aws-iam-managed-policies 0.0.71 → 0.0.73

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/managedPolicies.json +1696 -184
  2. package/package.json +1 -1
package/dist/managedPolicies.json CHANGED
@@ -153183,8 +153183,8 @@
153183
153183
  },
153184
153184
  "AmazonSageMakerFullAccess": {
153185
153185
  "arn": "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
153186
- "latestVersionId": "v24",
153187
- "versionsCount": 24,
153186
+ "latestVersionId": "v25",
153187
+ "versionsCount": 25,
153188
153188
  "versions": {
153189
153189
  "v2": {
153190
153190
  "createdDate": "2018-01-08T22:18:43.000Z",
@@ -158120,8 +158120,460 @@
158120
158120
  ]
158121
158121
  }
158122
158122
  },
158123
- "v18": {
158124
- "createdDate": "2020-12-01T16:31:19.000Z",
158123
+ "v18": {
158124
+ "createdDate": "2020-12-01T16:31:19.000Z",
158125
+ "document": {
158126
+ "Version": "2012-10-17",
158127
+ "Statement": [
158128
+ {
158129
+ "Effect": "Allow",
158130
+ "Action": [
158131
+ "sagemaker:*"
158132
+ ],
158133
+ "NotResource": [
158134
+ "arn:aws:sagemaker:*:*:domain/*",
158135
+ "arn:aws:sagemaker:*:*:user-profile/*",
158136
+ "arn:aws:sagemaker:*:*:app/*",
158137
+ "arn:aws:sagemaker:*:*:flow-definition/*"
158138
+ ]
158139
+ },
158140
+ {
158141
+ "Effect": "Allow",
158142
+ "Action": [
158143
+ "sagemaker:CreatePresignedDomainUrl",
158144
+ "sagemaker:DescribeDomain",
158145
+ "sagemaker:ListDomains",
158146
+ "sagemaker:DescribeUserProfile",
158147
+ "sagemaker:ListUserProfiles",
158148
+ "sagemaker:*App",
158149
+ "sagemaker:ListApps"
158150
+ ],
158151
+ "Resource": "*"
158152
+ },
158153
+ {
158154
+ "Effect": "Allow",
158155
+ "Action": "sagemaker:*",
158156
+ "Resource": [
158157
+ "arn:aws:sagemaker:*:*:flow-definition/*"
158158
+ ],
158159
+ "Condition": {
158160
+ "StringEqualsIfExists": {
158161
+ "sagemaker:WorkteamType": [
158162
+ "private-crowd",
158163
+ "vendor-crowd"
158164
+ ]
158165
+ }
158166
+ }
158167
+ },
158168
+ {
158169
+ "Effect": "Allow",
158170
+ "Action": [
158171
+ "application-autoscaling:DeleteScalingPolicy",
158172
+ "application-autoscaling:DeleteScheduledAction",
158173
+ "application-autoscaling:DeregisterScalableTarget",
158174
+ "application-autoscaling:DescribeScalableTargets",
158175
+ "application-autoscaling:DescribeScalingActivities",
158176
+ "application-autoscaling:DescribeScalingPolicies",
158177
+ "application-autoscaling:DescribeScheduledActions",
158178
+ "application-autoscaling:PutScalingPolicy",
158179
+ "application-autoscaling:PutScheduledAction",
158180
+ "application-autoscaling:RegisterScalableTarget",
158181
+ "aws-marketplace:ViewSubscriptions",
158182
+ "cloudformation:GetTemplateSummary",
158183
+ "cloudwatch:DeleteAlarms",
158184
+ "cloudwatch:DescribeAlarms",
158185
+ "cloudwatch:GetMetricData",
158186
+ "cloudwatch:GetMetricStatistics",
158187
+ "cloudwatch:ListMetrics",
158188
+ "cloudwatch:PutMetricAlarm",
158189
+ "cloudwatch:PutMetricData",
158190
+ "codecommit:BatchGetRepositories",
158191
+ "codecommit:CreateRepository",
158192
+ "codecommit:GetRepository",
158193
+ "codecommit:List*",
158194
+ "cognito-idp:AdminAddUserToGroup",
158195
+ "cognito-idp:AdminCreateUser",
158196
+ "cognito-idp:AdminDeleteUser",
158197
+ "cognito-idp:AdminDisableUser",
158198
+ "cognito-idp:AdminEnableUser",
158199
+ "cognito-idp:AdminRemoveUserFromGroup",
158200
+ "cognito-idp:CreateGroup",
158201
+ "cognito-idp:CreateUserPool",
158202
+ "cognito-idp:CreateUserPoolClient",
158203
+ "cognito-idp:CreateUserPoolDomain",
158204
+ "cognito-idp:DescribeUserPool",
158205
+ "cognito-idp:DescribeUserPoolClient",
158206
+ "cognito-idp:List*",
158207
+ "cognito-idp:UpdateUserPool",
158208
+ "cognito-idp:UpdateUserPoolClient",
158209
+ "ec2:CreateNetworkInterface",
158210
+ "ec2:CreateNetworkInterfacePermission",
158211
+ "ec2:CreateVpcEndpoint",
158212
+ "ec2:DeleteNetworkInterface",
158213
+ "ec2:DeleteNetworkInterfacePermission",
158214
+ "ec2:DescribeDhcpOptions",
158215
+ "ec2:DescribeNetworkInterfaces",
158216
+ "ec2:DescribeRouteTables",
158217
+ "ec2:DescribeSecurityGroups",
158218
+ "ec2:DescribeSubnets",
158219
+ "ec2:DescribeVpcEndpoints",
158220
+ "ec2:DescribeVpcs",
158221
+ "ecr:BatchCheckLayerAvailability",
158222
+ "ecr:BatchGetImage",
158223
+ "ecr:CreateRepository",
158224
+ "ecr:Describe*",
158225
+ "ecr:GetAuthorizationToken",
158226
+ "ecr:GetDownloadUrlForLayer",
158227
+ "ecr:StartImageScan",
158228
+ "elastic-inference:Connect",
158229
+ "elasticfilesystem:DescribeFileSystems",
158230
+ "elasticfilesystem:DescribeMountTargets",
158231
+ "fsx:DescribeFileSystems",
158232
+ "glue:CreateJob",
158233
+ "glue:DeleteJob",
158234
+ "glue:GetJob*",
158235
+ "glue:GetTable*",
158236
+ "glue:GetWorkflowRun",
158237
+ "glue:ResetJobBookmark",
158238
+ "glue:StartJobRun",
158239
+ "glue:StartWorkflowRun",
158240
+ "glue:UpdateJob",
158241
+ "groundtruthlabeling:*",
158242
+ "iam:ListRoles",
158243
+ "kms:DescribeKey",
158244
+ "kms:ListAliases",
158245
+ "lambda:ListFunctions",
158246
+ "logs:CreateLogDelivery",
158247
+ "logs:CreateLogGroup",
158248
+ "logs:CreateLogStream",
158249
+ "logs:DeleteLogDelivery",
158250
+ "logs:Describe*",
158251
+ "logs:GetLogDelivery",
158252
+ "logs:GetLogEvents",
158253
+ "logs:ListLogDeliveries",
158254
+ "logs:PutLogEvents",
158255
+ "logs:PutResourcePolicy",
158256
+ "logs:UpdateLogDelivery",
158257
+ "robomaker:CreateSimulationApplication",
158258
+ "robomaker:DescribeSimulationApplication",
158259
+ "robomaker:DeleteSimulationApplication",
158260
+ "robomaker:CreateSimulationJob",
158261
+ "robomaker:DescribeSimulationJob",
158262
+ "robomaker:CancelSimulationJob",
158263
+ "secretsmanager:ListSecrets",
158264
+ "servicecatalog:Describe*",
158265
+ "servicecatalog:List*",
158266
+ "servicecatalog:ScanProvisionedProducts",
158267
+ "servicecatalog:SearchProducts",
158268
+ "servicecatalog:SearchProvisionedProducts",
158269
+ "sns:ListTopics",
158270
+ "tag:GetResources"
158271
+ ],
158272
+ "Resource": "*"
158273
+ },
158274
+ {
158275
+ "Effect": "Allow",
158276
+ "Action": [
158277
+ "ecr:SetRepositoryPolicy",
158278
+ "ecr:CompleteLayerUpload",
158279
+ "ecr:BatchDeleteImage",
158280
+ "ecr:UploadLayerPart",
158281
+ "ecr:DeleteRepositoryPolicy",
158282
+ "ecr:InitiateLayerUpload",
158283
+ "ecr:DeleteRepository",
158284
+ "ecr:PutImage"
158285
+ ],
158286
+ "Resource": [
158287
+ "arn:aws:ecr:*:*:repository/*sagemaker*"
158288
+ ]
158289
+ },
158290
+ {
158291
+ "Effect": "Allow",
158292
+ "Action": [
158293
+ "codecommit:GitPull",
158294
+ "codecommit:GitPush"
158295
+ ],
158296
+ "Resource": [
158297
+ "arn:aws:codecommit:*:*:*sagemaker*",
158298
+ "arn:aws:codecommit:*:*:*SageMaker*",
158299
+ "arn:aws:codecommit:*:*:*Sagemaker*"
158300
+ ]
158301
+ },
158302
+ {
158303
+ "Action": [
158304
+ "codebuild:BatchGetBuilds",
158305
+ "codebuild:StartBuild"
158306
+ ],
158307
+ "Resource": [
158308
+ "arn:aws:codebuild:*:*:project/sagemaker*",
158309
+ "arn:aws:codebuild:*:*:build/*"
158310
+ ],
158311
+ "Effect": "Allow"
158312
+ },
158313
+ {
158314
+ "Action": [
158315
+ "states:DescribeExecution",
158316
+ "states:GetExecutionHistory",
158317
+ "states:StartExecution",
158318
+ "states:StopExecution",
158319
+ "states:UpdateStateMachine"
158320
+ ],
158321
+ "Resource": [
158322
+ "arn:aws:states:*:*:statemachine:*sagemaker*",
158323
+ "arn:aws:states:*:*:execution:*sagemaker*:*"
158324
+ ],
158325
+ "Effect": "Allow"
158326
+ },
158327
+ {
158328
+ "Effect": "Allow",
158329
+ "Action": [
158330
+ "secretsmanager:DescribeSecret",
158331
+ "secretsmanager:GetSecretValue",
158332
+ "secretsmanager:CreateSecret"
158333
+ ],
158334
+ "Resource": [
158335
+ "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*"
158336
+ ]
158337
+ },
158338
+ {
158339
+ "Effect": "Allow",
158340
+ "Action": [
158341
+ "secretsmanager:DescribeSecret",
158342
+ "secretsmanager:GetSecretValue"
158343
+ ],
158344
+ "Resource": "*",
158345
+ "Condition": {
158346
+ "StringEquals": {
158347
+ "secretsmanager:ResourceTag/SageMaker": "true"
158348
+ }
158349
+ }
158350
+ },
158351
+ {
158352
+ "Effect": "Allow",
158353
+ "Action": [
158354
+ "servicecatalog:ProvisionProduct"
158355
+ ],
158356
+ "Resource": "*"
158357
+ },
158358
+ {
158359
+ "Effect": "Allow",
158360
+ "Action": [
158361
+ "servicecatalog:TerminateProvisionedProduct",
158362
+ "servicecatalog:UpdateProvisionedProduct"
158363
+ ],
158364
+ "Resource": "*",
158365
+ "Condition": {
158366
+ "StringEquals": {
158367
+ "servicecatalog:userLevel": "self"
158368
+ }
158369
+ }
158370
+ },
158371
+ {
158372
+ "Effect": "Allow",
158373
+ "Action": [
158374
+ "s3:GetObject",
158375
+ "s3:PutObject",
158376
+ "s3:DeleteObject",
158377
+ "s3:AbortMultipartUpload"
158378
+ ],
158379
+ "Resource": [
158380
+ "arn:aws:s3:::*SageMaker*",
158381
+ "arn:aws:s3:::*Sagemaker*",
158382
+ "arn:aws:s3:::*sagemaker*",
158383
+ "arn:aws:s3:::*aws-glue*"
158384
+ ]
158385
+ },
158386
+ {
158387
+ "Effect": "Allow",
158388
+ "Action": [
158389
+ "s3:GetObject"
158390
+ ],
158391
+ "Resource": "*",
158392
+ "Condition": {
158393
+ "StringEqualsIgnoreCase": {
158394
+ "s3:ExistingObjectTag/SageMaker": "true"
158395
+ }
158396
+ }
158397
+ },
158398
+ {
158399
+ "Effect": "Allow",
158400
+ "Action": [
158401
+ "s3:GetObject"
158402
+ ],
158403
+ "Resource": "*",
158404
+ "Condition": {
158405
+ "StringEquals": {
158406
+ "s3:ExistingObjectTag/servicecatalog:provisioning": "true"
158407
+ }
158408
+ }
158409
+ },
158410
+ {
158411
+ "Effect": "Allow",
158412
+ "Action": [
158413
+ "s3:CreateBucket",
158414
+ "s3:GetBucketLocation",
158415
+ "s3:ListBucket",
158416
+ "s3:ListAllMyBuckets",
158417
+ "s3:GetBucketCors",
158418
+ "s3:PutBucketCors"
158419
+ ],
158420
+ "Resource": "*"
158421
+ },
158422
+ {
158423
+ "Effect": "Allow",
158424
+ "Action": [
158425
+ "lambda:InvokeFunction"
158426
+ ],
158427
+ "Resource": [
158428
+ "arn:aws:lambda:*:*:function:*SageMaker*",
158429
+ "arn:aws:lambda:*:*:function:*sagemaker*",
158430
+ "arn:aws:lambda:*:*:function:*Sagemaker*",
158431
+ "arn:aws:lambda:*:*:function:*LabelingFunction*"
158432
+ ]
158433
+ },
158434
+ {
158435
+ "Action": "iam:CreateServiceLinkedRole",
158436
+ "Effect": "Allow",
158437
+ "Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint",
158438
+ "Condition": {
158439
+ "StringLike": {
158440
+ "iam:AWSServiceName": "sagemaker.application-autoscaling.amazonaws.com"
158441
+ }
158442
+ }
158443
+ },
158444
+ {
158445
+ "Effect": "Allow",
158446
+ "Action": "iam:CreateServiceLinkedRole",
158447
+ "Resource": "*",
158448
+ "Condition": {
158449
+ "StringEquals": {
158450
+ "iam:AWSServiceName": "robomaker.amazonaws.com"
158451
+ }
158452
+ }
158453
+ },
158454
+ {
158455
+ "Effect": "Allow",
158456
+ "Action": [
158457
+ "sns:Subscribe",
158458
+ "sns:CreateTopic"
158459
+ ],
158460
+ "Resource": [
158461
+ "arn:aws:sns:*:*:*SageMaker*",
158462
+ "arn:aws:sns:*:*:*Sagemaker*",
158463
+ "arn:aws:sns:*:*:*sagemaker*"
158464
+ ]
158465
+ },
158466
+ {
158467
+ "Effect": "Allow",
158468
+ "Action": [
158469
+ "iam:PassRole"
158470
+ ],
158471
+ "Resource": "arn:aws:iam::*:role/*",
158472
+ "Condition": {
158473
+ "StringEquals": {
158474
+ "iam:PassedToService": [
158475
+ "sagemaker.amazonaws.com",
158476
+ "glue.amazonaws.com",
158477
+ "robomaker.amazonaws.com",
158478
+ "states.amazonaws.com"
158479
+ ]
158480
+ }
158481
+ }
158482
+ },
158483
+ {
158484
+ "Effect": "Allow",
158485
+ "Action": [
158486
+ "athena:ListDataCatalogs",
158487
+ "athena:ListDatabases",
158488
+ "athena:ListTableMetadata",
158489
+ "athena:GetQueryExecution",
158490
+ "athena:GetQueryResults",
158491
+ "athena:StartQueryExecution",
158492
+ "athena:StopQueryExecution"
158493
+ ],
158494
+ "Resource": [
158495
+ "*"
158496
+ ]
158497
+ },
158498
+ {
158499
+ "Effect": "Allow",
158500
+ "Action": [
158501
+ "glue:CreateTable"
158502
+ ],
158503
+ "Resource": [
158504
+ "arn:aws:glue:*:*:table/*/sagemaker_tmp_*",
158505
+ "arn:aws:glue:*:*:table/sagemaker_featurestore/*",
158506
+ "arn:aws:glue:*:*:catalog",
158507
+ "arn:aws:glue:*:*:database/*"
158508
+ ]
158509
+ },
158510
+ {
158511
+ "Effect": "Allow",
158512
+ "Action": [
158513
+ "glue:DeleteTable"
158514
+ ],
158515
+ "Resource": [
158516
+ "arn:aws:glue:*:*:table/*/sagemaker_tmp_*",
158517
+ "arn:aws:glue:*:*:catalog",
158518
+ "arn:aws:glue:*:*:database/*"
158519
+ ]
158520
+ },
158521
+ {
158522
+ "Effect": "Allow",
158523
+ "Action": [
158524
+ "glue:GetDatabases",
158525
+ "glue:GetTable",
158526
+ "glue:GetTables"
158527
+ ],
158528
+ "Resource": [
158529
+ "arn:aws:glue:*:*:table/*",
158530
+ "arn:aws:glue:*:*:catalog",
158531
+ "arn:aws:glue:*:*:database/*"
158532
+ ]
158533
+ },
158534
+ {
158535
+ "Effect": "Allow",
158536
+ "Action": [
158537
+ "glue:CreateDatabase",
158538
+ "glue:GetDatabase"
158539
+ ],
158540
+ "Resource": [
158541
+ "arn:aws:glue:*:*:catalog",
158542
+ "arn:aws:glue:*:*:database/sagemaker_featurestore",
158543
+ "arn:aws:glue:*:*:database/sagemaker_processing",
158544
+ "arn:aws:glue:*:*:database/default",
158545
+ "arn:aws:glue:*:*:database/sagemaker_data_wrangler"
158546
+ ]
158547
+ },
158548
+ {
158549
+ "Effect": "Allow",
158550
+ "Action": [
158551
+ "redshift-data:ExecuteStatement",
158552
+ "redshift-data:DescribeStatement",
158553
+ "redshift-data:CancelStatement",
158554
+ "redshift-data:GetStatementResult",
158555
+ "redshift-data:ListSchemas",
158556
+ "redshift-data:ListTables"
158557
+ ],
158558
+ "Resource": [
158559
+ "*"
158560
+ ]
158561
+ },
158562
+ {
158563
+ "Effect": "Allow",
158564
+ "Action": [
158565
+ "redshift:GetClusterCredentials"
158566
+ ],
158567
+ "Resource": [
158568
+ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*",
158569
+ "arn:aws:redshift:*:*:dbname:*"
158570
+ ]
158571
+ }
158572
+ ]
158573
+ }
158574
+ },
158575
+ "v22": {
158576
+ "createdDate": "2022-05-02T06:19:13.000Z",
158125
158577
  "document": {
158126
158578
  "Version": "2012-10-17",
158127
158579
  "Statement": [
@@ -158419,6 +158871,18 @@
158419
158871
  ],
158420
158872
  "Resource": "*"
158421
158873
  },
158874
+ {
158875
+ "Effect": "Allow",
158876
+ "Action": [
158877
+ "s3:GetBucketAcl",
158878
+ "s3:PutObjectAcl"
158879
+ ],
158880
+ "Resource": [
158881
+ "arn:aws:s3:::*SageMaker*",
158882
+ "arn:aws:s3:::*Sagemaker*",
158883
+ "arn:aws:s3:::*sagemaker*"
158884
+ ]
158885
+ },
158422
158886
  {
158423
158887
  "Effect": "Allow",
158424
158888
  "Action": [
@@ -158455,7 +158919,8 @@
158455
158919
  "Effect": "Allow",
158456
158920
  "Action": [
158457
158921
  "sns:Subscribe",
158458
- "sns:CreateTopic"
158922
+ "sns:CreateTopic",
158923
+ "sns:Publish"
158459
158924
  ],
158460
158925
  "Resource": [
158461
158926
  "arn:aws:sns:*:*:*SageMaker*",
@@ -158468,11 +158933,10 @@
158468
158933
  "Action": [
158469
158934
  "iam:PassRole"
158470
158935
  ],
158471
- "Resource": "arn:aws:iam::*:role/*",
158936
+ "Resource": "arn:aws:iam::*:role/*AmazonSageMaker*",
158472
158937
  "Condition": {
158473
158938
  "StringEquals": {
158474
158939
  "iam:PassedToService": [
158475
- "sagemaker.amazonaws.com",
158476
158940
  "glue.amazonaws.com",
158477
158941
  "robomaker.amazonaws.com",
158478
158942
  "states.amazonaws.com"
@@ -158480,6 +158944,18 @@
158480
158944
  }
158481
158945
  }
158482
158946
  },
158947
+ {
158948
+ "Effect": "Allow",
158949
+ "Action": [
158950
+ "iam:PassRole"
158951
+ ],
158952
+ "Resource": "arn:aws:iam::*:role/*",
158953
+ "Condition": {
158954
+ "StringEquals": {
158955
+ "iam:PassedToService": "sagemaker.amazonaws.com"
158956
+ }
158957
+ }
158958
+ },
158483
158959
  {
158484
158960
  "Effect": "Allow",
158485
158961
  "Action": [
@@ -158568,12 +159044,19 @@
158568
159044
  "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*",
158569
159045
  "arn:aws:redshift:*:*:dbname:*"
158570
159046
  ]
159047
+ },
159048
+ {
159049
+ "Effect": "Allow",
159050
+ "Action": [
159051
+ "cloudformation:ListStackResources"
159052
+ ],
159053
+ "Resource": "arn:aws:cloudformation:*:*:stack/SC-*"
158571
159054
  }
158572
159055
  ]
158573
159056
  }
158574
159057
  },
158575
- "v22": {
158576
- "createdDate": "2022-05-02T06:19:13.000Z",
159058
+ "v23": {
159059
+ "createdDate": "2022-06-29T18:30:43.000Z",
158577
159060
  "document": {
158578
159061
  "Version": "2012-10-17",
158579
159062
  "Statement": [
@@ -158983,6 +159466,17 @@
158983
159466
  "arn:aws:glue:*:*:database/*"
158984
159467
  ]
158985
159468
  },
159469
+ {
159470
+ "Effect": "Allow",
159471
+ "Action": [
159472
+ "glue:UpdateTable"
159473
+ ],
159474
+ "Resource": [
159475
+ "arn:aws:glue:*:*:table/sagemaker_featurestore/*",
159476
+ "arn:aws:glue:*:*:catalog",
159477
+ "arn:aws:glue:*:*:database/sagemaker_featurestore"
159478
+ ]
159479
+ },
158986
159480
  {
158987
159481
  "Effect": "Allow",
158988
159482
  "Action": [
@@ -159055,23 +159549,34 @@
159055
159549
  ]
159056
159550
  }
159057
159551
  },
159058
- "v23": {
159059
- "createdDate": "2022-06-29T18:30:43.000Z",
159552
+ "v24": {
159553
+ "createdDate": "2022-11-30T17:14:54.000Z",
159060
159554
  "document": {
159061
159555
  "Version": "2012-10-17",
159062
159556
  "Statement": [
159063
159557
  {
159064
159558
  "Effect": "Allow",
159065
159559
  "Action": [
159066
- "sagemaker:*"
159560
+ "sagemaker:*",
159561
+ "sagemaker-geospatial:*"
159067
159562
  ],
159068
159563
  "NotResource": [
159069
159564
  "arn:aws:sagemaker:*:*:domain/*",
159070
159565
  "arn:aws:sagemaker:*:*:user-profile/*",
159071
159566
  "arn:aws:sagemaker:*:*:app/*",
159567
+ "arn:aws:sagemaker:*:*:space/*",
159072
159568
  "arn:aws:sagemaker:*:*:flow-definition/*"
159073
159569
  ]
159074
159570
  },
159571
+ {
159572
+ "Effect": "Allow",
159573
+ "Action": [
159574
+ "sagemaker:AddTags"
159575
+ ],
159576
+ "Resource": [
159577
+ "arn:aws:sagemaker:*:*:app/*"
159578
+ ]
159579
+ },
159075
159580
  {
159076
159581
  "Effect": "Allow",
159077
159582
  "Action": [
@@ -159080,6 +159585,8 @@
159080
159585
  "sagemaker:ListDomains",
159081
159586
  "sagemaker:DescribeUserProfile",
159082
159587
  "sagemaker:ListUserProfiles",
159588
+ "sagemaker:DescribeSpace",
159589
+ "sagemaker:ListSpaces",
159083
159590
  "sagemaker:*App",
159084
159591
  "sagemaker:ListApps"
159085
159592
  ],
@@ -159323,7 +159830,9 @@
159323
159830
  "Action": [
159324
159831
  "s3:GetObject"
159325
159832
  ],
159326
- "Resource": "*",
159833
+ "Resource": [
159834
+ "arn:aws:s3:::*"
159835
+ ],
159327
159836
  "Condition": {
159328
159837
  "StringEqualsIgnoreCase": {
159329
159838
  "s3:ExistingObjectTag/SageMaker": "true"
@@ -159335,7 +159844,9 @@
159335
159844
  "Action": [
159336
159845
  "s3:GetObject"
159337
159846
  ],
159338
- "Resource": "*",
159847
+ "Resource": [
159848
+ "arn:aws:s3:::*"
159849
+ ],
159339
159850
  "Condition": {
159340
159851
  "StringEquals": {
159341
159852
  "s3:ExistingObjectTag/servicecatalog:provisioning": "true"
@@ -159539,6 +160050,15 @@
159539
160050
  "arn:aws:redshift:*:*:dbname:*"
159540
160051
  ]
159541
160052
  },
160053
+ {
160054
+ "Effect": "Allow",
160055
+ "Action": [
160056
+ "sagemaker:ListTags"
160057
+ ],
160058
+ "Resource": [
160059
+ "arn:aws:sagemaker:*:*:user-profile/*"
160060
+ ]
160061
+ },
159542
160062
  {
159543
160063
  "Effect": "Allow",
159544
160064
  "Action": [
@@ -159549,12 +160069,13 @@
159549
160069
  ]
159550
160070
  }
159551
160071
  },
159552
- "v24": {
159553
- "createdDate": "2022-11-30T17:14:54.000Z",
160072
+ "v25": {
160073
+ "createdDate": "2017-11-29T13:07:59.000Z",
159554
160074
  "document": {
159555
160075
  "Version": "2012-10-17",
159556
160076
  "Statement": [
159557
160077
  {
160078
+ "Sid": "AllowAllNonAdminSageMakerActions",
159558
160079
  "Effect": "Allow",
159559
160080
  "Action": [
159560
160081
  "sagemaker:*",
@@ -159569,6 +160090,7 @@
159569
160090
  ]
159570
160091
  },
159571
160092
  {
160093
+ "Sid": "AllowAddTagsForApp",
159572
160094
  "Effect": "Allow",
159573
160095
  "Action": [
159574
160096
  "sagemaker:AddTags"
@@ -159578,6 +160100,7 @@
159578
160100
  ]
159579
160101
  },
159580
160102
  {
160103
+ "Sid": "AllowStudioActions",
159581
160104
  "Effect": "Allow",
159582
160105
  "Action": [
159583
160106
  "sagemaker:CreatePresignedDomainUrl",
@@ -159587,12 +160110,98 @@
159587
160110
  "sagemaker:ListUserProfiles",
159588
160111
  "sagemaker:DescribeSpace",
159589
160112
  "sagemaker:ListSpaces",
159590
- "sagemaker:*App",
160113
+ "sagemaker:DescribeApp",
159591
160114
  "sagemaker:ListApps"
159592
160115
  ],
159593
160116
  "Resource": "*"
159594
160117
  },
159595
160118
  {
160119
+ "Sid": "AllowAppActionsForUserProfile",
160120
+ "Effect": "Allow",
160121
+ "Action": [
160122
+ "sagemaker:CreateApp",
160123
+ "sagemaker:DeleteApp"
160124
+ ],
160125
+ "Resource": "arn:aws:sagemaker:*:*:app/*/*/*/*",
160126
+ "Condition": {
160127
+ "Null": {
160128
+ "sagemaker:OwnerUserProfileArn": "true"
160129
+ }
160130
+ }
160131
+ },
160132
+ {
160133
+ "Sid": "AllowAppActionsForSharedSpaces",
160134
+ "Effect": "Allow",
160135
+ "Action": [
160136
+ "sagemaker:CreateApp",
160137
+ "sagemaker:DeleteApp"
160138
+ ],
160139
+ "Resource": "arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*",
160140
+ "Condition": {
160141
+ "StringEquals": {
160142
+ "sagemaker:SpaceSharingType": [
160143
+ "Shared"
160144
+ ]
160145
+ }
160146
+ }
160147
+ },
160148
+ {
160149
+ "Sid": "AllowMutatingActionsOnSharedSpacesWithoutOwner",
160150
+ "Effect": "Allow",
160151
+ "Action": [
160152
+ "sagemaker:CreateSpace",
160153
+ "sagemaker:UpdateSpace",
160154
+ "sagemaker:DeleteSpace"
160155
+ ],
160156
+ "Resource": "arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*",
160157
+ "Condition": {
160158
+ "Null": {
160159
+ "sagemaker:OwnerUserProfileArn": "true"
160160
+ }
160161
+ }
160162
+ },
160163
+ {
160164
+ "Sid": "RestrictMutatingActionsOnSpacesToOwnerUserProfile",
160165
+ "Effect": "Allow",
160166
+ "Action": [
160167
+ "sagemaker:CreateSpace",
160168
+ "sagemaker:UpdateSpace",
160169
+ "sagemaker:DeleteSpace"
160170
+ ],
160171
+ "Resource": "arn:aws:sagemaker:*:*:space/${sagemaker:DomainId}/*",
160172
+ "Condition": {
160173
+ "ArnLike": {
160174
+ "sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}"
160175
+ },
160176
+ "StringEquals": {
160177
+ "sagemaker:SpaceSharingType": [
160178
+ "Private",
160179
+ "Shared"
160180
+ ]
160181
+ }
160182
+ }
160183
+ },
160184
+ {
160185
+ "Sid": "RestrictMutatingActionsOnPrivateSpaceAppsToOwnerUserProfile",
160186
+ "Effect": "Allow",
160187
+ "Action": [
160188
+ "sagemaker:CreateApp",
160189
+ "sagemaker:DeleteApp"
160190
+ ],
160191
+ "Resource": "arn:aws:sagemaker:*:*:app/${sagemaker:DomainId}/*/*/*",
160192
+ "Condition": {
160193
+ "ArnLike": {
160194
+ "sagemaker:OwnerUserProfileArn": "arn:aws:sagemaker:*:*:user-profile/${sagemaker:DomainId}/${sagemaker:UserProfileName}"
160195
+ },
160196
+ "StringEquals": {
160197
+ "sagemaker:SpaceSharingType": [
160198
+ "Private"
160199
+ ]
160200
+ }
160201
+ }
160202
+ },
160203
+ {
160204
+ "Sid": "AllowFlowDefinitionActions",
159596
160205
  "Effect": "Allow",
159597
160206
  "Action": "sagemaker:*",
159598
160207
  "Resource": [
@@ -159608,6 +160217,7 @@
159608
160217
  }
159609
160218
  },
159610
160219
  {
160220
+ "Sid": "AllowAWSServiceActions",
159611
160221
  "Effect": "Allow",
159612
160222
  "Action": [
159613
160223
  "application-autoscaling:DeleteScalingPolicy",
@@ -159714,6 +160324,7 @@
159714
160324
  "Resource": "*"
159715
160325
  },
159716
160326
  {
160327
+ "Sid": "AllowECRActions",
159717
160328
  "Effect": "Allow",
159718
160329
  "Action": [
159719
160330
  "ecr:SetRepositoryPolicy",
@@ -159730,6 +160341,7 @@
159730
160341
  ]
159731
160342
  },
159732
160343
  {
160344
+ "Sid": "AllowCodeCommitActions",
159733
160345
  "Effect": "Allow",
159734
160346
  "Action": [
159735
160347
  "codecommit:GitPull",
@@ -159742,6 +160354,7 @@
159742
160354
  ]
159743
160355
  },
159744
160356
  {
160357
+ "Sid": "AllowCodeBuildActions",
159745
160358
  "Action": [
159746
160359
  "codebuild:BatchGetBuilds",
159747
160360
  "codebuild:StartBuild"
@@ -159753,6 +160366,7 @@
159753
160366
  "Effect": "Allow"
159754
160367
  },
159755
160368
  {
160369
+ "Sid": "AllowStepFunctionsActions",
159756
160370
  "Action": [
159757
160371
  "states:DescribeExecution",
159758
160372
  "states:GetExecutionHistory",
@@ -159767,6 +160381,7 @@
159767
160381
  "Effect": "Allow"
159768
160382
  },
159769
160383
  {
160384
+ "Sid": "AllowSecretManagerActions",
159770
160385
  "Effect": "Allow",
159771
160386
  "Action": [
159772
160387
  "secretsmanager:DescribeSecret",
@@ -159778,6 +160393,7 @@
159778
160393
  ]
159779
160394
  },
159780
160395
  {
160396
+ "Sid": "AllowReadOnlySecretManagerActions",
159781
160397
  "Effect": "Allow",
159782
160398
  "Action": [
159783
160399
  "secretsmanager:DescribeSecret",
@@ -159791,6 +160407,7 @@
159791
160407
  }
159792
160408
  },
159793
160409
  {
160410
+ "Sid": "AllowServiceCatalogProvisionProduct",
159794
160411
  "Effect": "Allow",
159795
160412
  "Action": [
159796
160413
  "servicecatalog:ProvisionProduct"
@@ -159798,6 +160415,7 @@
159798
160415
  "Resource": "*"
159799
160416
  },
159800
160417
  {
160418
+ "Sid": "AllowServiceCatalogTerminateUpdateProvisionProduct",
159801
160419
  "Effect": "Allow",
159802
160420
  "Action": [
159803
160421
  "servicecatalog:TerminateProvisionedProduct",
@@ -159811,6 +160429,7 @@
159811
160429
  }
159812
160430
  },
159813
160431
  {
160432
+ "Sid": "AllowS3ObjectActions",
159814
160433
  "Effect": "Allow",
159815
160434
  "Action": [
159816
160435
  "s3:GetObject",
@@ -159826,6 +160445,7 @@
159826
160445
  ]
159827
160446
  },
159828
160447
  {
160448
+ "Sid": "AllowS3GetObjectWithSageMakerExistingObjectTag",
159829
160449
  "Effect": "Allow",
159830
160450
  "Action": [
159831
160451
  "s3:GetObject"
@@ -159840,6 +160460,7 @@
159840
160460
  }
159841
160461
  },
159842
160462
  {
160463
+ "Sid": "AllowS3GetObjectWithServiceCatalogProvisioningExistingObjectTag",
159843
160464
  "Effect": "Allow",
159844
160465
  "Action": [
159845
160466
  "s3:GetObject"
@@ -159854,6 +160475,7 @@
159854
160475
  }
159855
160476
  },
159856
160477
  {
160478
+ "Sid": "AllowS3BucketActions",
159857
160479
  "Effect": "Allow",
159858
160480
  "Action": [
159859
160481
  "s3:CreateBucket",
@@ -159866,6 +160488,7 @@
159866
160488
  "Resource": "*"
159867
160489
  },
159868
160490
  {
160491
+ "Sid": "AllowS3BucketACL",
159869
160492
  "Effect": "Allow",
159870
160493
  "Action": [
159871
160494
  "s3:GetBucketAcl",
@@ -159878,6 +160501,7 @@
159878
160501
  ]
159879
160502
  },
159880
160503
  {
160504
+ "Sid": "AllowLambdaInvokeFunction",
159881
160505
  "Effect": "Allow",
159882
160506
  "Action": [
159883
160507
  "lambda:InvokeFunction"
@@ -159890,6 +160514,7 @@
159890
160514
  ]
159891
160515
  },
159892
160516
  {
160517
+ "Sid": "AllowCreateServiceLinkedRoleForSageMakerApplicationAutoscaling",
159893
160518
  "Action": "iam:CreateServiceLinkedRole",
159894
160519
  "Effect": "Allow",
159895
160520
  "Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint",
@@ -159900,6 +160525,7 @@
159900
160525
  }
159901
160526
  },
159902
160527
  {
160528
+ "Sid": "AllowCreateServiceLinkedRoleForRobomaker",
159903
160529
  "Effect": "Allow",
159904
160530
  "Action": "iam:CreateServiceLinkedRole",
159905
160531
  "Resource": "*",
@@ -159910,6 +160536,7 @@
159910
160536
  }
159911
160537
  },
159912
160538
  {
160539
+ "Sid": "AllowSNSActions",
159913
160540
  "Effect": "Allow",
159914
160541
  "Action": [
159915
160542
  "sns:Subscribe",
@@ -159923,6 +160550,7 @@
159923
160550
  ]
159924
160551
  },
159925
160552
  {
160553
+ "Sid": "AllowPassRoleForSageMakerRoles",
159926
160554
  "Effect": "Allow",
159927
160555
  "Action": [
159928
160556
  "iam:PassRole"
@@ -159939,6 +160567,7 @@
159939
160567
  }
159940
160568
  },
159941
160569
  {
160570
+ "Sid": "AllowPassRoleToSageMaker",
159942
160571
  "Effect": "Allow",
159943
160572
  "Action": [
159944
160573
  "iam:PassRole"
@@ -159951,6 +160580,7 @@
159951
160580
  }
159952
160581
  },
159953
160582
  {
160583
+ "Sid": "AllowAthenaActions",
159954
160584
  "Effect": "Allow",
159955
160585
  "Action": [
159956
160586
  "athena:ListDataCatalogs",
@@ -159966,6 +160596,7 @@
159966
160596
  ]
159967
160597
  },
159968
160598
  {
160599
+ "Sid": "AllowGlueCreateTable",
159969
160600
  "Effect": "Allow",
159970
160601
  "Action": [
159971
160602
  "glue:CreateTable"
@@ -159978,6 +160609,7 @@
159978
160609
  ]
159979
160610
  },
159980
160611
  {
160612
+ "Sid": "AllowGlueUpdateTable",
159981
160613
  "Effect": "Allow",
159982
160614
  "Action": [
159983
160615
  "glue:UpdateTable"
@@ -159989,6 +160621,7 @@
159989
160621
  ]
159990
160622
  },
159991
160623
  {
160624
+ "Sid": "AllowGlueDeleteTable",
159992
160625
  "Effect": "Allow",
159993
160626
  "Action": [
159994
160627
  "glue:DeleteTable"
@@ -160000,6 +160633,7 @@
160000
160633
  ]
160001
160634
  },
160002
160635
  {
160636
+ "Sid": "AllowGlueGetTablesAndDatabases",
160003
160637
  "Effect": "Allow",
160004
160638
  "Action": [
160005
160639
  "glue:GetDatabases",
@@ -160013,6 +160647,7 @@
160013
160647
  ]
160014
160648
  },
160015
160649
  {
160650
+ "Sid": "AllowGlueGetAndCreateDatabase",
160016
160651
  "Effect": "Allow",
160017
160652
  "Action": [
160018
160653
  "glue:CreateDatabase",
@@ -160027,6 +160662,7 @@
160027
160662
  ]
160028
160663
  },
160029
160664
  {
160665
+ "Sid": "AllowRedshiftDataActions",
160030
160666
  "Effect": "Allow",
160031
160667
  "Action": [
160032
160668
  "redshift-data:ExecuteStatement",
@@ -160041,6 +160677,7 @@
160041
160677
  ]
160042
160678
  },
160043
160679
  {
160680
+ "Sid": "AllowRedshiftGetClusterCredentials",
160044
160681
  "Effect": "Allow",
160045
160682
  "Action": [
160046
160683
  "redshift:GetClusterCredentials"
@@ -160051,6 +160688,7 @@
160051
160688
  ]
160052
160689
  },
160053
160690
  {
160691
+ "Sid": "AllowListTagsForUserProfile",
160054
160692
  "Effect": "Allow",
160055
160693
  "Action": [
160056
160694
  "sagemaker:ListTags"
@@ -160060,18 +160698,62 @@
160060
160698
  ]
160061
160699
  },
160062
160700
  {
160701
+ "Sid": "AllowCloudformationListStackResources",
160063
160702
  "Effect": "Allow",
160064
160703
  "Action": [
160065
160704
  "cloudformation:ListStackResources"
160066
160705
  ],
160067
160706
  "Resource": "arn:aws:cloudformation:*:*:stack/SC-*"
160707
+ },
160708
+ {
160709
+ "Sid": "AllowS3ExpressObjectActions",
160710
+ "Effect": "Allow",
160711
+ "Action": [
160712
+ "s3express:CreateSession"
160713
+ ],
160714
+ "Resource": [
160715
+ "arn:aws:s3express:*:*:bucket/*SageMaker*",
160716
+ "arn:aws:s3express:*:*:bucket/*Sagemaker*",
160717
+ "arn:aws:s3express:*:*:bucket/*sagemaker*",
160718
+ "arn:aws:s3express:*:*:bucket/*aws-glue*"
160719
+ ],
160720
+ "Condition": {
160721
+ "StringEquals": {
160722
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
160723
+ }
160724
+ }
160725
+ },
160726
+ {
160727
+ "Sid": "AllowS3ExpressCreateBucketActions",
160728
+ "Effect": "Allow",
160729
+ "Action": [
160730
+ "s3express:CreateBucket"
160731
+ ],
160732
+ "Resource": [
160733
+ "arn:aws:s3express:*:*:bucket/*SageMaker*",
160734
+ "arn:aws:s3express:*:*:bucket/*Sagemaker*",
160735
+ "arn:aws:s3express:*:*:bucket/*sagemaker*"
160736
+ ],
160737
+ "Condition": {
160738
+ "StringEquals": {
160739
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
160740
+ }
160741
+ }
160742
+ },
160743
+ {
160744
+ "Sid": "AllowS3ExpressListBucketActions",
160745
+ "Effect": "Allow",
160746
+ "Action": [
160747
+ "s3express:ListAllMyDirectoryBuckets"
160748
+ ],
160749
+ "Resource": "*"
160068
160750
  }
160069
160751
  ]
160070
160752
  }
160071
160753
  }
160072
160754
  },
160073
160755
  "createdDate": "2017-11-29T13:07:59.000Z",
160074
- "lastUpdatedDate": "2022-11-30T17:14:54.000Z"
160756
+ "lastUpdatedDate": "2023-11-30T13:40:20.000Z"
160075
160757
  },
160076
160758
  "AmazonFreeRTOSFullAccess": {
160077
160759
  "arn": "arn:aws:iam::aws:policy/AmazonFreeRTOSFullAccess",
@@ -208559,8 +209241,8 @@
208559
209241
  },
208560
209242
  "NeptuneConsoleFullAccess": {
208561
209243
  "arn": "arn:aws:iam::aws:policy/NeptuneConsoleFullAccess",
208562
- "latestVersionId": "v4",
208563
- "versionsCount": 4,
209244
+ "latestVersionId": "v5",
209245
+ "versionsCount": 5,
208564
209246
  "versions": {
208565
209247
  "v1": {
208566
209248
  "createdDate": "2018-06-19T21:35:19.000Z",
@@ -209050,7 +209732,364 @@
209050
209732
  "ec2:ModifyVpcAttribute",
209051
209733
  "ec2:ModifyVpcEndpoint",
209052
209734
  "iam:ListRoles",
209053
- "iam:PassRole",
209735
+ "iam:PassRole",
209736
+ "kms:ListAliases",
209737
+ "kms:ListKeyPolicies",
209738
+ "kms:ListKeys",
209739
+ "kms:ListRetirableGrants",
209740
+ "logs:DescribeLogStreams",
209741
+ "logs:GetLogEvents",
209742
+ "sns:ListSubscriptions",
209743
+ "sns:ListTopics",
209744
+ "sns:Publish"
209745
+ ],
209746
+ "Effect": "Allow",
209747
+ "Resource": [
209748
+ "*"
209749
+ ]
209750
+ },
209751
+ {
209752
+ "Action": "iam:CreateServiceLinkedRole",
209753
+ "Effect": "Allow",
209754
+ "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
209755
+ "Condition": {
209756
+ "StringLike": {
209757
+ "iam:AWSServiceName": "rds.amazonaws.com"
209758
+ }
209759
+ }
209760
+ }
209761
+ ]
209762
+ }
209763
+ },
209764
+ "v4": {
209765
+ "createdDate": "2020-09-02T17:25:07.000Z",
209766
+ "document": {
209767
+ "Version": "2012-10-17",
209768
+ "Statement": [
209769
+ {
209770
+ "Effect": "Allow",
209771
+ "Action": [
209772
+ "rds:CreateDBCluster",
209773
+ "rds:CreateDBInstance"
209774
+ ],
209775
+ "Resource": [
209776
+ "arn:aws:rds:*:*:*"
209777
+ ],
209778
+ "Condition": {
209779
+ "StringEquals": {
209780
+ "rds:DatabaseEngine": [
209781
+ "graphdb",
209782
+ "neptune"
209783
+ ]
209784
+ }
209785
+ }
209786
+ },
209787
+ {
209788
+ "Action": [
209789
+ "rds:AddRoleToDBCluster",
209790
+ "rds:AddSourceIdentifierToSubscription",
209791
+ "rds:AddTagsToResource",
209792
+ "rds:ApplyPendingMaintenanceAction",
209793
+ "rds:CopyDBClusterParameterGroup",
209794
+ "rds:CopyDBClusterSnapshot",
209795
+ "rds:CopyDBParameterGroup",
209796
+ "rds:CreateDBClusterParameterGroup",
209797
+ "rds:CreateDBClusterSnapshot",
209798
+ "rds:CreateDBParameterGroup",
209799
+ "rds:CreateDBSubnetGroup",
209800
+ "rds:CreateEventSubscription",
209801
+ "rds:DeleteDBCluster",
209802
+ "rds:DeleteDBClusterParameterGroup",
209803
+ "rds:DeleteDBClusterSnapshot",
209804
+ "rds:DeleteDBInstance",
209805
+ "rds:DeleteDBParameterGroup",
209806
+ "rds:DeleteDBSubnetGroup",
209807
+ "rds:DeleteEventSubscription",
209808
+ "rds:DescribeAccountAttributes",
209809
+ "rds:DescribeCertificates",
209810
+ "rds:DescribeDBClusterParameterGroups",
209811
+ "rds:DescribeDBClusterParameters",
209812
+ "rds:DescribeDBClusterSnapshotAttributes",
209813
+ "rds:DescribeDBClusterSnapshots",
209814
+ "rds:DescribeDBClusters",
209815
+ "rds:DescribeDBEngineVersions",
209816
+ "rds:DescribeDBInstances",
209817
+ "rds:DescribeDBLogFiles",
209818
+ "rds:DescribeDBParameterGroups",
209819
+ "rds:DescribeDBParameters",
209820
+ "rds:DescribeDBSecurityGroups",
209821
+ "rds:DescribeDBSubnetGroups",
209822
+ "rds:DescribeEngineDefaultClusterParameters",
209823
+ "rds:DescribeEngineDefaultParameters",
209824
+ "rds:DescribeEventCategories",
209825
+ "rds:DescribeEventSubscriptions",
209826
+ "rds:DescribeEvents",
209827
+ "rds:DescribeOptionGroups",
209828
+ "rds:DescribeOrderableDBInstanceOptions",
209829
+ "rds:DescribePendingMaintenanceActions",
209830
+ "rds:DescribeValidDBInstanceModifications",
209831
+ "rds:DownloadDBLogFilePortion",
209832
+ "rds:FailoverDBCluster",
209833
+ "rds:ListTagsForResource",
209834
+ "rds:ModifyDBCluster",
209835
+ "rds:ModifyDBClusterParameterGroup",
209836
+ "rds:ModifyDBClusterSnapshotAttribute",
209837
+ "rds:ModifyDBInstance",
209838
+ "rds:ModifyDBParameterGroup",
209839
+ "rds:ModifyDBSubnetGroup",
209840
+ "rds:ModifyEventSubscription",
209841
+ "rds:PromoteReadReplicaDBCluster",
209842
+ "rds:RebootDBInstance",
209843
+ "rds:RemoveRoleFromDBCluster",
209844
+ "rds:RemoveSourceIdentifierFromSubscription",
209845
+ "rds:RemoveTagsFromResource",
209846
+ "rds:ResetDBClusterParameterGroup",
209847
+ "rds:ResetDBParameterGroup",
209848
+ "rds:RestoreDBClusterFromSnapshot",
209849
+ "rds:RestoreDBClusterToPointInTime"
209850
+ ],
209851
+ "Effect": "Allow",
209852
+ "Resource": [
209853
+ "*"
209854
+ ]
209855
+ },
209856
+ {
209857
+ "Action": [
209858
+ "cloudwatch:GetMetricStatistics",
209859
+ "cloudwatch:ListMetrics",
209860
+ "ec2:AllocateAddress",
209861
+ "ec2:AssignIpv6Addresses",
209862
+ "ec2:AssignPrivateIpAddresses",
209863
+ "ec2:AssociateAddress",
209864
+ "ec2:AssociateRouteTable",
209865
+ "ec2:AssociateSubnetCidrBlock",
209866
+ "ec2:AssociateVpcCidrBlock",
209867
+ "ec2:AttachInternetGateway",
209868
+ "ec2:AttachNetworkInterface",
209869
+ "ec2:CreateCustomerGateway",
209870
+ "ec2:CreateDefaultSubnet",
209871
+ "ec2:CreateDefaultVpc",
209872
+ "ec2:CreateInternetGateway",
209873
+ "ec2:CreateNatGateway",
209874
+ "ec2:CreateNetworkInterface",
209875
+ "ec2:CreateRoute",
209876
+ "ec2:CreateRouteTable",
209877
+ "ec2:CreateSecurityGroup",
209878
+ "ec2:CreateSubnet",
209879
+ "ec2:CreateVpc",
209880
+ "ec2:CreateVpcEndpoint",
209881
+ "ec2:CreateVpcEndpoint",
209882
+ "ec2:DescribeAccountAttributes",
209883
+ "ec2:DescribeAccountAttributes",
209884
+ "ec2:DescribeAddresses",
209885
+ "ec2:DescribeAvailabilityZones",
209886
+ "ec2:DescribeAvailabilityZones",
209887
+ "ec2:DescribeCustomerGateways",
209888
+ "ec2:DescribeInstances",
209889
+ "ec2:DescribeNatGateways",
209890
+ "ec2:DescribeNetworkInterfaces",
209891
+ "ec2:DescribePrefixLists",
209892
+ "ec2:DescribeRouteTables",
209893
+ "ec2:DescribeSecurityGroupReferences",
209894
+ "ec2:DescribeSecurityGroups",
209895
+ "ec2:DescribeSecurityGroups",
209896
+ "ec2:DescribeSubnets",
209897
+ "ec2:DescribeSubnets",
209898
+ "ec2:DescribeVpcAttribute",
209899
+ "ec2:DescribeVpcAttribute",
209900
+ "ec2:DescribeVpcEndpoints",
209901
+ "ec2:DescribeVpcs",
209902
+ "ec2:DescribeVpcs",
209903
+ "ec2:ModifyNetworkInterfaceAttribute",
209904
+ "ec2:ModifySubnetAttribute",
209905
+ "ec2:ModifyVpcAttribute",
209906
+ "ec2:ModifyVpcEndpoint",
209907
+ "iam:ListRoles",
209908
+ "kms:ListAliases",
209909
+ "kms:ListKeyPolicies",
209910
+ "kms:ListKeys",
209911
+ "kms:ListRetirableGrants",
209912
+ "logs:DescribeLogStreams",
209913
+ "logs:GetLogEvents",
209914
+ "sns:ListSubscriptions",
209915
+ "sns:ListTopics",
209916
+ "sns:Publish"
209917
+ ],
209918
+ "Effect": "Allow",
209919
+ "Resource": [
209920
+ "*"
209921
+ ]
209922
+ },
209923
+ {
209924
+ "Action": "iam:PassRole",
209925
+ "Effect": "Allow",
209926
+ "Resource": "*",
209927
+ "Condition": {
209928
+ "StringEquals": {
209929
+ "iam:passedToService": "rds.amazonaws.com"
209930
+ }
209931
+ }
209932
+ },
209933
+ {
209934
+ "Action": "iam:CreateServiceLinkedRole",
209935
+ "Effect": "Allow",
209936
+ "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
209937
+ "Condition": {
209938
+ "StringLike": {
209939
+ "iam:AWSServiceName": "rds.amazonaws.com"
209940
+ }
209941
+ }
209942
+ }
209943
+ ]
209944
+ }
209945
+ },
209946
+ "v5": {
209947
+ "createdDate": "2018-06-19T21:35:19.000Z",
209948
+ "document": {
209949
+ "Version": "2012-10-17",
209950
+ "Statement": [
209951
+ {
209952
+ "Sid": "AllowNeptuneCreate",
209953
+ "Effect": "Allow",
209954
+ "Action": [
209955
+ "rds:CreateDBCluster",
209956
+ "rds:CreateDBInstance"
209957
+ ],
209958
+ "Resource": [
209959
+ "arn:aws:rds:*:*:*"
209960
+ ],
209961
+ "Condition": {
209962
+ "StringEquals": {
209963
+ "rds:DatabaseEngine": [
209964
+ "graphdb",
209965
+ "neptune"
209966
+ ]
209967
+ }
209968
+ }
209969
+ },
209970
+ {
209971
+ "Sid": "AllowManagementPermissionsForRDS",
209972
+ "Action": [
209973
+ "rds:AddRoleToDBCluster",
209974
+ "rds:AddSourceIdentifierToSubscription",
209975
+ "rds:AddTagsToResource",
209976
+ "rds:ApplyPendingMaintenanceAction",
209977
+ "rds:CopyDBClusterParameterGroup",
209978
+ "rds:CopyDBClusterSnapshot",
209979
+ "rds:CopyDBParameterGroup",
209980
+ "rds:CreateDBClusterParameterGroup",
209981
+ "rds:CreateDBClusterSnapshot",
209982
+ "rds:CreateDBParameterGroup",
209983
+ "rds:CreateDBSubnetGroup",
209984
+ "rds:CreateEventSubscription",
209985
+ "rds:DeleteDBCluster",
209986
+ "rds:DeleteDBClusterParameterGroup",
209987
+ "rds:DeleteDBClusterSnapshot",
209988
+ "rds:DeleteDBInstance",
209989
+ "rds:DeleteDBParameterGroup",
209990
+ "rds:DeleteDBSubnetGroup",
209991
+ "rds:DeleteEventSubscription",
209992
+ "rds:DescribeAccountAttributes",
209993
+ "rds:DescribeCertificates",
209994
+ "rds:DescribeDBClusterParameterGroups",
209995
+ "rds:DescribeDBClusterParameters",
209996
+ "rds:DescribeDBClusterSnapshotAttributes",
209997
+ "rds:DescribeDBClusterSnapshots",
209998
+ "rds:DescribeDBClusters",
209999
+ "rds:DescribeDBEngineVersions",
210000
+ "rds:DescribeDBInstances",
210001
+ "rds:DescribeDBLogFiles",
210002
+ "rds:DescribeDBParameterGroups",
210003
+ "rds:DescribeDBParameters",
210004
+ "rds:DescribeDBSecurityGroups",
210005
+ "rds:DescribeDBSubnetGroups",
210006
+ "rds:DescribeEngineDefaultClusterParameters",
210007
+ "rds:DescribeEngineDefaultParameters",
210008
+ "rds:DescribeEventCategories",
210009
+ "rds:DescribeEventSubscriptions",
210010
+ "rds:DescribeEvents",
210011
+ "rds:DescribeOptionGroups",
210012
+ "rds:DescribeOrderableDBInstanceOptions",
210013
+ "rds:DescribePendingMaintenanceActions",
210014
+ "rds:DescribeValidDBInstanceModifications",
210015
+ "rds:DownloadDBLogFilePortion",
210016
+ "rds:FailoverDBCluster",
210017
+ "rds:ListTagsForResource",
210018
+ "rds:ModifyDBCluster",
210019
+ "rds:ModifyDBClusterParameterGroup",
210020
+ "rds:ModifyDBClusterSnapshotAttribute",
210021
+ "rds:ModifyDBInstance",
210022
+ "rds:ModifyDBParameterGroup",
210023
+ "rds:ModifyDBSubnetGroup",
210024
+ "rds:ModifyEventSubscription",
210025
+ "rds:PromoteReadReplicaDBCluster",
210026
+ "rds:RebootDBInstance",
210027
+ "rds:RemoveRoleFromDBCluster",
210028
+ "rds:RemoveSourceIdentifierFromSubscription",
210029
+ "rds:RemoveTagsFromResource",
210030
+ "rds:ResetDBClusterParameterGroup",
210031
+ "rds:ResetDBParameterGroup",
210032
+ "rds:RestoreDBClusterFromSnapshot",
210033
+ "rds:RestoreDBClusterToPointInTime"
210034
+ ],
210035
+ "Effect": "Allow",
210036
+ "Resource": [
210037
+ "*"
210038
+ ]
210039
+ },
210040
+ {
210041
+ "Sid": "AllowOtherDepedentPermissions",
210042
+ "Action": [
210043
+ "cloudwatch:GetMetricStatistics",
210044
+ "cloudwatch:ListMetrics",
210045
+ "ec2:AllocateAddress",
210046
+ "ec2:AssignIpv6Addresses",
210047
+ "ec2:AssignPrivateIpAddresses",
210048
+ "ec2:AssociateAddress",
210049
+ "ec2:AssociateRouteTable",
210050
+ "ec2:AssociateSubnetCidrBlock",
210051
+ "ec2:AssociateVpcCidrBlock",
210052
+ "ec2:AttachInternetGateway",
210053
+ "ec2:AttachNetworkInterface",
210054
+ "ec2:CreateCustomerGateway",
210055
+ "ec2:CreateDefaultSubnet",
210056
+ "ec2:CreateDefaultVpc",
210057
+ "ec2:CreateInternetGateway",
210058
+ "ec2:CreateNatGateway",
210059
+ "ec2:CreateNetworkInterface",
210060
+ "ec2:CreateRoute",
210061
+ "ec2:CreateRouteTable",
210062
+ "ec2:CreateSecurityGroup",
210063
+ "ec2:CreateSubnet",
210064
+ "ec2:CreateVpc",
210065
+ "ec2:CreateVpcEndpoint",
210066
+ "ec2:CreateVpcEndpoint",
210067
+ "ec2:DescribeAccountAttributes",
210068
+ "ec2:DescribeAccountAttributes",
210069
+ "ec2:DescribeAddresses",
210070
+ "ec2:DescribeAvailabilityZones",
210071
+ "ec2:DescribeAvailabilityZones",
210072
+ "ec2:DescribeCustomerGateways",
210073
+ "ec2:DescribeInstances",
210074
+ "ec2:DescribeNatGateways",
210075
+ "ec2:DescribeNetworkInterfaces",
210076
+ "ec2:DescribePrefixLists",
210077
+ "ec2:DescribeRouteTables",
210078
+ "ec2:DescribeSecurityGroupReferences",
210079
+ "ec2:DescribeSecurityGroups",
210080
+ "ec2:DescribeSecurityGroups",
210081
+ "ec2:DescribeSubnets",
210082
+ "ec2:DescribeSubnets",
210083
+ "ec2:DescribeVpcAttribute",
210084
+ "ec2:DescribeVpcAttribute",
210085
+ "ec2:DescribeVpcEndpoints",
210086
+ "ec2:DescribeVpcs",
210087
+ "ec2:DescribeVpcs",
210088
+ "ec2:ModifyNetworkInterfaceAttribute",
210089
+ "ec2:ModifySubnetAttribute",
210090
+ "ec2:ModifyVpcAttribute",
210091
+ "ec2:ModifyVpcEndpoint",
210092
+ "iam:ListRoles",
209054
210093
  "kms:ListAliases",
209055
210094
  "kms:ListKeyPolicies",
209056
210095
  "kms:ListKeys",
@@ -209067,194 +210106,74 @@
209067
210106
  ]
209068
210107
  },
209069
210108
  {
209070
- "Action": "iam:CreateServiceLinkedRole",
210109
+ "Sid": "AllowPassRoleForNeptune",
210110
+ "Action": "iam:PassRole",
209071
210111
  "Effect": "Allow",
209072
- "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
210112
+ "Resource": "*",
209073
210113
  "Condition": {
209074
- "StringLike": {
209075
- "iam:AWSServiceName": "rds.amazonaws.com"
210114
+ "StringEquals": {
210115
+ "iam:passedToService": "rds.amazonaws.com"
209076
210116
  }
209077
210117
  }
209078
- }
209079
- ]
209080
- }
209081
- },
209082
- "v4": {
209083
- "createdDate": "2020-09-02T17:25:07.000Z",
209084
- "document": {
209085
- "Version": "2012-10-17",
209086
- "Statement": [
210118
+ },
209087
210119
  {
210120
+ "Sid": "AllowCreateSLRForNeptune",
210121
+ "Action": "iam:CreateServiceLinkedRole",
209088
210122
  "Effect": "Allow",
209089
- "Action": [
209090
- "rds:CreateDBCluster",
209091
- "rds:CreateDBInstance"
209092
- ],
209093
- "Resource": [
209094
- "arn:aws:rds:*:*:*"
209095
- ],
210123
+ "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
209096
210124
  "Condition": {
209097
- "StringEquals": {
209098
- "rds:DatabaseEngine": [
209099
- "graphdb",
209100
- "neptune"
209101
- ]
210125
+ "StringLike": {
210126
+ "iam:AWSServiceName": "rds.amazonaws.com"
209102
210127
  }
209103
210128
  }
209104
210129
  },
209105
210130
  {
209106
- "Action": [
209107
- "rds:AddRoleToDBCluster",
209108
- "rds:AddSourceIdentifierToSubscription",
209109
- "rds:AddTagsToResource",
209110
- "rds:ApplyPendingMaintenanceAction",
209111
- "rds:CopyDBClusterParameterGroup",
209112
- "rds:CopyDBClusterSnapshot",
209113
- "rds:CopyDBParameterGroup",
209114
- "rds:CreateDBClusterParameterGroup",
209115
- "rds:CreateDBClusterSnapshot",
209116
- "rds:CreateDBParameterGroup",
209117
- "rds:CreateDBSubnetGroup",
209118
- "rds:CreateEventSubscription",
209119
- "rds:DeleteDBCluster",
209120
- "rds:DeleteDBClusterParameterGroup",
209121
- "rds:DeleteDBClusterSnapshot",
209122
- "rds:DeleteDBInstance",
209123
- "rds:DeleteDBParameterGroup",
209124
- "rds:DeleteDBSubnetGroup",
209125
- "rds:DeleteEventSubscription",
209126
- "rds:DescribeAccountAttributes",
209127
- "rds:DescribeCertificates",
209128
- "rds:DescribeDBClusterParameterGroups",
209129
- "rds:DescribeDBClusterParameters",
209130
- "rds:DescribeDBClusterSnapshotAttributes",
209131
- "rds:DescribeDBClusterSnapshots",
209132
- "rds:DescribeDBClusters",
209133
- "rds:DescribeDBEngineVersions",
209134
- "rds:DescribeDBInstances",
209135
- "rds:DescribeDBLogFiles",
209136
- "rds:DescribeDBParameterGroups",
209137
- "rds:DescribeDBParameters",
209138
- "rds:DescribeDBSecurityGroups",
209139
- "rds:DescribeDBSubnetGroups",
209140
- "rds:DescribeEngineDefaultClusterParameters",
209141
- "rds:DescribeEngineDefaultParameters",
209142
- "rds:DescribeEventCategories",
209143
- "rds:DescribeEventSubscriptions",
209144
- "rds:DescribeEvents",
209145
- "rds:DescribeOptionGroups",
209146
- "rds:DescribeOrderableDBInstanceOptions",
209147
- "rds:DescribePendingMaintenanceActions",
209148
- "rds:DescribeValidDBInstanceModifications",
209149
- "rds:DownloadDBLogFilePortion",
209150
- "rds:FailoverDBCluster",
209151
- "rds:ListTagsForResource",
209152
- "rds:ModifyDBCluster",
209153
- "rds:ModifyDBClusterParameterGroup",
209154
- "rds:ModifyDBClusterSnapshotAttribute",
209155
- "rds:ModifyDBInstance",
209156
- "rds:ModifyDBParameterGroup",
209157
- "rds:ModifyDBSubnetGroup",
209158
- "rds:ModifyEventSubscription",
209159
- "rds:PromoteReadReplicaDBCluster",
209160
- "rds:RebootDBInstance",
209161
- "rds:RemoveRoleFromDBCluster",
209162
- "rds:RemoveSourceIdentifierFromSubscription",
209163
- "rds:RemoveTagsFromResource",
209164
- "rds:ResetDBClusterParameterGroup",
209165
- "rds:ResetDBParameterGroup",
209166
- "rds:RestoreDBClusterFromSnapshot",
209167
- "rds:RestoreDBClusterToPointInTime"
209168
- ],
210131
+ "Sid": "AllowManagementPermissionsForNeptuneAnalytics",
209169
210132
  "Effect": "Allow",
209170
- "Resource": [
209171
- "*"
209172
- ]
209173
- },
209174
- {
209175
210133
  "Action": [
209176
- "cloudwatch:GetMetricStatistics",
209177
- "cloudwatch:ListMetrics",
209178
- "ec2:AllocateAddress",
209179
- "ec2:AssignIpv6Addresses",
209180
- "ec2:AssignPrivateIpAddresses",
209181
- "ec2:AssociateAddress",
209182
- "ec2:AssociateRouteTable",
209183
- "ec2:AssociateSubnetCidrBlock",
209184
- "ec2:AssociateVpcCidrBlock",
209185
- "ec2:AttachInternetGateway",
209186
- "ec2:AttachNetworkInterface",
209187
- "ec2:CreateCustomerGateway",
209188
- "ec2:CreateDefaultSubnet",
209189
- "ec2:CreateDefaultVpc",
209190
- "ec2:CreateInternetGateway",
209191
- "ec2:CreateNatGateway",
209192
- "ec2:CreateNetworkInterface",
209193
- "ec2:CreateRoute",
209194
- "ec2:CreateRouteTable",
209195
- "ec2:CreateSecurityGroup",
209196
- "ec2:CreateSubnet",
209197
- "ec2:CreateVpc",
209198
- "ec2:CreateVpcEndpoint",
209199
- "ec2:CreateVpcEndpoint",
209200
- "ec2:DescribeAccountAttributes",
209201
- "ec2:DescribeAccountAttributes",
209202
- "ec2:DescribeAddresses",
209203
- "ec2:DescribeAvailabilityZones",
209204
- "ec2:DescribeAvailabilityZones",
209205
- "ec2:DescribeCustomerGateways",
209206
- "ec2:DescribeInstances",
209207
- "ec2:DescribeNatGateways",
209208
- "ec2:DescribeNetworkInterfaces",
209209
- "ec2:DescribePrefixLists",
209210
- "ec2:DescribeRouteTables",
209211
- "ec2:DescribeSecurityGroupReferences",
209212
- "ec2:DescribeSecurityGroups",
209213
- "ec2:DescribeSecurityGroups",
209214
- "ec2:DescribeSubnets",
209215
- "ec2:DescribeSubnets",
209216
- "ec2:DescribeVpcAttribute",
209217
- "ec2:DescribeVpcAttribute",
209218
- "ec2:DescribeVpcEndpoints",
209219
- "ec2:DescribeVpcs",
209220
- "ec2:DescribeVpcs",
209221
- "ec2:ModifyNetworkInterfaceAttribute",
209222
- "ec2:ModifySubnetAttribute",
209223
- "ec2:ModifyVpcAttribute",
209224
- "ec2:ModifyVpcEndpoint",
209225
- "iam:ListRoles",
209226
- "kms:ListAliases",
209227
- "kms:ListKeyPolicies",
209228
- "kms:ListKeys",
209229
- "kms:ListRetirableGrants",
209230
- "logs:DescribeLogStreams",
209231
- "logs:GetLogEvents",
209232
- "sns:ListSubscriptions",
209233
- "sns:ListTopics",
209234
- "sns:Publish"
210134
+ "neptune-graph:CreateGraph",
210135
+ "neptune-graph:DeleteGraph",
210136
+ "neptune-graph:GetGraph",
210137
+ "neptune-graph:ListGraphs",
210138
+ "neptune-graph:UpdateGraph",
210139
+ "neptune-graph:ResetGraph",
210140
+ "neptune-graph:CreateGraphSnapshot",
210141
+ "neptune-graph:DeleteGraphSnapshot",
210142
+ "neptune-graph:GetGraphSnapshot",
210143
+ "neptune-graph:ListGraphSnapshots",
210144
+ "neptune-graph:RestoreGraphFromSnapshot",
210145
+ "neptune-graph:CreatePrivateGraphEndpoint",
210146
+ "neptune-graph:GetPrivateGraphEndpoint",
210147
+ "neptune-graph:ListPrivateGraphEndpoints",
210148
+ "neptune-graph:DeletePrivateGraphEndpoint",
210149
+ "neptune-graph:CreateGraphUsingImportTask",
210150
+ "neptune-graph:GetImportTask",
210151
+ "neptune-graph:ListImportTasks",
210152
+ "neptune-graph:CancelImportTask"
209235
210153
  ],
209236
- "Effect": "Allow",
209237
210154
  "Resource": [
209238
- "*"
210155
+ "arn:aws:neptune-graph:*:*:*"
209239
210156
  ]
209240
210157
  },
209241
210158
  {
209242
- "Action": "iam:PassRole",
210159
+ "Sid": "AllowPassRoleForNeptuneAnalytics",
209243
210160
  "Effect": "Allow",
210161
+ "Action": "iam:PassRole",
209244
210162
  "Resource": "*",
209245
210163
  "Condition": {
209246
210164
  "StringEquals": {
209247
- "iam:passedToService": "rds.amazonaws.com"
210165
+ "iam:passedToService": "neptune-graph.amazonaws.com"
209248
210166
  }
209249
210167
  }
209250
210168
  },
209251
210169
  {
209252
- "Action": "iam:CreateServiceLinkedRole",
210170
+ "Sid": "AllowCreateSLRForNeptuneAnalytics",
209253
210171
  "Effect": "Allow",
209254
- "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
210172
+ "Action": "iam:CreateServiceLinkedRole",
210173
+ "Resource": "arn:aws:iam::*:role/aws-service-role/neptune-graph.amazonaws.com/AWSServiceRoleForNeptuneGraph",
209255
210174
  "Condition": {
209256
210175
  "StringLike": {
209257
- "iam:AWSServiceName": "rds.amazonaws.com"
210176
+ "iam:AWSServiceName": "neptune-graph.amazonaws.com"
209258
210177
  }
209259
210178
  }
209260
210179
  }
@@ -209263,7 +210182,7 @@
209263
210182
  }
209264
210183
  },
209265
210184
  "createdDate": "2018-06-19T21:35:19.000Z",
209266
- "lastUpdatedDate": "2020-09-02T17:25:07.000Z"
210185
+ "lastUpdatedDate": "2023-11-30T07:32:44.000Z"
209267
210186
  },
209268
210187
  "AmazonMacieServiceRolePolicy": {
209269
210188
  "arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMacieServiceRolePolicy",
@@ -461698,8 +462617,8 @@
461698
462617
  },
461699
462618
  "AmazonSageMakerCanvasAIServicesAccess": {
461700
462619
  "arn": "arn:aws:iam::aws:policy/AmazonSageMakerCanvasAIServicesAccess",
461701
- "latestVersionId": "v2",
461702
- "versionsCount": 2,
462620
+ "latestVersionId": "v3",
462621
+ "versionsCount": 3,
461703
462622
  "versions": {
461704
462623
  "v1": {
461705
462624
  "createdDate": "2023-03-23T22:36:43.000Z",
@@ -461792,10 +462711,140 @@
461792
462711
  }
461793
462712
  ]
461794
462713
  }
462714
+ },
462715
+ "v3": {
462716
+ "createdDate": "2023-03-23T22:36:43.000Z",
462717
+ "document": {
462718
+ "Version": "2012-10-17",
462719
+ "Statement": [
462720
+ {
462721
+ "Sid": "Textract",
462722
+ "Effect": "Allow",
462723
+ "Action": [
462724
+ "textract:AnalyzeDocument",
462725
+ "textract:AnalyzeExpense",
462726
+ "textract:AnalyzeID",
462727
+ "textract:StartDocumentAnalysis",
462728
+ "textract:StartExpenseAnalysis",
462729
+ "textract:GetDocumentAnalysis",
462730
+ "textract:GetExpenseAnalysis"
462731
+ ],
462732
+ "Resource": "*"
462733
+ },
462734
+ {
462735
+ "Sid": "Rekognition",
462736
+ "Effect": "Allow",
462737
+ "Action": [
462738
+ "rekognition:DetectLabels",
462739
+ "rekognition:DetectText"
462740
+ ],
462741
+ "Resource": "*"
462742
+ },
462743
+ {
462744
+ "Sid": "Comprehend",
462745
+ "Effect": "Allow",
462746
+ "Action": [
462747
+ "comprehend:BatchDetectDominantLanguage",
462748
+ "comprehend:BatchDetectEntities",
462749
+ "comprehend:BatchDetectSentiment",
462750
+ "comprehend:DetectPiiEntities",
462751
+ "comprehend:DetectEntities",
462752
+ "comprehend:DetectSentiment",
462753
+ "comprehend:DetectDominantLanguage"
462754
+ ],
462755
+ "Resource": "*"
462756
+ },
462757
+ {
462758
+ "Sid": "Bedrock",
462759
+ "Effect": "Allow",
462760
+ "Action": [
462761
+ "bedrock:InvokeModel",
462762
+ "bedrock:ListFoundationModels",
462763
+ "bedrock:InvokeModelWithResponseStream"
462764
+ ],
462765
+ "Resource": "*"
462766
+ },
462767
+ {
462768
+ "Sid": "CreateBedrockResourcesPermission",
462769
+ "Effect": "Allow",
462770
+ "Action": [
462771
+ "bedrock:CreateModelCustomizationJob",
462772
+ "bedrock:CreateProvisionedModelThroughput",
462773
+ "bedrock:TagResource"
462774
+ ],
462775
+ "Resource": [
462776
+ "arn:aws:bedrock:*:*:model-customization-job/*",
462777
+ "arn:aws:bedrock:*:*:custom-model/*",
462778
+ "arn:aws:bedrock:*:*:provisioned-model/*"
462779
+ ],
462780
+ "Condition": {
462781
+ "ForAnyValue:StringEquals": {
462782
+ "aws:TagKeys": [
462783
+ "SageMaker",
462784
+ "Canvas"
462785
+ ]
462786
+ },
462787
+ "StringEquals": {
462788
+ "aws:RequestTag/SageMaker": "true",
462789
+ "aws:RequestTag/Canvas": "true",
462790
+ "aws:ResourceTag/SageMaker": "true",
462791
+ "aws:ResourceTag/Canvas": "true"
462792
+ }
462793
+ }
462794
+ },
462795
+ {
462796
+ "Sid": "GetStopAndDeleteBedrockResourcesPermission",
462797
+ "Effect": "Allow",
462798
+ "Action": [
462799
+ "bedrock:GetModelCustomizationJob",
462800
+ "bedrock:GetCustomModel",
462801
+ "bedrock:GetProvisionedModelThroughput",
462802
+ "bedrock:StopModelCustomizationJob",
462803
+ "bedrock:DeleteProvisionedModelThroughput"
462804
+ ],
462805
+ "Resource": [
462806
+ "arn:aws:bedrock:*:*:model-customization-job/*",
462807
+ "arn:aws:bedrock:*:*:custom-model/*",
462808
+ "arn:aws:bedrock:*:*:provisioned-model/*"
462809
+ ],
462810
+ "Condition": {
462811
+ "StringEquals": {
462812
+ "aws:ResourceTag/SageMaker": "true",
462813
+ "aws:ResourceTag/Canvas": "true"
462814
+ }
462815
+ }
462816
+ },
462817
+ {
462818
+ "Sid": "FoundationModelPermission",
462819
+ "Effect": "Allow",
462820
+ "Action": [
462821
+ "bedrock:CreateModelCustomizationJob"
462822
+ ],
462823
+ "Resource": [
462824
+ "arn:aws:bedrock:*::foundation-model/*"
462825
+ ]
462826
+ },
462827
+ {
462828
+ "Sid": "BedrockFineTuningPassRole",
462829
+ "Effect": "Allow",
462830
+ "Action": [
462831
+ "iam:PassRole"
462832
+ ],
462833
+ "Resource": [
462834
+ "arn:aws:iam::*:role/*"
462835
+ ],
462836
+ "Condition": {
462837
+ "StringEquals": {
462838
+ "iam:PassedToService": "bedrock.amazonaws.com"
462839
+ }
462840
+ }
462841
+ }
462842
+ ]
462843
+ }
461795
462844
  }
461796
462845
  },
461797
462846
  "createdDate": "2023-03-23T22:36:43.000Z",
461798
- "lastUpdatedDate": "2023-09-30T00:15:02.000Z"
462847
+ "lastUpdatedDate": "2023-11-29T14:47:09.000Z"
461799
462848
  },
461800
462849
  "AWSServiceRoleForCodeWhispererPolicy": {
461801
462850
  "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeWhispererPolicy",
@@ -476613,5 +477662,468 @@
476613
477662
  },
476614
477663
  "createdDate": "2023-11-28T16:00:24.000Z",
476615
477664
  "lastUpdatedDate": "2023-11-28T16:00:24.000Z"
477665
+ },
477666
+ "AWSServiceRoleForNeptuneGraphPolicy": {
477667
+ "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForNeptuneGraphPolicy",
477668
+ "latestVersionId": "v1",
477669
+ "versionsCount": 1,
477670
+ "versions": {
477671
+ "v1": {
477672
+ "createdDate": "2023-11-29T14:03:36.000Z",
477673
+ "document": {
477674
+ "Version": "2012-10-17",
477675
+ "Statement": [
477676
+ {
477677
+ "Sid": "GraphMetrics",
477678
+ "Effect": "Allow",
477679
+ "Action": [
477680
+ "cloudwatch:PutMetricData"
477681
+ ],
477682
+ "Resource": "*",
477683
+ "Condition": {
477684
+ "StringEquals": {
477685
+ "cloudwatch:namespace": [
477686
+ "AWS/Neptune",
477687
+ "AWS/Usage"
477688
+ ]
477689
+ }
477690
+ }
477691
+ },
477692
+ {
477693
+ "Sid": "GraphLogGroup",
477694
+ "Effect": "Allow",
477695
+ "Action": [
477696
+ "logs:CreateLogGroup"
477697
+ ],
477698
+ "Resource": [
477699
+ "arn:aws:logs:*:*:log-group:/aws/neptune/*"
477700
+ ],
477701
+ "Condition": {
477702
+ "StringEquals": {
477703
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
477704
+ }
477705
+ }
477706
+ },
477707
+ {
477708
+ "Sid": "GraphLogEvents",
477709
+ "Effect": "Allow",
477710
+ "Action": [
477711
+ "logs:CreateLogStream",
477712
+ "logs:PutLogEvents",
477713
+ "logs:DescribeLogStreams"
477714
+ ],
477715
+ "Resource": [
477716
+ "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
477717
+ ],
477718
+ "Condition": {
477719
+ "StringEquals": {
477720
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
477721
+ }
477722
+ }
477723
+ }
477724
+ ]
477725
+ }
477726
+ }
477727
+ },
477728
+ "createdDate": "2023-11-29T14:03:36.000Z",
477729
+ "lastUpdatedDate": "2023-11-29T14:03:36.000Z"
477730
+ },
477731
+ "AmazonSageMakerClusterInstanceRolePolicy": {
477732
+ "arn": "arn:aws:iam::aws:policy/AmazonSageMakerClusterInstanceRolePolicy",
477733
+ "latestVersionId": "v1",
477734
+ "versionsCount": 1,
477735
+ "versions": {
477736
+ "v1": {
477737
+ "createdDate": "2023-11-29T15:11:26.000Z",
477738
+ "document": {
477739
+ "Version": "2012-10-17",
477740
+ "Statement": [
477741
+ {
477742
+ "Sid": "CloudwatchLogStreamPublishPermissions",
477743
+ "Effect": "Allow",
477744
+ "Action": [
477745
+ "logs:PutLogEvents",
477746
+ "logs:CreateLogStream",
477747
+ "logs:DescribeLogStreams"
477748
+ ],
477749
+ "Resource": [
477750
+ "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*:log-stream:*"
477751
+ ]
477752
+ },
477753
+ {
477754
+ "Sid": "CloudwatchLogGroupCreationPermissions",
477755
+ "Effect": "Allow",
477756
+ "Action": [
477757
+ "logs:CreateLogGroup"
477758
+ ],
477759
+ "Resource": [
477760
+ "arn:aws:logs:*:*:log-group:/aws/sagemaker/Clusters/*"
477761
+ ]
477762
+ },
477763
+ {
477764
+ "Sid": "CloudwatchPutMetricDataAccess",
477765
+ "Effect": "Allow",
477766
+ "Action": [
477767
+ "cloudwatch:PutMetricData"
477768
+ ],
477769
+ "Resource": [
477770
+ "*"
477771
+ ],
477772
+ "Condition": {
477773
+ "StringEquals": {
477774
+ "cloudwatch:namespace": "/aws/sagemaker/Clusters"
477775
+ }
477776
+ }
477777
+ },
477778
+ {
477779
+ "Sid": "DataRetrievalFromS3BucketPermissions",
477780
+ "Effect": "Allow",
477781
+ "Action": [
477782
+ "s3:ListBucket",
477783
+ "s3:GetObject"
477784
+ ],
477785
+ "Resource": [
477786
+ "arn:aws:s3:::sagemaker-*"
477787
+ ],
477788
+ "Condition": {
477789
+ "StringEquals": {
477790
+ "aws:ResourceAccount": "${aws:PrincipalAccount}"
477791
+ }
477792
+ }
477793
+ },
477794
+ {
477795
+ "Sid": "SSMConnectivityPermissions",
477796
+ "Effect": "Allow",
477797
+ "Action": [
477798
+ "ssmmessages:CreateControlChannel",
477799
+ "ssmmessages:CreateDataChannel",
477800
+ "ssmmessages:OpenControlChannel",
477801
+ "ssmmessages:OpenDataChannel"
477802
+ ],
477803
+ "Resource": "*"
477804
+ }
477805
+ ]
477806
+ }
477807
+ }
477808
+ },
477809
+ "createdDate": "2023-11-29T15:11:26.000Z",
477810
+ "lastUpdatedDate": "2023-11-29T15:11:26.000Z"
477811
+ },
477812
+ "AWSZonalAutoshiftPracticeRunSLRPolicy": {
477813
+ "arn": "arn:aws:iam::aws:policy/aws-service-role/AWSZonalAutoshiftPracticeRunSLRPolicy",
477814
+ "latestVersionId": "v1",
477815
+ "versionsCount": 1,
477816
+ "versions": {
477817
+ "v1": {
477818
+ "createdDate": "2023-11-29T17:34:54.000Z",
477819
+ "document": {
477820
+ "Version": "2012-10-17",
477821
+ "Statement": [
477822
+ {
477823
+ "Sid": "MonitoringPermissions",
477824
+ "Effect": "Allow",
477825
+ "Action": [
477826
+ "cloudwatch:DescribeAlarms",
477827
+ "health:DescribeEvents"
477828
+ ],
477829
+ "Resource": "*"
477830
+ },
477831
+ {
477832
+ "Sid": "ZonalShiftManagementPermissions",
477833
+ "Effect": "Allow",
477834
+ "Action": [
477835
+ "arc-zonal-shift:CancelZonalShift",
477836
+ "arc-zonal-shift:GetManagedResource",
477837
+ "arc-zonal-shift:StartZonalShift",
477838
+ "arc-zonal-shift:UpdateZonalShift"
477839
+ ],
477840
+ "Resource": "*"
477841
+ }
477842
+ ]
477843
+ }
477844
+ }
477845
+ },
477846
+ "createdDate": "2023-11-29T17:34:54.000Z",
477847
+ "lastUpdatedDate": "2023-11-29T17:34:54.000Z"
477848
+ },
477849
+ "AWSCleanRoomsMLReadOnlyAccess": {
477850
+ "arn": "arn:aws:iam::aws:policy/AWSCleanRoomsMLReadOnlyAccess",
477851
+ "latestVersionId": "v1",
477852
+ "versionsCount": 1,
477853
+ "versions": {
477854
+ "v1": {
477855
+ "createdDate": "2023-11-29T20:55:31.000Z",
477856
+ "document": {
477857
+ "Version": "2012-10-17",
477858
+ "Statement": [
477859
+ {
477860
+ "Sid": "CleanRoomsConsoleNavigation",
477861
+ "Effect": "Allow",
477862
+ "Action": [
477863
+ "cleanrooms:GetCollaboration",
477864
+ "cleanrooms:GetConfiguredAudienceModelAssociation",
477865
+ "cleanrooms:GetMembership",
477866
+ "cleanrooms:ListAnalysisTemplates",
477867
+ "cleanrooms:ListCollaborationAnalysisTemplates",
477868
+ "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations",
477869
+ "cleanrooms:ListCollaborations",
477870
+ "cleanrooms:ListConfiguredTableAssociations",
477871
+ "cleanrooms:ListConfiguredTables",
477872
+ "cleanrooms:ListMembers",
477873
+ "cleanrooms:ListMemberships",
477874
+ "cleanrooms:ListProtectedQueries",
477875
+ "cleanrooms:ListSchemas",
477876
+ "cleanrooms:ListTagsForResource"
477877
+ ],
477878
+ "Resource": "*"
477879
+ },
477880
+ {
477881
+ "Sid": "CleanRoomsMLRead",
477882
+ "Effect": "Allow",
477883
+ "Action": [
477884
+ "cleanrooms-ml:Get*",
477885
+ "cleanrooms-ml:List*"
477886
+ ],
477887
+ "Resource": "*"
477888
+ }
477889
+ ]
477890
+ }
477891
+ }
477892
+ },
477893
+ "createdDate": "2023-11-29T20:55:31.000Z",
477894
+ "lastUpdatedDate": "2023-11-29T20:55:31.000Z"
477895
+ },
477896
+ "AWSCleanRoomsMLFullAccess": {
477897
+ "arn": "arn:aws:iam::aws:policy/AWSCleanRoomsMLFullAccess",
477898
+ "latestVersionId": "v1",
477899
+ "versionsCount": 1,
477900
+ "versions": {
477901
+ "v1": {
477902
+ "createdDate": "2023-11-29T21:02:06.000Z",
477903
+ "document": {
477904
+ "Version": "2012-10-17",
477905
+ "Statement": [
477906
+ {
477907
+ "Sid": "CleanRoomsMLFullAccess",
477908
+ "Effect": "Allow",
477909
+ "Action": [
477910
+ "cleanrooms-ml:*"
477911
+ ],
477912
+ "Resource": "*"
477913
+ },
477914
+ {
477915
+ "Sid": "PassServiceRole",
477916
+ "Effect": "Allow",
477917
+ "Action": [
477918
+ "iam:PassRole"
477919
+ ],
477920
+ "Resource": [
477921
+ "arn:aws:iam::*:role/cleanrooms-ml*"
477922
+ ],
477923
+ "Condition": {
477924
+ "StringEquals": {
477925
+ "iam:PassedToService": "cleanrooms-ml.amazonaws.com"
477926
+ }
477927
+ }
477928
+ },
477929
+ {
477930
+ "Sid": "CleanRoomsConsoleNavigation",
477931
+ "Effect": "Allow",
477932
+ "Action": [
477933
+ "cleanrooms:GetCollaboration",
477934
+ "cleanrooms:GetConfiguredAudienceModelAssociation",
477935
+ "cleanrooms:GetMembership",
477936
+ "cleanrooms:ListAnalysisTemplates",
477937
+ "cleanrooms:ListCollaborationAnalysisTemplates",
477938
+ "cleanrooms:ListCollaborationConfiguredAudienceModelAssociations",
477939
+ "cleanrooms:ListCollaborations",
477940
+ "cleanrooms:ListConfiguredTableAssociations",
477941
+ "cleanrooms:ListConfiguredTables",
477942
+ "cleanrooms:ListMembers",
477943
+ "cleanrooms:ListMemberships",
477944
+ "cleanrooms:ListProtectedQueries",
477945
+ "cleanrooms:ListSchemas",
477946
+ "cleanrooms:ListTagsForResource"
477947
+ ],
477948
+ "Resource": "*"
477949
+ },
477950
+ {
477951
+ "Sid": "CollaborationMembershipCheck",
477952
+ "Effect": "Allow",
477953
+ "Action": [
477954
+ "cleanrooms:ListMembers"
477955
+ ],
477956
+ "Resource": "*",
477957
+ "Condition": {
477958
+ "ForAnyValue:StringEquals": {
477959
+ "aws:CalledVia": [
477960
+ "cleanrooms-ml.amazonaws.com"
477961
+ ]
477962
+ }
477963
+ }
477964
+ },
477965
+ {
477966
+ "Sid": "AssociateModels",
477967
+ "Effect": "Allow",
477968
+ "Action": [
477969
+ "cleanrooms:CreateConfiguredAudienceModelAssociation"
477970
+ ],
477971
+ "Resource": "*"
477972
+ },
477973
+ {
477974
+ "Sid": "TagAssociations",
477975
+ "Effect": "Allow",
477976
+ "Action": [
477977
+ "cleanrooms:TagResource"
477978
+ ],
477979
+ "Resource": "arn:aws:cleanrooms:*:*:membership/*/configuredaudiencemodelassociation/*"
477980
+ },
477981
+ {
477982
+ "Sid": "ListRolesToPickServiceRole",
477983
+ "Effect": "Allow",
477984
+ "Action": [
477985
+ "iam:ListRoles"
477986
+ ],
477987
+ "Resource": "*"
477988
+ },
477989
+ {
477990
+ "Sid": "GetRoleAndListRolePoliciesToInspectServiceRole",
477991
+ "Effect": "Allow",
477992
+ "Action": [
477993
+ "iam:GetRole",
477994
+ "iam:ListRolePolicies",
477995
+ "iam:ListAttachedRolePolicies"
477996
+ ],
477997
+ "Resource": [
477998
+ "arn:aws:iam::*:role/service-role/cleanrooms-ml*",
477999
+ "arn:aws:iam::*:role/role/cleanrooms-ml*"
478000
+ ]
478001
+ },
478002
+ {
478003
+ "Sid": "ListPoliciesToInspectServiceRolePolicy",
478004
+ "Effect": "Allow",
478005
+ "Action": [
478006
+ "iam:ListPolicies"
478007
+ ],
478008
+ "Resource": "*"
478009
+ },
478010
+ {
478011
+ "Sid": "GetPolicyToInspectServiceRolePolicy",
478012
+ "Effect": "Allow",
478013
+ "Action": [
478014
+ "iam:GetPolicy",
478015
+ "iam:GetPolicyVersion"
478016
+ ],
478017
+ "Resource": "arn:aws:iam::*:policy/*cleanroomsml*"
478018
+ },
478019
+ {
478020
+ "Sid": "ConsoleDisplayTables",
478021
+ "Effect": "Allow",
478022
+ "Action": [
478023
+ "glue:GetDatabase",
478024
+ "glue:GetDatabases",
478025
+ "glue:GetTable",
478026
+ "glue:GetTables",
478027
+ "glue:GetPartition",
478028
+ "glue:GetPartitions",
478029
+ "glue:GetSchema",
478030
+ "glue:GetSchemaVersion",
478031
+ "glue:BatchGetPartition"
478032
+ ],
478033
+ "Resource": "*"
478034
+ },
478035
+ {
478036
+ "Sid": "ConsolePickOutputBucket",
478037
+ "Effect": "Allow",
478038
+ "Action": [
478039
+ "s3:ListAllMyBuckets"
478040
+ ],
478041
+ "Resource": "*"
478042
+ },
478043
+ {
478044
+ "Sid": "ConsolePickS3Location",
478045
+ "Effect": "Allow",
478046
+ "Action": [
478047
+ "s3:ListBucket",
478048
+ "s3:GetBucketLocation"
478049
+ ],
478050
+ "Resource": "arn:aws:s3:::*cleanrooms-ml*"
478051
+ }
478052
+ ]
478053
+ }
478054
+ }
478055
+ },
478056
+ "createdDate": "2023-11-29T21:02:06.000Z",
478057
+ "lastUpdatedDate": "2023-11-29T21:02:06.000Z"
478058
+ },
478059
+ "NeptuneGraphReadOnlyAccess": {
478060
+ "arn": "arn:aws:iam::aws:policy/NeptuneGraphReadOnlyAccess",
478061
+ "latestVersionId": "v1",
478062
+ "versionsCount": 1,
478063
+ "versions": {
478064
+ "v1": {
478065
+ "createdDate": "2023-11-30T07:32:17.000Z",
478066
+ "document": {
478067
+ "Version": "2012-10-17",
478068
+ "Statement": [
478069
+ {
478070
+ "Sid": "AllowReadOnlyPermissionsForNeptuneGraph",
478071
+ "Effect": "Allow",
478072
+ "Action": [
478073
+ "neptune-graph:Get*",
478074
+ "neptune-graph:List*",
478075
+ "neptune-graph:Read*"
478076
+ ],
478077
+ "Resource": "*"
478078
+ },
478079
+ {
478080
+ "Sid": "AllowReadOnlyPermissionsForEC2",
478081
+ "Effect": "Allow",
478082
+ "Action": [
478083
+ "ec2:DescribeVpcEndpoints",
478084
+ "ec2:DescribeVpcAttribute",
478085
+ "ec2:DescribeSecurityGroups",
478086
+ "ec2:DescribeSubnets",
478087
+ "ec2:DescribeVpcs",
478088
+ "ec2:DescribeAvailabilityZones"
478089
+ ],
478090
+ "Resource": "*"
478091
+ },
478092
+ {
478093
+ "Sid": "AllowReadOnlyPermissionsForKMS",
478094
+ "Effect": "Allow",
478095
+ "Action": [
478096
+ "kms:ListKeys",
478097
+ "kms:ListAliases"
478098
+ ],
478099
+ "Resource": "*"
478100
+ },
478101
+ {
478102
+ "Sid": "AllowReadOnlyPermissionsForCloudwatch",
478103
+ "Effect": "Allow",
478104
+ "Action": [
478105
+ "cloudwatch:GetMetricData",
478106
+ "cloudwatch:ListMetrics",
478107
+ "cloudwatch:GetMetricStatistics"
478108
+ ],
478109
+ "Resource": "*"
478110
+ },
478111
+ {
478112
+ "Sid": "AllowReadOnlyPermissionsForLogs",
478113
+ "Effect": "Allow",
478114
+ "Action": [
478115
+ "logs:DescribeLogStreams",
478116
+ "logs:GetLogEvents"
478117
+ ],
478118
+ "Resource": [
478119
+ "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
478120
+ ]
478121
+ }
478122
+ ]
478123
+ }
478124
+ }
478125
+ },
478126
+ "createdDate": "2023-11-30T07:32:17.000Z",
478127
+ "lastUpdatedDate": "2023-11-30T07:32:17.000Z"
476616
478128
  }
476617
478129
  }