cdk-iam-floyd 0.604.0 → 0.605.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/generated/aws-managed-policies.d.ts +1177 -1176
- package/lib/generated/aws-managed-policies.js +1178 -1177
- package/package.json +3 -3
|
@@ -1,2354 +1,2355 @@
|
|
|
1
|
+
/** Provides names of all AWS managed policies. */
|
|
1
2
|
export declare enum AwsManagedPolicies {
|
|
2
3
|
/** Provides full access to AWS services and resources. */
|
|
3
|
-
AdministratorAccess = "
|
|
4
|
+
AdministratorAccess = "AdministratorAccess",
|
|
4
5
|
/** Provides full access to AWS services and resources, but does not allow management of Users and groups. */
|
|
5
|
-
PowerUserAccess = "
|
|
6
|
+
PowerUserAccess = "PowerUserAccess",
|
|
6
7
|
/** Provides read-only access to AWS services and resources. */
|
|
7
|
-
ReadOnlyAccess = "
|
|
8
|
+
ReadOnlyAccess = "ReadOnlyAccess",
|
|
8
9
|
/** Provides access to AWS CloudFormation via the AWS Management Console. */
|
|
9
|
-
AWSCloudFormationReadOnlyAccess = "
|
|
10
|
+
AWSCloudFormationReadOnlyAccess = "AWSCloudFormationReadOnlyAccess",
|
|
10
11
|
/** Provides full access to the CloudFront console plus the ability to list Amazon S3 buckets via the AWS Management Console. */
|
|
11
|
-
CloudFrontFullAccess = "
|
|
12
|
+
CloudFrontFullAccess = "CloudFrontFullAccess",
|
|
12
13
|
/** Provides full access to all CloudHSM resources. */
|
|
13
|
-
AWSCloudHSMFullAccess = "
|
|
14
|
+
AWSCloudHSMFullAccess = "AWSCloudHSMFullAccess",
|
|
14
15
|
/** Provides read only access to all CloudHSM resources. */
|
|
15
|
-
AWSCloudHSMReadOnlyAccess = "
|
|
16
|
+
AWSCloudHSMReadOnlyAccess = "AWSCloudHSMReadOnlyAccess",
|
|
16
17
|
/** Provides full access to Resource Groups and Tag Editor. */
|
|
17
|
-
ResourceGroupsandTagEditorFullAccess = "
|
|
18
|
+
ResourceGroupsandTagEditorFullAccess = "ResourceGroupsandTagEditorFullAccess",
|
|
18
19
|
/** Provides access to use Resource Groups and Tag Editor, but does not allow editing of tags via the Tag Editor. */
|
|
19
|
-
ResourceGroupsandTagEditorReadOnlyAccess = "
|
|
20
|
+
ResourceGroupsandTagEditorReadOnlyAccess = "ResourceGroupsandTagEditorReadOnlyAccess",
|
|
20
21
|
/** Provides access to CloudFront distribution configuration information and list distributions via the AWS Management Console. */
|
|
21
|
-
CloudFrontReadOnlyAccess = "
|
|
22
|
+
CloudFrontReadOnlyAccess = "CloudFrontReadOnlyAccess",
|
|
22
23
|
/** Provides full access to the Amazon CloudSearch configuration service. */
|
|
23
|
-
CloudSearchFullAccess = "
|
|
24
|
+
CloudSearchFullAccess = "CloudSearchFullAccess",
|
|
24
25
|
/** Provides read only access to the Amazon CloudSearch configuration service. */
|
|
25
|
-
CloudSearchReadOnlyAccess = "
|
|
26
|
+
CloudSearchReadOnlyAccess = "CloudSearchReadOnlyAccess",
|
|
26
27
|
/** Provides full access to CloudWatch. */
|
|
27
|
-
CloudWatchFullAccess = "
|
|
28
|
+
CloudWatchFullAccess = "CloudWatchFullAccess",
|
|
28
29
|
/** Provides read only access to CloudWatch. */
|
|
29
|
-
CloudWatchReadOnlyAccess = "
|
|
30
|
+
CloudWatchReadOnlyAccess = "CloudWatchReadOnlyAccess",
|
|
30
31
|
/** Provides full access to CloudWatch Logs */
|
|
31
|
-
CloudWatchLogsFullAccess = "
|
|
32
|
+
CloudWatchLogsFullAccess = "CloudWatchLogsFullAccess",
|
|
32
33
|
/** Provides read only access to CloudWatch Logs */
|
|
33
|
-
CloudWatchLogsReadOnlyAccess = "
|
|
34
|
+
CloudWatchLogsReadOnlyAccess = "CloudWatchLogsReadOnlyAccess",
|
|
34
35
|
/** Provides full access to AWS Direct Connect via the AWS Management Console. */
|
|
35
|
-
AWSDirectConnectFullAccess = "
|
|
36
|
+
AWSDirectConnectFullAccess = "AWSDirectConnectFullAccess",
|
|
36
37
|
/** Provides read only access to AWS Direct Connect via the AWS Management Console. */
|
|
37
|
-
AWSDirectConnectReadOnlyAccess = "
|
|
38
|
+
AWSDirectConnectReadOnlyAccess = "AWSDirectConnectReadOnlyAccess",
|
|
38
39
|
/** Provides full access to Amazon AppStream via the AWS Management Console. */
|
|
39
|
-
AmazonAppStreamFullAccess = "
|
|
40
|
+
AmazonAppStreamFullAccess = "AmazonAppStreamFullAccess",
|
|
40
41
|
/** Provides read only access to Amazon AppStream via the AWS Management Console. */
|
|
41
|
-
AmazonAppStreamReadOnlyAccess = "
|
|
42
|
+
AmazonAppStreamReadOnlyAccess = "AmazonAppStreamReadOnlyAccess",
|
|
42
43
|
/** Provides full access to Amazon DynamoDB via the AWS Management Console. */
|
|
43
|
-
AmazonDynamoDBFullAccess = "
|
|
44
|
+
AmazonDynamoDBFullAccess = "AmazonDynamoDBFullAccess",
|
|
44
45
|
/** Provides read only access to Amazon DynamoDB via the AWS Management Console. */
|
|
45
|
-
AmazonDynamoDBReadOnlyAccess = "
|
|
46
|
+
AmazonDynamoDBReadOnlyAccess = "AmazonDynamoDBReadOnlyAccess",
|
|
46
47
|
/** This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DynamoDBPipeline.html. Provides full access to Amazon DynamoDB including Export/Import using AWS Data Pipeline via the AWS Management Console. */
|
|
47
|
-
AmazonDynamoDBFullAccesswithDataPipeline = "
|
|
48
|
+
AmazonDynamoDBFullAccesswithDataPipeline = "AmazonDynamoDBFullAccesswithDataPipeline",
|
|
48
49
|
/** Provides full access to Amazon EC2 via the AWS Management Console. */
|
|
49
|
-
AmazonEC2FullAccess = "
|
|
50
|
+
AmazonEC2FullAccess = "AmazonEC2FullAccess",
|
|
50
51
|
/** Provides read only access to Amazon EC2 via the AWS Management Console. */
|
|
51
|
-
AmazonEC2ReadOnlyAccess = "
|
|
52
|
+
AmazonEC2ReadOnlyAccess = "AmazonEC2ReadOnlyAccess",
|
|
52
53
|
/** Provides full access to Amazon ElastiCache via the AWS Management Console. */
|
|
53
|
-
AmazonElastiCacheFullAccess = "
|
|
54
|
+
AmazonElastiCacheFullAccess = "AmazonElastiCacheFullAccess",
|
|
54
55
|
/** Provides read only access to Amazon ElastiCache via the AWS Management Console. */
|
|
55
|
-
AmazonElastiCacheReadOnlyAccess = "
|
|
56
|
+
AmazonElastiCacheReadOnlyAccess = "AmazonElastiCacheReadOnlyAccess",
|
|
56
57
|
/** This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html. Provides full access to Amazon Elastic MapReduce and underlying services that it requires such as EC2 and S3 */
|
|
57
|
-
AmazonElasticMapReduceFullAccess = "
|
|
58
|
+
AmazonElasticMapReduceFullAccess = "AmazonElasticMapReduceFullAccess",
|
|
58
59
|
/** Provides read only access to Amazon Elastic MapReduce via the AWS Management Console. */
|
|
59
|
-
AmazonElasticMapReduceReadOnlyAccess = "
|
|
60
|
+
AmazonElasticMapReduceReadOnlyAccess = "AmazonElasticMapReduceReadOnlyAccess",
|
|
60
61
|
/** Provides read only access to Amazon Glacier via the AWS Management Console. */
|
|
61
|
-
AmazonGlacierReadOnlyAccess = "
|
|
62
|
+
AmazonGlacierReadOnlyAccess = "AmazonGlacierReadOnlyAccess",
|
|
62
63
|
/** Provides full access to Amazon Glacier via the AWS Management Console. */
|
|
63
|
-
AmazonGlacierFullAccess = "
|
|
64
|
+
AmazonGlacierFullAccess = "AmazonGlacierFullAccess",
|
|
64
65
|
/** Provides full access to all streams via the AWS Management Console. */
|
|
65
|
-
AmazonKinesisFullAccess = "
|
|
66
|
+
AmazonKinesisFullAccess = "AmazonKinesisFullAccess",
|
|
66
67
|
/** Provides read only access to all streams via the AWS Management Console. */
|
|
67
|
-
AmazonKinesisReadOnlyAccess = "
|
|
68
|
+
AmazonKinesisReadOnlyAccess = "AmazonKinesisReadOnlyAccess",
|
|
68
69
|
/** Provides the ability to review AWS Marketplace subscriptions */
|
|
69
|
-
AWSMarketplaceReadOnly = "
|
|
70
|
+
AWSMarketplaceReadOnly = "AWSMarketplaceRead-only",
|
|
70
71
|
/** Provides the ability to subscribe and unsubscribe to AWS Marketplace software */
|
|
71
|
-
AWSMarketplaceManageSubscriptions = "
|
|
72
|
+
AWSMarketplaceManageSubscriptions = "AWSMarketplaceManageSubscriptions",
|
|
72
73
|
/** Provides full access to all application resources. */
|
|
73
|
-
AmazonMobileAnalyticsFullAccess = "
|
|
74
|
+
AmazonMobileAnalyticsFullAccess = "AmazonMobileAnalyticsFullAccess",
|
|
74
75
|
/** Provides read only access to all reports including financial data for all application resources. */
|
|
75
|
-
AmazonMobileAnalyticsFinancialReportAccess = "
|
|
76
|
+
AmazonMobileAnalyticsFinancialReportAccess = "AmazonMobileAnalyticsFinancialReportAccess",
|
|
76
77
|
/** Provides read only access to non financial reports for all application resources. */
|
|
77
|
-
AmazonMobileAnalyticsNonFinancialReportAccess = "
|
|
78
|
+
AmazonMobileAnalyticsNonFinancialReportAccess = "AmazonMobileAnalyticsNon-financialReportAccess",
|
|
78
79
|
/** Provides write only access to put event data for all application resources. (Recommended for SDK integration) */
|
|
79
|
-
AmazonMobileAnalyticsWriteOnlyAccess = "
|
|
80
|
+
AmazonMobileAnalyticsWriteOnlyAccess = "AmazonMobileAnalyticsWriteOnlyAccess",
|
|
80
81
|
/** Provides full access to IAM via the AWS Management Console. */
|
|
81
|
-
IAMFullAccess = "
|
|
82
|
+
IAMFullAccess = "IAMFullAccess",
|
|
82
83
|
/** Provides read only access to IAM via the AWS Management Console. */
|
|
83
|
-
IAMReadOnlyAccess = "
|
|
84
|
+
IAMReadOnlyAccess = "IAMReadOnlyAccess",
|
|
84
85
|
/** Provides access to AWS Key Management Service (KMS). */
|
|
85
|
-
AWSKeyManagementServicePowerUser = "
|
|
86
|
+
AWSKeyManagementServicePowerUser = "AWSKeyManagementServicePowerUser",
|
|
86
87
|
/** Provides full access to WorkMail, Directory Service, SES, EC2 and read access to KMS metadata. */
|
|
87
|
-
AmazonWorkMailFullAccess = "
|
|
88
|
+
AmazonWorkMailFullAccess = "AmazonWorkMailFullAccess",
|
|
88
89
|
/** Provides read only access to WorkMail and SES. */
|
|
89
|
-
AmazonWorkMailReadOnlyAccess = "
|
|
90
|
+
AmazonWorkMailReadOnlyAccess = "AmazonWorkMailReadOnlyAccess",
|
|
90
91
|
/** Provides read only access to the jobs created under the AWS account. */
|
|
91
|
-
AWSImportExportReadOnlyAccess = "
|
|
92
|
+
AWSImportExportReadOnlyAccess = "AWSImportExportReadOnlyAccess",
|
|
92
93
|
/** Provides read and write access to the jobs created under the AWS account. */
|
|
93
|
-
AWSImportExportFullAccess = "
|
|
94
|
+
AWSImportExportFullAccess = "AWSImportExportFullAccess",
|
|
94
95
|
/** Provides Put, Get access to S3 and full access to CloudWatch Logs. */
|
|
95
|
-
AWSLambdaExecute = "
|
|
96
|
+
AWSLambdaExecute = "AWSLambdaExecute",
|
|
96
97
|
/** Provides read access to DynamoDB Streams. */
|
|
97
|
-
AWSLambdaInvocationDynamoDB = "
|
|
98
|
+
AWSLambdaInvocationDynamoDB = "AWSLambdaInvocation-DynamoDB",
|
|
98
99
|
/** Provides full access to Amazon Redshift via the AWS Management Console. */
|
|
99
|
-
AmazonRedshiftFullAccess = "
|
|
100
|
+
AmazonRedshiftFullAccess = "AmazonRedshiftFullAccess",
|
|
100
101
|
/** Provides read only access to Amazon Redshift via the AWS Management Console. */
|
|
101
|
-
AmazonRedshiftReadOnlyAccess = "
|
|
102
|
+
AmazonRedshiftReadOnlyAccess = "AmazonRedshiftReadOnlyAccess",
|
|
102
103
|
/** Provides full access to Amazon RDS via the AWS Management Console. */
|
|
103
|
-
AmazonRDSFullAccess = "
|
|
104
|
+
AmazonRDSFullAccess = "AmazonRDSFullAccess",
|
|
104
105
|
/** Provides read only access to Amazon RDS via the AWS Management Console. */
|
|
105
|
-
AmazonRDSReadOnlyAccess = "
|
|
106
|
+
AmazonRDSReadOnlyAccess = "AmazonRDSReadOnlyAccess",
|
|
106
107
|
/** Provides full access to all Amazon Route 53 via the AWS Management Console. */
|
|
107
|
-
AmazonRoute53FullAccess = "
|
|
108
|
+
AmazonRoute53FullAccess = "AmazonRoute53FullAccess",
|
|
108
109
|
/** Provides read only access to all Amazon Route 53 via the AWS Management Console. */
|
|
109
|
-
AmazonRoute53ReadOnlyAccess = "
|
|
110
|
+
AmazonRoute53ReadOnlyAccess = "AmazonRoute53ReadOnlyAccess",
|
|
110
111
|
/** Provides full access to all Route53 Domains actions and Create Hosted Zone to allow Hosted Zone creation as part of domain registrations. */
|
|
111
|
-
AmazonRoute53DomainsFullAccess = "
|
|
112
|
+
AmazonRoute53DomainsFullAccess = "AmazonRoute53DomainsFullAccess",
|
|
112
113
|
/** Provides access to Route53 Domains list and actions. */
|
|
113
|
-
AmazonRoute53DomainsReadOnlyAccess = "
|
|
114
|
+
AmazonRoute53DomainsReadOnlyAccess = "AmazonRoute53DomainsReadOnlyAccess",
|
|
114
115
|
/** Provides full access to all buckets via the AWS Management Console. */
|
|
115
|
-
AmazonS3FullAccess = "
|
|
116
|
+
AmazonS3FullAccess = "AmazonS3FullAccess",
|
|
116
117
|
/** Provides read only access to all buckets via the AWS Management Console. */
|
|
117
|
-
AmazonS3ReadOnlyAccess = "
|
|
118
|
+
AmazonS3ReadOnlyAccess = "AmazonS3ReadOnlyAccess",
|
|
118
119
|
/** The security audit template grants access to read security configuration metadata. It is useful for software that audits the configuration of an AWS account. */
|
|
119
|
-
SecurityAudit = "
|
|
120
|
+
SecurityAudit = "SecurityAudit",
|
|
120
121
|
/** Provides full access to Amazon SES via the AWS Management Console. */
|
|
121
|
-
AmazonSESFullAccess = "
|
|
122
|
+
AmazonSESFullAccess = "AmazonSESFullAccess",
|
|
122
123
|
/** Provides read only access to Amazon SES via the AWS Management Console. */
|
|
123
|
-
AmazonSESReadOnlyAccess = "
|
|
124
|
+
AmazonSESReadOnlyAccess = "AmazonSESReadOnlyAccess",
|
|
124
125
|
/** Provides full access to the Simple Workflow configuration service. */
|
|
125
|
-
SimpleWorkflowFullAccess = "
|
|
126
|
+
SimpleWorkflowFullAccess = "SimpleWorkflowFullAccess",
|
|
126
127
|
/** Provides full access to Amazon SNS via the AWS Management Console. */
|
|
127
|
-
AmazonSNSFullAccess = "
|
|
128
|
+
AmazonSNSFullAccess = "AmazonSNSFullAccess",
|
|
128
129
|
/** Provides read only access to Amazon SNS via the AWS Management Console. */
|
|
129
|
-
AmazonSNSReadOnlyAccess = "
|
|
130
|
+
AmazonSNSReadOnlyAccess = "AmazonSNSReadOnlyAccess",
|
|
130
131
|
/** Provides full access to Amazon SQS via the AWS Management Console. */
|
|
131
|
-
AmazonSQSFullAccess = "
|
|
132
|
+
AmazonSQSFullAccess = "AmazonSQSFullAccess",
|
|
132
133
|
/** Provides read only access to Amazon SQS via the AWS Management Console. */
|
|
133
|
-
AmazonSQSReadOnlyAccess = "
|
|
134
|
+
AmazonSQSReadOnlyAccess = "AmazonSQSReadOnlyAccess",
|
|
134
135
|
/** Provides full access to AWS Storage Gateway via the AWS Management Console. */
|
|
135
|
-
AWSStorageGatewayFullAccess = "
|
|
136
|
+
AWSStorageGatewayFullAccess = "AWSStorageGatewayFullAccess",
|
|
136
137
|
/** Provides access to AWS Storage Gateway via the AWS Management Console. */
|
|
137
|
-
AWSStorageGatewayReadOnlyAccess = "
|
|
138
|
+
AWSStorageGatewayReadOnlyAccess = "AWSStorageGatewayReadOnlyAccess",
|
|
138
139
|
/** Allows users to access the AWS Support Center. */
|
|
139
|
-
AWSSupportAccess = "
|
|
140
|
+
AWSSupportAccess = "AWSSupportAccess",
|
|
140
141
|
/** Provides full access to AWS Directory Service. */
|
|
141
|
-
AWSDirectoryServiceFullAccess = "
|
|
142
|
+
AWSDirectoryServiceFullAccess = "AWSDirectoryServiceFullAccess",
|
|
142
143
|
/** Provides read only access to AWS Directory Service. */
|
|
143
|
-
AWSDirectoryServiceReadOnlyAccess = "
|
|
144
|
+
AWSDirectoryServiceReadOnlyAccess = "AWSDirectoryServiceReadOnlyAccess",
|
|
144
145
|
/** Provides full access to Amazon Zocalo. */
|
|
145
|
-
AmazonZocaloFullAccess = "
|
|
146
|
+
AmazonZocaloFullAccess = "AmazonZocaloFullAccess",
|
|
146
147
|
/** Provides read only access to Amazon Zocalo */
|
|
147
|
-
AmazonZocaloReadOnlyAccess = "
|
|
148
|
+
AmazonZocaloReadOnlyAccess = "AmazonZocaloReadOnlyAccess",
|
|
148
149
|
/** Provides full access to Amazon VPC via the AWS Management Console. */
|
|
149
|
-
AmazonVPCFullAccess = "
|
|
150
|
+
AmazonVPCFullAccess = "AmazonVPCFullAccess",
|
|
150
151
|
/** Provides read only access to Amazon VPC via the AWS Management Console. */
|
|
151
|
-
AmazonVPCReadOnlyAccess = "
|
|
152
|
+
AmazonVPCReadOnlyAccess = "AmazonVPCReadOnlyAccess",
|
|
152
153
|
/** Allows users to access the Account Activity page. */
|
|
153
|
-
AWSAccountActivityAccess = "
|
|
154
|
+
AWSAccountActivityAccess = "AWSAccountActivityAccess",
|
|
154
155
|
/** Allows users to access the Account Usage Report page. */
|
|
155
|
-
AWSAccountUsageReportAccess = "
|
|
156
|
+
AWSAccountUsageReportAccess = "AWSAccountUsageReportAccess",
|
|
156
157
|
/** This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-iam-policies.html. Default policy for the Amazon Elastic MapReduce service role. */
|
|
157
|
-
AmazonElasticMapReduceRole = "
|
|
158
|
+
AmazonElasticMapReduceRole = "service-role/AmazonElasticMapReduceRole",
|
|
158
159
|
/** Default policy for the Amazon Elastic MapReduce for EC2 service role. */
|
|
159
|
-
AmazonElasticMapReduceforEC2Role = "
|
|
160
|
+
AmazonElasticMapReduceforEC2Role = "service-role/AmazonElasticMapReduceforEC2Role",
|
|
160
161
|
/** Default policy for the AutoScaling Notification Access service role. */
|
|
161
|
-
AutoScalingNotificationAccessRole = "
|
|
162
|
+
AutoScalingNotificationAccessRole = "service-role/AutoScalingNotificationAccessRole",
|
|
162
163
|
/** Default policy for the AWS CloudHSM service role. */
|
|
163
|
-
AWSCloudHSMRole = "
|
|
164
|
+
AWSCloudHSMRole = "service-role/AWSCloudHSMRole",
|
|
164
165
|
/** Default policy for the Amazon EC2 Role for Data Pipeline service role. */
|
|
165
|
-
AmazonEC2RoleforDataPipelineRole = "
|
|
166
|
+
AmazonEC2RoleforDataPipelineRole = "service-role/AmazonEC2RoleforDataPipelineRole",
|
|
166
167
|
/** Default policy for the Amazon Elastic Transcoder service role. */
|
|
167
|
-
AmazonElasticTranscoderRole = "
|
|
168
|
+
AmazonElasticTranscoderRole = "service-role/AmazonElasticTranscoderRole",
|
|
168
169
|
/** Default policy for AWS Lambda service role. */
|
|
169
|
-
AWSLambdaRole = "
|
|
170
|
+
AWSLambdaRole = "service-role/AWSLambdaRole",
|
|
170
171
|
/** Default policy for the Amazon RDS service role. */
|
|
171
|
-
RDSCloudHsmAuthorizationRole = "
|
|
172
|
+
RDSCloudHsmAuthorizationRole = "service-role/RDSCloudHsmAuthorizationRole",
|
|
172
173
|
/** Default policy for Amazon SNS service role. */
|
|
173
|
-
AmazonSNSRole = "
|
|
174
|
+
AmazonSNSRole = "service-role/AmazonSNSRole",
|
|
174
175
|
/** Enables broad read/write access to ALL EC2 objects, read/write access to S3 buckets starting with 'import-to-ec2-', and the ability to list all S3 buckets, for the AWS Connector to import VMs on your behalf. */
|
|
175
|
-
AWSConnector = "
|
|
176
|
+
AWSConnector = "AWSConnector",
|
|
176
177
|
/** Provides the ability to subscribe and unsubscribe to AWS Marketplace software, allows users to manage Marketplace software instances from the Marketplace 'Your Software' page, and provides administrative access to EC2. */
|
|
177
|
-
AWSMarketplaceFullAccess = "
|
|
178
|
+
AWSMarketplaceFullAccess = "AWSMarketplaceFullAccess",
|
|
178
179
|
/** Provides access to use AWS Config, including searching by tags on resources, and reading all tags. This does not provide permission to configure AWS Config, which requires administrative privileges. */
|
|
179
|
-
AWSConfigUserAccess = "
|
|
180
|
+
AWSConfigUserAccess = "AWSConfigUserAccess",
|
|
180
181
|
/** Default policy for the Amazon EC2 Role for Amazon EC2 Container Service. */
|
|
181
|
-
AmazonEC2ContainerServiceforEC2Role = "
|
|
182
|
+
AmazonEC2ContainerServiceforEC2Role = "service-role/AmazonEC2ContainerServiceforEC2Role",
|
|
182
183
|
/** Provides read only access to Amazon Cognito resources. */
|
|
183
|
-
AmazonCognitoReadOnly = "
|
|
184
|
+
AmazonCognitoReadOnly = "AmazonCognitoReadOnly",
|
|
184
185
|
/** Provides administrative access to existing Amazon Cognito resources. You will need AWS account admin privileges to create new Cognito resources. */
|
|
185
|
-
AmazonCognitoPowerUser = "
|
|
186
|
+
AmazonCognitoPowerUser = "AmazonCognitoPowerUser",
|
|
186
187
|
/** Provides access to Amazon Cognito APIs to support developer authenticated identities from your authentication backend. */
|
|
187
|
-
AmazonCognitoDeveloperAuthenticatedIdentities = "
|
|
188
|
+
AmazonCognitoDeveloperAuthenticatedIdentities = "AmazonCognitoDeveloperAuthenticatedIdentities",
|
|
188
189
|
/** Provides administrator access for packaging an application in Amazon WorkSpaces Application Manager. */
|
|
189
|
-
AmazonWorkSpacesApplicationManagerAdminAccess = "
|
|
190
|
+
AmazonWorkSpacesApplicationManagerAdminAccess = "AmazonWorkSpacesApplicationManagerAdminAccess",
|
|
190
191
|
/** Provides write permissions to CloudWatch Logs. */
|
|
191
|
-
AWSLambdaBasicExecutionRole = "
|
|
192
|
+
AWSLambdaBasicExecutionRole = "service-role/AWSLambdaBasicExecutionRole",
|
|
192
193
|
/** Provides list and read access to DynamoDB streams and write permissions to CloudWatch logs. */
|
|
193
|
-
AWSLambdaDynamoDBExecutionRole = "
|
|
194
|
+
AWSLambdaDynamoDBExecutionRole = "service-role/AWSLambdaDynamoDBExecutionRole",
|
|
194
195
|
/** Provides list and read access to Kinesis streams and write permissions to CloudWatch logs. */
|
|
195
|
-
AWSLambdaKinesisExecutionRole = "
|
|
196
|
+
AWSLambdaKinesisExecutionRole = "service-role/AWSLambdaKinesisExecutionRole",
|
|
196
197
|
/** Default policy for Amazon ECS service role. */
|
|
197
|
-
AmazonEC2ContainerServiceRole = "
|
|
198
|
+
AmazonEC2ContainerServiceRole = "service-role/AmazonEC2ContainerServiceRole",
|
|
198
199
|
/** Grants users permission to request Amazon Machine Learning batch predictions. */
|
|
199
|
-
AmazonMachineLearningBatchPredictionsAccess = "
|
|
200
|
+
AmazonMachineLearningBatchPredictionsAccess = "AmazonMachineLearningBatchPredictionsAccess",
|
|
200
201
|
/** Provides create access for non-prediction Amazon Machine Learning resources. */
|
|
201
|
-
AmazonMachineLearningCreateOnlyAccess = "
|
|
202
|
+
AmazonMachineLearningCreateOnlyAccess = "AmazonMachineLearningCreateOnlyAccess",
|
|
202
203
|
/** Provides full access to Amazon Machine Learning resources. */
|
|
203
|
-
AmazonMachineLearningFullAccess = "
|
|
204
|
+
AmazonMachineLearningFullAccess = "AmazonMachineLearningFullAccess",
|
|
204
205
|
/** Grants users permission to create and delete the real-time endpoint for Amazon Machine Learning models. */
|
|
205
|
-
AmazonMachineLearningManageRealTimeEndpointOnlyAccess = "
|
|
206
|
+
AmazonMachineLearningManageRealTimeEndpointOnlyAccess = "AmazonMachineLearningManageRealTimeEndpointOnlyAccess",
|
|
206
207
|
/** Provides read only access to Amazon Machine Learning resources. */
|
|
207
|
-
AmazonMachineLearningReadOnlyAccess = "
|
|
208
|
+
AmazonMachineLearningReadOnlyAccess = "AmazonMachineLearningReadOnlyAccess",
|
|
208
209
|
/** Grants users permission to request Amazon Machine Learning real-time predictions. */
|
|
209
|
-
AmazonMachineLearningRealTimePredictionOnlyAccess = "
|
|
210
|
+
AmazonMachineLearningRealTimePredictionOnlyAccess = "AmazonMachineLearningRealTimePredictionOnlyAccess",
|
|
210
211
|
/** Provides CodeDeploy service access to expand tags and interact with Auto Scaling on your behalf. */
|
|
211
|
-
AWSCodeDeployRole = "
|
|
212
|
+
AWSCodeDeployRole = "service-role/AWSCodeDeployRole",
|
|
212
213
|
/** Provides EC2 access to S3 bucket to download revision. This role is needed by the CodeDeploy agent on EC2 instances. */
|
|
213
|
-
AmazonEC2RoleforAWSCodeDeploy = "
|
|
214
|
+
AmazonEC2RoleforAWSCodeDeploy = "service-role/AmazonEC2RoleforAWSCodeDeploy",
|
|
214
215
|
/** Provides full access to CodeDeploy resources. */
|
|
215
|
-
AWSCodeDeployFullAccess = "
|
|
216
|
+
AWSCodeDeployFullAccess = "AWSCodeDeployFullAccess",
|
|
216
217
|
/** Provides access to register and deploy a revision. */
|
|
217
|
-
AWSCodeDeployDeployerAccess = "
|
|
218
|
+
AWSCodeDeployDeployerAccess = "AWSCodeDeployDeployerAccess",
|
|
218
219
|
/** Provides read only access to CodeDeploy resources. */
|
|
219
|
-
AWSCodeDeployReadOnlyAccess = "
|
|
220
|
+
AWSCodeDeployReadOnlyAccess = "AWSCodeDeployReadOnlyAccess",
|
|
220
221
|
/** Provides full access to Amazon EFS via the AWS Management Console. */
|
|
221
|
-
AmazonElasticFileSystemFullAccess = "
|
|
222
|
+
AmazonElasticFileSystemFullAccess = "AmazonElasticFileSystemFullAccess",
|
|
222
223
|
/** Provides read only access to Amazon EFS via the AWS Management Console. */
|
|
223
|
-
AmazonElasticFileSystemReadOnlyAccess = "
|
|
224
|
+
AmazonElasticFileSystemReadOnlyAccess = "AmazonElasticFileSystemReadOnlyAccess",
|
|
224
225
|
/** Provides full access to Amazon SSM. */
|
|
225
|
-
AmazonSSMFullAccess = "
|
|
226
|
+
AmazonSSMFullAccess = "AmazonSSMFullAccess",
|
|
226
227
|
/** Provides read only access to Amazon SSM. */
|
|
227
|
-
AmazonSSMReadOnlyAccess = "
|
|
228
|
+
AmazonSSMReadOnlyAccess = "AmazonSSMReadOnlyAccess",
|
|
228
229
|
/** This policy will soon be deprecated. Please use AmazonSSMManagedInstanceCore policy to enable AWS Systems Manager service core functionality on EC2 instances. For more information see https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html */
|
|
229
|
-
AmazonEC2RoleforSSM = "
|
|
230
|
+
AmazonEC2RoleforSSM = "service-role/AmazonEC2RoleforSSM",
|
|
230
231
|
/** Provides read-only access to CloudWatch alarms and metrics as well as EC2 metadata. Provides access to Stop, Terminate and Reboot EC2 instances. */
|
|
231
|
-
CloudWatchActionsEC2Access = "
|
|
232
|
+
CloudWatchActionsEC2Access = "CloudWatchActionsEC2Access",
|
|
232
233
|
/** Provides access for custom actions to poll for jobs details (including temporary credentials) and report status updates to AWS CodePipeline. */
|
|
233
|
-
AWSCodePipelineCustomActionAccess = "
|
|
234
|
+
AWSCodePipelineCustomActionAccess = "AWSCodePipelineCustomActionAccess",
|
|
234
235
|
/** Provides full access to AWS CodeCommit via the AWS Management Console. */
|
|
235
|
-
AWSCodeCommitFullAccess = "
|
|
236
|
+
AWSCodeCommitFullAccess = "AWSCodeCommitFullAccess",
|
|
236
237
|
/** Provides read only access to AWS CodeCommit via the AWS Management Console. */
|
|
237
|
-
AWSCodeCommitReadOnly = "
|
|
238
|
+
AWSCodeCommitReadOnly = "AWSCodeCommitReadOnly",
|
|
238
239
|
/** Provides full access to AWS CodeCommit repositories, but does not allow repository deletion. */
|
|
239
|
-
AWSCodeCommitPowerUser = "
|
|
240
|
+
AWSCodeCommitPowerUser = "AWSCodeCommitPowerUser",
|
|
240
241
|
/** Provides the ability for an IAM user to manage their own SSH keys. */
|
|
241
|
-
IAMUserSSHKeys = "
|
|
242
|
+
IAMUserSSHKeys = "IAMUserSSHKeys",
|
|
242
243
|
/** Provides full access to create/edit/delete APIs in Amazon API Gateway via the AWS Management Console. */
|
|
243
|
-
AmazonAPIGatewayAdministrator = "
|
|
244
|
+
AmazonAPIGatewayAdministrator = "AmazonAPIGatewayAdministrator",
|
|
244
245
|
/** Provides full access to invoke APIs in Amazon API Gateway. */
|
|
245
|
-
AmazonAPIGatewayInvokeFullAccess = "
|
|
246
|
+
AmazonAPIGatewayInvokeFullAccess = "AmazonAPIGatewayInvokeFullAccess",
|
|
246
247
|
/** Provides full access to all AWS Device Farm operations. */
|
|
247
|
-
AWSDeviceFarmFullAccess = "
|
|
248
|
+
AWSDeviceFarmFullAccess = "AWSDeviceFarmFullAccess",
|
|
248
249
|
/** Provides access to manage VPC settings for Amazon managed customer configurations */
|
|
249
|
-
AmazonDRSVPCManagement = "
|
|
250
|
+
AmazonDRSVPCManagement = "AmazonDRSVPCManagement",
|
|
250
251
|
/** Default policy for the VM Import/Export service role, for customers using the AWS Connector. The VM Import/Export service assumes a role with this policy to fulfill virtual machine migration requests from the AWS Connector virtual appliance. (Note that the AWS Connector uses the "AWSConnector" managed policy to issue requests on the customer's behalf to the VM Import/Export service.) Provides the ability to create AMIs and EBS snapshots, modify EBS snapshot attributes, make "Describe*" calls on EC2 objects, and read from S3 buckets starting with 'import-to-ec2-'. */
|
|
251
|
-
VMImportExportRoleForAWSConnector = "
|
|
252
|
+
VMImportExportRoleForAWSConnector = "service-role/VMImportExportRoleForAWSConnector",
|
|
252
253
|
/** Provides access to Amazon WorkSpaces administrative actions via AWS SDK and CLI. */
|
|
253
|
-
AmazonWorkSpacesAdmin = "
|
|
254
|
+
AmazonWorkSpacesAdmin = "AmazonWorkSpacesAdmin",
|
|
254
255
|
/** Provides full access to the Amazon ES configuration service. */
|
|
255
|
-
AmazonESFullAccess = "
|
|
256
|
+
AmazonESFullAccess = "AmazonESFullAccess",
|
|
256
257
|
/** Provides read-only access to the Amazon ES configuration service. */
|
|
257
|
-
AmazonESReadOnlyAccess = "
|
|
258
|
+
AmazonESReadOnlyAccess = "AmazonESReadOnlyAccess",
|
|
258
259
|
/** Provides read only access to AWS WAF actions. */
|
|
259
|
-
AWSWAFReadOnlyAccess = "
|
|
260
|
+
AWSWAFReadOnlyAccess = "AWSWAFReadOnlyAccess",
|
|
260
261
|
/** Provides full access to AWS WAF actions. */
|
|
261
|
-
AWSWAFFullAccess = "
|
|
262
|
+
AWSWAFFullAccess = "AWSWAFFullAccess",
|
|
262
263
|
/** Provides read only access to Amazon Inspector. */
|
|
263
|
-
AmazonInspectorReadOnlyAccess = "
|
|
264
|
+
AmazonInspectorReadOnlyAccess = "AmazonInspectorReadOnlyAccess",
|
|
264
265
|
/** Provides full access to Amazon Inspector. */
|
|
265
|
-
AmazonInspectorFullAccess = "
|
|
266
|
+
AmazonInspectorFullAccess = "AmazonInspectorFullAccess",
|
|
266
267
|
/** Provides read only access to all Amazon Kinesis Firehose Delivery Streams. */
|
|
267
|
-
AmazonKinesisFirehoseReadOnlyAccess = "
|
|
268
|
+
AmazonKinesisFirehoseReadOnlyAccess = "AmazonKinesisFirehoseReadOnlyAccess",
|
|
268
269
|
/** Provides full access to all Amazon Kinesis Firehose Delivery Streams. */
|
|
269
|
-
AmazonKinesisFirehoseFullAccess = "
|
|
270
|
+
AmazonKinesisFirehoseFullAccess = "AmazonKinesisFirehoseFullAccess",
|
|
270
271
|
/** Allows access to all AWS services supported in AWS IoT Rule Actions */
|
|
271
|
-
AWSIoTRuleActions = "
|
|
272
|
+
AWSIoTRuleActions = "service-role/AWSIoTRuleActions",
|
|
272
273
|
/** Allows creation of Amazon CloudWatch Log groups and streaming logs to the groups */
|
|
273
|
-
AWSIoTLogging = "
|
|
274
|
+
AWSIoTLogging = "service-role/AWSIoTLogging",
|
|
274
275
|
/** This policy gives full access to the AWS IoT configuration and messaging actions */
|
|
275
|
-
AWSIoTFullAccess = "
|
|
276
|
+
AWSIoTFullAccess = "AWSIoTFullAccess",
|
|
276
277
|
/** This policy gives full access to the AWS IoT messaging actions */
|
|
277
|
-
AWSIoTDataAccess = "
|
|
278
|
+
AWSIoTDataAccess = "AWSIoTDataAccess",
|
|
278
279
|
/** This policy gives full access to the AWS IoT configuration actions */
|
|
279
|
-
AWSIoTConfigAccess = "
|
|
280
|
+
AWSIoTConfigAccess = "AWSIoTConfigAccess",
|
|
280
281
|
/** This policy gives read only access to the AWS IoT configuration actions */
|
|
281
|
-
AWSIoTConfigReadOnlyAccess = "
|
|
282
|
+
AWSIoTConfigReadOnlyAccess = "AWSIoTConfigReadOnlyAccess",
|
|
282
283
|
/** Allow QuickSight to describe the RDS resources */
|
|
283
|
-
AWSQuickSightDescribeRDS = "
|
|
284
|
+
AWSQuickSightDescribeRDS = "service-role/AWSQuickSightDescribeRDS",
|
|
284
285
|
/** Allow QuickSight to describe Redshift resources */
|
|
285
|
-
AWSQuickSightDescribeRedshift = "
|
|
286
|
+
AWSQuickSightDescribeRedshift = "service-role/AWSQuickSightDescribeRedshift",
|
|
286
287
|
/** Allow QuickSight to list IAM entities */
|
|
287
|
-
AWSQuickSightListIAM = "
|
|
288
|
+
AWSQuickSightListIAM = "service-role/AWSQuickSightListIAM",
|
|
288
289
|
/** Provides access to Cloudwatch for RDS Enhanced Monitoring */
|
|
289
|
-
AmazonRDSEnhancedMonitoringRole = "
|
|
290
|
+
AmazonRDSEnhancedMonitoringRole = "service-role/AmazonRDSEnhancedMonitoringRole",
|
|
290
291
|
/** Allows API Gateway to push logs to user's account. */
|
|
291
|
-
AmazonAPIGatewayPushToCloudWatchLogs = "
|
|
292
|
+
AmazonAPIGatewayPushToCloudWatchLogs = "service-role/AmazonAPIGatewayPushToCloudWatchLogs",
|
|
292
293
|
/** Provides access to manage VPC settings for AWS managed customer configurations */
|
|
293
|
-
AmazonDMSVPCManagementRole = "
|
|
294
|
+
AmazonDMSVPCManagementRole = "service-role/AmazonDMSVPCManagementRole",
|
|
294
295
|
/** Provides full access to all APIs in Amazon Mechanical Turk. */
|
|
295
|
-
AmazonMechanicalTurkFullAccess = "
|
|
296
|
+
AmazonMechanicalTurkFullAccess = "AmazonMechanicalTurkFullAccess",
|
|
296
297
|
/** Provides access to read only APIs in Amazon Mechanical Turk. */
|
|
297
|
-
AmazonMechanicalTurkReadOnly = "
|
|
298
|
+
AmazonMechanicalTurkReadOnly = "AmazonMechanicalTurkReadOnly",
|
|
298
299
|
/** Provides read-only access to Amazon EC2 Container Registry repositories. */
|
|
299
|
-
AmazonEC2ContainerRegistryReadOnly = "
|
|
300
|
+
AmazonEC2ContainerRegistryReadOnly = "AmazonEC2ContainerRegistryReadOnly",
|
|
300
301
|
/** Provides full access to Amazon EC2 Container Registry repositories, but does not allow repository deletion or policy changes. */
|
|
301
|
-
AmazonEC2ContainerRegistryPowerUser = "
|
|
302
|
+
AmazonEC2ContainerRegistryPowerUser = "AmazonEC2ContainerRegistryPowerUser",
|
|
302
303
|
/** Provides administrative access to Amazon ECR resources */
|
|
303
|
-
AmazonEC2ContainerRegistryFullAccess = "
|
|
304
|
+
AmazonEC2ContainerRegistryFullAccess = "AmazonEC2ContainerRegistryFullAccess",
|
|
304
305
|
/** Provides access to upload DMS replication logs to cloudwatch logs in customer account. */
|
|
305
|
-
AmazonDMSCloudWatchLogsRole = "
|
|
306
|
+
AmazonDMSCloudWatchLogsRole = "service-role/AmazonDMSCloudWatchLogsRole",
|
|
306
307
|
/** Provides read only access to Amazon CloudWatch Events. */
|
|
307
|
-
CloudWatchEventsReadOnlyAccess = "
|
|
308
|
+
CloudWatchEventsReadOnlyAccess = "CloudWatchEventsReadOnlyAccess",
|
|
308
309
|
/** Allows built-in targets in Amazon CloudWatch Events to perform EC2 actions on your behalf. */
|
|
309
|
-
CloudWatchEventsBuiltInTargetExecutionAccess = "
|
|
310
|
+
CloudWatchEventsBuiltInTargetExecutionAccess = "service-role/CloudWatchEventsBuiltInTargetExecutionAccess",
|
|
310
311
|
/** Allows Amazon CloudWatch Events to relay events to the streams in AWS Kinesis Streams in your account. */
|
|
311
|
-
CloudWatchEventsInvocationAccess = "
|
|
312
|
+
CloudWatchEventsInvocationAccess = "service-role/CloudWatchEventsInvocationAccess",
|
|
312
313
|
/** Provides full access to Amazon CloudWatch Events. */
|
|
313
|
-
CloudWatchEventsFullAccess = "
|
|
314
|
+
CloudWatchEventsFullAccess = "CloudWatchEventsFullAccess",
|
|
314
315
|
/** Provides full access to AWS Certificate Manager (ACM) */
|
|
315
|
-
AWSCertificateManagerFullAccess = "
|
|
316
|
+
AWSCertificateManagerFullAccess = "AWSCertificateManagerFullAccess",
|
|
316
317
|
/** Provides read only access to AWS Certificate Manager (ACM). */
|
|
317
|
-
AWSCertificateManagerReadOnly = "
|
|
318
|
+
AWSCertificateManagerReadOnly = "AWSCertificateManagerReadOnly",
|
|
318
319
|
/** Provide the instances in your web server environment access to upload log files to Amazon S3. */
|
|
319
|
-
AWSElasticBeanstalkWebTier = "
|
|
320
|
+
AWSElasticBeanstalkWebTier = "AWSElasticBeanstalkWebTier",
|
|
320
321
|
/** Provide the instances in your worker environment access to upload log files to Amazon S3, to use Amazon SQS to monitor your application's job queue, to use Amazon DynamoDB to perform leader election, and to Amazon CloudWatch to publish metrics for health monitoring. */
|
|
321
|
-
AWSElasticBeanstalkWorkerTier = "
|
|
322
|
+
AWSElasticBeanstalkWorkerTier = "AWSElasticBeanstalkWorkerTier",
|
|
322
323
|
/** Provide the instances in your multicontainer Docker environment access to use the Amazon EC2 Container Service to manage container deployment tasks. */
|
|
323
|
-
AWSElasticBeanstalkMulticontainerDocker = "
|
|
324
|
+
AWSElasticBeanstalkMulticontainerDocker = "AWSElasticBeanstalkMulticontainerDocker",
|
|
324
325
|
/** AWS Elastic Beanstalk Service policy for Health Monitoring system */
|
|
325
|
-
AWSElasticBeanstalkEnhancedHealth = "
|
|
326
|
+
AWSElasticBeanstalkEnhancedHealth = "service-role/AWSElasticBeanstalkEnhancedHealth",
|
|
326
327
|
/** Provides minimum permissions for a Lambda function to execute while accessing a resource within a VPC - create, describe, delete network interfaces and write permissions to CloudWatch Logs. */
|
|
327
|
-
AWSLambdaVPCAccessExecutionRole = "
|
|
328
|
+
AWSLambdaVPCAccessExecutionRole = "service-role/AWSLambdaVPCAccessExecutionRole",
|
|
328
329
|
/** Allow RDS to access Directory Service Managed AD on behalf of the customer for domain-joined SQL Server DB instances. */
|
|
329
|
-
AmazonRDSDirectoryServiceAccess = "
|
|
330
|
+
AmazonRDSDirectoryServiceAccess = "service-role/AmazonRDSDirectoryServiceAccess",
|
|
330
331
|
/** Provides full access to AWS Marketplace Metering. */
|
|
331
|
-
AWSMarketplaceMeteringFullAccess = "
|
|
332
|
+
AWSMarketplaceMeteringFullAccess = "AWSMarketplaceMeteringFullAccess",
|
|
332
333
|
/** Allows an AWS Lambda function to access the AWS Config API and the configuration snapshots that AWS Config delivers periodically to Amazon S3. This access is required by functions that evaluate configuration changes for custom Config rules. */
|
|
333
|
-
AWSConfigRulesExecutionRole = "
|
|
334
|
+
AWSConfigRulesExecutionRole = "service-role/AWSConfigRulesExecutionRole",
|
|
334
335
|
/** This policy is on a deprecation path. See documentation for guidance: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/iam-servicerole.html. AWS Elastic Beanstalk Service role policy which grants permissions to create & manage resources (i.e.: AutoScaling, EC2, S3, CloudFormation, ELB, etc.) on your behalf. */
|
|
335
|
-
AWSElasticBeanstalkService = "
|
|
336
|
+
AWSElasticBeanstalkService = "service-role/AWSElasticBeanstalkService",
|
|
336
337
|
/** Provides access to manage S3 settings for Redshift endpoints for DMS. */
|
|
337
|
-
AmazonDMSRedshiftS3Role = "
|
|
338
|
+
AmazonDMSRedshiftS3Role = "service-role/AmazonDMSRedshiftS3Role",
|
|
338
339
|
/** Provides full access to view and tag Configuration Items maintained by the AWS Application Discovery Service */
|
|
339
|
-
AWSApplicationDiscoveryServiceFullAccess = "
|
|
340
|
+
AWSApplicationDiscoveryServiceFullAccess = "AWSApplicationDiscoveryServiceFullAccess",
|
|
340
341
|
/** Provides access for the Discovery Agent to register with AWS Application Discovery Service. */
|
|
341
|
-
AWSApplicationDiscoveryAgentAccess = "
|
|
342
|
+
AWSApplicationDiscoveryAgentAccess = "AWSApplicationDiscoveryAgentAccess",
|
|
342
343
|
/** Policy to enable Task Autoscaling for Amazon EC2 Container Service */
|
|
343
|
-
AmazonEC2ContainerServiceAutoscaleRole = "
|
|
344
|
+
AmazonEC2ContainerServiceAutoscaleRole = "service-role/AmazonEC2ContainerServiceAutoscaleRole",
|
|
344
345
|
/** Provides access for an Amazon EC2 instance to register with an AWS OpsWorks stack. */
|
|
345
|
-
AWSOpsWorksInstanceRegistration = "
|
|
346
|
+
AWSOpsWorksInstanceRegistration = "AWSOpsWorksInstanceRegistration",
|
|
346
347
|
/** Provides access to view and approve manual changes for all pipelines */
|
|
347
|
-
AWSCodePipelineApproverAccess = "
|
|
348
|
+
AWSCodePipelineApproverAccess = "AWSCodePipelineApproverAccess",
|
|
348
349
|
/** Provides access for the Discovery Agentless Connector to register with AWS Application Discovery Service. */
|
|
349
|
-
AWSAgentlessDiscoveryService = "
|
|
350
|
+
AWSAgentlessDiscoveryService = "AWSAgentlessDiscoveryService",
|
|
350
351
|
/** Policy to enable Autoscaling for Amazon EC2 Spot Fleet */
|
|
351
|
-
AmazonEC2SpotFleetAutoscaleRole = "
|
|
352
|
+
AmazonEC2SpotFleetAutoscaleRole = "service-role/AmazonEC2SpotFleetAutoscaleRole",
|
|
352
353
|
/** Provides read-only access to Amazon Kinesis Analytics via the AWS Management Console. */
|
|
353
|
-
AmazonKinesisAnalyticsReadOnly = "
|
|
354
|
+
AmazonKinesisAnalyticsReadOnly = "AmazonKinesisAnalyticsReadOnly",
|
|
354
355
|
/** Provides full access to Amazon Kinesis Analytics via the AWS Management Console. */
|
|
355
|
-
AmazonKinesisAnalyticsFullAccess = "
|
|
356
|
+
AmazonKinesisAnalyticsFullAccess = "AmazonKinesisAnalyticsFullAccess",
|
|
356
357
|
/** Permissions to allow the AWS Server Migration Connector to migrate VMs to EC2. Allows communication with the AWS Server Migration Service, read/write access to S3 buckets starting with 'sms-b-' and 'import-to-ec2-' as well as the buckets used for AWS Server Migration Connector upgrade, AWS Server Migration Connector registration with AWS, and metrics upload to AWS. */
|
|
357
|
-
ServerMigrationConnector = "
|
|
358
|
+
ServerMigrationConnector = "ServerMigrationConnector",
|
|
358
359
|
/** This policy grants permissions to view resources and basic metadata across all AWS services. */
|
|
359
|
-
ViewOnlyAccess = "
|
|
360
|
+
ViewOnlyAccess = "job-function/ViewOnlyAccess",
|
|
360
361
|
/** This policy grants permissions to troubleshoot and resolve issues in an AWS account. This policy also enables the user to contact AWS support to create and manage cases. */
|
|
361
|
-
SupportUser = "
|
|
362
|
+
SupportUser = "job-function/SupportUser",
|
|
362
363
|
/** Grants full access permissions necessary for resources required for application and development operations. */
|
|
363
|
-
SystemAdministrator = "
|
|
364
|
+
SystemAdministrator = "job-function/SystemAdministrator",
|
|
364
365
|
/** Grants full access permissions to AWS services and actions required to set up and configure AWS database services. */
|
|
365
|
-
DatabaseAdministrator = "
|
|
366
|
+
DatabaseAdministrator = "job-function/DatabaseAdministrator",
|
|
366
367
|
/** Grants permissions to AWS data analytics services. */
|
|
367
|
-
DataScientist = "
|
|
368
|
+
DataScientist = "job-function/DataScientist",
|
|
368
369
|
/** Grants full access permissions to AWS services and actions required to set up and configure AWS network resources. */
|
|
369
|
-
NetworkAdministrator = "
|
|
370
|
+
NetworkAdministrator = "job-function/NetworkAdministrator",
|
|
370
371
|
/** Grants permissions for billing and cost management. This includes viewing account usage and viewing and modifying budgets and payment methods. */
|
|
371
|
-
Billing = "
|
|
372
|
+
Billing = "job-function/Billing",
|
|
372
373
|
/** Provides the ability for an IAM user to change their own password. */
|
|
373
|
-
IAMUserChangePassword = "
|
|
374
|
+
IAMUserChangePassword = "IAMUserChangePassword",
|
|
374
375
|
/** Amazon Elastic MapReduce for Auto Scaling. Role to allow Auto Scaling to add and remove instances from your EMR cluster. */
|
|
375
|
-
AmazonElasticMapReduceforAutoScalingRole = "
|
|
376
|
+
AmazonElasticMapReduceforAutoScalingRole = "service-role/AmazonElasticMapReduceforAutoScalingRole",
|
|
376
377
|
/** Default policy for Amazon AppStream service role. */
|
|
377
|
-
AmazonAppStreamServiceAccess = "
|
|
378
|
+
AmazonAppStreamServiceAccess = "service-role/AmazonAppStreamServiceAccess",
|
|
378
379
|
/** Provides S3 access for instances launched by OpsWorks CM. */
|
|
379
|
-
AWSOpsWorksCMInstanceProfileRole = "
|
|
380
|
+
AWSOpsWorksCMInstanceProfileRole = "AWSOpsWorksCMInstanceProfileRole",
|
|
380
381
|
/** Service Role Policy to be used for Creating OpsWorks CM servers. */
|
|
381
|
-
AWSOpsWorksCMServiceRole = "
|
|
382
|
+
AWSOpsWorksCMServiceRole = "service-role/AWSOpsWorksCMServiceRole",
|
|
382
383
|
/** Access to all Amazon Rekognition APIs */
|
|
383
|
-
AmazonRekognitionFullAccess = "
|
|
384
|
+
AmazonRekognitionFullAccess = "AmazonRekognitionFullAccess",
|
|
384
385
|
/** Access to all Read rekognition APIs */
|
|
385
|
-
AmazonRekognitionReadOnlyAccess = "
|
|
386
|
+
AmazonRekognitionReadOnlyAccess = "AmazonRekognitionReadOnlyAccess",
|
|
386
387
|
/** Provide full access to Amazon Athena and scoped access to the dependencies needed to enable querying, writing results, and data management. */
|
|
387
|
-
AmazonAthenaFullAccess = "
|
|
388
|
+
AmazonAthenaFullAccess = "AmazonAthenaFullAccess",
|
|
388
389
|
/** Grants full access to Amazon Polly service and resources. */
|
|
389
|
-
AmazonPollyFullAccess = "
|
|
390
|
+
AmazonPollyFullAccess = "AmazonPollyFullAccess",
|
|
390
391
|
/** Grants read-only access to Amazon Polly resources. */
|
|
391
|
-
AmazonPollyReadOnlyAccess = "
|
|
392
|
+
AmazonPollyReadOnlyAccess = "AmazonPollyReadOnlyAccess",
|
|
392
393
|
/** Service Role to be used for EC2 Maintenance Window */
|
|
393
|
-
AmazonSSMMaintenanceWindowRole = "
|
|
394
|
+
AmazonSSMMaintenanceWindowRole = "service-role/AmazonSSMMaintenanceWindowRole",
|
|
394
395
|
/** AWS X-Ray write only managed policy */
|
|
395
|
-
AWSXrayWriteOnlyAccess = "
|
|
396
|
+
AWSXrayWriteOnlyAccess = "AWSXrayWriteOnlyAccess",
|
|
396
397
|
/** AWS X-Ray read only managed policy */
|
|
397
|
-
AWSXrayReadOnlyAccess = "
|
|
398
|
+
AWSXrayReadOnlyAccess = "AWSXrayReadOnlyAccess",
|
|
398
399
|
/** AWS X-Ray full access managed policy */
|
|
399
|
-
AWSXrayFullAccess = "
|
|
400
|
+
AWSXrayFullAccess = "AWSXrayFullAccess",
|
|
400
401
|
/** Provides access to AWS CodeBuild via the AWS Management Console, but does not allow CodeBuild project administration. Also attach AmazonS3ReadOnlyAccess to provide access to download build artifacts. */
|
|
401
|
-
AWSCodeBuildDeveloperAccess = "
|
|
402
|
+
AWSCodeBuildDeveloperAccess = "AWSCodeBuildDeveloperAccess",
|
|
402
403
|
/** Provides read only access to AWS CodeBuild via the AWS Management Console. Also attach AmazonS3ReadOnlyAccess to provide access to download build artifacts. */
|
|
403
|
-
AWSCodeBuildReadOnlyAccess = "
|
|
404
|
+
AWSCodeBuildReadOnlyAccess = "AWSCodeBuildReadOnlyAccess",
|
|
404
405
|
/** Provides full access to AWS CodeBuild via the AWS Management Console. Also attach AmazonS3ReadOnlyAccess to provide access to download build artifacts, and attach IAMFullAccess to create and manage the service role for CodeBuild. */
|
|
405
|
-
AWSCodeBuildAdminAccess = "
|
|
406
|
+
AWSCodeBuildAdminAccess = "AWSCodeBuildAdminAccess",
|
|
406
407
|
/** Provides permissions for EC2 Automation service to execute activities defined within Automation documents */
|
|
407
|
-
AmazonSSMAutomationRole = "
|
|
408
|
+
AmazonSSMAutomationRole = "service-role/AmazonSSMAutomationRole",
|
|
408
409
|
/** Provides minimum permissions for a Lambda function to manage ENIs (create, describe, delete) used by a VPC-enabled Lambda Function. */
|
|
409
|
-
AWSLambdaENIManagementAccess = "
|
|
410
|
+
AWSLambdaENIManagementAccess = "service-role/AWSLambdaENIManagementAccess",
|
|
410
411
|
/** Allows full access to the AWS Health Apis and Notifications and the Personal Health Dashboard */
|
|
411
|
-
AWSHealthFullAccess = "
|
|
412
|
+
AWSHealthFullAccess = "AWSHealthFullAccess",
|
|
412
413
|
/** Provides full access for AWS Batch resources. */
|
|
413
|
-
AWSBatchFullAccess = "
|
|
414
|
+
AWSBatchFullAccess = "AWSBatchFullAccess",
|
|
414
415
|
/** Policy for AWS Batch service role which allows access to related services including EC2, Autoscaling, EC2 Container service and Cloudwatch Logs. */
|
|
415
|
-
AWSBatchServiceRole = "
|
|
416
|
+
AWSBatchServiceRole = "service-role/AWSBatchServiceRole",
|
|
416
417
|
/** Quicksight access to Athena API and S3 buckets used for Athena query results */
|
|
417
|
-
AWSQuicksightAthenaAccess = "
|
|
418
|
+
AWSQuicksightAthenaAccess = "service-role/AWSQuicksightAthenaAccess",
|
|
418
419
|
/** Allows an IAM user to manage their own Service Specific Credentials. */
|
|
419
|
-
IAMSelfManageServiceSpecificCredentials = "
|
|
420
|
+
IAMSelfManageServiceSpecificCredentials = "IAMSelfManageServiceSpecificCredentials",
|
|
420
421
|
/** An access policy for providing a user/role/etc read only access to the AWS StepFunctions service. */
|
|
421
|
-
AWSStepFunctionsReadOnlyAccess = "
|
|
422
|
+
AWSStepFunctionsReadOnlyAccess = "AWSStepFunctionsReadOnlyAccess",
|
|
422
423
|
/** An access policy for providing a user/role/etc access to the AWS StepFunctions API. For full access, in addition to this policy, a user MUST have iam:PassRole permission on at least one IAM role that can be assumed by the service. */
|
|
423
|
-
AWSStepFunctionsFullAccess = "
|
|
424
|
+
AWSStepFunctionsFullAccess = "AWSStepFunctionsFullAccess",
|
|
424
425
|
/** An access policy for providing a user/role/etc access to the AWS StepFunctions console. For a full console experience, in addition to this policy, a user may need iam:PassRole permission on other IAM roles that can be assumed by the service. */
|
|
425
|
-
AWSStepFunctionsConsoleFullAccess = "
|
|
426
|
+
AWSStepFunctionsConsoleFullAccess = "AWSStepFunctionsConsoleFullAccess",
|
|
426
427
|
/** Provides full access to Auto Scaling. */
|
|
427
|
-
AutoScalingFullAccess = "
|
|
428
|
+
AutoScalingFullAccess = "AutoScalingFullAccess",
|
|
428
429
|
/** Provides read-only access to Auto Scaling. */
|
|
429
|
-
AutoScalingReadOnlyAccess = "
|
|
430
|
+
AutoScalingReadOnlyAccess = "AutoScalingReadOnlyAccess",
|
|
430
431
|
/** Provides full access to Auto Scaling via the AWS Management Console. */
|
|
431
|
-
AutoScalingConsoleFullAccess = "
|
|
432
|
+
AutoScalingConsoleFullAccess = "AutoScalingConsoleFullAccess",
|
|
432
433
|
/** Provides read-only access to Auto Scaling via the AWS Management Console. */
|
|
433
|
-
AutoScalingConsoleReadOnlyAccess = "
|
|
434
|
+
AutoScalingConsoleReadOnlyAccess = "AutoScalingConsoleReadOnlyAccess",
|
|
434
435
|
/** Provides full access to Data Pipeline, list access for S3, DynamoDB, Redshift, RDS, SNS, and IAM roles, and passRole access for default Roles. */
|
|
435
|
-
AWSDataPipelineFullAccess = "
|
|
436
|
+
AWSDataPipelineFullAccess = "AWSDataPipeline_FullAccess",
|
|
436
437
|
/** Provides full access to Data Pipeline, list access for S3, DynamoDB, Redshift, RDS, SNS, and IAM roles, and passRole access for default Roles. */
|
|
437
|
-
AWSDataPipelinePowerUser = "
|
|
438
|
+
AWSDataPipelinePowerUser = "AWSDataPipeline_PowerUser",
|
|
438
439
|
/** Policy to enable Application Autoscaling for Amazon AppStream */
|
|
439
|
-
ApplicationAutoScalingForAmazonAppStreamAccess = "
|
|
440
|
+
ApplicationAutoScalingForAmazonAppStreamAccess = "service-role/ApplicationAutoScalingForAmazonAppStreamAccess",
|
|
440
441
|
/** Policy for AWS Greengrass service role which allows access to related services including AWS Lambda and AWS IoT thing shadows. */
|
|
441
|
-
AWSGreengrassResourceAccessRolePolicy = "
|
|
442
|
+
AWSGreengrassResourceAccessRolePolicy = "service-role/AWSGreengrassResourceAccessRolePolicy",
|
|
442
443
|
/** Provide the instance in your custom platform builder environment permission to launch EC2 instance, create EBS snapshot and AMI, stream logs to Amazon CloudWatch Logs, and store artifacts in Amazon S3. */
|
|
443
|
-
AWSElasticBeanstalkCustomPlatformforEC2Role = "
|
|
444
|
+
AWSElasticBeanstalkCustomPlatformforEC2Role = "AWSElasticBeanstalkCustomPlatformforEC2Role",
|
|
444
445
|
/** Provides full access to Amazon Cloud Directory Service. */
|
|
445
|
-
AmazonCloudDirectoryFullAccess = "
|
|
446
|
+
AmazonCloudDirectoryFullAccess = "AmazonCloudDirectoryFullAccess",
|
|
446
447
|
/** Provides read only access to Amazon Cloud Directory Service. */
|
|
447
|
-
AmazonCloudDirectoryReadOnlyAccess = "
|
|
448
|
+
AmazonCloudDirectoryReadOnlyAccess = "AmazonCloudDirectoryReadOnlyAccess",
|
|
448
449
|
/** Provides read access to AWS Marketplace Entitlements */
|
|
449
|
-
AWSMarketplaceGetEntitlements = "
|
|
450
|
+
AWSMarketplaceGetEntitlements = "AWSMarketplaceGetEntitlements",
|
|
450
451
|
/** Enables OpsWorks instances with the CWLogs integration enabled to ship logs and create required log groups */
|
|
451
|
-
AWSOpsWorksCloudWatchLogs = "
|
|
452
|
+
AWSOpsWorksCloudWatchLogs = "AWSOpsWorksCloudWatchLogs",
|
|
452
453
|
/** Provides access to Amazon Lex conversational APIs. */
|
|
453
|
-
AmazonLexRunBotsOnly = "
|
|
454
|
+
AmazonLexRunBotsOnly = "AmazonLexRunBotsOnly",
|
|
454
455
|
/** Provides read-only access to Amazon Lex. */
|
|
455
|
-
AmazonLexReadOnly = "
|
|
456
|
+
AmazonLexReadOnly = "AmazonLexReadOnly",
|
|
456
457
|
/** Provides full access to Amazon Lex via the AWS Management Console. Also provides access to create Lex Service Linked Roles and grant Lex permissions to invoke a limited set of Lambda functions. */
|
|
457
|
-
AmazonLexFullAccess = "
|
|
458
|
+
AmazonLexFullAccess = "AmazonLexFullAccess",
|
|
458
459
|
/** DO NOT USE - AWS CodeStar Service Role Policy which grants administrative privileges in order for CodeStar to manage IAM and other service resources on behalf of the customer. */
|
|
459
|
-
AWSCodeStarServiceRole = "
|
|
460
|
+
AWSCodeStarServiceRole = "service-role/AWSCodeStarServiceRole",
|
|
460
461
|
/** Provides full access to AWS CodeStar via the AWS Management Console. */
|
|
461
|
-
AWSCodeStarFullAccess = "
|
|
462
|
+
AWSCodeStarFullAccess = "AWSCodeStarFullAccess",
|
|
462
463
|
/** This policy gives full access to the AWS Greengrass configuration, management and deployment actions */
|
|
463
|
-
AWSGreengrassFullAccess = "
|
|
464
|
+
AWSGreengrassFullAccess = "AWSGreengrassFullAccess",
|
|
464
465
|
/** Policy to enable CloudWatch Events for EC2 Container Service */
|
|
465
|
-
AmazonEC2ContainerServiceEventsRole = "
|
|
466
|
+
AmazonEC2ContainerServiceEventsRole = "service-role/AmazonEC2ContainerServiceEventsRole",
|
|
466
467
|
/** Policy used by QuickSight team to access customer data produced by S3 Storage Management Analytics. */
|
|
467
|
-
QuickSightAccessForS3StorageManagementAnalyticsReadOnly = "
|
|
468
|
+
QuickSightAccessForS3StorageManagementAnalyticsReadOnly = "service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly",
|
|
468
469
|
/** Allows EC2 Spot Fleet to request, terminate and tag Spot Instances on your behalf. */
|
|
469
|
-
AmazonEC2SpotFleetTaggingRole = "
|
|
470
|
+
AmazonEC2SpotFleetTaggingRole = "service-role/AmazonEC2SpotFleetTaggingRole",
|
|
470
471
|
/** Allow Amazon Elasticsearch Service to access other AWS services such as EC2 Networking APIs on your behalf. */
|
|
471
|
-
AmazonElasticsearchServiceRolePolicy = "
|
|
472
|
+
AmazonElasticsearchServiceRolePolicy = "aws-service-role/AmazonElasticsearchServiceRolePolicy",
|
|
472
473
|
/** Provides access to create network interfaces and attach them to cross-account resources */
|
|
473
|
-
AmazonVPCCrossAccountNetworkInterfaceOperations = "
|
|
474
|
+
AmazonVPCCrossAccountNetworkInterfaceOperations = "AmazonVPCCrossAccountNetworkInterfaceOperations",
|
|
474
475
|
/** Provides access to view automation executions and send approval decisions to automation waiting for approval */
|
|
475
|
-
AmazonSSMAutomationApproverAccess = "
|
|
476
|
+
AmazonSSMAutomationApproverAccess = "AmazonSSMAutomationApproverAccess",
|
|
476
477
|
/** Policy allows AWSMigrationHubService to call AWSApplicationDiscoveryService on behalf of the customer. */
|
|
477
|
-
AWSMigrationHubDiscoveryAccess = "
|
|
478
|
+
AWSMigrationHubDiscoveryAccess = "service-role/AWSMigrationHubDiscoveryAccess",
|
|
478
479
|
/** Policy for AWS Glue service role which allows access to related services including EC2, S3, and Cloudwatch Logs */
|
|
479
|
-
AWSGlueServiceRole = "
|
|
480
|
+
AWSGlueServiceRole = "service-role/AWSGlueServiceRole",
|
|
480
481
|
/** Provides full access to AWS Glue via the AWS Management Console */
|
|
481
|
-
AWSGlueConsoleFullAccess = "
|
|
482
|
+
AWSGlueConsoleFullAccess = "AWSGlueConsoleFullAccess",
|
|
482
483
|
/** Policy for AWS Glue service role which allows customer to manage notebook server */
|
|
483
|
-
AWSGlueServiceNotebookRole = "
|
|
484
|
+
AWSGlueServiceNotebookRole = "service-role/AWSGlueServiceNotebookRole",
|
|
484
485
|
/** Policy for Server Migration Service to assume role in customer's account to call Migration Hub */
|
|
485
|
-
AWSMigrationHubSMSAccess = "
|
|
486
|
+
AWSMigrationHubSMSAccess = "service-role/AWSMigrationHubSMSAccess",
|
|
486
487
|
/** Policy for Database Migration Service to assume role in customer's account to call Migration Hub */
|
|
487
|
-
AWSMigrationHubDMSAccess = "
|
|
488
|
+
AWSMigrationHubDMSAccess = "service-role/AWSMigrationHubDMSAccess",
|
|
488
489
|
/** Managed policy to provide the customer access to the Migration Hub Service */
|
|
489
|
-
AWSMigrationHubFullAccess = "
|
|
490
|
+
AWSMigrationHubFullAccess = "AWSMigrationHubFullAccess",
|
|
490
491
|
/** Grants Macie read-only access to resource dependencies in your account in order to enable data analysis. */
|
|
491
|
-
AmazonMacieServiceRole = "
|
|
492
|
+
AmazonMacieServiceRole = "service-role/AmazonMacieServiceRole",
|
|
492
493
|
/** Provides full access to Amazon Macie. */
|
|
493
|
-
AmazonMacieFullAccess = "
|
|
494
|
+
AmazonMacieFullAccess = "AmazonMacieFullAccess",
|
|
494
495
|
/** AWS Elastic Beanstalk Service Linked Role policy which grants permissions to create & manage resources (i.e.: AutoScaling, EC2, S3, CloudFormation, ELB, etc.) on your behalf. */
|
|
495
|
-
AWSElasticBeanstalkServiceRolePolicy = "
|
|
496
|
+
AWSElasticBeanstalkServiceRolePolicy = "aws-service-role/AWSElasticBeanstalkServiceRolePolicy",
|
|
496
497
|
/** Allows EC2 Spot to launch and manage spot instances */
|
|
497
|
-
AWSEC2SpotServiceRolePolicy = "
|
|
498
|
+
AWSEC2SpotServiceRolePolicy = "aws-service-role/AWSEC2SpotServiceRolePolicy",
|
|
498
499
|
/** Allows Amazon Redshift to call AWS services on your behalf */
|
|
499
|
-
AmazonRedshiftServiceLinkedRolePolicy = "
|
|
500
|
+
AmazonRedshiftServiceLinkedRolePolicy = "aws-service-role/AmazonRedshiftServiceLinkedRolePolicy",
|
|
500
501
|
/** Service Linked Role Policy for AWS Elastic Load Balancing Control Plane */
|
|
501
|
-
AWSElasticLoadBalancingServiceRolePolicy = "
|
|
502
|
+
AWSElasticLoadBalancingServiceRolePolicy = "aws-service-role/AWSElasticLoadBalancingServiceRolePolicy",
|
|
502
503
|
/** Service Linked Role Policy for AWS Elastic Load Balancing Control Plane - Classic */
|
|
503
|
-
AWSElasticLoadBalancingClassicServiceRolePolicy = "
|
|
504
|
+
AWSElasticLoadBalancingClassicServiceRolePolicy = "aws-service-role/AWSElasticLoadBalancingClassicServiceRolePolicy",
|
|
504
505
|
/** Policy to enable enhanced classic networking management feature. */
|
|
505
|
-
AWSEnhancedClassicNetworkingMangementPolicy = "
|
|
506
|
+
AWSEnhancedClassicNetworkingMangementPolicy = "aws-service-role/AWSEnhancedClassicNetworkingMangementPolicy",
|
|
506
507
|
/** Allows the actions that EMR requires to terminate and delete AWS EC2 resources if the EMR Service role has lost that ability. */
|
|
507
|
-
AmazonEMRCleanupPolicy = "
|
|
508
|
+
AmazonEMRCleanupPolicy = "aws-service-role/AmazonEMRCleanupPolicy",
|
|
508
509
|
/** Policy for AWS Lex Channel use case */
|
|
509
|
-
LexChannelPolicy = "
|
|
510
|
+
LexChannelPolicy = "aws-service-role/LexChannelPolicy",
|
|
510
511
|
/** Policy for AWS Lex Bot use case */
|
|
511
|
-
LexBotPolicy = "
|
|
512
|
+
LexBotPolicy = "aws-service-role/LexBotPolicy",
|
|
512
513
|
/** Grants Lambda Replicator necessary permissions to replicate functions across regions */
|
|
513
|
-
AWSLambdaReplicator = "
|
|
514
|
+
AWSLambdaReplicator = "aws-service-role/AWSLambdaReplicator",
|
|
514
515
|
/** A policy to allow AWS Organizations to share trust with other approved AWS Services for the purpose of simplifying customer configuration. */
|
|
515
|
-
AWSOrganizationsServiceTrustPolicy = "
|
|
516
|
+
AWSOrganizationsServiceTrustPolicy = "aws-service-role/AWSOrganizationsServiceTrustPolicy",
|
|
516
517
|
/** Allows EC2 Scheduled Instances to launch and manage spot instances. */
|
|
517
|
-
AWSServiceRoleForEC2ScheduledInstances = "
|
|
518
|
+
AWSServiceRoleForEC2ScheduledInstances = "aws-service-role/AWSServiceRoleForEC2ScheduledInstances",
|
|
518
519
|
/** Policy to enable Amazon ECS to manage your cluster. */
|
|
519
|
-
AmazonECSServiceRolePolicy = "
|
|
520
|
+
AmazonECSServiceRolePolicy = "aws-service-role/AmazonECSServiceRolePolicy",
|
|
520
521
|
/** Policy granting permissions to Application Auto Scaling to access RDS and CloudWatch. */
|
|
521
|
-
AWSApplicationAutoscalingRDSClusterPolicy = "
|
|
522
|
+
AWSApplicationAutoscalingRDSClusterPolicy = "aws-service-role/AWSApplicationAutoscalingRDSClusterPolicy",
|
|
522
523
|
/** Allows API Gateway to manage associated AWS Resources on behalf of the customer. */
|
|
523
|
-
APIGatewayServiceRolePolicy = "
|
|
524
|
+
APIGatewayServiceRolePolicy = "aws-service-role/APIGatewayServiceRolePolicy",
|
|
524
525
|
/** Policy granting permissions to Application Auto Scaling to access AppStream and CloudWatch. */
|
|
525
|
-
AWSApplicationAutoscalingAppStreamFleetPolicy = "
|
|
526
|
+
AWSApplicationAutoscalingAppStreamFleetPolicy = "aws-service-role/AWSApplicationAutoscalingAppStreamFleetPolicy",
|
|
526
527
|
/** Policy granting permissions to Application Auto Scaling to access DynamoDB and CloudWatch. */
|
|
527
|
-
AWSApplicationAutoscalingDynamoDBTablePolicy = "
|
|
528
|
+
AWSApplicationAutoscalingDynamoDBTablePolicy = "aws-service-role/AWSApplicationAutoscalingDynamoDBTablePolicy",
|
|
528
529
|
/** Allows EC2 Spot Fleet to launch and manage spot fleet instances */
|
|
529
|
-
AWSEC2SpotFleetServiceRolePolicy = "
|
|
530
|
+
AWSEC2SpotFleetServiceRolePolicy = "aws-service-role/AWSEC2SpotFleetServiceRolePolicy",
|
|
530
531
|
/** Policy granting permissions to Application Auto Scaling to access EC2 Spot Fleet and CloudWatch. */
|
|
531
|
-
AWSApplicationAutoscalingEC2SpotFleetRequestPolicy = "
|
|
532
|
+
AWSApplicationAutoscalingEC2SpotFleetRequestPolicy = "aws-service-role/AWSApplicationAutoscalingEC2SpotFleetRequestPolicy",
|
|
532
533
|
/** Policy granting permissions to Application Auto Scaling to access EC2 Container Service and CloudWatch. */
|
|
533
|
-
AWSApplicationAutoscalingECSServicePolicy = "
|
|
534
|
+
AWSApplicationAutoscalingECSServicePolicy = "aws-service-role/AWSApplicationAutoscalingECSServicePolicy",
|
|
534
535
|
/** Policy granting permissions to Application Auto Scaling to access Elastic Map Reduce and CloudWatch. */
|
|
535
|
-
AWSApplicationAutoscalingEMRInstanceGroupPolicy = "
|
|
536
|
+
AWSApplicationAutoscalingEMRInstanceGroupPolicy = "aws-service-role/AWSApplicationAutoscalingEMRInstanceGroupPolicy",
|
|
536
537
|
/** Provides read only access to Amazon Chime Admin Console via the AWS Management Console. */
|
|
537
|
-
AmazonChimeReadOnly = "
|
|
538
|
+
AmazonChimeReadOnly = "AmazonChimeReadOnly",
|
|
538
539
|
/** Provides full access to Amazon Chime Admin Console via the AWS Management Console. */
|
|
539
|
-
AmazonChimeFullAccess = "
|
|
540
|
+
AmazonChimeFullAccess = "AmazonChimeFullAccess",
|
|
540
541
|
/** Provides user management access to Amazon Chime Admin Console via the AWS Management Console. */
|
|
541
|
-
AmazonChimeUserManagement = "
|
|
542
|
+
AmazonChimeUserManagement = "AmazonChimeUserManagement",
|
|
542
543
|
/** Enables access to AWS resources used or managed by CloudHSM */
|
|
543
|
-
CloudHSMServiceRolePolicy = "
|
|
544
|
+
CloudHSMServiceRolePolicy = "aws-service-role/CloudHSMServiceRolePolicy",
|
|
544
545
|
/** Provides administrative access to Amazon ECS resources and enables ECS features through access to other AWS service resources, including VPCs, Auto Scaling groups, and CloudFormation stacks. */
|
|
545
|
-
AmazonECSFullAccess = "
|
|
546
|
+
AmazonECSFullAccess = "AmazonECS_FullAccess",
|
|
546
547
|
/** Permissions required by DynamoDB for cross-region data replication */
|
|
547
|
-
DynamoDBReplicationServiceRolePolicy = "
|
|
548
|
+
DynamoDBReplicationServiceRolePolicy = "aws-service-role/DynamoDBReplicationServiceRolePolicy",
|
|
548
549
|
/** Provides access to AWS Resources managed or used by Amazon SSM */
|
|
549
|
-
AmazonSSMServiceRolePolicy = "
|
|
550
|
+
AmazonSSMServiceRolePolicy = "aws-service-role/AmazonSSMServiceRolePolicy",
|
|
550
551
|
/** Provides access to other AWS service resources that are required to run Amazon ECS tasks */
|
|
551
|
-
AmazonECSTaskExecutionRolePolicy = "
|
|
552
|
+
AmazonECSTaskExecutionRolePolicy = "service-role/AmazonECSTaskExecutionRolePolicy",
|
|
552
553
|
/** Allow AWS CloudWatch to execute actions on your behalf configured through alarms and events. */
|
|
553
|
-
CloudWatchEventsServiceRolePolicy = "
|
|
554
|
+
CloudWatchEventsServiceRolePolicy = "aws-service-role/CloudWatchEventsServiceRolePolicy",
|
|
554
555
|
/** Grants Amazon Inspector access to AWS Services needed to perform security assessments */
|
|
555
|
-
AmazonInspectorServiceRolePolicy = "
|
|
556
|
+
AmazonInspectorServiceRolePolicy = "aws-service-role/AmazonInspectorServiceRolePolicy",
|
|
556
557
|
/** Provides full access to AWS Price List Service. */
|
|
557
|
-
AWSPriceListServiceFullAccess = "
|
|
558
|
+
AWSPriceListServiceFullAccess = "AWSPriceListServiceFullAccess",
|
|
558
559
|
/** Provides CodeDeploy service access to perform a Lambda deployment on your behalf. */
|
|
559
|
-
AWSCodeDeployRoleForLambda = "
|
|
560
|
+
AWSCodeDeployRoleForLambda = "service-role/AWSCodeDeployRoleForLambda",
|
|
560
561
|
/** Provides full access to AmazonMQ via the AWS Management Console. */
|
|
561
|
-
AmazonMQFullAccess = "
|
|
562
|
+
AmazonMQFullAccess = "AmazonMQFullAccess",
|
|
562
563
|
/** Provides read only access to AmazonMQ via the AWS Management Console. */
|
|
563
|
-
AmazonMQReadOnlyAccess = "
|
|
564
|
+
AmazonMQReadOnlyAccess = "AmazonMQReadOnlyAccess",
|
|
564
565
|
/** Enable access to AWS Resources used or managed by Amazon Guard Duty */
|
|
565
|
-
AmazonGuardDutyServiceRolePolicy = "
|
|
566
|
+
AmazonGuardDutyServiceRolePolicy = "aws-service-role/AmazonGuardDutyServiceRolePolicy",
|
|
566
567
|
/** Provides read only access to Amazon GuardDuty resources */
|
|
567
|
-
AmazonGuardDutyReadOnlyAccess = "
|
|
568
|
+
AmazonGuardDutyReadOnlyAccess = "AmazonGuardDutyReadOnlyAccess",
|
|
568
569
|
/** Provides full access to use Amazon GuardDuty. */
|
|
569
|
-
AmazonGuardDutyFullAccess = "
|
|
570
|
+
AmazonGuardDutyFullAccess = "AmazonGuardDutyFullAccess",
|
|
570
571
|
/** Provides read only access to Amazon SageMaker via the AWS Management Console and SDK. */
|
|
571
|
-
AmazonSageMakerReadOnly = "
|
|
572
|
+
AmazonSageMakerReadOnly = "AmazonSageMakerReadOnly",
|
|
572
573
|
/** Provides full access to Amazon SageMaker via the AWS Management Console and SDK. Also provides select access to related services (e.g., S3, ECR, CloudWatch Logs). */
|
|
573
|
-
AmazonSageMakerFullAccess = "
|
|
574
|
+
AmazonSageMakerFullAccess = "AmazonSageMakerFullAccess",
|
|
574
575
|
/** Full Access Policy for Amazon FreeRTOS */
|
|
575
|
-
AmazonFreeRTOSFullAccess = "
|
|
576
|
+
AmazonFreeRTOSFullAccess = "AmazonFreeRTOSFullAccess",
|
|
576
577
|
/** Grants AWS DeepLens access to AWS Services, resources and roles needed by DeepLens and its dependencies including IoT, S3, GreenGrass and AWS Lambda. */
|
|
577
|
-
AWSDeepLensServiceRolePolicy = "
|
|
578
|
+
AWSDeepLensServiceRolePolicy = "service-role/AWSDeepLensServiceRolePolicy",
|
|
578
579
|
/** This policy specifies permissions required by DeepLens Administrative lambda functions that run on a DeepLens device */
|
|
579
|
-
AWSDeepLensLambdaFunctionAccessPolicy = "
|
|
580
|
+
AWSDeepLensLambdaFunctionAccessPolicy = "AWSDeepLensLambdaFunctionAccessPolicy",
|
|
580
581
|
/** Allows Rekognition to call AWS services on your behalf. */
|
|
581
|
-
AmazonRekognitionServiceRole = "
|
|
582
|
+
AmazonRekognitionServiceRole = "service-role/AmazonRekognitionServiceRole",
|
|
582
583
|
/** Give QuickSight read-only access to IoT Analytics datasets */
|
|
583
|
-
AWSQuickSightIoTAnalyticsAccess = "
|
|
584
|
+
AWSQuickSightIoTAnalyticsAccess = "AWSQuickSightIoTAnalyticsAccess",
|
|
584
585
|
/** Provides full access to Amazon Comprehend. */
|
|
585
|
-
ComprehendFullAccess = "
|
|
586
|
+
ComprehendFullAccess = "ComprehendFullAccess",
|
|
586
587
|
/** Provides read-only access to Amazon Comprehend. */
|
|
587
|
-
ComprehendReadOnly = "
|
|
588
|
+
ComprehendReadOnly = "ComprehendReadOnly",
|
|
588
589
|
/** Provides read access to the Greengrass OTA Update artifacts in all Greengrass regions */
|
|
589
|
-
GreengrassOTAUpdateArtifactAccess = "
|
|
590
|
+
GreengrassOTAUpdateArtifactAccess = "service-role/GreengrassOTAUpdateArtifactAccess",
|
|
590
591
|
/** Provides read-only access to Amazon Translate. */
|
|
591
|
-
TranslateReadOnly = "
|
|
592
|
+
TranslateReadOnly = "TranslateReadOnly",
|
|
592
593
|
/** Service Linked Role Policy for AWS Cloud9 */
|
|
593
|
-
AWSCloud9ServiceRolePolicy = "
|
|
594
|
+
AWSCloud9ServiceRolePolicy = "aws-service-role/AWSCloud9ServiceRolePolicy",
|
|
594
595
|
/** Provides permission to create AWS Cloud9 development environments and to manage owned environments. */
|
|
595
|
-
AWSCloud9User = "
|
|
596
|
+
AWSCloud9User = "AWSCloud9User",
|
|
596
597
|
/** Provides administrator access to AWS Cloud9. */
|
|
597
|
-
AWSCloud9Administrator = "
|
|
598
|
+
AWSCloud9Administrator = "AWSCloud9Administrator",
|
|
598
599
|
/** Provides the ability to be invited into AWS Cloud9 shared development environments. */
|
|
599
|
-
AWSCloud9EnvironmentMember = "
|
|
600
|
+
AWSCloud9EnvironmentMember = "AWSCloud9EnvironmentMember",
|
|
600
601
|
/** Grants full access to AlexaForBusiness resources and access to related AWS Services */
|
|
601
|
-
AlexaForBusinessFullAccess = "
|
|
602
|
+
AlexaForBusinessFullAccess = "AlexaForBusinessFullAccess",
|
|
602
603
|
/** Provide read only access to AlexaForBusiness services */
|
|
603
|
-
AlexaForBusinessReadOnlyAccess = "
|
|
604
|
+
AlexaForBusinessReadOnlyAccess = "AlexaForBusinessReadOnlyAccess",
|
|
604
605
|
/** Provide device setup access to AlexaForBusiness services */
|
|
605
|
-
AlexaForBusinessDeviceSetup = "
|
|
606
|
+
AlexaForBusinessDeviceSetup = "AlexaForBusinessDeviceSetup",
|
|
606
607
|
/** Provide gateway execution access to AlexaForBusiness services */
|
|
607
|
-
AlexaForBusinessGatewayExecution = "
|
|
608
|
+
AlexaForBusinessGatewayExecution = "AlexaForBusinessGatewayExecution",
|
|
608
609
|
/** This policy allows users to register things at bulk using AWS IoT StartThingRegistrationTask API */
|
|
609
|
-
AWSIoTThingsRegistration = "
|
|
610
|
+
AWSIoTThingsRegistration = "service-role/AWSIoTThingsRegistration",
|
|
610
611
|
/** Provides read only access to AWS Kinesis Video Streams via the AWS Management Console. */
|
|
611
|
-
AmazonKinesisVideoStreamsReadOnlyAccess = "
|
|
612
|
+
AmazonKinesisVideoStreamsReadOnlyAccess = "AmazonKinesisVideoStreamsReadOnlyAccess",
|
|
612
613
|
/** Provides full access to Amazon Kinesis Video Streams via the AWS Management Console. */
|
|
613
|
-
AmazonKinesisVideoStreamsFullAccess = "
|
|
614
|
+
AmazonKinesisVideoStreamsFullAccess = "AmazonKinesisVideoStreamsFullAccess",
|
|
614
615
|
/** Grants AWS SSO permissions to manage AWS resources, including IAM roles, policies and SAML IdP on your behalf. */
|
|
615
|
-
AWSSSOServiceRolePolicy = "
|
|
616
|
+
AWSSSOServiceRolePolicy = "aws-service-role/AWSSSOServiceRolePolicy",
|
|
616
617
|
/** This policy allows ElastiCache to manage AWS resources on your behalf as necessary for managing your cache */
|
|
617
|
-
ElastiCacheServiceRolePolicy = "
|
|
618
|
+
ElastiCacheServiceRolePolicy = "aws-service-role/ElastiCacheServiceRolePolicy",
|
|
618
619
|
/** Allows access to create AWS IoT Job and describe the AWS code signer job */
|
|
619
|
-
AWSIoTOTAUpdate = "
|
|
620
|
+
AWSIoTOTAUpdate = "service-role/AWSIoTOTAUpdate",
|
|
620
621
|
/** Provides full access to AWS Elemental MediaPackage resources */
|
|
621
|
-
AWSElementalMediaPackageFullAccess = "
|
|
622
|
+
AWSElementalMediaPackageFullAccess = "AWSElementalMediaPackageFullAccess",
|
|
622
623
|
/** Provides read only access to AWS Elemental MediaPackage resources */
|
|
623
|
-
AWSElementalMediaPackageReadOnly = "
|
|
624
|
+
AWSElementalMediaPackageReadOnly = "AWSElementalMediaPackageReadOnly",
|
|
624
625
|
/** Allows Amazon RDS to manage AWS resources on your behalf. */
|
|
625
|
-
AmazonRDSServiceRolePolicy = "
|
|
626
|
+
AmazonRDSServiceRolePolicy = "aws-service-role/AmazonRDSServiceRolePolicy",
|
|
626
627
|
/** Enables access to AWS Services and Resources used or managed by Auto Scaling */
|
|
627
|
-
AutoScalingServiceRolePolicy = "
|
|
628
|
+
AutoScalingServiceRolePolicy = "aws-service-role/AutoScalingServiceRolePolicy",
|
|
628
629
|
/** Provides read-only access to all Route 53 Auto Naming actions. */
|
|
629
|
-
AmazonRoute53AutoNamingReadOnlyAccess = "
|
|
630
|
+
AmazonRoute53AutoNamingReadOnlyAccess = "AmazonRoute53AutoNamingReadOnlyAccess",
|
|
630
631
|
/** Provides full access to all Route 53 Auto Naming actions. */
|
|
631
|
-
AmazonRoute53AutoNamingFullAccess = "
|
|
632
|
+
AmazonRoute53AutoNamingFullAccess = "AmazonRoute53AutoNamingFullAccess",
|
|
632
633
|
/** Policy granting permissions to Application Auto Scaling to access SageMaker and CloudWatch. */
|
|
633
|
-
AWSApplicationAutoscalingSageMakerEndpointPolicy = "
|
|
634
|
+
AWSApplicationAutoscalingSageMakerEndpointPolicy = "aws-service-role/AWSApplicationAutoscalingSageMakerEndpointPolicy",
|
|
634
635
|
/** Provides full access to service catalog admin capabilities */
|
|
635
|
-
AWSServiceCatalogAdminFullAccess = "
|
|
636
|
+
AWSServiceCatalogAdminFullAccess = "AWSServiceCatalogAdminFullAccess",
|
|
636
637
|
/** Provides full access to service catalog enduser capabilities */
|
|
637
|
-
AWSServiceCatalogEndUserFullAccess = "
|
|
638
|
+
AWSServiceCatalogEndUserFullAccess = "AWSServiceCatalogEndUserFullAccess",
|
|
638
639
|
/** Access for the AWS Trusted Advisor Service to help reduce cost, increase performance, and improve security of your AWS environment. */
|
|
639
|
-
AWSTrustedAdvisorServiceRolePolicy = "
|
|
640
|
+
AWSTrustedAdvisorServiceRolePolicy = "aws-service-role/AWSTrustedAdvisorServiceRolePolicy",
|
|
640
641
|
/** Provides limited access to the Amazon Cognito configuration service. */
|
|
641
|
-
AmazonESCognitoAccess = "
|
|
642
|
+
AmazonESCognitoAccess = "AmazonESCognitoAccess",
|
|
642
643
|
/** Policy to enable CloudWatch Event Target for AWS Batch Job Submission */
|
|
643
|
-
AWSBatchServiceEventTargetRole = "
|
|
644
|
+
AWSBatchServiceEventTargetRole = "service-role/AWSBatchServiceEventTargetRole",
|
|
644
645
|
/** This policy allows DAX to create and manage Network interface, Security group, Subnet and Vpc on behalf of customer */
|
|
645
|
-
DAXServiceRolePolicy = "
|
|
646
|
+
DAXServiceRolePolicy = "aws-service-role/DAXServiceRolePolicy",
|
|
646
647
|
/** Provides full read and write access to all MediaStore APIs */
|
|
647
|
-
AWSElementalMediaStoreFullAccess = "
|
|
648
|
+
AWSElementalMediaStoreFullAccess = "AWSElementalMediaStoreFullAccess",
|
|
648
649
|
/** Full permissions required to use AmazonCloudWatchAgent. */
|
|
649
|
-
CloudWatchAgentAdminPolicy = "
|
|
650
|
+
CloudWatchAgentAdminPolicy = "CloudWatchAgentAdminPolicy",
|
|
650
651
|
/** Permissions required to use AmazonCloudWatchAgent on servers */
|
|
651
|
-
CloudWatchAgentServerPolicy = "
|
|
652
|
+
CloudWatchAgentServerPolicy = "CloudWatchAgentServerPolicy",
|
|
652
653
|
/** This is the read only policy for AWS Resource Groups */
|
|
653
|
-
AWSResourceGroupsReadOnlyAccess = "
|
|
654
|
+
AWSResourceGroupsReadOnlyAccess = "AWSResourceGroupsReadOnlyAccess",
|
|
654
655
|
/** Provides read-only permissions for MediaStore APIs */
|
|
655
|
-
AWSElementalMediaStoreReadOnly = "
|
|
656
|
+
AWSElementalMediaStoreReadOnly = "AWSElementalMediaStoreReadOnly",
|
|
656
657
|
/** Provides registrant level access to Route 53 Auto Naming actions. */
|
|
657
|
-
AmazonRoute53AutoNamingRegistrantAccess = "
|
|
658
|
+
AmazonRoute53AutoNamingRegistrantAccess = "AmazonRoute53AutoNamingRegistrantAccess",
|
|
658
659
|
/** Allows AWS Config to call read-only AWS Organizations APIs */
|
|
659
|
-
AWSConfigRoleForOrganizations = "
|
|
660
|
+
AWSConfigRoleForOrganizations = "service-role/AWSConfigRoleForOrganizations",
|
|
660
661
|
/** Provides administrative access to the AppSync service, though not enough to access via the console. */
|
|
661
|
-
AWSAppSyncAdministrator = "
|
|
662
|
+
AWSAppSyncAdministrator = "AWSAppSyncAdministrator",
|
|
662
663
|
/** Provides access to create, update, and query the schema. */
|
|
663
|
-
AWSAppSyncSchemaAuthor = "
|
|
664
|
+
AWSAppSyncSchemaAuthor = "AWSAppSyncSchemaAuthor",
|
|
664
665
|
/** Provides full invoking access to the AppSync service - both through the console and independently */
|
|
665
|
-
AWSAppSyncInvokeFullAccess = "
|
|
666
|
+
AWSAppSyncInvokeFullAccess = "AWSAppSyncInvokeFullAccess",
|
|
666
667
|
/** Allows EC2 Fleet to launch and manage instances. */
|
|
667
|
-
AWSEC2FleetServiceRolePolicy = "
|
|
668
|
+
AWSEC2FleetServiceRolePolicy = "aws-service-role/AWSEC2FleetServiceRolePolicy",
|
|
668
669
|
/** Access policy to allow FM service linked role to perform FM-related actions on FM-managed resources within a customer AWS Organization account. */
|
|
669
|
-
FMSServiceRolePolicy = "
|
|
670
|
+
FMSServiceRolePolicy = "aws-service-role/FMSServiceRolePolicy",
|
|
670
671
|
/** Provides access to read only operation for Amazon Transcribe */
|
|
671
|
-
AmazonTranscribeReadOnlyAccess = "
|
|
672
|
+
AmazonTranscribeReadOnlyAccess = "AmazonTranscribeReadOnlyAccess",
|
|
672
673
|
/** Provides full access to Amazon Transcribe operations */
|
|
673
|
-
AmazonTranscribeFullAccess = "
|
|
674
|
+
AmazonTranscribeFullAccess = "AmazonTranscribeFullAccess",
|
|
674
675
|
/** Provides read/write access to AWS Secrets Manager via the AWS Management Console. Note: this exludes IAM actions, so combine with IAMFullAccess if rotation configuration is required. */
|
|
675
|
-
SecretsManagerReadWrite = "
|
|
676
|
+
SecretsManagerReadWrite = "SecretsManagerReadWrite",
|
|
676
677
|
/** Allows AppSync to push logs to user's CloudWatch account. */
|
|
677
|
-
AWSAppSyncPushToCloudWatchLogs = "
|
|
678
|
+
AWSAppSyncPushToCloudWatchLogs = "service-role/AWSAppSyncPushToCloudWatchLogs",
|
|
678
679
|
/** Allows AWS Artifact read-only access to operations in AWS Organizations. */
|
|
679
|
-
AWSArtifactAccountSync = "
|
|
680
|
+
AWSArtifactAccountSync = "service-role/AWSArtifactAccountSync",
|
|
680
681
|
/** Grants users full access to Elastic Transcoder and the access to associated services that is required for full Elastic Transcoder functionality. */
|
|
681
|
-
AmazonElasticTranscoderFullAccess = "
|
|
682
|
+
AmazonElasticTranscoderFullAccess = "AmazonElasticTranscoder_FullAccess",
|
|
682
683
|
/** Allows Amazon RDS to manage AWS resources on your behalf. */
|
|
683
|
-
AmazonRDSBetaServiceRolePolicy = "
|
|
684
|
+
AmazonRDSBetaServiceRolePolicy = "aws-service-role/AmazonRDSBetaServiceRolePolicy",
|
|
684
685
|
/** Full access for AWS FM Administrator */
|
|
685
|
-
AWSFMAdminFullAccess = "
|
|
686
|
+
AWSFMAdminFullAccess = "AWSFMAdminFullAccess",
|
|
686
687
|
/** Read only access for AWS FM Administrator that allows monitoring AWS FM operations */
|
|
687
|
-
AWSFMAdminReadOnlyAccess = "
|
|
688
|
+
AWSFMAdminReadOnlyAccess = "AWSFMAdminReadOnlyAccess",
|
|
688
689
|
/** Provides read only access to AWS WAF actions for AWS Firewall Manager member accounts */
|
|
689
|
-
AWSFMMemberReadOnlyAccess = "
|
|
690
|
+
AWSFMMemberReadOnlyAccess = "AWSFMMemberReadOnlyAccess",
|
|
690
691
|
/** Provides read only access to AWS IoT 1-Click. */
|
|
691
|
-
AWSIoT1ClickReadOnlyAccess = "
|
|
692
|
+
AWSIoT1ClickReadOnlyAccess = "AWSIoT1ClickReadOnlyAccess",
|
|
692
693
|
/** Provides full access to AWS IoT 1-Click. */
|
|
693
|
-
AWSIoT1ClickFullAccess = "
|
|
694
|
+
AWSIoT1ClickFullAccess = "AWSIoT1ClickFullAccess",
|
|
694
695
|
/** This policy provides Kubernetes the permissions it requires to manage resources on your behalf. Kubernetes requires Ec2:CreateTags permissions to place identifying information on EC2 resources including but not limited to Instances, Security Groups, and Elastic Network Interfaces. */
|
|
695
|
-
AmazonEKSClusterPolicy = "
|
|
696
|
+
AmazonEKSClusterPolicy = "AmazonEKSClusterPolicy",
|
|
696
697
|
/** This policy provides the Amazon VPC CNI Plugin (amazon-vpc-cni-k8s) the permissions it requires to modify the IP address configuration on your EKS worker nodes. This permission set allows the CNI to list, describe, and modify Elastic Network Interfaces on your behalf. More information on the AWS VPC CNI Plugin is available here: https://github.com/aws/amazon-vpc-cni-k8s */
|
|
697
|
-
AmazonEKSCNIPolicy = "
|
|
698
|
+
AmazonEKSCNIPolicy = "AmazonEKS_CNI_Policy",
|
|
698
699
|
/** This policy allows Amazon Elastic Container Service for Kubernetes to create and manage the necessary resources to operate EKS Clusters. */
|
|
699
|
-
AmazonEKSServicePolicy = "
|
|
700
|
+
AmazonEKSServicePolicy = "AmazonEKSServicePolicy",
|
|
700
701
|
/** This policy allows Amazon EKS worker nodes to connect to Amazon EKS Clusters. */
|
|
701
|
-
AmazonEKSWorkerNodePolicy = "
|
|
702
|
+
AmazonEKSWorkerNodePolicy = "AmazonEKSWorkerNodePolicy",
|
|
702
703
|
/** Provides read only access to Amazon Neptune. Note that this policy also grants access to Amazon RDS resources. For more information, see https://aws.amazon.com/neptune/faqs/. */
|
|
703
|
-
NeptuneReadOnlyAccess = "
|
|
704
|
+
NeptuneReadOnlyAccess = "NeptuneReadOnlyAccess",
|
|
704
705
|
/** Provides full access to Amazon Neptune. Note this policy also grants full access to publish on all SNS topics within the account and full access to Amazon RDS. For more information, see https://aws.amazon.com/neptune/faqs/. */
|
|
705
|
-
NeptuneFullAccess = "
|
|
706
|
+
NeptuneFullAccess = "NeptuneFullAccess",
|
|
706
707
|
/** Allows Config to call AWS services and collect resource configurations on your behalf. */
|
|
707
|
-
AWSConfigServiceRolePolicy = "
|
|
708
|
+
AWSConfigServiceRolePolicy = "aws-service-role/AWSConfigServiceRolePolicy",
|
|
708
709
|
/** Amazon RDS Preview Service Role Policy */
|
|
709
|
-
AmazonRDSPreviewServiceRolePolicy = "
|
|
710
|
+
AmazonRDSPreviewServiceRolePolicy = "aws-service-role/AmazonRDSPreviewServiceRolePolicy",
|
|
710
711
|
/** Policy granting permissions to Application Auto Scaling to access APIGateway and CloudWatch for custom resource scaling */
|
|
711
|
-
AWSApplicationAutoScalingCustomResourcePolicy = "
|
|
712
|
+
AWSApplicationAutoScalingCustomResourcePolicy = "aws-service-role/AWSApplicationAutoScalingCustomResourcePolicy",
|
|
712
713
|
/** Provides the AWS DDoS Response Team with limited access to your AWS account to assist with DDoS attack mitigation during a high-severity event. */
|
|
713
|
-
AWSShieldDRTAccessPolicy = "
|
|
714
|
+
AWSShieldDRTAccessPolicy = "service-role/AWSShieldDRTAccessPolicy",
|
|
714
715
|
/** Grants users read-only access to Elastic Transcoder and list access to related services. */
|
|
715
|
-
AmazonElasticTranscoderReadOnlyAccess = "
|
|
716
|
+
AmazonElasticTranscoderReadOnlyAccess = "AmazonElasticTranscoder_ReadOnlyAccess",
|
|
716
717
|
/** Grants users permission to change presets, submit jobs, and view Elastic Transcoder settings. This policy also grants some read-only access to some other services required to use the Elastic Transcode console, including S3, IAM, and SNS. */
|
|
717
|
-
AmazonElasticTranscoderJobsSubmitter = "
|
|
718
|
+
AmazonElasticTranscoderJobsSubmitter = "AmazonElasticTranscoder_JobsSubmitter",
|
|
718
719
|
/** Grants CloudFront Logger write permissions to CloudWatch Logs. */
|
|
719
|
-
AWSCloudFrontLogger = "
|
|
720
|
+
AWSCloudFrontLogger = "aws-service-role/AWSCloudFrontLogger",
|
|
720
721
|
/** Provides receive message, delete message, and read attribute access to SQS queues, and write permissions to CloudWatch logs. */
|
|
721
|
-
AWSLambdaSQSQueueExecutionRole = "
|
|
722
|
+
AWSLambdaSQSQueueExecutionRole = "service-role/AWSLambdaSQSQueueExecutionRole",
|
|
722
723
|
/** Provides read only access to IoT Analytics. */
|
|
723
|
-
AWSIoTAnalyticsReadOnlyAccess = "
|
|
724
|
+
AWSIoTAnalyticsReadOnlyAccess = "AWSIoTAnalyticsReadOnlyAccess",
|
|
724
725
|
/** Provides full access to IoT Analytics. */
|
|
725
|
-
AWSIoTAnalyticsFullAccess = "
|
|
726
|
+
AWSIoTAnalyticsFullAccess = "AWSIoTAnalyticsFullAccess",
|
|
726
727
|
/** Provides full access to manage Amazon Neptune using the AWS Console. Note this policy also grants full access to publish on all SNS topics within the account, permissions to create and edit Amazon EC2 instances and VPC configurations, permissions to view and list keys on Amazon KMS, and full access to Amazon RDS. For more information, see https://aws.amazon.com/neptune/faqs/. */
|
|
727
|
-
NeptuneConsoleFullAccess = "
|
|
728
|
+
NeptuneConsoleFullAccess = "NeptuneConsoleFullAccess",
|
|
728
729
|
/** Service linked role for Amazon Macie */
|
|
729
|
-
AmazonMacieServiceRolePolicy = "
|
|
730
|
+
AmazonMacieServiceRolePolicy = "aws-service-role/AmazonMacieServiceRolePolicy",
|
|
730
731
|
/** Provides read only access to AWS Elemental MediaConvert via the AWS Management Console and SDK. */
|
|
731
|
-
AWSElementalMediaConvertReadOnly = "
|
|
732
|
+
AWSElementalMediaConvertReadOnly = "AWSElementalMediaConvertReadOnly",
|
|
732
733
|
/** Provides full access to AWS Elemental MediaConvert via the AWS Management Console and SDK. */
|
|
733
|
-
AWSElementalMediaConvertFullAccess = "
|
|
734
|
+
AWSElementalMediaConvertFullAccess = "AWSElementalMediaConvertFullAccess",
|
|
734
735
|
/** Provides read only access to AWS SSO configurations. */
|
|
735
|
-
AWSSSOReadOnly = "
|
|
736
|
+
AWSSSOReadOnly = "AWSSSOReadOnly",
|
|
736
737
|
/** Provides access within AWS SSO to manage AWS Organizations master and member accounts and cloud application */
|
|
737
|
-
AWSSSOMasterAccountAdministrator = "
|
|
738
|
+
AWSSSOMasterAccountAdministrator = "AWSSSOMasterAccountAdministrator",
|
|
738
739
|
/** Provides access within AWS SSO to manage AWS Organizations member accounts and cloud application */
|
|
739
|
-
AWSSSOMemberAccountAdministrator = "
|
|
740
|
+
AWSSSOMemberAccountAdministrator = "AWSSSOMemberAccountAdministrator",
|
|
740
741
|
/** Grants permission to create the service-linked role of Amazon Macie. */
|
|
741
|
-
AmazonMacieHandshakeRole = "
|
|
742
|
+
AmazonMacieHandshakeRole = "service-role/AmazonMacieHandshakeRole",
|
|
742
743
|
/** Provides appropriate permissions to AWS Data Lifecycle Manager to take actions on AWS resources */
|
|
743
|
-
AWSDataLifecycleManagerServiceRole = "
|
|
744
|
+
AWSDataLifecycleManagerServiceRole = "service-role/AWSDataLifecycleManagerServiceRole",
|
|
744
745
|
/** Provides read access for IoT and related resources */
|
|
745
|
-
AWSIoTDeviceDefenderAudit = "
|
|
746
|
+
AWSIoTDeviceDefenderAudit = "service-role/AWSIoTDeviceDefenderAudit",
|
|
746
747
|
/** Provides full access to AWS Marketplace Private Image Build Feature. In addition to create private images, it also provides permissions to add tags to images, launch and terminate ec2 instances. */
|
|
747
|
-
AWSMarketplaceImageBuildFullAccess = "
|
|
748
|
+
AWSMarketplaceImageBuildFullAccess = "AWSMarketplaceImageBuildFullAccess",
|
|
748
749
|
/** Provides write access to AWS resources required for AWS Discovery Continuous Export */
|
|
749
|
-
AWSDiscoveryContinuousExportFirehosePolicy = "
|
|
750
|
+
AWSDiscoveryContinuousExportFirehosePolicy = "AWSDiscoveryContinuousExportFirehosePolicy",
|
|
750
751
|
/** Enables access to AWS Services and Resources used or managed by Application Discovery Service Continuous Export feature */
|
|
751
|
-
ApplicationDiscoveryServiceContinuousExportServiceRolePolicy = "
|
|
752
|
+
ApplicationDiscoveryServiceContinuousExportServiceRolePolicy = "aws-service-role/ApplicationDiscoveryServiceContinuousExportServiceRolePolicy",
|
|
752
753
|
/** Policy granting permissions to AWS Auto Scaling to periodically forecast capacity and generate scheduled scaling actions for Auto Scaling groups in a scaling plan */
|
|
753
|
-
AWSAutoScalingPlansEC2AutoScalingPolicy = "
|
|
754
|
+
AWSAutoScalingPlansEC2AutoScalingPolicy = "aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy",
|
|
754
755
|
/** Creating SLR to write customer's logs to a firehose stream */
|
|
755
|
-
WAFRegionalLoggingServiceRolePolicy = "
|
|
756
|
+
WAFRegionalLoggingServiceRolePolicy = "aws-service-role/WAFRegionalLoggingServiceRolePolicy",
|
|
756
757
|
/** Creating SLR to write customer's logs to a firehose stream */
|
|
757
|
-
WAFLoggingServiceRolePolicy = "
|
|
758
|
+
WAFLoggingServiceRolePolicy = "aws-service-role/WAFLoggingServiceRolePolicy",
|
|
758
759
|
/** Allows user to access Amazon FreeRTOS OTA Update */
|
|
759
|
-
AmazonFreeRTOSOTAUpdate = "
|
|
760
|
+
AmazonFreeRTOSOTAUpdate = "service-role/AmazonFreeRTOSOTAUpdate",
|
|
760
761
|
/** Allow the AWS X-Ray Daemon to relay raw trace segments data to the service's API and retrieve sampling data (rules, targets, etc.) to be used by the X-Ray SDK. */
|
|
761
|
-
AWSXRayDaemonWriteAccess = "
|
|
762
|
+
AWSXRayDaemonWriteAccess = "AWSXRayDaemonWriteAccess",
|
|
762
763
|
/** Allows Amazon Connect to create and manage AWS resources on your behalf. */
|
|
763
|
-
AmazonConnectServiceLinkedRolePolicy = "
|
|
764
|
+
AmazonConnectServiceLinkedRolePolicy = "aws-service-role/AmazonConnectServiceLinkedRolePolicy",
|
|
764
765
|
/** Provides read only access to Amazon ElasticLoadBalancing and dependent services */
|
|
765
|
-
ElasticLoadBalancingReadOnly = "
|
|
766
|
+
ElasticLoadBalancingReadOnly = "ElasticLoadBalancingReadOnly",
|
|
766
767
|
/** Provides full access to Amazon ElasticLoadBalancing, and limited access to other services necessary to provide ElasticLoadBalancing features. */
|
|
767
|
-
ElasticLoadBalancingFullAccess = "
|
|
768
|
+
ElasticLoadBalancingFullAccess = "ElasticLoadBalancingFullAccess",
|
|
768
769
|
/** AWS Lightsail service linked role policy which grants permissions to export resources */
|
|
769
|
-
LightsailExportAccess = "
|
|
770
|
+
LightsailExportAccess = "aws-service-role/LightsailExportAccess",
|
|
770
771
|
/** Provides full access to the Amazon Redshift Query Editor and to saved queries via the AWS Management Console. */
|
|
771
|
-
AmazonRedshiftQueryEditor = "
|
|
772
|
+
AmazonRedshiftQueryEditor = "AmazonRedshiftQueryEditor",
|
|
772
773
|
/** Provides full access to AWS Glue via the AWS Management Console and access to sagemaker notebook instances. */
|
|
773
|
-
AWSGlueConsoleSageMakerNotebookFullAccess = "
|
|
774
|
+
AWSGlueConsoleSageMakerNotebookFullAccess = "AWSGlueConsoleSageMakerNotebookFullAccess",
|
|
774
775
|
/** Grants permission to view the Amazon Connect instances in your AWS account. */
|
|
775
|
-
AmazonConnectReadOnlyAccess = "
|
|
776
|
+
AmazonConnectReadOnlyAccess = "AmazonConnectReadOnlyAccess",
|
|
776
777
|
/** Provides auditor access to AWS Certificate Manager Private Certificate Authority */
|
|
777
|
-
AWSCertificateManagerPrivateCAAuditor = "
|
|
778
|
+
AWSCertificateManagerPrivateCAAuditor = "AWSCertificateManagerPrivateCAAuditor",
|
|
778
779
|
/** Provides certificate user access to AWS Certificate Manager Private Certificate Authority */
|
|
779
|
-
AWSCertificateManagerPrivateCAUser = "
|
|
780
|
+
AWSCertificateManagerPrivateCAUser = "AWSCertificateManagerPrivateCAUser",
|
|
780
781
|
/** Provides full access to AWS Certificate Manager Private Certificate Authority */
|
|
781
|
-
AWSCertificateManagerPrivateCAFullAccess = "
|
|
782
|
+
AWSCertificateManagerPrivateCAFullAccess = "AWSCertificateManagerPrivateCAFullAccess",
|
|
782
783
|
/** Provides read only access to AWS Certificate Manager Private Certificate Authority */
|
|
783
|
-
AWSCertificateManagerPrivateCAReadOnly = "
|
|
784
|
+
AWSCertificateManagerPrivateCAReadOnly = "AWSCertificateManagerPrivateCAReadOnly",
|
|
784
785
|
/** Permission policy for CloudTrail ServiceLinkedRole */
|
|
785
|
-
CloudTrailServiceRolePolicy = "
|
|
786
|
+
CloudTrailServiceRolePolicy = "aws-service-role/CloudTrailServiceRolePolicy",
|
|
786
787
|
/** This policy gives read only access to the AWS Greengrass configuration, management and deployment actions */
|
|
787
|
-
AWSGreengrassReadOnlyAccess = "
|
|
788
|
+
AWSGreengrassReadOnlyAccess = "AWSGreengrassReadOnlyAccess",
|
|
788
789
|
/** ReadOnly access for SSO Directory */
|
|
789
|
-
AWSSSODirectoryReadOnly = "
|
|
790
|
+
AWSSSODirectoryReadOnly = "AWSSSODirectoryReadOnly",
|
|
790
791
|
/** Administrator access for SSO Directory */
|
|
791
|
-
AWSSSODirectoryAdministrator = "
|
|
792
|
+
AWSSSODirectoryAdministrator = "AWSSSODirectoryAdministrator",
|
|
792
793
|
/** Provides full access to AWS Organizations. */
|
|
793
|
-
AWSOrganizationsFullAccess = "
|
|
794
|
+
AWSOrganizationsFullAccess = "AWSOrganizationsFullAccess",
|
|
794
795
|
/** Provides read-only access to AWS Organizations. */
|
|
795
|
-
AWSOrganizationsReadOnlyAccess = "
|
|
796
|
+
AWSOrganizationsReadOnlyAccess = "AWSOrganizationsReadOnlyAccess",
|
|
796
797
|
/** Allows AWS IoT SiteWise to provision and manage gateways as well as query data. The policy includes required AWS Greengrass permissions for deploying to groups, AWS Lambda permissions for creating and updating service-prefixed functions, and AWS IoT Analytics permissions for querying data from datastores. */
|
|
797
|
-
AWSServiceRoleForIoTSiteWise = "
|
|
798
|
+
AWSServiceRoleForIoTSiteWise = "aws-service-role/AWSServiceRoleForIoTSiteWise",
|
|
798
799
|
/** Policy containing Read-only AWS Resource Access Manager access to customers' Organizations structure. It also contains IAM permissions to self-delete the role. */
|
|
799
|
-
AWSResourceAccessManagerServiceRolePolicy = "
|
|
800
|
+
AWSResourceAccessManagerServiceRolePolicy = "aws-service-role/AWSResourceAccessManagerServiceRolePolicy",
|
|
800
801
|
/** Enables access to AWS services and resources required for AWS KMS custom key stores */
|
|
801
|
-
AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy = "
|
|
802
|
+
AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy = "aws-service-role/AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy",
|
|
802
803
|
/** IAM service linked role policy for Kafka. */
|
|
803
|
-
KafkaServiceRolePolicy = "
|
|
804
|
+
KafkaServiceRolePolicy = "aws-service-role/KafkaServiceRolePolicy",
|
|
804
805
|
/** Default policy for the Amazon Elastic MapReduce Editors service role. */
|
|
805
|
-
AmazonElasticMapReduceEditorsRole = "
|
|
806
|
+
AmazonElasticMapReduceEditorsRole = "service-role/AmazonElasticMapReduceEditorsRole",
|
|
806
807
|
/** Allows full access to use the RDS data APIs, secret store APIs for RDS database credentials, and DB console query management APIs to execute SQL statements on Aurora Serverless clusters in the AWS account. */
|
|
807
|
-
AmazonRDSDataFullAccess = "
|
|
808
|
+
AmazonRDSDataFullAccess = "AmazonRDSDataFullAccess",
|
|
808
809
|
/** Provides read only access to AWS RoboMaker via the AWS Management Console and SDK */
|
|
809
|
-
AWSRoboMakerReadOnlyAccess = "
|
|
810
|
+
AWSRoboMakerReadOnlyAccess = "AWSRoboMakerReadOnlyAccess",
|
|
810
811
|
/** RoboMaker service policy */
|
|
811
|
-
AWSRoboMakerServiceRolePolicy = "
|
|
812
|
+
AWSRoboMakerServiceRolePolicy = "AWSRoboMakerServiceRolePolicy",
|
|
812
813
|
/** RoboMaker service policy */
|
|
813
|
-
AWSRoboMakerServicePolicy = "
|
|
814
|
+
AWSRoboMakerServicePolicy = "aws-service-role/AWSRoboMakerServicePolicy",
|
|
814
815
|
/** Allow VPC Transit Gateway to create and manage necessary resources for your Transit Gateway VPC Attachments. */
|
|
815
|
-
AWSVPCTransitGatewayServiceRolePolicy = "
|
|
816
|
+
AWSVPCTransitGatewayServiceRolePolicy = "aws-service-role/AWSVPCTransitGatewayServiceRolePolicy",
|
|
816
817
|
/** AWS License Manager service default role policy */
|
|
817
|
-
AWSLicenseManagerServiceRolePolicy = "
|
|
818
|
+
AWSLicenseManagerServiceRolePolicy = "aws-service-role/AWSLicenseManagerServiceRolePolicy",
|
|
818
819
|
/** AWS License Manager service master account role policy */
|
|
819
|
-
AWSLicenseManagerMasterAccountRolePolicy = "
|
|
820
|
+
AWSLicenseManagerMasterAccountRolePolicy = "aws-service-role/AWSLicenseManagerMasterAccountRolePolicy",
|
|
820
821
|
/** AWS License Manager service member account role policy */
|
|
821
|
-
AWSLicenseManagerMemberAccountRolePolicy = "
|
|
822
|
+
AWSLicenseManagerMemberAccountRolePolicy = "aws-service-role/AWSLicenseManagerMemberAccountRolePolicy",
|
|
822
823
|
/** Permissions to allow the AWS Server Migration Service to create and update relevant AWS resources into the customer's AWS account for launching migrated servers and applications. */
|
|
823
|
-
ServerMigrationServiceLaunchRole = "
|
|
824
|
+
ServerMigrationServiceLaunchRole = "service-role/ServerMigrationServiceLaunchRole",
|
|
824
825
|
/** Allow GlobalAccelerator Users Access to Read Only APIs */
|
|
825
|
-
GlobalAcceleratorReadOnlyAccess = "
|
|
826
|
+
GlobalAcceleratorReadOnlyAccess = "GlobalAcceleratorReadOnlyAccess",
|
|
826
827
|
/** Allow GlobalAccelerator Users full Access to all APIs */
|
|
827
|
-
GlobalAcceleratorFullAccess = "
|
|
828
|
+
GlobalAcceleratorFullAccess = "GlobalAcceleratorFullAccess",
|
|
828
829
|
/** Provides full access to all administrative actions for an AWS Private Marketplace. */
|
|
829
|
-
AWSPrivateMarketplaceAdminFullAccess = "
|
|
830
|
+
AWSPrivateMarketplaceAdminFullAccess = "AWSPrivateMarketplaceAdminFullAccess",
|
|
830
831
|
/** Provides full access to Amazon Comprehend Medical */
|
|
831
|
-
ComprehendMedicalFullAccess = "
|
|
832
|
+
ComprehendMedicalFullAccess = "ComprehendMedicalFullAccess",
|
|
832
833
|
/** Provides CodeDeploy service wide access to perform an ECS blue/green deployment on your behalf. Grants full access to support services, such as full access to read all S3 objects, invoke all Lambda functions, publish to all SNS topics within the account and update all ECS services. */
|
|
833
|
-
AWSCodeDeployRoleForECS = "
|
|
834
|
+
AWSCodeDeployRoleForECS = "AWSCodeDeployRoleForECS",
|
|
834
835
|
/** Provides CodeDeploy service limited access to perform an ECS blue/green deployment on your behalf. */
|
|
835
|
-
AWSCodeDeployRoleForECSLimited = "
|
|
836
|
+
AWSCodeDeployRoleForECSLimited = "AWSCodeDeployRoleForECSLimited",
|
|
836
837
|
/** Provides full access to Amazon Translate. */
|
|
837
|
-
TranslateFullAccess = "
|
|
838
|
+
TranslateFullAccess = "TranslateFullAccess",
|
|
838
839
|
/** A service-linked role required for AWS Security Hub to access your resources. */
|
|
839
|
-
AWSSecurityHubServiceRolePolicy = "
|
|
840
|
+
AWSSecurityHubServiceRolePolicy = "aws-service-role/AWSSecurityHubServiceRolePolicy",
|
|
840
841
|
/** Provides full access to use AWS Security Hub. */
|
|
841
|
-
AWSSecurityHubFullAccess = "
|
|
842
|
+
AWSSecurityHubFullAccess = "AWSSecurityHubFullAccess",
|
|
842
843
|
/** Provides read only access to AWS Security Hub resources */
|
|
843
|
-
AWSSecurityHubReadOnlyAccess = "
|
|
844
|
+
AWSSecurityHubReadOnlyAccess = "AWSSecurityHubReadOnlyAccess",
|
|
844
845
|
/** Allows Amazon FSx to manage AWS resources on your behalf */
|
|
845
|
-
AmazonFSxServiceRolePolicy = "
|
|
846
|
+
AmazonFSxServiceRolePolicy = "aws-service-role/AmazonFSxServiceRolePolicy",
|
|
846
847
|
/** Allows Amazon FSx to delete its Service Linked Roles for Amazon S3 access */
|
|
847
|
-
FSxDeleteServiceLinkedRoleAccess = "
|
|
848
|
+
FSxDeleteServiceLinkedRoleAccess = "aws-service-role/FSxDeleteServiceLinkedRoleAccess",
|
|
848
849
|
/** Provides read only access to Amazon FSx. */
|
|
849
|
-
AmazonFSxReadOnlyAccess = "
|
|
850
|
+
AmazonFSxReadOnlyAccess = "AmazonFSxReadOnlyAccess",
|
|
850
851
|
/** Provides full access to Amazon FSx and access to related AWS services. */
|
|
851
|
-
AmazonFSxFullAccess = "
|
|
852
|
+
AmazonFSxFullAccess = "AmazonFSxFullAccess",
|
|
852
853
|
/** Provides read only access to Amazon FSx and access to related AWS services via the AWS Management Console. */
|
|
853
|
-
AmazonFSxConsoleReadOnlyAccess = "
|
|
854
|
+
AmazonFSxConsoleReadOnlyAccess = "AmazonFSxConsoleReadOnlyAccess",
|
|
854
855
|
/** Provides full access to Amazon FSx and access to related AWS services via the AWS Management Console. */
|
|
855
|
-
AmazonFSxConsoleFullAccess = "
|
|
856
|
+
AmazonFSxConsoleFullAccess = "AmazonFSxConsoleFullAccess",
|
|
856
857
|
/** Access to all Amazon Textract APIs */
|
|
857
|
-
AmazonTextractFullAccess = "
|
|
858
|
+
AmazonTextractFullAccess = "AmazonTextractFullAccess",
|
|
858
859
|
/** Allows Textract to call AWS services on your behalf. */
|
|
859
|
-
AmazonTextractServiceRole = "
|
|
860
|
+
AmazonTextractServiceRole = "service-role/AmazonTextractServiceRole",
|
|
860
861
|
/** Provides read-only access to all AWS Cloud Map actions. */
|
|
861
|
-
AWSCloudMapReadOnlyAccess = "
|
|
862
|
+
AWSCloudMapReadOnlyAccess = "AWSCloudMapReadOnlyAccess",
|
|
862
863
|
/** Provides full access to all AWS Cloud Map actions. */
|
|
863
|
-
AWSCloudMapFullAccess = "
|
|
864
|
+
AWSCloudMapFullAccess = "AWSCloudMapFullAccess",
|
|
864
865
|
/** Provides access to AWS Cloud Map discovery API. */
|
|
865
|
-
AWSCloudMapDiscoverInstanceAccess = "
|
|
866
|
+
AWSCloudMapDiscoverInstanceAccess = "AWSCloudMapDiscoverInstanceAccess",
|
|
866
867
|
/** Provides registrant level access to AWS Cloud Map actions. */
|
|
867
|
-
AWSCloudMapRegisterInstanceAccess = "
|
|
868
|
+
AWSCloudMapRegisterInstanceAccess = "AWSCloudMapRegisterInstanceAccess",
|
|
868
869
|
/** Provides full access to AWS Well-Architected Tool via the AWS Management Console */
|
|
869
|
-
WellArchitectedConsoleFullAccess = "
|
|
870
|
+
WellArchitectedConsoleFullAccess = "WellArchitectedConsoleFullAccess",
|
|
870
871
|
/** Provides read-only access to AWS Well-Architected Tool via the AWS Management Console */
|
|
871
|
-
WellArchitectedConsoleReadOnlyAccess = "
|
|
872
|
+
WellArchitectedConsoleReadOnlyAccess = "WellArchitectedConsoleReadOnlyAccess",
|
|
872
873
|
/** Cloudwatch Application Insights Service Linked Role Policy */
|
|
873
|
-
CloudwatchApplicationInsightsServiceLinkedRolePolicy = "
|
|
874
|
+
CloudwatchApplicationInsightsServiceLinkedRolePolicy = "aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy",
|
|
874
875
|
/** Provides full access to IoT SiteWise. */
|
|
875
|
-
AWSIoTSiteWiseFullAccess = "
|
|
876
|
+
AWSIoTSiteWiseFullAccess = "AWSIoTSiteWiseFullAccess",
|
|
876
877
|
/** Provides read only access to IoT SiteWise. */
|
|
877
|
-
AWSIoTSiteWiseReadOnlyAccess = "
|
|
878
|
+
AWSIoTSiteWiseReadOnlyAccess = "AWSIoTSiteWiseReadOnlyAccess",
|
|
878
879
|
/** Provides full access to Amazon Personalize via the AWS Management Console and SDK. Also provides select access to related services (e.g., S3, CloudWatch). */
|
|
879
|
-
AmazonPersonalizeFullAccess = "
|
|
880
|
+
AmazonPersonalizeFullAccess = "service-role/AmazonPersonalizeFullAccess",
|
|
880
881
|
/** Policy to enable AWS Client VPN to manage your Client VPN endpoints. */
|
|
881
|
-
ClientVPNServiceRolePolicy = "
|
|
882
|
+
ClientVPNServiceRolePolicy = "aws-service-role/ClientVPNServiceRolePolicy",
|
|
882
883
|
/** Provides read only access to AmazonMQ via our API/SDK. */
|
|
883
|
-
AmazonMQApiReadOnlyAccess = "
|
|
884
|
+
AmazonMQApiReadOnlyAccess = "AmazonMQApiReadOnlyAccess",
|
|
884
885
|
/** Provides full access to AmazonMQ via our API/SDK. */
|
|
885
|
-
AmazonMQApiFullAccess = "
|
|
886
|
+
AmazonMQApiFullAccess = "AmazonMQApiFullAccess",
|
|
886
887
|
/** Provides full access to Amazon DocumentDB with MongoDB compatibility. Note this policy also grants full access to publish on all SNS topics within the account and full access to Amazon RDS and Amazon Neptune. */
|
|
887
|
-
AmazonDocDBFullAccess = "
|
|
888
|
+
AmazonDocDBFullAccess = "AmazonDocDBFullAccess",
|
|
888
889
|
/** Provides read-only access to Amazon DocumentDB with MongoDB compatibility. Note that this policy also grants access to Amazon RDS and Amazon Neptune resources. */
|
|
889
|
-
AmazonDocDBReadOnlyAccess = "
|
|
890
|
+
AmazonDocDBReadOnlyAccess = "AmazonDocDBReadOnlyAccess",
|
|
890
891
|
/** Provides full access to manage Amazon DocumentDB with MongoDB compatibility using the AWS Management Console. Note this policy also grants full access to publish on all SNS topics within the account, permissions to create and edit Amazon EC2 instances and VPC configurations, permissions to view and list keys on Amazon KMS, and full access to Amazon RDS and Amazon Neptune. */
|
|
891
|
-
AmazonDocDBConsoleFullAccess = "
|
|
892
|
+
AmazonDocDBConsoleFullAccess = "AmazonDocDBConsoleFullAccess",
|
|
892
893
|
/** Provides AWS Backup permission to create backups on your behalf across AWS services */
|
|
893
|
-
AWSBackupServiceRolePolicyForBackup = "
|
|
894
|
+
AWSBackupServiceRolePolicyForBackup = "service-role/AWSBackupServiceRolePolicyForBackup",
|
|
894
895
|
/** Provides read only access to IoT Events. */
|
|
895
|
-
AWSIoTEventsReadOnlyAccess = "
|
|
896
|
+
AWSIoTEventsReadOnlyAccess = "AWSIoTEventsReadOnlyAccess",
|
|
896
897
|
/** Provides full access to IoT Events. */
|
|
897
|
-
AWSIoTEventsFullAccess = "
|
|
898
|
+
AWSIoTEventsFullAccess = "AWSIoTEventsFullAccess",
|
|
898
899
|
/** AWS Elastic Beanstalk Service Role policy that grants limited permissions to update your resources on your behalf for maintenance purposes. */
|
|
899
|
-
AWSElasticBeanstalkMaintenance = "
|
|
900
|
+
AWSElasticBeanstalkMaintenance = "aws-service-role/AWSElasticBeanstalkMaintenance",
|
|
900
901
|
/** Provides AWS Backup permission to perform restores on your behalf across AWS services. This policy includes permissions to create and delete AWS resources, such as EBS volumes, RDS instances, and EFS file systems, which are part of the restore process. */
|
|
901
|
-
AWSBackupServiceRolePolicyForRestores = "
|
|
902
|
+
AWSBackupServiceRolePolicyForRestores = "service-role/AWSBackupServiceRolePolicyForRestores",
|
|
902
903
|
/** Allows AWS Transfer full access to create log streams and groups and put log events to your account */
|
|
903
|
-
AWSTransferLoggingAccess = "
|
|
904
|
+
AWSTransferLoggingAccess = "service-role/AWSTransferLoggingAccess",
|
|
904
905
|
/** Provide full access to Amazon MSK and other required permissions for its dependencies. */
|
|
905
|
-
AmazonMSKFullAccess = "
|
|
906
|
+
AmazonMSKFullAccess = "AmazonMSKFullAccess",
|
|
906
907
|
/** Provide readonly access to Amazon MSK */
|
|
907
|
-
AmazonMSKReadOnlyAccess = "
|
|
908
|
+
AmazonMSKReadOnlyAccess = "AmazonMSKReadOnlyAccess",
|
|
908
909
|
/** Gives access to all actions for Amazon Forecast */
|
|
909
|
-
AmazonForecastFullAccess = "
|
|
910
|
+
AmazonForecastFullAccess = "AmazonForecastFullAccess",
|
|
910
911
|
/** Provides read-only access to AWS DataSync */
|
|
911
|
-
AWSDataSyncReadOnlyAccess = "
|
|
912
|
+
AWSDataSyncReadOnlyAccess = "AWSDataSyncReadOnlyAccess",
|
|
912
913
|
/** Provides full access to AWS DataSync and minimal access to its dependencies */
|
|
913
|
-
AWSDataSyncFullAccess = "
|
|
914
|
+
AWSDataSyncFullAccess = "AWSDataSyncFullAccess",
|
|
914
915
|
/** Enables access to AWS Services and Resources used or managed by Amazon WorkLink */
|
|
915
|
-
WorkLinkServiceRolePolicy = "
|
|
916
|
+
WorkLinkServiceRolePolicy = "WorkLinkServiceRolePolicy",
|
|
916
917
|
/** Allows DeepRacer to create required resources and call AWS services on your behalf. */
|
|
917
|
-
AWSDeepRacerServiceRolePolicy = "
|
|
918
|
+
AWSDeepRacerServiceRolePolicy = "service-role/AWSDeepRacerServiceRolePolicy",
|
|
918
919
|
/** Allows CloudFormation to create and manage AWS stacks and resources on your behalf. */
|
|
919
|
-
AWSDeepRacerCloudFormationAccessPolicy = "
|
|
920
|
+
AWSDeepRacerCloudFormationAccessPolicy = "AWSDeepRacerCloudFormationAccessPolicy",
|
|
920
921
|
/** Allows RoboMaker to create required resources and call AWS services on your behalf. */
|
|
921
|
-
AWSDeepRacerRoboMakerAccessPolicy = "
|
|
922
|
+
AWSDeepRacerRoboMakerAccessPolicy = "AWSDeepRacerRoboMakerAccessPolicy",
|
|
922
923
|
/** Policy for AWS Comprehend service role which allows access to S3 resources for data access */
|
|
923
|
-
ComprehendDataAccessRolePolicy = "
|
|
924
|
+
ComprehendDataAccessRolePolicy = "service-role/ComprehendDataAccessRolePolicy",
|
|
924
925
|
/** This policy enables Alexa for Business to perform automated tasks scheduled by your network profiles. */
|
|
925
|
-
AlexaForBusinessNetworkProfileServicePolicy = "
|
|
926
|
+
AlexaForBusinessNetworkProfileServicePolicy = "aws-service-role/AlexaForBusinessNetworkProfileServicePolicy",
|
|
926
927
|
/** The policy for Amazon EC2 Role to enable AWS Systems Manager service core functionality. */
|
|
927
|
-
AmazonSSMManagedInstanceCore = "
|
|
928
|
+
AmazonSSMManagedInstanceCore = "AmazonSSMManagedInstanceCore",
|
|
928
929
|
/** This policy allows SSM Agent to access Directory Service on behalf of the customer for domain-join the managed instance. */
|
|
929
|
-
AmazonSSMDirectoryServiceAccess = "
|
|
930
|
+
AmazonSSMDirectoryServiceAccess = "AmazonSSMDirectoryServiceAccess",
|
|
930
931
|
/** Allows Amazon Cognito User Pools service to use your SES identities for email sending */
|
|
931
|
-
AmazonCognitoIdpEmailServiceRolePolicy = "
|
|
932
|
+
AmazonCognitoIdpEmailServiceRolePolicy = "aws-service-role/AmazonCognitoIdpEmailServiceRolePolicy",
|
|
932
933
|
/** Provides full access to AWS IQ */
|
|
933
|
-
AWSIQFullAccess = "
|
|
934
|
+
AWSIQFullAccess = "AWSIQFullAccess",
|
|
934
935
|
/** Policy granting permissions to AWS Global Accelerator to manage EC2 Elastic Network Interfaces and Security Groups. */
|
|
935
|
-
AWSGlobalAcceleratorSLRPolicy = "
|
|
936
|
+
AWSGlobalAcceleratorSLRPolicy = "aws-service-role/AWSGlobalAcceleratorSLRPolicy",
|
|
936
937
|
/** Enables access to AWS Services and Resources used or managed by Amazon WorkMail Events */
|
|
937
|
-
AmazonWorkMailEventsServiceRolePolicy = "
|
|
938
|
+
AmazonWorkMailEventsServiceRolePolicy = "aws-service-role/AmazonWorkMailEventsServiceRolePolicy",
|
|
938
939
|
/** Provides full access to the AWS App Mesh APIs and Management Console. */
|
|
939
|
-
AWSAppMeshFullAccess = "
|
|
940
|
+
AWSAppMeshFullAccess = "AWSAppMeshFullAccess",
|
|
940
941
|
/** Provides read-only access to the AWS App Mesh APIs and Management Console. */
|
|
941
|
-
AWSAppMeshReadOnly = "
|
|
942
|
+
AWSAppMeshReadOnly = "AWSAppMeshReadOnly",
|
|
942
943
|
/** Provides full access to Amazon Managed Blockchain via the AWS Management Console */
|
|
943
|
-
AmazonManagedBlockchainConsoleFullAccess = "
|
|
944
|
+
AmazonManagedBlockchainConsoleFullAccess = "AmazonManagedBlockchainConsoleFullAccess",
|
|
944
945
|
/** Provides full access to Amazon Managed Blockchain. */
|
|
945
|
-
AmazonManagedBlockchainFullAccess = "
|
|
946
|
+
AmazonManagedBlockchainFullAccess = "AmazonManagedBlockchainFullAccess",
|
|
946
947
|
/** Provides read-only access to Amazon Managed Blockchain. */
|
|
947
|
-
AmazonManagedBlockchainReadOnlyAccess = "
|
|
948
|
+
AmazonManagedBlockchainReadOnlyAccess = "AmazonManagedBlockchainReadOnlyAccess",
|
|
948
949
|
/** Deny all access. */
|
|
949
|
-
AWSDenyAll = "
|
|
950
|
+
AWSDenyAll = "AWSDenyAll",
|
|
950
951
|
/** Provides access to AWS Resources managed or used by AWS Control Tower */
|
|
951
|
-
AWSControlTowerServiceRolePolicy = "
|
|
952
|
+
AWSControlTowerServiceRolePolicy = "service-role/AWSControlTowerServiceRolePolicy",
|
|
952
953
|
/** Full access policy for Route 53 Resolver */
|
|
953
|
-
AmazonRoute53ResolverFullAccess = "
|
|
954
|
+
AmazonRoute53ResolverFullAccess = "AmazonRoute53ResolverFullAccess",
|
|
954
955
|
/** Read only policy for Route 53 Resolver */
|
|
955
|
-
AmazonRoute53ResolverReadOnlyAccess = "
|
|
956
|
+
AmazonRoute53ResolverReadOnlyAccess = "AmazonRoute53ResolverReadOnlyAccess",
|
|
956
957
|
/** Provides full access to manage AWS IoT SiteWise using the AWS Management Console. Note this policy also grants access to create and list data stores used with AWS IoT SiteWise (e.g. AWS IoT Analytics), access to list and view AWS IoT Greengrass resources, list and modify AWS Secrets Manager secrets, retrieve AWS IoT thing shadows, list resources with specific tags, and create and use a service-linked role for AWS IoT SiteWise. */
|
|
957
|
-
AWSIoTSiteWiseConsoleFullAccess = "
|
|
958
|
+
AWSIoTSiteWiseConsoleFullAccess = "AWSIoTSiteWiseConsoleFullAccess",
|
|
958
959
|
/** Enables access to AWS Services and Resources used or managed by AWS AppMesh */
|
|
959
|
-
AWSAppMeshServiceRolePolicy = "
|
|
960
|
+
AWSAppMeshServiceRolePolicy = "aws-service-role/AWSAppMeshServiceRolePolicy",
|
|
960
961
|
/** Provides full access to AWS Resource Access Manager */
|
|
961
|
-
AWSResourceAccessManagerFullAccess = "
|
|
962
|
+
AWSResourceAccessManagerFullAccess = "AWSResourceAccessManagerFullAccess",
|
|
962
963
|
/** Allows Migration Hub to call Application Discovery Service on your behalf */
|
|
963
|
-
MigrationHubServiceRolePolicy = "
|
|
964
|
+
MigrationHubServiceRolePolicy = "aws-service-role/MigrationHubServiceRolePolicy",
|
|
964
965
|
/** Policy for Database Migration Service to assume role in customer's account to call Migration Hub */
|
|
965
|
-
MigrationHubDMSAccessServiceRolePolicy = "
|
|
966
|
+
MigrationHubDMSAccessServiceRolePolicy = "aws-service-role/MigrationHubDMSAccessServiceRolePolicy",
|
|
966
967
|
/** Policy for Server Migration Service to assume role in customer's account to call Migration Hub */
|
|
967
|
-
MigrationHubSMSAccessServiceRolePolicy = "
|
|
968
|
+
MigrationHubSMSAccessServiceRolePolicy = "aws-service-role/MigrationHubSMSAccessServiceRolePolicy",
|
|
968
969
|
/** Allows Config to call AWS services and deploy config resources across organization */
|
|
969
|
-
AWSConfigMultiAccountSetupPolicy = "
|
|
970
|
+
AWSConfigMultiAccountSetupPolicy = "aws-service-role/AWSConfigMultiAccountSetupPolicy",
|
|
970
971
|
/** Policy to enable registration of On-Premises instances via the OpsWorks CLI */
|
|
971
|
-
AWSOpsWorksRegisterCLIOnPremises = "
|
|
972
|
+
AWSOpsWorksRegisterCLIOnPremises = "AWSOpsWorksRegisterCLI_OnPremises",
|
|
972
973
|
/** Policy to enable registration of EC2 instances via the OpsWorks CLI */
|
|
973
|
-
AWSOpsWorksRegisterCLIEC2 = "
|
|
974
|
+
AWSOpsWorksRegisterCLIEC2 = "AWSOpsWorksRegisterCLI_EC2",
|
|
974
975
|
/** Allows AWS Config to remediate noncompliant resources on your behalf. */
|
|
975
|
-
AWSConfigRemediationServiceRolePolicy = "
|
|
976
|
+
AWSConfigRemediationServiceRolePolicy = "aws-service-role/AWSConfigRemediationServiceRolePolicy",
|
|
976
977
|
/** Enables access to AWS Services and Resources used or managed by AWS App Mesh */
|
|
977
|
-
AWSAppMeshPreviewServiceRolePolicy = "
|
|
978
|
+
AWSAppMeshPreviewServiceRolePolicy = "aws-service-role/AWSAppMeshPreviewServiceRolePolicy",
|
|
978
979
|
/** Provides privileged certificate user access to AWS Certificate Manager Private Certificate Authority */
|
|
979
|
-
AWSCertificateManagerPrivateCAPrivilegedUser = "
|
|
980
|
+
AWSCertificateManagerPrivateCAPrivilegedUser = "AWSCertificateManagerPrivateCAPrivilegedUser",
|
|
980
981
|
/** Policy to grant temporary data access to Lake Formation resources */
|
|
981
|
-
LakeFormationDataAccessServiceRolePolicy = "
|
|
982
|
+
LakeFormationDataAccessServiceRolePolicy = "aws-service-role/LakeFormationDataAccessServiceRolePolicy",
|
|
982
983
|
/** This policy grants access to read all access information provided by IAM access advisor such as service last accessed information. */
|
|
983
|
-
IAMAccessAdvisorReadOnly = "
|
|
984
|
+
IAMAccessAdvisorReadOnly = "IAMAccessAdvisorReadOnly",
|
|
984
985
|
/** Allows Service Quotas to create support cases on your behalf */
|
|
985
|
-
ServiceQuotasServiceRolePolicy = "
|
|
986
|
+
ServiceQuotasServiceRolePolicy = "aws-service-role/ServiceQuotasServiceRolePolicy",
|
|
986
987
|
/** Provides read only access to Service Quotas */
|
|
987
|
-
ServiceQuotasReadOnlyAccess = "
|
|
988
|
+
ServiceQuotasReadOnlyAccess = "ServiceQuotasReadOnlyAccess",
|
|
988
989
|
/** Provides full access to Service Quotas */
|
|
989
|
-
ServiceQuotasFullAccess = "
|
|
990
|
+
ServiceQuotasFullAccess = "ServiceQuotasFullAccess",
|
|
990
991
|
/** Provides full access to all administrative actions for an AWS Marketplace eProcurement integration. */
|
|
991
|
-
AWSMarketplaceProcurementSystemAdminFullAccess = "
|
|
992
|
+
AWSMarketplaceProcurementSystemAdminFullAccess = "AWSMarketplaceProcurementSystemAdminFullAccess",
|
|
992
993
|
/** Allows customers to call EC2 Instance Connect to publish ephemeral keys to their EC2 instances and connect via ssh or the EC2 Instance Connect CLI. */
|
|
993
|
-
EC2InstanceConnect = "
|
|
994
|
+
EC2InstanceConnect = "EC2InstanceConnect",
|
|
994
995
|
/** Provides customer account access to AWS WorkSpaces service for launching a Workspace. */
|
|
995
|
-
AmazonWorkSpacesServiceAccess = "
|
|
996
|
+
AmazonWorkSpacesServiceAccess = "AmazonWorkSpacesServiceAccess",
|
|
996
997
|
/** Provides access to Amazon WorkSpaces backend service to perform Workspace Self Service actions */
|
|
997
|
-
AmazonWorkSpacesSelfServiceAccess = "
|
|
998
|
+
AmazonWorkSpacesSelfServiceAccess = "AmazonWorkSpacesSelfServiceAccess",
|
|
998
999
|
/** Provides full access to all seller operations on the AWS Marketplace and other AWS services such as AMI management. */
|
|
999
|
-
AWSMarketplaceSellerFullAccess = "
|
|
1000
|
+
AWSMarketplaceSellerFullAccess = "AWSMarketplaceSellerFullAccess",
|
|
1000
1001
|
/** Provides sellers full access to AWS Marketplace Management Products page and other AWS services such as AMI management. */
|
|
1001
|
-
AWSMarketplaceSellerProductsFullAccess = "
|
|
1002
|
+
AWSMarketplaceSellerProductsFullAccess = "AWSMarketplaceSellerProductsFullAccess",
|
|
1002
1003
|
/** Provide sellers read-only access to AWS Marketplace Management Products page. */
|
|
1003
|
-
AWSMarketplaceSellerProductsReadOnly = "
|
|
1004
|
+
AWSMarketplaceSellerProductsReadOnly = "AWSMarketplaceSellerProductsReadOnly",
|
|
1004
1005
|
/** App Mesh Envoy policy for accessing Virtual Node configuration. */
|
|
1005
|
-
AWSAppMeshEnvoyAccess = "
|
|
1006
|
+
AWSAppMeshEnvoyAccess = "AWSAppMeshEnvoyAccess",
|
|
1006
1007
|
/** Provides read only access to Amazon EventBridge. */
|
|
1007
|
-
AmazonEventBridgeReadOnlyAccess = "
|
|
1008
|
+
AmazonEventBridgeReadOnlyAccess = "AmazonEventBridgeReadOnlyAccess",
|
|
1008
1009
|
/** Provides full access to Amazon EventBridge. */
|
|
1009
|
-
AmazonEventBridgeFullAccess = "
|
|
1010
|
+
AmazonEventBridgeFullAccess = "AmazonEventBridgeFullAccess",
|
|
1010
1011
|
/** Allows CloudWatch to assume CloudWatch-CrossAccountSharing roles in remote accounts on behalf of the current account in order to display data cross-account, cross-region */
|
|
1011
|
-
CloudWatchCrossAccountAccess = "
|
|
1012
|
+
CloudWatchCrossAccountAccess = "aws-service-role/CloudWatch-CrossAccountAccess",
|
|
1012
1013
|
/** Provides access to the non-CloudWatch APIs used to display CloudWatch Automatic Dashboards, including the contents of objects such as Lambda functions */
|
|
1013
|
-
CloudWatchAutomaticDashboardsAccess = "
|
|
1014
|
+
CloudWatchAutomaticDashboardsAccess = "CloudWatchAutomaticDashboardsAccess",
|
|
1014
1015
|
/** Policy needed for AWSConfig to create conformance packs */
|
|
1015
|
-
ConfigConformsServiceRolePolicy = "
|
|
1016
|
+
ConfigConformsServiceRolePolicy = "aws-service-role/ConfigConformsServiceRolePolicy",
|
|
1016
1017
|
/** Provides full access to AWS CloudFormation. */
|
|
1017
|
-
AWSCloudFormationFullAccess = "
|
|
1018
|
+
AWSCloudFormationFullAccess = "AWSCloudFormationFullAccess",
|
|
1018
1019
|
/** Full access to view and take action on Elemental Appliances and Software quotes and orders */
|
|
1019
|
-
ElementalAppliancesSoftwareFullAccess = "
|
|
1020
|
+
ElementalAppliancesSoftwareFullAccess = "ElementalAppliancesSoftwareFullAccess",
|
|
1020
1021
|
/** App Mesh Preview Envoy policy for accessing Virtual Node configuration. */
|
|
1021
|
-
AWSAppMeshPreviewEnvoyAccess = "
|
|
1022
|
+
AWSAppMeshPreviewEnvoyAccess = "AWSAppMeshPreviewEnvoyAccess",
|
|
1022
1023
|
/** Allow Site-to-Site VPN to create and manage resources related to your VPN Connections. */
|
|
1023
|
-
AWSVPCS2SVpnServiceRolePolicy = "
|
|
1024
|
+
AWSVPCS2SVpnServiceRolePolicy = "aws-service-role/AWSVPCS2SVpnServiceRolePolicy",
|
|
1024
1025
|
/** Provides access to AWS services and resources necessary to migrate service instances into AWS including EC2, S3 and Cloudformation. */
|
|
1025
|
-
AWSServiceRoleForSMS = "
|
|
1026
|
+
AWSServiceRoleForSMS = "aws-service-role/AWSServiceRoleForSMS",
|
|
1026
1027
|
/** Provides access for enabling IoT logging for execution of ENABLE_IOT_LOGGING mitigation action */
|
|
1027
|
-
AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction = "
|
|
1028
|
+
AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction = "service-role/AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction",
|
|
1028
1029
|
/** Provides messages publish access to SNS topic for execution of PUBLISH_FINDING_TO_SNS mitigation action */
|
|
1029
|
-
AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction = "
|
|
1030
|
+
AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction = "service-role/AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction",
|
|
1030
1031
|
/** Provides write access to IoT policies for execution of REPLACE_DEFAULT_POLICY_VERSION mitigation action */
|
|
1031
|
-
AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction = "
|
|
1032
|
+
AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction = "service-role/AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction",
|
|
1032
1033
|
/** Provides write access to IoT CA certificates for execution of UPDATE_CA_CERTIFICATE mitigation action */
|
|
1033
|
-
AWSIoTDeviceDefenderUpdateCACertMitigationAction = "
|
|
1034
|
+
AWSIoTDeviceDefenderUpdateCACertMitigationAction = "service-role/AWSIoTDeviceDefenderUpdateCACertMitigationAction",
|
|
1034
1035
|
/** Provides write access to IoT certificates for execution of UPDATE_DEVICE_CERTIFICATE mitigation action */
|
|
1035
|
-
AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction = "
|
|
1036
|
+
AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction = "service-role/AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction",
|
|
1036
1037
|
/** Provides write access to IoT thing groups and read access to IoT Certificates for execution of ADD_THINGS_TO_THING_GROUP mitigation action */
|
|
1037
|
-
AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction = "
|
|
1038
|
+
AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction = "service-role/AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction",
|
|
1038
1039
|
/** Grants administrative access to AWS Lake Formation and related services, such as AWS Glue, to manage data lakes */
|
|
1039
|
-
AWSLakeFormationDataAdmin = "
|
|
1040
|
+
AWSLakeFormationDataAdmin = "AWSLakeFormationDataAdmin",
|
|
1040
1041
|
/** Used by AWS IQ to execute payment requests on behalf of a customer */
|
|
1041
|
-
AWSIQContractServiceRolePolicy = "
|
|
1042
|
+
AWSIQContractServiceRolePolicy = "aws-service-role/AWSIQContractServiceRolePolicy",
|
|
1042
1043
|
/** Allows AWS IQ to manage the role assumed by AWS IQ experts. */
|
|
1043
|
-
AWSIQPermissionServiceRolePolicy = "
|
|
1044
|
+
AWSIQPermissionServiceRolePolicy = "aws-service-role/AWSIQPermissionServiceRolePolicy",
|
|
1044
1045
|
/** Provides read only access to Amazon QLDB. */
|
|
1045
|
-
AmazonQLDBReadOnly = "
|
|
1046
|
+
AmazonQLDBReadOnly = "AmazonQLDBReadOnly",
|
|
1046
1047
|
/** Provides full access to Amazon QLDB via the service API. */
|
|
1047
|
-
AmazonQLDBFullAccess = "
|
|
1048
|
+
AmazonQLDBFullAccess = "AmazonQLDBFullAccess",
|
|
1048
1049
|
/** Provides full access to Amazon QLDB via the AWS Management Console. */
|
|
1049
|
-
AmazonQLDBConsoleFullAccess = "
|
|
1050
|
+
AmazonQLDBConsoleFullAccess = "AmazonQLDBConsoleFullAccess",
|
|
1050
1051
|
/** Managed policy for Service Linked Role for Amazon Chime VoiceConnector */
|
|
1051
|
-
AmazonChimeVoiceConnectorServiceLinkedRolePolicy = "
|
|
1052
|
+
AmazonChimeVoiceConnectorServiceLinkedRolePolicy = "aws-service-role/AmazonChimeVoiceConnectorServiceLinkedRolePolicy",
|
|
1052
1053
|
/** Enables access to AWS Resources used or managed by Amazon Chime */
|
|
1053
|
-
AmazonChimeServiceRolePolicy = "
|
|
1054
|
+
AmazonChimeServiceRolePolicy = "aws-service-role/AmazonChimeServiceRolePolicy",
|
|
1054
1055
|
/** Allows Log Delivery service to deliver logs by calling log destination on your behalf. */
|
|
1055
|
-
AWSServiceRoleForLogDeliveryPolicy = "
|
|
1056
|
+
AWSServiceRoleForLogDeliveryPolicy = "aws-service-role/AWSServiceRoleForLogDeliveryPolicy",
|
|
1056
1057
|
/** Provide access to Poly AVS devices */
|
|
1057
|
-
AlexaForBusinessPolyDelegatedAccessPolicy = "
|
|
1058
|
+
AlexaForBusinessPolyDelegatedAccessPolicy = "AlexaForBusinessPolyDelegatedAccessPolicy",
|
|
1058
1059
|
/** Managed policy for Service Linked Role for Amazon SageMaker Notebooks */
|
|
1059
|
-
AmazonSageMakerNotebooksServiceRolePolicy = "
|
|
1060
|
+
AmazonSageMakerNotebooksServiceRolePolicy = "aws-service-role/AmazonSageMakerNotebooksServiceRolePolicy",
|
|
1060
1061
|
/** Policy granting permissions to Application Auto Scaling to access Lambda and CloudWatch. */
|
|
1061
|
-
AWSApplicationAutoscalingLambdaConcurrencyPolicy = "
|
|
1062
|
+
AWSApplicationAutoscalingLambdaConcurrencyPolicy = "aws-service-role/AWSApplicationAutoscalingLambdaConcurrencyPolicy",
|
|
1062
1063
|
/** Grants AWS Systems Manager (SSM) permission to discover AWS account information. */
|
|
1063
|
-
AWSSystemsManagerAccountDiscoveryServicePolicy = "
|
|
1064
|
+
AWSSystemsManagerAccountDiscoveryServicePolicy = "aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy",
|
|
1064
1065
|
/** Provides read-only access to Service Catalog end-user capabilities */
|
|
1065
|
-
AWSServiceCatalogEndUserReadOnlyAccess = "
|
|
1066
|
+
AWSServiceCatalogEndUserReadOnlyAccess = "AWSServiceCatalogEndUserReadOnlyAccess",
|
|
1066
1067
|
/** Provides read-only access to Service Catalog admin capabilities */
|
|
1067
|
-
AWSServiceCatalogAdminReadOnlyAccess = "
|
|
1068
|
+
AWSServiceCatalogAdminReadOnlyAccess = "AWSServiceCatalogAdminReadOnlyAccess",
|
|
1068
1069
|
/** Provides access to creating requests in an AWS Private Marketplace. */
|
|
1069
|
-
AWSPrivateMarketplaceRequests = "
|
|
1070
|
+
AWSPrivateMarketplaceRequests = "AWSPrivateMarketplaceRequests",
|
|
1070
1071
|
/** Managed policy for AWS For Wordpress Plugin */
|
|
1071
|
-
AWSForWordPressPluginPolicy = "
|
|
1072
|
+
AWSForWordPressPluginPolicy = "AWSForWordPressPluginPolicy",
|
|
1072
1073
|
/** Allows AWS CodeStar Notifications to access Amazon CloudWatch Events on your behalf */
|
|
1073
|
-
AWSCodeStarNotificationsServiceRolePolicy = "
|
|
1074
|
+
AWSCodeStarNotificationsServiceRolePolicy = "aws-service-role/AWSCodeStarNotificationsServiceRolePolicy",
|
|
1074
1075
|
/** Allows Amazon Elastic File System to manage AWS resources on your behalf */
|
|
1075
|
-
AmazonElasticFileSystemServiceRolePolicy = "
|
|
1076
|
+
AmazonElasticFileSystemServiceRolePolicy = "aws-service-role/AmazonElasticFileSystemServiceRolePolicy",
|
|
1076
1077
|
/** Provides read only access to Savings Plans service */
|
|
1077
|
-
AWSSavingsPlansReadOnlyAccess = "
|
|
1078
|
+
AWSSavingsPlansReadOnlyAccess = "AWSSavingsPlansReadOnlyAccess",
|
|
1078
1079
|
/** Provides full access to Savings Plans service */
|
|
1079
|
-
AWSSavingsPlansFullAccess = "
|
|
1080
|
+
AWSSavingsPlansFullAccess = "AWSSavingsPlansFullAccess",
|
|
1080
1081
|
/** This policy creates a service-linked role that allows AWS WAF to write logs to Amazon Kinesis Data Firehose. */
|
|
1081
|
-
WAFV2LoggingServiceRolePolicy = "
|
|
1082
|
+
WAFV2LoggingServiceRolePolicy = "aws-service-role/WAFV2LoggingServiceRolePolicy",
|
|
1082
1083
|
/** Permissions required for managing nodegroups in the customer's account. These policies related to management of the following resources: AutoscalingGroups, SecurityGroups, LaunchTemplates and InstanceProfiles. */
|
|
1083
|
-
AWSServiceRoleForAmazonEKSNodegroup = "
|
|
1084
|
+
AWSServiceRoleForAmazonEKSNodegroup = "aws-service-role/AWSServiceRoleForAmazonEKSNodegroup",
|
|
1084
1085
|
/** Managed policy for the Amazon LaunchWizard service role for EC2 */
|
|
1085
|
-
AmazonEC2RolePolicyForLaunchWizard = "
|
|
1086
|
+
AmazonEC2RolePolicyForLaunchWizard = "AmazonEC2RolePolicyForLaunchWizard",
|
|
1086
1087
|
/** Grants read-only access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. */
|
|
1087
|
-
AWSDataExchangeReadOnly = "
|
|
1088
|
+
AWSDataExchangeReadOnly = "AWSDataExchangeReadOnly",
|
|
1088
1089
|
/** Grants data subscriber access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */
|
|
1089
|
-
AWSDataExchangeSubscriberFullAccess = "
|
|
1090
|
+
AWSDataExchangeSubscriberFullAccess = "AWSDataExchangeSubscriberFullAccess",
|
|
1090
1091
|
/** Grants data provider access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */
|
|
1091
|
-
AWSDataExchangeProviderFullAccess = "
|
|
1092
|
+
AWSDataExchangeProviderFullAccess = "AWSDataExchangeProviderFullAccess",
|
|
1092
1093
|
/** Grants full access to AWS Data Exchange and AWS Marketplace actions using the AWS Management Console and SDK. It also provides select access to related services needed to take full advantage of AWS Data Exchange. */
|
|
1093
|
-
AWSDataExchangeFullAccess = "
|
|
1094
|
+
AWSDataExchangeFullAccess = "AWSDataExchangeFullAccess",
|
|
1094
1095
|
/** This role grants AWS IoT SiteWise monitor permissions to access your AWS IoT SiteWise assets & asset properties, and create AWS IoT Sitewise projects, dashboards & access policies through AWS IoT SiteWise portals. */
|
|
1095
|
-
AWSIoTSiteWiseMonitorServiceRolePolicy = "
|
|
1096
|
+
AWSIoTSiteWiseMonitorServiceRolePolicy = "aws-service-role/AWSIoTSiteWiseMonitorServiceRolePolicy",
|
|
1096
1097
|
/** Policy granting permissions to Application Auto Scaling to access Comprehend and CloudWatch. */
|
|
1097
|
-
AWSApplicationAutoscalingComprehendEndpointPolicy = "
|
|
1098
|
+
AWSApplicationAutoscalingComprehendEndpointPolicy = "aws-service-role/AWSApplicationAutoscalingComprehendEndpointPolicy",
|
|
1098
1099
|
/** Permissions required to support Amazon CloudWatch Contributor Insights for Amazon DynamoDB. */
|
|
1099
|
-
DynamoDBCloudWatchContributorInsightsServiceRolePolicy = "
|
|
1100
|
+
DynamoDBCloudWatchContributorInsightsServiceRolePolicy = "aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy",
|
|
1100
1101
|
/** The Service Linked Role used by AWS Chatbot. */
|
|
1101
|
-
AWSChatbotServiceLinkedRolePolicy = "
|
|
1102
|
+
AWSChatbotServiceLinkedRolePolicy = "aws-service-role/AWSChatbotServiceLinkedRolePolicy",
|
|
1102
1103
|
/** This policy is for backup administrators, granting full access to AWS Backup operations, including creating or editing backup plans, assigning AWS resources to backup plans, deleting backups, and restoring backups. */
|
|
1103
|
-
AWSBackupFullAccess = "
|
|
1104
|
+
AWSBackupFullAccess = "AWSBackupFullAccess",
|
|
1104
1105
|
/** This policy grants users permissions to assign AWS resources to backup plans, create on-demand backups, and restore backups. This policy does not allow the user to create or edit backup plans or to delete scheduled backups after they are created. */
|
|
1105
|
-
AWSBackupOperatorAccess = "
|
|
1106
|
+
AWSBackupOperatorAccess = "AWSBackupOperatorAccess",
|
|
1106
1107
|
/** Service Policy for Trusted Advisor Multi-account Reporting */
|
|
1107
|
-
AWSTrustedAdvisorReportingServiceRolePolicy = "
|
|
1108
|
+
AWSTrustedAdvisorReportingServiceRolePolicy = "aws-service-role/AWSTrustedAdvisorReportingServiceRolePolicy",
|
|
1108
1109
|
/** Provides permissions to register a resource and track usage through AWS Marketplace Metering Service. */
|
|
1109
|
-
AWSMarketplaceMeteringRegisterUsage = "
|
|
1110
|
+
AWSMarketplaceMeteringRegisterUsage = "AWSMarketplaceMeteringRegisterUsage",
|
|
1110
1111
|
/** AWS Elastic Beanstalk Service Role policy that grants limited permissions to managed updates. */
|
|
1111
|
-
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy = "
|
|
1112
|
+
AWSElasticBeanstalkManagedUpdatesServiceRolePolicy = "aws-service-role/AWSElasticBeanstalkManagedUpdatesServiceRolePolicy",
|
|
1112
1113
|
/** Provides access to other AWS service resources that are required to run Amazon EKS pods on AWS Fargate */
|
|
1113
|
-
AmazonEKSFargatePodExecutionRolePolicy = "
|
|
1114
|
+
AmazonEKSFargatePodExecutionRolePolicy = "AmazonEKSFargatePodExecutionRolePolicy",
|
|
1114
1115
|
/** This policy grants necessary permissions to Amazon EKS to run fargate tasks */
|
|
1115
|
-
AmazonEKSForFargateServiceRolePolicy = "
|
|
1116
|
+
AmazonEKSForFargateServiceRolePolicy = "aws-service-role/AmazonEKSForFargateServiceRolePolicy",
|
|
1116
1117
|
/** Provides full access to CloudWatch Synthetics. */
|
|
1117
|
-
CloudWatchSyntheticsFullAccess = "
|
|
1118
|
+
CloudWatchSyntheticsFullAccess = "CloudWatchSyntheticsFullAccess",
|
|
1118
1119
|
/** Provides read only access to CloudWatch Synthetics. */
|
|
1119
|
-
CloudWatchSyntheticsReadOnlyAccess = "
|
|
1120
|
+
CloudWatchSyntheticsReadOnlyAccess = "CloudWatchSyntheticsReadOnlyAccess",
|
|
1120
1121
|
/** Grants permissions to Managed Rules created by Amazon EventBridge schemas. */
|
|
1121
|
-
AmazonEventBridgeSchemasServiceRolePolicy = "
|
|
1122
|
+
AmazonEventBridgeSchemasServiceRolePolicy = "aws-service-role/AmazonEventBridgeSchemasServiceRolePolicy",
|
|
1122
1123
|
/** Provides read only access to Amazon EventBridge Schemas. */
|
|
1123
|
-
AmazonEventBridgeSchemasReadOnlyAccess = "
|
|
1124
|
+
AmazonEventBridgeSchemasReadOnlyAccess = "AmazonEventBridgeSchemasReadOnlyAccess",
|
|
1124
1125
|
/** Provides full access to Amazon EventBridge Schemas. */
|
|
1125
|
-
AmazonEventBridgeSchemasFullAccess = "
|
|
1126
|
+
AmazonEventBridgeSchemasFullAccess = "AmazonEventBridgeSchemasFullAccess",
|
|
1126
1127
|
/** Allows EC2ImageBuilder to call AWS services on your behalf. */
|
|
1127
|
-
AWSServiceRoleForImageBuilder = "
|
|
1128
|
+
AWSServiceRoleForImageBuilder = "aws-service-role/AWSServiceRoleForImageBuilder",
|
|
1128
1129
|
/** EC2 Instance profile for Image Builder service. */
|
|
1129
|
-
EC2InstanceProfileForImageBuilder = "
|
|
1130
|
+
EC2InstanceProfileForImageBuilder = "EC2InstanceProfileForImageBuilder",
|
|
1130
1131
|
/** Provides full access to IAM Access Analyzer */
|
|
1131
|
-
IAMAccessAnalyzerFullAccess = "
|
|
1132
|
+
IAMAccessAnalyzerFullAccess = "IAMAccessAnalyzerFullAccess",
|
|
1132
1133
|
/** Provides read only access to IAM Access Analyzer resources */
|
|
1133
|
-
IAMAccessAnalyzerReadOnlyAccess = "
|
|
1134
|
+
IAMAccessAnalyzerReadOnlyAccess = "IAMAccessAnalyzerReadOnlyAccess",
|
|
1134
1135
|
/** Allow Access Analyzer to analyze resource metadata */
|
|
1135
|
-
AccessAnalyzerServiceRolePolicy = "
|
|
1136
|
+
AccessAnalyzerServiceRolePolicy = "aws-service-role/AccessAnalyzerServiceRolePolicy",
|
|
1136
1137
|
/** A service-linked role required for Amazon CodeGuru Reviewer to access resources on your behalf. */
|
|
1137
|
-
AmazonCodeGuruReviewerServiceRolePolicy = "
|
|
1138
|
+
AmazonCodeGuruReviewerServiceRolePolicy = "aws-service-role/AmazonCodeGuruReviewerServiceRolePolicy",
|
|
1138
1139
|
/** Grants full access to Amazon CodeGuru Reviewer and scoped access to required dependencies. */
|
|
1139
|
-
AmazonCodeGuruReviewerFullAccess = "
|
|
1140
|
+
AmazonCodeGuruReviewerFullAccess = "AmazonCodeGuruReviewerFullAccess",
|
|
1140
1141
|
/** Allows ComputeOptimizer to call AWS services and collect workload details on your behalf. */
|
|
1141
|
-
ComputeOptimizerServiceRolePolicy = "
|
|
1142
|
+
ComputeOptimizerServiceRolePolicy = "aws-service-role/ComputeOptimizerServiceRolePolicy",
|
|
1142
1143
|
/** Provides read only access to Amazon CodeGuru Reviewer. */
|
|
1143
|
-
AmazonCodeGuruReviewerReadOnlyAccess = "
|
|
1144
|
+
AmazonCodeGuruReviewerReadOnlyAccess = "AmazonCodeGuruReviewerReadOnlyAccess",
|
|
1144
1145
|
/** Provides full access to Amazon CodeGuru Profiler. */
|
|
1145
|
-
AmazonCodeGuruProfilerFullAccess = "
|
|
1146
|
+
AmazonCodeGuruProfilerFullAccess = "AmazonCodeGuruProfilerFullAccess",
|
|
1146
1147
|
/** Provides read only access to Amazon CodeGuru Profiler. */
|
|
1147
|
-
AmazonCodeGuruProfilerReadOnlyAccess = "
|
|
1148
|
+
AmazonCodeGuruProfilerReadOnlyAccess = "AmazonCodeGuruProfilerReadOnlyAccess",
|
|
1148
1149
|
/** Provide full access to Amazon Managed Apache Cassandra Service */
|
|
1149
|
-
AmazonMCSFullAccess = "
|
|
1150
|
+
AmazonMCSFullAccess = "AmazonMCSFullAccess",
|
|
1150
1151
|
/** Provide read only access to Amazon Managed Apache Cassandra Service */
|
|
1151
|
-
AmazonMCSReadOnlyAccess = "
|
|
1152
|
+
AmazonMCSReadOnlyAccess = "AmazonMCSReadOnlyAccess",
|
|
1152
1153
|
/** Allow NetworkManager to access resources associated with your Global Networks */
|
|
1153
|
-
AWSNetworkManagerServiceRolePolicy = "
|
|
1154
|
+
AWSNetworkManagerServiceRolePolicy = "aws-service-role/AWSNetworkManagerServiceRolePolicy",
|
|
1154
1155
|
/** Provides read only access to Amazon Kendra via the AWS Management Console. */
|
|
1155
|
-
AmazonKendraReadOnlyAccess = "
|
|
1156
|
+
AmazonKendraReadOnlyAccess = "AmazonKendraReadOnlyAccess",
|
|
1156
1157
|
/** Provides full access to Amazon Kendra via the AWS Management Console. */
|
|
1157
|
-
AmazonKendraFullAccess = "
|
|
1158
|
+
AmazonKendraFullAccess = "AmazonKendraFullAccess",
|
|
1158
1159
|
/** Provides access to create Amazon Augmented AI FlowDefinition resources against any Workteam. */
|
|
1159
|
-
AmazonSageMakerMechanicalTurkAccess = "
|
|
1160
|
+
AmazonSageMakerMechanicalTurkAccess = "AmazonSageMakerMechanicalTurkAccess",
|
|
1160
1161
|
/** Provides access to perform all operations on HumanLoops. */
|
|
1161
|
-
AmazonAugmentedAIHumanLoopFullAccess = "
|
|
1162
|
+
AmazonAugmentedAIHumanLoopFullAccess = "AmazonAugmentedAIHumanLoopFullAccess",
|
|
1162
1163
|
/** Provides access to perform all operations Amazon Augmented AI resources, including FlowDefinitions, HumanTaskUis and HumanLoops. Does not allow access for creating FlowDefinitions against the public-crowd Workteam. */
|
|
1163
|
-
AmazonAugmentedAIFullAccess = "
|
|
1164
|
+
AmazonAugmentedAIFullAccess = "AmazonAugmentedAIFullAccess",
|
|
1164
1165
|
/** Provides read only access to Amazon NetworkManager via the AWS Management Console. */
|
|
1165
|
-
AWSNetworkManagerReadOnlyAccess = "
|
|
1166
|
+
AWSNetworkManagerReadOnlyAccess = "AWSNetworkManagerReadOnlyAccess",
|
|
1166
1167
|
/** Provides full access to Amazon NetworkManager via the AWS Management Console. */
|
|
1167
|
-
AWSNetworkManagerFullAccess = "
|
|
1168
|
+
AWSNetworkManagerFullAccess = "AWSNetworkManagerFullAccess",
|
|
1168
1169
|
/** Gives access to all actions for Amazon Fraud Detector */
|
|
1169
|
-
AmazonFraudDetectorFullAccessPolicy = "
|
|
1170
|
+
AmazonFraudDetectorFullAccessPolicy = "AmazonFraudDetectorFullAccessPolicy",
|
|
1170
1171
|
/** Provides access to AWS Resource Access Manager APIs needed by a resource share participant. */
|
|
1171
|
-
AWSResourceAccessManagerResourceShareParticipantAccess = "
|
|
1172
|
+
AWSResourceAccessManagerResourceShareParticipantAccess = "AWSResourceAccessManagerResourceShareParticipantAccess",
|
|
1172
1173
|
/** Provides read only access to AWS Resource Access Manager. */
|
|
1173
|
-
AWSResourceAccessManagerReadOnlyAccess = "
|
|
1174
|
+
AWSResourceAccessManagerReadOnlyAccess = "AWSResourceAccessManagerReadOnlyAccess",
|
|
1174
1175
|
/** Service Role for CloudFormation StackSets (Organization Member Account) */
|
|
1175
|
-
CloudFormationStackSetsOrgMemberServiceRolePolicy = "
|
|
1176
|
+
CloudFormationStackSetsOrgMemberServiceRolePolicy = "aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy",
|
|
1176
1177
|
/** Service Role for CloudFormation StackSets (Organization Master Account) */
|
|
1177
|
-
CloudFormationStackSetsOrgAdminServiceRolePolicy = "
|
|
1178
|
+
CloudFormationStackSetsOrgAdminServiceRolePolicy = "aws-service-role/CloudFormationStackSetsOrgAdminServiceRolePolicy",
|
|
1178
1179
|
/** AWS Health policy to enable Organizational View feature */
|
|
1179
|
-
HealthOrganizationsServiceRolePolicy = "
|
|
1180
|
+
HealthOrganizationsServiceRolePolicy = "aws-service-role/Health_OrganizationsServiceRolePolicy",
|
|
1180
1181
|
/** Provides read only access to all AWS Image Builder actions. */
|
|
1181
|
-
AWSImageBuilderReadOnlyAccess = "
|
|
1182
|
+
AWSImageBuilderReadOnlyAccess = "AWSImageBuilderReadOnlyAccess",
|
|
1182
1183
|
/** Provides full access to all AWS Image Builder actions and resource scoped access to related AWS services. */
|
|
1183
|
-
AWSImageBuilderFullAccess = "
|
|
1184
|
+
AWSImageBuilderFullAccess = "AWSImageBuilderFullAccess",
|
|
1184
1185
|
/** Policy granting permissions to EC2 Fleet to launch instances in the future. */
|
|
1185
|
-
EC2FleetTimeShiftableServiceRolePolicy = "
|
|
1186
|
+
EC2FleetTimeShiftableServiceRolePolicy = "aws-service-role/EC2FleetTimeShiftableServiceRolePolicy",
|
|
1186
1187
|
/** This policy specifies rekognition and s3 permissions required by Amazon Rekognition Custom Labels feature. */
|
|
1187
|
-
AmazonRekognitionCustomLabelsFullAccess = "
|
|
1188
|
+
AmazonRekognitionCustomLabelsFullAccess = "AmazonRekognitionCustomLabelsFullAccess",
|
|
1188
1189
|
/** Provides read only access to Amazon WorkDocs via the AWS Management Console */
|
|
1189
|
-
AmazonWorkDocsReadOnlyAccess = "
|
|
1190
|
+
AmazonWorkDocsReadOnlyAccess = "AmazonWorkDocsReadOnlyAccess",
|
|
1190
1191
|
/** Provides read and write client access to an Amazon EFS file system */
|
|
1191
|
-
AmazonElasticFileSystemClientReadWriteAccess = "
|
|
1192
|
+
AmazonElasticFileSystemClientReadWriteAccess = "AmazonElasticFileSystemClientReadWriteAccess",
|
|
1192
1193
|
/** Provides read only client access to an Amazon EFS file system */
|
|
1193
|
-
AmazonElasticFileSystemClientReadOnlyAccess = "
|
|
1194
|
+
AmazonElasticFileSystemClientReadOnlyAccess = "AmazonElasticFileSystemClientReadOnlyAccess",
|
|
1194
1195
|
/** Provides root client access to an Amazon EFS file system */
|
|
1195
|
-
AmazonElasticFileSystemClientFullAccess = "
|
|
1196
|
+
AmazonElasticFileSystemClientFullAccess = "AmazonElasticFileSystemClientFullAccess",
|
|
1196
1197
|
/** Provides access to Amazon SageMaker resources from Amazon QuickSight */
|
|
1197
|
-
AWSQuickSightSageMakerPolicy = "
|
|
1198
|
+
AWSQuickSightSageMakerPolicy = "service-role/AWSQuickSightSageMakerPolicy",
|
|
1198
1199
|
/** Enables access to AWS Services and Resources used or managed by Amazon Managed Blockchain */
|
|
1199
|
-
AmazonManagedBlockchainServiceRolePolicy = "
|
|
1200
|
+
AmazonManagedBlockchainServiceRolePolicy = "aws-service-role/AmazonManagedBlockchainServiceRolePolicy",
|
|
1200
1201
|
/** Enables access to AWS services and resources used or managed by AppSync */
|
|
1201
|
-
AWSAppSyncServiceRolePolicy = "
|
|
1202
|
+
AWSAppSyncServiceRolePolicy = "aws-service-role/AWSAppSyncServiceRolePolicy",
|
|
1202
1203
|
/** Provides access to Amazon Chime SDK operations */
|
|
1203
|
-
AmazonChimeSDK = "
|
|
1204
|
+
AmazonChimeSDK = "AmazonChimeSDK",
|
|
1204
1205
|
/** Allows AWS IoT Device Tester to run the FreeRTOS qualification suite by allowing access to services including IoT, S3, and IAM */
|
|
1205
|
-
AWSIoTDeviceTesterForFreeRTOSFullAccess = "
|
|
1206
|
+
AWSIoTDeviceTesterForFreeRTOSFullAccess = "AWSIoTDeviceTesterForFreeRTOSFullAccess",
|
|
1206
1207
|
/** Allows AWS IoT Device Tester to run the AWS Greengrass qualification suite by allowing access to related services including Lambda, IoT, API Gateway, IAM */
|
|
1207
|
-
AWSIoTDeviceTesterForGreengrassFullAccess = "
|
|
1208
|
+
AWSIoTDeviceTesterForGreengrassFullAccess = "AWSIoTDeviceTesterForGreengrassFullAccess",
|
|
1208
1209
|
/** A Service-Linked Role required for Amazon EKS to call AWS services on your behalf. */
|
|
1209
|
-
AmazonEKSServiceRolePolicy = "
|
|
1210
|
+
AmazonEKSServiceRolePolicy = "aws-service-role/AmazonEKSServiceRolePolicy",
|
|
1210
1211
|
/** Provides read only access to ComputeOptimizer. */
|
|
1211
|
-
ComputeOptimizerReadOnlyAccess = "
|
|
1212
|
+
ComputeOptimizerReadOnlyAccess = "ComputeOptimizerReadOnlyAccess",
|
|
1212
1213
|
/** Policy granting permissions to Application Auto Scaling to access Cassandra and CloudWatch. */
|
|
1213
|
-
AWSApplicationAutoscalingCassandraTablePolicy = "
|
|
1214
|
+
AWSApplicationAutoscalingCassandraTablePolicy = "aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy",
|
|
1214
1215
|
/** Read-only access to view Elemental Appliances and Software quotes and orders */
|
|
1215
|
-
ElementalAppliancesSoftwareReadOnlyAccess = "
|
|
1216
|
+
ElementalAppliancesSoftwareReadOnlyAccess = "ElementalAppliancesSoftwareReadOnlyAccess",
|
|
1216
1217
|
/** Policy to allow Gamelift GameServerGroups to manage customer resources */
|
|
1217
|
-
GameLiftGameServerGroupPolicy = "
|
|
1218
|
+
GameLiftGameServerGroupPolicy = "GameLiftGameServerGroupPolicy",
|
|
1218
1219
|
/** Provides full access to AWS WAF via the AWS Management Console. Note that this policy also grants permissions to list and update Amazon CloudFront distributions, permissions to view load balancers on AWS Elastic Load Balancing, permissions to view Amazon API Gateway REST APIs and stages, permissions to list and view Amazon CloudWatch metrics, and permissions to view regions enabled within the account. */
|
|
1219
|
-
AWSWAFConsoleFullAccess = "
|
|
1220
|
+
AWSWAFConsoleFullAccess = "AWSWAFConsoleFullAccess",
|
|
1220
1221
|
/** Provides read-only access to AWS WAF via the AWS Management Console. Note that this policy also grants permissions to list Amazon CloudFront distributions, permissions to view load balancers on AWS Elastic Load Balancing, permissions to view Amazon API Gateway REST APIs and stages, permissions to list and view Amazon CloudWatch metrics, and permissions to view regions enabled within the account. */
|
|
1221
|
-
AWSWAFConsoleReadOnlyAccess = "
|
|
1222
|
+
AWSWAFConsoleReadOnlyAccess = "AWSWAFConsoleReadOnlyAccess",
|
|
1222
1223
|
/** Provides full access to Amazon WorkDocs via the AWS Management Console */
|
|
1223
|
-
AmazonWorkDocsFullAccess = "
|
|
1224
|
+
AmazonWorkDocsFullAccess = "AmazonWorkDocsFullAccess",
|
|
1224
1225
|
/** Provides access to perform all operations Amazon Augmented AI resources, including FlowDefinitions, HumanTaskUis and HumanLoops. Also provides access to those operations of services that are integrated with Amazon Augmented AI. */
|
|
1225
|
-
AmazonAugmentedAIIntegratedAPIAccess = "
|
|
1226
|
+
AmazonAugmentedAIIntegratedAPIAccess = "AmazonAugmentedAIIntegratedAPIAccess",
|
|
1226
1227
|
/** Provide full access to Amazon Keyspaces */
|
|
1227
|
-
AmazonKeyspacesFullAccess = "
|
|
1228
|
+
AmazonKeyspacesFullAccess = "AmazonKeyspacesFullAccess",
|
|
1228
1229
|
/** Provide read only access to Amazon Keyspaces */
|
|
1229
|
-
AmazonKeyspacesReadOnlyAccess = "
|
|
1230
|
+
AmazonKeyspacesReadOnlyAccess = "AmazonKeyspacesReadOnlyAccess",
|
|
1230
1231
|
/** Provides full access to Amazon Detective service and scoped access to the console UI dependencies */
|
|
1231
|
-
AmazonDetectiveFullAccess = "
|
|
1232
|
+
AmazonDetectiveFullAccess = "AmazonDetectiveFullAccess",
|
|
1232
1233
|
/** Grants permissions to view and modify purchase orders on billing console */
|
|
1233
|
-
AWSPurchaseOrdersServiceRolePolicy = "
|
|
1234
|
+
AWSPurchaseOrdersServiceRolePolicy = "AWSPurchaseOrdersServiceRolePolicy",
|
|
1234
1235
|
/** Required permissions to use all features of the Server Migration Service Console */
|
|
1235
|
-
ServerMigrationServiceConsoleFullAccess = "
|
|
1236
|
+
ServerMigrationServiceConsoleFullAccess = "ServerMigrationServiceConsoleFullAccess",
|
|
1236
1237
|
/** Provides AWS Backup permission to create backups on your behalf across AWS services */
|
|
1237
|
-
AWSBackupServiceLinkedRolePolicyForBackupTest = "
|
|
1238
|
+
AWSBackupServiceLinkedRolePolicyForBackupTest = "aws-service-role/AWSBackupServiceLinkedRolePolicyForBackupTest",
|
|
1238
1239
|
/** Provide access to child instances for patch association operation. */
|
|
1239
|
-
AmazonSSMPatchAssociation = "
|
|
1240
|
+
AmazonSSMPatchAssociation = "AmazonSSMPatchAssociation",
|
|
1240
1241
|
/** This policy will be used to attach a role on a InstanceProfile which will allow Cloud9 to use the SSM Session Manager to connect to the instance */
|
|
1241
|
-
AWSCloud9SSMInstanceProfile = "
|
|
1242
|
+
AWSCloud9SSMInstanceProfile = "AWSCloud9SSMInstanceProfile",
|
|
1242
1243
|
/** Provides CodeDeploy service access to invoke Lambda function on your behalf to perform blue/green deployment through CloudFormation. */
|
|
1243
|
-
AWSCodeDeployRoleForCloudFormation = "
|
|
1244
|
+
AWSCodeDeployRoleForCloudFormation = "service-role/AWSCodeDeployRoleForCloudFormation",
|
|
1244
1245
|
/** This policy grants permissions to access AWS IoT SiteWise assets and asset data, create AWS IoT SiteWise Monitor resources, and list AWS SSO users. */
|
|
1245
|
-
AWSIoTSiteWiseMonitorPortalAccess = "
|
|
1246
|
+
AWSIoTSiteWiseMonitorPortalAccess = "service-role/AWSIoTSiteWiseMonitorPortalAccess",
|
|
1246
1247
|
/** This policy grants the AWS Portal Gateway machine the necessary permissions required for normal operation. */
|
|
1247
|
-
AWSThinkboxAWSPortalGatewayPolicy = "
|
|
1248
|
+
AWSThinkboxAWSPortalGatewayPolicy = "AWSThinkboxAWSPortalGatewayPolicy",
|
|
1248
1249
|
/** This policy grants the Deadline Workers in AWS Portal the necessary permissions required for normal operation. */
|
|
1249
|
-
AWSThinkboxAWSPortalWorkerPolicy = "
|
|
1250
|
+
AWSThinkboxAWSPortalWorkerPolicy = "AWSThinkboxAWSPortalWorkerPolicy",
|
|
1250
1251
|
/** This policy grants the AWS Portal Asset Server the necessary permissions required for normal operation. */
|
|
1251
|
-
AWSThinkboxAssetServerPolicy = "
|
|
1252
|
+
AWSThinkboxAssetServerPolicy = "AWSThinkboxAssetServerPolicy",
|
|
1252
1253
|
/** Grants permissions required for the operation of AWS Thinkbox's Deadline Resource Tracker. This includes full access to some EC2 actions, including DeleteFleets and CancelSpotFleetRequests. */
|
|
1253
|
-
AWSThinkboxDeadlineResourceTrackerAccessPolicy = "
|
|
1254
|
+
AWSThinkboxDeadlineResourceTrackerAccessPolicy = "AWSThinkboxDeadlineResourceTrackerAccessPolicy",
|
|
1254
1255
|
/** Grants permissions required to create, destroy, and administer AWS Thinkbox's Deadline Resource Tracker. */
|
|
1255
|
-
AWSThinkboxDeadlineResourceTrackerAdminPolicy = "
|
|
1256
|
+
AWSThinkboxDeadlineResourceTrackerAdminPolicy = "AWSThinkboxDeadlineResourceTrackerAdminPolicy",
|
|
1256
1257
|
/** Grant permissions required for an EC2 instance running AWS Thinkbox Deadline Spot Event Plugin Worker software. */
|
|
1257
|
-
AWSThinkboxDeadlineSpotEventPluginWorkerPolicy = "
|
|
1258
|
+
AWSThinkboxDeadlineSpotEventPluginWorkerPolicy = "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy",
|
|
1258
1259
|
/** Grants permissions required for AWS Thinkbox's Deadline Spot Event Plugin. This includes permission to request, modify, and cancel a spot fleet, as well as limited PassRole permission. */
|
|
1259
|
-
AWSThinkboxDeadlineSpotEventPluginAdminPolicy = "
|
|
1260
|
+
AWSThinkboxDeadlineSpotEventPluginAdminPolicy = "AWSThinkboxDeadlineSpotEventPluginAdminPolicy",
|
|
1260
1261
|
/** This policy grants AWS Thinkbox's Deadline software full access to multiple AWS services as required for AWS Portal administration. This includes access to create arbitrary tags on several EC2 resource types. */
|
|
1261
|
-
AWSThinkboxAWSPortalAdminPolicy = "
|
|
1262
|
+
AWSThinkboxAWSPortalAdminPolicy = "AWSThinkboxAWSPortalAdminPolicy",
|
|
1262
1263
|
/** Provides AWS Backup permission to create backups on your behalf across AWS services */
|
|
1263
|
-
AWSBackupServiceLinkedRolePolicyForBackup = "
|
|
1264
|
+
AWSBackupServiceLinkedRolePolicyForBackup = "aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup",
|
|
1264
1265
|
/** Provides read only access to Amazon Appflow flows */
|
|
1265
|
-
AmazonAppFlowReadOnlyAccess = "
|
|
1266
|
+
AmazonAppFlowReadOnlyAccess = "AmazonAppFlowReadOnlyAccess",
|
|
1266
1267
|
/** Provides full access to Amazon AppFlow and access to AWS services supported as flow source or destination (S3 and Redshift). Also provides access to KMS for encryption */
|
|
1267
|
-
AmazonAppFlowFullAccess = "
|
|
1268
|
+
AmazonAppFlowFullAccess = "AmazonAppFlowFullAccess",
|
|
1268
1269
|
/** Provide access to Lifesize AVS devices */
|
|
1269
|
-
AlexaForBusinessLifesizeDelegatedAccessPolicy = "
|
|
1270
|
+
AlexaForBusinessLifesizeDelegatedAccessPolicy = "AlexaForBusinessLifesizeDelegatedAccessPolicy",
|
|
1270
1271
|
/** Full access to view and take action on Elemental Appliances and Software purchased assets */
|
|
1271
|
-
ElementalActivationsFullAccess = "
|
|
1272
|
+
ElementalActivationsFullAccess = "ElementalActivationsFullAccess",
|
|
1272
1273
|
/** (Elastic Beanstalk operations role) Allows a worker environment tier to create an Amazon DynamoDB table and an Amazon SQS queue. */
|
|
1273
|
-
AWSElasticBeanstalkRoleWorkerTier = "
|
|
1274
|
+
AWSElasticBeanstalkRoleWorkerTier = "service-role/AWSElasticBeanstalkRoleWorkerTier",
|
|
1274
1275
|
/** (Elastic Beanstalk operations role) Allows an environment to enable Amazon SNS topic integration. */
|
|
1275
|
-
AWSElasticBeanstalkRoleSNS = "
|
|
1276
|
+
AWSElasticBeanstalkRoleSNS = "service-role/AWSElasticBeanstalkRoleSNS",
|
|
1276
1277
|
/** (Elastic Beanstalk operations role) Allows an environment to integrate an Amazon RDS instance. */
|
|
1277
|
-
AWSElasticBeanstalkRoleRDS = "
|
|
1278
|
+
AWSElasticBeanstalkRoleRDS = "service-role/AWSElasticBeanstalkRoleRDS",
|
|
1278
1279
|
/** (Elastic Beanstalk operations role) Allows a multicontainer Docker environment to manage Amazon ECS clusters. */
|
|
1279
|
-
AWSElasticBeanstalkRoleECS = "
|
|
1280
|
+
AWSElasticBeanstalkRoleECS = "service-role/AWSElasticBeanstalkRoleECS",
|
|
1280
1281
|
/** AWSElasticBeanstalkRoleCore (Elastic Beanstalk operations role) Allows core operation of a web service environment. */
|
|
1281
|
-
AWSElasticBeanstalkRoleCore = "
|
|
1282
|
+
AWSElasticBeanstalkRoleCore = "service-role/AWSElasticBeanstalkRoleCore",
|
|
1282
1283
|
/** (Elastic Beanstalk operations role) Allows an environment to manage Amazon CloudWatch Logs log groups. */
|
|
1283
|
-
AWSElasticBeanstalkRoleCWL = "
|
|
1284
|
+
AWSElasticBeanstalkRoleCWL = "service-role/AWSElasticBeanstalkRoleCWL",
|
|
1284
1285
|
/** Provides full access to AWS CodeArtifact via the AWS Management Console. */
|
|
1285
|
-
AWSCodeArtifactAdminAccess = "
|
|
1286
|
+
AWSCodeArtifactAdminAccess = "AWSCodeArtifactAdminAccess",
|
|
1286
1287
|
/** This policy is for backup administators who use cross-account backup management to manage backups for the organization. */
|
|
1287
|
-
AWSBackupOrganizationAdminAccess = "
|
|
1288
|
+
AWSBackupOrganizationAdminAccess = "AWSBackupOrganizationAdminAccess",
|
|
1288
1289
|
/** Allows Machine Learning to configure and use your Redshift Clusters and S3 Staging Locations for Redshift Data Source. */
|
|
1289
|
-
AmazonMachineLearningRoleforRedshiftDataSourceV3 = "
|
|
1290
|
+
AmazonMachineLearningRoleforRedshiftDataSourceV3 = "service-role/AmazonMachineLearningRoleforRedshiftDataSourceV3",
|
|
1290
1291
|
/** Provides read only access to Honeycode Team Association via the AWS Management Console and the SDK. */
|
|
1291
|
-
AmazonHoneycodeTeamAssociationReadOnlyAccess = "
|
|
1292
|
+
AmazonHoneycodeTeamAssociationReadOnlyAccess = "AmazonHoneycodeTeamAssociationReadOnlyAccess",
|
|
1292
1293
|
/** Provides read only access to Honeycode Workbook via the AWS Management Console and the SDK. */
|
|
1293
|
-
AmazonHoneycodeWorkbookReadOnlyAccess = "
|
|
1294
|
+
AmazonHoneycodeWorkbookReadOnlyAccess = "AmazonHoneycodeWorkbookReadOnlyAccess",
|
|
1294
1295
|
/** Provides full access to Honeycode via the AWS Management Console and the SDK. */
|
|
1295
|
-
AmazonHoneycodeFullAccess = "
|
|
1296
|
+
AmazonHoneycodeFullAccess = "AmazonHoneycodeFullAccess",
|
|
1296
1297
|
/** Provides read only access to Honeycode via the AWS Management Console and the SDK. */
|
|
1297
|
-
AmazonHoneycodeReadOnlyAccess = "
|
|
1298
|
+
AmazonHoneycodeReadOnlyAccess = "AmazonHoneycodeReadOnlyAccess",
|
|
1298
1299
|
/** Provides full access to Honeycode Team Association via the AWS Management Console and the SDK. */
|
|
1299
|
-
AmazonHoneycodeTeamAssociationFullAccess = "
|
|
1300
|
+
AmazonHoneycodeTeamAssociationFullAccess = "AmazonHoneycodeTeamAssociationFullAccess",
|
|
1300
1301
|
/** Provides full access to Honeycode Workbook via the AWS Management Console and the SDK. */
|
|
1301
|
-
AmazonHoneycodeWorkbookFullAccess = "
|
|
1302
|
+
AmazonHoneycodeWorkbookFullAccess = "AmazonHoneycodeWorkbookFullAccess",
|
|
1302
1303
|
/** Amazon Certificate Manager Service Role Policy */
|
|
1303
|
-
CertificateManagerServiceRolePolicy = "
|
|
1304
|
+
CertificateManagerServiceRolePolicy = "aws-service-role/CertificateManagerServiceRolePolicy",
|
|
1304
1305
|
/** Provides read only access to AWS CodeArtifact via the AWS Management Console. */
|
|
1305
|
-
AWSCodeArtifactReadOnlyAccess = "
|
|
1306
|
+
AWSCodeArtifactReadOnlyAccess = "AWSCodeArtifactReadOnlyAccess",
|
|
1306
1307
|
/** A service-linked role required for Amazon CodeGuru Profiler to send notifications on your behalf. */
|
|
1307
|
-
AWSServiceRoleForCodeGuruProfiler = "
|
|
1308
|
+
AWSServiceRoleForCodeGuruProfiler = "aws-service-role/AWSServiceRoleForCodeGuru-Profiler",
|
|
1308
1309
|
/** Enables access to AWS Services and Resources used or managed by Amazon Cognito User Pools */
|
|
1309
|
-
AmazonCognitoIdpServiceRolePolicy = "
|
|
1310
|
+
AmazonCognitoIdpServiceRolePolicy = "aws-service-role/AmazonCognitoIdpServiceRolePolicy",
|
|
1310
1311
|
/** Provides read only access to AWS Elemental MediaLive resources */
|
|
1311
|
-
AWSElementalMediaLiveReadOnly = "
|
|
1312
|
+
AWSElementalMediaLiveReadOnly = "AWSElementalMediaLiveReadOnly",
|
|
1312
1313
|
/** Provides full access to AWS Elemental MediaLive resources */
|
|
1313
|
-
AWSElementalMediaLiveFullAccess = "
|
|
1314
|
+
AWSElementalMediaLiveFullAccess = "AWSElementalMediaLiveFullAccess",
|
|
1314
1315
|
/** Provides access to AWS services that are required to run SageMaker GroundTruth Labeling job */
|
|
1315
|
-
AmazonSageMakerGroundTruthExecution = "
|
|
1316
|
+
AmazonSageMakerGroundTruthExecution = "AmazonSageMakerGroundTruthExecution",
|
|
1316
1317
|
/** Permissions to allow the AWS SMS to run used data validation script and send script success/failure back to SMS */
|
|
1317
|
-
ServerMigrationServiceRoleForInstanceValidation = "
|
|
1318
|
+
ServerMigrationServiceRoleForInstanceValidation = "service-role/ServerMigrationServiceRoleForInstanceValidation",
|
|
1318
1319
|
/** Provides read only access to AWS CodePipeline via the AWS Management Console. */
|
|
1319
|
-
AWSCodePipelineReadOnlyAccess = "
|
|
1320
|
+
AWSCodePipelineReadOnlyAccess = "AWSCodePipeline_ReadOnlyAccess",
|
|
1320
1321
|
/** Provides full access to AWS CodePipeline via the AWS Management Console. */
|
|
1321
|
-
AWSCodePipelineFullAccess = "
|
|
1322
|
+
AWSCodePipelineFullAccess = "AWSCodePipeline_FullAccess",
|
|
1322
1323
|
/** Allows Amazon Braket to create and manage AWS resources on your behalf */
|
|
1323
|
-
AmazonBraketServiceRolePolicy = "
|
|
1324
|
+
AmazonBraketServiceRolePolicy = "aws-service-role/AmazonBraketServiceRolePolicy",
|
|
1324
1325
|
/** Provides cross account access to Glue resources via Lake Formation. Also grants read access to other required services such as organizations and resource access manager */
|
|
1325
|
-
AWSLakeFormationCrossAccountManager = "
|
|
1326
|
+
AWSLakeFormationCrossAccountManager = "AWSLakeFormationCrossAccountManager",
|
|
1326
1327
|
/** Provides full access to Amazon Braket via the AWS Management Console and SDK. Also provides access to related services (e.g., S3, logs). */
|
|
1327
|
-
AmazonBraketFullAccess = "
|
|
1328
|
+
AmazonBraketFullAccess = "AmazonBraketFullAccess",
|
|
1328
1329
|
/** Provides permissions required to access MSK Cluster within a VPC, manage ENIs (create, describe, delete) in the VPC and write permissions to CloudWatch Logs. */
|
|
1329
|
-
AWSLambdaMSKExecutionRole = "
|
|
1330
|
+
AWSLambdaMSKExecutionRole = "service-role/AWSLambdaMSKExecutionRole",
|
|
1330
1331
|
/** Denies access to certain actions, applied by the AWS team in the event that an IAM user's credentials have been compromised or exposed publicly. Do NOT remove this policy. Instead, please follow the instructions specified in the email sent to you regarding this event. */
|
|
1331
|
-
AWSCompromisedKeyQuarantine = "
|
|
1332
|
+
AWSCompromisedKeyQuarantine = "AWSCompromisedKeyQuarantine",
|
|
1332
1333
|
/** Permissions to allow the AWS Server Migration Service to migrate VMs to EC2: allows the Server Migration Service to place the migrated resources into the customer's EC2 account. */
|
|
1333
|
-
ServerMigrationServiceRole = "
|
|
1334
|
+
ServerMigrationServiceRole = "service-role/ServerMigration_ServiceRole",
|
|
1334
1335
|
/** Policy used by VPC Resource Controller to manage ENI and IPs for worker nodes. */
|
|
1335
|
-
AmazonEKSVPCResourceController = "
|
|
1336
|
+
AmazonEKSVPCResourceController = "AmazonEKSVPCResourceController",
|
|
1336
1337
|
/** Enables access to AWS Services and Resources used or managed by Route53 Resolver */
|
|
1337
|
-
Route53ResolverServiceRolePolicy = "
|
|
1338
|
+
Route53ResolverServiceRolePolicy = "aws-service-role/Route53ResolverServiceRolePolicy",
|
|
1338
1339
|
/** Policy to enable AWS Client VPN to manage your Client VPN endpoint connections. */
|
|
1339
|
-
ClientVPNServiceConnectionsRolePolicy = "
|
|
1340
|
+
ClientVPNServiceConnectionsRolePolicy = "aws-service-role/ClientVPNServiceConnectionsRolePolicy",
|
|
1340
1341
|
/** Provides CodeDeploy service limited access to perform a Lambda deployment on your behalf. */
|
|
1341
|
-
AWSCodeDeployRoleForLambdaLimited = "
|
|
1342
|
+
AWSCodeDeployRoleForLambdaLimited = "service-role/AWSCodeDeployRoleForLambdaLimited",
|
|
1342
1343
|
/** Provides EC2 limited access to S3 bucket to download revision. This role is needed by the CodeDeploy agent on EC2 instances. */
|
|
1343
|
-
AmazonEC2RoleforAWSCodeDeployLimited = "
|
|
1344
|
+
AmazonEC2RoleforAWSCodeDeployLimited = "service-role/AmazonEC2RoleforAWSCodeDeployLimited",
|
|
1344
1345
|
/** Policy granting permissions to Application Auto Scaling to access Managed Streaming for Apache Kafka and CloudWatch. */
|
|
1345
|
-
AWSApplicationAutoscalingKafkaClusterPolicy = "
|
|
1346
|
+
AWSApplicationAutoscalingKafkaClusterPolicy = "aws-service-role/AWSApplicationAutoscalingKafkaClusterPolicy",
|
|
1346
1347
|
/** Provide readonly access to AWS Transfer services. */
|
|
1347
|
-
AWSTransferReadOnlyAccess = "
|
|
1348
|
+
AWSTransferReadOnlyAccess = "AWSTransferReadOnlyAccess",
|
|
1348
1349
|
/** Allows users to view bills on the Billing Console. */
|
|
1349
|
-
AWSBillingReadOnlyAccess = "
|
|
1350
|
+
AWSBillingReadOnlyAccess = "AWSBillingReadOnlyAccess",
|
|
1350
1351
|
/** Read-only access to the detailed list of purchased assets associated to the AWS account of the user */
|
|
1351
|
-
ElementalActivationsReadOnlyAccess = "
|
|
1352
|
+
ElementalActivationsReadOnlyAccess = "ElementalActivationsReadOnlyAccess",
|
|
1352
1353
|
/** Access to view purchased assets and generate software licenses for pending activations */
|
|
1353
|
-
ElementalActivationsGenerateLicenses = "
|
|
1354
|
+
ElementalActivationsGenerateLicenses = "ElementalActivationsGenerateLicenses",
|
|
1354
1355
|
/** Access to view purchased assets and download related software and kickstart files */
|
|
1355
|
-
ElementalActivationsDownloadSoftwareAccess = "
|
|
1356
|
+
ElementalActivationsDownloadSoftwareAccess = "ElementalActivationsDownloadSoftwareAccess",
|
|
1356
1357
|
/** Provides access to Amazon Elasticsearch resources from Amazon QuickSight */
|
|
1357
|
-
AWSQuickSightElasticsearchPolicy = "
|
|
1358
|
+
AWSQuickSightElasticsearchPolicy = "service-role/AWSQuickSightElasticsearchPolicy",
|
|
1358
1359
|
/** This policy provides full access to Amazon Redshift Data APIs. This policy also grants scoped access to other required services. */
|
|
1359
|
-
AmazonRedshiftDataFullAccess = "
|
|
1360
|
+
AmazonRedshiftDataFullAccess = "AmazonRedshiftDataFullAccess",
|
|
1360
1361
|
/** Provides full access to AWS RoboMaker via the AWS Management Console and SDK. Also provides select access to related services (e.g., S3, IAM). */
|
|
1361
|
-
AWSRoboMakerFullAccess = "
|
|
1362
|
+
AWSRoboMakerFullAccess = "AWSRoboMaker_FullAccess",
|
|
1362
1363
|
/** Default policy for AWS Config service role. Provides permissions required for AWS Config to track changes to your AWS resources. */
|
|
1363
|
-
AWSConfigRole = "
|
|
1364
|
+
AWSConfigRole = "service-role/AWS_ConfigRole",
|
|
1364
1365
|
/** Allows MediaPackage to publish logs to CloudWatch */
|
|
1365
|
-
MediaPackageServiceRolePolicy = "
|
|
1366
|
+
MediaPackageServiceRolePolicy = "aws-service-role/MediaPackageServiceRolePolicy",
|
|
1366
1367
|
/** Allows AWS Marketplace to copy your Amazon Machine Images (AMIs) in order to list them on AWS Marketplace */
|
|
1367
|
-
AWSMarketplaceAmiIngestion = "
|
|
1368
|
+
AWSMarketplaceAmiIngestion = "AWSMarketplaceAmiIngestion",
|
|
1368
1369
|
/** Policy to allow EMR to create, describe and delete EC2 placement groups. */
|
|
1369
|
-
AmazonElasticMapReducePlacementGroupPolicy = "
|
|
1370
|
+
AmazonElasticMapReducePlacementGroupPolicy = "AmazonElasticMapReducePlacementGroupPolicy",
|
|
1370
1371
|
/** Allows customers to use AWS Systems Manager to automatically manage Amazon EFS utilities (amazon-efs-utils) package on their EC2 instances, and use CloudWatchLog to get EFS file system mount success/failure notifications. */
|
|
1371
|
-
AmazonElasticFileSystemsUtils = "
|
|
1372
|
+
AmazonElasticFileSystemsUtils = "AmazonElasticFileSystemsUtils",
|
|
1372
1373
|
/** Permissions need by EC2 Image Builder to perform a cross account distribution. */
|
|
1373
|
-
Ec2ImageBuilderCrossAccountDistributionAccess = "
|
|
1374
|
+
Ec2ImageBuilderCrossAccountDistributionAccess = "Ec2ImageBuilderCrossAccountDistributionAccess",
|
|
1374
1375
|
/** AWS QuickSight access to AWS Timestream APIs. Customers can attach this policy to AWS QuickSight role to allow retrieval of data and metadata. */
|
|
1375
|
-
AWSQuickSightTimestreamPolicy = "
|
|
1376
|
+
AWSQuickSightTimestreamPolicy = "service-role/AWSQuickSightTimestreamPolicy",
|
|
1376
1377
|
/** Provides read only access to Amazon Timestream. Policy also provides permission to cancel any running query. If using Customer managed CMK, please refer to documentation for additional permissions needed. */
|
|
1377
|
-
AmazonTimestreamReadOnlyAccess = "
|
|
1378
|
+
AmazonTimestreamReadOnlyAccess = "AmazonTimestreamReadOnlyAccess",
|
|
1378
1379
|
/** Provides full access to Amazon Timestream. Note that this policy also grants certain KMS operation access. If using Customer managed CMK, please refer to documentation for additional permissions needed. */
|
|
1379
|
-
AmazonTimestreamFullAccess = "
|
|
1380
|
+
AmazonTimestreamFullAccess = "AmazonTimestreamFullAccess",
|
|
1380
1381
|
/** Provides full access to manage Amazon Timestream using the AWS Management Console. Note that this policy also grants permissions for certain KMS operations, and operations to manage your saved queries. If using Customer managed CMK, please refer to documentation for additional permissions needed. */
|
|
1381
|
-
AmazonTimestreamConsoleFullAccess = "
|
|
1382
|
+
AmazonTimestreamConsoleFullAccess = "AmazonTimestreamConsoleFullAccess",
|
|
1382
1383
|
/** Provides access to Systems Manager resources used by CloudWatch Alarms */
|
|
1383
|
-
AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy = "
|
|
1384
|
+
AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy = "aws-service-role/AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy",
|
|
1384
1385
|
/** Provides full access to Amazon S3 on Outposts via the AWS Management Console. */
|
|
1385
|
-
AmazonS3OutpostsFullAccess = "
|
|
1386
|
+
AmazonS3OutpostsFullAccess = "AmazonS3OutpostsFullAccess",
|
|
1386
1387
|
/** Provides read only access to Amazon S3 on Outposts via the AWS Management Console. */
|
|
1387
|
-
AmazonS3OutpostsReadOnlyAccess = "
|
|
1388
|
+
AmazonS3OutpostsReadOnlyAccess = "AmazonS3OutpostsReadOnlyAccess",
|
|
1388
1389
|
/** Provides full access to AWS DeepRacer. Also provides select access to related services (e.g., S3). */
|
|
1389
|
-
AWSDeepRacerFullAccess = "
|
|
1390
|
+
AWSDeepRacerFullAccess = "AWSDeepRacerFullAccess",
|
|
1390
1391
|
/** Policy required for the Lambda Insights Extension */
|
|
1391
|
-
CloudWatchLambdaInsightsExecutionRolePolicy = "
|
|
1392
|
+
CloudWatchLambdaInsightsExecutionRolePolicy = "CloudWatchLambdaInsightsExecutionRolePolicy",
|
|
1392
1393
|
/** Provides full access to AWS CloudTrail. */
|
|
1393
|
-
AWSCloudTrailFullAccess = "
|
|
1394
|
+
AWSCloudTrailFullAccess = "AWSCloudTrail_FullAccess",
|
|
1394
1395
|
/** Allows AWS Support to access AWS resources to provide billing, administrative, and support services. */
|
|
1395
|
-
AWSSupportServiceRolePolicy = "
|
|
1396
|
+
AWSSupportServiceRolePolicy = "aws-service-role/AWSSupportServiceRolePolicy",
|
|
1396
1397
|
/** Provides read only access to AWS Budgets Console via the AWS Management Console. */
|
|
1397
|
-
AWSBudgetsReadOnlyAccess = "
|
|
1398
|
+
AWSBudgetsReadOnlyAccess = "AWSBudgetsReadOnlyAccess",
|
|
1398
1399
|
/** Provides full access to AWS Budgets Actions including using Budgets Actions to control states of running AWS resources via AWS Management Console */
|
|
1399
|
-
AWSBudgetsActionsWithAWSResourceControlAccess = "
|
|
1400
|
+
AWSBudgetsActionsWithAWSResourceControlAccess = "AWSBudgetsActionsWithAWSResourceControlAccess",
|
|
1400
1401
|
/** Provides appropriate permissions to AWS Data Lifecycle Manager to take actions on AWS resources for AMI Management */
|
|
1401
|
-
AWSDataLifecycleManagerServiceRoleForAMIManagement = "
|
|
1402
|
+
AWSDataLifecycleManagerServiceRoleForAMIManagement = "service-role/AWSDataLifecycleManagerServiceRoleForAMIManagement",
|
|
1402
1403
|
/** Service Linked Role Policy for AWS Amazon MQ */
|
|
1403
|
-
AmazonMQServiceRolePolicy = "
|
|
1404
|
+
AmazonMQServiceRolePolicy = "aws-service-role/AmazonMQServiceRolePolicy",
|
|
1404
1405
|
/** Service Linked Role policy to enable access to AWS resources managed by AWS Outposts */
|
|
1405
|
-
AWSOutpostsServiceRolePolicy = "
|
|
1406
|
+
AWSOutpostsServiceRolePolicy = "aws-service-role/AWSOutpostsServiceRolePolicy",
|
|
1406
1407
|
/** Provides full access to AWS Glue DataBrew via the AWS Management Console. Also provides select access to related services (e.g., S3, KMS, Glue). */
|
|
1407
|
-
AwsGlueDataBrewFullAccessPolicy = "
|
|
1408
|
+
AwsGlueDataBrewFullAccessPolicy = "AwsGlueDataBrewFullAccessPolicy",
|
|
1408
1409
|
/** Provide AWS DynamoDB access to KinesisDataStreams */
|
|
1409
|
-
DynamoDBKinesisReplicationServiceRolePolicy = "
|
|
1410
|
+
DynamoDBKinesisReplicationServiceRolePolicy = "aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy",
|
|
1410
1411
|
/** Provides full access to Service Catalog App Registry capabilities */
|
|
1411
|
-
AWSServiceCatalogAppRegistryFullAccess = "
|
|
1412
|
+
AWSServiceCatalogAppRegistryFullAccess = "AWSServiceCatalogAppRegistryFullAccess",
|
|
1412
1413
|
/** Provides read-only access to Service Catalog App Registry capabilites */
|
|
1413
|
-
AWSServiceCatalogAppRegistryReadOnlyAccess = "
|
|
1414
|
+
AWSServiceCatalogAppRegistryReadOnlyAccess = "AWSServiceCatalogAppRegistryReadOnlyAccess",
|
|
1414
1415
|
/** Allow AWSNetworkFirewall to create and manage necessary resources for your Firewalls. */
|
|
1415
|
-
AWSNetworkFirewallServiceRolePolicy = "
|
|
1416
|
+
AWSNetworkFirewallServiceRolePolicy = "aws-service-role/AWSNetworkFirewallServiceRolePolicy",
|
|
1416
1417
|
/** Grants read-only access to AWS Lambda service, AWS Lambda console features, and other related AWS services. */
|
|
1417
|
-
AWSLambdaReadOnlyAccess = "
|
|
1418
|
+
AWSLambdaReadOnlyAccess = "AWSLambda_ReadOnlyAccess",
|
|
1418
1419
|
/** Grants full access to AWS Lambda service, AWS Lambda console features, and other related AWS services. */
|
|
1419
|
-
AWSLambdaFullAccess = "
|
|
1420
|
+
AWSLambdaFullAccess = "AWSLambda_FullAccess",
|
|
1420
1421
|
/** A service-linked role required for Amazon Honeycode to access your resources. */
|
|
1421
|
-
AmazonHoneycodeServiceRolePolicy = "
|
|
1422
|
+
AmazonHoneycodeServiceRolePolicy = "aws-service-role/AmazonHoneycodeServiceRolePolicy",
|
|
1422
1423
|
/** Enables access to AWS Services and Resources used or managed by S3 Storage Lens */
|
|
1423
|
-
S3StorageLensServiceRolePolicy = "
|
|
1424
|
+
S3StorageLensServiceRolePolicy = "aws-service-role/S3StorageLensServiceRolePolicy",
|
|
1424
1425
|
/** Provides full access to the AWS Glue Schema Registry Service */
|
|
1425
|
-
AWSGlueSchemaRegistryFullAccess = "
|
|
1426
|
+
AWSGlueSchemaRegistryFullAccess = "AWSGlueSchemaRegistryFullAccess",
|
|
1426
1427
|
/** Provides readonly access to the AWS Glue Schema Registry Service */
|
|
1427
|
-
AWSGlueSchemaRegistryReadonlyAccess = "
|
|
1428
|
+
AWSGlueSchemaRegistryReadonlyAccess = "AWSGlueSchemaRegistryReadonlyAccess",
|
|
1428
1429
|
/** The purpose of this policy is to grant permissions to AWS Connect users required to use Connect resources. This policy provides full access to AWS Connect resources via the Connect Console and public APIs */
|
|
1429
|
-
AmazonConnectFullAccess = "
|
|
1430
|
+
AmazonConnectFullAccess = "AmazonConnect_FullAccess",
|
|
1430
1431
|
/** The Service Linked Role used by Amazon Managed Workflows for Apache Airflow. */
|
|
1431
|
-
AmazonMWAAServiceRolePolicy = "
|
|
1432
|
+
AmazonMWAAServiceRolePolicy = "aws-service-role/AmazonMWAAServiceRolePolicy",
|
|
1432
1433
|
/** Provides full access to CloudWatch Application Insights and required dependencies. */
|
|
1433
|
-
CloudWatchApplicationInsightsFullAccess = "
|
|
1434
|
+
CloudWatchApplicationInsightsFullAccess = "CloudWatchApplicationInsightsFullAccess",
|
|
1434
1435
|
/** Provides read only access to CloudWatch Application Insights. */
|
|
1435
|
-
CloudWatchApplicationInsightsReadOnlyAccess = "
|
|
1436
|
+
CloudWatchApplicationInsightsReadOnlyAccess = "CloudWatchApplicationInsightsReadOnlyAccess",
|
|
1436
1437
|
/** Full access to view and take action on Elemental Appliance and Software support cases and product support content */
|
|
1437
|
-
ElementalSupportCenterFullAccess = "
|
|
1438
|
+
ElementalSupportCenterFullAccess = "ElementalSupportCenterFullAccess",
|
|
1438
1439
|
/** Service role policy used by the AWS Service Catalog service to provision products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including CodePipeline, CodeBuild, CodeCommit, Glue, CloudFormation, etc,. */
|
|
1439
|
-
AmazonSageMakerAdminServiceCatalogProductsServiceRolePolicy = "
|
|
1440
|
+
AmazonSageMakerAdminServiceCatalogProductsServiceRolePolicy = "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy",
|
|
1440
1441
|
/** A service-linked role required for Amazon DevOpsGuru to access your resources. */
|
|
1441
|
-
AmazonDevOpsGuruServiceRolePolicy = "
|
|
1442
|
+
AmazonDevOpsGuruServiceRolePolicy = "aws-service-role/AmazonDevOpsGuruServiceRolePolicy",
|
|
1442
1443
|
/** Allows an AWS Lambda function on an AWS Panorama Appliance to manage resources in Panorama, upload logs and metrics to Amazon CloudWatch, and to manage objects in buckets created for use with Panorama. */
|
|
1443
|
-
AWSPanoramaGreengrassGroupRolePolicy = "
|
|
1444
|
+
AWSPanoramaGreengrassGroupRolePolicy = "service-role/AWSPanoramaGreengrassGroupRolePolicy",
|
|
1444
1445
|
/** Provides full access to AWS Panorama */
|
|
1445
|
-
AWSPanoramaFullAccess = "
|
|
1446
|
+
AWSPanoramaFullAccess = "AWSPanoramaFullAccess",
|
|
1446
1447
|
/** Allows AWS IoT software on an AWS Panorama Appliance to upload logs to Amazon CloudWatch. */
|
|
1447
|
-
AWSPanoramaApplianceRolePolicy = "
|
|
1448
|
+
AWSPanoramaApplianceRolePolicy = "service-role/AWSPanoramaApplianceRolePolicy",
|
|
1448
1449
|
/** Allows Amazon SageMaker to manage objects in buckets created for use with AWS Panorama. */
|
|
1449
|
-
AWSPanoramaSageMakerRolePolicy = "
|
|
1450
|
+
AWSPanoramaSageMakerRolePolicy = "service-role/AWSPanoramaSageMakerRolePolicy",
|
|
1450
1451
|
/** Allows AWS Panorama to manage resources in Amazon S3, AWS IoT, AWS IoT GreenGrass, AWS Lambda, Amazon SageMaker, and Amazon CloudWatch Logs, and to pass service roles to AWS IoT, AWS IoT GreenGrass, and Amazon SageMaker. */
|
|
1451
|
-
AWSPanoramaServiceRolePolicy = "
|
|
1452
|
+
AWSPanoramaServiceRolePolicy = "service-role/AWSPanoramaServiceRolePolicy",
|
|
1452
1453
|
/** Provides full access to Amazon ECR Public repositories, but does not allow repository deletion or policy changes. */
|
|
1453
|
-
AmazonElasticContainerRegistryPublicPowerUser = "
|
|
1454
|
+
AmazonElasticContainerRegistryPublicPowerUser = "AmazonElasticContainerRegistryPublicPowerUser",
|
|
1454
1455
|
/** Provides permissions required to enable the offline store for an Amazon SageMaker FeatureStore feature group. */
|
|
1455
|
-
AmazonSageMakerFeatureStoreAccess = "
|
|
1456
|
+
AmazonSageMakerFeatureStoreAccess = "AmazonSageMakerFeatureStoreAccess",
|
|
1456
1457
|
/** Provides read only access to Amazon DevOps Guru Console. */
|
|
1457
|
-
AmazonDevOpsGuruReadOnlyAccess = "
|
|
1458
|
+
AmazonDevOpsGuruReadOnlyAccess = "AmazonDevOpsGuruReadOnlyAccess",
|
|
1458
1459
|
/** Provides full access to Amazon DevOps Guru. */
|
|
1459
|
-
AmazonDevOpsGuruFullAccess = "
|
|
1460
|
+
AmazonDevOpsGuruFullAccess = "AmazonDevOpsGuruFullAccess",
|
|
1460
1461
|
/** Provides administrative access to Amazon ECR Public resources */
|
|
1461
|
-
AmazonElasticContainerRegistryPublicFullAccess = "
|
|
1462
|
+
AmazonElasticContainerRegistryPublicFullAccess = "AmazonElasticContainerRegistryPublicFullAccess",
|
|
1462
1463
|
/** Provides read-only access to Amazon ECR Public repositories. */
|
|
1463
|
-
AmazonElasticContainerRegistryPublicReadOnly = "
|
|
1464
|
+
AmazonElasticContainerRegistryPublicReadOnly = "AmazonElasticContainerRegistryPublicReadOnly",
|
|
1464
1465
|
/** Grants account administrative permissions while explicitly allowing direct access to resources needed by Amplify applications. */
|
|
1465
|
-
AdministratorAccessAmplify = "
|
|
1466
|
+
AdministratorAccessAmplify = "AdministratorAccess-Amplify",
|
|
1466
1467
|
/** Grants Amazon Monitron permissions to manage AWS resources, including AWS SSO user assignment on your behalf. */
|
|
1467
|
-
AWSServiceRoleForMonitronPolicy = "
|
|
1468
|
+
AWSServiceRoleForMonitronPolicy = "aws-service-role/AWSServiceRoleForMonitronPolicy",
|
|
1468
1469
|
/** Provides full access to manage Amazon Monitron */
|
|
1469
|
-
AmazonMonitronFullAccess = "
|
|
1470
|
+
AmazonMonitronFullAccess = "AmazonMonitronFullAccess",
|
|
1470
1471
|
/** Enables access to AWS Services and Resources used or managed by AWS Marketplace for license management. */
|
|
1471
|
-
AWSMarketplaceLicenseManagementServiceRolePolicy = "
|
|
1472
|
+
AWSMarketplaceLicenseManagementServiceRolePolicy = "aws-service-role/AWSMarketplaceLicenseManagementServiceRolePolicy",
|
|
1472
1473
|
/** This policy grants permission to glue to perform action on user's glue data catalog, this policy also provides permission to ec2 actions to allow glue to create ENI to connect to resources in the VPC, also allow glue to access registered data in lakeformation and permission to access user's cloudwatch */
|
|
1473
|
-
AWSGlueDataBrewServiceRole = "
|
|
1474
|
+
AWSGlueDataBrewServiceRole = "service-role/AWSGlueDataBrewServiceRole",
|
|
1474
1475
|
/** Enables access to AWS Services and Resources used or managed by ECR Replication */
|
|
1475
|
-
ECRReplicationServiceRolePolicy = "
|
|
1476
|
+
ECRReplicationServiceRolePolicy = "aws-service-role/ECRReplicationServiceRolePolicy",
|
|
1476
1477
|
/** Service Linked Role to perform S3 PutObject to recording IVS live streams */
|
|
1477
|
-
IVSRecordToS3 = "
|
|
1478
|
+
IVSRecordToS3 = "aws-service-role/IVSRecordToS3",
|
|
1478
1479
|
/** Provides access to AWS resources managed or used by the AWS Systems Manager change management framework. */
|
|
1479
|
-
AWSSystemsManagerChangeManagementServicePolicy = "
|
|
1480
|
+
AWSSystemsManagerChangeManagementServicePolicy = "aws-service-role/AWSSystemsManagerChangeManagementServicePolicy",
|
|
1480
1481
|
/** Enables access to AWS Services and Resources used or managed by AWS Audit Manager */
|
|
1481
|
-
AWSAuditManagerServiceRolePolicy = "
|
|
1482
|
+
AWSAuditManagerServiceRolePolicy = "aws-service-role/AWSAuditManagerServiceRolePolicy",
|
|
1482
1483
|
/** Provides permissions necessary for SageMaker Edge to create and manage a device fleet for the customer using the default cloud connection. */
|
|
1483
|
-
AmazonSageMakerEdgeDeviceFleetPolicy = "
|
|
1484
|
+
AmazonSageMakerEdgeDeviceFleetPolicy = "service-role/AmazonSageMakerEdgeDeviceFleetPolicy",
|
|
1484
1485
|
/** Allows access to other AWS service resources that are required to run Amazon EMR */
|
|
1485
|
-
AmazonEMRContainersServiceRolePolicy = "
|
|
1486
|
+
AmazonEMRContainersServiceRolePolicy = "aws-service-role/AmazonEMRContainersServiceRolePolicy",
|
|
1486
1487
|
/** EC2 Instance profile for building container images with EC2 Image Builder. This policy grants the user broad permissions to upload ECR images. */
|
|
1487
|
-
EC2InstanceProfileForImageBuilderECRContainerBuilds = "
|
|
1488
|
+
EC2InstanceProfileForImageBuilderECRContainerBuilds = "EC2InstanceProfileForImageBuilderECRContainerBuilds",
|
|
1488
1489
|
/** Provides administrative access to enable or disable AWS Audit Manager, update settings, and manage assessments, controls, and frameworks */
|
|
1489
|
-
AWSAuditManagerAdministratorAccess = "
|
|
1490
|
+
AWSAuditManagerAdministratorAccess = "AWSAuditManagerAdministratorAccess",
|
|
1490
1491
|
/** Provides full access to AWS Transfer via the AWS Management Console */
|
|
1491
|
-
AWSTransferConsoleFullAccess = "
|
|
1492
|
+
AWSTransferConsoleFullAccess = "AWSTransferConsoleFullAccess",
|
|
1492
1493
|
/** Provides full access to AWS Transfer Service. */
|
|
1493
|
-
AWSTransferFullAccess = "
|
|
1494
|
+
AWSTransferFullAccess = "AWSTransferFullAccess",
|
|
1494
1495
|
/** Federation access for IoT Fleet Hub applications */
|
|
1495
|
-
AWSIoTFleetHubFederationAccess = "
|
|
1496
|
+
AWSIoTFleetHubFederationAccess = "service-role/AWSIoTFleetHubFederationAccess",
|
|
1496
1497
|
/** Allows the associated identity full access to all AWS IoT Wireless operations. */
|
|
1497
|
-
AWSIoTWirelessFullAccess = "
|
|
1498
|
+
AWSIoTWirelessFullAccess = "AWSIoTWirelessFullAccess",
|
|
1498
1499
|
/** Allows the associated identity read only access to AWS IoT wireless. */
|
|
1499
|
-
AWSIoTWirelessReadOnlyAccess = "
|
|
1500
|
+
AWSIoTWirelessReadOnlyAccess = "AWSIoTWirelessReadOnlyAccess",
|
|
1500
1501
|
/** Provides IoT Wireless full access to publish to IoT Rules Engine on your behalf. */
|
|
1501
|
-
AWSIoTWirelessFullPublishAccess = "
|
|
1502
|
+
AWSIoTWirelessFullPublishAccess = "AWSIoTWirelessFullPublishAccess",
|
|
1502
1503
|
/** Allows the associated identity access to create, list and describe IoT Certificates */
|
|
1503
|
-
AWSIoTWirelessGatewayCertManager = "
|
|
1504
|
+
AWSIoTWirelessGatewayCertManager = "AWSIoTWirelessGatewayCertManager",
|
|
1504
1505
|
/** Allows the associated identity data access to AWS IoT Wireless devices. */
|
|
1505
|
-
AWSIoTWirelessDataAccess = "
|
|
1506
|
+
AWSIoTWirelessDataAccess = "AWSIoTWirelessDataAccess",
|
|
1506
1507
|
/** Allows the associated identity to create Amazon CloudWatch Logs groups and stream logs to the groups. */
|
|
1507
|
-
AWSIoTWirelessLogging = "
|
|
1508
|
+
AWSIoTWirelessLogging = "AWSIoTWirelessLogging",
|
|
1508
1509
|
/** Grants using AWS CloudShell with all features */
|
|
1509
|
-
AWSCloudShellFullAccess = "
|
|
1510
|
+
AWSCloudShellFullAccess = "AWSCloudShellFullAccess",
|
|
1510
1511
|
/** Grants full access to AWS Managed Prometheus resources */
|
|
1511
|
-
AmazonPrometheusFullAccess = "
|
|
1512
|
+
AmazonPrometheusFullAccess = "AmazonPrometheusFullAccess",
|
|
1512
1513
|
/** Grants full access to AWS Managed Prometheus resources in the AWS console */
|
|
1513
|
-
AmazonPrometheusConsoleFullAccess = "
|
|
1514
|
+
AmazonPrometheusConsoleFullAccess = "AmazonPrometheusConsoleFullAccess",
|
|
1514
1515
|
/** Grants access to run queries against AWS Managed Prometheus resources */
|
|
1515
|
-
AmazonPrometheusQueryAccess = "
|
|
1516
|
+
AmazonPrometheusQueryAccess = "AmazonPrometheusQueryAccess",
|
|
1516
1517
|
/** Grants write only access to AWS Managed Prometheus workspaces */
|
|
1517
|
-
AmazonPrometheusRemoteWriteAccess = "
|
|
1518
|
+
AmazonPrometheusRemoteWriteAccess = "AmazonPrometheusRemoteWriteAccess",
|
|
1518
1519
|
/** Policy to enable AWS FIS to manage monitoring and resource selection for experiments. */
|
|
1519
|
-
AmazonFISServiceRolePolicy = "
|
|
1520
|
+
AmazonFISServiceRolePolicy = "aws-service-role/AmazonFISServiceRolePolicy",
|
|
1520
1521
|
/** Managed policy for Service Linked Role for Amazon SageMaker Core Services */
|
|
1521
|
-
AmazonSageMakerCoreServiceRolePolicy = "
|
|
1522
|
+
AmazonSageMakerCoreServiceRolePolicy = "aws-service-role/AmazonSageMakerCoreServiceRolePolicy",
|
|
1522
1523
|
/** Provides Lex V2 bots access to call other AWS services on your behalf. */
|
|
1523
|
-
AmazonLexV2BotPolicy = "
|
|
1524
|
+
AmazonLexV2BotPolicy = "aws-service-role/AmazonLexV2BotPolicy",
|
|
1524
1525
|
/** This policy allows customers to call Lex runtime from channels */
|
|
1525
|
-
AmazonLexChannelsAccess = "
|
|
1526
|
+
AmazonLexChannelsAccess = "aws-service-role/AmazonLexChannelsAccess",
|
|
1526
1527
|
/** Provides AWS Direct Connect permission to create and manage AWS resources on your behalf. */
|
|
1527
|
-
AWSDirectConnectServiceRolePolicy = "
|
|
1528
|
+
AWSDirectConnectServiceRolePolicy = "aws-service-role/AWSDirectConnectServiceRolePolicy",
|
|
1528
1529
|
/** Provides full access to AWS OpsWorks. */
|
|
1529
|
-
AWSOpsWorksFullAccess = "
|
|
1530
|
+
AWSOpsWorksFullAccess = "AWSOpsWorks_FullAccess",
|
|
1530
1531
|
/** Grants read-only permissions. Explicitly allows operators to gain direct access to retrieve information about resources related to AWS Elastic Beanstalk applications. */
|
|
1531
|
-
AWSElasticBeanstalkReadOnly = "
|
|
1532
|
+
AWSElasticBeanstalkReadOnly = "AWSElasticBeanstalkReadOnly",
|
|
1532
1533
|
/** Grants account administrative permissions. Explicitly allows developers and administrators to gain direct access to resources they need to manage AWS Elastic Beanstalk applications */
|
|
1533
|
-
AdministratorAccessAWSElasticBeanstalk = "
|
|
1534
|
+
AdministratorAccessAWSElasticBeanstalk = "AdministratorAccess-AWSElasticBeanstalk",
|
|
1534
1535
|
/** Read only access to WorkMail messages for the GetRawMessageContent API */
|
|
1535
|
-
AmazonWorkMailMessageFlowReadOnlyAccess = "
|
|
1536
|
+
AmazonWorkMailMessageFlowReadOnlyAccess = "AmazonWorkMailMessageFlowReadOnlyAccess",
|
|
1536
1537
|
/** Provides access required by Amazon CodeGuru Profiler agent. */
|
|
1537
|
-
AmazonCodeGuruProfilerAgentAccess = "
|
|
1538
|
+
AmazonCodeGuruProfilerAgentAccess = "AmazonCodeGuruProfilerAgentAccess",
|
|
1538
1539
|
/** Full access to the WorkMail Message Flow APIs */
|
|
1539
|
-
AmazonWorkMailMessageFlowFullAccess = "
|
|
1540
|
+
AmazonWorkMailMessageFlowFullAccess = "AmazonWorkMailMessageFlowFullAccess",
|
|
1540
1541
|
/** Allows EventBridge to access Secret Manager resources on your behalf. */
|
|
1541
|
-
AmazonEventBridgeApiDestinationsServiceRolePolicy = "
|
|
1542
|
+
AmazonEventBridgeApiDestinationsServiceRolePolicy = "aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy",
|
|
1542
1543
|
/** Provides full access to Amazon HealthLake service. */
|
|
1543
|
-
AmazonHealthLakeFullAccess = "
|
|
1544
|
+
AmazonHealthLakeFullAccess = "AmazonHealthLakeFullAccess",
|
|
1544
1545
|
/** Provides read only access to Amazon HealthLake service. */
|
|
1545
|
-
AmazonHealthLakeReadOnlyAccess = "
|
|
1546
|
+
AmazonHealthLakeReadOnlyAccess = "AmazonHealthLakeReadOnlyAccess",
|
|
1546
1547
|
/** Provides access to the AWS Proton APIs and Management Console, but does not allow administration of Proton templates or environments. */
|
|
1547
|
-
AWSProtonDeveloperAccess = "
|
|
1548
|
+
AWSProtonDeveloperAccess = "AWSProtonDeveloperAccess",
|
|
1548
1549
|
/** Service-linked role used by AWS Storage Gateway to enable integration of other AWS services with Storage Gateway. */
|
|
1549
|
-
AWSStorageGatewayServiceRolePolicy = "
|
|
1550
|
+
AWSStorageGatewayServiceRolePolicy = "aws-service-role/AWSStorageGatewayServiceRolePolicy",
|
|
1550
1551
|
/** Provides full access to the AWS Proton APIs and Management Console. In addition to these permissions, access to Amazon S3 is also needed to register template bundles from your S3 buckets, as well as access to Amazon IAM to create and manage the service roles for Proton. */
|
|
1551
|
-
AWSProtonFullAccess = "
|
|
1552
|
+
AWSProtonFullAccess = "AWSProtonFullAccess",
|
|
1552
1553
|
/** Provides read only access to the AWS Proton APIs and Management Console. */
|
|
1553
|
-
AWSProtonReadOnlyAccess = "
|
|
1554
|
+
AWSProtonReadOnlyAccess = "AWSProtonReadOnlyAccess",
|
|
1554
1555
|
/** Access to read only operations in Amazon Grafana. */
|
|
1555
|
-
AWSGrafanaConsoleReadOnlyAccess = "
|
|
1556
|
+
AWSGrafanaConsoleReadOnlyAccess = "AWSGrafanaConsoleReadOnlyAccess",
|
|
1556
1557
|
/** Provides only the ability to update user and group permissions for AWS Grafana workspaces. */
|
|
1557
|
-
AWSGrafanaWorkspacePermissionManagement = "
|
|
1558
|
+
AWSGrafanaWorkspacePermissionManagement = "AWSGrafanaWorkspacePermissionManagement",
|
|
1558
1559
|
/** Provides access within Amazon Grafana to create and manage workspaces for the entire organization. */
|
|
1559
|
-
AWSGrafanaAccountAdministrator = "
|
|
1560
|
+
AWSGrafanaAccountAdministrator = "AWSGrafanaAccountAdministrator",
|
|
1560
1561
|
/** This policy is for the AWS Elastic Beanstalk service role used to perform managed updates of Elastic Beanstalk environments. This policy should not be attached to other users or roles. The policy grants broad permissions to create and manage resources across a number of AWS services including AutoScaling, EC2, ECS, Elastic Load Balancing and CloudFormation. This policy also allows passing of any IAM role usable with those services. */
|
|
1561
|
-
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy = "
|
|
1562
|
+
AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy = "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy",
|
|
1562
1563
|
/** Provides access for the AWS Batch service to manage the required resources, including Amazon EC2 and Amazon ECS resources. */
|
|
1563
|
-
BatchServiceRolePolicy = "
|
|
1564
|
+
BatchServiceRolePolicy = "aws-service-role/BatchServiceRolePolicy",
|
|
1564
1565
|
/** This policy is used for the Amazon EMR Service Role and should NOT be used for any other IAM users or roles in your account. The policy grants permissions to create and manage resources associated with EMR and related services necessary for the operation of your EMR cluster. */
|
|
1565
|
-
AmazonEMRServicePolicyV2 = "
|
|
1566
|
+
AmazonEMRServicePolicyV2 = "service-role/AmazonEMRServicePolicy_v2",
|
|
1566
1567
|
/** Provides read only access to Amazon EMR and the associated CloudWatch Metrics. */
|
|
1567
|
-
AmazonEMRReadOnlyAccessPolicyV2 = "
|
|
1568
|
+
AmazonEMRReadOnlyAccessPolicyV2 = "AmazonEMRReadOnlyAccessPolicy_v2",
|
|
1568
1569
|
/** Provides full access to Amazon EMR */
|
|
1569
|
-
AmazonEMRFullAccessPolicyV2 = "
|
|
1570
|
+
AmazonEMRFullAccessPolicyV2 = "AmazonEMRFullAccessPolicy_v2",
|
|
1570
1571
|
/** Grants permission to enable and manage AWS Security Hub within an organization. Includes enabling the service across the organization, and determining the delegated administrator account for the service. */
|
|
1571
|
-
AWSSecurityHubOrganizationsAccess = "
|
|
1572
|
+
AWSSecurityHubOrganizationsAccess = "AWSSecurityHubOrganizationsAccess",
|
|
1572
1573
|
/** Allows AWS application Migration Service to create and manage AWS resources on your behalf. */
|
|
1573
|
-
AWSApplicationMigrationServiceRolePolicy = "
|
|
1574
|
+
AWSApplicationMigrationServiceRolePolicy = "aws-service-role/AWSApplicationMigrationServiceRolePolicy",
|
|
1574
1575
|
/** This policy allows the Application Migration Service (MGN) Conversion Server, which are EC2 instances launched by Application Migration Service, to communicate with the MGN service. An IAM role with this policy is attached (as an EC2 Instance Profile) by MGN to the MGN Conversion Servers, which are automatically launched and terminated by MGN, when needed. We do not recommend that you attach this policy to your IAM users or roles. MGN Conversion Servers are used by Application Migration Service when users choose to launch Test or Cutover instances using the MGN console, CLI, or API. */
|
|
1575
|
-
AWSApplicationMigrationConversionServerPolicy = "
|
|
1576
|
+
AWSApplicationMigrationConversionServerPolicy = "service-role/AWSApplicationMigrationConversionServerPolicy",
|
|
1576
1577
|
/** This policy provides permissions to all public APIs of AWS Application Migration Service (MGN), as well as permissions to read KMS key information. Attach this policy to your IAM users or roles. */
|
|
1577
|
-
AWSApplicationMigrationFullAccess = "
|
|
1578
|
+
AWSApplicationMigrationFullAccess = "AWSApplicationMigrationFullAccess",
|
|
1578
1579
|
/** This policy allows installing and using the AWS Replication Agent, which is used with AWS Application Migration Service (MGN) to migrate external servers to AWS. Attach this policy to your IAM users or roles whose credentials you provide when installing the AWS Replication Agent. */
|
|
1579
|
-
AWSApplicationMigrationAgentPolicy = "
|
|
1580
|
+
AWSApplicationMigrationAgentPolicy = "AWSApplicationMigrationAgentPolicy",
|
|
1580
1581
|
/** This policy provides Amazon EC2 operations required to use Application Migration Service (MGN) to launch the migrated servers as EC2 instances. Attach this policy to your IAM users or roles. */
|
|
1581
|
-
AWSApplicationMigrationEC2Access = "
|
|
1582
|
+
AWSApplicationMigrationEC2Access = "AWSApplicationMigrationEC2Access",
|
|
1582
1583
|
/** This policy allows AWS Application Migration Service (MGN) to send meta-data about the progress of servers being migrated using MGN to AWS Migration Hub (MGH). MGN automatically creates an IAM role with this policy attached, and assumes this role. We do not recommend that you attach this policy to your IAM users or roles. */
|
|
1583
|
-
AWSApplicationMigrationMGHAccess = "
|
|
1584
|
+
AWSApplicationMigrationMGHAccess = "service-role/AWSApplicationMigrationMGHAccess",
|
|
1584
1585
|
/** This policy provides permissions to all read-only public APIs of Application Migration Service (MGN), as well as some read-only APIs of other AWS services that are required in order to make full read-only use of the MGN console. Attach this policy to your IAM users or roles. */
|
|
1585
|
-
AWSApplicationMigrationReadOnlyAccess = "
|
|
1586
|
+
AWSApplicationMigrationReadOnlyAccess = "AWSApplicationMigrationReadOnlyAccess",
|
|
1586
1587
|
/** This policy allows the Application Migration Service (MGN) Replication Servers, which are EC2 instances launched by Application Migration Service - to communicate with the MGN service, and to create EBS snapshots in your AWS account. An IAM role with this policy is attached (as an EC2 Instance Profile) by Application Migration Service to the MGN Replication Servers which are automatically launched and terminated by MGN, as needed. MGN Replication Servers are used to facilitate data replication from your external servers to AWS, as part of the migration process managed using MGN. We do not recommend that you attach this policy to your IAM users or roles. */
|
|
1587
|
-
AWSApplicationMigrationReplicationServerPolicy = "
|
|
1588
|
+
AWSApplicationMigrationReplicationServerPolicy = "service-role/AWSApplicationMigrationReplicationServerPolicy",
|
|
1588
1589
|
/** Provides full access to Amazon Lookout for Equipment operations */
|
|
1589
|
-
AmazonLookoutEquipmentFullAccess = "
|
|
1590
|
+
AmazonLookoutEquipmentFullAccess = "AmazonLookoutEquipmentFullAccess",
|
|
1590
1591
|
/** Denies access to certain actions, applied by the AWS team in the event that an IAM user's credentials have been compromised or exposed publicly. Do NOT remove this policy. Instead, please follow the instructions specified in the support case created for you regarding this event. */
|
|
1591
|
-
AWSCompromisedKeyQuarantineV2 = "
|
|
1592
|
+
AWSCompromisedKeyQuarantineV2 = "AWSCompromisedKeyQuarantineV2",
|
|
1592
1593
|
/** IAM role for SSM Explorer to manage OpsData related operations */
|
|
1593
|
-
AWSSystemsManagerOpsDataSyncServiceRolePolicy = "
|
|
1594
|
+
AWSSystemsManagerOpsDataSyncServiceRolePolicy = "aws-service-role/AWSSystemsManagerOpsDataSyncServiceRolePolicy",
|
|
1594
1595
|
/** This policy is used by the service-linked role named AWSServiceRoleForCloudWatchAlarms_ActionSSMIncidents. CloudWatch uses this service-linked role to perform AWS System Manager Incident Manager actions when a CloudWatch alarm goes in to ALARM state. This policy grants permission to start incidents on your behalf. */
|
|
1595
|
-
AWSCloudWatchAlarmsActionSSMIncidentsServiceRolePolicy = "
|
|
1596
|
+
AWSCloudWatchAlarmsActionSSMIncidentsServiceRolePolicy = "aws-service-role/AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy",
|
|
1596
1597
|
/** This policy grants access to resources needed by Nimble Studio Launch Profile workers. Attach this policy to EC2 instances created by Nimble Studio Builder. */
|
|
1597
|
-
AmazonNimbleStudioLaunchProfileWorker = "
|
|
1598
|
+
AmazonNimbleStudioLaunchProfileWorker = "AmazonNimbleStudio-LaunchProfileWorker",
|
|
1598
1599
|
/** This policy grants access to Amazon Nimble Studio resources associated with the studio admin and related studio resources in other services. Attach this policy to the Admin role associated with your studio. */
|
|
1599
|
-
AmazonNimbleStudioStudioAdmin = "
|
|
1600
|
+
AmazonNimbleStudioStudioAdmin = "AmazonNimbleStudio-StudioAdmin",
|
|
1600
1601
|
/** This policy grants access to Amazon Nimble Studio resources associated with the studio user and related studio resources in other services. Attach this policy to the User role associated with your studio. */
|
|
1601
|
-
AmazonNimbleStudioStudioUser = "
|
|
1602
|
+
AmazonNimbleStudioStudioUser = "AmazonNimbleStudio-StudioUser",
|
|
1602
1603
|
/** Provides read only access to Amazon Lookout for Equipments */
|
|
1603
|
-
AmazonLookoutEquipmentReadOnlyAccess = "
|
|
1604
|
+
AmazonLookoutEquipmentReadOnlyAccess = "AmazonLookoutEquipmentReadOnlyAccess",
|
|
1604
1605
|
/** Gives access to all read-only actions for Amazon Lookout for Metrics */
|
|
1605
|
-
AmazonLookoutMetricsReadOnlyAccess = "
|
|
1606
|
+
AmazonLookoutMetricsReadOnlyAccess = "AmazonLookoutMetricsReadOnlyAccess",
|
|
1606
1607
|
/** Gives access to all actions for Amazon Lookout for Metrics */
|
|
1607
|
-
AmazonLookoutMetricsFullAccess = "
|
|
1608
|
+
AmazonLookoutMetricsFullAccess = "AmazonLookoutMetricsFullAccess",
|
|
1608
1609
|
/** This policy grants Incident Manager permission to manage incident records and related resources on your behalf. */
|
|
1609
|
-
AWSIncidentManagerServiceRolePolicy = "
|
|
1610
|
+
AWSIncidentManagerServiceRolePolicy = "aws-service-role/AWSIncidentManagerServiceRolePolicy",
|
|
1610
1611
|
/** This policy grants permissions to start, view, and update incidents with full access to custom timeline events & related items. Assign this policy to users who will create and resolve incidents. */
|
|
1611
|
-
AWSIncidentManagerResolverAccess = "
|
|
1612
|
+
AWSIncidentManagerResolverAccess = "AWSIncidentManagerResolverAccess",
|
|
1612
1613
|
/** Provides read only access to Amazon Lookout for Vision and scoped access to required dependencies. */
|
|
1613
|
-
AmazonLookoutVisionReadOnlyAccess = "
|
|
1614
|
+
AmazonLookoutVisionReadOnlyAccess = "AmazonLookoutVisionReadOnlyAccess",
|
|
1614
1615
|
/** Provides full access to Amazon Lookout for Vision and scoped access to required dependencies. */
|
|
1615
|
-
AmazonLookoutVisionFullAccess = "
|
|
1616
|
+
AmazonLookoutVisionFullAccess = "AmazonLookoutVisionFullAccess",
|
|
1616
1617
|
/** Provides read only access to Amazon Lookout for Vision and scoped access to required service and console dependencies. */
|
|
1617
|
-
AmazonLookoutVisionConsoleReadOnlyAccess = "
|
|
1618
|
+
AmazonLookoutVisionConsoleReadOnlyAccess = "AmazonLookoutVisionConsoleReadOnlyAccess",
|
|
1618
1619
|
/** Provides full access to Amazon Lookout for Vision and scoped access to required service and console dependencies. */
|
|
1619
|
-
AmazonLookoutVisionConsoleFullAccess = "
|
|
1620
|
+
AmazonLookoutVisionConsoleFullAccess = "AmazonLookoutVisionConsoleFullAccess",
|
|
1620
1621
|
/** Allows AWS AppRunner to manage related AWS resources on your behalf. */
|
|
1621
|
-
AppRunnerServiceRolePolicy = "
|
|
1622
|
+
AppRunnerServiceRolePolicy = "aws-service-role/AppRunnerServiceRolePolicy",
|
|
1622
1623
|
/** AWS App Runner service policy that grants read permissions to Amazon ECR resources in the customer's account. Use it in a role that is passed to App Runner when creating or updating an App Runner service. */
|
|
1623
|
-
AWSAppRunnerServicePolicyForECRAccess = "
|
|
1624
|
+
AWSAppRunnerServicePolicyForECRAccess = "service-role/AWSAppRunnerServicePolicyForECRAccess",
|
|
1624
1625
|
/** Allows Service Catalog AppRegistry to manage Resource Groups on your behalf */
|
|
1625
|
-
AWSServiceCatalogAppRegistryServiceRolePolicy = "
|
|
1626
|
+
AWSServiceCatalogAppRegistryServiceRolePolicy = "aws-service-role/AWSServiceCatalogAppRegistryServiceRolePolicy",
|
|
1626
1627
|
/** Grant permissions to AWS Device Farm to call EC2 APIs on your behalf. */
|
|
1627
|
-
AWSDeviceFarmTestGridServiceRolePolicy = "
|
|
1628
|
+
AWSDeviceFarmTestGridServiceRolePolicy = "aws-service-role/AWSDeviceFarmTestGridServiceRolePolicy",
|
|
1628
1629
|
/** Enables AWS KMS to synchronize the shared properties of multi-Region keys. */
|
|
1629
|
-
AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy = "
|
|
1630
|
+
AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy = "aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy",
|
|
1630
1631
|
/** Policy for Service Linked Role AWSServiceRoleForAmazonSSM_OpsInsights */
|
|
1631
|
-
AWSSSMOpsInsightsServiceRolePolicy = "
|
|
1632
|
+
AWSSSMOpsInsightsServiceRolePolicy = "aws-service-role/AWSSSMOpsInsightsServiceRolePolicy",
|
|
1632
1633
|
/** Grants permissions to AWS BugBust to access resources on your behalf */
|
|
1633
|
-
AWSBugBustServiceRolePolicy = "
|
|
1634
|
+
AWSBugBustServiceRolePolicy = "aws-service-role/AWSBugBustServiceRolePolicy",
|
|
1634
1635
|
/** This IAM policy grants users full access to the AWS BugBust console */
|
|
1635
|
-
AWSBugBustFullAccess = "
|
|
1636
|
+
AWSBugBustFullAccess = "AWSBugBustFullAccess",
|
|
1636
1637
|
/** This IAM policy grants users access to participate in AWS BugBust events */
|
|
1637
|
-
AWSBugBustPlayerAccess = "
|
|
1638
|
+
AWSBugBustPlayerAccess = "AWSBugBustPlayerAccess",
|
|
1638
1639
|
/** Service Linked Role Policy for Route 53 Recovery Readiness */
|
|
1639
|
-
Route53RecoveryReadinessServiceRolePolicy = "
|
|
1640
|
+
Route53RecoveryReadinessServiceRolePolicy = "aws-service-role/Route53RecoveryReadinessServiceRolePolicy",
|
|
1640
1641
|
/** This Amazon Managed Policy grants permissions commonly needed for use with Callback steps and Lambda steps in SageMaker Model Building Pipelines. It is added to the AmazonSageMaker-ExecutionRole that can be created when setting up SageMaker Studio. It can also be attached to any other role that will be used for authoring or executing pipelines. */
|
|
1641
|
-
AmazonSageMakerPipelinesIntegrations = "
|
|
1642
|
+
AmazonSageMakerPipelinesIntegrations = "AmazonSageMakerPipelinesIntegrations",
|
|
1642
1643
|
/** Allows Amazon Chime to access Amazon Transcribe and Amazon Transcribe Medical on your behalf */
|
|
1643
|
-
AmazonChimeTranscriptionServiceLinkedRolePolicy = "
|
|
1644
|
+
AmazonChimeTranscriptionServiceLinkedRolePolicy = "aws-service-role/AmazonChimeTranscriptionServiceLinkedRolePolicy",
|
|
1644
1645
|
/** Provides permissions to allow access to the AWS License Manager API actions required to consume upon licenses that the user has entitlements. */
|
|
1645
|
-
AWSLicenseManagerConsumptionPolicy = "
|
|
1646
|
+
AWSLicenseManagerConsumptionPolicy = "service-role/AWSLicenseManagerConsumptionPolicy",
|
|
1646
1647
|
/** This policy allows MemoryDB to manage AWS resources on your behalf as necessary for managing your resources. */
|
|
1647
|
-
MemoryDBServiceRolePolicy = "
|
|
1648
|
+
MemoryDBServiceRolePolicy = "aws-service-role/MemoryDBServiceRolePolicy",
|
|
1648
1649
|
/** Policy granting permissions to Application Auto Scaling to access Amazon ElastiCache and Amazon CloudWatch. */
|
|
1649
|
-
AWSApplicationAutoscalingElastiCacheRGPolicy = "
|
|
1650
|
+
AWSApplicationAutoscalingElastiCacheRGPolicy = "aws-service-role/AWSApplicationAutoscalingElastiCacheRGPolicy",
|
|
1650
1651
|
/** Provides AWS Lambda functions permissions to interact with Amazon S3 Object Lambda. Also grants Lambda permissions to write to CloudWatch Logs. */
|
|
1651
|
-
AmazonS3ObjectLambdaExecutionRolePolicy = "
|
|
1652
|
+
AmazonS3ObjectLambdaExecutionRolePolicy = "service-role/AmazonS3ObjectLambdaExecutionRolePolicy",
|
|
1652
1653
|
/** Provides full access to Amazon Route 53 Recovery Readiness */
|
|
1653
|
-
AmazonRoute53RecoveryReadinessFullAccess = "
|
|
1654
|
+
AmazonRoute53RecoveryReadinessFullAccess = "AmazonRoute53RecoveryReadinessFullAccess",
|
|
1654
1655
|
/** Provides read only access to Amazon Route 53 Recovery Cluster */
|
|
1655
|
-
AmazonRoute53RecoveryClusterReadOnlyAccess = "
|
|
1656
|
+
AmazonRoute53RecoveryClusterReadOnlyAccess = "AmazonRoute53RecoveryClusterReadOnlyAccess",
|
|
1656
1657
|
/** Provides full access to Amazon Route 53 Recovery Control Config */
|
|
1657
|
-
AmazonRoute53RecoveryControlConfigFullAccess = "
|
|
1658
|
+
AmazonRoute53RecoveryControlConfigFullAccess = "AmazonRoute53RecoveryControlConfigFullAccess",
|
|
1658
1659
|
/** Provides read only access to Amazon Route 53 Recovery Control Config */
|
|
1659
|
-
AmazonRoute53RecoveryControlConfigReadOnlyAccess = "
|
|
1660
|
+
AmazonRoute53RecoveryControlConfigReadOnlyAccess = "AmazonRoute53RecoveryControlConfigReadOnlyAccess",
|
|
1660
1661
|
/** Provides read only access to Amazon Route 53 Recovery Readiness */
|
|
1661
|
-
AmazonRoute53RecoveryReadinessReadOnlyAccess = "
|
|
1662
|
+
AmazonRoute53RecoveryReadinessReadOnlyAccess = "AmazonRoute53RecoveryReadinessReadOnlyAccess",
|
|
1662
1663
|
/** Provides full access to Amazon Route 53 Recovery Cluster */
|
|
1663
|
-
AmazonRoute53RecoveryClusterFullAccess = "
|
|
1664
|
+
AmazonRoute53RecoveryClusterFullAccess = "AmazonRoute53RecoveryClusterFullAccess",
|
|
1664
1665
|
/** Provides AWS Backup permissions to create compliance reports on your behalf */
|
|
1665
|
-
AWSServiceRolePolicyForBackupReports = "
|
|
1666
|
+
AWSServiceRolePolicyForBackupReports = "aws-service-role/AWSServiceRolePolicyForBackupReports",
|
|
1666
1667
|
/** This policy grants permissions for users to create controls and frameworks that define their expectations for AWS Backup resources and activities, and to audit AWS Backup resources and activities against their defined controls and frameworks. This policy grants permissions to AWS Config and similar services to describe user expectations perform the audits. This policy also grants permissions to deliver audit reports to S3 and similar services, and enables users to find and open their audit reports. */
|
|
1667
|
-
AWSBackupAuditAccess = "
|
|
1668
|
+
AWSBackupAuditAccess = "AWSBackupAuditAccess",
|
|
1668
1669
|
/** Allow Amazon OpenSearch Service to access other AWS services such as EC2 Networking APIs on your behalf. */
|
|
1669
|
-
AmazonOpenSearchServiceRolePolicy = "
|
|
1670
|
+
AmazonOpenSearchServiceRolePolicy = "aws-service-role/AmazonOpenSearchServiceRolePolicy",
|
|
1670
1671
|
/** Provides access to the Amazon Cognito configuration service. */
|
|
1671
|
-
AmazonOpenSearchServiceCognitoAccess = "
|
|
1672
|
+
AmazonOpenSearchServiceCognitoAccess = "AmazonOpenSearchServiceCognitoAccess",
|
|
1672
1673
|
/** Policy granting permissions to Application Auto Scaling to access Amazon Neptune and Amazon CloudWatch. */
|
|
1673
|
-
AWSApplicationAutoscalingNeptuneClusterPolicy = "
|
|
1674
|
+
AWSApplicationAutoscalingNeptuneClusterPolicy = "aws-service-role/AWSApplicationAutoscalingNeptuneClusterPolicy",
|
|
1674
1675
|
/** This policy allows Amazon EKS to manage AWS resources for EKS connector */
|
|
1675
|
-
AmazonEKSConnectorServiceRolePolicy = "
|
|
1676
|
+
AmazonEKSConnectorServiceRolePolicy = "aws-service-role/AmazonEKSConnectorServiceRolePolicy",
|
|
1676
1677
|
/** This policy grants Kafka Connect permission to manage AWS resources on your behalf. */
|
|
1677
|
-
KafkaConnectServiceRolePolicy = "
|
|
1678
|
+
KafkaConnectServiceRolePolicy = "aws-service-role/KafkaConnectServiceRolePolicy",
|
|
1678
1679
|
/** Provides access to Amazon OpenSearch resources from Amazon QuickSight */
|
|
1679
|
-
AWSQuicksightOpenSearchPolicy = "
|
|
1680
|
+
AWSQuicksightOpenSearchPolicy = "service-role/AWSQuicksightOpenSearchPolicy",
|
|
1680
1681
|
/** Provides full access to the Amazon OpenSearch Service configuration service. */
|
|
1681
|
-
AmazonOpenSearchServiceFullAccess = "
|
|
1682
|
+
AmazonOpenSearchServiceFullAccess = "AmazonOpenSearchServiceFullAccess",
|
|
1682
1683
|
/** Provides read-only access to the Amazon OpenSearch Service configuration service. */
|
|
1683
|
-
AmazonOpenSearchServiceReadOnlyAccess = "
|
|
1684
|
+
AmazonOpenSearchServiceReadOnlyAccess = "AmazonOpenSearchServiceReadOnlyAccess",
|
|
1684
1685
|
/** Enable access to AWS Resources used or managed by MediaTailor */
|
|
1685
|
-
AWSMediaTailorServiceRolePolicy = "
|
|
1686
|
+
AWSMediaTailorServiceRolePolicy = "aws-service-role/AWSMediaTailorServiceRolePolicy",
|
|
1686
1687
|
/** Provide readonly access to Amazon MSK Connect */
|
|
1687
|
-
AmazonMSKConnectReadOnlyAccess = "
|
|
1688
|
+
AmazonMSKConnectReadOnlyAccess = "AmazonMSKConnectReadOnlyAccess",
|
|
1688
1689
|
/** Policy for Amazon Connect Campaigns service linked role */
|
|
1689
|
-
AmazonConnectCampaignsServiceLinkedRolePolicy = "
|
|
1690
|
+
AmazonConnectCampaignsServiceLinkedRolePolicy = "aws-service-role/AmazonConnectCampaignsServiceLinkedRolePolicy",
|
|
1690
1691
|
/** Grants full access to the Amazon Redshift Query Editor V2 operations and resources. This policy also grants access to other required services. This includes permissions to list the Amazon Redshift clusters, read keys and aliases in AWS KMS and manage the Query Editor V2 secrets in AWS Secrets Manager. */
|
|
1691
|
-
AmazonRedshiftQueryEditorV2FullAccess = "
|
|
1692
|
+
AmazonRedshiftQueryEditorV2FullAccess = "AmazonRedshiftQueryEditorV2FullAccess",
|
|
1692
1693
|
/** Grants the ability to work with Amazon Redshift Query Editor V2 without sharing resources. The granted principal can only read, update and delete its own resources but cannot share them. This policy also grants access to other required services. This includes permissions to list the Amazon Redshift clusters and manage the Query Editor V2 secrets of the principal in AWS Secrets Manager. */
|
|
1693
|
-
AmazonRedshiftQueryEditorV2NoSharing = "
|
|
1694
|
+
AmazonRedshiftQueryEditorV2NoSharing = "AmazonRedshiftQueryEditorV2NoSharing",
|
|
1694
1695
|
/** Grants the ability to work with Amazon Redshift Query Editor V2 with limited sharing of resources. The granted principal can read, write and share its own resources. The granted principal can read the resources shared with its team but cannot update them. This policy also grants access to other required services. This includes permissions to list the Amazon Redshift clusters and manage the Query Editor V2 secrets of the principal in AWS Secrets Manager. */
|
|
1695
|
-
AmazonRedshiftQueryEditorV2ReadSharing = "
|
|
1696
|
+
AmazonRedshiftQueryEditorV2ReadSharing = "AmazonRedshiftQueryEditorV2ReadSharing",
|
|
1696
1697
|
/** Grants the ability to work with Amazon Redshift Query Editor V2 with sharing of resources. The granted principal can read, write and share its own resources. The granted principal can read and update the resources shared with its team. This policy also grants access to other required services. This includes permissions to list the Amazon Redshift clusters and manage the Query Editor V2 secrets of the principal in AWS Secrets Manager. */
|
|
1697
|
-
AmazonRedshiftQueryEditorV2ReadWriteSharing = "
|
|
1698
|
+
AmazonRedshiftQueryEditorV2ReadWriteSharing = "AmazonRedshiftQueryEditorV2ReadWriteSharing",
|
|
1698
1699
|
/** Provides full access to Amazon Connect Voice ID */
|
|
1699
|
-
AmazonConnectVoiceIDFullAccess = "
|
|
1700
|
+
AmazonConnectVoiceIDFullAccess = "AmazonConnectVoiceIDFullAccess",
|
|
1700
1701
|
/** Allows EC2 CapacityReservation Fleet service to manage Capacity Reservations */
|
|
1701
|
-
AWSEC2CapacityReservationFleetRolePolicy = "
|
|
1702
|
+
AWSEC2CapacityReservationFleetRolePolicy = "aws-service-role/AWSEC2CapacityReservationFleetRolePolicy",
|
|
1702
1703
|
/** Provides full access to AWS Account Management. */
|
|
1703
|
-
AWSAccountManagementFullAccess = "
|
|
1704
|
+
AWSAccountManagementFullAccess = "AWSAccountManagementFullAccess",
|
|
1704
1705
|
/** Provides read-only access to AWS Account Management */
|
|
1705
|
-
AWSAccountManagementReadOnlyAccess = "
|
|
1706
|
+
AWSAccountManagementReadOnlyAccess = "AWSAccountManagementReadOnlyAccess",
|
|
1706
1707
|
/** Provides full access to Amazon MemoryDB via the AWS Management Console. */
|
|
1707
|
-
AmazonMemoryDBFullAccess = "
|
|
1708
|
+
AmazonMemoryDBFullAccess = "AmazonMemoryDBFullAccess",
|
|
1708
1709
|
/** Provides read only access to Amazon MemoryDB via the AWS Management Console. */
|
|
1709
|
-
AmazonMemoryDBReadOnlyAccess = "
|
|
1710
|
+
AmazonMemoryDBReadOnlyAccess = "AmazonMemoryDBReadOnlyAccess",
|
|
1710
1711
|
/** Allows Amazon RDS Custom to manage AWS resources on your behalf. */
|
|
1711
|
-
AmazonRDSCustomServiceRolePolicy = "
|
|
1712
|
+
AmazonRDSCustomServiceRolePolicy = "aws-service-role/AmazonRDSCustomServiceRolePolicy",
|
|
1712
1713
|
/** Amazon RDS Custom Preview Service Role Policy */
|
|
1713
|
-
AmazonRDSCustomPreviewServiceRolePolicy = "
|
|
1714
|
+
AmazonRDSCustomPreviewServiceRolePolicy = "aws-service-role/AmazonRDSCustomPreviewServiceRolePolicy",
|
|
1714
1715
|
/** Enable access to AWS Resources used or managed by AWS Migration Hub Strategy Recommendations service. */
|
|
1715
|
-
AWSMigrationHubStrategyServiceRolePolicy = "
|
|
1716
|
+
AWSMigrationHubStrategyServiceRolePolicy = "aws-service-role/AWSMigrationHubStrategyServiceRolePolicy",
|
|
1716
1717
|
/** Grants full access to the AWS Migration Hub Strategy Recommendations service and access to related AWS services through the AWS Management Console. */
|
|
1717
|
-
AWSMigrationHubStrategyConsoleFullAccess = "
|
|
1718
|
+
AWSMigrationHubStrategyConsoleFullAccess = "AWSMigrationHubStrategyConsoleFullAccess",
|
|
1718
1719
|
/** Grants permissions to allow communication with the AWS Migration Hub Strategy Recommendations service, read/write access to S3 buckets related to the service, Amazon API Gateway access to upload logs and metrics to AWS, AWS Secrets Manager access to fetch credentials, and any related services. */
|
|
1719
|
-
AWSMigrationHubStrategyCollector = "
|
|
1720
|
+
AWSMigrationHubStrategyCollector = "AWSMigrationHubStrategyCollector",
|
|
1720
1721
|
/** Allows AWS Panorama to manage resources in AWS IoT, AWS Secrets Manager and AWS Panorama. */
|
|
1721
|
-
AWSPanoramaServiceLinkedRolePolicy = "
|
|
1722
|
+
AWSPanoramaServiceLinkedRolePolicy = "aws-service-role/AWSPanoramaServiceLinkedRolePolicy",
|
|
1722
1723
|
/** Allows an AWS Panorama Appliance to upload logs to Amazon CloudWatch, and to get objects from Amazon S3 access points created for use with AWS Panorama. */
|
|
1723
|
-
AWSPanoramaApplianceServiceRolePolicy = "
|
|
1724
|
+
AWSPanoramaApplianceServiceRolePolicy = "service-role/AWSPanoramaApplianceServiceRolePolicy",
|
|
1724
1725
|
/** Enables access for AWS Marketplace services to purchase order management. */
|
|
1725
|
-
AWSMarketplacePurchaseOrdersServiceRolePolicy = "
|
|
1726
|
+
AWSMarketplacePurchaseOrdersServiceRolePolicy = "aws-service-role/AWSMarketplacePurchaseOrdersServiceRolePolicy",
|
|
1726
1727
|
/** DeepRacer admin access to all actions including toggling between multiuser and single user mode. */
|
|
1727
|
-
AWSDeepRacerAccountAdminAccess = "
|
|
1728
|
+
AWSDeepRacerAccountAdminAccess = "AWSDeepRacerAccountAdminAccess",
|
|
1728
1729
|
/** DeepRacer MultiUser Default user access to use deepracer in multi-user mode */
|
|
1729
|
-
AWSDeepRacerDefaultMultiUserAccess = "
|
|
1730
|
+
AWSDeepRacerDefaultMultiUserAccess = "AWSDeepRacerDefaultMultiUserAccess",
|
|
1730
1731
|
/** Grants permissions to to describe the organization of the account, create S3 buckets for the MAP program and apply tags to it, create a Cost and Usage Report, and describe Cost and Usage Report definitions. */
|
|
1731
|
-
AWSCostAndUsageReportAutomationPolicy = "
|
|
1732
|
+
AWSCostAndUsageReportAutomationPolicy = "service-role/AWSCostAndUsageReportAutomationPolicy",
|
|
1732
1733
|
/** This policy includes permissions to run SQL commands to copy, load, unload, query, and analyze data on Amazon Redshift. The policy also grants permissions to run select statements for related services, such as Amazon S3, Amazon CloudWatch logs, Amazon SageMaker, or AWS Glue. */
|
|
1733
|
-
AmazonRedshiftAllCommandsFullAccess = "
|
|
1734
|
+
AmazonRedshiftAllCommandsFullAccess = "AmazonRedshiftAllCommandsFullAccess",
|
|
1734
1735
|
/** This policy allows installing and using the AWS VCenter Client, which is used with AWS Application Migration Service (MGN) to migrate external servers to AWS. Attach this policy to your IAM users or roles whose credentials you provide when installing the AWS VCenter Client. */
|
|
1735
|
-
AWSApplicationMigrationVCenterClientPolicy = "
|
|
1736
|
+
AWSApplicationMigrationVCenterClientPolicy = "AWSApplicationMigrationVCenterClientPolicy",
|
|
1736
1737
|
/** Provide access to enable and manage Amazon DevOps Guru within an organization. */
|
|
1737
|
-
AmazonDevOpsGuruOrganizationsAccess = "
|
|
1738
|
+
AmazonDevOpsGuruOrganizationsAccess = "AmazonDevOpsGuruOrganizationsAccess",
|
|
1738
1739
|
/** Grants Amazon Inspector access to AWS Services needed to perform security assessments */
|
|
1739
|
-
AmazonInspector2ServiceRolePolicy = "
|
|
1740
|
+
AmazonInspector2ServiceRolePolicy = "aws-service-role/AmazonInspector2ServiceRolePolicy",
|
|
1740
1741
|
/** This policy is attached to the instance role of Elastic Disaster Recovery's Recovery Instance. This policy allows the Elastic Disaster Recovery (DRS) Recovery Instance, which are EC2 instances launched by Elastic Disaster Recovery - to communicate with the DRS service, and to be able to failback to their original source infrastructure. An IAM role with this policy is attached (as an EC2 Instance Profile) by Elastic Disaster Recovery to the DRS Recovery Instances. We do not recommend that you attach this policy to your IAM users or roles. */
|
|
1741
|
-
AWSElasticDisasterRecoveryRecoveryInstancePolicy = "
|
|
1742
|
+
AWSElasticDisasterRecoveryRecoveryInstancePolicy = "service-role/AWSElasticDisasterRecoveryRecoveryInstancePolicy",
|
|
1742
1743
|
/** This policy allows using the AWS Replication Agent, which is used with AWS Elastic Disaster Recovery (DRS) to recover source servers to AWS. We do not recommend that you attach this policy to your IAM users or roles. */
|
|
1743
|
-
AWSElasticDisasterRecoveryAgentPolicy = "
|
|
1744
|
+
AWSElasticDisasterRecoveryAgentPolicy = "service-role/AWSElasticDisasterRecoveryAgentPolicy",
|
|
1744
1745
|
/** This policy allows installing the AWS Replication Agent, which is used with AWS Elastic Disaster Recovery (DRS) to recover external servers to AWS. Attach this policy to your IAM users or roles whose credentials you provide during the installation step of the AWS Replication Agent. */
|
|
1745
|
-
AWSElasticDisasterRecoveryAgentInstallationPolicy = "
|
|
1746
|
+
AWSElasticDisasterRecoveryAgentInstallationPolicy = "AWSElasticDisasterRecoveryAgentInstallationPolicy",
|
|
1746
1747
|
/** This policy allows using the Elastic Disaster Recovery Failback Client, which is used to failback Recovery Instances back to your original source infrastructure. We do not recommend that you attach this policy to your IAM users or roles. */
|
|
1747
|
-
AWSElasticDisasterRecoveryFailbackPolicy = "
|
|
1748
|
+
AWSElasticDisasterRecoveryFailbackPolicy = "service-role/AWSElasticDisasterRecoveryFailbackPolicy",
|
|
1748
1749
|
/** This policy provides full access to all public APIs of AWS Elastic Disaster Recovery (DRS), as well as permissions to read KMS key, License Manager, Resource Groups, Elastic Load Balancing, IAM, and EC2 information. Attach this policy to your IAM users or roles. */
|
|
1749
|
-
AWSElasticDisasterRecoveryConsoleFullAccess = "
|
|
1750
|
+
AWSElasticDisasterRecoveryConsoleFullAccess = "AWSElasticDisasterRecoveryConsoleFullAccess",
|
|
1750
1751
|
/** You can attach the AWSElasticDisasterRecoveryReadOnlyAccess policy to your IAM identities. This policy provides permissions to all read-only public APIs of Elastic Disaster Recovery (DRS), as well as some read-only APIs of other AWS services that are required in order to make full read-only use of the DRS console. Attach this policy to your IAM users or roles. */
|
|
1751
|
-
AWSElasticDisasterRecoveryReadOnlyAccess = "
|
|
1752
|
+
AWSElasticDisasterRecoveryReadOnlyAccess = "AWSElasticDisasterRecoveryReadOnlyAccess",
|
|
1752
1753
|
/** This policy allows Elastic Disaster Recovery to manage AWS resources on your behalf. */
|
|
1753
|
-
AWSElasticDisasterRecoveryServiceRolePolicy = "
|
|
1754
|
+
AWSElasticDisasterRecoveryServiceRolePolicy = "aws-service-role/AWSElasticDisasterRecoveryServiceRolePolicy",
|
|
1754
1755
|
/** You can attach the AWSElasticDisasterRecoveryFailbackInstallationPolicy policy to your IAM identities. This policy allows installing the Elastic Disaster Recovery Failback Client, which is used to failback Recovery Instances back to your original source infrastructure. Attach this policy to your IAM users or roles whose credentials you provide when running the Elastic Disaster Recovery Failback Client. */
|
|
1755
|
-
AWSElasticDisasterRecoveryFailbackInstallationPolicy = "
|
|
1756
|
+
AWSElasticDisasterRecoveryFailbackInstallationPolicy = "AWSElasticDisasterRecoveryFailbackInstallationPolicy",
|
|
1756
1757
|
/** This policy is attached to the Elastic Disaster Recovery Replication server's instance role. This policy allows the Elastic Disaster Recovery (DRS) Replication Servers, which are EC2 instances launched by Elastic Disaster Recovery - to communicate with the DRS service, and to create EBS snapshots in your AWS account. An IAM role with this policy is attached (as an EC2 Instance Profile) by Elastic Disaster Recovery to the DRS Replication Servers which are automatically launched and terminated by DRS, as needed. DRS Replication Servers are used to facilitate data replication from your external servers to AWS, as part of the recovery process managed by DRS. We do not recommend that you attach this policy to your IAM users or roles. */
|
|
1757
|
-
AWSElasticDisasterRecoveryReplicationServerPolicy = "
|
|
1758
|
+
AWSElasticDisasterRecoveryReplicationServerPolicy = "service-role/AWSElasticDisasterRecoveryReplicationServerPolicy",
|
|
1758
1759
|
/** This policy is attached to the AWS Elastic Disaster Recovery Conversion server's instance role. This policy allows Elastic Disaster Recovery (DRS) Conversion Servers, which are EC2 instances launched by Elastic Disaster Recovery, to communicate with the DRS service. An IAM role with this policy is attached (as an EC2 Instance Profile) by DRS to the DRS Conversion Servers, which are automatically launched and terminated by DRS, when needed. We do not recommend that you attach this policy to your IAM users or roles. DRS Conversion Servers are used by Elastic Disaster Recovery when users choose to recover source servers using the DRS console, CLI, or API. */
|
|
1759
|
-
AWSElasticDisasterRecoveryConversionServerPolicy = "
|
|
1760
|
+
AWSElasticDisasterRecoveryConversionServerPolicy = "service-role/AWSElasticDisasterRecoveryConversionServerPolicy",
|
|
1760
1761
|
/** Allows AWS Shield to access AWS resources on your behalf to provide DDoS protection. */
|
|
1761
|
-
AWSShieldServiceRolePolicy = "
|
|
1762
|
+
AWSShieldServiceRolePolicy = "aws-service-role/AWSShieldServiceRolePolicy",
|
|
1762
1763
|
/** Grants permission to Amazon CloudWatch RUM Service to publish monitoring data to other relevant AWS services */
|
|
1763
|
-
AmazonCloudWatchRUMServiceRolePolicy = "
|
|
1764
|
+
AmazonCloudWatchRUMServiceRolePolicy = "aws-service-role/AmazonCloudWatchRUMServiceRolePolicy",
|
|
1764
1765
|
/** Allows Amazon Detective to make service calls on your behalf */
|
|
1765
|
-
AmazonDetectiveServiceLinkedRolePolicy = "
|
|
1766
|
+
AmazonDetectiveServiceLinkedRolePolicy = "aws-service-role/AmazonDetectiveServiceLinkedRolePolicy",
|
|
1766
1767
|
/** This policy grants access to Amazon Athena and the dependencies needed to enable querying and writing results to s3 from the Amazon Athena plugin in Amazon Grafana. */
|
|
1767
|
-
AmazonGrafanaAthenaAccess = "
|
|
1768
|
+
AmazonGrafanaAthenaAccess = "service-role/AmazonGrafanaAthenaAccess",
|
|
1768
1769
|
/** Provides full access to AWS Elemental MediaTailor resources */
|
|
1769
|
-
AWSElementalMediaTailorFullAccess = "
|
|
1770
|
+
AWSElementalMediaTailorFullAccess = "AWSElementalMediaTailorFullAccess",
|
|
1770
1771
|
/** Provides read only access to AWS Elemental MediaTailor resources */
|
|
1771
|
-
AWSElementalMediaTailorReadOnly = "
|
|
1772
|
+
AWSElementalMediaTailorReadOnly = "AWSElementalMediaTailorReadOnly",
|
|
1772
1773
|
/** Policy which allows AWS Proton to sync your git repository contents to Proton or sync Proton contents to your git repositories. */
|
|
1773
|
-
AWSProtonSyncServiceRolePolicy = "
|
|
1774
|
+
AWSProtonSyncServiceRolePolicy = "aws-service-role/AWSProtonSyncServiceRolePolicy",
|
|
1774
1775
|
/** Grants access to AWS Services and resources necessary for executing an Amazon Braket Job including S3, Cloudwatch, IAM and Braket */
|
|
1775
|
-
AmazonBraketJobsExecutionPolicy = "
|
|
1776
|
+
AmazonBraketJobsExecutionPolicy = "AmazonBraketJobsExecutionPolicy",
|
|
1776
1777
|
/** Enables access to AWS services and resources used or managed by AWS ECR pull through cache */
|
|
1777
|
-
AWSECRPullThroughCacheServiceRolePolicy = "
|
|
1778
|
+
AWSECRPullThroughCacheServiceRolePolicy = "aws-service-role/AWSECRPullThroughCache_ServiceRolePolicy",
|
|
1778
1779
|
/** This policy grants scoped access to Amazon Redshift and the dependencies needed to use the Amazon Redshift plugin in Amazon Grafana. */
|
|
1779
|
-
AmazonGrafanaRedshiftAccess = "
|
|
1780
|
+
AmazonGrafanaRedshiftAccess = "service-role/AmazonGrafanaRedshiftAccess",
|
|
1780
1781
|
/** This policy grants permissions that allow read-only access to AWS Iot RoboRunner. */
|
|
1781
|
-
AWSIotRoboRunnerReadOnly = "
|
|
1782
|
+
AWSIotRoboRunnerReadOnly = "AWSIotRoboRunnerReadOnly",
|
|
1782
1783
|
/** This policy grants permissions that allow full access to AWS Iot RoboRunner. */
|
|
1783
|
-
AWSIotRoboRunnerFullAccess = "
|
|
1784
|
+
AWSIotRoboRunnerFullAccess = "AWSIotRoboRunnerFullAccess",
|
|
1784
1785
|
/** Provides access to AWS Resources managed or used by AWS Migration Hub Refactor Spaces. */
|
|
1785
|
-
AWSMigrationHubRefactorSpacesServiceRolePolicy = "
|
|
1786
|
+
AWSMigrationHubRefactorSpacesServiceRolePolicy = "aws-service-role/AWSMigrationHubRefactorSpacesServiceRolePolicy",
|
|
1786
1787
|
/** Grants full access to AWS MigrationHub Refactor Spaces, AWS MigrationHub Refactor Spaces console features and other related AWS services except permissions required for AWS Lambda and AWS Resource Access Manager as they can be scoped down based on tags. */
|
|
1787
|
-
AWSMigrationHubRefactorSpacesFullAccess = "
|
|
1788
|
+
AWSMigrationHubRefactorSpacesFullAccess = "AWSMigrationHubRefactorSpacesFullAccess",
|
|
1788
1789
|
/** Provides read only access to Amazon CloudWatch Evidently */
|
|
1789
|
-
AmazonCloudWatchEvidentlyReadOnlyAccess = "
|
|
1790
|
+
AmazonCloudWatchEvidentlyReadOnlyAccess = "AmazonCloudWatchEvidentlyReadOnlyAccess",
|
|
1790
1791
|
/** Provides full only access to Amazon CloudWatch Evidently. Also provides access to related Amazon S3, Amazon SNS, Amazon CloudWatch, and other related services. */
|
|
1791
|
-
AmazonCloudWatchEvidentlyFullAccess = "
|
|
1792
|
+
AmazonCloudWatchEvidentlyFullAccess = "AmazonCloudWatchEvidentlyFullAccess",
|
|
1792
1793
|
/** Grants read only permissions for the Amazon CloudWatch RUM service */
|
|
1793
|
-
AmazonCloudWatchRUMReadOnlyAccess = "
|
|
1794
|
+
AmazonCloudWatchRUMReadOnlyAccess = "AmazonCloudWatchRUMReadOnlyAccess",
|
|
1794
1795
|
/** Grants full access permissions for the Amazon CloudWatch RUM service */
|
|
1795
|
-
AmazonCloudWatchRUMFullAccess = "
|
|
1796
|
+
AmazonCloudWatchRUMFullAccess = "AmazonCloudWatchRUMFullAccess",
|
|
1796
1797
|
/** Provides full access to Amazon Inspector and access to other related services such as organizations. */
|
|
1797
|
-
AmazonInspector2FullAccess = "
|
|
1798
|
+
AmazonInspector2FullAccess = "AmazonInspector2FullAccess",
|
|
1798
1799
|
/** Enables access to AWS Services and Resources used or managed by Amazon WorkSpaces Web */
|
|
1799
|
-
AmazonWorkSpacesWebServiceRolePolicy = "
|
|
1800
|
+
AmazonWorkSpacesWebServiceRolePolicy = "aws-service-role/AmazonWorkSpacesWebServiceRolePolicy",
|
|
1800
1801
|
/** Provides read-only access to Amazon WorkSpaces Web and its dependencies through the AWS Management Console, SDK, and CLI. */
|
|
1801
|
-
AmazonWorkSpacesWebReadOnly = "
|
|
1802
|
+
AmazonWorkSpacesWebReadOnly = "AmazonWorkSpacesWebReadOnly",
|
|
1802
1803
|
/** Allows VPC IP Address Manager to access VPC resources and integrate with AWS Organizations on your behalf. */
|
|
1803
|
-
AWSIPAMServiceRolePolicy = "
|
|
1804
|
+
AWSIPAMServiceRolePolicy = "aws-service-role/AWSIPAMServiceRolePolicy",
|
|
1804
1805
|
/** Allows AWS Private Networks Service to manage resources on behalf of the customer. */
|
|
1805
|
-
AWSPrivateNetworksServiceRolePolicy = "
|
|
1806
|
+
AWSPrivateNetworksServiceRolePolicy = "aws-service-role/AWSPrivateNetworksServiceRolePolicy",
|
|
1806
1807
|
/** The policy grants full-access to the DevOps Guru console. */
|
|
1807
|
-
AmazonDevOpsGuruConsoleFullAccess = "
|
|
1808
|
+
AmazonDevOpsGuruConsoleFullAccess = "AmazonDevOpsGuruConsoleFullAccess",
|
|
1808
1809
|
/** Policy grants ec2fastlaunch to prepare and manage preprovisioned snapshots in customer's account & publish related metrics. */
|
|
1809
|
-
EC2FastLaunchServiceRolePolicy = "
|
|
1810
|
+
EC2FastLaunchServiceRolePolicy = "aws-service-role/EC2FastLaunchServiceRolePolicy",
|
|
1810
1811
|
/** Grants permissions to all App Runner actions. */
|
|
1811
|
-
AWSAppRunnerFullAccess = "
|
|
1812
|
+
AWSAppRunnerFullAccess = "AWSAppRunnerFullAccess",
|
|
1812
1813
|
/** Allows AWS AppRunner Networking to manage related AWS resources on your behalf. */
|
|
1813
|
-
AppRunnerNetworkingServiceRolePolicy = "
|
|
1814
|
+
AppRunnerNetworkingServiceRolePolicy = "aws-service-role/AppRunnerNetworkingServiceRolePolicy",
|
|
1814
1815
|
/** Provides read only access to the Amazon inspector2 service and relevant support services */
|
|
1815
|
-
AmazonInspector2ReadOnlyAccess = "
|
|
1816
|
+
AmazonInspector2ReadOnlyAccess = "AmazonInspector2ReadOnlyAccess",
|
|
1816
1817
|
/** Policy containing permissions necessary for AWS Backup to restore a S3 backup to a bucket. This includes read/write permissions to all S3 buckets, and permissions to GenerateDataKey and DescribeKey for all KMS keys. */
|
|
1817
|
-
AWSBackupServiceRolePolicyForS3Restore = "
|
|
1818
|
+
AWSBackupServiceRolePolicyForS3Restore = "AWSBackupServiceRolePolicyForS3Restore",
|
|
1818
1819
|
/** Policy containing permissions necessary for AWS Backup to backup data in any S3 bucket. This includes read access to all S3 objects and any decrypt access for all KMS keys. */
|
|
1819
|
-
AWSBackupServiceRolePolicyForS3Backup = "
|
|
1820
|
+
AWSBackupServiceRolePolicyForS3Backup = "AWSBackupServiceRolePolicyForS3Backup",
|
|
1820
1821
|
/** Service role policy used by the AWS Glue within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including Glue, S3 and others. */
|
|
1821
|
-
AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy = "
|
|
1822
|
+
AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy = "service-role/AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy",
|
|
1822
1823
|
/** Service role policy used by the AWS CodePipeline within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a subset of related services including CodePipeline, CodeBuild and others. */
|
|
1823
|
-
AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy = "
|
|
1824
|
+
AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy = "service-role/AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy",
|
|
1824
1825
|
/** Service role policy used by the AWS CloudWatch Events within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a subset of related services including CodePipeline and others. */
|
|
1825
|
-
AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy = "
|
|
1826
|
+
AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy = "service-role/AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy",
|
|
1826
1827
|
/** Service role policy used by the AWS Firehose within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including Firehose and others. */
|
|
1827
|
-
AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy = "
|
|
1828
|
+
AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy = "service-role/AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy",
|
|
1828
1829
|
/** Grants permissions to list and view details about App Runner resources. */
|
|
1829
|
-
AWSAppRunnerReadOnlyAccess = "
|
|
1830
|
+
AWSAppRunnerReadOnlyAccess = "AWSAppRunnerReadOnlyAccess",
|
|
1830
1831
|
/** Grants full access to the Identity Sync service */
|
|
1831
|
-
AWSIdentitySyncFullAccess = "
|
|
1832
|
+
AWSIdentitySyncFullAccess = "AWSIdentitySyncFullAccess",
|
|
1832
1833
|
/** Read only access to the Identity Sync service */
|
|
1833
|
-
AWSIdentitySyncReadOnlyAccess = "
|
|
1834
|
+
AWSIdentitySyncReadOnlyAccess = "AWSIdentitySyncReadOnlyAccess",
|
|
1834
1835
|
/** Service role policy used by the AWS APIGateway within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including CloudWatch Logs and others. */
|
|
1835
|
-
AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy = "
|
|
1836
|
+
AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy = "service-role/AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy",
|
|
1836
1837
|
/** Service role policy used by the AWS CloudFormation within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a subset of related services including SageMaker and others. */
|
|
1837
|
-
AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy = "
|
|
1838
|
+
AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy = "service-role/AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy",
|
|
1838
1839
|
/** Service role policy used by the AWS CodeBuild within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a subset of related services including CodePipeline, CodeBuild and others. */
|
|
1839
|
-
AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy = "
|
|
1840
|
+
AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy = "AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy",
|
|
1840
1841
|
/** Service role policy used by the AWS Lambda within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including ECR, S3 and others. */
|
|
1841
|
-
AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy = "
|
|
1842
|
+
AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy = "service-role/AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy",
|
|
1842
1843
|
/** IAM Policy that allows the CSI driver service account to make calls to related services such as EC2 on your behalf. */
|
|
1843
|
-
AmazonEBSCSIDriverPolicy = "
|
|
1844
|
+
AmazonEBSCSIDriverPolicy = "service-role/AmazonEBSCSIDriverPolicy",
|
|
1844
1845
|
/** Managed Policy For Amazon Chime SDK MediaPipelines Service Linked Role */
|
|
1845
|
-
AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy = "
|
|
1846
|
+
AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy = "aws-service-role/AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy",
|
|
1846
1847
|
/** Read-Only policy for RDS Performance Insights */
|
|
1847
|
-
AmazonRDSPerformanceInsightsReadOnly = "
|
|
1848
|
+
AmazonRDSPerformanceInsightsReadOnly = "AmazonRDSPerformanceInsightsReadOnly",
|
|
1848
1849
|
/** This policy provides the permissions required to manage the Red Hat OpenShift Service on AWS (ROSA) subscription. */
|
|
1849
|
-
ROSAManageSubscription = "
|
|
1850
|
+
ROSAManageSubscription = "ROSAManageSubscription",
|
|
1850
1851
|
/** Use the AWSBillingConductorFullAccess managed policy to allow complete access to AWS Billing Conductor (ABC) console and APIs. This policy allows users to list, create and delete ABC resources. */
|
|
1851
|
-
AWSBillingConductorFullAccess = "
|
|
1852
|
+
AWSBillingConductorFullAccess = "AWSBillingConductorFullAccess",
|
|
1852
1853
|
/** Use the AWSBillingConductorReadOnlyAccess managed policy to allow read only access to AWS Billing Conductor (ABC) console and APIs. This policy grants permission to view and list all ABC resources. It does not include the ability to create or delete resources. */
|
|
1853
|
-
AWSBillingConductorReadOnlyAccess = "
|
|
1854
|
+
AWSBillingConductorReadOnlyAccess = "AWSBillingConductorReadOnlyAccess",
|
|
1854
1855
|
/** Provides full access to all AWS Glue resources except for sessions. Allows users to create and use only the interactive sessions that are associated with the user. This policy also includes other permissions needed by AWS Glue to manage Glue resources in other AWS services */
|
|
1855
|
-
AwsGlueSessionUserRestrictedServiceRole = "
|
|
1856
|
+
AwsGlueSessionUserRestrictedServiceRole = "service-role/AwsGlueSessionUserRestrictedServiceRole",
|
|
1856
1857
|
/** Provides permissions that allows users to create and use only the interactive sessions that are associated with the user. This policy also includes permissions to explicitly allow users to pass a restricted Glue session role. */
|
|
1857
|
-
AwsGlueSessionUserRestrictedPolicy = "
|
|
1858
|
+
AwsGlueSessionUserRestrictedPolicy = "AwsGlueSessionUserRestrictedPolicy",
|
|
1858
1859
|
/** Provides permissions that allows users to create and use only the notebook sessions that are associated with the user. This policy also includes permissions to explicitly allow users to pass a restricted Glue session role. */
|
|
1859
|
-
AwsGlueSessionUserRestrictedNotebookPolicy = "
|
|
1860
|
+
AwsGlueSessionUserRestrictedNotebookPolicy = "AwsGlueSessionUserRestrictedNotebookPolicy",
|
|
1860
1861
|
/** Provides full access to all AWS Glue resources except for sessions. Allows users to create and use only the notebook sessions that are associated with the user. This policy also includes other permissions needed by AWS Glue to manage Glue resources in other AWS services. */
|
|
1861
|
-
AwsGlueSessionUserRestrictedNotebookServiceRole = "
|
|
1862
|
+
AwsGlueSessionUserRestrictedNotebookServiceRole = "service-role/AwsGlueSessionUserRestrictedNotebookServiceRole",
|
|
1862
1863
|
/** Provides permissions necessary for Migration Hub Orchestrator to migrate and modernize your on-premises workloads */
|
|
1863
|
-
AWSMigrationHubOrchestratorServiceRolePolicy = "
|
|
1864
|
+
AWSMigrationHubOrchestratorServiceRolePolicy = "aws-service-role/AWSMigrationHubOrchestratorServiceRolePolicy",
|
|
1864
1865
|
/** Provides limited access to Amazon Simple Storage Service, AWS Secrets Manager and Plugin related actions for AWS Migration Hub Orchestrator. */
|
|
1865
|
-
AWSMigrationHubOrchestratorPlugin = "
|
|
1866
|
+
AWSMigrationHubOrchestratorPlugin = "AWSMigrationHubOrchestratorPlugin",
|
|
1866
1867
|
/** Provides limited access to AWS Migration Hub, AWS Application Discovery Service, Amazon Simple Storage Service and AWS Secrets Manager. This policy also grants full access to AWS Migration Hub Orchestrator service. */
|
|
1867
|
-
AWSMigrationHubOrchestratorConsoleFullAccess = "
|
|
1868
|
+
AWSMigrationHubOrchestratorConsoleFullAccess = "AWSMigrationHubOrchestratorConsoleFullAccess",
|
|
1868
1869
|
/** This policy needs to be attached for SAP and MGN migrated instance for our service to orchestrate instances by downloading scripts from S3 and to fetch secret values inside EC2 instance. */
|
|
1869
|
-
AWSMigrationHubOrchestratorInstanceRolePolicy = "
|
|
1870
|
+
AWSMigrationHubOrchestratorInstanceRolePolicy = "AWSMigrationHubOrchestratorInstanceRolePolicy",
|
|
1870
1871
|
/** Policy for AWS Monitron service linked role granting access to required customer resources. */
|
|
1871
|
-
MonitronServiceRolePolicy = "
|
|
1872
|
+
MonitronServiceRolePolicy = "aws-service-role/MonitronServiceRolePolicy",
|
|
1872
1873
|
/** Allows access to other AWS service resources that are required to run Amazon EMRServerless */
|
|
1873
|
-
AmazonEMRServerlessServiceRolePolicy = "
|
|
1874
|
+
AmazonEMRServerlessServiceRolePolicy = "aws-service-role/AmazonEMRServerlessServiceRolePolicy",
|
|
1874
1875
|
/** This policy gives permissions to control AWS resources. For example, to start and stop EC2 or RDS instances by executing AWS Systems Manager (SSM) scripts. */
|
|
1875
|
-
AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM = "
|
|
1876
|
+
AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM = "AWSBudgetsActions_RolePolicyForResourceAdministrationWithSSM",
|
|
1876
1877
|
/** This policy allows read-only access to AWS Elastic Disaster Recovery (DRS) resources such as source servers and jobs. It also allows creating a converted snapshot and sharing that EBS snapshot with a specific account. */
|
|
1877
|
-
AWSElasticDisasterRecoveryStagingAccountPolicy = "
|
|
1878
|
+
AWSElasticDisasterRecoveryStagingAccountPolicy = "service-role/AWSElasticDisasterRecoveryStagingAccountPolicy",
|
|
1878
1879
|
/** This policy allows installing and using the AWS Replication Agent, which is used by AWS Elastic Disaster Recovery (DRS) to recover source servers that run on EC2 (cross-region or cross-AZ). An IAM role with this policy should be attached (as an EC2 Instance Profile) to the EC2 Instances. */
|
|
1879
|
-
AWSElasticDisasterRecoveryEc2InstancePolicy = "
|
|
1880
|
+
AWSElasticDisasterRecoveryEc2InstancePolicy = "service-role/AWSElasticDisasterRecoveryEc2InstancePolicy",
|
|
1880
1881
|
/** This policy allows using the AWS Replication Agent, which is used with AWS Application Migration Service (MGN) to migrate external servers to AWS. We do not recommend that you attach this policy to your IAM users or roles. */
|
|
1881
|
-
AWSApplicationMigrationAgentPolicyV2 = "
|
|
1882
|
+
AWSApplicationMigrationAgentPolicyV2 = "service-role/AWSApplicationMigrationAgentPolicy_v2",
|
|
1882
1883
|
/** Allows AWS M2 to manage AWS resources on your behalf. */
|
|
1883
|
-
AWSM2ServicePolicy = "
|
|
1884
|
+
AWSM2ServicePolicy = "aws-service-role/AWSM2ServicePolicy",
|
|
1884
1885
|
/** Allows AWS Managed Services to manage deployment toolkit on your behalf. */
|
|
1885
|
-
AWSManagedServicesDeploymentToolkitPolicy = "
|
|
1886
|
+
AWSManagedServicesDeploymentToolkitPolicy = "aws-service-role/AWSManagedServicesDeploymentToolkitPolicy",
|
|
1886
1887
|
/** Provides read only access to AWS CloudTrail. */
|
|
1887
|
-
AWSCloudTrailReadOnlyAccess = "
|
|
1888
|
+
AWSCloudTrailReadOnlyAccess = "AWSCloudTrail_ReadOnlyAccess",
|
|
1888
1889
|
/** This policy allows installing the AWS Replication Agent, which is used with AWS Application Migration Service (MGN) to migrate external servers to AWS. Attach this policy to your IAM users or roles whose credentials you provide when installing the AWS Replication Agent. */
|
|
1889
|
-
AWSApplicationMigrationAgentInstallationPolicy = "
|
|
1890
|
+
AWSApplicationMigrationAgentInstallationPolicy = "AWSApplicationMigrationAgentInstallationPolicy",
|
|
1890
1891
|
/** Allows Well-Architected to access Organizations on your behalf. */
|
|
1891
|
-
AWSWellArchitectedOrganizationsServiceRolePolicy = "
|
|
1892
|
+
AWSWellArchitectedOrganizationsServiceRolePolicy = "aws-service-role/AWSWellArchitectedOrganizationsServiceRolePolicy",
|
|
1892
1893
|
/** Allows IAM Roles Anywhere to publish service/usage metrics to CloudWatch and check the status of Private Certificate Authorities on your behalf. */
|
|
1893
|
-
AWSRolesAnywhereServicePolicy = "
|
|
1894
|
+
AWSRolesAnywhereServicePolicy = "aws-service-role/AWSRolesAnywhereServicePolicy",
|
|
1894
1895
|
/** Allow NetworkManager to access resources associated with your Core Network */
|
|
1895
|
-
AWSNetworkManagerCloudWANServiceRolePolicy = "
|
|
1896
|
+
AWSNetworkManagerCloudWANServiceRolePolicy = "aws-service-role/AWSNetworkManagerCloudWANServiceRolePolicy",
|
|
1896
1897
|
/** GuardDuty malware protection uses the service-linked role (SLR) named AWSServiceRoleForAmazonGuardDutyMalwareProtection. This service-linked role allows GuardDuty malware protection to perform agent-less scans to detect malware. It allows GuardDuty to create snapshots in your account, and share the snapshots with the GuardDuty service account to scan for malware. It evaluates these shared snapshots and includes the retrieved EC2 instance metadata in the GuardDuty Malware Protection findings. The AWSServiceRoleForAmazonGuardDutyMalwareProtection service-linked role trusts the malware-protection.guardduty.amazonaws.com service to assume the role. */
|
|
1897
|
-
AmazonGuardDutyMalwareProtectionServiceRolePolicy = "
|
|
1898
|
+
AmazonGuardDutyMalwareProtectionServiceRolePolicy = "aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy",
|
|
1898
1899
|
/** Provides full access for creating and managing the Vendor Insights resources */
|
|
1899
|
-
AWSVendorInsightsVendorFullAccess = "
|
|
1900
|
+
AWSVendorInsightsVendorFullAccess = "AWSVendorInsightsVendorFullAccess",
|
|
1900
1901
|
/** Provides read-only access for viewing the Vendor Insights resources */
|
|
1901
|
-
AWSVendorInsightsVendorReadOnly = "
|
|
1902
|
+
AWSVendorInsightsVendorReadOnly = "AWSVendorInsightsVendorReadOnly",
|
|
1902
1903
|
/** Provides full access for viewing entitled Vendor Insights resources and managing Vendor Insights subscriptions */
|
|
1903
|
-
AWSVendorInsightsAssessorFullAccess = "
|
|
1904
|
+
AWSVendorInsightsAssessorFullAccess = "AWSVendorInsightsAssessorFullAccess",
|
|
1904
1905
|
/** Provides read-only access for viewing entitled Vendor Insights resources */
|
|
1905
|
-
AWSVendorInsightsAssessorReadOnly = "
|
|
1906
|
+
AWSVendorInsightsAssessorReadOnly = "AWSVendorInsightsAssessorReadOnly",
|
|
1906
1907
|
/** Allows AWS License Manager User Subscriptions Service to manage resources on your behalf. */
|
|
1907
|
-
AWSLicenseManagerUserSubscriptionsServiceRolePolicy = "
|
|
1908
|
+
AWSLicenseManagerUserSubscriptionsServiceRolePolicy = "aws-service-role/AWSLicenseManagerUserSubscriptionsServiceRolePolicy",
|
|
1908
1909
|
/** Provides full access to AWS Trusted Advisor Priority. This policy also enables the user to add Trusted Advisor as a trusted service with AWS Organizations and to specify delegated administrator accounts for Trusted Advisor Priority. */
|
|
1909
|
-
AWSTrustedAdvisorPriorityFullAccess = "
|
|
1910
|
+
AWSTrustedAdvisorPriorityFullAccess = "AWSTrustedAdvisorPriorityFullAccess",
|
|
1910
1911
|
/** Provides read-only access to AWS Trusted Advisor Priority. This includes permission to view the delegated administrator accounts. */
|
|
1911
|
-
AWSTrustedAdvisorPriorityReadOnlyAccess = "
|
|
1912
|
+
AWSTrustedAdvisorPriorityReadOnlyAccess = "AWSTrustedAdvisorPriorityReadOnlyAccess",
|
|
1912
1913
|
/** Allows Application Discovery Service Agentless Collectors to auto update, register, and communicate with Application Discovery Service */
|
|
1913
|
-
AWSApplicationDiscoveryAgentlessCollectorAccess = "
|
|
1914
|
+
AWSApplicationDiscoveryAgentlessCollectorAccess = "AWSApplicationDiscoveryAgentlessCollectorAccess",
|
|
1914
1915
|
/** Provides full access to the AWS Support App and other required services, such as AWS Support and Service Quotas. This policy includes permissions to use the supporting services so that the user can contact AWS Support for support cases, change service quotas, and create the relevant service-linked roles. */
|
|
1915
|
-
AWSSupportAppFullAccess = "
|
|
1916
|
+
AWSSupportAppFullAccess = "AWSSupportAppFullAccess",
|
|
1916
1917
|
/** Provides read-only access to the AWS Support App. */
|
|
1917
|
-
AWSSupportAppReadOnlyAccess = "
|
|
1918
|
+
AWSSupportAppReadOnlyAccess = "AWSSupportAppReadOnlyAccess",
|
|
1918
1919
|
/** Allows Amazon EKS Local to call AWS services on your behalf. */
|
|
1919
|
-
AmazonEKSLocalOutpostServiceRolePolicy = "
|
|
1920
|
+
AmazonEKSLocalOutpostServiceRolePolicy = "aws-service-role/AmazonEKSLocalOutpostServiceRolePolicy",
|
|
1920
1921
|
/** This policy grants permissions commonly needed to use SageMaker Canvas with Amazon Forecast. */
|
|
1921
|
-
AmazonSageMakerCanvasForecastAccess = "
|
|
1922
|
+
AmazonSageMakerCanvasForecastAccess = "service-role/AmazonSageMakerCanvasForecastAccess",
|
|
1922
1923
|
/** This policy provides permissions to EKS local cluster's control-plane instances running in your account to manage resources on your behalf. */
|
|
1923
|
-
AmazonEKSLocalOutpostClusterPolicy = "
|
|
1924
|
+
AmazonEKSLocalOutpostClusterPolicy = "AmazonEKSLocalOutpostClusterPolicy",
|
|
1924
1925
|
/** This policy grants read-only access to SageMaker Ground Truth Synthetic via the AWS Management Console. */
|
|
1925
|
-
GroundTruthSyntheticConsoleReadOnlyAccess = "
|
|
1926
|
+
GroundTruthSyntheticConsoleReadOnlyAccess = "GroundTruthSyntheticConsoleReadOnlyAccess",
|
|
1926
1927
|
/** This policy grants permissions needed to use all features of the SageMaker Ground Truth Synthetic Console. */
|
|
1927
|
-
GroundTruthSyntheticConsoleFullAccess = "
|
|
1928
|
+
GroundTruthSyntheticConsoleFullAccess = "GroundTruthSyntheticConsoleFullAccess",
|
|
1928
1929
|
/** This policy enables AWS Systems Manager functionality on EC2 instances. */
|
|
1929
|
-
AmazonSSMManagedEC2InstanceDefaultPolicy = "
|
|
1930
|
+
AmazonSSMManagedEC2InstanceDefaultPolicy = "AmazonSSMManagedEC2InstanceDefaultPolicy",
|
|
1930
1931
|
/** Provides full access to Amazon SageMaker Canvas resources and operations. The policy also provides select access to related services (e.g., S3, IAM, VPC, ECR, CloudWatch Logs, Redshift, Secrets Manager, and Forecast). This policy should be attached to the Amazon SageMaker Domain/User Profile execution role. */
|
|
1931
|
-
AmazonSageMakerCanvasFullAccess = "
|
|
1932
|
+
AmazonSageMakerCanvasFullAccess = "AmazonSageMakerCanvasFullAccess",
|
|
1932
1933
|
/** Allows CloudWatch Evidently Service to manage associated AWS Resources on behalf of the customer */
|
|
1933
|
-
AmazonCloudWatchEvidentlyServiceRolePolicy = "
|
|
1934
|
+
AmazonCloudWatchEvidentlyServiceRolePolicy = "aws-service-role/AmazonCloudWatchEvidentlyServiceRolePolicy",
|
|
1934
1935
|
/** Grant permissions to AWS Device Farm to call EC2 Network APIs on your behalf. */
|
|
1935
|
-
AWSDeviceFarmServiceRolePolicy = "
|
|
1936
|
+
AWSDeviceFarmServiceRolePolicy = "aws-service-role/AWSDeviceFarmServiceRolePolicy",
|
|
1936
1937
|
/** Grants permissions to AWS Resources and metaData used or managed by AWSIoTFleetwise for auxiliary features */
|
|
1937
|
-
AWSIoTFleetwiseServiceRolePolicy = "
|
|
1938
|
+
AWSIoTFleetwiseServiceRolePolicy = "aws-service-role/AWSIoTFleetwiseServiceRolePolicy",
|
|
1938
1939
|
/** Provides read-only access to supportplans. */
|
|
1939
|
-
AWSSupportPlansReadOnlyAccess = "
|
|
1940
|
+
AWSSupportPlansReadOnlyAccess = "AWSSupportPlansReadOnlyAccess",
|
|
1940
1941
|
/** Provides full access to supportplans. */
|
|
1941
|
-
AWSSupportPlansFullAccess = "
|
|
1942
|
+
AWSSupportPlansFullAccess = "AWSSupportPlansFullAccess",
|
|
1942
1943
|
/** Allows AppIntegrations to manage AppFlow resources and publish CloudWatch metric data on your behalf. */
|
|
1943
|
-
AppIntegrationsServiceLinkedRolePolicy = "
|
|
1944
|
+
AppIntegrationsServiceLinkedRolePolicy = "aws-service-role/AppIntegrationsServiceLinkedRolePolicy",
|
|
1944
1945
|
/** Amazon AppStream 2.0 access to AWS Certificate Manager Private CA in customer accounts for certificate-based authentication */
|
|
1945
|
-
AmazonAppStreamPCAAccess = "
|
|
1946
|
+
AmazonAppStreamPCAAccess = "service-role/AmazonAppStreamPCAAccess",
|
|
1946
1947
|
/** This policy is intended to be used by Amazon ECS Tasks created for testing applications in AWS using the AWS Toolkit for .NET Refactoring extension for Microsoft Visual Studio. The policy grants access to download application artifacts from Amazon S3, communicate the status of the Task using AWS Systems Manager, and other required services. */
|
|
1947
|
-
AWSRefactoringToolkitSidecarPolicy = "
|
|
1948
|
+
AWSRefactoringToolkitSidecarPolicy = "AWSRefactoringToolkitSidecarPolicy",
|
|
1948
1949
|
/** This policy grants permission to use AWS services with the AWS Toolkit for .NET Refactoring extension for Microsoft Visual Studio. It is intended to be attached to a local AWS profile. The policy allows uploading application artifacts and downloading the resulting artifacts from Amazon S3. It allows building applications into a container image using AWS CodeBuild and storing and retrieving the images from Amazon Elastic Container Registry (Amazon ECR). And it allows deployment of the application to container services on AWS such as Amazon Elastic Container Service (Amazon ECS), optional creation of VPC resources, optional connection to existing infrastructure such as AWS Directory Service, and other related services. */
|
|
1949
|
-
AWSRefactoringToolkitFullAccess = "
|
|
1950
|
+
AWSRefactoringToolkitFullAccess = "AWSRefactoringToolkitFullAccess",
|
|
1950
1951
|
/** Allows Resource Explorer to view resources and CloudTrail events on your behalf to index your resources for search. */
|
|
1951
|
-
AWSResourceExplorerServiceRolePolicy = "
|
|
1952
|
+
AWSResourceExplorerServiceRolePolicy = "aws-service-role/AWSResourceExplorerServiceRolePolicy",
|
|
1952
1953
|
/** This policy grants the Fault Injection Simulator Service permission in SSM and other required services to perform FIS actions. */
|
|
1953
|
-
AWSFaultInjectionSimulatorSSMAccess = "
|
|
1954
|
+
AWSFaultInjectionSimulatorSSMAccess = "service-role/AWSFaultInjectionSimulatorSSMAccess",
|
|
1954
1955
|
/** This policy grants the Fault Injection Simulator Service permission in RDS and other required services to perform FIS actions. */
|
|
1955
|
-
AWSFaultInjectionSimulatorRDSAccess = "
|
|
1956
|
+
AWSFaultInjectionSimulatorRDSAccess = "service-role/AWSFaultInjectionSimulatorRDSAccess",
|
|
1956
1957
|
/** This policy grants the Fault Injection Simulator Service permission in EC2 networking and other required services to perform FIS actions. */
|
|
1957
|
-
AWSFaultInjectionSimulatorNetworkAccess = "
|
|
1958
|
+
AWSFaultInjectionSimulatorNetworkAccess = "service-role/AWSFaultInjectionSimulatorNetworkAccess",
|
|
1958
1959
|
/** This policy grants the Fault Injection Simulator Service permission in EKS and other required services to perform FIS actions. */
|
|
1959
|
-
AWSFaultInjectionSimulatorEKSAccess = "
|
|
1960
|
+
AWSFaultInjectionSimulatorEKSAccess = "service-role/AWSFaultInjectionSimulatorEKSAccess",
|
|
1960
1961
|
/** This policy grants the Fault Injection Simulator Service permission in ECS and other required services to perform FIS actions. */
|
|
1961
|
-
AWSFaultInjectionSimulatorECSAccess = "
|
|
1962
|
+
AWSFaultInjectionSimulatorECSAccess = "service-role/AWSFaultInjectionSimulatorECSAccess",
|
|
1962
1963
|
/** This policy grants the Fault Injection Simulator Service permission in EC2 and other required services to perform FIS actions. */
|
|
1963
|
-
AWSFaultInjectionSimulatorEC2Access = "
|
|
1964
|
+
AWSFaultInjectionSimulatorEC2Access = "service-role/AWSFaultInjectionSimulatorEC2Access",
|
|
1964
1965
|
/** This policy grants read-only permissions to search for and view Resource Explorer resources and grants read-only permissions to other AWS services to support this access. */
|
|
1965
|
-
AWSResourceExplorerReadOnlyAccess = "
|
|
1966
|
+
AWSResourceExplorerReadOnlyAccess = "AWSResourceExplorerReadOnlyAccess",
|
|
1966
1967
|
/** This policy grants administrative permissions to access Resource Explorer resources and grants read-only permissions to other AWS services to support this access. */
|
|
1967
|
-
AWSResourceExplorerFullAccess = "
|
|
1968
|
+
AWSResourceExplorerFullAccess = "AWSResourceExplorerFullAccess",
|
|
1968
1969
|
/** This managed policy provides full administrative access to AWS Certificate Manager Private CA resources in your AWS account for certificate-based authentication. */
|
|
1969
|
-
AmazonWorkspacesPCAAccess = "
|
|
1970
|
+
AmazonWorkspacesPCAAccess = "AmazonWorkspacesPCAAccess",
|
|
1970
1971
|
/** Provides access to AWS Resources managed or used by Amazon Grafana. */
|
|
1971
|
-
AmazonGrafanaServiceLinkedRolePolicy = "
|
|
1972
|
+
AmazonGrafanaServiceLinkedRolePolicy = "aws-service-role/AmazonGrafanaServiceLinkedRolePolicy",
|
|
1972
1973
|
/** Permissions CodeBuild needs to run a build for AWS Proton CodeBuild Provisioning. */
|
|
1973
|
-
AWSProtonCodeBuildProvisioningBasicAccess = "
|
|
1974
|
+
AWSProtonCodeBuildProvisioningBasicAccess = "AWSProtonCodeBuildProvisioningBasicAccess",
|
|
1974
1975
|
/** Allows AWS Proton to manage Proton resource provisioning using CodeBuild and other AWS services on your behalf. */
|
|
1975
|
-
AWSProtonCodeBuildProvisioningServiceRolePolicy = "
|
|
1976
|
+
AWSProtonCodeBuildProvisioningServiceRolePolicy = "aws-service-role/AWSProtonCodeBuildProvisioningServiceRolePolicy",
|
|
1976
1977
|
/** The AmazonEventBridgeSchedulerFullAccess managed policy grants permissions to use all EventBridge Scheduler actions for schedules, and schedule groups. */
|
|
1977
|
-
AmazonEventBridgeSchedulerFullAccess = "
|
|
1978
|
+
AmazonEventBridgeSchedulerFullAccess = "AmazonEventBridgeSchedulerFullAccess",
|
|
1978
1979
|
/** The AmazonEventBridgeSchedulerReadOnlyAccess managed policy grants read-only permissions to view details about your schedules and schedule groups */
|
|
1979
|
-
AmazonEventBridgeSchedulerReadOnlyAccess = "
|
|
1980
|
+
AmazonEventBridgeSchedulerReadOnlyAccess = "AmazonEventBridgeSchedulerReadOnlyAccess",
|
|
1980
1981
|
/** Provides AWS Backup permission to restore a backup of SAP HANA on Amazon EC2 */
|
|
1981
|
-
AWSBackupRestoreAccessForSAPHANA = "
|
|
1982
|
+
AWSBackupRestoreAccessForSAPHANA = "AWSBackupRestoreAccessForSAPHANA",
|
|
1982
1983
|
/** This policy allows the AWS Backint agent to complete backup data transfer with AWS Backup Storage plane. Attach this policy to roles assumed by EC2 Instances running SAP HANA with the Backint agent. */
|
|
1983
|
-
AWSBackupDataTransferAccess = "
|
|
1984
|
+
AWSBackupDataTransferAccess = "AWSBackupDataTransferAccess",
|
|
1984
1985
|
/** A Service Linked Role for AWS ServiceCatalog to sync Provisioning Artifacts from source repositories */
|
|
1985
|
-
AWSServiceCatalogSyncServiceRolePolicy = "
|
|
1986
|
+
AWSServiceCatalogSyncServiceRolePolicy = "aws-service-role/AWSServiceCatalogSyncServiceRolePolicy",
|
|
1986
1987
|
/** Provides AWS Systems Manager for SAP with the permissions needed to manage and integrate SAP software with AWS. */
|
|
1987
|
-
AWSSSMForSAPServiceLinkedRolePolicy = "
|
|
1988
|
+
AWSSSMForSAPServiceLinkedRolePolicy = "aws-service-role/AWSSSMForSAPServiceLinkedRolePolicy",
|
|
1988
1989
|
/** Provides full access to AWS Systems Manager for SAP service */
|
|
1989
|
-
AWSSystemsManagerForSAPFullAccess = "
|
|
1990
|
+
AWSSystemsManagerForSAPFullAccess = "AWSSystemsManagerForSAPFullAccess",
|
|
1990
1991
|
/** Provides read only access to AWS Systems Manager for SAP service */
|
|
1991
|
-
AWSSystemsManagerForSAPReadOnlyAccess = "
|
|
1992
|
+
AWSSystemsManagerForSAPReadOnlyAccess = "AWSSystemsManagerForSAPReadOnlyAccess",
|
|
1992
1993
|
/** Allows Amazon OpenSearch Ingestion Service to access other AWS services on your behalf. */
|
|
1993
|
-
AmazonOpenSearchIngestionServiceRolePolicy = "
|
|
1994
|
+
AmazonOpenSearchIngestionServiceRolePolicy = "aws-service-role/AmazonOpenSearchIngestionServiceRolePolicy",
|
|
1994
1995
|
/** Allows VPC Reachability Analyzer to access AWS resources and integrate with AWS Organizations on your behalf. */
|
|
1995
|
-
AWSReachabilityAnalyzerServiceRolePolicy = "
|
|
1996
|
+
AWSReachabilityAnalyzerServiceRolePolicy = "aws-service-role/AWSReachabilityAnalyzerServiceRolePolicy",
|
|
1996
1997
|
/** Allow Amazon OpenSearch Serverless to access other AWS services such as CloudWatch APIs on your behalf. */
|
|
1997
|
-
AmazonOpenSearchServerlessServiceRolePolicy = "
|
|
1998
|
+
AmazonOpenSearchServerlessServiceRolePolicy = "aws-service-role/AmazonOpenSearchServerlessServiceRolePolicy",
|
|
1998
1999
|
/** This policy provides access to Amazon SSM operations required to use Application Migration Service (MGN) to execute custom post migration command SSM documents. Attach this policy to your IAM users or roles. */
|
|
1999
|
-
AWSApplicationMigrationSSMAccess = "
|
|
2000
|
+
AWSApplicationMigrationSSMAccess = "AWSApplicationMigrationSSMAccess",
|
|
2000
2001
|
/** Provides Read Only access to CloudWatch Observability Access Manager */
|
|
2001
|
-
OAMReadOnlyAccess = "
|
|
2002
|
+
OAMReadOnlyAccess = "OAMReadOnlyAccess",
|
|
2002
2003
|
/** Provides full access to CloudWatch Observability Access Manager */
|
|
2003
|
-
OAMFullAccess = "
|
|
2004
|
+
OAMFullAccess = "OAMFullAccess",
|
|
2004
2005
|
/** Provides capabilities to manage Observability Access Manager links and establish sharing of X-Ray traces */
|
|
2005
|
-
AWSXrayCrossAccountSharingConfiguration = "
|
|
2006
|
+
AWSXrayCrossAccountSharingConfiguration = "AWSXrayCrossAccountSharingConfiguration",
|
|
2006
2007
|
/** Provides capabilities to manage Observability Access Manager links and establish sharing of CloudWatch Logs resources */
|
|
2007
|
-
CloudWatchLogsCrossAccountSharingConfiguration = "
|
|
2008
|
+
CloudWatchLogsCrossAccountSharingConfiguration = "CloudWatchLogsCrossAccountSharingConfiguration",
|
|
2008
2009
|
/** Provides capabilities to manage Observability Access Manager links and establish sharing of CloudWatch resources */
|
|
2009
|
-
CloudWatchCrossAccountSharingConfiguration = "
|
|
2010
|
+
CloudWatchCrossAccountSharingConfiguration = "CloudWatchCrossAccountSharingConfiguration",
|
|
2010
2011
|
/** Allows Internet Monitor to access EC2, Workspaces, and CloudFront resources, and other required services on your behalf. */
|
|
2011
|
-
CloudWatchInternetMonitorServiceRolePolicy = "
|
|
2012
|
+
CloudWatchInternetMonitorServiceRolePolicy = "aws-service-role/CloudWatchInternetMonitorServiceRolePolicy",
|
|
2012
2013
|
/** This policy grants full administrative permissions to the Wickr service, including the Wickr administrative functions under the AWS Management Console. */
|
|
2013
|
-
AWSWickrFullAccess = "
|
|
2014
|
+
AWSWickrFullAccess = "AWSWickrFullAccess",
|
|
2014
2015
|
/** Policy to enable AWS Verified Access service to provision endpoints on your behalf */
|
|
2015
|
-
AWSVPCVerifiedAccessServiceRolePolicy = "
|
|
2016
|
+
AWSVPCVerifiedAccessServiceRolePolicy = "aws-service-role/AWSVPCVerifiedAccessServiceRolePolicy",
|
|
2016
2017
|
/** Provide read only access to Amazon Omics */
|
|
2017
|
-
AmazonOmicsReadOnlyAccess = "
|
|
2018
|
+
AmazonOmicsReadOnlyAccess = "AmazonOmicsReadOnlyAccess",
|
|
2018
2019
|
/** This policy grants permissions to operate the Amazon Security Lake service on your behalf */
|
|
2019
|
-
SecurityLakeServiceLinkedRole = "
|
|
2020
|
+
SecurityLakeServiceLinkedRole = "aws-service-role/SecurityLakeServiceLinkedRole",
|
|
2020
2021
|
/** Amazon Security Lake creates IAM roles for third-party custom sources to write data to a data lake and for third-party subscribers to consume data from a data lake, and uses this policy when creating these roles to define the boundary of their permissions. */
|
|
2021
|
-
AmazonSecurityLakePermissionsBoundary = "
|
|
2022
|
+
AmazonSecurityLakePermissionsBoundary = "AmazonSecurityLakePermissionsBoundary",
|
|
2022
2023
|
/** This AWS managed policy grants permissions needed to use all Amazon SageMaker Governance features. The policy also provides select access to related services (e.g., S3, KMS). */
|
|
2023
|
-
AmazonSageMakerModelGovernanceUseAccess = "
|
|
2024
|
+
AmazonSageMakerModelGovernanceUseAccess = "AmazonSageMakerModelGovernanceUseAccess",
|
|
2024
2025
|
/** This policy grants permissions that allow full access to Amazon SageMaker Geospatial through the AWS Management Console and SDK. */
|
|
2025
|
-
AmazonSageMakerGeospatialFullAccess = "
|
|
2026
|
+
AmazonSageMakerGeospatialFullAccess = "service-role/AmazonSageMakerGeospatialFullAccess",
|
|
2026
2027
|
/** This policy provide access to services that are commonly needed to use SageMaker geospatial. */
|
|
2027
|
-
AmazonSageMakerGeospatialExecutionRole = "
|
|
2028
|
+
AmazonSageMakerGeospatialExecutionRole = "service-role/AmazonSageMakerGeospatialExecutionRole",
|
|
2028
2029
|
/** Allows Amazon DocumentDB-Elastic to manage AWS resources on your behalf. */
|
|
2029
|
-
AmazonDocDBElasticServiceRolePolicy = "
|
|
2030
|
+
AmazonDocDBElasticServiceRolePolicy = "aws-service-role/AmazonDocDB-ElasticServiceRolePolicy",
|
|
2030
2031
|
/** Allows VPC Lattice to access AWS resources on your behalf. */
|
|
2031
|
-
AWSVpcLatticeServiceRolePolicy = "
|
|
2032
|
+
AWSVpcLatticeServiceRolePolicy = "aws-service-role/AWSVpcLatticeServiceRolePolicy",
|
|
2032
2033
|
/** Provides full access to Amazon EventBridge Pipes. */
|
|
2033
|
-
AmazonEventBridgePipesFullAccess = "
|
|
2034
|
+
AmazonEventBridgePipesFullAccess = "AmazonEventBridgePipesFullAccess",
|
|
2034
2035
|
/** Provides read-only access to Amazon EventBridge Pipes. */
|
|
2035
|
-
AmazonEventBridgePipesReadOnlyAccess = "
|
|
2036
|
+
AmazonEventBridgePipesReadOnlyAccess = "AmazonEventBridgePipesReadOnlyAccess",
|
|
2036
2037
|
/** Provides read-only and operator (ability to Stop and Start running Pipes) access to Amazon EventBridge Pipes. */
|
|
2037
|
-
AmazonEventBridgePipesOperatorAccess = "
|
|
2038
|
+
AmazonEventBridgePipesOperatorAccess = "AmazonEventBridgePipesOperatorAccess",
|
|
2038
2039
|
/** AWS GroundStation uses this service-linked role to invoke EC2 to find public IPv4 addresses */
|
|
2039
|
-
AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy = "
|
|
2040
|
+
AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy = "aws-service-role/AWSServiceRoleForGroundStationDataflowEndpointGroupPolicy",
|
|
2040
2041
|
/** Provides AWS BackupGateway permission to sync the metadata of Virtual Machines on your behalf */
|
|
2041
|
-
AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync = "
|
|
2042
|
+
AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync = "service-role/AWSBackupGatewayServiceRolePolicyForVirtualMachineMetadataSync",
|
|
2042
2043
|
/** AWS Managed Services - policy to manage detective controls infrastructure */
|
|
2043
|
-
AWSManagedServicesDetectiveControlsConfigServiceRolePolicy = "
|
|
2044
|
+
AWSManagedServicesDetectiveControlsConfigServiceRolePolicy = "aws-service-role/AWSManagedServices_DetectiveControlsConfig_ServiceRolePolicy",
|
|
2044
2045
|
/** Allows AWS License Manager Linux Subscriptions Service to manage resources on your behalf. */
|
|
2045
|
-
AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy = "
|
|
2046
|
+
AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy = "aws-service-role/AWSLicenseManagerLinuxSubscriptionsServiceRolePolicy",
|
|
2046
2047
|
/** This policy grants permissions that allow you to install an Outpost server on your on-premises network. */
|
|
2047
|
-
AWSOutpostsAuthorizeServerPolicy = "
|
|
2048
|
+
AWSOutpostsAuthorizeServerPolicy = "AWSOutpostsAuthorizeServerPolicy",
|
|
2048
2049
|
/** This policy is used by AWS Elastic Disaster Recovery (DRS) to recover source servers into a separate target account and to allow failing back. We do not recommend that you attach this policy to your IAM users or roles. */
|
|
2049
|
-
AWSElasticDisasterRecoveryStagingAccountPolicyV2 = "
|
|
2050
|
+
AWSElasticDisasterRecoveryStagingAccountPolicyV2 = "service-role/AWSElasticDisasterRecoveryStagingAccountPolicy_v2",
|
|
2050
2051
|
/** Allows AWS Resource Groups to query the AWS services that own your resources to keep the group up-to-date */
|
|
2051
|
-
ResourceGroupsServiceRolePolicy = "
|
|
2052
|
+
ResourceGroupsServiceRolePolicy = "aws-service-role/ResourceGroupsServiceRolePolicy",
|
|
2052
2053
|
/** Allows read-only access to AWS Clean Rooms resources and read-only access to related AWS Glue and Amazon CloudWatch Logs resources. */
|
|
2053
|
-
AWSCleanRoomsReadOnlyAccess = "
|
|
2054
|
+
AWSCleanRoomsReadOnlyAccess = "AWSCleanRoomsReadOnlyAccess",
|
|
2054
2055
|
/** Allows full access to AWS Clean Rooms resources and access to related AWS Services. */
|
|
2055
|
-
AWSCleanRoomsFullAccess = "
|
|
2056
|
+
AWSCleanRoomsFullAccess = "AWSCleanRoomsFullAccess",
|
|
2056
2057
|
/** Allows full access to AWS Clean Rooms resources except for querying in a collaboration and access to related AWS Services. */
|
|
2057
|
-
AWSCleanRoomsFullAccessNoQuerying = "
|
|
2058
|
+
AWSCleanRoomsFullAccessNoQuerying = "AWSCleanRoomsFullAccessNoQuerying",
|
|
2058
2059
|
/** Allows AWS Health to enable the Health event processor feature. */
|
|
2059
|
-
AWSHealthEventProcessorServiceRolePolicy = "
|
|
2060
|
+
AWSHealthEventProcessorServiceRolePolicy = "aws-service-role/AWSHealth_EventProcessorServiceRolePolicy",
|
|
2060
2061
|
/** Provides member access to Amazon Detective service and scoped access to the console UI dependencies. */
|
|
2061
|
-
AmazonDetectiveMemberAccess = "
|
|
2062
|
+
AmazonDetectiveMemberAccess = "AmazonDetectiveMemberAccess",
|
|
2062
2063
|
/** Provides investigator access to Amazon Detective service and scoped access to the console UI dependencies. This policy grants permission to dive into Detective for investigation purposes and limited write access to Guardduty. */
|
|
2063
|
-
AmazonDetectiveInvestigatorAccess = "
|
|
2064
|
+
AmazonDetectiveInvestigatorAccess = "AmazonDetectiveInvestigatorAccess",
|
|
2064
2065
|
/** EC2 Instance Connect endpoint policy to manage EC2 Instance Connect endpoints created by the customer */
|
|
2065
|
-
Ec2InstanceConnectEndpoint = "
|
|
2066
|
+
Ec2InstanceConnectEndpoint = "aws-service-role/Ec2InstanceConnectEndpoint",
|
|
2066
2067
|
/** This policy defines the set of permissions allowed for unauthenticated identities for Cognito Identity Pools. This does not need to be attached to your unauth role, as Cognito Identity Service will automatically include it as a scoped down policy when creating credentials. The privileges to temporarily access other AWS resources through the enhanced flow will now be defined by the intersection of the role associated with the identity of the unauthenticated user provided by a service, and the privileges given in this managed policy that is owned by Cognito. */
|
|
2067
|
-
AmazonCognitoUnauthenticatedIdentities = "
|
|
2068
|
+
AmazonCognitoUnauthenticatedIdentities = "AmazonCognitoUnauthenticatedIdentities",
|
|
2068
2069
|
/** AWS Managed Services policy to enable AMS event processor feature. */
|
|
2069
|
-
AWSManagedServicesEventsServiceRolePolicy = "
|
|
2070
|
+
AWSManagedServicesEventsServiceRolePolicy = "aws-service-role/AWSManagedServices_EventsServiceRolePolicy",
|
|
2070
2071
|
/** Provides certificate user access to AWS Private Certificate Authority */
|
|
2071
|
-
AWSPrivateCAUser = "
|
|
2072
|
+
AWSPrivateCAUser = "AWSPrivateCAUser",
|
|
2072
2073
|
/** Provides full access to AWS Private Certificate Authority */
|
|
2073
|
-
AWSPrivateCAFullAccess = "
|
|
2074
|
+
AWSPrivateCAFullAccess = "AWSPrivateCAFullAccess",
|
|
2074
2075
|
/** Provides privileged certificate user access to AWS Private Certificate Authority */
|
|
2075
|
-
AWSPrivateCAPrivilegedUser = "
|
|
2076
|
+
AWSPrivateCAPrivilegedUser = "AWSPrivateCAPrivilegedUser",
|
|
2076
2077
|
/** Provides read only access to AWS Private Certificate Authority */
|
|
2077
|
-
AWSPrivateCAReadOnly = "
|
|
2078
|
+
AWSPrivateCAReadOnly = "AWSPrivateCAReadOnly",
|
|
2078
2079
|
/** Provides auditor access to AWS Private Certificate Authority */
|
|
2079
|
-
AWSPrivateCAAuditor = "
|
|
2080
|
+
AWSPrivateCAAuditor = "AWSPrivateCAAuditor",
|
|
2080
2081
|
/** Allows AWS IoT RoboRunner to manage associated AWS Resources on behalf of the customer. */
|
|
2081
|
-
AWSIotRoboRunnerServiceRolePolicy = "
|
|
2082
|
+
AWSIotRoboRunnerServiceRolePolicy = "aws-service-role/AWSIotRoboRunnerServiceRolePolicy",
|
|
2082
2083
|
/** Provides full access to Amazon Omics and other required AWS Services. This policy allows the user to view and accept RAM share invitations to access resources outside of the user's AWS account. */
|
|
2083
|
-
AmazonOmicsFullAccess = "
|
|
2084
|
+
AmazonOmicsFullAccess = "AmazonOmicsFullAccess",
|
|
2084
2085
|
/** AWSSupplyChainFederationAdminAccess provides AWS Supply Chain federated users access to the AWS Supply Chain application, including the required permissions to perform actions within the AWS Supply Chain application. The policy provides administrative permissions over IAM Identity Center users and groups and is attached to a role created by AWS Supply Chain on your behalf. You shouldn't attach AWSSupplyChainFederationAdminAccess policy to any other IAM entities. */
|
|
2085
|
-
AWSSupplyChainFederationAdminAccess = "
|
|
2086
|
+
AWSSupplyChainFederationAdminAccess = "service-role/AWSSupplyChainFederationAdminAccess",
|
|
2086
2087
|
/** Provides Organizations access to manage Delegated administrator for Amazon Detective and scoped access to the console UI dependencies. This also grants permission to create a service-linked role for Detective. */
|
|
2087
|
-
AmazonDetectiveOrganizationsAccess = "
|
|
2088
|
+
AmazonDetectiveOrganizationsAccess = "AmazonDetectiveOrganizationsAccess",
|
|
2088
2089
|
/** Allows Amazon Chime SDK Messaging to access AWS resources and enable messaging functionality */
|
|
2089
|
-
AmazonChimeSDKMessagingServiceRolePolicy = "
|
|
2090
|
+
AmazonChimeSDKMessagingServiceRolePolicy = "aws-service-role/AmazonChimeSDKMessagingServiceRolePolicy",
|
|
2090
2091
|
/** Allows DMS Fleet Advisor to manage CloudWatch metrics on your behalf. */
|
|
2091
|
-
AWSDMSFleetAdvisorServiceRolePolicy = "
|
|
2092
|
+
AWSDMSFleetAdvisorServiceRolePolicy = "aws-service-role/AWSDMSFleetAdvisorServiceRolePolicy",
|
|
2092
2093
|
/** Allows Amazon Connect Customer Profiles to access AWS services and resources on your behalf. */
|
|
2093
|
-
CustomerProfilesServiceLinkedRolePolicy = "
|
|
2094
|
+
CustomerProfilesServiceLinkedRolePolicy = "aws-service-role/CustomerProfilesServiceLinkedRolePolicy",
|
|
2094
2095
|
/** Allows DataSync Discovery to integrate with other AWS services on your behalf. */
|
|
2095
|
-
AWSDataSyncDiscoveryServiceRolePolicy = "
|
|
2096
|
+
AWSDataSyncDiscoveryServiceRolePolicy = "aws-service-role/AWSDataSyncDiscoveryServiceRolePolicy",
|
|
2096
2097
|
/** This policy grants permission to register MediaConnect Gateway Instances to a MediaConnect Gateway. */
|
|
2097
|
-
MediaConnectGatewayInstanceRolePolicy = "
|
|
2098
|
+
MediaConnectGatewayInstanceRolePolicy = "MediaConnectGatewayInstanceRolePolicy",
|
|
2098
2099
|
/** Allows AWS Managed Services to read the values of the tags on AWS resources */
|
|
2099
|
-
AWSManagedServicesContactsServiceRolePolicy = "
|
|
2100
|
+
AWSManagedServicesContactsServiceRolePolicy = "aws-service-role/AWSManagedServices_ContactsServiceRolePolicy",
|
|
2100
2101
|
/** Provides permissions for Amazon SageMaker Canvas to use AI services to support ready to use AI solutions. This policy will add more mutating permissions for services as Amazon SageMaker Canvas adds support. */
|
|
2101
|
-
AmazonSageMakerCanvasAIServicesAccess = "
|
|
2102
|
+
AmazonSageMakerCanvasAIServicesAccess = "AmazonSageMakerCanvasAIServicesAccess",
|
|
2102
2103
|
/** This role grants permissions to CodeWhisperer to access data in your account to calculate billing, provides access to create and access security reports in Amazon CodeGuru, and emit data to CloudWatch. */
|
|
2103
|
-
AWSServiceRoleForCodeWhispererPolicy = "
|
|
2104
|
+
AWSServiceRoleForCodeWhispererPolicy = "aws-service-role/AWSServiceRoleForCodeWhispererPolicy",
|
|
2104
2105
|
/** This policy grants access to Amazon CloudWatch and the dependencies needed to use CloudWatch as a datasource within Amazon Managed Grafana. */
|
|
2105
|
-
AmazonGrafanaCloudWatchAccess = "
|
|
2106
|
+
AmazonGrafanaCloudWatchAccess = "service-role/AmazonGrafanaCloudWatchAccess",
|
|
2106
2107
|
/** Provides the Dataflow Endpoint Instance permissions to use the AWS Ground Station Agent */
|
|
2107
|
-
AWSGroundStationAgentInstancePolicy = "
|
|
2108
|
+
AWSGroundStationAgentInstancePolicy = "AWSGroundStationAgentInstancePolicy",
|
|
2108
2109
|
/** Provides access to invoking Amazon VPC Lattice services. */
|
|
2109
|
-
VPCLatticeServicesInvokeAccess = "
|
|
2110
|
+
VPCLatticeServicesInvokeAccess = "VPCLatticeServicesInvokeAccess",
|
|
2110
2111
|
/** Provides read-only access to Amazon VPC Lattice via the AWS Management Console, and limited access to dependency services. */
|
|
2111
|
-
VPCLatticeReadOnlyAccess = "
|
|
2112
|
+
VPCLatticeReadOnlyAccess = "VPCLatticeReadOnlyAccess",
|
|
2112
2113
|
/** Provides full access to Amazon VPC Lattice and access to dependency services. */
|
|
2113
|
-
VPCLatticeFullAccess = "
|
|
2114
|
+
VPCLatticeFullAccess = "VPCLatticeFullAccess",
|
|
2114
2115
|
/** Grants full access to AWS Migration Hub Refactor Spaces and other AWS related services except AWS Transit Gateway and EC2 security groups not required when using environments without a network bridge. This policy also excludes permissions required for AWS Lambda and AWS Resource Access Manager as they can be scoped down based on tags. */
|
|
2115
|
-
AWSMigrationHubRefactorSpacesEnvironmentsWithoutBridgesFullAccess = "
|
|
2116
|
+
AWSMigrationHubRefactorSpacesEnvironmentsWithoutBridgesFullAccess = "AWSMigrationHubRefactorSpaces-EnvironmentsWithoutBridgesFullAccess",
|
|
2116
2117
|
/** The default policy that enables access to AWS Services and Resources used or managed by MediaConnect. */
|
|
2117
|
-
AWSMediaConnectServicePolicy = "
|
|
2118
|
+
AWSMediaConnectServicePolicy = "aws-service-role/AWSMediaConnectServicePolicy",
|
|
2118
2119
|
/** Policy which allows AWS Proton to sync your service, environment and component definitions from your git repository to AWS Proton. */
|
|
2119
|
-
AWSProtonServiceGitSyncServiceRolePolicy = "
|
|
2120
|
+
AWSProtonServiceGitSyncServiceRolePolicy = "aws-service-role/AWSProtonServiceGitSyncServiceRolePolicy",
|
|
2120
2121
|
/** A Service Linked Role Policy for AWS ServiceCatalog to sync with AWS Organizations organization structure */
|
|
2121
|
-
AWSServiceCatalogOrgsDataSyncServiceRolePolicy = "
|
|
2122
|
+
AWSServiceCatalogOrgsDataSyncServiceRolePolicy = "aws-service-role/AWSServiceCatalogOrgsDataSyncServiceRolePolicy",
|
|
2122
2123
|
/** This is a new managed policy for Model Registry in Sagemaker. This policy is a standalone policy that can be attached to the user role to access Model Registry related functionalities in Sagemaker. */
|
|
2123
|
-
AmazonSageMakerModelRegistryFullAccess = "
|
|
2124
|
+
AmazonSageMakerModelRegistryFullAccess = "AmazonSageMakerModelRegistryFullAccess",
|
|
2124
2125
|
/** Allows AWS User Notifications to call AWS services on your behalf. */
|
|
2125
|
-
AWSUserNotificationsServiceLinkedRolePolicy = "
|
|
2126
|
+
AWSUserNotificationsServiceLinkedRolePolicy = "aws-service-role/AWSUserNotificationsServiceLinkedRolePolicy",
|
|
2126
2127
|
/** Allows Amazon CodeCatalyst to create, update, and resolve AWS Support cases on your behalf. */
|
|
2127
|
-
AmazonCodeCatalystSupportAccess = "
|
|
2128
|
+
AmazonCodeCatalystSupportAccess = "service-role/AmazonCodeCatalystSupportAccess",
|
|
2128
2129
|
/** Provides read only access to Amazon CodeCatalyst */
|
|
2129
|
-
AmazonCodeCatalystReadOnlyAccess = "
|
|
2130
|
+
AmazonCodeCatalystReadOnlyAccess = "AmazonCodeCatalystReadOnlyAccess",
|
|
2130
2131
|
/** Provides full access to Amazon CodeCatalyst */
|
|
2131
|
-
AmazonCodeCatalystFullAccess = "
|
|
2132
|
+
AmazonCodeCatalystFullAccess = "AmazonCodeCatalystFullAccess",
|
|
2132
2133
|
/** Allows the OpenShift Cloud Network Config Controller Operator to provision and manage networking resources for use by the Red Hat OpenShift Service on AWS (ROSA) cluster networking overlay. The OpenShift Cloud Network Operator interfaces with AWS APIs on behalf of the network plugins via CustomResourceDefinitions. The operator uses these policy permissions to manage private IP addresses for Amazon EC2 instances as part of the ROSA cluster. */
|
|
2133
|
-
ROSACloudNetworkConfigOperatorPolicy = "
|
|
2134
|
+
ROSACloudNetworkConfigOperatorPolicy = "service-role/ROSACloudNetworkConfigOperatorPolicy",
|
|
2134
2135
|
/** Allows Red Hat OpenShift Service on AWS (ROSA) worker nodes in your account read-only access to Amazon EC2 instances and AWS Regions for compute node lifecycle management. */
|
|
2135
|
-
ROSAWorkerInstancePolicy = "
|
|
2136
|
+
ROSAWorkerInstancePolicy = "service-role/ROSAWorkerInstancePolicy",
|
|
2136
2137
|
/** Allows the OpenShift Amazon EBS Container Storage Interface (CSI) Driver Operator to install and maintain the Amazon EBS CSI driver on a Red Hat OpenShift Service on AWS (ROSA) cluster. The Amazon EBS CSI driver allows ROSA clusters to manage the lifecycle of Amazon EBS volumes for persistent volumes. */
|
|
2137
|
-
ROSAAmazonEBSCSIDriverOperatorPolicy = "
|
|
2138
|
+
ROSAAmazonEBSCSIDriverOperatorPolicy = "service-role/ROSAAmazonEBSCSIDriverOperatorPolicy",
|
|
2138
2139
|
/** Allows the OpenShift Ingress Operator to provision and manage load balancers and domain name system (DNS) configurations for Red Hat OpenShift Service on AWS (ROSA) clusters. The policy allows read access to tag values, which the operator filters for Route 53 resources to discover hosted zones. */
|
|
2139
|
-
ROSAIngressOperatorPolicy = "
|
|
2140
|
+
ROSAIngressOperatorPolicy = "service-role/ROSAIngressOperatorPolicy",
|
|
2140
2141
|
/** Allows Red Hat OpenShift Service on AWS (ROSA) control plane to manage ROSA cluster Amazon EC2 and Amazon Route 53 resources. */
|
|
2141
|
-
ROSAControlPlaneOperatorPolicy = "
|
|
2142
|
+
ROSAControlPlaneOperatorPolicy = "service-role/ROSAControlPlaneOperatorPolicy",
|
|
2142
2143
|
/** Provides read only access to the Amazon OpenSearch Ingestion Service */
|
|
2143
|
-
AmazonOpenSearchIngestionReadOnlyAccess = "
|
|
2144
|
+
AmazonOpenSearchIngestionReadOnlyAccess = "AmazonOpenSearchIngestionReadOnlyAccess",
|
|
2144
2145
|
/** Allows Amazon OpenSearch Ingestion to access other AWS services on your behalf. */
|
|
2145
|
-
AmazonOpenSearchIngestionFullAccess = "
|
|
2146
|
+
AmazonOpenSearchIngestionFullAccess = "AmazonOpenSearchIngestionFullAccess",
|
|
2146
2147
|
/** Allows WellArchitected to access AWS services and resources that relate to WellArchitected resources on behalf of customers. */
|
|
2147
|
-
AWSWellArchitectedDiscoveryServiceRolePolicy = "
|
|
2148
|
+
AWSWellArchitectedDiscoveryServiceRolePolicy = "aws-service-role/AWSWellArchitectedDiscoveryServiceRolePolicy",
|
|
2148
2149
|
/** Allows the ROSA Kubernetes controller to manage Amazon EC2, Elastic Load Balancing (ELB), and AWS Key Management Service (KMS) resources for a ROSA cluster. */
|
|
2149
|
-
ROSAKubeControllerPolicy = "
|
|
2150
|
+
ROSAKubeControllerPolicy = "service-role/ROSAKubeControllerPolicy",
|
|
2150
2151
|
/** Allows the built-in ROSA AWS Encryption Provider to manage AWS Key Management Service (KMS) keys to support etcd data encryption using a customer provided AWS KMS key. The policy allows encryption and decryption of data using KMS keys. */
|
|
2151
|
-
ROSAKMSProviderPolicy = "
|
|
2152
|
+
ROSAKMSProviderPolicy = "service-role/ROSAKMSProviderPolicy",
|
|
2152
2153
|
/** Allows the OpenShift Image Registry Operator to provision and manage Amazon S3 buckets and objects for use by the Red Hat OpenShift Service on AWS (ROSA) in-cluster image registry to satisfy ROSA storage requirements. The OpenShift Image Registry Operator installs and maintains the internal registry of a Red Hat OpenShift cluster. */
|
|
2153
|
-
ROSAImageRegistryOperatorPolicy = "
|
|
2154
|
+
ROSAImageRegistryOperatorPolicy = "service-role/ROSAImageRegistryOperatorPolicy",
|
|
2154
2155
|
/** This policy is attached to the role IAMRoleForReachabilityAnalyzerCrossAccountResourceAccess. This role is deployed to the member accounts in an organization when the management account enables trusted access for Reachability Analyzer. It provides permissions to view resources from across your organization using the Reachability Analyzer console. */
|
|
2155
|
-
AmazonVPCReachabilityAnalyzerPathComponentReadPolicy = "
|
|
2156
|
+
AmazonVPCReachabilityAnalyzerPathComponentReadPolicy = "AmazonVPCReachabilityAnalyzerPathComponentReadPolicy",
|
|
2156
2157
|
/** Permissions required by Keyspaces for cross-region data replication */
|
|
2157
|
-
KeyspacesReplicationServiceRolePolicy = "
|
|
2158
|
+
KeyspacesReplicationServiceRolePolicy = "aws-service-role/KeyspacesReplicationServiceRolePolicy",
|
|
2158
2159
|
/** Provides access required for working with Amazon CodeGuru Security scans. */
|
|
2159
|
-
AmazonCodeGuruSecurityScanAccess = "
|
|
2160
|
+
AmazonCodeGuruSecurityScanAccess = "AmazonCodeGuruSecurityScanAccess",
|
|
2160
2161
|
/** Provides full access to Amazon CodeGuru Security. */
|
|
2161
|
-
AmazonCodeGuruSecurityFullAccess = "
|
|
2162
|
+
AmazonCodeGuruSecurityFullAccess = "AmazonCodeGuruSecurityFullAccess",
|
|
2162
2163
|
/** Policy to enable access to AWS Service and Resources used or managed by Amazon FinSpace */
|
|
2163
|
-
AWSFinSpaceServiceRolePolicy = "
|
|
2164
|
+
AWSFinSpaceServiceRolePolicy = "aws-service-role/AWSFinSpaceServiceRolePolicy",
|
|
2164
2165
|
/** This policy allows AWS Elastic Disaster Recovery (DRS) to support cross-account replication and cross-account failback. */
|
|
2165
|
-
AWSElasticDisasterRecoveryCrossAccountReplicationPolicy = "
|
|
2166
|
+
AWSElasticDisasterRecoveryCrossAccountReplicationPolicy = "service-role/AWSElasticDisasterRecoveryCrossAccountReplicationPolicy",
|
|
2166
2167
|
/** Grants AWS DMS Serverless permissions to create and manage DMS resources in your account on your behalf */
|
|
2167
|
-
AWSDMSServerlessServiceRolePolicy = "
|
|
2168
|
+
AWSDMSServerlessServiceRolePolicy = "aws-service-role/AWSDMSServerlessServiceRolePolicy",
|
|
2168
2169
|
/** Provides full access to Amazon Security Lake and related services needed to administer Security Lake. */
|
|
2169
|
-
AmazonSecurityLakeAdministrator = "
|
|
2170
|
+
AmazonSecurityLakeAdministrator = "AmazonSecurityLakeAdministrator",
|
|
2170
2171
|
/** Provides ROSA site reliability engineering (SRE) the permissions needed to initially observe, diagnose, and support AWS resources associated with Red Hat OpenShift Service on AWS (ROSA) clusters, including the ability to change ROSA cluster node state. */
|
|
2171
|
-
ROSASRESupportPolicy = "
|
|
2172
|
+
ROSASRESupportPolicy = "service-role/ROSASRESupportPolicy",
|
|
2172
2173
|
/** Provides full access to Amazon DocumentDB Elastic Clusters and other required permissions for its dependencies including EC2, KMS, SecretsManager, CloudWatch and IAM. */
|
|
2173
|
-
AmazonDocDBElasticFullAccess = "
|
|
2174
|
+
AmazonDocDBElasticFullAccess = "AmazonDocDBElasticFullAccess",
|
|
2174
2175
|
/** Allows AWS Control Tower to call AWS services that provide automated account configuration and centralized governance on your behalf. */
|
|
2175
|
-
AWSControlTowerAccountServiceRolePolicy = "
|
|
2176
|
+
AWSControlTowerAccountServiceRolePolicy = "aws-service-role/AWSControlTowerAccountServiceRolePolicy",
|
|
2176
2177
|
/** Allows the Red Hat OpenShift Service on AWS (ROSA) installer to manage AWS resources that support ROSA cluster installation. This includes managing instance profiles for ROSA worker nodes. */
|
|
2177
|
-
ROSAInstallerPolicy = "
|
|
2178
|
+
ROSAInstallerPolicy = "service-role/ROSAInstallerPolicy",
|
|
2178
2179
|
/** Provides read-only access to Amazon DocDB-Elastic and CloudWatch metrics. */
|
|
2179
|
-
AmazonDocDBElasticReadOnlyAccess = "
|
|
2180
|
+
AmazonDocDBElasticReadOnlyAccess = "AmazonDocDBElasticReadOnlyAccess",
|
|
2180
2181
|
/** Allows Red Hat OpenShift Service on AWS (ROSA) to manage cluster EC2 instances as worker nodes, including permission to configure security groups and tag instances and volumes. This policy also allows for the use of EC2 instances with disk encryption provided by AWS Key Management Service (KMS) keys. */
|
|
2181
|
-
ROSANodePoolManagementPolicy = "
|
|
2182
|
+
ROSANodePoolManagementPolicy = "service-role/ROSANodePoolManagementPolicy",
|
|
2182
2183
|
/** This policy allows AWS Elastic Disaster Recovery (DRS) to support network replication. */
|
|
2183
|
-
AWSElasticDisasterRecoveryNetworkReplicationPolicy = "
|
|
2184
|
+
AWSElasticDisasterRecoveryNetworkReplicationPolicy = "service-role/AWSElasticDisasterRecoveryNetworkReplicationPolicy",
|
|
2184
2185
|
/** Provides permissions to describe AWS resources, run Reachability Analyzer, and create or delete tags on Network Insights Path and Network Insights Analysis. */
|
|
2185
|
-
AmazonVPCReachabilityAnalyzerFullAccessPolicy = "
|
|
2186
|
+
AmazonVPCReachabilityAnalyzerFullAccessPolicy = "AmazonVPCReachabilityAnalyzerFullAccessPolicy",
|
|
2186
2187
|
/** Provides readonly access to Amazon Macie. */
|
|
2187
|
-
AmazonMacieReadOnlyAccess = "
|
|
2188
|
+
AmazonMacieReadOnlyAccess = "AmazonMacieReadOnlyAccess",
|
|
2188
2189
|
/** Provides permissions to describe AWS resources, run Network Access Analyzer, and create or delete tags on Network Insights Access Scope and Network Insights Access Scope Analysis. */
|
|
2189
|
-
AmazonVPCNetworkAccessAnalyzerFullAccessPolicy = "
|
|
2190
|
+
AmazonVPCNetworkAccessAnalyzerFullAccessPolicy = "AmazonVPCNetworkAccessAnalyzerFullAccessPolicy",
|
|
2190
2191
|
/** This policy grants read-only permissions that allow the WAL service for Amazon EMR to find and return the status of a cluster */
|
|
2191
|
-
EMRDescribeClusterPolicyForEMRWAL = "
|
|
2192
|
+
EMRDescribeClusterPolicyForEMRWAL = "aws-service-role/EMRDescribeClusterPolicyForEMRWAL",
|
|
2192
2193
|
/** Provides AppFabric access to AWS resources on your behalf */
|
|
2193
|
-
AWSAppFabricServiceRolePolicy = "
|
|
2194
|
+
AWSAppFabricServiceRolePolicy = "aws-service-role/AWSAppFabricServiceRolePolicy",
|
|
2194
2195
|
/** Policy for AWS Resilience Hub service role which allows access to other AWS services in order to execute assessment. */
|
|
2195
|
-
AWSResilienceHubAsssessmentExecutionPolicy = "
|
|
2196
|
+
AWSResilienceHubAsssessmentExecutionPolicy = "AWSResilienceHubAsssessmentExecutionPolicy",
|
|
2196
2197
|
/** Provides full access to the AWS AppFabric service and read only access to dependent services such as S3, Kinesis, KMS. */
|
|
2197
|
-
AWSAppFabricFullAccess = "
|
|
2198
|
+
AWSAppFabricFullAccess = "AWSAppFabricFullAccess",
|
|
2198
2199
|
/** Provides read only access to the AWS AppFabric */
|
|
2199
|
-
AWSAppFabricReadOnlyAccess = "
|
|
2200
|
+
AWSAppFabricReadOnlyAccess = "AWSAppFabricReadOnlyAccess",
|
|
2200
2201
|
/** This policy defines the set of permissions allowed for unauthenticated identities for Cognito Identity Pools. This policy is not intended to be used as a stand alone permission policy. It is used as a guardrail against overly permissive policies attached for roles in an identity pool. Do not attach this policy to any roles, as Cognito Identity Service will automatically include it as a scoped down policy when creating credentials. The privileges to temporarily access other AWS resources through the enhanced flow will now be defined by the intersection of the role associated with the identity of the unauthenticated user provided by a service, and the privileges given in this managed policy that is owned by Cognito. */
|
|
2201
|
-
AmazonCognitoUnAuthedIdentitiesSessionPolicy = "
|
|
2202
|
+
AmazonCognitoUnAuthedIdentitiesSessionPolicy = "AmazonCognitoUnAuthedIdentitiesSessionPolicy",
|
|
2202
2203
|
/** Provides management access to EFS resources and read access to EC2 */
|
|
2203
|
-
AmazonEFSCSIDriverPolicy = "
|
|
2204
|
+
AmazonEFSCSIDriverPolicy = "service-role/AmazonEFSCSIDriverPolicy",
|
|
2204
2205
|
/** Provides full access to AWS Elemental MediaPackageV2 resources. */
|
|
2205
|
-
AWSElementalMediaPackageV2FullAccess = "
|
|
2206
|
+
AWSElementalMediaPackageV2FullAccess = "AWSElementalMediaPackageV2FullAccess",
|
|
2206
2207
|
/** Provides read-only access to AWS Elemental MediaPackageV2 resources. */
|
|
2207
|
-
AWSElementalMediaPackageV2ReadOnly = "
|
|
2208
|
+
AWSElementalMediaPackageV2ReadOnly = "AWSElementalMediaPackageV2ReadOnly",
|
|
2208
2209
|
/** Provides full access to AWS Health Imaging service. */
|
|
2209
|
-
AWSHealthImagingFullAccess = "
|
|
2210
|
+
AWSHealthImagingFullAccess = "AWSHealthImagingFullAccess",
|
|
2210
2211
|
/** Provides read only access to AWS Health Imaging service. */
|
|
2211
|
-
AWSHealthImagingReadOnlyAccess = "
|
|
2212
|
+
AWSHealthImagingReadOnlyAccess = "AWSHealthImagingReadOnlyAccess",
|
|
2212
2213
|
/** Provides full access to CloudWatch. */
|
|
2213
|
-
CloudWatchFullAccessV2 = "
|
|
2214
|
+
CloudWatchFullAccessV2 = "CloudWatchFullAccessV2",
|
|
2214
2215
|
/** Service role policy used by the AWS Lambda within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including Secrets Manager and others. */
|
|
2215
|
-
AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy = "
|
|
2216
|
+
AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy = "service-role/AmazonSageMakerPartnerServiceCatalogProductsLambdaServiceRolePolicy",
|
|
2216
2217
|
/** Service role policy used by the AWS APIGateway within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a set of related services including Lambda and others. */
|
|
2217
|
-
AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy = "
|
|
2218
|
+
AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy = "service-role/AmazonSageMakerPartnerServiceCatalogProductsApiGatewayServiceRolePolicy",
|
|
2218
2219
|
/** Service role policy used by the AWS CloudFormation within the AWS ServiceCatalog provisioned products from Amazon SageMaker portfolio of products. Grants permissions to a subset of related services including Lambda, APIGateway and others. */
|
|
2219
|
-
AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy = "
|
|
2220
|
+
AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy = "service-role/AmazonSageMakerPartnerServiceCatalogProductsCloudFormationServiceRolePolicy",
|
|
2220
2221
|
/** Use in the IAM service role passed to the SSM Automation document AWSRefactorSpaces-CreateResources to grant permissions required to run the automation. The policy grants read/write access to EC2 tags in order to track automation progress. When the Refactor Spaces environment's network bridge is enabled, the automation also adds the environment's security group to the EC2 instance to permit traffic from other Refactor Spaces services in the environment. The policy also grants access to the Application Migration Service's post launch actions SSM parameters. */
|
|
2221
|
-
AWSMigrationHubRefactorSpacesSSMAutomationPolicy = "
|
|
2222
|
+
AWSMigrationHubRefactorSpacesSSMAutomationPolicy = "service-role/AWSMigrationHubRefactorSpaces-SSMAutomationPolicy",
|
|
2222
2223
|
/** Provides full access to RDS Performance Insights via the AWS Management Console */
|
|
2223
|
-
AmazonRDSPerformanceInsightsFullAccess = "
|
|
2224
|
+
AmazonRDSPerformanceInsightsFullAccess = "AmazonRDSPerformanceInsightsFullAccess",
|
|
2224
2225
|
/** Provides console full access to AWS Entity Resolution and related services. */
|
|
2225
|
-
AWSEntityResolutionConsoleFullAccess = "
|
|
2226
|
+
AWSEntityResolutionConsoleFullAccess = "AWSEntityResolutionConsoleFullAccess",
|
|
2226
2227
|
/** Provides read-only access to AWS Entity Resolution via the AWS Management Console. */
|
|
2227
|
-
AWSEntityResolutionConsoleReadOnlyAccess = "
|
|
2228
|
+
AWSEntityResolutionConsoleReadOnlyAccess = "AWSEntityResolutionConsoleReadOnlyAccess",
|
|
2228
2229
|
/** Allows AWS Artifact to gather information about an organization via AWS Organizations service. */
|
|
2229
|
-
AWSArtifactServiceRolePolicy = "
|
|
2230
|
+
AWSArtifactServiceRolePolicy = "aws-service-role/AWSArtifactServiceRolePolicy",
|
|
2230
2231
|
/** This policy allows installing and using the AWS Replication Agent, which is used by AWS Application Migration Service (AWS MGN) to migrate source servers that run on EC2 (cross-Region or cross-AZ). An IAM role with this policy should be attached (as an EC2 Instance Profile) to the EC2 Instances. */
|
|
2231
|
-
AWSApplicationMigrationServiceEc2InstancePolicy = "
|
|
2232
|
+
AWSApplicationMigrationServiceEc2InstancePolicy = "AWSApplicationMigrationServiceEc2InstancePolicy",
|
|
2232
2233
|
/** Full access to AWS Launch wizard and other required services. */
|
|
2233
|
-
AmazonLaunchWizardFullAccessV2 = "
|
|
2234
|
+
AmazonLaunchWizardFullAccessV2 = "AmazonLaunchWizardFullAccessV2",
|
|
2234
2235
|
/** Allows CloudWatch to access RDS Performance Insights metrics on your behalf */
|
|
2235
|
-
AWSServiceRoleForCloudWatchMetricsDbPerfInsightsServiceRolePolicy = "
|
|
2236
|
+
AWSServiceRoleForCloudWatchMetricsDbPerfInsightsServiceRolePolicy = "aws-service-role/AWSServiceRoleForCloudWatchMetrics_DbPerfInsightsServiceRolePolicy",
|
|
2236
2237
|
/** Amazon DataZone creates IAM roles for Environments to perform data analytics actions, and uses this policy when creating these roles to define the boundary of their permissions. */
|
|
2237
|
-
AmazonDataZoneEnvironmentRolePermissionsBoundary = "
|
|
2238
|
+
AmazonDataZoneEnvironmentRolePermissionsBoundary = "AmazonDataZoneEnvironmentRolePermissionsBoundary",
|
|
2238
2239
|
/** Provide read only access to Amazon Keyspaces and related AWS services. */
|
|
2239
|
-
AmazonKeyspacesReadOnlyAccessV2 = "
|
|
2240
|
+
AmazonKeyspacesReadOnlyAccessV2 = "AmazonKeyspacesReadOnlyAccess_v2",
|
|
2240
2241
|
/** This policy allows you to use Amazon SSM and additional services required permissions to run post-launch actions in AWS Elastic Disaster Recovery (AWS DRS). Attach this policy to your IAM roles or users. */
|
|
2241
|
-
AWSElasticDisasterRecoveryLaunchActionsPolicy = "
|
|
2242
|
+
AWSElasticDisasterRecoveryLaunchActionsPolicy = "AWSElasticDisasterRecoveryLaunchActionsPolicy",
|
|
2242
2243
|
/** Provides full access to Amazon DataZone via the AWS Management Console as well as limited access to related services that are required by it. */
|
|
2243
|
-
AmazonDataZoneFullAccess = "
|
|
2244
|
+
AmazonDataZoneFullAccess = "AmazonDataZoneFullAccess",
|
|
2244
2245
|
/** This policy gives Amazon DataZone permissions to publish Amazon Redshift data to the catalog. It also gives Amazon DataZone permissions to grant access or revoke access to Amazon Redshift or Amazon Redshift Serverless published assets in the catalog. */
|
|
2245
|
-
AmazonDataZoneRedshiftManageAccessRolePolicy = "
|
|
2246
|
+
AmazonDataZoneRedshiftManageAccessRolePolicy = "service-role/AmazonDataZoneRedshiftManageAccessRolePolicy",
|
|
2246
2247
|
/** Amazon DataZone is a data management service that enables you to catalog, discover, govern, share, and analyze your data. With Amazon DataZone, you can share and access your data across accounts and supported regions. Amazon DataZone simplifies your experience across AWS services, including, but not limited to, Amazon Redshift, Amazon Athena, AWS Glue, and AWS Lake Formation. */
|
|
2247
|
-
AmazonDataZoneRedshiftGlueProvisioningPolicy = "
|
|
2248
|
+
AmazonDataZoneRedshiftGlueProvisioningPolicy = "AmazonDataZoneRedshiftGlueProvisioningPolicy",
|
|
2248
2249
|
/** The policy grants permissions to allow Amazon DataZone to enable publishing and access grants to data. */
|
|
2249
|
-
AmazonDataZoneGlueManageAccessRolePolicy = "
|
|
2250
|
+
AmazonDataZoneGlueManageAccessRolePolicy = "service-role/AmazonDataZoneGlueManageAccessRolePolicy",
|
|
2250
2251
|
/** Provides full access to Amazon DataZone, but does not allow the management of domains, users, or associated accounts. */
|
|
2251
|
-
AmazonDataZoneFullUserAccess = "
|
|
2252
|
+
AmazonDataZoneFullUserAccess = "AmazonDataZoneFullUserAccess",
|
|
2252
2253
|
/** Default policy for the Amazon DataZone's DomainExecutionRole service role. This role is used by Amazon DataZone to catalog, discover, govern, share, and analyze data in the Amazon DataZone domain. */
|
|
2253
|
-
AmazonDataZoneDomainExecutionRolePolicy = "
|
|
2254
|
+
AmazonDataZoneDomainExecutionRolePolicy = "service-role/AmazonDataZoneDomainExecutionRolePolicy",
|
|
2254
2255
|
/** Allow Amazon S3 on Outposts service to manage EC2 network resources on your behalf. */
|
|
2255
|
-
AWSS3OnOutpostsServiceRolePolicy = "
|
|
2256
|
+
AWSS3OnOutpostsServiceRolePolicy = "aws-service-role/AWSS3OnOutpostsServiceRolePolicy",
|
|
2256
2257
|
/** Allows Amazon SageMaker Canvas to create, manage and view endpoint details for endpoints created through Canvas. Allows Amazon SageMaker Canvas to retrieve endpoint invocation metrics from CloudWatch. */
|
|
2257
|
-
AmazonSageMakerCanvasDirectDeployAccess = "
|
|
2258
|
+
AmazonSageMakerCanvasDirectDeployAccess = "service-role/AmazonSageMakerCanvasDirectDeployAccess",
|
|
2258
2259
|
/** Provides Amplify full access permissions to deploy Amplify backend resources (AWS AppSync, Amazon Cognito, Amazon S3 and other related services) via the AWS Cloud Development Kit (AWS CDK) */
|
|
2259
|
-
AmplifyBackendDeployFullAccess = "
|
|
2260
|
+
AmplifyBackendDeployFullAccess = "service-role/AmplifyBackendDeployFullAccess",
|
|
2260
2261
|
/** Allows Amazon Connect to synchronize AWS resources across regions on your behalf. */
|
|
2261
|
-
AmazonConnectSynchronizationServiceRolePolicy = "
|
|
2262
|
+
AmazonConnectSynchronizationServiceRolePolicy = "aws-service-role/AmazonConnectSynchronizationServiceRolePolicy",
|
|
2262
2263
|
/** Provides full access to Amazon SageMaker resources and operations for data preparation in Canvas. The policy also provides select access to related services (e.g., S3, IAM, KMS, RDS, CloudWatch Logs, Redshift, Athena, Glue, EventBridge, Secrets Manager). This policy should be attached to the Amazon SageMaker Domain/User Profile execution role. */
|
|
2263
|
-
AmazonSageMakerCanvasDataPrepFullAccess = "
|
|
2264
|
+
AmazonSageMakerCanvasDataPrepFullAccess = "AmazonSageMakerCanvasDataPrepFullAccess",
|
|
2264
2265
|
/** Provides Amazon Data Lifecycle Manager permission to perform the Systems Manager actions required to run pre and post scripts on all Amazon EC2 instances. */
|
|
2265
|
-
AWSDataLifecycleManagerSSMFullAccess = "
|
|
2266
|
+
AWSDataLifecycleManagerSSMFullAccess = "service-role/AWSDataLifecycleManagerSSMFullAccess",
|
|
2266
2267
|
/** Provides the list of actions that are allowed for roles assumed with the IAM Identity Center identity context. AWS Security Token Service (AWS STS) automatically attaches this policy to assumed roles. The identity context is passed as ProvidedContext. */
|
|
2267
|
-
AWSIAMIdentityCenterAllowListForIdentityContext = "
|
|
2268
|
+
AWSIAMIdentityCenterAllowListForIdentityContext = "AWSIAMIdentityCenterAllowListForIdentityContext",
|
|
2268
2269
|
/** Policy grants permission to CloudWatch Application Signals to collect monitoring and tagging data from other relevant AWS services. */
|
|
2269
|
-
CloudWatchApplicationSignalsServiceRolePolicy = "
|
|
2270
|
+
CloudWatchApplicationSignalsServiceRolePolicy = "aws-service-role/CloudWatchApplicationSignalsServiceRolePolicy",
|
|
2270
2271
|
/** Provides access to associate and dissociate partner central users with IAM roles */
|
|
2271
|
-
PartnerCentralAccountManagementUserRoleAssociation = "
|
|
2272
|
+
PartnerCentralAccountManagementUserRoleAssociation = "PartnerCentralAccountManagementUserRoleAssociation",
|
|
2272
2273
|
/** This policy contains permissions for testing restores and for cleaning up resources created during tests. */
|
|
2273
|
-
AWSServiceRolePolicyForBackupRestoreTesting = "
|
|
2274
|
+
AWSServiceRolePolicyForBackupRestoreTesting = "aws-service-role/AWSServiceRolePolicyForBackupRestoreTesting",
|
|
2274
2275
|
/** Grants Incident Manager permissions to call other AWS services as a part of managing an incident. */
|
|
2275
|
-
AWSIncidentManagerIncidentAccessServiceRolePolicy = "
|
|
2276
|
+
AWSIncidentManagerIncidentAccessServiceRolePolicy = "AWSIncidentManagerIncidentAccessServiceRolePolicy",
|
|
2276
2277
|
/** Allows AWS IoT TwinMaker to call other AWS services and to sync their resources on your behalf. */
|
|
2277
|
-
AWSIoTTwinMakerServiceRolePolicy = "
|
|
2278
|
+
AWSIoTTwinMakerServiceRolePolicy = "aws-service-role/AWSIoTTwinMakerServiceRolePolicy",
|
|
2278
2279
|
/** This policy grants administrative permissions to Resource Explorer and grants read-only permissions to other AWS services to support this access. The AWS Organizations administrator needs these permissions to setup and manage multi-account search in the console. */
|
|
2279
|
-
AWSResourceExplorerOrganizationsAccess = "
|
|
2280
|
+
AWSResourceExplorerOrganizationsAccess = "AWSResourceExplorerOrganizationsAccess",
|
|
2280
2281
|
/** Provides re:Post Private access to publish CloudWatch metrics data */
|
|
2281
|
-
AWSrePostPrivateCloudWatchAccess = "
|
|
2282
|
+
AWSrePostPrivateCloudWatchAccess = "aws-service-role/AWSrePostPrivateCloudWatchAccess",
|
|
2282
2283
|
/** Allows AWS Marketplace to create and manage seller deployment parameters for the products that you subscribe to on AWS Marketplace. */
|
|
2283
|
-
AWSMarketplaceDeploymentServiceRolePolicy = "
|
|
2284
|
+
AWSMarketplaceDeploymentServiceRolePolicy = "aws-service-role/AWSMarketplaceDeploymentServiceRolePolicy",
|
|
2284
2285
|
/** Policy which allows AWS Code Connections to sync content from your git repository */
|
|
2285
|
-
AWSGitSyncServiceRolePolicy = "
|
|
2286
|
+
AWSGitSyncServiceRolePolicy = "aws-service-role/AWSGitSyncServiceRolePolicy",
|
|
2286
2287
|
/** The EC2ImageBuilderLifecycleExecutionPolicy policy grants permissions for Image Builder to perform actions such as deprecate or delete Image Builder image resources and their underlying resources (AMIs, snapshots) to support automated rules for image lifecycle management tasks. */
|
|
2287
|
-
EC2ImageBuilderLifecycleExecutionPolicy = "
|
|
2288
|
+
EC2ImageBuilderLifecycleExecutionPolicy = "service-role/EC2ImageBuilderLifecycleExecutionPolicy",
|
|
2288
2289
|
/** Grants Amazon Inspector access to AWS Services needed to perform agent-less security assessments */
|
|
2289
|
-
AmazonInspector2AgentlessServiceRolePolicy = "
|
|
2290
|
+
AmazonInspector2AgentlessServiceRolePolicy = "aws-service-role/AmazonInspector2AgentlessServiceRolePolicy",
|
|
2290
2291
|
/** Allows Cost Optimization Hub to retrieve organization information and collect optimization-related data and metadata. */
|
|
2291
|
-
CostOptimizationHubServiceRolePolicy = "
|
|
2292
|
+
CostOptimizationHubServiceRolePolicy = "aws-service-role/CostOptimizationHubServiceRolePolicy",
|
|
2292
2293
|
/** Provides access to AWS Resources managed or used by Amazon Managed Service for Prometheus Collector */
|
|
2293
|
-
AmazonPrometheusScraperServiceRolePolicy = "
|
|
2294
|
+
AmazonPrometheusScraperServiceRolePolicy = "aws-service-role/AmazonPrometheusScraperServiceRolePolicy",
|
|
2294
2295
|
/** This policy allows the re:Post Space service to create, manage, and resolve Support cases that are created through the Space application. */
|
|
2295
|
-
AWSRepostSpaceSupportOperationsPolicy = "
|
|
2296
|
+
AWSRepostSpaceSupportOperationsPolicy = "AWSRepostSpaceSupportOperationsPolicy",
|
|
2296
2297
|
/** This policy provides full access to all public APIs of AWS Elastic Disaster Recovery (AWS DRS), as well as all public APIs in other AWS services used by AWS DRS Console. Attach this policy to your users or roles. */
|
|
2297
|
-
AWSElasticDisasterRecoveryConsoleFullAccessV2 = "
|
|
2298
|
+
AWSElasticDisasterRecoveryConsoleFullAccessV2 = "AWSElasticDisasterRecoveryConsoleFullAccess_v2",
|
|
2298
2299
|
/** This policy grants administrative permissions that allow access to all Amazon One Enterprise resources and operations. */
|
|
2299
|
-
AmazonOneEnterpriseFullAccess = "
|
|
2300
|
+
AmazonOneEnterpriseFullAccess = "AmazonOneEnterpriseFullAccess",
|
|
2300
2301
|
/** This policy grants read only permissions to all Amazon One Enterprise resources and operations. */
|
|
2301
|
-
AmazonOneEnterpriseReadOnlyAccess = "
|
|
2302
|
+
AmazonOneEnterpriseReadOnlyAccess = "AmazonOneEnterpriseReadOnlyAccess",
|
|
2302
2303
|
/** This policy grants limited read and write permissions that allow device installation and activation. */
|
|
2303
|
-
AmazonOneEnterpriseInstallerAccess = "
|
|
2304
|
+
AmazonOneEnterpriseInstallerAccess = "AmazonOneEnterpriseInstallerAccess",
|
|
2304
2305
|
/** Provides full access to enable interactions with Amazon Q */
|
|
2305
|
-
AmazonQFullAccess = "
|
|
2306
|
+
AmazonQFullAccess = "AmazonQFullAccess",
|
|
2306
2307
|
/** Provides Cloudwatch access to publish operational and usage metrics and logs for Amazon Neptune */
|
|
2307
|
-
AWSServiceRoleForNeptuneGraphPolicy = "
|
|
2308
|
+
AWSServiceRoleForNeptuneGraphPolicy = "aws-service-role/AWSServiceRoleForNeptuneGraphPolicy",
|
|
2308
2309
|
/** This policy grants permissions commonly needed to use Amazon SageMaker Cluster. */
|
|
2309
|
-
AmazonSageMakerClusterInstanceRolePolicy = "
|
|
2310
|
+
AmazonSageMakerClusterInstanceRolePolicy = "AmazonSageMakerClusterInstanceRolePolicy",
|
|
2310
2311
|
/** Provides administrative access for ARC zonal shift practice runs, and access to CloudWatch alarm statuses to monitor practice runs. */
|
|
2311
|
-
AWSZonalAutoshiftPracticeRunSLRPolicy = "
|
|
2312
|
+
AWSZonalAutoshiftPracticeRunSLRPolicy = "aws-service-role/AWSZonalAutoshiftPracticeRunSLRPolicy",
|
|
2312
2313
|
/** Allows read-only access to AWS Clean Rooms ML resources and read-only access to related AWS Clean Rooms resources */
|
|
2313
|
-
AWSCleanRoomsMLReadOnlyAccess = "
|
|
2314
|
+
AWSCleanRoomsMLReadOnlyAccess = "AWSCleanRoomsMLReadOnlyAccess",
|
|
2314
2315
|
/** Allows full access to AWS Clean Rooms ML resources and access to related AWS Services. */
|
|
2315
|
-
AWSCleanRoomsMLFullAccess = "
|
|
2316
|
+
AWSCleanRoomsMLFullAccess = "AWSCleanRoomsMLFullAccess",
|
|
2316
2317
|
/** Provides read only access to all Amazon Neptune Analytics resources along with read only permissions for dependent services. */
|
|
2317
|
-
NeptuneGraphReadOnlyAccess = "
|
|
2318
|
+
NeptuneGraphReadOnlyAccess = "NeptuneGraphReadOnlyAccess",
|
|
2318
2319
|
/** Provides read-only access to IVS Low-Latency and Real-Time streaming APIs */
|
|
2319
|
-
IVSReadOnlyAccess = "
|
|
2320
|
+
IVSReadOnlyAccess = "IVSReadOnlyAccess",
|
|
2320
2321
|
/** Grants permissions to Amazon MSK Replicator to replicate data between MSK Clusters. */
|
|
2321
|
-
AWSMSKReplicatorExecutionRole = "
|
|
2322
|
+
AWSMSKReplicatorExecutionRole = "service-role/AWSMSKReplicatorExecutionRole",
|
|
2322
2323
|
/** Provides full access to Amazon Bedrock as well as limited access to related services that are required by it */
|
|
2323
|
-
AmazonBedrockFullAccess = "
|
|
2324
|
+
AmazonBedrockFullAccess = "AmazonBedrockFullAccess",
|
|
2324
2325
|
/** Provides read only access to Amazon Bedrock */
|
|
2325
|
-
AmazonBedrockReadOnly = "
|
|
2326
|
+
AmazonBedrockReadOnly = "AmazonBedrockReadOnly",
|
|
2326
2327
|
/** This managed policy provides read-only access to Cost Optimization Hub. */
|
|
2327
|
-
CostOptimizationHubReadOnlyAccess = "
|
|
2328
|
+
CostOptimizationHubReadOnlyAccess = "CostOptimizationHubReadOnlyAccess",
|
|
2328
2329
|
/** Provides full access to Interactive Video Service (IVS), Also included permissions for dependent services, needed for full access to the ivs console. */
|
|
2329
|
-
IVSFullAccess = "
|
|
2330
|
+
IVSFullAccess = "IVSFullAccess",
|
|
2330
2331
|
/** This managed policy provides admin access to Cost Optimization Hub. */
|
|
2331
|
-
CostOptimizationHubAdminAccess = "
|
|
2332
|
+
CostOptimizationHubAdminAccess = "CostOptimizationHubAdminAccess",
|
|
2332
2333
|
/** Allows CloudWatch Network Monitor to access and manage EC2 and VPC resources, publish data to CloudWatch and access other required services on your behalf. */
|
|
2333
|
-
CloudWatchNetworkMonitorServiceRolePolicy = "
|
|
2334
|
+
CloudWatchNetworkMonitorServiceRolePolicy = "aws-service-role/CloudWatchNetworkMonitorServiceRolePolicy",
|
|
2334
2335
|
/** Provides access to Amazon OpenSearch Dashboards Service to access other AWS services such as CloudWatch on your behalf */
|
|
2335
|
-
AmazonOpenSearchDashboardsServiceRolePolicy = "
|
|
2336
|
+
AmazonOpenSearchDashboardsServiceRolePolicy = "aws-service-role/AmazonOpenSearchDashboardsServiceRolePolicy",
|
|
2336
2337
|
/** Provides read-only access to the AWS Artifact service reports. */
|
|
2337
|
-
AWSArtifactReportsReadOnlyAccess = "
|
|
2338
|
+
AWSArtifactReportsReadOnlyAccess = "AWSArtifactReportsReadOnlyAccess",
|
|
2338
2339
|
/** Provides ability to update IAM Identity Center (IdC) user and group permissions for Amazon Managed Grafana workspaces. */
|
|
2339
|
-
AWSGrafanaWorkspacePermissionManagementV2 = "
|
|
2340
|
+
AWSGrafanaWorkspacePermissionManagementV2 = "AWSGrafanaWorkspacePermissionManagementV2",
|
|
2340
2341
|
/** Provides access to other AWS service resources required to manage volumes associated with ECS workloads on your behalf. */
|
|
2341
|
-
AmazonECSInfrastructureRolePolicyForVolumes = "
|
|
2342
|
+
AmazonECSInfrastructureRolePolicyForVolumes = "service-role/AmazonECSInfrastructureRolePolicyForVolumes",
|
|
2342
2343
|
/** Provides administrative access to Private Certificate Authority, AWS Secrets Manager and other AWS Services required to manage ECS Service Connect TLS features on your behalf. */
|
|
2343
|
-
AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity = "
|
|
2344
|
+
AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity = "service-role/AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity",
|
|
2344
2345
|
/** Policy for Amazon SecurityLake meta store manager lambda which allows the access to cloudwatch, S3, Glue and SQS. */
|
|
2345
|
-
AmazonSecurityLakeMetastoreManager = "
|
|
2346
|
+
AmazonSecurityLakeMetastoreManager = "service-role/AmazonSecurityLakeMetastoreManager",
|
|
2346
2347
|
/** This is a managed policy that customer should attach to their roles to communicate with inspector service for CIS scans */
|
|
2347
|
-
AmazonInspector2ManagedCisPolicy = "
|
|
2348
|
+
AmazonInspector2ManagedCisPolicy = "AmazonInspector2ManagedCisPolicy",
|
|
2348
2349
|
/** Allows Amazon Lex to replicate Lex resources across regions on your behalf. */
|
|
2349
|
-
AmazonLexReplicationPolicy = "
|
|
2350
|
+
AmazonLexReplicationPolicy = "aws-service-role/AmazonLexReplicationPolicy",
|
|
2350
2351
|
/** This policy grants permissions to use Amazon Bedrock in SageMaker Canvas by providing access to downstream services such as S3. */
|
|
2351
|
-
AmazonSageMakerCanvasBedrockAccess = "
|
|
2352
|
+
AmazonSageMakerCanvasBedrockAccess = "AmazonSageMakerCanvasBedrockAccess",
|
|
2352
2353
|
/** Provides permissions to describe and update Private Marketplace resources and describe AWS Organizations */
|
|
2353
|
-
AWSServiceRoleForPrivateMarketplaceAdminPolicy = "
|
|
2354
|
+
AWSServiceRoleForPrivateMarketplaceAdminPolicy = "aws-service-role/AWSServiceRoleForPrivateMarketplaceAdminPolicy"
|
|
2354
2355
|
}
|