aws-iam-managed-policies 0.0.491 → 0.0.493

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/managedPolicies.json +1501 -31
  2. package/package.json +1 -1
package/dist/managedPolicies.json CHANGED
@@ -137073,8 +137073,8 @@
137073
137073
  },
137074
137074
  "CloudWatchReadOnlyAccess": {
137075
137075
  "arn": "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess",
137076
- "latestVersionId": "v13",
137077
- "versionsCount": 13,
137076
+ "latestVersionId": "v14",
137077
+ "versionsCount": 14,
137078
137078
  "versions": {
137079
137079
  "v1": {
137080
137080
  "createdDate": "2015-02-06T18:40:01.000Z",
@@ -137743,15 +137743,134 @@
137743
137743
  }
137744
137744
  ]
137745
137745
  }
137746
+ },
137747
+ "v14": {
137748
+ "createdDate": "2015-02-06T18:40:01.000Z",
137749
+ "document": {
137750
+ "Version": "2012-10-17",
137751
+ "Statement": [
137752
+ {
137753
+ "Sid": "CloudWatchReadOnlyAccessPermissions",
137754
+ "Effect": "Allow",
137755
+ "Action": [
137756
+ "application-autoscaling:DescribeScalingPolicies",
137757
+ "application-signals:BatchGet*",
137758
+ "application-signals:Get*",
137759
+ "application-signals:List*",
137760
+ "autoscaling:Describe*",
137761
+ "cloudtrail:ListChannels",
137762
+ "cloudwatch:BatchGet*",
137763
+ "cloudwatch:Describe*",
137764
+ "cloudwatch:GenerateQuery",
137765
+ "cloudwatch:Get*",
137766
+ "cloudwatch:List*",
137767
+ "logs:Get*",
137768
+ "logs:List*",
137769
+ "logs:StartQuery",
137770
+ "logs:StopQuery",
137771
+ "logs:Describe*",
137772
+ "logs:TestMetricFilter",
137773
+ "logs:FilterLogEvents",
137774
+ "logs:StartLiveTail",
137775
+ "logs:StopLiveTail",
137776
+ "oam:ListSinks",
137777
+ "observabilityadmin:GetCentralizationRuleForOrganization",
137778
+ "observabilityadmin:ListCentralizationRulesForOrganization",
137779
+ "observabilityadmin:GetTelemetryEvaluationStatus",
137780
+ "observabilityadmin:GetTelemetryEvaluationStatusForOrganization",
137781
+ "observabilityadmin:GetTelemetryRule",
137782
+ "observabilityadmin:GetTelemetryRuleForOrganization",
137783
+ "observabilityadmin:ListResourceTelemetry",
137784
+ "observabilityadmin:ListResourceTelemetryForOrganization",
137785
+ "observabilityadmin:ListTelemetryRules",
137786
+ "observabilityadmin:ListTelemetryRulesForOrganization",
137787
+ "observabilityadmin:GetTelemetryEnrichmentStatus",
137788
+ "observabilityadmin:ListTagsForResource",
137789
+ "observabilityadmin:GetTelemetryPipeline",
137790
+ "observabilityadmin:ListTelemetryPipelines",
137791
+ "observabilityadmin:TestTelemetryPipeline",
137792
+ "observabilityadmin:ValidateTelemetryPipelineConfiguration",
137793
+ "observabilityadmin:GetS3TableIntegration",
137794
+ "observabilityadmin:ListS3TableIntegrations",
137795
+ "sns:Get*",
137796
+ "sns:List*",
137797
+ "rum:BatchGet*",
137798
+ "rum:Get*",
137799
+ "rum:List*",
137800
+ "synthetics:Describe*",
137801
+ "synthetics:Get*",
137802
+ "synthetics:List*",
137803
+ "xray:BatchGet*",
137804
+ "xray:Get*",
137805
+ "xray:List*",
137806
+ "xray:StartTraceRetrieval",
137807
+ "xray:CancelTraceRetrieval"
137808
+ ],
137809
+ "Resource": "*"
137810
+ },
137811
+ {
137812
+ "Sid": "OAMReadPermissions",
137813
+ "Effect": "Allow",
137814
+ "Action": [
137815
+ "oam:ListAttachedLinks"
137816
+ ],
137817
+ "Resource": "arn:aws:oam:*:*:sink/*"
137818
+ },
137819
+ {
137820
+ "Sid": "CloudWatchReadOnlyGetRolePermissions",
137821
+ "Effect": "Allow",
137822
+ "Action": "iam:GetRole",
137823
+ "Resource": "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals"
137824
+ },
137825
+ {
137826
+ "Sid": "CloudWatchCloudTrailPermissions",
137827
+ "Effect": "Allow",
137828
+ "Action": [
137829
+ "cloudtrail:GetChannel"
137830
+ ],
137831
+ "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/application-signals/*"
137832
+ },
137833
+ {
137834
+ "Sid": "CloudWatchServiceQuotaPermissions",
137835
+ "Effect": "Allow",
137836
+ "Action": [
137837
+ "servicequotas:GetServiceQuota"
137838
+ ],
137839
+ "Resource": [
137840
+ "arn:aws:servicequotas:*:*:s3/*",
137841
+ "arn:aws:servicequotas:*:*:dynamodb/*",
137842
+ "arn:aws:servicequotas:*:*:kinesis/*",
137843
+ "arn:aws:servicequotas:*:*:sns/*",
137844
+ "arn:aws:servicequotas:*:*:bedrock/*",
137845
+ "arn:aws:servicequotas:*:*:lambda/*",
137846
+ "arn:aws:servicequotas:*:*:fargate/*",
137847
+ "arn:aws:servicequotas:*:*:elasticloadbalancing/*",
137848
+ "arn:aws:servicequotas:*:*:ec2/*"
137849
+ ]
137850
+ },
137851
+ {
137852
+ "Sid": "CloudWatchResourceExplorerPermissions",
137853
+ "Effect": "Allow",
137854
+ "Action": [
137855
+ "resource-explorer-2:ListIndexes",
137856
+ "resource-explorer-2:Search"
137857
+ ],
137858
+ "Resource": [
137859
+ "arn:aws:resource-explorer-2:*::view/AWSServiceViewForApplicationSignals/service-view",
137860
+ "arn:aws:resource-explorer-2:*::view/AWSServiceViewForApplicationSignalsOrgScopeProd/service-view"
137861
+ ]
137862
+ }
137863
+ ]
137864
+ }
137746
137865
  }
137747
137866
  },
137748
137867
  "createdDate": "2015-02-06T18:40:01.000Z",
137749
- "lastUpdatedDate": "2025-11-20T19:34:11.000Z"
137868
+ "lastUpdatedDate": "2025-12-02T16:49:09.000Z"
137750
137869
  },
137751
137870
  "CloudWatchLogsFullAccess": {
137752
137871
  "arn": "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
137753
- "latestVersionId": "v3",
137754
- "versionsCount": 3,
137872
+ "latestVersionId": "v4",
137873
+ "versionsCount": 4,
137755
137874
  "versions": {
137756
137875
  "v1": {
137757
137876
  "createdDate": "2015-02-06T18:40:02.000Z",
@@ -137802,15 +137921,36 @@
137802
137921
  }
137803
137922
  ]
137804
137923
  }
137924
+ },
137925
+ "v4": {
137926
+ "createdDate": "2015-02-06T18:40:02.000Z",
137927
+ "document": {
137928
+ "Version": "2012-10-17",
137929
+ "Statement": [
137930
+ {
137931
+ "Sid": "CloudWatchLogsFullAccess",
137932
+ "Effect": "Allow",
137933
+ "Action": [
137934
+ "logs:*",
137935
+ "cloudwatch:GenerateQuery",
137936
+ "cloudwatch:GenerateQueryResultsSummary",
137937
+ "observabilityadmin:GetS3TableIntegration",
137938
+ "observabilityadmin:ListS3TableIntegrations",
137939
+ "observabilityadmin:ListTelemetryPipelines"
137940
+ ],
137941
+ "Resource": "*"
137942
+ }
137943
+ ]
137944
+ }
137805
137945
  }
137806
137946
  },
137807
137947
  "createdDate": "2015-02-06T18:40:02.000Z",
137808
- "lastUpdatedDate": "2025-05-20T17:07:06.000Z"
137948
+ "lastUpdatedDate": "2025-12-02T16:34:08.000Z"
137809
137949
  },
137810
137950
  "CloudWatchLogsReadOnlyAccess": {
137811
137951
  "arn": "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess",
137812
- "latestVersionId": "v7",
137813
- "versionsCount": 7,
137952
+ "latestVersionId": "v8",
137953
+ "versionsCount": 8,
137814
137954
  "versions": {
137815
137955
  "v1": {
137816
137956
  "createdDate": "2015-02-06T18:40:03.000Z",
@@ -137960,10 +138100,39 @@
137960
138100
  }
137961
138101
  ]
137962
138102
  }
138103
+ },
138104
+ "v8": {
138105
+ "createdDate": "2015-02-06T18:40:03.000Z",
138106
+ "document": {
138107
+ "Version": "2012-10-17",
138108
+ "Statement": [
138109
+ {
138110
+ "Sid": "CloudWatchLogsReadOnlyAccess",
138111
+ "Effect": "Allow",
138112
+ "Action": [
138113
+ "logs:Describe*",
138114
+ "logs:Get*",
138115
+ "logs:List*",
138116
+ "logs:StartQuery",
138117
+ "logs:StopQuery",
138118
+ "logs:TestMetricFilter",
138119
+ "logs:FilterLogEvents",
138120
+ "logs:StartLiveTail",
138121
+ "logs:StopLiveTail",
138122
+ "cloudwatch:GenerateQuery",
138123
+ "cloudwatch:GenerateQueryResultsSummary",
138124
+ "observabilityadmin:ListS3TableIntegrations",
138125
+ "observabilityadmin:GetS3TableIntegration",
138126
+ "observabilityadmin:ListTelemetryPipelines"
138127
+ ],
138128
+ "Resource": "*"
138129
+ }
138130
+ ]
138131
+ }
137963
138132
  }
137964
138133
  },
137965
138134
  "createdDate": "2015-02-06T18:40:03.000Z",
137966
- "lastUpdatedDate": "2025-05-20T16:52:06.000Z"
138135
+ "lastUpdatedDate": "2025-12-02T16:34:10.000Z"
137967
138136
  },
137968
138137
  "AWSDirectConnectFullAccess": {
137969
138138
  "arn": "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess",
@@ -609527,8 +609696,8 @@
609527
609696
  },
609528
609697
  "AWSLambda_FullAccess": {
609529
609698
  "arn": "arn:aws:iam::aws:policy/AWSLambda_FullAccess",
609530
- "latestVersionId": "v2",
609531
- "versionsCount": 2,
609699
+ "latestVersionId": "v3",
609700
+ "versionsCount": 3,
609532
609701
  "versions": {
609533
609702
  "v1": {
609534
609703
  "createdDate": "2020-11-17T21:14:08.000Z",
@@ -609641,10 +609810,78 @@
609641
609810
  }
609642
609811
  ]
609643
609812
  }
609813
+ },
609814
+ "v3": {
609815
+ "createdDate": "2020-11-17T21:14:08.000Z",
609816
+ "document": {
609817
+ "Version": "2012-10-17",
609818
+ "Statement": [
609819
+ {
609820
+ "Effect": "Allow",
609821
+ "Action": [
609822
+ "cloudformation:DescribeStacks",
609823
+ "cloudformation:ListStackResources",
609824
+ "cloudwatch:ListMetrics",
609825
+ "cloudwatch:GetMetricData",
609826
+ "ec2:DescribeSecurityGroups",
609827
+ "ec2:DescribeSubnets",
609828
+ "ec2:DescribeVpcs",
609829
+ "kms:DescribeKey",
609830
+ "kms:ListAliases",
609831
+ "iam:GetPolicy",
609832
+ "iam:GetPolicyVersion",
609833
+ "iam:GetRole",
609834
+ "iam:GetRolePolicy",
609835
+ "iam:ListAttachedRolePolicies",
609836
+ "iam:ListRolePolicies",
609837
+ "iam:ListRoles",
609838
+ "lambda:*",
609839
+ "logs:DescribeLogGroups",
609840
+ "states:DescribeStateMachine",
609841
+ "states:ListStateMachines",
609842
+ "tag:GetResources",
609843
+ "xray:GetTraceSummaries",
609844
+ "xray:BatchGetTraces"
609845
+ ],
609846
+ "Resource": "*"
609847
+ },
609848
+ {
609849
+ "Effect": "Allow",
609850
+ "Action": "iam:PassRole",
609851
+ "Resource": "*",
609852
+ "Condition": {
609853
+ "StringEquals": {
609854
+ "iam:PassedToService": "lambda.amazonaws.com"
609855
+ }
609856
+ }
609857
+ },
609858
+ {
609859
+ "Effect": "Allow",
609860
+ "Action": [
609861
+ "logs:DescribeLogStreams",
609862
+ "logs:GetLogEvents",
609863
+ "logs:FilterLogEvents",
609864
+ "logs:StartLiveTail",
609865
+ "logs:StopLiveTail"
609866
+ ],
609867
+ "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*"
609868
+ },
609869
+ {
609870
+ "Effect": "Allow",
609871
+ "Action": "iam:CreateServiceLinkedRole",
609872
+ "Resource": "arn:aws:iam::*:role/aws-service-role/lambda.amazonaws.com/AWSServiceRoleForLambda",
609873
+ "Condition": {
609874
+ "StringEquals": {
609875
+ "iam:AWSServiceName": "lambda.amazonaws.com"
609876
+ }
609877
+ }
609878
+ }
609879
+ ]
609880
+ }
609644
609881
  }
609645
609882
  },
609646
609883
  "createdDate": "2020-11-17T21:14:08.000Z",
609647
- "lastUpdatedDate": "2025-03-17T21:37:06.000Z"
609884
+ "lastUpdatedDate": "2025-12-01T16:04:11.000Z"
609648
609885
  },
609649
609886
  "AmazonHoneycodeServiceRolePolicy": {
609650
609887
  "arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonHoneycodeServiceRolePolicy",
@@ -743507,8 +743744,8 @@
743507
743744
  },
743508
743745
  "CloudWatchFullAccessV2": {
743509
743746
  "arn": "arn:aws:iam::aws:policy/CloudWatchFullAccessV2",
743510
- "latestVersionId": "v6",
743511
- "versionsCount": 6,
743747
+ "latestVersionId": "v7",
743748
+ "versionsCount": 7,
743512
743749
  "versions": {
743513
743750
  "v1": {
743514
743751
  "createdDate": "2023-08-01T11:32:57.000Z",
@@ -743532,10 +743769,72 @@
743532
743769
  "iam:GetPolicy",
743533
743770
  "iam:GetPolicyVersion",
743534
743771
  "iam:GetRole",
743535
- "oam:ListSinks"
743772
+ "oam:ListSinks"
743773
+ ],
743774
+ "Resource": "*"
743775
+ },
743776
+ {
743777
+ "Sid": "EventsServicePermissions",
743778
+ "Effect": "Allow",
743779
+ "Action": "iam:CreateServiceLinkedRole",
743780
+ "Resource": "arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*",
743781
+ "Condition": {
743782
+ "StringLike": {
743783
+ "iam:AWSServiceName": "events.amazonaws.com"
743784
+ }
743785
+ }
743786
+ },
743787
+ {
743788
+ "Sid": "OAMReadPermissions",
743789
+ "Effect": "Allow",
743790
+ "Action": [
743791
+ "oam:ListAttachedLinks"
743792
+ ],
743793
+ "Resource": "arn:aws:oam:*:*:sink/*"
743794
+ }
743795
+ ]
743796
+ }
743797
+ },
743798
+ "v2": {
743799
+ "createdDate": "2023-08-01T11:32:57.000Z",
743800
+ "document": {
743801
+ "Version": "2012-10-17",
743802
+ "Statement": [
743803
+ {
743804
+ "Sid": "CloudWatchFullAccessPermissions",
743805
+ "Effect": "Allow",
743806
+ "Action": [
743807
+ "application-autoscaling:DescribeScalingPolicies",
743808
+ "autoscaling:DescribeAutoScalingGroups",
743809
+ "autoscaling:DescribePolicies",
743810
+ "cloudwatch:*",
743811
+ "logs:*",
743812
+ "sns:CreateTopic",
743813
+ "sns:ListSubscriptions",
743814
+ "sns:ListSubscriptionsByTopic",
743815
+ "sns:ListTopics",
743816
+ "sns:Subscribe",
743817
+ "iam:GetPolicy",
743818
+ "iam:GetPolicyVersion",
743819
+ "iam:GetRole",
743820
+ "oam:ListSinks",
743821
+ "rum:*",
743822
+ "synthetics:*",
743823
+ "xray:*"
743536
743824
  ],
743537
743825
  "Resource": "*"
743538
743826
  },
743827
+ {
743828
+ "Sid": "CloudWatchApplicationSignalsServiceLinkedRolePermissions",
743829
+ "Effect": "Allow",
743830
+ "Action": "iam:CreateServiceLinkedRole",
743831
+ "Resource": "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals",
743832
+ "Condition": {
743833
+ "StringLike": {
743834
+ "iam:AWSServiceName": "application-signals.cloudwatch.amazonaws.com"
743835
+ }
743836
+ }
743837
+ },
743539
743838
  {
743540
743839
  "Sid": "EventsServicePermissions",
743541
743840
  "Effect": "Allow",
@@ -743558,7 +743857,7 @@
743558
743857
  ]
743559
743858
  }
743560
743859
  },
743561
- "v2": {
743860
+ "v3": {
743562
743861
  "createdDate": "2023-08-01T11:32:57.000Z",
743563
743862
  "document": {
743564
743863
  "Version": "2012-10-17",
@@ -743568,6 +743867,7 @@
743568
743867
  "Effect": "Allow",
743569
743868
  "Action": [
743570
743869
  "application-autoscaling:DescribeScalingPolicies",
743870
+ "application-signals:*",
743571
743871
  "autoscaling:DescribeAutoScalingGroups",
743572
743872
  "autoscaling:DescribePolicies",
743573
743873
  "cloudwatch:*",
@@ -743620,7 +743920,7 @@
743620
743920
  ]
743621
743921
  }
743622
743922
  },
743623
- "v3": {
743923
+ "v4": {
743624
743924
  "createdDate": "2023-08-01T11:32:57.000Z",
743625
743925
  "document": {
743626
743926
  "Version": "2012-10-17",
@@ -743679,11 +743979,46 @@
743679
743979
  "oam:ListAttachedLinks"
743680
743980
  ],
743681
743981
  "Resource": "arn:aws:oam:*:*:sink/*"
743982
+ },
743983
+ {
743984
+ "Sid": "CloudWatchCloudTrailPermissions",
743985
+ "Effect": "Allow",
743986
+ "Action": [
743987
+ "cloudtrail:CreateServiceLinkedChannel",
743988
+ "cloudtrail:GetChannel"
743989
+ ],
743990
+ "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/application-signals/*"
743991
+ },
743992
+ {
743993
+ "Sid": "CloudWatchApplicationSignalsCloudTrailListPermissions",
743994
+ "Effect": "Allow",
743995
+ "Action": [
743996
+ "cloudtrail:ListChannels"
743997
+ ],
743998
+ "Resource": "*"
743999
+ },
744000
+ {
744001
+ "Sid": "CloudWatchServiceQuotaPermissions",
744002
+ "Effect": "Allow",
744003
+ "Action": [
744004
+ "servicequotas:GetServiceQuota"
744005
+ ],
744006
+ "Resource": [
744007
+ "arn:aws:servicequotas:*:*:s3/*",
744008
+ "arn:aws:servicequotas:*:*:dynamodb/*",
744009
+ "arn:aws:servicequotas:*:*:kinesis/*",
744010
+ "arn:aws:servicequotas:*:*:sns/*",
744011
+ "arn:aws:servicequotas:*:*:bedrock/*",
744012
+ "arn:aws:servicequotas:*:*:lambda/*",
744013
+ "arn:aws:servicequotas:*:*:fargate/*",
744014
+ "arn:aws:servicequotas:*:*:elasticloadbalancing/*",
744015
+ "arn:aws:servicequotas:*:*:ec2/*"
744016
+ ]
743682
744017
  }
743683
744018
  ]
743684
744019
  }
743685
744020
  },
743686
- "v4": {
744021
+ "v5": {
743687
744022
  "createdDate": "2023-08-01T11:32:57.000Z",
743688
744023
  "document": {
743689
744024
  "Version": "2012-10-17",
@@ -743707,6 +744042,35 @@
743707
744042
  "iam:GetPolicyVersion",
743708
744043
  "iam:GetRole",
743709
744044
  "oam:ListSinks",
744045
+ "observabilityadmin:GetCentralizationRuleForOrganization",
744046
+ "observabilityadmin:ListCentralizationRulesForOrganization",
744047
+ "observabilityadmin:CreateCentralizationRuleForOrganization",
744048
+ "observabilityadmin:UpdateCentralizationRuleForOrganization",
744049
+ "observabilityadmin:DeleteCentralizationRuleForOrganization",
744050
+ "observabilityadmin:StartTelemetryEvaluation",
744051
+ "observabilityadmin:GetTelemetryEvaluationStatus",
744052
+ "observabilityadmin:ListResourceTelemetry",
744053
+ "observabilityadmin:StopTelemetryEvaluation",
744054
+ "observabilityadmin:StartTelemetryEvaluationForOrganization",
744055
+ "observabilityadmin:GetTelemetryEvaluationStatusForOrganization",
744056
+ "observabilityadmin:ListResourceTelemetryForOrganization",
744057
+ "observabilityadmin:StopTelemetryEvaluationForOrganization",
744058
+ "observabilityadmin:CreateTelemetryRule",
744059
+ "observabilityadmin:GetTelemetryRule",
744060
+ "observabilityadmin:ListTelemetryRules",
744061
+ "observabilityadmin:UpdateTelemetryRule",
744062
+ "observabilityadmin:DeleteTelemetryRule",
744063
+ "observabilityadmin:CreateTelemetryRuleForOrganization",
744064
+ "observabilityadmin:GetTelemetryRuleForOrganization",
744065
+ "observabilityadmin:ListTelemetryRulesForOrganization",
744066
+ "observabilityadmin:UpdateTelemetryRuleForOrganization",
744067
+ "observabilityadmin:DeleteTelemetryRuleForOrganization",
744068
+ "observabilityadmin:GetTelemetryEnrichmentStatus",
744069
+ "observabilityadmin:StartTelemetryEnrichment",
744070
+ "observabilityadmin:StopTelemetryEnrichment",
744071
+ "observabilityadmin:TagResource",
744072
+ "observabilityadmin:UntagResource",
744073
+ "observabilityadmin:ListTagsForResource",
743710
744074
  "rum:*",
743711
744075
  "synthetics:*",
743712
744076
  "xray:*"
@@ -743781,7 +744145,7 @@
743781
744145
  ]
743782
744146
  }
743783
744147
  },
743784
- "v5": {
744148
+ "v6": {
743785
744149
  "createdDate": "2023-08-01T11:32:57.000Z",
743786
744150
  "document": {
743787
744151
  "Version": "2012-10-17",
@@ -743904,11 +744268,46 @@
743904
744268
  "arn:aws:servicequotas:*:*:elasticloadbalancing/*",
743905
744269
  "arn:aws:servicequotas:*:*:ec2/*"
743906
744270
  ]
744271
+ },
744272
+ {
744273
+ "Sid": "CloudWatchResourceExplorerPermissions",
744274
+ "Effect": "Allow",
744275
+ "Action": [
744276
+ "resource-explorer-2:ListIndexes",
744277
+ "resource-explorer-2:Search"
744278
+ ],
744279
+ "Resource": [
744280
+ "arn:aws:resource-explorer-2:*::view/AWSServiceViewForApplicationSignals/service-view",
744281
+ "arn:aws:resource-explorer-2:*::view/AWSServiceViewForApplicationSignalsOrgScopeProd/service-view"
744282
+ ]
744283
+ },
744284
+ {
744285
+ "Sid": "CloudWatchResourceExplorerSLRPermissions",
744286
+ "Effect": "Allow",
744287
+ "Action": [
744288
+ "iam:CreateServiceLinkedRole"
744289
+ ],
744290
+ "Resource": "arn:aws:iam::*:role/aws-service-role/resource-explorer-2.amazonaws.com/AWSServiceRoleForResourceExplorer",
744291
+ "Condition": {
744292
+ "StringEquals": {
744293
+ "iam:AWSServiceName": [
744294
+ "resource-explorer-2.amazonaws.com"
744295
+ ]
744296
+ }
744297
+ }
744298
+ },
744299
+ {
744300
+ "Sid": "CloudWatchResourceExplorerCreateIndexPermissions",
744301
+ "Effect": "Allow",
744302
+ "Action": [
744303
+ "resource-explorer-2:CreateIndex"
744304
+ ],
744305
+ "Resource": "arn:aws:resource-explorer-2:*:*:index/*"
743907
744306
  }
743908
744307
  ]
743909
744308
  }
743910
744309
  },
743911
- "v6": {
744310
+ "v7": {
743912
744311
  "createdDate": "2023-08-01T11:32:57.000Z",
743913
744312
  "document": {
743914
744313
  "Version": "2012-10-17",
@@ -743961,6 +744360,17 @@
743961
744360
  "observabilityadmin:TagResource",
743962
744361
  "observabilityadmin:UntagResource",
743963
744362
  "observabilityadmin:ListTagsForResource",
744363
+ "observabilityadmin:CreateTelemetryPipeline",
744364
+ "observabilityadmin:GetTelemetryPipeline",
744365
+ "observabilityadmin:UpdateTelemetryPipeline",
744366
+ "observabilityadmin:DeleteTelemetryPipeline",
744367
+ "observabilityadmin:ListTelemetryPipelines",
744368
+ "observabilityadmin:TestTelemetryPipeline",
744369
+ "observabilityadmin:ValidateTelemetryPipelineConfiguration",
744370
+ "observabilityadmin:CreateS3TableIntegration",
744371
+ "observabilityadmin:GetS3TableIntegration",
744372
+ "observabilityadmin:ListS3TableIntegrations",
744373
+ "observabilityadmin:DeleteS3TableIntegration",
743964
744374
  "rum:*",
743965
744375
  "synthetics:*",
743966
744376
  "xray:*"
@@ -744066,13 +744476,62 @@
744066
744476
  "resource-explorer-2:CreateIndex"
744067
744477
  ],
744068
744478
  "Resource": "arn:aws:resource-explorer-2:*:*:index/*"
744479
+ },
744480
+ {
744481
+ "Effect": "Allow",
744482
+ "Action": "iam:PassRole",
744483
+ "Resource": "*",
744484
+ "Condition": {
744485
+ "StringEquals": {
744486
+ "iam:PassedToService": "logs.amazonaws.com"
744487
+ },
744488
+ "ArnLike": {
744489
+ "iam:AssociatedResourceArn": "arn:aws:observabilityadmin:*:*:s3tableintegration/*"
744490
+ }
744491
+ }
744492
+ },
744493
+ {
744494
+ "Effect": "Allow",
744495
+ "Action": "iam:PassRole",
744496
+ "Resource": "*",
744497
+ "Condition": {
744498
+ "StringEquals": {
744499
+ "iam:PassedToService": [
744500
+ "logs.amazonaws.com",
744501
+ "telemetry-pipelines.observabilityadmin.amazonaws.com"
744502
+ ]
744503
+ },
744504
+ "ArnLike": {
744505
+ "iam:AssociatedResourceArn": "arn:aws:observabilityadmin:*:*:telemetry-pipeline/*"
744506
+ }
744507
+ }
744508
+ },
744509
+ {
744510
+ "Effect": "Allow",
744511
+ "Action": [
744512
+ "s3tables:CreateTableBucket",
744513
+ "s3tables:PutTableBucketEncryption"
744514
+ ],
744515
+ "Resource": "arn:aws:s3tables:*:*:bucket/aws-cloudwatch",
744516
+ "Condition": {
744517
+ "ForAnyValue:StringEquals": {
744518
+ "aws:CalledVia": "observabilityadmin.amazonaws.com"
744519
+ }
744520
+ }
744521
+ },
744522
+ {
744523
+ "Effect": "Allow",
744524
+ "Action": [
744525
+ "s3tables:PutTableBucketPolicy"
744526
+ ],
744527
+ "Resource": "arn:aws:s3tables:*:*:bucket/aws-cloudwatch"
744069
744528
  }
744070
744529
  ]
744071
744530
  }
744072
744531
  }
744073
744532
  },
744074
744533
  "createdDate": "2023-08-01T11:32:57.000Z",
744075
- "lastUpdatedDate": "2025-11-20T19:34:08.000Z"
744534
+ "lastUpdatedDate": "2025-12-02T16:49:09.000Z"
744076
744535
  },
744077
744536
  "AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy": {
744078
744537
  "arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy",
@@ -954605,8 +955064,8 @@
954605
955064
  },
954606
955065
  "AWSServiceRoleForAWSTransform": {
954607
955066
  "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAWSTransform",
954608
- "latestVersionId": "v3",
954609
- "versionsCount": 3,
955067
+ "latestVersionId": "v4",
955068
+ "versionsCount": 4,
954610
955069
  "versions": {
954611
955070
  "v1": {
954612
955071
  "createdDate": "2025-05-15T13:37:07.000Z",
@@ -954732,10 +955191,103 @@
954732
955191
  }
954733
955192
  ]
954734
955193
  }
955194
+ },
955195
+ "v4": {
955196
+ "createdDate": "2025-05-15T13:37:07.000Z",
955197
+ "document": {
955198
+ "Version": "2012-10-17",
955199
+ "Statement": [
955200
+ {
955201
+ "Sid": "PublishCloudWatchMetrics",
955202
+ "Effect": "Allow",
955203
+ "Action": [
955204
+ "cloudwatch:PutMetricData"
955205
+ ],
955206
+ "Resource": "*",
955207
+ "Condition": {
955208
+ "StringEquals": {
955209
+ "cloudwatch:namespace": [
955210
+ "AWS/Transform"
955211
+ ]
955212
+ }
955213
+ }
955214
+ },
955215
+ {
955216
+ "Sid": "UserManagementPolicy",
955217
+ "Effect": "Allow",
955218
+ "Action": [
955219
+ "sso:DescribeApplication",
955220
+ "sso:GetApplicationAssignmentConfiguration",
955221
+ "sso:ListApplicationAssignmentsForPrincipal"
955222
+ ],
955223
+ "Resource": [
955224
+ "*"
955225
+ ]
955226
+ },
955227
+ {
955228
+ "Sid": "AllowKmsAccessViaIdentityCenter",
955229
+ "Effect": "Allow",
955230
+ "Action": [
955231
+ "kms:Decrypt"
955232
+ ],
955233
+ "Resource": "*",
955234
+ "Condition": {
955235
+ "ArnLike": {
955236
+ "kms:EncryptionContext:aws:sso:instance-arn": "arn:*:sso:::instance/*"
955237
+ },
955238
+ "StringLike": {
955239
+ "kms:ViaService": "sso.*.amazonaws.com"
955240
+ }
955241
+ }
955242
+ },
955243
+ {
955244
+ "Sid": "AllowKmsAccessViaIdentityStore",
955245
+ "Effect": "Allow",
955246
+ "Action": [
955247
+ "kms:Decrypt"
955248
+ ],
955249
+ "Resource": "*",
955250
+ "Condition": {
955251
+ "ArnLike": {
955252
+ "kms:EncryptionContext:aws:identitystore:identitystore-arn": "arn:*:identitystore::*:identitystore/*"
955253
+ },
955254
+ "StringLike": {
955255
+ "kms:ViaService": "identitystore.*.amazonaws.com"
955256
+ }
955257
+ }
955258
+ },
955259
+ {
955260
+ "Sid": "SupportCaseManagement",
955261
+ "Effect": "Allow",
955262
+ "Action": [
955263
+ "support:CreateCase",
955264
+ "support:DescribeCases",
955265
+ "support:DescribeCommunications",
955266
+ "support:AddCommunicationToCase",
955267
+ "support:ResolveCase"
955268
+ ],
955269
+ "Resource": "*"
955270
+ },
955271
+ {
955272
+ "Sid": "ExternalIdpSecretsAccess",
955273
+ "Effect": "Allow",
955274
+ "Action": [
955275
+ "secretsmanager:GetSecretValue"
955276
+ ],
955277
+ "Resource": "arn:aws:secretsmanager:*:*:secret:transform!*",
955278
+ "Condition": {
955279
+ "StringEquals": {
955280
+ "secretsmanager:ResourceTag/aws:secretsmanager:owningService": "transform",
955281
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
955282
+ }
955283
+ }
955284
+ }
955285
+ ]
955286
+ }
954735
955287
  }
954736
955288
  },
954737
955289
  "createdDate": "2025-05-15T13:37:07.000Z",
954738
- "lastUpdatedDate": "2025-09-18T20:34:07.000Z"
955290
+ "lastUpdatedDate": "2025-12-01T13:19:12.000Z"
954739
955291
  },
954740
955292
  "CloudTrailEventContext": {
954741
955293
  "arn": "arn:aws:iam::aws:policy/aws-service-role/CloudTrailEventContext",
@@ -958590,8 +959142,8 @@
958590
959142
  },
958591
959143
  "BedrockAgentCoreFullAccess": {
958592
959144
  "arn": "arn:aws:iam::aws:policy/BedrockAgentCoreFullAccess",
958593
- "latestVersionId": "v4",
958594
- "versionsCount": 4,
959145
+ "latestVersionId": "v5",
959146
+ "versionsCount": 5,
958595
959147
  "versions": {
958596
959148
  "v1": {
958597
959149
  "createdDate": "2025-07-16T13:37:07.000Z",
@@ -959307,7 +959859,352 @@
959307
959859
  ]
959308
959860
  }
959309
959861
  },
959310
- "v4": {
959862
+ "v4": {
959863
+ "createdDate": "2025-07-16T13:37:07.000Z",
959864
+ "document": {
959865
+ "Version": "2012-10-17",
959866
+ "Statement": [
959867
+ {
959868
+ "Sid": "BedrockAgentCoreFullAccess",
959869
+ "Effect": "Allow",
959870
+ "Action": [
959871
+ "bedrock-agentcore:*"
959872
+ ],
959873
+ "Resource": "arn:aws:bedrock-agentcore:*:*:*"
959874
+ },
959875
+ {
959876
+ "Sid": "IAMListAccess",
959877
+ "Effect": "Allow",
959878
+ "Action": [
959879
+ "iam:GetRole",
959880
+ "iam:GetRolePolicy",
959881
+ "iam:ListAttachedRolePolicies",
959882
+ "iam:ListRolePolicies",
959883
+ "iam:ListRoles"
959884
+ ],
959885
+ "Resource": "arn:aws:iam::*:role/*"
959886
+ },
959887
+ {
959888
+ "Sid": "BedrockAgentCorePassRoleAccess",
959889
+ "Effect": "Allow",
959890
+ "Action": "iam:PassRole",
959891
+ "Resource": "arn:aws:iam::*:role/*BedrockAgentCore*",
959892
+ "Condition": {
959893
+ "StringEquals": {
959894
+ "iam:PassedToService": "bedrock-agentcore.amazonaws.com"
959895
+ }
959896
+ }
959897
+ },
959898
+ {
959899
+ "Sid": "SecretsManagerAccess",
959900
+ "Effect": "Allow",
959901
+ "Action": [
959902
+ "secretsmanager:CreateSecret",
959903
+ "secretsmanager:PutSecretValue",
959904
+ "secretsmanager:GetSecretValue",
959905
+ "secretsmanager:DeleteSecret"
959906
+ ],
959907
+ "Resource": "arn:aws:secretsmanager:*:*:secret:bedrock-agentcore*"
959908
+ },
959909
+ {
959910
+ "Sid": "BedrockAgentCoreKMSReadAccess",
959911
+ "Effect": "Allow",
959912
+ "Action": [
959913
+ "kms:ListKeys",
959914
+ "kms:DescribeKey"
959915
+ ],
959916
+ "Resource": [
959917
+ "arn:aws:kms:*:*:key/*"
959918
+ ],
959919
+ "Condition": {
959920
+ "StringEquals": {
959921
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
959922
+ }
959923
+ }
959924
+ },
959925
+ {
959926
+ "Sid": "BedrockAgentCoreKMSAccess",
959927
+ "Effect": "Allow",
959928
+ "Action": [
959929
+ "kms:Decrypt",
959930
+ "kms:GenerateDataKey",
959931
+ "kms:ListGrants"
959932
+ ],
959933
+ "Resource": [
959934
+ "arn:aws:kms:*:*:key/*"
959935
+ ],
959936
+ "Condition": {
959937
+ "StringEquals": {
959938
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
959939
+ },
959940
+ "ForAnyValue:StringEquals": {
959941
+ "aws:CalledVia": [
959942
+ "bedrock-agentcore.amazonaws.com"
959943
+ ]
959944
+ }
959945
+ }
959946
+ },
959947
+ {
959948
+ "Sid": "BedrockAgentCoreKMSGrantsAccess",
959949
+ "Effect": "Allow",
959950
+ "Action": [
959951
+ "kms:CreateGrant"
959952
+ ],
959953
+ "Resource": [
959954
+ "arn:aws:kms:*:*:key/*"
959955
+ ],
959956
+ "Condition": {
959957
+ "StringEquals": {
959958
+ "kms:GrantConstraintType": "EncryptionContextSubset"
959959
+ },
959960
+ "StringLike": {
959961
+ "kms:ViaService": [
959962
+ "bedrock-agentcore.*.amazonaws.com"
959963
+ ],
959964
+ "kms:EncryptionContext:aws:bedrock-agentcore-gateway:arn": "arn:aws:bedrock-agentcore:*:*:gateway/*"
959965
+ },
959966
+ "ForAllValues:StringEquals": {
959967
+ "kms:GrantOperations": [
959968
+ "Decrypt",
959969
+ "GenerateDataKey"
959970
+ ]
959971
+ }
959972
+ }
959973
+ },
959974
+ {
959975
+ "Sid": "BedrockAgentCoreS3Access",
959976
+ "Effect": "Allow",
959977
+ "Action": [
959978
+ "s3:GetObject"
959979
+ ],
959980
+ "Resource": [
959981
+ "arn:aws:s3:::bedrock-agentcore-gateway-*"
959982
+ ],
959983
+ "Condition": {
959984
+ "StringEquals": {
959985
+ "aws:CalledViaLast": "bedrock-agentcore.amazonaws.com",
959986
+ "s3:ResourceAccount": "${aws:PrincipalAccount}"
959987
+ }
959988
+ }
959989
+ },
959990
+ {
959991
+ "Sid": "BedrockAgentCoreGatewayLambdaAccess",
959992
+ "Effect": "Allow",
959993
+ "Action": [
959994
+ "lambda:ListFunctions"
959995
+ ],
959996
+ "Resource": [
959997
+ "arn:aws:lambda:*:*:*"
959998
+ ]
959999
+ },
960000
+ {
960001
+ "Sid": "LoggingAccess",
960002
+ "Effect": "Allow",
960003
+ "Action": [
960004
+ "logs:Get*",
960005
+ "logs:List*",
960006
+ "logs:StartQuery",
960007
+ "logs:StopQuery",
960008
+ "logs:Describe*",
960009
+ "logs:TestMetricFilter",
960010
+ "logs:FilterLogEvents"
960011
+ ],
960012
+ "Resource": [
960013
+ "arn:aws:logs:*:*:log-group:/aws/bedrock-agentcore/*",
960014
+ "arn:aws:logs:*:*:log-group:/aws/application-signals/data:*",
960015
+ "arn:aws:logs:*:*:log-group:aws/spans:*"
960016
+ ]
960017
+ },
960018
+ {
960019
+ "Sid": "ObservabilityReadOnlyPermissions",
960020
+ "Effect": "Allow",
960021
+ "Action": [
960022
+ "application-autoscaling:DescribeScalingPolicies",
960023
+ "application-signals:BatchGet*",
960024
+ "application-signals:Get*",
960025
+ "application-signals:List*",
960026
+ "autoscaling:Describe*",
960027
+ "cloudwatch:BatchGet*",
960028
+ "cloudwatch:Describe*",
960029
+ "cloudwatch:GenerateQuery",
960030
+ "cloudwatch:Get*",
960031
+ "cloudwatch:List*",
960032
+ "oam:ListSinks",
960033
+ "rum:BatchGet*",
960034
+ "rum:Get*",
960035
+ "rum:List*",
960036
+ "synthetics:Describe*",
960037
+ "synthetics:Get*",
960038
+ "synthetics:List*",
960039
+ "xray:BatchGet*",
960040
+ "xray:Get*",
960041
+ "xray:List*",
960042
+ "xray:StartTraceRetrieval",
960043
+ "xray:CancelTraceRetrieval",
960044
+ "logs:DescribeLogGroups",
960045
+ "logs:StartLiveTail",
960046
+ "logs:StopLiveTail"
960047
+ ],
960048
+ "Resource": "*"
960049
+ },
960050
+ {
960051
+ "Sid": "TransactionSearchXRayPermissions",
960052
+ "Effect": "Allow",
960053
+ "Action": [
960054
+ "xray:GetTraceSegmentDestination",
960055
+ "xray:UpdateTraceSegmentDestination",
960056
+ "xray:GetIndexingRules",
960057
+ "xray:UpdateIndexingRule"
960058
+ ],
960059
+ "Resource": "*"
960060
+ },
960061
+ {
960062
+ "Sid": "TransactionSearchLogGroupPermissions",
960063
+ "Effect": "Allow",
960064
+ "Action": [
960065
+ "logs:CreateLogGroup",
960066
+ "logs:CreateLogStream",
960067
+ "logs:PutRetentionPolicy"
960068
+ ],
960069
+ "Resource": [
960070
+ "arn:aws:logs:*:*:log-group:/aws/application-signals/data:*",
960071
+ "arn:aws:logs:*:*:log-group:aws/spans:*"
960072
+ ]
960073
+ },
960074
+ {
960075
+ "Sid": "TransactionSearchLogsPermissions",
960076
+ "Effect": "Allow",
960077
+ "Action": [
960078
+ "logs:DescribeResourcePolicies",
960079
+ "logs:PutResourcePolicy"
960080
+ ],
960081
+ "Resource": [
960082
+ "*"
960083
+ ],
960084
+ "Condition": {
960085
+ "StringEquals": {
960086
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
960087
+ }
960088
+ }
960089
+ },
960090
+ {
960091
+ "Sid": "TransactionSearchApplicationSignalsPermissions",
960092
+ "Effect": "Allow",
960093
+ "Action": [
960094
+ "application-signals:StartDiscovery"
960095
+ ],
960096
+ "Resource": "*"
960097
+ },
960098
+ {
960099
+ "Sid": "CloudWatchApplicationSignalsCreateServiceLinkedRolePermissions",
960100
+ "Effect": "Allow",
960101
+ "Action": "iam:CreateServiceLinkedRole",
960102
+ "Resource": "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals",
960103
+ "Condition": {
960104
+ "StringLike": {
960105
+ "iam:AWSServiceName": "application-signals.cloudwatch.amazonaws.com"
960106
+ }
960107
+ }
960108
+ },
960109
+ {
960110
+ "Sid": "CloudWatchApplicationSignalsGetRolePermissions",
960111
+ "Effect": "Allow",
960112
+ "Action": "iam:GetRole",
960113
+ "Resource": "arn:aws:iam::*:role/aws-service-role/application-signals.cloudwatch.amazonaws.com/AWSServiceRoleForCloudWatchApplicationSignals"
960114
+ },
960115
+ {
960116
+ "Sid": "CreateBedrockAgentCoreNetworkServiceLinkedRolePermissions",
960117
+ "Effect": "Allow",
960118
+ "Action": "iam:CreateServiceLinkedRole",
960119
+ "Resource": "arn:aws:iam::*:role/aws-service-role/network.bedrock-agentcore.amazonaws.com/AWSServiceRoleForBedrockAgentCoreNetwork",
960120
+ "Condition": {
960121
+ "StringEquals": {
960122
+ "iam:AWSServiceName": "network.bedrock-agentcore.amazonaws.com"
960123
+ }
960124
+ }
960125
+ },
960126
+ {
960127
+ "Sid": "CreateBedrockAgentCoreRuntimeIdentityServiceLinkedRolePermissions",
960128
+ "Effect": "Allow",
960129
+ "Action": "iam:CreateServiceLinkedRole",
960130
+ "Resource": "arn:aws:iam::*:role/aws-service-role/runtime-identity.bedrock-agentcore.amazonaws.com/AWSServiceRoleForBedrockAgentCoreRuntimeIdentity",
960131
+ "Condition": {
960132
+ "StringEquals": {
960133
+ "iam:AWSServiceName": "runtime-identity.bedrock-agentcore.amazonaws.com"
960134
+ }
960135
+ }
960136
+ },
960137
+ {
960138
+ "Sid": "CloudWatchApplicationSignalsCloudTrailPermissions",
960139
+ "Effect": "Allow",
960140
+ "Action": [
960141
+ "cloudtrail:CreateServiceLinkedChannel"
960142
+ ],
960143
+ "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/application-signals/*"
960144
+ },
960145
+ {
960146
+ "Sid": "BedrockAgentCoreRuntimeS3WriteAccess",
960147
+ "Effect": "Allow",
960148
+ "Action": [
960149
+ "s3:CreateBucket",
960150
+ "s3:PutBucketPolicy",
960151
+ "s3:PutBucketVersioning",
960152
+ "s3:PutObject"
960153
+ ],
960154
+ "Resource": [
960155
+ "arn:aws:s3:::bedrock-agentcore-runtime-*"
960156
+ ],
960157
+ "Condition": {
960158
+ "StringEquals": {
960159
+ "s3:ResourceAccount": "${aws:PrincipalAccount}"
960160
+ }
960161
+ }
960162
+ },
960163
+ {
960164
+ "Sid": "BedrockAgentCoreRuntimeS3ReadAccess",
960165
+ "Effect": "Allow",
960166
+ "Action": [
960167
+ "s3:GetObject",
960168
+ "s3:GetObjectVersion",
960169
+ "s3:ListBucket",
960170
+ "s3:ListBucketVersions"
960171
+ ],
960172
+ "Resource": "arn:aws:s3:::*",
960173
+ "Condition": {
960174
+ "StringEquals": {
960175
+ "s3:ResourceAccount": "${aws:PrincipalAccount}"
960176
+ }
960177
+ }
960178
+ },
960179
+ {
960180
+ "Sid": "BedrockAgentCoreRuntimeS3ListAccess",
960181
+ "Effect": "Allow",
960182
+ "Action": [
960183
+ "s3:ListAllMyBuckets"
960184
+ ],
960185
+ "Resource": "*",
960186
+ "Condition": {
960187
+ "StringEquals": {
960188
+ "s3:ResourceAccount": "${aws:PrincipalAccount}"
960189
+ }
960190
+ }
960191
+ },
960192
+ {
960193
+ "Sid": "BedrockAgentCoreRuntimeECRAccess",
960194
+ "Effect": "Allow",
960195
+ "Action": [
960196
+ "ecr:DescribeRepositories",
960197
+ "ecr:DescribeImages",
960198
+ "ecr:ListImages"
960199
+ ],
960200
+ "Resource": [
960201
+ "arn:aws:ecr:*:*:repository/*"
960202
+ ]
960203
+ }
960204
+ ]
960205
+ }
960206
+ },
960207
+ "v5": {
959311
960208
  "createdDate": "2025-07-16T13:37:07.000Z",
959312
960209
  "document": {
959313
960210
  "Version": "2012-10-17",
@@ -959445,6 +960342,16 @@
959445
960342
  "arn:aws:lambda:*:*:*"
959446
960343
  ]
959447
960344
  },
960345
+ {
960346
+ "Sid": "BedrockAgentCoreGatewayApiGateway",
960347
+ "Effect": "Allow",
960348
+ "Action": [
960349
+ "apigateway:GET"
960350
+ ],
960351
+ "Resource": [
960352
+ "arn:aws:apigateway:*::/restapis/*/stages/*/exports/*"
960353
+ ]
960354
+ },
959448
960355
  {
959449
960356
  "Sid": "LoggingAccess",
959450
960357
  "Effect": "Allow",
@@ -959648,13 +960555,47 @@
959648
960555
  "Resource": [
959649
960556
  "arn:aws:ecr:*:*:repository/*"
959650
960557
  ]
960558
+ },
960559
+ {
960560
+ "Sid": "AgentCoreEvaluationCloudWatchLogCreate",
960561
+ "Effect": "Allow",
960562
+ "Action": [
960563
+ "logs:CreateLogGroup"
960564
+ ],
960565
+ "Resource": [
960566
+ "arn:aws:logs:*:*:log-group:/aws/bedrock-agentcore/evaluations/*"
960567
+ ]
960568
+ },
960569
+ {
960570
+ "Sid": "AgentCoreEvaluationCloudWatchLogIndexAccess",
960571
+ "Effect": "Allow",
960572
+ "Action": [
960573
+ "logs:PutIndexPolicy",
960574
+ "logs:DescribeIndexPolicies"
960575
+ ],
960576
+ "Resource": [
960577
+ "arn:aws:logs:*:*:log-group:aws/spans",
960578
+ "arn:aws:logs:*:*:log-group:aws/spans:*"
960579
+ ]
960580
+ },
960581
+ {
960582
+ "Sid": "AgentCoreEvaluationBedrockInvokeAccess",
960583
+ "Effect": "Allow",
960584
+ "Action": [
960585
+ "bedrock:InvokeModel",
960586
+ "bedrock:InvokeModelWithResponseStream"
960587
+ ],
960588
+ "Resource": [
960589
+ "arn:aws:bedrock:*::foundation-model/*",
960590
+ "arn:aws:bedrock:*:*:inference-profile/*"
960591
+ ]
959651
960592
  }
959652
960593
  ]
959653
960594
  }
959654
960595
  }
959655
960596
  },
959656
960597
  "createdDate": "2025-07-16T13:37:07.000Z",
959657
- "lastUpdatedDate": "2025-11-03T21:04:07.000Z"
960598
+ "lastUpdatedDate": "2025-12-02T13:34:12.000Z"
959658
960599
  },
959659
960600
  "AWSRolesAnywhereFullAccess": {
959660
960601
  "arn": "arn:aws:iam::aws:policy/AWSRolesAnywhereFullAccess",
@@ -959967,8 +960908,8 @@
959967
960908
  },
959968
960909
  "AWSObservabilityAdminTelemetryEnablementServiceRolePolicy": {
959969
960910
  "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSObservabilityAdminTelemetryEnablementServiceRolePolicy",
959970
- "latestVersionId": "v1",
959971
- "versionsCount": 1,
960911
+ "latestVersionId": "v2",
960912
+ "versionsCount": 2,
959972
960913
  "versions": {
959973
960914
  "v1": {
959974
960915
  "createdDate": "2025-08-01T18:04:06.000Z",
@@ -960133,10 +961074,438 @@
960133
961074
  }
960134
961075
  ]
960135
961076
  }
961077
+ },
961078
+ "v2": {
961079
+ "createdDate": "2025-08-01T18:04:06.000Z",
961080
+ "document": {
961081
+ "Version": "2012-10-17",
961082
+ "Statement": [
961083
+ {
961084
+ "Sid": "TelemetryOperations",
961085
+ "Effect": "Allow",
961086
+ "Action": [
961087
+ "ec2:DescribeFlowLogs",
961088
+ "ec2:DescribeVpcs",
961089
+ "logs:DescribeLogGroups",
961090
+ "logs:DescribeResourcePolicies",
961091
+ "logs:ListLogGroups"
961092
+ ],
961093
+ "Resource": "*",
961094
+ "Condition": {
961095
+ "StringEquals": {
961096
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961097
+ }
961098
+ }
961099
+ },
961100
+ {
961101
+ "Sid": "TagOperationForEC2",
961102
+ "Effect": "Allow",
961103
+ "Action": [
961104
+ "ec2:CreateTags"
961105
+ ],
961106
+ "Resource": "*",
961107
+ "Condition": {
961108
+ "StringEquals": {
961109
+ "aws:RequestTag/CloudWatchTelemetryRuleManaged": "true",
961110
+ "aws:ResourceAccount": "${aws:PrincipalAccount}",
961111
+ "ec2:CreateAction": "CreateFlowLogs"
961112
+ },
961113
+ "ForAllValues:StringEquals": {
961114
+ "aws:TagKeys": "CloudWatchTelemetryRuleManaged"
961115
+ }
961116
+ }
961117
+ },
961118
+ {
961119
+ "Sid": "TagOperationForLogs",
961120
+ "Effect": "Allow",
961121
+ "Action": [
961122
+ "logs:TagResource"
961123
+ ],
961124
+ "Resource": "*",
961125
+ "Condition": {
961126
+ "StringEquals": {
961127
+ "aws:ResourceTag/CloudWatchTelemetryRuleManaged": "true",
961128
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961129
+ },
961130
+ "ForAllValues:StringEquals": {
961131
+ "aws:TagKeys": "CloudWatchTelemetryRuleManaged"
961132
+ }
961133
+ }
961134
+ },
961135
+ {
961136
+ "Sid": "TelemetryOperationsForVPCLogs",
961137
+ "Effect": "Allow",
961138
+ "Action": [
961139
+ "ec2:CreateFlowLogs"
961140
+ ],
961141
+ "Resource": "arn:aws:ec2:*:*:vpc/*",
961142
+ "Condition": {
961143
+ "StringEquals": {
961144
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961145
+ }
961146
+ }
961147
+ },
961148
+ {
961149
+ "Sid": "TelemetryOperationsForVPCFlowLogs",
961150
+ "Effect": "Allow",
961151
+ "Action": [
961152
+ "ec2:CreateFlowLogs"
961153
+ ],
961154
+ "Resource": "arn:aws:ec2:*:*:vpc-flow-log/*",
961155
+ "Condition": {
961156
+ "StringEquals": {
961157
+ "aws:RequestTag/CloudWatchTelemetryRuleManaged": "true",
961158
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961159
+ },
961160
+ "ForAllValues:StringEquals": {
961161
+ "aws:TagKeys": "CloudWatchTelemetryRuleManaged"
961162
+ }
961163
+ }
961164
+ },
961165
+ {
961166
+ "Sid": "TelemetryOperationsForLogs",
961167
+ "Effect": "Allow",
961168
+ "Action": [
961169
+ "ec2:DeleteFlowLogs",
961170
+ "logs:CreateDelivery",
961171
+ "logs:CreateLogGroup",
961172
+ "logs:PutResourcePolicy",
961173
+ "logs:PutRetentionPolicy",
961174
+ "logs:PutDeliveryDestination",
961175
+ "logs:PutDeliverySource",
961176
+ "logs:CreateLogStream",
961177
+ "logs:DescribeLogGroups"
961178
+ ],
961179
+ "Resource": "*",
961180
+ "Condition": {
961181
+ "StringEquals": {
961182
+ "aws:ResourceTag/CloudWatchTelemetryRuleManaged": "true",
961183
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961184
+ }
961185
+ }
961186
+ },
961187
+ {
961188
+ "Sid": "TelemetryOperationsForEKSApiLogs",
961189
+ "Effect": "Allow",
961190
+ "Action": [
961191
+ "eks:UpdateClusterConfig"
961192
+ ],
961193
+ "Resource": "arn:aws:eks:*:*:cluster/*",
961194
+ "Condition": {
961195
+ "StringEquals": {
961196
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961197
+ },
961198
+ "Bool": {
961199
+ "eks:loggingType/api": "true"
961200
+ }
961201
+ }
961202
+ },
961203
+ {
961204
+ "Sid": "TelemetryOperationsForEKSAuditLogs",
961205
+ "Effect": "Allow",
961206
+ "Action": [
961207
+ "eks:UpdateClusterConfig"
961208
+ ],
961209
+ "Resource": "arn:aws:eks:*:*:cluster/*",
961210
+ "Condition": {
961211
+ "StringEquals": {
961212
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961213
+ },
961214
+ "Bool": {
961215
+ "eks:loggingType/audit": "true"
961216
+ }
961217
+ }
961218
+ },
961219
+ {
961220
+ "Sid": "TelemetryOperationsForEKSAuthenticatorLogs",
961221
+ "Effect": "Allow",
961222
+ "Action": [
961223
+ "eks:UpdateClusterConfig"
961224
+ ],
961225
+ "Resource": "arn:aws:eks:*:*:cluster/*",
961226
+ "Condition": {
961227
+ "StringEquals": {
961228
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961229
+ },
961230
+ "Bool": {
961231
+ "eks:loggingType/authenticator": "true"
961232
+ }
961233
+ }
961234
+ },
961235
+ {
961236
+ "Sid": "TelemetryOperationsForEKSControllerManagerLogs",
961237
+ "Effect": "Allow",
961238
+ "Action": [
961239
+ "eks:UpdateClusterConfig"
961240
+ ],
961241
+ "Resource": "arn:aws:eks:*:*:cluster/*",
961242
+ "Condition": {
961243
+ "StringEquals": {
961244
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961245
+ },
961246
+ "Bool": {
961247
+ "eks:loggingType/controllerManager": "true"
961248
+ }
961249
+ }
961250
+ },
961251
+ {
961252
+ "Sid": "TelemetryOperationsForEKSSchedulerLogs",
961253
+ "Effect": "Allow",
961254
+ "Action": [
961255
+ "eks:UpdateClusterConfig"
961256
+ ],
961257
+ "Resource": "arn:aws:eks:*:*:cluster/*",
961258
+ "Condition": {
961259
+ "StringEquals": {
961260
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961261
+ },
961262
+ "Bool": {
961263
+ "eks:loggingType/scheduler": "true"
961264
+ }
961265
+ }
961266
+ },
961267
+ {
961268
+ "Sid": "TelemetryOperationsForWafLoggingConfigurations",
961269
+ "Effect": "Allow",
961270
+ "Action": [
961271
+ "wafv2:PutLoggingConfiguration"
961272
+ ],
961273
+ "Resource": "arn:aws:wafv2:*:*:regional/webacl/*",
961274
+ "Condition": {
961275
+ "ArnLike": {
961276
+ "wafv2:LogDestinationResource": "arn:aws:logs:*:*:log-group:*"
961277
+ },
961278
+ "StringEquals": {
961279
+ "wafv2:LogScope": "CloudwatchTelemetryRuleManaged",
961280
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961281
+ }
961282
+ }
961283
+ },
961284
+ {
961285
+ "Sid": "TelemetryOperationsForWafLogDelivery",
961286
+ "Effect": "Allow",
961287
+ "Action": [
961288
+ "logs:CreateLogDelivery"
961289
+ ],
961290
+ "Resource": "*",
961291
+ "Condition": {
961292
+ "ForAnyValue:StringEquals": {
961293
+ "aws:CalledVia": [
961294
+ "wafv2.amazonaws.com"
961295
+ ]
961296
+ },
961297
+ "StringEquals": {
961298
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961299
+ }
961300
+ }
961301
+ },
961302
+ {
961303
+ "Sid": "TelemetryOperationsForELB",
961304
+ "Effect": "Allow",
961305
+ "Action": [
961306
+ "elasticloadbalancing:AllowVendedLogDeliveryForResource"
961307
+ ],
961308
+ "Resource": "*",
961309
+ "Condition": {
961310
+ "StringEquals": {
961311
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961312
+ }
961313
+ }
961314
+ },
961315
+ {
961316
+ "Sid": "TelemetryOperationsForBedrock",
961317
+ "Effect": "Allow",
961318
+ "Action": [
961319
+ "bedrock-agentcore:AllowVendedLogDeliveryForResource"
961320
+ ],
961321
+ "Resource": "*",
961322
+ "Condition": {
961323
+ "StringEquals": {
961324
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961325
+ }
961326
+ }
961327
+ },
961328
+ {
961329
+ "Sid": "TelemetryOperationsForCloudTrailLogs",
961330
+ "Effect": "Allow",
961331
+ "Action": [
961332
+ "cloudtrail:CreateServiceLinkedChannel",
961333
+ "cloudtrail:UpdateServiceLinkedChannel",
961334
+ "cloudtrail:DeleteServiceLinkedChannel"
961335
+ ],
961336
+ "Resource": "arn:aws:cloudtrail:*:*:channel/aws-service-channel/cloudwatch/*",
961337
+ "Condition": {
961338
+ "StringEquals": {
961339
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961340
+ }
961341
+ }
961342
+ },
961343
+ {
961344
+ "Sid": "TelemetryOperationsForManagedLogs",
961345
+ "Effect": "Allow",
961346
+ "Action": [
961347
+ "logs:CreateLogGroup",
961348
+ "logs:PutResourcePolicy",
961349
+ "logs:PutRetentionPolicy"
961350
+ ],
961351
+ "Resource": [
961352
+ "arn:aws:logs:*:*:log-group:aws/cloudtrail",
961353
+ "arn:aws:logs:*:*:log-group:aws/cloudtrail/*"
961354
+ ],
961355
+ "Condition": {
961356
+ "StringEquals": {
961357
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961358
+ }
961359
+ }
961360
+ },
961361
+ {
961362
+ "Sid": "Route53QueryLoggingListOperations",
961363
+ "Effect": "Allow",
961364
+ "Action": [
961365
+ "route53resolver:ListResolverQueryLogConfigs",
961366
+ "route53resolver:ListResolverQueryLogConfigAssociations"
961367
+ ],
961368
+ "Resource": "*",
961369
+ "Condition": {
961370
+ "StringEquals": {
961371
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961372
+ }
961373
+ }
961374
+ },
961375
+ {
961376
+ "Sid": "Route53QueryLoggingGetOperations",
961377
+ "Effect": "Allow",
961378
+ "Action": [
961379
+ "route53resolver:GetResolverQueryLogConfig",
961380
+ "route53resolver:ListTagsForResource"
961381
+ ],
961382
+ "Resource": "*",
961383
+ "Condition": {
961384
+ "StringEquals": {
961385
+ "aws:ResourceTag/CloudWatchTelemetryRuleManaged": "true",
961386
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961387
+ }
961388
+ }
961389
+ },
961390
+ {
961391
+ "Sid": "Route53QueryLoggingConfigCreation",
961392
+ "Effect": "Allow",
961393
+ "Action": [
961394
+ "route53resolver:CreateResolverQueryLogConfig",
961395
+ "route53resolver:TagResource"
961396
+ ],
961397
+ "Resource": "arn:aws:route53resolver:*:*:resolver-query-log-config/*",
961398
+ "Condition": {
961399
+ "StringEquals": {
961400
+ "aws:RequestTag/CloudWatchTelemetryRuleManaged": "true",
961401
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961402
+ }
961403
+ }
961404
+ },
961405
+ {
961406
+ "Sid": "Route53QueryLoggingConfigAssociation",
961407
+ "Effect": "Allow",
961408
+ "Action": [
961409
+ "route53resolver:AssociateResolverQueryLogConfig"
961410
+ ],
961411
+ "Resource": "*",
961412
+ "Condition": {
961413
+ "StringEquals": {
961414
+ "aws:ResourceTag/CloudWatchTelemetryRuleManaged": "true",
961415
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961416
+ }
961417
+ }
961418
+ },
961419
+ {
961420
+ "Sid": "TelemetryOperationsForRoute53LogDeliverySLR",
961421
+ "Effect": "Allow",
961422
+ "Action": [
961423
+ "iam:CreateServiceLinkedRole"
961424
+ ],
961425
+ "Resource": "arn:*:iam::*:role/aws-service-role/route53resolver.amazonaws.com/AWSServiceRoleForRoute53Resolver",
961426
+ "Condition": {
961427
+ "StringEquals": {
961428
+ "iam:AWSServiceName": [
961429
+ "route53resolver.amazonaws.com"
961430
+ ],
961431
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961432
+ },
961433
+ "BoolIfExists": {
961434
+ "aws:ViaAWSService": "true"
961435
+ }
961436
+ }
961437
+ },
961438
+ {
961439
+ "Sid": "TelemetryOperationsForRoute53LogDelivery",
961440
+ "Effect": "Allow",
961441
+ "Action": [
961442
+ "logs:CreateLogDelivery"
961443
+ ],
961444
+ "Resource": "*"
961445
+ },
961446
+ {
961447
+ "Sid": "IAMOperationsForConfigServiceLinkedRecorder",
961448
+ "Effect": "Allow",
961449
+ "Action": [
961450
+ "iam:CreateServiceLinkedRole"
961451
+ ],
961452
+ "Resource": [
961453
+ "arn:aws:iam::*:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig"
961454
+ ],
961455
+ "Condition": {
961456
+ "StringEquals": {
961457
+ "iam:AWSServiceName": [
961458
+ "config.amazonaws.com"
961459
+ ],
961460
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961461
+ },
961462
+ "BoolIfExists": {
961463
+ "aws:ViaAWSService": "true"
961464
+ }
961465
+ }
961466
+ },
961467
+ {
961468
+ "Sid": "ManagementOperationsForServiceLinkedRecorder",
961469
+ "Effect": "Allow",
961470
+ "Action": [
961471
+ "config:PutServiceLinkedConfigurationRecorder",
961472
+ "config:DeleteServiceLinkedConfigurationRecorder",
961473
+ "config:AssociateResourceTypes",
961474
+ "config:DisassociateResourceTypes"
961475
+ ],
961476
+ "Resource": [
961477
+ "arn:aws:config:*:*:configuration-recorder/AWSConfigurationRecorderForObservabilityAdmin_TelemetryEnablement/*"
961478
+ ],
961479
+ "Condition": {
961480
+ "StringEquals": {
961481
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961482
+ }
961483
+ }
961484
+ },
961485
+ {
961486
+ "Sid": "ReadOperationsForServiceLinkedRecorder",
961487
+ "Effect": "Allow",
961488
+ "Action": [
961489
+ "config:DescribeConfigurationRecorders"
961490
+ ],
961491
+ "Resource": [
961492
+ "*"
961493
+ ],
961494
+ "Condition": {
961495
+ "StringEquals": {
961496
+ "config:ConfigurationRecorderServicePrincipal": [
961497
+ "telemetry-enablement.observabilityadmin.amazonaws.com"
961498
+ ],
961499
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
961500
+ }
961501
+ }
961502
+ }
961503
+ ]
961504
+ }
960136
961505
  }
960137
961506
  },
960138
961507
  "createdDate": "2025-08-01T18:04:06.000Z",
960139
- "lastUpdatedDate": "2025-08-01T18:04:06.000Z"
961508
+ "lastUpdatedDate": "2025-12-02T01:19:06.000Z"
960140
961509
  },
960141
961510
  "AWSQuickSetupStartStopInstancesExecutionPolicy": {
960142
961511
  "arn": "arn:aws:iam::aws:policy/AWSQuickSetupStartStopInstancesExecutionPolicy",
@@ -979181,5 +980550,106 @@
979181
980550
  },
979182
980551
  "createdDate": "2025-12-01T00:34:10.000Z",
979183
980552
  "lastUpdatedDate": "2025-12-01T00:34:10.000Z"
980553
+ },
980554
+ "SecurityAgentWebAppAPIPolicy": {
980555
+ "arn": "arn:aws:iam::aws:policy/service-role/SecurityAgentWebAppAPIPolicy",
980556
+ "latestVersionId": "v1",
980557
+ "versionsCount": 1,
980558
+ "versions": {
980559
+ "v1": {
980560
+ "createdDate": "2025-12-02T15:04:06.000Z",
980561
+ "document": {
980562
+ "Version": "2012-10-17",
980563
+ "Statement": [
980564
+ {
980565
+ "Sid": "ApplicationAccess",
980566
+ "Effect": "Allow",
980567
+ "Action": [
980568
+ "securityagent:ListAgentInstances",
980569
+ "securityagent:ListControls"
980570
+ ],
980571
+ "Resource": "*",
980572
+ "Condition": {
980573
+ "StringEquals": {
980574
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
980575
+ }
980576
+ }
980577
+ },
980578
+ {
980579
+ "Sid": "AgentInstanceAccess",
980580
+ "Effect": "Allow",
980581
+ "Action": [
980582
+ "securityagent:AddArtifact",
980583
+ "securityagent:BatchDeletePentests",
980584
+ "securityagent:BatchGetAgentInstances",
980585
+ "securityagent:BatchGetArtifactMetadata",
980586
+ "securityagent:BatchGetFindings",
980587
+ "securityagent:BatchGetPentestJobs",
980588
+ "securityagent:BatchGetPentests",
980589
+ "securityagent:BatchGetTasks",
980590
+ "securityagent:CreateDocumentReview",
980591
+ "securityagent:CreatePentest",
980592
+ "securityagent:DeleteArtifact",
980593
+ "securityagent:GetArtifact",
980594
+ "securityagent:GetCodeReviewTask",
980595
+ "securityagent:GetDocReviewTask",
980596
+ "securityagent:GetDocumentReview",
980597
+ "securityagent:GetDocumentReviewArtifact",
980598
+ "securityagent:ListArtifacts",
980599
+ "securityagent:ListControls",
980600
+ "securityagent:ListDiscoveredEndpoints",
980601
+ "securityagent:ListDocumentReviewComments",
980602
+ "securityagent:ListDocumentReviews",
980603
+ "securityagent:ListFindings",
980604
+ "securityagent:ListIntegratedResources",
980605
+ "securityagent:ListPentestJobsForPentest",
980606
+ "securityagent:ListPentests",
980607
+ "securityagent:ListTasks",
980608
+ "securityagent:StartPentestExecution",
980609
+ "securityagent:StopPentestExecution",
980610
+ "securityagent:UpdateFinding",
980611
+ "securityagent:UpdatePentest"
980612
+ ],
980613
+ "Resource": "arn:aws:securityagent:*:*:agent-instance*",
980614
+ "Condition": {
980615
+ "StringEquals": {
980616
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
980617
+ }
980618
+ }
980619
+ }
980620
+ ]
980621
+ }
980622
+ }
980623
+ },
980624
+ "createdDate": "2025-12-02T15:04:06.000Z",
980625
+ "lastUpdatedDate": "2025-12-02T15:04:06.000Z"
980626
+ },
980627
+ "AWSLambdaBasicDurableExecutionRolePolicy": {
980628
+ "arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicDurableExecutionRolePolicy",
980629
+ "latestVersionId": "v1",
980630
+ "versionsCount": 1,
980631
+ "versions": {
980632
+ "v1": {
980633
+ "createdDate": "2025-12-02T15:04:12.000Z",
980634
+ "document": {
980635
+ "Version": "2012-10-17",
980636
+ "Statement": [
980637
+ {
980638
+ "Effect": "Allow",
980639
+ "Action": [
980640
+ "logs:CreateLogGroup",
980641
+ "logs:CreateLogStream",
980642
+ "logs:PutLogEvents",
980643
+ "lambda:CheckpointDurableExecution",
980644
+ "lambda:GetDurableExecutionState"
980645
+ ],
980646
+ "Resource": "*"
980647
+ }
980648
+ ]
980649
+ }
980650
+ }
980651
+ },
980652
+ "createdDate": "2025-12-02T15:04:12.000Z",
980653
+ "lastUpdatedDate": "2025-12-02T15:04:12.000Z"
979184
980654
  }
979185
980655
  }