# AWSResourceExplorerServiceRolePolicy
**Description**: Allows Resource Explorer to view resources and CloudTrail events on your behalf to index your resources for search.
`AWSResourceExplorerServiceRolePolicy` is an [AWS managed policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies).
## Using this policy
This policy is attached to a service-linked role that allows the service to perform actions on your behalf. You cannot attach this policy to your users, groups, or roles.
## Policy details
+ **Type**: Service-linked role policy
+ **Creation time**: October 25, 2022, 20:35 UTC
+ **Edited time:** February 27, 2026, 12:12 UTC
+ **ARN**: `arn:aws:iam::aws:policy/aws-service-role/AWSResourceExplorerServiceRolePolicy`
## Policy version
**Policy version:** v50 (default)
The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.
## JSON policy document
```
{
"Version" : "2012-10-17",
"Statement" : [
{
"Sid" : "ResourceExplorerAccess",
"Effect" : "Allow",
"Action" : [
"resource-explorer-2:UpdateIndexType",
"resource-explorer-2:CreateIndex",
"resource-explorer-2:CreateView",
"resource-explorer-2:AssociateDefaultView",
"resource-explorer-2:DeleteIndex"
],
"Resource" : "*"
},
{
"Sid" : "OrganizationsAccess",
"Effect" : "Allow",
"Action" : [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListAccounts",
"organizations:ListDelegatedAdministrators",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListRoots"
],
"Resource" : "*"
},
{
"Sid" : "CloudTrailEventsAccess",
"Effect" : "Allow",
"Action" : [
"cloudtrail:CreateServiceLinkedChannel",
"cloudtrail:GetServiceLinkedChannel"
],
"Resource" : "arn:aws:cloudtrail:*:*:channel/aws-service-channel/resource-explorer-2/*"
},
{
"Sid" : "ApiGatewayAccess",
"Effect" : "Allow",
"Action" : "apigateway:GET",
"Resource" : [
"arn:aws:apigateway:*::/restapis",
"arn:aws:apigateway:*::/restapis/*",
"arn:aws:apigateway:*::/restapis/*/deployments",
"arn:aws:apigateway:*::/restapis/*/deployments/*",
"arn:aws:apigateway:*::/restapis/*/resources",
"arn:aws:apigateway:*::/restapis/*/resources/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*",
"arn:aws:apigateway:*::/restapis/*/stages",
"arn:aws:apigateway:*::/restapis/*/stages/*",
"arn:aws:apigateway:*::/vpclinks",
"arn:aws:apigateway:*::/apis",
"arn:aws:apigateway:*::/apis/*/routes",
"arn:aws:apigateway:*::/apis/*/stages",
"arn:aws:apigateway:*::/apis/*",
"arn:aws:apigateway:*::/apis/*/routes/*",
"arn:aws:apigateway:*::/apis/*/stages/*",
"arn:aws:apigateway:*::/apis/*/integrations",
"arn:aws:apigateway:*::/apis/*/integrations/*"
]
},
{
"Sid" : "ResourceInventoryAccess",
"Effect" : "Allow",
"Action" : [
"access-analyzer:ListAnalyzers",
"acm-pca:ListCertificateAuthorities",
"acm:ListCertificates",
"airflow:ListEnvironments",
"amplify:ListApps",
"amplify:ListBranches",
"amplify:ListDomainAssociations",
"aoss:ListCollections",
"app-integrations:ListApplications",
"app-integrations:ListEventIntegrations",
"appconfig:ListApplications",
"appconfig:ListDeploymentStrategies",
"appconfig:ListEnvironments",
"appconfig:ListExtensionAssociations",
"appflow:ListFlows",
"appmesh:ListGatewayRoutes",
"appmesh:ListMeshes",
"appmesh:ListRoutes",
"appmesh:ListVirtualGateways",
"appmesh:ListVirtualNodes",
"appmesh:ListVirtualRouters",
"appmesh:ListVirtualServices",
"apprunner:ListAutoScalingConfigurations",
"apprunner:ListConnections",
"apprunner:ListServices",
"apprunner:ListVpcConnectors",
"appstream:DescribeAppBlocks",
"appstream:DescribeApplications",
"appstream:DescribeFleets",
"appstream:DescribeImageBuilders",
"appstream:DescribeStacks",
"appsync:ListGraphqlApis",
"aps:ListRuleGroupsNamespaces",
"aps:ListWorkspaces",
"athena:ListDataCatalogs",
"athena:ListWorkGroups",
"auditmanager:GetAccountStatus",
"auditmanager:ListAssessments",
"autoscaling:DescribeAutoScalingGroups",
"backup-gateway:ListHypervisors",
"backup:ListBackupPlans",
"backup:ListBackupVaults",
"backup:ListRecoveryPointsByBackupVault",
"backup:ListReportPlans",
"batch:DescribeComputeEnvironments",
"batch:DescribeJobDefinitions",
"batch:DescribeJobQueues",
"batch:ListSchedulingPolicies",
"bedrock-agentcore:ListAgentRuntimes",
"bedrock:ListAgentAliases",
"bedrock:ListAgents",
"bedrock:ListDataAutomationProjects",
"bedrock:ListFlowAliases",
"bedrock:ListFlows",
"bedrock:ListGuardrails",
"bedrock:ListInferenceProfiles",
"bedrock:ListKnowledgeBases",
"bedrock:ListPromptRouters",
"bedrock:ListPrompts",
"budgets:DescribeBudgetActionsForAccount",
"budgets:ViewBudget",
"ce:GetAnomalyMonitors",
"ce:GetAnomalySubscriptions",
"chime:ListAppInstanceBots",
"chime:ListAppInstanceUsers",
"chime:ListAppInstances",
"chime:ListMediaInsightsPipelineConfigurations",
"chime:ListMediaPipelineKinesisVideoStreamPools",
"chime:ListMediaPipelines",
"chime:ListSipMediaApplications",
"chime:ListVoiceConnectors",
"cleanrooms:ListCollaborations",
"cloud9:ListEnvironments",
"cloudformation:ListResources",
"cloudformation:ListStackSets",
"cloudformation:ListStacks",
"cloudfront:ListCachePolicies",
"cloudfront:ListCloudFrontOriginAccessIdentities",
"cloudfront:ListContinuousDeploymentPolicies",
"cloudfront:ListDistributions",
"cloudfront:ListFieldLevelEncryptionConfigs",
"cloudfront:ListFieldLevelEncryptionProfiles",
"cloudfront:ListFunctions",
"cloudfront:ListOriginAccessControls",
"cloudfront:ListOriginRequestPolicies",
"cloudfront:ListRealtimeLogConfigs",
"cloudfront:ListResponseHeadersPolicies",
"cloudfront:ListTagsForResource",
"cloudtrail:ListChannels",
"cloudtrail:ListDashboards",
"cloudtrail:ListEventDataStores",
"cloudtrail:ListTrails",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeInsightRules",
"cloudwatch:ListDashboards",
"cloudwatch:ListMetricStreams",
"codeartifact:ListDomains",
"codeartifact:ListRepositories",
"codebuild:ListProjects",
"codecommit:ListRepositories",
"codeconnections:ListConnections",
"codeconnections:ListHosts",
"codedeploy:ListApplications",
"codedeploy:ListDeploymentConfigs",
"codeguru-profiler:ListProfilingGroups",
"codeguru-reviewer:ListRepositoryAssociations",
"codepipeline:ListPipelines",
"codepipeline:ListWebhooks",
"codestar-connections:ListConnections",
"codestar-connections:ListHosts",
"cognito-identity:ListIdentityPools",
"cognito-idp:ListUserPools",
"comprehend:ListDocumentClassifiers",
"comprehend:ListEntityRecognizers",
"comprehend:ListFlywheels",
"config:DescribeConfigRules",
"connect:ListEvaluationForms",
"connect:ListHoursOfOperations",
"connect:ListInstanceAttributes",
"connect:ListInstances",
"connect:ListPhoneNumbersV2",
"connect:ListPrompts",
"connect:ListQueueQuickConnects",
"connect:ListQueues",
"connect:ListQuickConnects",
"connect:ListRoutingProfileManualAssignmentQueues",
"connect:ListRoutingProfileQueues",
"connect:ListRoutingProfiles",
"connect:ListRules",
"connect:ListSecurityProfiles",
"connect:ListTaskTemplates",
"connect:ListUsers",
"databrew:ListDatasets",
"databrew:ListJobs",
"databrew:ListProjects",
"databrew:ListRecipes",
"databrew:ListRulesets",
"databrew:ListSchedules",
"dataexchange:ListDataSetRevisions",
"dataexchange:ListDataSets",
"datapipeline:ListPipelines",
"datasync:ListLocations",
"datasync:ListTasks",
"dax:DescribeClusters",
"detective:ListGraphs",
"devicefarm:ListInstanceProfiles",
"devicefarm:ListProjects",
"devicefarm:ListTestGridProjects",
"directconnect:DescribeDirectConnectGateways",
"dlm:GetLifecyclePolicies",
"dms:DescribeCertificates",
"dms:DescribeEndpoints",
"dms:DescribeEventSubscriptions",
"dms:DescribeReplicationInstances",
"dms:DescribeReplicationSubnetGroups",
"dms:DescribeReplicationTasks",
"ds:DescribeDirectories",
"dynamodb:ListTables",
"ec2:DescribeAddresses",
"ec2:DescribeCapacityReservationFleets",
"ec2:DescribeCapacityReservations",
"ec2:DescribeCarrierGateways",
"ec2:DescribeClientVpnEndpoints",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeEgressOnlyInternetGateways",
"ec2:DescribeFleets",
"ec2:DescribeFlowLogs",
"ec2:DescribeFpgaImages",
"ec2:DescribeHostReservations",
"ec2:DescribeHosts",
"ec2:DescribeImages",
"ec2:DescribeInstanceConnectEndpoints",
"ec2:DescribeInstanceEventWindows",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeIpamPools",
"ec2:DescribeIpamResourceDiscoveries",
"ec2:DescribeIpamResourceDiscoveryAssociations",
"ec2:DescribeIpamScopes",
"ec2:DescribeIpams",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeManagedPrefixLists",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInsightsAccessScopeAnalyses",
"ec2:DescribeNetworkInsightsAccessScopes",
"ec2:DescribeNetworkInsightsAnalyses",
"ec2:DescribeNetworkInsightsPaths",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePlacementGroups",
"ec2:DescribePublicIpv4Pools",
"ec2:DescribeReservedInstances",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupRules",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeTrafficMirrorFilters",
"ec2:DescribeTrafficMirrorSessions",
"ec2:DescribeTrafficMirrorTargets",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayConnectPeers",
"ec2:DescribeTransitGatewayMulticastDomains",
"ec2:DescribeTransitGatewayPolicyTables",
"ec2:DescribeTransitGatewayRouteTableAnnouncements",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGateways",
"ec2:DescribeVerifiedAccessEndpoints",
"ec2:DescribeVerifiedAccessGroups",
"ec2:DescribeVerifiedAccessInstances",
"ec2:DescribeVerifiedAccessTrustProviders",
"ec2:DescribeVolumes",
"ec2:DescribeVpcBlockPublicAccessExclusions",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:GetSubnetCidrReservations",
"ecr-public:DescribeRepositories",
"ecr:DescribeRepositories",
"ecs:DescribeCapacityProviders",
"ecs:DescribeServices",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListServices",
"ecs:ListTaskDefinitions",
"eks:DescribeAccessEntry",
"eks:DescribeAddon",
"eks:DescribeFargateProfile",
"eks:DescribeIdentityProviderConfig",
"eks:DescribeNodegroup",
"eks:ListAccessEntries",
"eks:ListAddons",
"eks:ListClusters",
"eks:ListEksAnywhereSubscriptions",
"eks:ListFargateProfiles",
"eks:ListIdentityProviderConfigs",
"eks:ListNodegroups",
"eks:ListPodIdentityAssociations",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeCacheParameterGroups",
"elasticache:DescribeCacheSubnetGroups",
"elasticache:DescribeGlobalReplicationGroups",
"elasticache:DescribeReplicationGroups",
"elasticache:DescribeReservedCacheNodes",
"elasticache:DescribeSnapshots",
"elasticache:DescribeUserGroups",
"elasticache:DescribeUsers",
"elasticbeanstalk:DescribeApplicationVersions",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTargetGroups",
"elasticmapreduce:ListClusters",
"emr-containers:ListJobTemplates",
"emr-containers:ListManagedEndpoints",
"emr-containers:ListSecurityConfigurations",
"emr-containers:ListVirtualClusters",
"emr-serverless:ListApplications",
"es:ListDomainNames",
"events:ListApiDestinations",
"events:ListArchives",
"events:ListConnections",
"events:ListEndpoints",
"events:ListEventBuses",
"events:ListRules",
"evidently:ListExperiments",
"evidently:ListFeatures",
"evidently:ListLaunches",
"evidently:ListProjects",
"finspace:ListEnvironments",
"firehose:ListDeliveryStreams",
"fis:ListExperimentTemplates",
"fis:ListExperiments",
"fms:ListPolicies",
"fms:ListProtocolsLists",
"forecast:ListDatasetGroups",
"forecast:ListDatasetImportJobs",
"forecast:ListDatasets",
"forecast:ListForecastExportJobs",
"forecast:ListForecasts",
"forecast:ListPredictorBacktestExportJobs",
"forecast:ListPredictors",
"frauddetector:GetDetectors",
"frauddetector:GetEntityTypes",
"frauddetector:GetEventTypes",
"frauddetector:GetExternalModels",
"frauddetector:GetLabels",
"frauddetector:GetModels",
"frauddetector:GetOutcomes",
"frauddetector:GetVariables",
"fsx:DescribeBackups",
"fsx:DescribeFileSystems",
"gamelift:DescribeGameSessionQueues",
"gamelift:DescribeMatchmakingConfigurations",
"gamelift:DescribeMatchmakingRuleSets",
"gamelift:ListAliases",
"gamelift:ListBuilds",
"gamelift:ListLocations",
"gamelift:ListScripts",
"geo:ListMaps",
"geo:ListPlaceIndexes",
"geo:ListTrackers",
"glacier:ListVaults",
"globalaccelerator:ListAccelerators",
"globalaccelerator:ListEndpointGroups",
"globalaccelerator:ListListeners",
"glue:GetCrawlers",
"glue:GetDatabases",
"glue:GetJobs",
"glue:GetTables",
"glue:GetTriggers",
"glue:ListDataQualityRulesets",
"glue:ListMLTransforms",
"glue:ListRegistries",
"grafana:ListWorkspaces",
"greengrass:ListComponentVersions",
"greengrass:ListComponents",
"greengrass:ListConnectorDefinitions",
"greengrass:ListCoreDefinitions",
"greengrass:ListDeviceDefinitions",
"greengrass:ListFunctionDefinitions",
"greengrass:ListGroups",
"greengrass:ListLoggerDefinitions",
"greengrass:ListResourceDefinitions",
"greengrass:ListSubscriptionDefinitions",
"groundstation:ListConfigs",
"groundstation:ListDataflowEndpointGroups",
"groundstation:ListMissionProfiles",
"guardduty:ListDetectors",
"guardduty:ListFilters",
"guardduty:ListIPSets",
"guardduty:ListMalwareProtectionPlans",
"guardduty:ListPublishingDestinations",
"guardduty:ListThreatIntelSets",
"healthlake:ListFHIRDatastores",
"iam:ListGroups",
"iam:ListInstanceProfiles",
"iam:ListOpenIDConnectProviders",
"iam:ListPolicies",
"iam:ListRoles",
"iam:ListSAMLProviders",
"iam:ListServerCertificates",
"iam:ListUsers",
"iam:ListVirtualMFADevices",
"imagebuilder:ListComponentBuildVersions",
"imagebuilder:ListComponents",
"imagebuilder:ListContainerRecipes",
"imagebuilder:ListDistributionConfigurations",
"imagebuilder:ListImageBuildVersions",
"imagebuilder:ListImagePipelines",
"imagebuilder:ListImageRecipes",
"imagebuilder:ListImages",
"imagebuilder:ListInfrastructureConfigurations",
"inspector2:ListFilters",
"inspector:ListAssessmentTemplates",
"iot:ListAuthorizers",
"iot:ListBillingGroups",
"iot:ListCACertificates",
"iot:ListCertificates",
"iot:ListFleetMetrics",
"iot:ListJobTemplates",
"iot:ListJobs",
"iot:ListMitigationActions",
"iot:ListPolicies",
"iot:ListProvisioningTemplates",
"iot:ListRoleAliases",
"iot:ListScheduledAudits",
"iot:ListSecurityProfiles",
"iot:ListThingGroups",
"iot:ListThingTypes",
"iot:ListThings",
"iot:ListTopicRuleDestinations",
"iot:ListTopicRules",
"iotanalytics:ListChannels",
"iotanalytics:ListDatasets",
"iotanalytics:ListDatastores",
"iotanalytics:ListPipelines",
"iotdeviceadvisor:ListSuiteDefinitions",
"iotevents:ListAlarmModels",
"iotevents:ListDetectorModels",
"iotevents:ListInputs",
"iotfleethub:ListApplications",
"iotfleetwise:ListDecoderManifests",
"iotfleetwise:ListModelManifests",
"iotfleetwise:ListSignalCatalogs",
"iotfleetwise:ListVehicles",
"iotsitewise:ListAccessPolicies",
"iotsitewise:ListAssetModels",
"iotsitewise:ListAssets",
"iotsitewise:ListDashboards",
"iotsitewise:ListGateways",
"iotsitewise:ListPortals",
"iotsitewise:ListProjects",
"iottwinmaker:ListComponentTypes",
"iottwinmaker:ListEntities",
"iottwinmaker:ListSyncJobs",
"iottwinmaker:ListWorkspaces",
"iotwireless:ListDestinations",
"iotwireless:ListDeviceProfiles",
"iotwireless:ListFuotaTasks",
"iotwireless:ListMulticastGroups",
"iotwireless:ListPartnerAccounts",
"iotwireless:ListServiceProfiles",
"iotwireless:ListWirelessDevices",
"iotwireless:ListWirelessGatewayTaskDefinitions",
"iotwireless:ListWirelessGateways",
"ivs:ListChannels",
"ivs:ListEncoderConfigurations",
"ivs:ListIngestConfigurations",
"ivs:ListPlaybackKeyPairs",
"ivs:ListPlaybackRestrictionPolicies",
"ivs:ListRecordingConfigurations",
"ivs:ListStorageConfigurations",
"ivs:ListStreamKeys",
"ivschat:ListLoggingConfigurations",
"ivschat:ListRooms",
"ivschat:ListTagsForResource",
"kafka:ListClusters",
"kafka:ListConfigurations",
"kendra-ranking:ListRescoreExecutionPlans",
"kendra:ListAccessControlConfigurations",
"kendra:ListDataSources",
"kendra:ListExperiences",
"kendra:ListFaqs",
"kendra:ListFeaturedResultsSets",
"kendra:ListIndices",
"kendra:ListQuerySuggestionsBlockLists",
"kendra:ListThesauri",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListSignalingChannels",
"kinesisvideo:ListStreams",
"kms:ListKeys",
"lambda:ListCodeSigningConfigs",
"lambda:ListEventSourceMappings",
"lambda:ListFunctions",
"lambda:ListLayerVersions",
"lambda:ListLayers",
"lambda:ListVersionsByFunction",
"lex:ListBotAliases",
"lex:ListBots",
"license-manager:ListDistributedGrants",
"lightsail:GetBuckets",
"lightsail:GetCertificates",
"lightsail:GetContainerServices",
"lightsail:GetDisks",
"logs:DescribeDestinations",
"logs:DescribeLogGroups",
"logs:ListTagsForResource",
"lookoutmetrics:ListAlerts",
"lookoutmetrics:ListAnomalyDetectors",
"lookoutvision:ListProjects",
"m2:ListEnvironments",
"macie2:ListAllowLists",
"macie2:ListCustomDataIdentifiers",
"macie2:ListFindingsFilters",
"macie2:ListMembers",
"managedblockchain:ListAccessors",
"mediaconnect:ListFlows",
"mediaconnect:ListGateways",
"mediapackage-vod:ListAssets",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage-vod:ListPackagingGroups",
"mediapackage:ListChannels",
"mediapackage:ListOriginEndpoints",
"mediastore:ListContainers",
"mediatailor:ListChannels",
"mediatailor:ListLiveSources",
"mediatailor:ListPlaybackConfigurations",
"mediatailor:ListSourceLocations",
"mediatailor:ListVodSources",
"memorydb:DescribeACLs",
"memorydb:DescribeClusters",
"memorydb:DescribeParameterGroups",
"memorydb:DescribeSnapshots",
"memorydb:DescribeSubnetGroups",
"memorydb:DescribeUsers",
"mobiletargeting:GetApps",
"mobiletargeting:GetCampaigns",
"mobiletargeting:GetSegments",
"mobiletargeting:ListTemplates",
"mq:ListBrokers",
"mq:ListConfigurations",
"network-firewall:ListFirewallPolicies",
"network-firewall:ListFirewalls",
"network-firewall:ListRuleGroups",
"networkmanager:DescribeGlobalNetworks",
"networkmanager:GetDevices",
"networkmanager:GetLinks",
"networkmanager:ListAttachments",
"networkmanager:ListCoreNetworks",
"oam:ListSinks",
"omics:ListReferenceStores",
"omics:ListRunGroups",
"omics:ListWorkflows",
"outposts:ListSites",
"organizations:DescribeResourcePolicy",
"organizations:ListPolicies",
"panorama:ListDevices",
"panorama:ListPackages",
"partnercentral:ListEngagementInvitations",
"partnercentral:ListEngagements",
"partnercentral:ListOpportunities",
"partnercentral:ListResourceSnapshotJobs",
"partnercentral:ListResourceSnapshots",
"personalize:ListDatasetGroups",
"personalize:ListDatasets",
"personalize:ListSchemas",
"personalize:ListSolutions",
"pipes:ListPipes",
"profile:ListDomains",
"profile:ListIntegrations",
"profile:ListProfileObjectTypes",
"proton:ListEnvironmentAccountConnections",
"proton:ListEnvironmentTemplates",
"proton:ListServiceTemplates",
"qldb:ListJournalKinesisStreamsForLedger",
"qldb:ListLedgers",
"quicksight:DescribeAccountSubscription",
"quicksight:ListDataSets",
"quicksight:ListDataSources",
"quicksight:ListTemplates",
"quicksight:ListThemes",
"ram:GetResourceShares",
"ram:ListPermissions",
"rds:DescribeBlueGreenDeployments",
"rds:DescribeDBClusterEndpoints",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstanceAutomatedBackups",
"rds:DescribeDBInstances",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBProxies",
"rds:DescribeDBProxyEndpoints",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventSubscriptions",
"rds:DescribeGlobalClusters",
"rds:DescribeOptionGroups",
"rds:DescribeReservedDBInstances",
"redshift:DescribeClusterParameterGroups",
"redshift:DescribeClusterSnapshots",
"redshift:DescribeClusterSubnetGroups",
"redshift:DescribeClusters",
"redshift:DescribeEventSubscriptions",
"redshift:DescribeHsmClientCertificates",
"redshift:DescribeSnapshotCopyGrants",
"redshift:DescribeSnapshotSchedules",
"redshift:DescribeUsageLimits",
"refactor-spaces:ListApplications",
"refactor-spaces:ListEnvironments",
"refactor-spaces:ListRoutes",
"refactor-spaces:ListServices",
"rekognition:DescribeProjects",
"resiliencehub:ListApps",
"resiliencehub:ListResiliencyPolicies",
"resource-explorer-2:GetIndex",
"resource-explorer-2:ListIndexes",
"resource-explorer-2:ListViews",
"resource-groups:ListGroups",
"route53-recovery-control-config:ListClusters",
"route53-recovery-control-config:ListControlPanels",
"route53-recovery-control-config:ListRoutingControls",
"route53-recovery-control-config:ListSafetyRules",
"route53-recovery-readiness:ListCells",
"route53-recovery-readiness:ListReadinessChecks",
"route53-recovery-readiness:ListRecoveryGroups",
"route53-recovery-readiness:ListResourceSets",
"route53:ListHealthChecks",
"route53:ListHostedZones",
"route53domains:ListDomains",
"route53resolver:ListFirewallDomainLists",
"route53resolver:ListFirewallRuleGroupAssociations",
"route53resolver:ListFirewallRuleGroups",
"route53resolver:ListResolverEndpoints",
"route53resolver:ListResolverQueryLogConfigs",
"route53resolver:ListResolverRules",
"rum:ListAppMonitors",
"s3:GetBucketLocation",
"s3:ListAccessPoints",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListMultiRegionAccessPoints",
"s3:ListStorageLensConfigurations",
"s3:ListStorageLensGroups",
"s3express:ListAllMyDirectoryBuckets",
"sagemaker:DescribeInferenceComponent",
"sagemaker:ListActions",
"sagemaker:ListAlgorithms",
"sagemaker:ListAppImageConfigs",
"sagemaker:ListApps",
"sagemaker:ListArtifacts",
"sagemaker:ListClusters",
"sagemaker:ListCodeRepositories",
"sagemaker:ListContexts",
"sagemaker:ListDomains",
"sagemaker:ListEndpointConfigs",
"sagemaker:ListEndpoints",
"sagemaker:ListExperiments",
"sagemaker:ListFeatureGroups",
"sagemaker:ListFlowDefinitions",
"sagemaker:ListHubContents",
"sagemaker:ListHubs",
"sagemaker:ListHumanLoops",
"sagemaker:ListHumanTaskUis",
"sagemaker:ListImageVersions",
"sagemaker:ListImages",
"sagemaker:ListInferenceComponents",
"sagemaker:ListInferenceExperiments",
"sagemaker:ListMlflowTrackingServers",
"sagemaker:ListModelCardVersions",
"sagemaker:ListModelCards",
"sagemaker:ListModelPackageGroups",
"sagemaker:ListModelPackages",
"sagemaker:ListModels",
"sagemaker:ListMonitoringSchedules",
"sagemaker:ListNotebookInstanceLifecycleConfigs",
"sagemaker:ListNotebookInstances",
"sagemaker:ListPartnerApps",
"sagemaker:ListPipelines",
"sagemaker:ListProjects",
"sagemaker:ListSpaces",
"sagemaker:ListStudioLifecycleConfigs",
"sagemaker:ListTrialComponents",
"sagemaker:ListTrials",
"sagemaker:ListUserProfiles",
"sagemaker:ListWorkforces",
"sagemaker:ListWorkteams",
"scheduler:ListScheduleGroups",
"schemas:ListDiscoverers",
"secretsmanager:ListSecrets",
"servicecatalog:ListApplications",
"servicecatalog:ListAttributeGroups",
"servicediscovery:ListServices",
"ses:ListConfigurationSets",
"ses:ListContactLists",
"ses:ListDedicatedIpPools",
"ses:ListEmailIdentities",
"shield:ListProtectionGroups",
"shield:ListProtections",
"signer:ListSigningProfiles",
"sns:ListTopics",
"sqs:ListQueues",
"ssm-incidents:ListResponsePlans",
"ssm:DescribeInstanceInformation",
"ssm:DescribeMaintenanceWindowTargets",
"ssm:DescribeMaintenanceWindowTasks",
"ssm:DescribeMaintenanceWindows",
"ssm:DescribeParameters",
"ssm:DescribeSessions",
"ssm:ListAssociations",
"ssm:ListDocuments",
"ssm:ListResourceDataSync",
"states:ListActivities",
"states:ListStateMachines",
"storagegateway:ListFileShares",
"storagegateway:ListGateways",
"synthetics:DescribeCanaries",
"synthetics:ListGroups",
"transfer:ListAgreements",
"transfer:ListCertificates",
"transfer:ListConnectors",
"transfer:ListProfiles",
"transfer:ListServers",
"transfer:ListUsers",
"transfer:ListWorkflows",
"verifiedpermissions:ListPolicyStores",
"vpc-lattice:ListListeners",
"vpc-lattice:ListRules",
"vpc-lattice:ListServiceNetworkServiceAssociations",
"vpc-lattice:ListServiceNetworks",
"vpc-lattice:ListServices",
"vpc-lattice:ListTargetGroups",
"wafv2:ListIPSets",
"wafv2:ListRegexPatternSets",
"wafv2:ListRuleGroups",
"wafv2:ListWebACLs",
"wellarchitected:ListWorkloads",
"wisdom:ListAssistantAssociations",
"wisdom:ListAssistants",
"wisdom:ListContents",
"wisdom:ListKnowledgeBases",
"workspaces-web:ListPortals",
"workspaces:DescribeConnectionAliases",
"workspaces:DescribeWorkspaces",
"xray:GetSamplingRules"
],
"Resource" : "*"
},
{
"Sid" : "PermissionsForReadGetResources",
"Effect" : "Allow",
"Action" : [
"backup:DescribeRecoveryPoint",
"backup:ListTags",
"bedrock-agentcore:GetAgentRuntime",
"bedrock-agentcore:ListTagsForResource",
"bedrock:GetAgent",
"bedrock:GetAgentActionGroup",
"bedrock:GetAgentCollaborator",
"bedrock:GetAgentKnowledgeBase",
"bedrock:GetFlowAlias",
"bedrock:GetGuardrail",
"bedrock:GetKnowledgeBase",
"bedrock:ListAgentActionGroups",
"bedrock:ListAgentCollaborators",
"bedrock:ListAgentKnowledgeBases",
"bedrock:ListTagsForResource",
"budgets:DescribeBudgetAction",
"budgets:DescribeBudgetActionsForBudget",
"cleanrooms:GetCollaboration",
"cleanrooms:ListMembers",
"cleanrooms:ListTagsForResource",
"cloudformation:GetResource",
"cloudfront:GetDistribution",
"cloudfront:GetDistributionConfig",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventConfiguration",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetInsightSelectors",
"cloudtrail:GetTrail",
"cloudtrail:GetTrailStatus",
"connect:DescribeQueue",
"dataexchange:GetRevision",
"dataexchange:ListTagsForResource",
"dlm:GetLifecyclePolicy",
"dlm:ListTagsForResource",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeContributorInsights",
"dynamodb:DescribeKinesisStreamingDestination",
"dynamodb:DescribeTable",
"dynamodb:DescribeTimeToLive",
"dynamodb:GetResourcePolicy",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeVolumeAttribute",
"ecs:DescribeClusters",
"ecs:DescribeTaskDefinition",
"ecs:ListTagsForResource",
"eks:DescribeCluster",
"elasticfilesystem:DescribeBackupPolicy",
"elasticfilesystem:DescribeFileSystemPolicy",
"elasticfilesystem:DescribeLifecycleConfiguration",
"elasticfilesystem:DescribeReplicationConfigurations",
"elasticloadbalancing:DescribeCapacityReservation",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancerPolicyTypes",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeTargetHealth",
"es:DescribeDomain",
"es:DescribeDomains",
"es:ListDomainsForPackage",
"es:ListTags",
"es:ListVpcEndpointsForDomain",
"events:DescribeRule",
"events:ListTagsForResource",
"events:ListTargetsByRule",
"fis:GetExperiment",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"kendra-ranking:DescribeRescoreExecutionPlan",
"kendra-ranking:ListTagsForResource",
"kinesis:DescribeStreamSummary",
"kinesis:ListTagsForResource",
"kinesis:ListTagsForStream",
"kinesisvideo:DescribeStream",
"kinesisvideo:ListTagsForStream",
"kms:DescribeKey",
"lambda:GetEventSourceMapping",
"lambda:GetFunction",
"lambda:GetFunctionCodeSigningConfig",
"lambda:GetFunctionRecursionConfig",
"lambda:GetFunctionScalingConfig",
"lambda:GetRuntimeManagementConfig",
"lambda:ListTags",
"logs:DescribeIndexPolicies",
"logs:DescribeResourcePolicies",
"logs:GetDataProtectionPolicy",
"mediaconnect:DescribeFlow",
"panorama:DescribeDevice",
"panorama:ListTagsForResource",
"ram:GetPermission",
"rds:ListTagsForResource",
"redshift:DescribeTags",
"resource-explorer-2:GetView",
"route53:GetHostedZone",
"route53:ListQueryLoggingConfigs",
"route53:ListTagsForResource",
"s3:GetAccelerateConfiguration",
"s3:GetAnalyticsConfiguration",
"s3:GetBucketAbac",
"s3:GetBucketCORS",
"s3:GetBucketLogging",
"s3:GetBucketMetadataTableConfiguration",
"s3:GetBucketNotification",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketOwnershipControls",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetIntelligentTieringConfiguration",
"s3:GetInventoryConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetMetricsConfiguration",
"s3:GetReplicationConfiguration",
"s3:ListTagsForResource",
"s3express:GetEncryptionConfiguration",
"s3express:GetLifecycleConfiguration",
"s3express:ListTagsForResource",
"sagemaker:DescribeEndpoint",
"sagemaker:ListTags",
"secretsmanager:DescribeSecret",
"sns:GetDataProtectionPolicy",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic",
"sns:ListTagsForResource",
"sqs:GetQueueAttributes",
"sqs:ListQueueTags",
"xray:ListTagsForResource"
],
"Resource" : "*"
}
]
}
```
## Learn more
+ [Understand versioning for IAM policies](https://docs.aws.amazon.com//IAM/latest/UserGuide/access_policies_managed-versioning.html)
+ [Get started with AWS managed policies and move toward least-privilege permissions](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html#bp-use-aws-defined-policies)