Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
AWS kebijakan terkelola untuk AWS Config
Kebijakan AWS terkelola adalah kebijakan mandiri yang dibuat dan dikelola oleh AWS. AWS Kebijakan terkelola dirancang untuk memberikan izin bagi banyak kasus penggunaan umum sehingga Anda dapat mulai menetapkan izin kepada pengguna, grup, dan peran.
Perlu diingat bahwa kebijakan AWS terkelola mungkin tidak memberikan izin hak istimewa paling sedikit untuk kasus penggunaan spesifik Anda karena tersedia untuk digunakan semua pelanggan. AWS Kami menyarankan Anda untuk mengurangi izin lebih lanjut dengan menentukan kebijakan yang dikelola pelanggan yang khusus untuk kasus penggunaan Anda.
Anda tidak dapat mengubah izin yang ditentukan dalam kebijakan AWS terkelola. Jika AWS memperbarui izin yang ditentukan dalam kebijakan AWS terkelola, pembaruan akan memengaruhi semua identitas utama (pengguna, grup, dan peran) yang dilampirkan kebijakan tersebut. AWS kemungkinan besar akan memperbarui kebijakan AWS terkelola saat baru Layanan AWS diluncurkan atau API operasi baru tersedia untuk layanan yang ada.
Untuk informasi selengkapnya, lihat kebijakan AWS terkelola di Panduan IAM Pengguna.
AWS kebijakan terkelola: AWSConfigServiceRolePolicy
AWS Config menggunakan peran terkait layanan bernama AWSServiceRoleForConfiguntuk menghubungi AWS layanan lain atas nama Anda. Bila Anda menggunakan AWS Management Console to set up AWS Config, SLR ini secara otomatis dibuat oleh AWS Config jika Anda memilih opsi untuk menggunakan AWS Config SLR bukan peran layanan AWS Identity and Access Management (IAM) Anda sendiri.
Sebuah AWSServiceRoleForConfigSLRberisi kebijakan terkelolaAWSConfigServiceRolePolicy. Kebijakan terkelola ini berisi izin hanya-baca dan hanya-tulis untuk AWS Config sumber daya dan izin hanya-baca untuk sumber daya di layanan lain yang mendukung. AWS Config Untuk informasi selengkapnya, silakan lihat Jenis Sumber Daya yang Didukung untuk AWS Config dan Menggunakan Peran Tertaut Layanan untuk AWS Config.
Lihat kebijakan: AWSConfigServiceRolePolicy.
AWS kebijakan terkelola: AWS_ConfigRole
Untuk merekam konfigurasi AWS sumber daya Anda, AWS Config memerlukan IAM izin untuk mendapatkan detail konfigurasi tentang sumber daya Anda. Jika ingin membuat IAM peran AWS Config, Anda dapat menggunakan kebijakan terkelola AWS_ConfigRole dan melampirkannya ke IAM peran Anda.
IAMKebijakan ini diperbarui setiap kali AWS Config menambahkan dukungan untuk jenis AWS sumber daya. Ini berarti bahwa AWS Config akan terus memiliki izin yang diperlukan untuk merekam data konfigurasi jenis sumber daya yang didukung selama AWS_ConfigRoleperan memiliki kebijakan terkelola ini dilampirkan. Untuk informasi selengkapnya, silakan lihat Jenis Sumber Daya yang Didukung untuk AWS Config dan Izin untuk IAM Peran yang Ditugaskan AWS Config.
Lihat kebijakan: AWS_ConfigRole.
AWS kebijakan terkelola: AWSConfigUserAccess
IAMKebijakan ini menyediakan akses untuk digunakan AWS Config, termasuk mencari berdasarkan tag pada sumber daya dan membaca semua tag. Ini tidak memberikan izin untuk mengkonfigurasi AWS Config, yang membutuhkan hak administratif.
Lihat kebijakan: AWSConfigUserAccess.
AWS kebijakan terkelola: ConfigConformsServiceRolePolicy
Untuk menyebarkan dan mengelola paket kesesuaian, AWS Config memerlukan IAM izin dan izin tertentu dari layanan lain. AWS Ini memungkinkan Anda untuk menyebarkan dan mengelola paket kesesuaian dengan fungsionalitas penuh dan diperbarui setiap kali AWS Config menambahkan fungsionalitas baru untuk paket kesesuaian. Untuk informasi selengkapnya tentang paket kesesuaian, lihat Paket kesesuaian.
Lihat kebijakan: ConfigConformsServiceRolePolicy.
AWS kebijakan terkelola: AWSConfigRulesExecutionRole
Untuk menerapkan Aturan Lambda AWS Kustom AWS Config , IAM memerlukan izin dan izin tertentu dari layanan lain. AWS Ini memungkinkan AWS Lambda fungsi untuk mengakses AWS Config API dan snapshot konfigurasi yang AWS Config dikirimkan secara berkala ke Amazon S3. Akses ini diperlukan oleh fungsi yang mengevaluasi perubahan konfigurasi untuk aturan Lambda AWS Kustom dan diperbarui setiap kali AWS Config menambahkan fungsionalitas baru. Untuk informasi selengkapnya tentang Aturan Lambda AWS Kustom, lihat Membuat Aturan AWS Config Lambda Kustom dan Komponen Aturan. AWS Config Untuk informasi selengkapnya tentang snapshot konfigurasi, lihat Konsep | Snapshot Konfigurasi. Untuk informasi selengkapnya tentang pengiriman snapshot konfigurasi, lihat Mengelola Saluran Pengiriman.
Lihat kebijakan: AWSConfigRulesExecutionRole.
AWS kebijakan terkelola: AWSConfigMultiAccountSetupPolicy
Untuk menyebarkan, memperbarui, dan menghapus AWS Config aturan dan paket kesesuaian secara terpusat di seluruh akun anggota dalam organisasi AWS Organizations, AWS Config memerlukan IAM izin dan izin tertentu dari layanan lain. AWS Kebijakan terkelola ini diperbarui setiap kali AWS Config menambahkan fungsionalitas baru untuk penyiapan multi-akun. Untuk informasi selengkapnya, lihat Mengelola AWS Config Aturan di Semua Akun di Organisasi Anda dan Mengelola Paket Kesesuaian di Semua Akun di Organisasi Anda.
Lihat kebijakan: AWSConfigMultiAccountSetupPolicy.
AWS kebijakan terkelola: AWSConfigRoleForOrganizations
AWS Config Untuk memungkinkan panggilan hanya-baca AWS Organizations APIs, AWS Config memerlukan IAM izin dan izin tertentu dari layanan lain. AWS Kebijakan terkelola ini diperbarui setiap kali AWS Config menambahkan fungsionalitas baru untuk penyiapan multi-akun. Untuk informasi selengkapnya, lihat Mengelola AWS Config Aturan di Semua Akun di Organisasi Anda dan Mengelola Paket Kesesuaian di Semua Akun di Organisasi Anda.
Lihat kebijakan: AWSConfigRoleForOrganizations.
AWS kebijakan terkelola: AWSConfigRemediationServiceRolePolicy
Untuk AWS Config memperbolehkan memulihkan NON_COMPLIANT sumber daya atas nama Anda, AWS Config memerlukan IAM izin dan izin tertentu dari layanan lain. AWS Kebijakan terkelola ini diperbarui setiap kali AWS Config menambahkan fungsionalitas baru untuk remediasi. Untuk informasi selengkapnya tentang remediasi, lihat Remediating Noncompliant Resources with Rules. AWS Config Untuk informasi lebih lanjut tentang kondisi yang memulai kemungkinan hasil AWS Config evaluasi, lihat Konsep | AWS Config Aturan.
Lihat kebijakan: AWSConfigRemediationServiceRolePolicy.
AWS Config pembaruan kebijakan AWS terkelola
Lihat detail tentang pembaruan kebijakan AWS terkelola AWS Config sejak layanan ini mulai melacak perubahan ini. Untuk peringatan otomatis tentang perubahan pada halaman ini, berlangganan RSS feed di halaman Riwayat AWS Config dokumen.
| Perubahan | Deskripsi | Tanggal |
|---|---|---|
|
AWSConfigServiceRolePolicy— Tambahkan "organizations:ListAWSServiceAccessForOrganization" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Organizations. |
Desember 18, 2024 |
|
AWS_ConfigRole— Tambahkan "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS AppConfig,, Amazon Connect AWS CloudTrail, Amazon, Amazon DevOps Guru DataZone,, Toko Identitas AWS Glue,,, AWS IoT AWS IoT FleetWise, Layanan Video Interaktif Amazon (AmazonIVS) AWS IoT Wireless, CloudWatch Log Amazon, Manajer Akses CloudWatch Observabilitas Amazon,, Layanan Database Relasional Amazon (Amazon) AWS Payment Cryptography, Rekognition RDS Amazon, Layanan Penyimpanan Sederhana Amazon (Amazon S3), Amazon Scheduler,, dan Amazon Lattice. EventBridge AWS Systems Manager VPC |
November 7, 2024 |
|
AWSConfigServiceRolePolicy— Tambahkan "app-integrations:GetApplication", "app-integrations:ListApplications", "app-integrations:ListTagsForResource", "appconfig:GetExtension", "appconfig:ListExtensions", "cloudtrail:GetInsightSelectors", "connect:DescribeQueue", "connect:DescribeRoutingProfile", "connect:DescribeSecurityProfile", "connect:ListQueueQuickConnects", "connect:ListQueues", "connect:ListRoutingProfileQueues", "connect:ListRoutingProfiles", "connect:ListSecurityProfileApplications", "connect:ListSecurityProfilePermissions", "connect:ListSecurityProfiles", "datazone:GetDomain", "datazone:ListDomains", "devops-guru:ListNotificationChannels", "glue:GetRegistry", "glue:ListRegistries", "identitystore:DescribeGroup", "identitystore:DescribeGroupMembership" "identitystore:ListGroupMemberships", "identitystore:ListGroups", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:ListThingGroups", "iot:ListThingTypes", "iotfleetwise:GetDecoderManifest", "iotfleetwise:GetFleet", "iotfleetwise:GetModelManifest", "iotfleetwise:GetSignalCatalog", "iotfleetwise:GetVehicle", "iotfleetwise:ListDecoderManifestNetworkInterfaces", "iotfleetwise:ListDecoderManifests", "iotfleetwise:ListDecoderManifestSignals", "iotfleetwise:ListFleets", "iotfleetwise:ListModelManifestNodes", "iotfleetwise:ListModelManifests", "iotfleetwise:ListSignalCatalogNodes", "iotfleetwise:ListSignalCatalogs", "iotfleetwise:ListTagsForResource", "iotfleetwise:ListVehicles", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetWirelessGateway", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListWirelessGateways", "ivschat:GetLoggingConfiguration", "ivschat:GetRoom" "ivschat:ListLoggingConfigurations", "ivschat:ListRooms", "ivschat:ListTagsForResource", "logs:GetLogAnomalyDetector", "logs:ListLogAnomalyDetectors", "oam:GetSink" "oam:GetSinkPolicy", "oam:ListSinks", "payment-cryptography:GetAlias", "payment-cryptography:GetKey", "payment-cryptography:ListAliases", "payment-cryptography:ListKeys", "payment-cryptography:ListTagsForResource", "rds:DescribeDBProxyTargetGroups", "rds:DescribeDBProxyTargets", "rekognition:DescribeProjects", "s3:GetStorageLensGroup", "s3:ListStorageLensGroups", "s3:ListTagsForResource", "scheduler:GetScheduleGroup", "scheduler:ListScheduleGroups", "scheduler:ListTagsForResource", "ssm:GetServiceSetting", "vpc-lattice:GetAccessLogSubscription", "vpc-lattice:GetService", "vpc-lattice:GetServiceNetwork", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListAccessLogSubscriptions", "vpc-lattice:ListServiceNetworks", "vpc-lattice:ListServices", "vpc-lattice:ListTagsForResource", "vpc-lattice:ListTargetGroups", and "vpc-lattice:ListTargets" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS AppConfig,, Amazon Connect AWS CloudTrail, Amazon, Amazon DevOps Guru DataZone,, Toko Identitas AWS Glue,,, AWS IoT AWS IoT FleetWise, Layanan Video Interaktif Amazon (AmazonIVS) AWS IoT Wireless, CloudWatch Log Amazon, Manajer Akses CloudWatch Observabilitas Amazon,, Layanan Database Relasional Amazon (Amazon) AWS Payment Cryptography, Rekognition RDS Amazon, Layanan Penyimpanan Sederhana Amazon (Amazon S3), Amazon Scheduler,, dan Amazon Lattice. EventBridge AWS Systems Manager VPC |
November 7, 2024 |
|
AWS_ConfigRole— Tambahkan "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon OpenSearch Service Severless AppStream, Amazon,,, AWS Backup AWS CloudTrail, EC2 Image Builder AWS Glue, AWS IoT Amazon Interactive Video Service IVS (Amazon),,,, AWS Elemental MediaConnect AWS Elemental MediaTailor AWS HealthOmics, dan Amazon EventBridge Scheduler. |
September 16, 2024 |
|
AWSConfigServiceRolePolicy— Tambahkan "aoss:BatchGetCollection," "aoss:BatchGetLifecyclePolicy," "aoss:BatchGetVpcEndpoint," "aoss:GetAccessPolicy," "aoss:GetSecurityConfig," "aoss:GetSecurityPolicy," "aoss:ListAccessPolicies," "aoss:ListCollections," "aoss:ListLifecyclePolicies," "aoss:ListSecurityConfigs," "aoss:ListSecurityPolicies," "aoss:ListVpcEndpoints," "appstream:DescribeAppBlockBuilders," "backup:GetRestoreTestingPlan," "backup:GetRestoreTestingSelection", "backup:ListRestoreTestingPlans," "backup:ListRestoreTestingSelections," "cloudTrail:GetChannel, "cloudTrail:ListChannels," "glue:GetTrigger," "glue:ListTriggers, "imagebuilder:GetLifecyclePolicy," "imagebuilder:ListLifecyclePolicies," "iot:DescribeBillingGroup," "iot:ListBillingGroups," "ivs:GetEncoderConfiguration," "ivs:GetPlaybackRestrictionPolicy," "ivs:GetStage," "ivs:GetStorageConfiguration," "ivs:ListEncoderConfigurations," "ivs:ListPlaybackRestrictionPolicies," "ivs:ListStages," "ivs:ListStorageConfigurations," "mediaconnect:DescribeBridge", "mediaconnect:DescribeGatewa," "mediaconnect:ListBridges," "mediaconnect:ListGateways", "mediatailor:DescribeChannel," "mediatailor:DescribeLiveSource," "mediatailor:DescribeSourceLocation," "mediatailor:DescribeVodSource", "mediatailor:ListChannels," "mediatailor:ListLiveSources", "mediatailor:ListSourceLocations," "mediatailor:ListVodSources," "omics:GetWorkflow," "omics:ListWorkflows," "scheduler:GetSchedule," and "scheduler:ListSchedules" |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon OpenSearch Service Severless AppStream, Amazon,,, AWS Backup AWS CloudTrail, EC2 Image Builder AWS Glue, AWS IoT Amazon Interactive Video Service IVS (Amazon),,,, AWS Elemental MediaConnect AWS Elemental MediaTailor AWS HealthOmics, dan Amazon EventBridge Scheduler. |
September 16, 2024 |
|
AWS_ConfigRole— Tambahkan "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic File System (AmazonEFS), Amazon Manajer Sistem AWS untuk SAP Redshift, dan. |
Juni 17, 2024 |
|
AWSConfigServiceRolePolicy— Tambahkan "elasticfilesystem:DescribeTags," "redshift:DescribeTags," and "ssm-sap:ListTagsForResource" |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic File System (AmazonEFS), Amazon Manajer Sistem AWS untuk SAP Redshift, dan. |
Juni 17, 2024 |
| AWS_ConfigRole— Tambahkan "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
Kebijakan ini sekarang mendukung izin tambahan untuk Layanan Terkelola Amazon untuk Prometheus, Amazon, Amazon CloudWatch Cognito, Amazon, Amazon,, AWS Glue( AWS Identity and Access Management ), ElastiCache,, FSx Amazon AWS RAM Redshift Tanpa ServerIAM, AWS Lambda Amazon AI, dan Layanan Pemberitahuan Sederhana Amazon (Amazon). SageMaker SNS |
Februari 22, 2024 |
| AWSConfigServiceRolePolicy— Tambahkan "aps:DescribeAlertManagerDefinition," "cloudwatch:DescribeAlarmsForMetric," "cognito-identity:DescribeIdentityPool, "cognito-identity:GetPrincipalTagAttributeMap," "elasticache:DescribeCacheSecurityGroups," "elasticache:DescribeUserGroups," "elasticache:DescribeUsers," "elasticache:DescribeGlobalReplicationGroups," "fsx:DescribeDataRepositoryAssociations," "glue:GetDatabase," "glue:GetDatabases," "iam:ListUsers," "lambda:GetLayerVersion," "lambda:ListLayers," "lambda:ListLayerVersions," "ram:GetPermission," "ram:ListPermissionAssociations," "ram:ListPermissions," "ram:ListPermissionVersions," "redshift-serverless:GetNamespace," "redshift-serverless:GetWorkgroup," "redshift-serverless:ListNamespaces," "redshift-serverless:ListTagsForResource," "redshift-serverless:ListWorkgroups," "sagemaker:DescribeInferenceExperiment," "sagemaker:ListInferenceExperiments," and "sns:GetSMSSandboxAccountStatus" |
Kebijakan ini sekarang mendukung izin tambahan untuk Layanan Terkelola Amazon untuk Prometheus, Amazon, Amazon CloudWatch Cognito, Amazon, Amazon,, AWS Glue( AWS Identity and Access Management ), ElastiCache,, FSx Amazon AWS RAM Redshift Tanpa ServerIAM, AWS Lambda Amazon AI, dan Layanan Pemberitahuan Sederhana Amazon (Amazon). SageMaker SNS |
Februari 22, 2024 |
|
AWSConfigUserAccess— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini |
Kebijakan ini menyediakan akses untuk digunakan AWS Config, termasuk mencari berdasarkan tag pada sumber daya dan membaca semua tag. Ini tidak memberikan izin untuk mengkonfigurasi AWS Config, yang membutuhkan hak administratif. |
Februari 22, 2024 |
| AWS_ConfigRole— Tambahkan "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS AppConfig, Amazon Managed Service for Prometheus, (), (AWS DMS) AWS Database Migration Service , Amazon Managed Streaming for Apache Kafka (Amazon AWS Identity and Access Management)IAM, Amazon Logs AWS Organizations, dan Amazon Simple Storage Service ( CloudWatch Amazon S3MSK). |
Desember 5, 2023 |
| AWSConfigServiceRolePolicy— Tambahkan "appconfig:GetExtensionAssociation," "appconfig:ListExtensionAssociations," "aps:DescribeLoggingConfiguration," "dms:DescribeReplicationTaskAssessmentRuns," "iam:GetOpenIDConnectProvider," "iam:ListOpenIDConnectProviders," "kafka:DescribeVpcConnection," "kafka:GetClusterPolicy," "kafka:ListVpcConnections," "logs:DescribeMetricFilters," "organizations:ListDelegatedAdministrators," "s3:GetBucketPolicyStatus," "s3express:GetBucketPolicy," and "s3express:ListAllMyDirectoryBuckets" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS AppConfig, Amazon Managed Service for Prometheus, (), (AWS DMS) AWS Database Migration Service , Amazon Managed Streaming for Apache Kafka (Amazon AWS Identity and Access Management)IAM, Amazon Logs AWS Organizations, dan Amazon Simple Storage Service ( CloudWatch Amazon S3MSK). |
5 Desember 2023 |
| AWS_ConfigRole— Tambahkan "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Cognito, Amazon Connect, Amazon,, AWS Ground Station, EMR Amazon MemoryDB AWS Mainframe Modernization,, Amazon AWS Organizations, QuickSight Amazon Relational Database Service (Amazon), RDS Amazon Redshift, Amazon Route 53, dan. AWS Service Catalog AWS Transfer Family |
17 November 2023 |
| AWS_ConfigRole— Tambahkan "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
Kebijakan ini sekarang menambahkan pengidentifikasi keamanan (SID) untuk |
17 November 2023 |
| AWSConfigServiceRolePolicy— Tambahkan "backup:DescribeProtectedResource," "cognito-identity:GetIdentityPoolRoles," "cognito-identity:ListIdentityPools," "cognito-identity:ListTagsForResource," "cognito-idp:DescribeIdentityProvider," "cognito-idp:DescribeResourceServer," "cognito-idp:DescribeUserPool," "cognito-idp:DescribeUserPoolClient," "cognito-idp:DescribeUserPoolDomain," "cognito-idp:GetGroup," "cognito-idp:GetUserPoolMfaConfig," "cognito-idp:ListGroups," "cognito-idp:ListIdentityProviders," "cognito-idp:ListResourceServers," "cognito-idp:ListUserPoolClients," "cognito-idp:ListUserPools," "cognito-idp:ListTagsForResource," "connect:DescribeEvaluationForm," "connect:DescribeInstanceStorageConfig," "connect:DescribePrompt," "connect:DescribeRule," "connect:DescribeUser," "connect:GetTaskTemplate," "connect:ListApprovedOrigins," "connect:ListEvaluationForms," "connect:ListInstanceStorageConfigs," "connect:ListIntegrationAssociations," "connect:ListPrompts," "connect:ListRules," "connect:ListSecurityKeys," "connect:ListTagsForResource," "connect:ListTaskTemplates," "connect:ListUsers," "emr-containers:DescribeVirtualCluster," "emr-containers:ListVirtualClusters," "emr-serverless:GetApplication," "emr-serverless:ListApplications," "groundstation:GetDataflowEndpointGroup," "groundstation:ListDataflowEndpointGroups," "m2:GetEnvironment," "m2:ListEnvironments," "m2:ListTagsForResource," "memorydb:DescribeAcls," "memorydb:DescribeClusters," "memorydb:DescribeParameterGroups," "memorydb:DescribeParameters," "memorydb:DescribeSubnetGroups," "organizations:ListRoots," "quicksight:DescribeAccountSubscription," "quicksight:DescribeDataSetRefreshProperties," "rds:DescribeEngineDefaultClusterParameters," "redshift:DescribeEndpointAccess," "redshift:DescribeEndpointAuthorization," "route53:GetChange," "route53:ListCidrBlocks," "route53:ListCidrLocations," "serviceCatalog:DescribePortfolioShares," "transfer:DescribeProfile," and "transfer:ListProfiles" |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Cognito, Amazon Connect, Amazon,, AWS Ground Station, EMR Amazon MemoryDB AWS Mainframe Modernization,, Amazon AWS Organizations, QuickSight Amazon Relational Database Service (Amazon), RDS Amazon Redshift, Amazon Route 53, dan. AWS Service Catalog AWS Transfer Family |
17 November 2023 |
| AWSConfigServiceRolePolicy— Tambahkan "Sid": "AWSConfigServiceRolePolicyStatementID," "Sid": "AWSConfigSLRLogStatementID," "Sid": "AWSConfigSLRLogEventStatementID," and "Sid": "AWSConfigSLRApiGatewayStatementID" |
Kebijakan ini sekarang menambahkan pengidentifikasi keamanan (SID) untuk |
17 November 2023 |
| AWS_ConfigRole— Tambahkan "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Private CA,, Amazon Connect AWS App Mesh, Amazon Elastic Container Service (AmazonECS), Amazon CloudWatch Jelas, Amazon Managed Grafana, Amazon, Amazon GuardDuty Inspector,, AWS IoT, AWS IoT TwinMaker Amazon Managed Streaming untuk Apache Kafka (Amazon),,,,, dan MSK Amazon AWS Lambda AI. AWS Network Manager AWS Organizations SageMaker |
4 Oktober 2023 |
| AWSConfigServiceRolePolicy— Tambahkan "acm-pca:GetCertificateAuthorityCertificate," "appmesh:DescribeMesh," "appmesh:ListGatewayRoutes," "connect:DescribeInstance," "connect:DescribeQuickConnect," "connect:ListQuickConnects," "ecs:DescribeCapacityProviders," "evidently:GetSegment," "evidently:ListSegments," "grafana:DescribeWorkspace," "grafana:DescribeWorkspaceAuthentication," "grafana:DescribeWorkspaceConfiguration," "grafana:DescribeWorkspaceConfiguration," "guardduty:GetMemberDetectors," "inspector2:BatchGetAccountStatus," "inspector2:GetDelegatedAdminAccount," "inspector2:ListMembers," "iot:DescribeCACertificate," "iot:ListCACertificates," "iot:ListTagsForResource," "iottwinmaker:GetSyncJob," "iottwinmaker:ListSyncJobs," "kafka:ListTagsForResource," "kafkaconnect:DescribeConnector," "kafkaconnect:ListConnectors," "lambda:GetCodeSigningConfig," "lambda:ListCodeSigningConfigs," "lambda:ListTags," "networkmanager:GetConnectPeer," "organizations:DescribeOrganization," "organizations:ListTargetsForPolicy," "sagemaker:DescribeDataQualityJob," "sagemaker:DescribeModelExplainabilityJob," "sagemaker:ListDataQualityJob," and "sagemaker:ExplainabilityJob" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Private CA,, Amazon Connect AWS App Mesh, Amazon Elastic Container Service (AmazonECS), Amazon CloudWatch Jelas, Amazon Managed Grafana, Amazon, Amazon GuardDuty Inspector,, AWS IoT, AWS IoT TwinMaker Amazon Managed Streaming untuk Apache Kafka (Amazon),,,,, dan MSK Amazon AWS Lambda AI. AWS Network Manager AWS Organizations SageMaker |
4 Oktober 2023 |
| AWSConfigServiceRolePolicy— Hapus "ssm:GetParameter" |
Kebijakan ini sekarang menghapus izin untuk AWS Systems Manager (Systems Manager). |
September 6, 2023 |
| AWS_ConfigRole— Tambahkan "appmesh:DescribeGatewayRoute","appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", and "sns:GetDataProtectionPolicy" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS App Mesh,, Amazon AWS CloudFormation, Amazon Connect CloudFront AWS CodeArtifact, AWS CodeBuild, Amazon, AWS Identity and Access Management (IAM) AWS Glue, Amazon GuardDuty Inspector AWS IoT,,,, Amazon Managed Streaming untuk Apache Kafka AWS IoT TwinMaker AWS IoT Wireless, Amazon AWS Elemental MediaConnect AWS Network Manager Macie,,,, Amazon Route 53 AWS Organizations Penjelajah Sumber Daya AWS, Amazon Simple Storage Service (Amazon S3), dan Layanan Pemberitahuan Sederhana Amazon (Amazon). SNS |
28 Juli 2023 |
| AWSConfigServiceRolePolicy— Tambahkan "appmesh:DescribeGatewayRoute", "appstream:DescribeStacks", "aps:ListTagsForResource", "cloudfront:GetFunction", "cloudfront:GetOriginAccessControl", "cloudfront:ListFunctions", "cloudfront:ListOriginAccessControls", "codeartifact:ListPackages", "codeartifact:ListPackageVersions", "codebuild:BatchGetReportGroups", "codebuild:ListReportGroups", "connect:ListInstanceAttributes", "connect:ListInstances", "glue:GetPartition", "glue:GetPartitions", "guardduty:GetAdministratorAccount", "iam:ListInstanceProfileTags", "inspector2:ListFilters", "iot:DescribeJobTemplate", "iot:DescribeProvisioningTemplate", "iot:ListJobTemplates", "iot:ListProvisioningTemplates", "iottwinmaker:GetComponentType", "iottwinmaker:ListComponentTypes", "iotwireless:GetFuotaTask", "iotwireless:GetMulticastGroup", "iotwireless:ListFuotaTasks", "iotwireless:ListMulticastGroups", "kafka:ListScramSecrets", "macie2:ListTagsForResource", "mediaconnect:ListTagsForResource", "networkmanager:GetConnectPeer", "networkmanager:ListConnectPeers", "organizations:DescribeEffectivePolicy", "organizations:DescribeResourcePolicy", "resource-explorer-2:GetIndex", "resource-explorer-2:ListIndexes", "resource-explorer-2:ListTagsForResource", "route53:ListCidrCollections", "s3:GetMultiRegionAccessPointPolicy", "s3:GetMultiRegionAccessPointPolicyStatus", "sns:GetDataProtectionPolicy", "ssm:DescribeParameters", "ssm:GetParameter", and "ssm:ListTagsForResource" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS App Mesh, Amazon AppStream 2.0,, Amazon,, AWS CloudFormation, Amazon Connect CloudFront, AWS CodeArtifact, Amazon AWS CodeBuild, AWS Identity and Access Management (IAM) AWS Glue, Amazon Inspector GuardDuty AWS IoT,,,,, Amazon Managed Streaming untuk Apache Kafka AWS IoT TwinMaker AWS IoT Wireless, Amazon AWS Elemental MediaConnect AWS Network Manager Macie,,,, Amazon Route 53 AWS Organizations Penjelajah Sumber Daya AWS, Amazon Simple Storage Service (Amazon S3) Amazon S3, Amazon Layanan Pemberitahuan Sederhana (Amazon), dan Amazon Systems Manager SNS (). EC2 SSM |
28 Juli 2023 |
| AWS_ConfigRole— Tambahkan "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", “dynamodb:DescribeTableReplicaAutoScaling" "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases" "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Amplify, Amazon Connect,, Amazon Managed Service untuk Prometheus AWS App Mesh, Amazon AWS Batch Athena,,,,, Amazon,, Amazon DynamoDB AWS CloudFormation AWS CloudTrail AWS CodeArtifact, Amazon Elastic Compute Cloud (Amazon) CodeGuru AWS Directory Service, Amazon Terbukti AWS Organizations,, Amazon Forecast,,,, (EC2), CloudWatch Amazon Managed Streaming untuk Apache Kafka Kafka AWS IoT Greengrass( AWS Identity and Access Management Amazon AWS Ground Station), IAM Amazon Lightsail, Log Amazon,,, Amazon Pinpoint, Amazon MSK CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor Virtual Private Cloud (AmazonVPC), Amazon Personalisasi, Amazon QuickSight,, AWS Migration Hub Refactor Spaces Amazon Simple Storage Service (Amazon S3), Amazon AI,. SageMaker AWS Transfer Family |
13 Juni 2023 |
| AWSConfigServiceRolePolicy— Tambahkan "amplify:GetBranch", "amplify:ListBranches", "app-integrations:GetEventIntegration", "app-integrations:ListEventIntegrationAssociations", "app-integrations:ListEventIntegrations", "appmesh:DescribeRoute", "appmesh:ListRoutes", "aps:ListRuleGroupsNamespaces", "athena:GetPreparedStatement", "athena:ListPreparedStatements", "batch:DescribeSchedulingPolicies", "batch:ListSchedulingPolicies", "cloudformation:ListTypes", "cloudtrail:ListTrails", "codeartifact:ListDomains", "codeguru-profiler:DescribeProfilingGroup", "codeguru-profiler:GetNotificationConfiguration", "codeguru-profiler:GetPolicy", "codeguru-profiler:ListProfilingGroups", "ds:DescribeDomainControllers", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "ec2:DescribeTrafficMirrorFilters", "evidently:GetLaunch", "evidently:ListLaunches", "forecast:DescribeDatasetGroup", "forecast:ListDatasetGroups", "greengrass:DescribeComponent", "greengrass:GetComponent", "greengrass:ListComponents", "greengrass:ListComponentVersions", "groundstation:GetMissionProfile", "groundstation:ListMissionProfiles", "iam:ListGroups", "iam:ListRoles", "kafka:DescribeConfiguration", "kafka:DescribeConfigurationRevision", "kafka:ListConfigurations", "lightsail:GetRelationalDatabases", "logs:ListTagsLogGroup", "mediaconnect:DescribeFlow", "mediaconnect:ListFlows", "mediatailor:GetPlaybackConfiguration", "mediatailor:ListPlaybackConfigurations", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetEmailTemplate", "mobiletargeting:GetEventStream", "mobiletargeting:ListTemplates", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetLinkAssociations", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListTagsForResource", "personalize:DescribeDataset", "personalize:DescribeDatasetGroup", "personalize:DescribeSchema", "personalize:DescribeSolution", "personalize:ListDatasetGroups", "personalize:ListDatasetImportJobs", "personalize:ListDatasets", "personalize:ListSchemas", "personalize:ListSolutions", "personalize:ListTagsForResource", "quicksight:ListTemplates", "refactor-spaces:GetEnvironment", "refactor-spaces:GetService", "refactor-spaces:ListApplications", "refactor-spaces:ListEnvironments", "refactor-spaces:ListServices", "s3:GetAccessPointPolicyStatusForObjectLambda", "sagemaker:DescribeDeviceFleet", "sagemaker:DescribeFeatureGroup", "sagemaker:ListDeviceFleets", "sagemaker:ListFeatureGroups", "sagemaker:ListModels", and "transfer:ListTagsForResource" |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Amplify, Amazon Connect,, Amazon Managed Service untuk Prometheus AWS App Mesh, Amazon AWS Batch Athena,,,,, Amazon,, Amazon DynamoDB AWS CloudFormation AWS CloudTrail AWS CodeArtifact, Amazon Elastic Compute Cloud (Amazon) CodeGuru AWS Directory Service, Amazon Terbukti AWS Organizations,, Amazon Forecast,,,, (EC2), CloudWatch Amazon Managed Streaming untuk Apache Kafka Kafka AWS IoT Greengrass( AWS Identity and Access Management Amazon AWS Ground Station), IAM Amazon Lightsail, Log Amazon,,, Amazon Pinpoint, Amazon MSK CloudWatch AWS Elemental MediaConnect AWS Elemental MediaTailor Virtual Private Cloud (AmazonVPC), Amazon Personalisasi, Amazon QuickSight,, AWS Migration Hub Refactor Spaces Amazon Simple Storage Service (Amazon S3), Amazon AI,. SageMaker AWS Transfer Family |
13 Juni 2023 |
| AWSConfigServiceRolePolicy— Tambahkan amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, GetInstanceTypesFromInstanceRequirement ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk AWS Amplify,,, AWS App Runner Amazon AWS App Mesh CloudFront, AWS CodeArtifact Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon SageMaker AI,, Amazon Pinpoint, AWS Transfer Family, AWS Resilience Hub, Amazon AWS Migration Hub, Directory Service, dan. CloudWatch AWS AWS WAF |
13 April 2023 |
| AWS_ConfigRole— Tambahkan amplify:GetApp, amplify:ListApps, appmesh:DescribeVirtualGateway, appmesh:DescribeVirtualNode, appmesh:DescribeVirtualRouter, appmesh:DescribeVirtualService, appmesh:ListMeshes, appmesh:ListTagsForResource, appmesh:ListVirtualGateways, appmesh:ListVirtualNodes, appmesh:ListVirtualRouters, appmesh:ListVirtualServices, apprunner:DescribeVpcConnector, apprunner:ListVpcConnectors, cloudformation:ListTypes, cloudfront:ListResponseHeadersPolicies, codeartifact:ListRepositories, ds:DescribeEventTopics, ds:ListLogSubscriptions, ec2:GetInstanceTypesFromInstanceRequirement, ec2:GetManagedPrefixListEntries, kendra:DescribeIndex, kendra:ListIndices, kendra:ListTagsForResource, logs:DescribeDestinations, logs:GetDataProtectionPolicy, macie2:DescribeOrganizationConfiguration, macie2:GetAutomatedDiscoveryConfiguration, macie2:GetClassificationExportConfiguration, macie2:GetCustomDataIdentifier, macie2:GetFindingsPublicationConfiguration, macie2:ListCustomDataIdentifiers, mobiletargeting:GetEmailChannel, refactor-spaces:GetEnvironment, refactor-spaces:ListEnvironments, resiliencehub:ListTagsForResource, route53:GetDNSSEC, sagemaker:DescribeDomain, sagemaker:DescribeModelBiasJobDefinition, sagemaker:DescribeModelQualityJobDefinition, sagemaker:DescribePipeline, sagemaker:DescribeProject, sagemaker:ListDomains, sagemaker:ListModelBiasJobDefinitions, sagemaker:ListModelQualityJobDefinitions, sagemaker:ListPipelines, sagemaker:ListProjects, transfer:DescribeAgreement, transfer:DescribeCertificate, transfer:ListAgreements, transfer:ListCertificates, and waf-regional:ListLoggingConfigurations |
Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk AWS Amplify,,, AWS App Runner Amazon AWS App Mesh CloudFront, AWS CodeArtifact Amazon Elastic Compute Cloud, Amazon Kendra, Amazon Macie, Amazon Route 53, Amazon SageMaker AI,, Amazon Pinpoint, AWS Transfer Family, AWS Resilience Hub, Amazon AWS Migration Hub, Directory Service, dan. CloudWatch AWS AWS WAF |
13 April 2023 |
| AWSConfigServiceRolePolicy— Tambahkan appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudfront:GetResponseHeadersPolicy, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Amazon AppFlow,, AWS App Runner Amazon AppStream 2.0, Amazon CloudWatch,,,, CloudFront Amazon CloudWatch Terbukti AWS CodeArtifact AWS CodeCommit, AWS Device Farm Amazon Forecast,, AWS Identity and Access Management (IAM) AWS Ground Station, Amazon MemoryDB, AWS IoT Amazon Pinpoint,,, Amazon AWS Network Manager Relational Database AWS Panorama Service (Amazon), Amazon Redshift, dan RDS Amazon AI. SageMaker |
30 Maret 2023 |
| AWS_ConfigRole— Tambahkan appflow:DescribeFlow, appflow:ListFlows, appflow:ListTagsForResource, apprunner:DescribeService, apprunner:ListServices, apprunner:ListTagsForResource, appstream:DescribeApplications, appstream:DescribeFleets, cloudformation:ListTypes, cloudfront:GetResponseHeadersPolicy, cloudfront:ListDistributions, cloudwatch:ListTagsForResource, codeartifact:DescribeRepository, codeartifact:GetRepositoryPermissionsPolicy, codeartifact:ListTagsForResource, codecommit:GetRepository, codecommit:GetRepositoryTriggers, codecommit:ListRepositories, codecommit:ListTagsForResource, devicefarm:GetInstanceProfile, devicefarm:ListInstanceProfiles, devicefarm:ListProjects, ec2:DescribeTrafficMirrorFilters, evidently:GetProject, evidently:ListProjects, evidently:ListTagsForResource, forecast:DescribeDataset, forecast:ListDatasets, forecast:ListTagsForResource, groundstation:GetConfig, groundstation:ListConfigs, groundstation:ListTagsForResource, iam:GetInstanceProfile, iam:GetSAMLProvider, iam:GetServerCertificate, iam:ListAccessKeys, iam:ListGroups, iam:ListInstanceProfiles, iam:ListMFADevices, iam:ListMFADeviceTags, iam:ListRoles, iam:ListSAMLProviders, iot:DescribeFleetMetric, iot:ListFleetMetrics, memorydb:DescribeUsers, memorydb:ListTags, mobiletargeting:GetApp, mobiletargeting:GetCampaigns, networkmanager:GetDevices, networkmanager:GetLinks, networkmanager:GetSites, panorama:ListNodes, rds:DescribeDBProxyEndpoints, redshift:DescribeScheduledActions, sagemaker:DescribeAppImageConfig, sagemaker:DescribeImage, sagemaker:DescribeImageVersion, sagemaker:ListAppImageConfigs, sagemaker:ListImages, and sagemaker:ListImageVersions |
Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Amazon AppFlow,, AWS App Runner Amazon AppStream 2.0,, AWS CloudFormation Amazon,,, CloudWatch AWS CodeArtifact AWS CodeCommit, CloudFront Amazon Elastic Compute Cloud ( AWS Device Farm Amazon), Amazon CloudWatch TerbuktiEC2, Amazon Forecast,, AWS Identity and Access Management (), AWS Ground Station, Amazon MemoryDBIAM, AWS IoT Amazon Pinpoint,,, Amazon AWS Panorama Relational Database Service ( AWS Network Manager Amazon)RDS, Amazon Redshift, dan Amazon AI. SageMaker |
30 Maret 2023 |
|
AWSConfigRulesExecutionRole— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini |
Kebijakan ini memungkinkan AWS Lambda fungsi mengakses AWS Config API dan snapshot konfigurasi yang AWS Config dikirimkan secara berkala ke Amazon S3. Akses ini diperlukan oleh fungsi yang mengevaluasi perubahan konfigurasi untuk aturan Lambda AWS Kustom. |
7 Maret 2023 |
|
AWSConfigRoleForOrganizations— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini |
Kebijakan ini memungkinkan AWS Config untuk memanggil read-only AWS Organizations APIs. |
7 Maret 2023 |
|
AWSConfigRemediationServiceRolePolicy— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini |
Kebijakan ini memungkinkan AWS Config untuk memulihkan |
7 Maret 2023 |
|
AWSConfigServiceRolePolicy— Tambahkan auditmanager:GetAccountStatus |
Kebijakan ini sekarang memberikan izin untuk mengembalikan status pendaftaran akun di AWS Audit Manager. |
3 Maret 2023 |
|
AWS_ConfigRole— Tambahkan auditmanager:GetAccountStatus |
Kebijakan ini sekarang memberikan izin untuk mengembalikan status pendaftaran akun di AWS Audit Manager. |
3 Maret 2023 |
|
AWSConfigMultiAccountSetupPolicy— AWS Config mulai melacak perubahan untuk kebijakan AWS terkelola ini |
Kebijakan ini memungkinkan AWS Config untuk memanggil AWS layanan dan menyebarkan AWS Config sumber daya di seluruh organisasi dengan AWS Organizations. |
27 Februari 2023 |
|
AWSConfigServiceRolePolicy— Tambahkan airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Apache Airflow, AWS IoT Amazon 2.0, Amazon CodeGuru Reviewer AppStream ,, Amazon Kinesis AWS HealthLake Video Streams, Amazon Application Recovery Controller (ARC), Amazon Elastic Compute Cloud ( AWS Device Farm Amazon), Amazon Pinpoint, (EC2), Amazon, dan Log Amazon. AWS Identity and Access Management IAM GuardDuty CloudWatch |
1 Februari 2023 |
|
AWS_ConfigRole— Tambahkan airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Apache Airflow, AWS IoT Amazon 2.0, Amazon CodeGuru Reviewer AppStream ,, Amazon Kinesis AWS HealthLake Video Streams, Amazon Application Recovery Controller (ARC), Amazon Elastic Compute Cloud ( AWS Device Farm Amazon), Amazon Pinpoint, (EC2), Amazon, dan Log Amazon. AWS Identity and Access Management IAM GuardDuty CloudWatch |
1 Februari 2023 |
|
ConfigConformsServiceRolePolicy— Perbarui config:DescribeConfigRules |
Sebagai praktik terbaik keamanan, kebijakan ini sekarang menghapus izin tingkat sumber daya yang luas untuk. |
Januari 12, 2023 |
|
AWSConfigServiceRolePolicy— Tambahkan APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Managed Service untuk Prometheus AWS Audit Manager,,, (), AWS Device Farm Amazon Elastic Compute Cloud AWS Database Migration Service (Amazon AWS DMS), AWS Directory Service,, Amazon AWS IoT Lightsail,,, AmazonEC2, AWS Glue, Amazon Application Recovery Controller () AWS Elemental MediaPackage QuickSight, AWS Network Manager Amazon Simple ARC Storage Service ( AWS Resource Access Manager Amazon S3), dan Amazon Timestream. |
Desember 15, 2022 |
|
AWS_ConfigRole— Tambahkan APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Managed Service untuk Prometheus AWS Audit Manager,,, (), AWS Device Farm Amazon Elastic Compute Cloud AWS Database Migration Service (Amazon AWS DMS), AWS Directory Service,, Amazon AWS IoT Lightsail,,, AmazonEC2, AWS Glue, Amazon Application Recovery Controller () AWS Elemental MediaPackage QuickSight, AWS Network Manager Amazon Simple ARC Storage Service ( AWS Resource Access Manager Amazon S3), dan Amazon Timestream. |
Desember 15, 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan cloudformation:ListStackResources and cloudformation:ListStacks |
Kebijakan ini sekarang memberikan izin untuk mengembalikan deskripsi semua sumber daya dari AWS CloudFormation tumpukan tertentu dan mengembalikan informasi ringkasan untuk tumpukan yang statusnya cocok dengan yang ditentukan StackStatusFilter. |
7 November 2022 |
|
AWS_ConfigRole— Tambahkan cloudformation:ListStackResources and cloudformation:ListStacks |
Kebijakan ini sekarang memberikan izin untuk mengembalikan deskripsi semua sumber daya dari AWS CloudFormation tumpukan tertentu dan mengembalikan informasi ringkasan untuk tumpukan yang statusnya cocok dengan yang ditentukan StackStatusFilter. |
7 November 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Certificate Manager, Alur Kerja Terkelola Amazon untuk Apache Airflow,,, AWS Amplify Amazon Keyspaces, Amazon, AWS AppConfig Amazon Connect,, Amazon Elastic Compute Cloud ( CloudWatchAmazon) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (AmazonEC2), Amazon,, Amazon AWS Fault Injection Service Fraud Detector, Amazon, Amazon, Amazon, Amazon, EKS Amazon Location Service, Amazon, EventBridge Amazon, Amazon Location Service,, Amazon LexFSx, GameLift Amazon Lightsail, AWS IoT Amazon Pinpoint,,,, Amazon, Basis Data Relasional Amazon AWS OpsWorks AWS Panorama AWS Resource Access Manager QuickSight Layanan (AmazonRDS), Amazon Rekognition,,, Amazon Route 53 AWS RoboMaker AWS Resource Groups, Amazon Simple Storage Service ( AWS Cloud Map Amazon S3),, dan. AWS Security Token Service |
Oktober 19, 2022 |
|
AWS_ConfigRole— Tambahkan acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Certificate Manager, Alur Kerja Terkelola Amazon untuk Apache Airflow,,, AWS Amplify Amazon Keyspaces, Amazon, AWS AppConfig Amazon Connect,, Amazon Elastic Compute Cloud ( CloudWatchAmazon) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (AmazonEC2), Amazon,, Amazon AWS Fault Injection Service Fraud Detector, Amazon, Amazon, Amazon, Amazon, EKS Amazon Location Service, Amazon, EventBridge Amazon, Amazon Location Service,, Amazon LexFSx, GameLift Amazon Lightsail, AWS IoT Amazon Pinpoint,,,, Amazon, Basis Data Relasional Amazon AWS OpsWorks AWS Panorama AWS Resource Access Manager QuickSight Layanan (AmazonRDS), Amazon Rekognition,,, Amazon Route 53 AWS RoboMaker AWS Resource Groups, Amazon Simple Storage Service ( AWS Cloud Map Amazon S3),, dan. AWS Security Token Service |
Oktober 19, 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan Glue::GetTable |
Kebijakan ini sekarang memberikan izin untuk mengambil definisi AWS Glue Tabel dalam Katalog Data untuk tabel tertentu. |
14 September 2022 |
|
AWS_ConfigRole— Tambahkan Glue::GetTable |
Kebijakan ini sekarang memberikan izin untuk mengambil definisi AWS Glue Tabel dalam Katalog Data untuk tabel tertentu. |
14 September 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon AppFlow, Amazon, Amazon, CloudWatch Synthetics Amazon CloudWatch CloudWatch RUM, Profil Pelanggan Amazon Connect, ID Suara Amazon Connect, Amazon Guru, Amazon DevOps Elastic Compute Cloud (AmazonEC2), Amazon EC2 Auto Scaling, Amazon, Amazon, Amazon, EventBridge Skema Amazon,, EMR Detektor Amazon FinSpace Penipuan Amazon EventBridge, Amazon, Amazon, Layanan Video Interaktif Amazon (AmazonIVS) GameLift, Layanan Dikelola Amazon untuk Apache Flink, Image Builder, Amazon EC2 Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon QuickSight Nimble Pinpoint, Amazon, Amazon StudioAmazon , Pengontrol Pemulihan Aplikasi Amazon (),, Layanan Penyimpanan Sederhana Amazon ARC (Amazon S3) Simple Storage S3) Amazon Route 53 Resolver, Amazon SimpleDB, Layanan Email Sederhana Amazon (Amazon), Amazon Timestream,,,,,,,, SES AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, dan AWS Transfer Family. |
7 September 2022 |
|
AWS_ConfigRole— Tambahkan appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon AppFlow, Amazon, Amazon, CloudWatch Synthetics Amazon CloudWatch CloudWatch RUM, Profil Pelanggan Amazon Connect, ID Suara Amazon Connect, Amazon Guru, Amazon DevOps Elastic Compute Cloud (AmazonEC2), Amazon EC2 Auto Scaling, Amazon, Amazon, Amazon, EventBridge Skema Amazon,, EMR Detektor Amazon FinSpace Penipuan Amazon EventBridge, Amazon, Amazon, Layanan Video Interaktif Amazon (AmazonIVS) GameLift, Layanan Dikelola Amazon untuk Apache Flink, Image Builder, Amazon EC2 Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon QuickSight Nimble Pinpoint, Amazon, Amazon StudioAmazon , Pengontrol Pemulihan Aplikasi Amazon (),, Layanan Penyimpanan Sederhana Amazon ARC (Amazon S3) Simple Storage S3) Amazon Route 53 Resolver, Amazon SimpleDB, Layanan Email Sederhana Amazon (Amazon), Amazon Timestream,,,,,,,, SES AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT, AWS IoT Analytics AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager AWS Resilience Hub, AWS Signer, dan AWS Transfer Family |
7 September 2022 |
| AWSConfigServiceRolePolicy— Tambahkan airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries | Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Apache Airflow, AWS IoT Amazon 2.0, Amazon CodeGuru Reviewer AppStream ,, Amazon Kinesis AWS HealthLake Video Streams, Amazon Application Recovery Controller (ARC), Amazon Elastic Compute Cloud ( AWS Device Farm Amazon), Amazon Pinpoint, (EC2), Amazon, dan Log Amazon. AWS Identity and Access Management IAM GuardDuty CloudWatch | 1 Februari 2023 |
|
AWS_ConfigRole— Tambahkan airflow:ListTagsForResource, iot:ListCustomMetrics, iot:DescribeCustomMetric, appstream:DescribeDirectoryConfigs, appstream:ListTagsForResource, codeguru-reviewer:DescribeRepositoryAssociation, codeguru-reviewer:ListRepositoryAssociations, healthlake:ListFHIRDatastores, healthlake:DescribeFHIRDatastore, healthlake:ListTagsForResource, kinesisvideo:DescribeStream, kinesisvideo:ListStreams, kinesisvideo:ListTagsForStream, kinesisvideo:DescribeSignalingChannel, kinesisvideo:ListTagsForResource, kinesisvideo:ListSignalingChannels, route53-recovery-control-config:DescribeCluster, route53-recovery-control-config:DescribeRoutingControl, route53-recovery-control-config:DescribeSafetyRule, route53-recovery-control-config:ListClusters, route53-recovery-control-config:ListRoutingControls, route53-recovery-control-config:ListSafetyRules, devicefarm:GetTestGridProject, devicefarm:ListTestGridProjects, ec2:DescribeCapacityReservationFleets, ec2:DescribeIpamPools, ec2:DescribeIpams, ec2:GetInstanceTypesFromInstanceRequirement, mobiletargeting:GetApplicationSettings, mobiletargeting:ListTagsForResource, ecr:BatchGetRepositoryScanningConfiguration, iam:ListServerCertificates, guardduty:ListPublishingDestinations, guardduty:DescribePublishingDestination, logs:GetLogDelivery, and logs:ListLogDeliveries |
Kebijakan ini sekarang mendukung izin tambahan untuk Alur Kerja Terkelola Amazon untuk Apache Airflow, AWS IoT Amazon 2.0, Amazon CodeGuru Reviewer AppStream ,, Amazon Kinesis AWS HealthLake Video Streams, Amazon Application Recovery Controller (ARC), Amazon Elastic Compute Cloud ( AWS Device Farm Amazon), Amazon Pinpoint, (EC2), Amazon, dan Log Amazon. AWS Identity and Access Management IAM GuardDuty CloudWatch |
1 Februari 2023 |
|
ConfigConformsServiceRolePolicy— Perbarui config:DescribeConfigRules |
Sebagai praktik terbaik keamanan, kebijakan ini sekarang menghapus izin tingkat sumber daya yang luas untuk. |
Januari 12, 2023 |
|
AWSConfigServiceRolePolicy— Tambahkan APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, AWS Transfer Family devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Managed Service untuk Prometheus AWS Audit Manager,,, (), AWS Device Farm Amazon Elastic Compute Cloud AWS Database Migration Service (Amazon AWS DMS), AWS Directory Service,, Amazon AWS IoT Lightsail,,, AmazonEC2, AWS Glue, Amazon Application Recovery Controller () AWS Elemental MediaPackage QuickSight, AWS Network Manager Amazon Simple ARC Storage Service ( AWS Resource Access Manager Amazon S3), dan Amazon Timestream. |
Desember 15, 2022 |
|
AWS_ConfigRole— Tambahkan APS:DescribeRuleGroupsNamespace, APS:DescribeWorkspace, APS:ListWorkspaces, auditmanager:GetAssessment, auditmanager:ListAssessments, devicefarm:GetNetworkProfile, devicefarm:GetProject, devicefarm:ListNetworkProfiles, devicefarm:ListTagsForResource, dms:DescribeEndpoints, ds:ListTagsForResource, ec2:DescribeTags, ec2:DescribeTrafficMirrorSessions, ec2:DescribeTrafficMirrorTargets, ec2:GetIpamPoolAllocations, ec2:GetIpamPoolCidrs, glue:GetMLTransform, glue:GetMLTransforms, glue:ListMLTransforms, iot:DescribeScheduledAudit, iot:ListScheduledAudits, ivs:GetChannel, lightsail:GetRelationalDatabases, mediapackage-vod:DescribePackagingConfiguration, mediapackage-vod:ListPackagingConfigurations, networkmanager:DescribeGlobalNetworks, networkmanager:GetTransitGatewayRegistrations, networkmanager:ListTagsForResource, quicksight:DescribeDashboard, quicksight:DescribeDashboardPermissions, quicksight:DescribeTemplate, quicksight:DescribeTemplatePermissions, quicksight:ListDashboards, quicksight:ListTemplates, ram:ListResources, route53-recovery-control-config:DescribeControlPanel, route53-recovery-control-config:ListControlPanels, route53-recovery-control-config:ListTagsForResource, route53resolver:GetResolverQueryLogConfigAssociation, route53resolver:ListResolverQueryLogConfigAssociations, s3:GetAccessPointForObjectLambda, s3:GetAccessPointPolicyForObjectLambda, s3:GetAccessPointPolicyStatusForObjectLambda, s3:GetMultiRegionAccessPoint, s3:ListAccessPointsForObjectLambda, s3:ListMultiRegionAccessPoints, timestream:DescribeEndpoints, transfer:DescribeConnector, transfer:ListConnectors, and transfer:ListTagsForResource |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Managed Service untuk Prometheus AWS Audit Manager,,, (), AWS Device Farm Amazon Elastic Compute Cloud AWS Database Migration Service (Amazon AWS DMS), AWS Directory Service,, Amazon AWS IoT Lightsail,,, AmazonEC2, AWS Glue, Amazon Application Recovery Controller () AWS Elemental MediaPackage QuickSight, AWS Network Manager Amazon Simple ARC Storage Service ( AWS Resource Access Manager Amazon S3), dan Amazon Timestream. |
15 Desember 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan cloudformation:ListStackResources and cloudformation:ListStacks |
Kebijakan ini sekarang memberikan izin untuk mengembalikan deskripsi semua sumber daya dari AWS CloudFormation tumpukan tertentu dan mengembalikan informasi ringkasan untuk tumpukan yang statusnya cocok dengan yang ditentukan StackStatusFilter. |
7 November 2022 |
|
AWS_ConfigRole— Tambahkan cloudformation:ListStackResources and cloudformation:ListStacks |
Kebijakan ini sekarang memberikan izin untuk mengembalikan deskripsi semua sumber daya dari AWS CloudFormation tumpukan tertentu dan mengembalikan informasi ringkasan untuk tumpukan yang statusnya cocok dengan yang ditentukan StackStatusFilter. |
7 November 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Certificate Manager, Alur Kerja Terkelola Amazon untuk Apache Airflow,,, AWS Amplify Amazon Keyspaces, Amazon, AWS AppConfig Amazon Connect,, Amazon Elastic Compute Cloud ( CloudWatchAmazon) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (AmazonEC2), Amazon,, Amazon AWS Fault Injection Service Fraud Detector, Amazon, Amazon, Amazon, Amazon, EKS Amazon Location Service, EventBridge Amazon, Amazon, Amazon Location Service,FSx, Amazon Lex, GameLift Amazon Lightsail, AWS IoT Amazon Pinpoint,,,, Amazon, Relasional Amazon AWS OpsWorks AWS Panorama AWS Resource Access Manager QuickSight Layanan Database (AmazonRDS), Amazon Rekognition, AWS RoboMaker,, Amazon Route 53 AWS Resource Groups, Amazon Simple Storage Service ( AWS Cloud Map Amazon S3),, dan. AWS Security Token Service |
Oktober 19, 2022 |
|
AWS_ConfigRole— Tambahkan acm-pca:GetCertificateAuthorityCsr, acm-pca:ListCertificateAuthorities, acm-pca:ListTags, airflow:GetEnvironment, airflow:ListEnvironments, amplifyuibuilder:ListThemes, appconfig:ListConfigurationProfiles, appconfig:ListDeployments, appconfig:ListDeploymentStrategies, appconfig:ListEnvironments, appconfig:ListHostedConfigurationVersions, cassandra:Select, cloudwatch:DescribeAnomalyDetectors, cloudwatch:GetDashboard, cloudwatch:ListDashboards, connect:DescribePhoneNumber, connect:ListPhoneNumbers, connect:ListPhoneNumbersV2, connect:SearchAvailablePhoneNumbers, databrew:DescribeDataset, databrew:DescribeJob, databrew:DescribeProject, databrew:DescribeRecipe, databrew:DescribeRuleset, databrew:DescribeSchedule, databrew:ListDatasets, databrew:ListJobs, databrew:ListProjects, databrew:ListRecipes, databrew:ListRecipeVersions, databrew:ListRulesets, databrew:ListSchedules, ec2:DescribeRouteTables, eks:DescribeAddon, eks:DescribeIdentityProviderConfig, eks:ListAddons, eks:ListIdentityProviderConfigs, events:DescribeConnection, events:ListApiDestinations, events:ListConnections, fis:GetExperimentTemplate, fis:ListExperimentTemplates, frauddetector:GetRules, fsx:DescribeBackups, fsx:DescribeSnapshots, fsx:DescribeStorageVirtualMachines, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeVpcPeeringConnections, geo:ListGeofenceCollections, geo:ListPlaceIndexes, geo:ListRouteCalculators, geo:ListTrackers, iot:DescribeAccountAuditConfiguration, iot:DescribeAuthorizer, iot:DescribeDomainConfiguration, iot:DescribeMitigationAction, iot:ListAuthorizers, iot:ListDomainConfigurations, iot:ListMitigationActions, iotsitewise:DescribeAssetModel, iotsitewise:DescribeDashboard, iotsitewise:DescribeGateway, iotsitewise:DescribePortal, iotsitewise:DescribeProject, iotsitewise:ListAssetModels, iotsitewise:ListDashboards, iotsitewise:ListGateways, iotsitewise:ListPortals, iotsitewise:ListProjectAssets, iotsitewise:ListProjects, iotsitewise:ListTagsForResource, iotwireless:GetServiceProfile, iotwireless:GetWirelessDevice, iotwireless:GetWirelessGatewayTaskDefinition, iotwireless:ListServiceProfiles, iotwireless:ListTagsForResource, iotwireless:ListWirelessDevices, iotwireless:ListWirelessGatewayTaskDefinitions, lex:DescribeBotVersion, lex:ListBotVersions, lightsail:GetContainerServices, lightsail:GetDistributions, lightsail:GetRelationalDatabase, lightsail:GetRelationalDatabaseParameters, mobiletargeting:GetApps, mobiletargeting:GetCampaign, mobiletargeting:GetSegment, mobiletargeting:GetSegments, opsworks:DescribeInstances, opsworks:DescribeTimeBasedAutoScaling, opsworks:DescribeVolumes, panorama:DescribeApplicationInstance, panorama:DescribeApplicationInstanceDetails, panorama:DescribePackage, panorama:DescribePackageVersion, panorama:ListApplicationInstances, panorama:ListPackages, quicksight:ListDataSources, ram:ListResourceSharePermissions, rds:DescribeDBProxies, rds:DescribeGlobalClusters, rekognition:ListStreamProcessors, resource-groups:GetGroup, resource-groups:GetGroupConfiguration, resource-groups:GetGroupQuery, resource-groups:GetTags, resource-groups:ListGroupResources, resource-groups:ListGroups, robomaker:ListRobotApplications, robomaker:ListSimulationApplications, route53resolver:GetResolverDnssecConfig, route53resolver:ListResolverDnssecConfigs, s3:ListStorageLensConfigurations, schemas:GetResourcePolicy, servicediscovery:ListInstances, sts:GetCallerIdentity, synthetics:GetGroup, synthetics:ListAssociatedGroups, synthetics:ListGroupResources, and synthetics:ListGroups |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Certificate Manager, Alur Kerja Terkelola Amazon untuk Apache Airflow,,, AWS Amplify Amazon Keyspaces, Amazon, AWS AppConfig Amazon Connect,, Amazon Elastic Compute Cloud ( CloudWatchAmazon) AWS Glue DataBrew, Amazon Elastic Kubernetes Service (AmazonEC2), Amazon,, Amazon AWS Fault Injection Service Fraud Detector, Amazon, Amazon, Amazon, Amazon, EKS Amazon Location Service, EventBridge Amazon, Amazon, Amazon Location Service,FSx, Amazon Lex, GameLift Amazon Lightsail, AWS IoT Amazon Pinpoint,,,, Amazon, Relasional Amazon AWS OpsWorks AWS Panorama AWS Resource Access Manager QuickSight Layanan Database (AmazonRDS), Amazon Rekognition, AWS RoboMaker,, Amazon Route 53 AWS Resource Groups, Amazon Simple Storage Service ( AWS Cloud Map Amazon S3),, dan. AWS Security Token Service |
Oktober 19, 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan Glue::GetTable |
Kebijakan ini sekarang memberikan izin untuk mengambil definisi AWS Glue Tabel dalam Katalog Data untuk tabel tertentu. |
14 September 2022 |
|
AWS_ConfigRole— Tambahkan Glue::GetTable |
Kebijakan ini sekarang memberikan izin untuk mengambil definisi AWS Glue Tabel dalam Katalog Data untuk tabel tertentu. |
14 September 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorFilters, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon AppFlow, Amazon, Amazon, CloudWatch Synthetics Amazon CloudWatch CloudWatch RUM, Profil Pelanggan Amazon Connect, ID Suara Amazon Connect, Amazon Guru, Amazon DevOps Elastic Compute Cloud (AmazonEC2), Amazon EC2 Auto Scaling, Amazon, Amazon, Amazon, EventBridge Skema Amazon,, EMR Detektor Amazon FinSpace Penipuan Amazon EventBridge, Amazon, Amazon, Layanan Video Interaktif Amazon (AmazonIVS) GameLift, Layanan Dikelola Amazon untuk Apache Flink, Image Builder, Amazon EC2 Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon QuickSight Nimble Pinpoint, Amazon, Amazon StudioAmazon , Pengontrol Pemulihan Aplikasi Amazon (),, Layanan Penyimpanan Sederhana Amazon ARC (Amazon S3) Simple Storage S3) Amazon Route 53 Resolver, Amazon SimpleDB, Layanan Email Sederhana Amazon (Amazon), Amazon Timestream,,,,,,,, SES AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT, AWS IoT Analytics, AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager, AWS Resilience Hub, AWS Signer, dan AWS Transfer Family. |
7 September 2022 |
|
AWS_ConfigRole— Tambahkan appconfig:ListApplications, appflow:DescribeConnectorProfiles, appsync:GetApiCache, autoscaling-plans:DescribeScalingPlanResources, autoscaling-plans:DescribeScalingPlans, autoscaling-plans:GetScalingPlanResourceForecastData, autoscaling:DescribeWarmPool, backup:DescribeFramework, backup:DescribeReportPlan, backup:ListFrameworks, backup:ListReportPlans, budgets:DescribeBudgetAction, budgets:DescribeBudgetActionsForAccount, budgets:DescribeBudgetActionsForBudget, budgets:ViewBudget, ce:GetAnomalyMonitors, ce:GetAnomalySubscriptions, cloud9:DescribeEnvironmentMemberships, cloud9:DescribeEnvironments, cloud9:ListEnvironments, cloud9:ListTagsForResource, cloudwatch:GetMetricStream, cloudwatch:ListMetricStreams, datasync:DescribeLocationFsxWindows, devops-guru:GetResourceCollection, ds:DescribeDirectories, ec2:DescribeTrafficMirrorTargets, ec2:GetNetworkInsightsAccessScopeAnalysisFindings, ec2:GetNetworkInsightsAccessScopeContent, elasticmapreduce:DescribeStudio, elasticmapreduce:GetStudioSessionMapping, elasticmapreduce:ListStudios, elasticmapreduce:ListStudioSessionMappings, events:DescribeEndpoint, events:DescribeEventBus, events:DescribeRule, events:ListArchives, events:ListEndpoints, events:ListEventBuses, events:ListRules, events:ListTagsForResource, events:ListTargetsByRule, finspace:GetEnvironment, finspace:ListEnvironments, frauddetector:GetDetectors, frauddetector:GetDetectorVersion, frauddetector:GetEntityTypes, frauddetector:GetEventTypes, frauddetector:GetExternalModels, frauddetector:GetLabels, frauddetector:GetModels, frauddetector:GetOutcomes, frauddetector:GetVariables, frauddetector:ListTagsForResource, gamelift:DescribeAlias, gamelift:DescribeBuild, gamelift:DescribeFleetAttributes, gamelift:DescribeFleetCapacity, gamelift:DescribeFleetLocationAttributes, gamelift:DescribeFleetLocationCapacity, gamelift:DescribeFleetPortSettings, gamelift:DescribeGameServerGroup, gamelift:DescribeGameSessionQueues, gamelift:DescribeMatchmakingConfigurations, gamelift:DescribeMatchmakingRuleSets, gamelift:DescribeRuntimeConfiguration, gamelift:DescribeScript, gamelift:DescribeVpcPeeringAuthorizations, gamelift:ListAliases, gamelift:ListBuilds, gamelift:ListFleets, gamelift:ListGameServerGroups, gamelift:ListScripts, gamelift:ListTagsForResource, geo:ListMaps, glue:GetClassifier, glue:GetClassifiers, imagebuilder:GetContainerRecipe, imagebuilder:GetImage, imagebuilder:GetImagePipeline, imagebuilder:GetImageRecipe, imagebuilder:ListContainerRecipes, imagebuilder:ListImageBuildVersions, imagebuilder:ListImagePipelines, imagebuilder:ListImageRecipes, imagebuilder:ListImages, iot:DescribeCertificate, iot:DescribeDimension, iot:DescribeRoleAlias, iot:DescribeSecurityProfile, iot:GetPolicy, iot:GetTopicRule, iot:GetTopicRuleDestination, iot:ListCertificates, iot:ListDimensions, iot:ListPolicies, iot:ListRoleAliases, iot:ListSecurityProfiles, iot:ListSecurityProfilesForTarget, iot:ListTagsForResource, iot:ListTargetsForSecurityProfile, iot:ListTopicRuleDestinations, iot:ListTopicRules, iot:ListV2LoggingLevels, iot:ValidateSecurityProfileBehaviors, iotanalytics:DescribeChannel, iotanalytics:DescribeDataset, iotanalytics:DescribeDatastore, iotanalytics:DescribePipeline, iotanalytics:ListChannels, iotanalytics:ListDatasets, iotanalytics:ListDatastores, iotanalytics:ListPipelines, iotanalytics:ListTagsForResource, iotevents:DescribeAlarmModel, iotevents:DescribeDetectorModel, iotevents:DescribeInput, iotevents:ListAlarmModels, iotevents:ListDetectorModels, iotevents:ListInputs, iotevents:ListTagsForResource, iotsitewise:DescribeAccessPolicy, iotsitewise:DescribeAsset, iotsitewise:ListAccessPolicies, iotsitewise:ListAssets, iottwinmaker:GetEntity, iottwinmaker:GetScene, iottwinmaker:GetWorkspace, iottwinmaker:ListEntities, iottwinmaker:ListScenes, iottwinmaker:ListTagsForResource, iottwinmaker:ListWorkspaces, ivs:GetPlaybackKeyPair, ivs:GetRecordingConfiguration, ivs:GetStreamKey, ivs:ListChannels, ivs:ListPlaybackKeyPairs, ivs:ListRecordingConfigurations, ivs:ListStreamKeys, ivs:ListTagsForResource, kinesisanalytics:ListApplications, lakeformation:DescribeResource, lakeformation:GetDataLakeSettings, lakeformation:ListPermissions, lakeformation:ListResources, lex:DescribeBot, lex:DescribeBotAlias, lex:DescribeResourcePolicy, lex:ListBotAliases, lex:ListBotLocales, lex:ListBots, lex:ListTagsForResource, license-manager:GetGrant, license-manager:GetLicense, license-manager:ListDistributedGrants, license-manager:ListLicenses, license-manager:ListReceivedGrants, lightsail:GetAlarms, lightsail:GetBuckets, lightsail:GetCertificates, lightsail:GetDisk, lightsail:GetDisks, lightsail:GetInstance, lightsail:GetInstances, lightsail:GetKeyPair, lightsail:GetLoadBalancer, lightsail:GetLoadBalancers, lightsail:GetLoadBalancerTlsCertificates, lightsail:GetStaticIp, lightsail:GetStaticIps, lookoutequipment:DescribeInferenceScheduler, lookoutequipment:ListTagsForResource, lookoutmetrics:DescribeAlert, lookoutmetrics:DescribeAnomalyDetector, lookoutmetrics:ListAlerts, lookoutmetrics:ListAnomalyDetectors, lookoutmetrics:ListMetricSets, lookoutmetrics:ListTagsForResource, lookoutvision:DescribeProject, lookoutvision:ListProjects, managedblockchain:GetMember, managedblockchain:GetNetwork, managedblockchain:GetNode, managedblockchain:ListInvitations, managedblockchain:ListMembers, managedblockchain:ListNodes, mediapackage-vod:DescribePackagingGroup, mediapackage-vod:ListPackagingGroups, mediapackage-vod:ListTagsForResource, mobiletargeting:GetInAppTemplate, mobiletargeting:ListTemplates, mq:DescribeBroker, mq:ListBrokers, nimble:GetLaunchProfile, nimble:GetLaunchProfileDetails, nimble:GetStreamingImage, nimble:GetStudio, nimble:GetStudioComponent, nimble:ListLaunchProfiles, nimble:ListStreamingImages, nimble:ListStudioComponents, nimble:ListStudios, profile:GetDomain, profile:GetIntegration, profile:GetProfileObjectType, profile:ListDomains, profile:ListIntegrations, profile:ListProfileObjectTypes, profile:ListTagsForResource, quicksight:DescribeAnalysis, quicksight:DescribeAnalysisPermissions, quicksight:DescribeDataSet, quicksight:DescribeDataSetPermissions, quicksight:DescribeTheme, quicksight:DescribeThemePermissions, quicksight:ListAnalyses, quicksight:ListDataSets, quicksight:ListThemes, resiliencehub:DescribeApp, resiliencehub:DescribeAppVersionTemplate, resiliencehub:DescribeResiliencyPolicy, resiliencehub:ListApps, resiliencehub:ListAppVersionResourceMappings, resiliencehub:ListResiliencyPolicies, route53-recovery-readiness:GetCell, route53-recovery-readiness:GetReadinessCheck, route53-recovery-readiness:GetRecoveryGroup, route53-recovery-readiness:GetResourceSet, route53-recovery-readiness:ListCells, route53-recovery-readiness:ListReadinessChecks, route53-recovery-readiness:ListRecoveryGroups, route53-recovery-readiness:ListResourceSets, route53resolver:GetFirewallDomainList, route53resolver:GetFirewallRuleGroup, route53resolver:GetFirewallRuleGroupAssociation, route53resolver:GetResolverQueryLogConfig, route53resolver:ListFirewallDomainLists, route53resolver:ListFirewallDomains, route53resolver:ListFirewallRuleGroupAssociations, route53resolver:ListFirewallRuleGroups, route53resolver:ListFirewallRules, route53resolver:ListResolverQueryLogConfigs, rum:GetAppMonitor, rum:GetAppMonitorData, rum:ListAppMonitors, rum:ListTagsForResource, s3-outposts:GetAccessPoint, s3-outposts:GetAccessPointPolicy, s3-outposts:GetBucket, s3-outposts:GetBucketPolicy, s3-outposts:GetBucketTagging, s3-outposts:GetLifecycleConfiguration, s3-outposts:ListAccessPoints, s3-outposts:ListEndpoints, s3-outposts:ListRegionalBuckets, schemas:DescribeDiscoverer, schemas:DescribeRegistry, schemas:DescribeSchema, schemas:ListDiscoverers, schemas:ListRegistries, schemas:ListSchemas, sdb:GetAttributes, sdb:ListDomains, ses:ListEmailTemplates, ses:ListReceiptFilters, ses:ListReceiptRuleSets, ses:ListTemplates, signer:GetSigningProfile, signer:ListProfilePermissions, signer:ListSigningProfiles, synthetics:DescribeCanaries, synthetics:DescribeCanariesLastRun, synthetics:DescribeRuntimeVersions, synthetics:GetCanary, synthetics:GetCanaryRuns, synthetics:ListTagsForResource, timestream:DescribeDatabase, timestream:DescribeTable, timestream:ListDatabases, timestream:ListTables, timestream:ListTagsForResource, transfer:DescribeServer, transfer:DescribeUser, transfer:DescribeWorkflow, transfer:ListServers, transfer:ListUsers, transfer:ListWorkflows, voiceid:DescribeDomain, and voiceid:ListTagsForResource |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon AppFlow, Amazon, Amazon, CloudWatch Synthetics Amazon CloudWatch CloudWatch RUM, Profil Pelanggan Amazon Connect, ID Suara Amazon Connect, Amazon Guru, Amazon DevOps Elastic Compute Cloud (AmazonEC2), Amazon EC2 Auto Scaling, Amazon, Amazon, Amazon, EventBridge Skema Amazon,, EMR Detektor Amazon FinSpace Penipuan Amazon EventBridge, Amazon, Amazon, Layanan Video Interaktif Amazon (AmazonIVS) GameLift, Layanan Dikelola Amazon untuk Apache Flink, Image Builder, Amazon EC2 Lex, Amazon Lightsail, Amazon Location Service, Amazon Lookout for Equipment, Amazon Lookout for Metrics, Amazon Lookout for Vision, Amazon Lookout for Vision, Amazon Managed Blockchain, Amazon MQ, Amazon QuickSight Nimble Pinpoint, Amazon, Amazon StudioAmazon , Pengontrol Pemulihan Aplikasi Amazon (),, Layanan Penyimpanan Sederhana Amazon ARC (Amazon S3) Simple Storage S3) Amazon Route 53 Resolver, Amazon SimpleDB, Layanan Email Sederhana Amazon (Amazon), Amazon Timestream,,,,,,,, SES AWS AppConfig AWS AppSync AWS Auto Scaling AWS Backup AWS Budgets AWS Cost Explorer AWS Cloud9 AWS Directory Service AWS DataSync AWS Elemental MediaPackage AWS Glue AWS IoT, AWS IoT Analytics AWS IoT Events, AWS IoT SiteWise, AWS IoT TwinMaker, AWS Lake Formation, AWS License Manager AWS Resilience Hub, AWS Signer, dan AWS Transfer Family |
7 September 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
Kebijakan ini sekarang memberikan izin untuk mengembalikan daftar AWS DataSync agen, lokasi DataSync sumber dan tujuan, serta DataSync tugas dalam Akun AWS; daftar informasi ringkasan tentang AWS Cloud Map ruang nama dan layanan yang terkait dengan satu atau beberapa ruang nama tertentu dalam Akun AWS; dan daftar semua daftar kontak Amazon Simple Email Service (AmazonSES) yang tersedia di. Akun AWS |
22 Agustus 2022 |
|
AWS_ConfigRole— Tambahkan datasync:ListAgents, datasync:ListLocations, datasync:ListTasks, servicediscovery:ListNamespaces, servicediscovery:ListServices, and ses:ListContactLists |
Kebijakan ini sekarang memberikan izin untuk mengembalikan daftar AWS DataSync agen, lokasi DataSync sumber dan tujuan, serta DataSync tugas dalam Akun AWS; daftar informasi ringkasan tentang AWS Cloud Map ruang nama dan layanan yang terkait dengan satu atau beberapa ruang nama tertentu dalam Akun AWS; dan daftar semua daftar kontak Amazon Simple Email Service (AmazonSES) yang tersedia di. Akun AWS |
22 Agustus 2022 |
|
ConfigConformsServiceRolePolicy— Tambahkan cloudwatch:PutMetricData |
Kebijakan ini sekarang memberikan izin untuk mempublikasikan titik data metrik ke Amazon CloudWatch. |
25 Juli 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic Container Service (AmazonECS), Amazon, Amazon, Amazon ElastiCache EventBridge, Amazon Managed Service untuk Apache FlinkFSx, Amazon Location Service, Amazon Managed Streaming for Apache Kafka, Amazon, Amazon Rekognition,, Amazon Simple Storage Service (Amazon S3) QuickSight, Amazon Simple AWS RoboMaker Storage Service (Amazon S3) Amazon, Amazon Layanan Email Sederhana (Amazon),,,,,,,, (SESPusat Identitas), Gambar AWS Amplify AWS AppConfig AWS AppSync AWS Billing Conductor AWS DataSync AWS Firewall Manager AWS Glue AWS IAM Identity Center IAM EC2 Builder, dan Elastic Load Balancing. |
15 Juli 2022 |
|
AWS_ConfigRole— Tambahkan amplifyuibuilder:ExportThemes, amplifyuibuilder:GetTheme, appconfig:GetApplication, appconfig:GetApplication, appconfig:GetConfigurationProfile, appconfig:GetConfigurationProfile, appconfig:GetDeployment, appconfig:GetDeploymentStrategy, appconfig:GetEnvironment, appconfig:GetHostedConfigurationVersion, appconfig:ListTagsForResource, appsync:GetGraphqlApi, appsync:ListGraphqlApis, billingconductor: ListPricingRulesAssociatedToPricingPlan, billingconductor:ListAccountAssociations, billingconductor:ListBillingGroups, billingconductor:ListCustomLineItems, billingconductor:ListPricingPlans, billingconductor:ListPricingRules, billingconductor:ListTagsForResource, datasync:DescribeAgent, datasync:DescribeLocationEfs, datasync:DescribeLocationFsxLustre, datasync:DescribeLocationHdfs, datasync:DescribeLocationNfs, datasync:DescribeLocationObjectStorage, datasync:DescribeLocationS3, datasync:DescribeLocationSmb, datasync:DescribeTask, datasync:ListTagsForResource, ecr:DescribePullThroughCacheRules, ecr:DescribeRegistry, ecr:GetRegistryPolicy, elasticache:DescribeCacheParameters, elasticloadbalancing:DescribeListenerCertificates, elasticloadbalancing:DescribeTargetGroupAttributes, elasticloadbalancing:DescribeTargetGroups, elasticloadbalancing:DescribeTargetHealth, events:DescribeApiDestination, events:DescribeArchive, fms:GetNotificationChannel, fms:GetPolicy, fms:ListPolicies, fms:ListTagsForResource, fsx:DescribeVolumes, geo:DescribeGeofenceCollection, geo:DescribeMap, geo:DescribePlaceIndex, geo:DescribeRouteCalculator, geo:DescribeTracker, geo:ListTrackerConsumers, glue:BatchGetJobs, glue:BatchGetWorkflows, glue:GetCrawler, glue:GetCrawlers, glue:GetJob, glue:GetJobs, glue:GetWorkflow, imagebuilder: GetComponent, imagebuilder: ListComponentBuildVersions, imagebuilder: ListComponents, imagebuilder:GetDistributionConfiguration, imagebuilder:GetInfrastructureConfiguration, imagebuilder:ListDistributionConfigurations, imagebuilder:ListInfrastructureConfigurations, kafka:DescribeClusterV2, kafka:ListClustersV2, kinesisanalytics:DescribeApplication, kinesisanalytics:ListTagsForResource, quicksight:DescribeDataSource, quicksight:DescribeDataSourcePermissions, quicksight:ListTagsForResource, rekognition:DescribeStreamProcessor, rekognition:ListTagsForResource, robomaker:DescribeRobotApplication, robomaker:DescribeSimulationApplication, s3:GetStorageLensConfiguration, s3:GetStorageLensConfigurationTagging, servicediscovery:GetInstance, servicediscovery:GetNamespace, servicediscovery:GetService, servicediscovery:ListTagsForResource, ses:DescribeReceiptRule, ses:DescribeReceiptRuleSet, ses:GetContactList, ses:GetEmailTemplate, ses:GetTemplate, and sso:GetInlinePolicyForPermissionSet |
Kebijakan ini sekarang mendukung izin tambahan untuk Amazon Elastic Container Service (AmazonECS), Amazon, Amazon, Amazon ElastiCache EventBridge, Amazon Managed Service untuk Apache FlinkFSx, Amazon Location Service, Amazon Managed Streaming for Apache Kafka, Amazon, Amazon Rekognition,, Amazon Simple Storage Service (Amazon S3) QuickSight, Amazon Simple AWS RoboMaker Storage Service (Amazon S3) Amazon, Amazon Layanan Email Sederhana (Amazon),,,,,,,, (SESPusat Identitas), Gambar AWS Amplify AWS AppConfig AWS AppSync AWS Billing Conductor AWS DataSync AWS Firewall Manager AWS Glue AWS IAM Identity Center IAM EC2 Builder, dan Elastic Load Balancing. |
15 Juli 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
Kebijakan ini sekarang memberikan izin untuk mendapatkan katalog data Amazon Athena yang ditentukan, mencantumkan katalog data Athena dalam, dan mencantumkan tag Akun AWS yang terkait dengan grup kerja Athena atau sumber daya katalog data; untuk mendapatkan daftar grafik perilaku Detektif Amazon dan tag daftar untuk grafik perilaku Detektif; dapatkan daftar metadata sumber daya untuk daftar nama titik akhir pengembangan yang diberikan, dapatkan informasi tentang titik akhir pengembangan yang ditentukan AWS Glue , dapatkan semua titik akhir pengembangan di, ambil keamanan tertentu AWS Glue AWS Glue
Akun AWS AWS Glue konfigurasi, dapatkan semua konfigurasi AWS Glue keamanan, dapatkan daftar tag yang terkait dengan AWS Glue sumber daya, dapatkan informasi tentang AWS Glue grup kerja dengan nama yang ditentukan, ambil nama semua sumber daya AWS Glue crawler di AWS
akun, dapatkan nama semua sumber AWS Glue |
31 Mei 2022 |
|
AWS_ConfigRole— Tambahkan athena:GetDataCatalog, athena:ListDataCatalogs, athena:ListTagsForResource, detective:ListGraphs, detective:ListTagsForResource, glue:BatchGetDevEndpoints, glue:GetDevEndpoint, glue:GetDevEndpoints, glue:GetSecurityConfiguration, glue:GetSecurityConfigurations, glue:GetTags glue:GetWorkGroup, glue:ListCrawlers, glue:ListDevEndpoints, glue:ListJobs, glue:ListMembers, glue:ListWorkflows, glue:ListWorkGroups, guardduty:GetFilter, guardduty:GetIPSet, guardduty:GetThreatIntelSet, guardduty:GetMembers, guardduty:ListFilters, guardduty:ListIPSets, guardduty:ListTagsForResource, guardduty:ListThreatIntelSets, macie:GetMacieSession, ram:GetResourceShareAssociations, ram:GetResourceShares, ses:GetConfigurationSet, ses:GetConfigurationSetEventDestinations, ses:ListConfigurationSets, sso:DescribeInstanceAccessControlAttributeConfiguration, sso:DescribePermissionSet, sso:ListManagedPoliciesInPermissionSet, sso:ListPermissionSets, and sso:ListTagsForResource |
Kebijakan ini sekarang memberikan izin untuk mendapatkan katalog data Amazon Athena yang ditentukan, mencantumkan katalog data Athena dalam, dan mencantumkan tag Akun AWS yang terkait dengan grup kerja Athena atau sumber daya katalog data; untuk mendapatkan daftar grafik perilaku Detektif Amazon dan tag daftar untuk grafik perilaku Detektif; dapatkan daftar metadata sumber daya untuk daftar nama titik akhir pengembangan yang diberikan, dapatkan informasi tentang titik akhir pengembangan yang ditentukan AWS Glue , dapatkan semua titik akhir pengembangan di, ambil keamanan tertentu AWS Glue AWS Glue
Akun AWS AWS Glue konfigurasi, dapatkan semua konfigurasi AWS Glue keamanan, dapatkan daftar tag yang terkait dengan AWS Glue sumber daya, dapatkan informasi tentang AWS Glue grup kerja dengan nama yang ditentukan, ambil nama semua sumber daya AWS Glue crawler di AWS
akun, dapatkan nama semua sumber AWS Glue |
31 Mei 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
Kebijakan ini sekarang memberikan izin untuk mendapatkan informasi tentang semua atau penyimpanan data AWS CloudTrail peristiwa tertentu (EDS), mendapatkan informasi tentang semua atau AWS CloudFormation sumber daya tertentu, mendapatkan daftar grup parameter DynamoDB Accelerator DAX () atau grup subnet, mendapatkan informasi AWS Database Migration Service tentang AWS DMS() tugas replikasi untuk akun Anda di wilayah saat ini yang sedang diakses, dan mendapatkan daftar semua kebijakan dalam tipe tertentu. AWS Organizations |
7 April 2022 |
|
AWS_ConfigRole— Tambahkan cloudformation:GetResource, cloudformation:ListResources, cloudtrail:GetEventDataStore, cloudtrail:ListEventDataStores, dax:DescribeParameterGroups, dax:DescribeParameters, dax:DescribeSubnetGroups, DMS:DescribeReplicationTasks, and organizations:ListPolicies |
Kebijakan ini sekarang memberikan izin untuk mendapatkan informasi tentang semua atau penyimpanan data AWS CloudTrail peristiwa tertentu (EDS), mendapatkan informasi tentang semua atau AWS CloudFormation sumber daya tertentu, mendapatkan daftar grup parameter DynamoDB Accelerator DAX () atau grup subnet, mendapatkan informasi AWS Database Migration Service tentang AWS DMS() tugas replikasi untuk akun Anda di wilayah saat ini yang sedang diakses, dan mendapatkan daftar semua kebijakan dalam tipe tertentu. AWS Organizations |
7 April 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Backup,, DynamoDB AWS Batch Accelerator, Amazon DynamoDB AWS Database Migration Service, Amazon Elastic Compute Cloud (Amazon), Amazon Elastic Kubernetes Service, EC2 Amazon, Amazon, Amazon,,, Amazon Relational Database Service, FSx V2, dan GuardDuty Amazon AWS Key Management Service. AWS OpsWorks AWS WAF WorkSpaces |
Maret 14, 2022 |
|
AWS_ConfigRole— Tambahkan backup-gateway:ListTagsForResource, backup-gateway:ListVirtualMachines, batch:DescribeComputeEnvironments, batch:DescribeJobQueues, batch:ListTagsForResource, dax:ListTags, dms:DescribeCertificates, dynamodb:DescribeGlobalTable, dynamodb:DescribeGlobalTableSettings, ec2:DescribeClientVpnAuthorizationRules, ec2:DescribeClientVpnEndpoints, ec2:DescribeDhcpOptions, ec2:DescribeFleets, ec2:DescribeNetworkAcls, ec2:DescribePlacementGroups, ec2:DescribeSpotFleetRequests, ec2:DescribeVolumeAttribute, ec2:DescribeVolumes, eks:DescribeFargateProfile, eks:ListFargateProfiles, eks:ListTagsForResource, fsx:ListTagsForResource, guardduty:ListOrganizationAdminAccounts, kms:ListAliases, opsworks:DescribeLayers, opsworks:DescribeStacks, opsworks:ListTags, rds:DescribeDBClusterParameterGroups, rds:DescribeDBClusterParameters, states:DescribeActivity, states:ListActivities, wafv2:GetRuleGroup, wafv2:ListRuleGroups, wafv2:ListTagsForResource, workspaces:DescribeConnectionAliases, workspaces:DescribeTags, and workspaces:DescribeWorkspaces |
Kebijakan ini sekarang mendukung izin tambahan untuk AWS Backup,, DynamoDB AWS Batch Accelerator, Amazon DynamoDB AWS Database Migration Service, Amazon Elastic Compute Cloud (Amazon), Amazon Elastic Kubernetes Service, EC2 Amazon, Amazon, Amazon,,, Amazon Relational Database Service, FSx V2, dan GuardDuty Amazon AWS Key Management Service. AWS OpsWorks AWS WAF WorkSpaces |
Maret 14, 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang lingkungan Elastic Beanstalk dan deskripsi pengaturan untuk set konfigurasi Elastic Beanstalk yang ditentukan, mendapatkan peta atau versi Elasticsearch, menjelaskan grup opsi RDS Amazon yang tersedia untuk database, dan mendapatkan informasi OpenSearch tentang konfigurasi penerapan. CodeDeploy Kebijakan ini juga sekarang memberikan izin untuk mengambil kontak alternatif tertentu yang dilampirkan ke Akun AWS, mengambil informasi tentang kebijakan, mengambil AWS Organizations kebijakan repositori ECR Amazon, mengambil informasi tentang AWS Config aturan yang diarsipkan, mengambil daftar keluarga definisi tugas ECS Amazon, mencantumkan unit organisasi root atau induk OUs () dari OU atau akun turunan yang ditentukan, dan daftar kebijakan yang dilampirkan ke root target, unit organisasi, atau akun yang ditentukan. |
Februari 10, 2022 |
|
AWS_ConfigRole— Tambahkan elasticbeanstalk:DescribeEnvironments, elasticbeanstalk:DescribeConfigurationSettings, account:GetAlternateContact, organizations:DescribePolicy, organizations:ListParents, organizations:ListPoliciesForTarget, es:GetCompatibleElasticsearchVersions, rds:DescribeOptionGroups, rds:DescribeOptionGroups, es:GetCompatibleVersions, codedeploy:GetDeploymentConfig, ecr-public:GetRepositoryPolicy, access-analyzer:GetArchiveRule, and ecs:ListTaskDefinitionFamilies |
Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang lingkungan Elastic Beanstalk dan deskripsi pengaturan untuk set konfigurasi Elastic Beanstalk yang ditentukan, mendapatkan peta atau versi Elasticsearch, menjelaskan grup opsi RDS Amazon yang tersedia untuk database, dan mendapatkan informasi OpenSearch tentang konfigurasi penerapan. CodeDeploy Kebijakan ini juga sekarang memberikan izin untuk mengambil kontak alternatif tertentu yang dilampirkan ke Akun AWS, mengambil informasi tentang kebijakan, mengambil AWS Organizations kebijakan repositori ECR Amazon, mengambil informasi tentang AWS Config aturan yang diarsipkan, mengambil daftar keluarga definisi tugas ECS Amazon, mencantumkan unit organisasi root atau induk OUs () dari OU atau akun turunan yang ditentukan, dan daftar kebijakan yang dilampirkan ke root target, unit organisasi, atau akun yang ditentukan. |
Februari 10, 2022 |
|
AWSConfigServiceRolePolicy— Tambahkan logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
Kebijakan ini sekarang memberikan izin untuk membuat grup dan aliran CloudWatch log Amazon dan menulis log ke aliran log yang dibuat. |
Desember 15, 2021 |
|
AWS_ConfigRole— Tambahkan logs:CreateLogStream, logs:CreateLogGroup, and logs:PutLogEvent |
Kebijakan ini sekarang memberikan izin untuk membuat grup dan aliran CloudWatch log Amazon dan menulis log ke aliran log yang dibuat. |
Desember 15, 2021 |
|
AWSConfigServiceRolePolicy— Tambahkan es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang domain/domain Amazon OpenSearch Service (OpenSearch Service) dan untuk mendapatkan daftar parameter terperinci untuk grup parameter DB Amazon Relational Database Service (Amazon) tertentu. RDS Kebijakan ini juga memberikan izin untuk mendapatkan detail tentang snapshot Amazon ElastiCache . |
8 September 2021 |
|
AWS_ConfigRole— Tambahkan es:DescribeDomain, es:DescribeDomains, rds:DescribeDBParameters, and, elasticache:DescribeSnapshots |
Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang domain/domain Amazon OpenSearch Service (OpenSearch Service) dan untuk mendapatkan daftar parameter terperinci untuk grup parameter DB Amazon Relational Database Service (Amazon) tertentu. RDS Kebijakan ini juga memberikan izin untuk mendapatkan detail tentang snapshot Amazon ElastiCache . |
8 September 2021 |
|
AWSConfigServiceRolePolicy— Tambahkan logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine, dan izin tambahan untuk jenis AWS sumber daya |
Kebijakan ini sekarang memberikan izin untuk mencantumkan tag untuk grup log, tag daftar untuk mesin status, dan mencantumkan semua mesin status. Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang mesin negara. Kebijakan ini juga sekarang mendukung izin tambahan untuk Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, AmazonFSx, Amazon Data Firehose, Amazon Managed Streaming for Apache Kafka MSK (Amazon), Amazon Relational Database Service (Amazon), Amazon Route 53, RDS Amazon AI, Amazon Simple SageMaker Notification Service,,, dan. AWS Database Migration Service AWS Global Accelerator AWS Storage Gateway |
28 Juli 2021 |
|
AWS_ConfigRole— Tambahkan logs:ListTagsLogGroup, states:ListTagsForResource, states:ListStateMachines, states:DescribeStateMachine, dan izin tambahan untuk jenis AWS sumber daya |
Kebijakan ini sekarang memberikan izin untuk mencantumkan tag untuk grup log, tag daftar untuk mesin status, dan mencantumkan semua mesin status. Kebijakan ini sekarang memberikan izin untuk mendapatkan detail tentang mesin negara. Kebijakan ini juga sekarang mendukung izin tambahan untuk Amazon EC2 Systems Manager (SSM), Amazon Elastic Container Registry, AmazonFSx, Amazon Data Firehose, Amazon Managed Streaming for Apache Kafka MSK (Amazon), Amazon Relational Database Service (Amazon), Amazon Route 53, RDS Amazon AI, Amazon Simple SageMaker Notification Service,,, dan. AWS Database Migration Service AWS Global Accelerator AWS Storage Gateway |
28 Juli 2021 |
|
AWSConfigServiceRolePolicy— Tambahkan ssm:DescribeDocumentPermission dan izin tambahan untuk jenis AWS sumber daya |
Kebijakan ini sekarang memberikan izin untuk melihat izin AWS Systems Manager dokumen dan informasi tentang IAM Access Analyzer. Kebijakan ini sekarang mendukung jenis AWS sumber daya tambahan untuk Amazon Kinesis, Amazon, AmazonEMR, ElastiCache Amazon Route 53, dan AWS Network Firewall Amazon Relational Database Service (Amazon). RDS Perubahan izin ini memungkinkan AWS Config untuk memanggil read-only yang APIs diperlukan untuk mendukung jenis sumber daya ini. Kebijakan ini juga sekarang mendukung pemfilteran fungsi Lambda @Edge untuk aturan terkelola lambda-inside-vpc AWS Config . |
8 Juni 2021 |
|
AWS_ConfigRole— Tambahkan ssm:DescribeDocumentPermission dan izin tambahan untuk jenis AWS sumber daya |
Kebijakan ini sekarang memberikan izin untuk melihat izin AWS Systems Manager dokumen dan informasi tentang IAM Access Analyzer. Kebijakan ini sekarang mendukung jenis AWS sumber daya tambahan untuk Amazon Kinesis, Amazon, AmazonEMR, ElastiCache Amazon Route 53, dan AWS Network Firewall Amazon Relational Database Service (Amazon). RDS Perubahan izin ini memungkinkan AWS Config untuk memanggil read-only yang APIs diperlukan untuk mendukung jenis sumber daya ini. Kebijakan ini juga sekarang mendukung pemfilteran fungsi Lambda @Edge untuk aturan terkelola lambda-inside-vpc AWS Config . |
8 Juni 2021 |
|
AWSConfigServiceRolePolicy— Tambahkan apigateway:GET izin untuk melakukan GET panggilan hanya-baca ke API Gateway dan s3:GetAccessPointPolicy izin dan s3:GetAccessPointPolicyStatus izin untuk memanggil Amazon S3 hanya-baca APIs |
Kebijakan ini sekarang memberikan izin yang memungkinkan AWS Config untuk melakukan GET panggilan hanya-baca ke API Gateway untuk mendukung Aturan untuk Gateway. AWS Config API Kebijakan ini juga menambahkan izin yang memungkinkan AWS Config untuk memanggil Amazon Simple Storage Service (Amazon S3) APIs read-only, yang diperlukan untuk mendukung jenis sumber daya baru. |
10 Mei 2021 |
|
AWS_ConfigRole— Tambahkan apigateway:GET izin untuk melakukan GET panggilan hanya-baca ke API Gateway dan s3:GetAccessPointPolicy izin dan s3:GetAccessPointPolicyStatus izin untuk memanggil Amazon S3 hanya-baca APIs |
Kebijakan ini sekarang memberikan izin yang memungkinkan AWS Config untuk melakukan GET panggilan hanya-baca ke API Gateway untuk mendukung Gateway for. AWS Config API Kebijakan ini juga menambahkan izin yang memungkinkan AWS Config untuk memanggil Amazon Simple Storage Service (Amazon S3) APIs read-only, yang diperlukan untuk mendukung jenis sumber daya baru. |
10 Mei 2021 |
|
AWSConfigServiceRolePolicy— Tambahkan ssm:ListDocuments izin dan izin tambahan untuk jenis AWS sumber daya |
Kebijakan ini sekarang memberikan izin untuk melihat informasi tentang dokumen AWS Systems Manager tertentu. Kebijakan ini juga sekarang mendukung jenis AWS sumber daya tambahan untuk AWS Backup, Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3) Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud EC2 (Amazon), Amazon SageMaker Kinesis, Amazon AI, dan AWS Database Migration Service Amazon Route 53. Perubahan izin ini memungkinkan AWS Config untuk memanggil read-only yang APIs diperlukan untuk mendukung jenis sumber daya ini. |
1 April 2021 |
|
AWS_ConfigRole— Tambahkan ssm:ListDocuments izin dan izin tambahan untuk jenis AWS sumber daya |
Kebijakan ini sekarang memberikan izin untuk melihat informasi tentang dokumen AWS Systems Manager tertentu. Kebijakan ini juga sekarang mendukung jenis AWS sumber daya tambahan untuk AWS Backup, Amazon Elastic File System, Amazon ElastiCache, Amazon Simple Storage Service (Amazon S3) Simple Storage Service (Amazon S3), Amazon Elastic Compute Cloud EC2 (Amazon), Amazon SageMaker Kinesis, Amazon AI, dan AWS Database Migration Service Amazon Route 53. Perubahan izin ini memungkinkan AWS Config untuk memanggil read-only yang APIs diperlukan untuk mendukung jenis sumber daya ini. |
1 April 2021 |
|
|
|
1 April 2021 |
|
AWS Config mulai melacak perubahan |
AWS Config mulai melacak perubahan untuk kebijakan AWS terkelolanya. |
1 April 2021 |
