "Allow",
|
|
964737
|
+
"Action": [
|
|
964738
|
+
"backup:CreateBackupAccessPoint"
|
|
964739
|
+
],
|
|
964740
|
+
"Resource": "arn:aws:backup:*:*:recovery-point:*"
|
|
964741
|
+
},
|
|
964742
|
+
{
|
|
964743
|
+
"Sid": "ReadAndDeleteBackupAccessPointPermissions",
|
|
964744
|
+
"Effect": "Allow",
|
|
964745
|
+
"Action": [
|
|
964746
|
+
"backup:DescribeBackupAccessPoint",
|
|
964747
|
+
"backup:DeleteBackupAccessPoint"
|
|
964748
|
+
],
|
|
964749
|
+
"Resource": "*"
|
|
964750
|
+
},
|
|
964751
|
+
{
|
|
964752
|
+
"Sid": "BackupRecoveryPointApiPermissions",
|
|
964753
|
+
"Effect": "Allow",
|
|
964754
|
+
"Action": [
|
|
964755
|
+
"backup:DescribeRecoveryPoint"
|
|
964756
|
+
],
|
|
964757
|
+
"Resource": "arn:aws:backup:*:*:recovery-point:*"
|
|
964758
|
+
},
|
|
964759
|
+
{
|
|
964760
|
+
"Sid": "DecryptKMSEncryptedDataByAWSBackup",
|
|
964761
|
+
"Effect": "Allow",
|
|
964762
|
+
"Action": [
|
|
964763
|
+
"kms:Decrypt"
|
|
964764
|
+
],
|
|
964765
|
+
"Resource": "arn:aws:kms:*:*:key/*",
|
|
964766
|
+
"Condition": {
|
|
964767
|
+
"StringLike": {
|
|
964768
|
+
"kms:EncryptionContext:aws:backup:backup-vault": "*",
|
|
964769
|
+
"kms:ViaService": "backup.*.amazonaws.com"
|
|
964770
|
+
}
|
|
964771
|
+
}
|
|
964772
|
+
}
|
|
964773
|
+
]
|
|
964774
|
+
}
|
|
964775
|
+
}
|
|
964776
|
+
},
|
|
964777
|
+
"createdDate": "2025-11-20T03:34:12.000Z",
|
|
964778
|
+
"lastUpdatedDate": "2025-11-20T03:34:12.000Z"
|
|
962511
964779
|
}
|
|
962512
964780
|
}
|