Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
AWSSecurityHubV2ServiceRolePolicy
Descripción: Esta política permite a Security Hub gestionar las reglas de AWS configuración y los recursos del Security Hub en su organización y en su nombre.
AWSSecurityHubV2ServiceRolePolicy es una política administrada de AWS.
Uso de la política
Esta política está asociada a un rol vinculado a un servicio. Esto permite a dicho servicio realizar acciones por usted. No puede asociar esta política a los usuarios, grupos o roles.
Información de la política
-
Tipo: política de Service-linked roles
-
Hora de creación: 10 de junio de 2025 a las 17:37 UTC
-
Hora editada: 5 de mayo de 2026 a las 20:57 UTC
-
ARN:
arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubV2ServiceRolePolicy
Versión de la política
Versión de la política: v7 (predeterminada)
La versión predeterminada de la política define qué permisos tendrá. Cuando un usuario o un rol con la política solicita el acceso a un AWS recurso, AWS comprueba la versión predeterminada de la política para determinar si permite la solicitud.
Documento de política JSON
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "SecurityHubV2ServiceRoleAssetsConfig", "Effect" : "Allow", "Action" : [ "config:DeleteServiceLinkedConfigurationRecorder", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:PutServiceLinkedConfigurationRecorder" ], "Resource" : [ "arn:aws:config:*:*:configuration-recorder/AWSConfigurationRecorderForSecurityHubAssets/*", "arn:aws:config:*:*:configuration-recorder/AWSConfigurationRecorderForSecurityHubAssetsGlobal/*" ] }, { "Sid" : "SecurityHubV2ServiceRoleAssetsIamPermissions", "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : "arn:aws:iam::*:role/aws-service-role/config.amazonaws.com/AWSServiceRoleForConfig", "Condition" : { "StringEquals" : { "iam:AWSServiceName" : "config.amazonaws.com" } } }, { "Sid" : "SecurityHubV2ServiceRoleSecurityHubPermissions", "Effect" : "Allow", "Action" : [ "securityhub:DisableSecurityHubV2", "securityhub:EnableSecurityHubV2", "securityhub:DescribeSecurityHubV2" ], "Resource" : "arn:aws:securityhub:*:*:hubv2/*", "Condition" : { "StringEquals" : { "aws:ResourceAccount" : "${aws:PrincipalAccount}" } } }, { "Sid" : "SecurityHubV2ServiceRoleTagPermissions", "Effect" : "Allow", "Action" : [ "tag:GetResources" ], "Resource" : "*" }, { "Sid" : "SecurityHubV2ServiceRoleOrganizationsPermissionsOnResources", "Effect" : "Allow", "Action" : [ "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit" ], "Resource" : "arn:aws:organizations::*:*" }, { "Sid" : "SecurityHubV2ServiceRoleOrganizationsPermissionsWithoutResources", "Effect" : "Allow", "Action" : [ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren" ], "Resource" : "*" }, { "Sid" : "SecurityHubV2ServiceRoleDelegatedAdminPermissions", "Effect" : "Allow", "Action" : [ "organizations:ListDelegatedAdministrators" ], "Resource" : "*", "Condition" : { "StringEquals" : { "organizations:ServicePrincipal" : [ "securityhub.amazonaws.com" ] } } }, { "Sid" : "SecurityHubV2ServiceRoleEcrListingPermissions", "Effect" : "Allow", "Action" : [ "ecr:DescribeImages", "ecr:DescribeRepositories" ], "Resource" : "*" }, { "Sid" : "SecurityHubV2ServiceRoleLambdaMetricPermissions", "Effect" : "Allow", "Action" : [ "cloudwatch:GetMetricData" ], "Resource" : "*" }, { "Sid" : "SecurityHubV2ServiceRoleLambdaListingPermissions", "Effect" : "Allow", "Action" : [ "lambda:ListFunctions" ], "Resource" : "*" }, { "Sid" : "SecurityHubV2ServiceRoleIamListingPermissions", "Effect" : "Allow", "Action" : [ "iam:ListRoles", "iam:GetAccountSummary" ], "Resource" : "*" }, { "Sid" : "SecurityHubV2ServiceRoleIA2IamPermissions", "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : [ "arn:aws:iam::*:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer" ], "Condition" : { "StringEquals" : { "iam:AWSServiceName" : [ "access-analyzer.amazonaws.com" ] } } }, { "Sid" : "SecurityHubV2ServiceRoleIA2ResAPermissions", "Effect" : "Allow", "Action" : [ "access-analyzer:CreateServiceLinkedAnalyzer", "access-analyzer:DeleteServiceLinkedAnalyzer" ], "Resource" : "arn:*:access-analyzer:*:*:analyzer/*" }, { "Sid" : "SecurityHubV2ServiceRoleIA2ResAListPermissions", "Effect" : "Allow", "Action" : [ "access-analyzer:ListAnalyzers" ], "Resource" : "*" }, { "Sid" : "SecurityHubV2ServiceRoleIA2APIPermissions", "Effect" : "Allow", "Action" : [ "access-analyzer:GetFindingRecommendation", "access-analyzer:GenerateFindingRecommendation" ], "Resource" : "arn:*:access-analyzer:*:*:analyzer/_AccessAnalyzerForSecurityHubV2*" }, { "Sid" : "SecurityHubV2ServiceRoleAPIPolicyPermissions", "Effect" : "Allow", "Action" : [ "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRolePolicy", "iam:GetUserPolicy" ], "Resource" : [ "arn:aws:iam::*:policy/*", "arn:aws:iam::*:role/*", "arn:aws:iam::*:user/*" ] } ] }
Más información
